Prohibit remote access and access to important files
Source: Internet
Author: User
Article Title: Prohibit remote access and prohibit access to important files. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Linux, as a symbol of freedom and openness, has received more and more attention from users. However, there are few individual users who actually use Linux, mainly because of its system characteristics and a small number of surrounding software developers, make it only popular in the field of server systems. I will give a brief introduction to its security protection:
1. prohibit access to important files Linux is not like Windows. It not only publishes source code, but its core program can also be modified as needed, and some key files in the system such as inetd. conf and lilo. conf can also be modified (Remote Login User). To protect system security, you can modify its attributes in advance to prevent illegal intrusion and modification.
First, go to the Linux Command interface and enter the command:
# Chmod 600/etc/inetd. conf
Change the file attribute to 600.
Enter the following command:
# Chattr + I/etc/inetd. conf
Ensure that the file owner is root.
In this way, any changes to the file will be prohibited. Only the following commands can be executed:
# Chattr-I/etc/inetd. conf
Root can be modified only after resetting the reset flag.
2. Remote Access prohibited In Linux, you can use the/etc/hosts. allow and/etc/hosts. deny files to allow and disable remote host access to local services. To do this, go to the Linux Command interface, call up the hosts. deny file, and add the following command:
# Deny access to everyone.
ALL: ALL @ ALL
All services are prohibited from all external hosts unless specified by the hosts. allow file.
In the hosts. allow file, add the following methods to allow access to the Host:
Call out the hosts. allow file and add the following command:
# Just an example:
Http: 192.168.1.8 yanghao.com
This means that machines with IP address 192.168.18 and host name yanghao.com are allowed to access the http service as clients.
Users who use Windows XP and their "NT core" systems should pay more attention to security issues. When Using XP, it is best to enable the built-in firewall (Microsoft also sets the firewall to open by default in the new Windows XP ). Users of any system should have certain security knowledge, such as: do not leak their network and system information easily; do not execute unknown programs. A secure system environment is built on your own.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
