Precautions for linux Security Settings

Article Title: Precautions for linux security settings. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, security of embedded systems, open-source, and other basic classification servers (it is much better to prevent vulnerabilities from being replaced before they are intruded. Once they are intruded, when you find that your level is under the hacker level and find if the attack path and method are not found, you 'd better reinstall the system and update your software version to the latest version)
　
Note:
　
1. Use a complex password (it's all nonsense, but it's very critical. I don't have to repeat it all)
　
2. Discard insecure Connection Methods: telnet and ftp are both insecure connection methods (try to use ssh, sftp, and other encrypted communication methods to prevent communication data from being sniffed or intercepted)
　
4. Some key switch commands, such as su mount ...... And so on. (su needs to specify a special user to prevent brute-force mount cracking. This prevents someone from remotely mounting the suid and sgid programs in some directories for intrusion or attack)
　
5. update and upgrade software versions frequently (however, blindly updating the software version may lead to Abnormal Running of the new software) redhat has the ability to obtain updates from the redhat network. With up2date, data packets of various services of the system can be updated.
　
6. sudo settings (this tool authorizes non-root users to run some commands of the root user)
　
7. suid and sgid bit settings (this hazard may be very serious)
　
8. settings of various service configuration files (do not retain data packets for uninstalling services that you have not opened)
　
9. In order to prevent dns spoofing, you must modify the settings so that the server can perform reverse resolution and set it to retrieve data from the external dns server first. Do not set it to directly read the cache information of your own machine.
　
10. It is best to use vpn instead of using an external network to directly connect to a remote server.
　
11. The hosts. deny hosts. allow file blocks unauthorized users from accessing system services.
　
12. iptables firewall settings (strict settings and key file permissions must be set here. At the same time, we recommend that you set as few rules as possible to ensure security, which can improve the efficiency and processing speed as strict as possible for export data. control to prevent reverse connections or become the source of dos attacks !)
　
13. at scheduled task check (including. deny. allow File Check) it is emphasized that many services with the suffix "deny allow" in this way will give users a chance to access the service. Therefore, it is also important to set the service location as mentioned above)
　
14. Check the improper shell in the regular run list by cron settings
　
15. in the partitioning process, it is best for the system to separate some directories. If there are many hard disks, it is best to separate the/home and application directories on their respective hard disks and set the disk quota for users to prevent malicious data writing to the system after intrusion destroys hard disk data to maximize data security
　
16. raid disk arrays should be prepared to prevent disk damage (security not only refers to system security, but also to data security and communication security)
　
17. the file integrity check tool tripwire is used to check the file integrity (so it is strongly recommended that the linux system administrator keep work notes during work and make changes to the settings in the modifications to system settings) do not save the integrity check data to the hard disk of this host. It is best to use mobile media (cdrom or mobile hard disk)
　
18. check some command files that are easily replaced by hackers ls mount netstat lsof top ...... Back up a complete backup of the system check file that has not been modified (to prevent these check tools from being replaced by Trojans)
　
19. it is best to use the chattr command to add some attributes to the Write File, such as + I, to prevent arbitrary changes to the file (although it cannot prevent hackers who obtain the root user from modifying parameters, it is very effective to prevent script attacks and avoid software vulnerabilities may cause modifications, which can at least delay the attack speed of others. The longer the other party stays in the system, the more logs it leaves. There are also dedicated tools that can be used to enhance the function settings and even root users do not have permission to modify)
　
20. Backup files can be used to quickly restore data in case of problems
　
21. it is best to set up a remote log server to store syslogd logs (in this way, after Hackers break the host, they must attack the log server to erase the log records, and the log server may only enable the Log service intrusion increases the difficulty and requires a lot of time)
　
22. logsentry log monitoring tool. This tool is used to discover some sensitive logs set in the monitoring tool and can be sent to the Administrator as soon as possible.
　
23. protsentry port guard monitoring tool. You can set some ports to allow hackers to step on the system (SCAN) this tool can also set some script functions to run after scanning, so it is powerful. If it can be set well, it can effectively prevent hackers from scanning the system.
　
All of the above are methods to prevent cyberattacks:
　
In fact, physical security is equally important. If someone has taken your hard disk away, I'm afraid your settings will be safe.
　
24. At the same time, it is necessary to set bios and encrypt grub, and lock the system when you leave the host. (It can prevent others from attacking the system through physical contact)
　
25. the above is no better than the Administrator's sense of responsibility, professionalism, vigilance, and self-motivation (daily access to logs and key information should be a required course for administrators, and they must constantly learn and enhance their technical skills.) the strong hardware and environment are a pile of decoration and will only become the joke of hackers. To put it bluntly, the security lies in that we should not blame the software and hardware ourselves !!
　
------------------------- Reference what Hackers often say; no system Intrusion
　
I added the following sentence: however, some administrators cannot be defeated.
　
Finally, let us advise you not to take extreme malicious attack activities when you discover that you are intruded by an ip address (because the attack host may be a stepping stone for hackers) attackers can commit themselves to jail if they take malicious attacks.
　
I am not a newbie who knows the intrusion very well. I hope you can add and guide me.