Overview of Linux operating system internal and external security

Article Title: a comprehensive overview of internal and external security of the Linux operating system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

It is impossible to maintain a completely secure system. However, as long as you work hard, it is possible to make the Linux machine safe enough, And let most occasional hackers, script-kiddies) and other "bad guys" Stop and target others. Remember: only following this tutorial will not generate a secure system. On the contrary, we want you to have access to multiple aspects of the main theme and provide you with some useful examples on how to get started.

Linux system security can be divided into two parts: internal security and external security. Internal security refers to the prevention of unintentional or malicious damage to the system. External security means preventing unauthorized users from accessing the system.

This chapter will first introduce internal security, then introduce external security, and finally introduce some general guiding principles and skills.

　　Log File Permissions

Internal security can be a large task, depending on your trust in the user. The guiding principles described here are designed to prevent accidental users from accessing sensitive information and preventing unfair use of system resources.

As for file permissions, you may want to modify the permissions in the following three situations:

First, log files in/var/log do not need to be readable by everyone. There is no reason for non-root users to peat logs. To create logs with proper permissions.

　　Root User's file permissions for other files

Second, the root user's point file should be unreadable for common users. Check the files (ls-la) in the root user's home directory to ensure they are properly protected. You can even make the entire directory readable only to the root user:

# cd 　　　　# pwd 　　　　/root 　　　　# chmod 700 .

　　File permissions of User Files

Finally, user files are generally created to be readable by all users by default. It may not be what the user expects, and of course it is not the best strategy. Use a command similar to the following to set the default umask in/etc/profile:

if [ "$UID" = 0 ]; then 　　　　# root user; set world-readable by default so that 　　　　# installed files can be read by normal users. 　　　　umask 022 　　　　else 　　　　# make user files secure unless they explicitly open them 　　　　# for reading by other users 　　　　umask 077 　　　　fi

You should query the umask (2) and bash (1) manual pages for more information on setting umask. Note: The umask (2) manual page involves the C function, but the information contained in it also applies to bash commands.

[1] [2] [3] Next page