Restrict console access to improve Linux Server Security (1)

The console is one of the main windows for deploying Linux servers. However, after the Linux server is deployed, the console may become one of the major contributors to its security. For this reason, after the Linux server is put into production and use, you need to restrict its access. Otherwise, it may bring security risks to Linux servers.

1. Restrict console access

All commands in Linux are reflected in files in the system. Or, files are the core of the Linux operating system. To restrict or disable access to the console, you only need to check the connection of some files. If the system administrator wants to prohibit all console access (including programs and Application Files), he can comment out the lines containing pam_console.so in all files under/etc/pam. d. For example, kde is a file in this directory. This file contains pam_lele.so. The system administrator needs to comment out all files in the directory that contain this line of content, so that all the console access can be prohibited. Of course, if the system administrator has a better understanding of the meaning of these files, you can also disable or restrict console access based on your own needs.

 

2. Do not use console programs

To improve the security of the Linux Server System, the simplest and most common method adopted by many system administrators is to disable the use of related console programs. If you do not know which console programs will affect the security of the Linux operating system, you can disable all console programs. As we all know, Linux is a multi-user operating system. When other users are connected to the operating system, if a user forces the shutdown command, the data of the files being modified by other users will undoubtedly be lost. After the Linux server is deployed, you must disable the console program in some ways.

It is also relatively simple to achieve this goal, for example, through the following command:

Rm-f/etc/security/console. apps/servicename. Servicename is the name of the console program to be disabled by the system administrator. Generally, if the system administrator is familiar with these programs and has this experience to determine whether they will adversely affect the server, then you can choose to delete these programs. However, if you are not sure, delete all the related services or programs. The deletion will only affect the operations in the console. If you need these commands later, the system administrator can run these commands in other ways.