On the experience of Linux network security

Security | Network

About partitions
A potential hacker will first attempt a buffer overflow if it is to attack your Linux server. In the past few years, the type of buffer overflow is one of the most common forms of security vulnerabilities. More seriously, buffer overflow vulnerabilities account for the vast majority of remote network attacks, which can easily give an anonymous Internet user access to some or all of the control of a host computer!

In order to prevent such attacks, we should be aware of when installing the system. If you use root partitioning to record data, such as log files and emails, it can cause a system crash because of a denial of service that generates a lot of logs or spam. Therefore, it is recommended to open separate partitions for/var to store logs and mail to avoid overflow of the root partition. It is best to open a separate partition for a particular application, especially a program that generates a large number of logs, and it is recommended that the/home be partitioned separately so that they do not fill/partition, thereby avoiding some malicious attacks against the Linux partition overflow.

About BIOS

Remember to set a BIOS password in the BIOS setup and do not receive floppy boot. This prevents malicious people from starting your Linux system with a dedicated startup disk and avoiding other people changing BIOS settings, such as changing floppy boot settings or not ejecting the password box to start the server directly, and so on.

About passwords

Password is the main means of authenticating users in the system, the system installed the default password minimum length is usually 5, but to ensure that passwords are not easily guessed attack, can increase the minimum length of the password, at least equal to 8. To do this, you need to modify the parameter Pass_min_len (minimum password length) in the file/etc/login.defs. At the same time should limit password use time, guarantee to change the password regularly, suggest to modify parameter pass_min_days (password use time).

About Ping

Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following line of command to/etc/rc.d/rc.local so that it automatically runs after each boot, which prevents your system from responding to any external/internal ping requests.

Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

About Telnet

If you want users to telnet remotely to your server without displaying operating system and version information (you can avoid targeted vulnerabilities), you should rewrite a line in/etc/inetd.conf as follows:

Telnet stream TCP nowait ROOT/USR/SBIN/TCPD in.telnetd-h

The plus-h flag at the end makes the Telnet background do not display system information, but only to display login.

About privileged Accounts

Disable all default accounts that are not required by the operating system itself. When you first install the system should do this check, Linux provides a variety of accounts, you may not need, if you do not need this account, remove it, you have more accounts, the more vulnerable to attack.

To delete the users on your system, use the following command: Userdel username

To delete a group user account on your system, use the following command: Groupdel username

Enter the following command on the terminal to delete the following privileged account:

Userdel Adm.