Linux security management-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Linux has the natural features of server applications due to its open-source features. However, due to these features, improper management may also cause serious security issues, the following are some tips on System Management Security:
1. Bootstrap program Security
The root password in linux is very easy to crack. Of course, the premise is that you have not set a boot program password, such as GRUB or LILO. To prevent the root password from being cracked through the boot program, we strongly recommend that you set the GRUB or LILO boot password to edit its configuration file/etc/grub. conf or/etc/lilo. conf, set the password parameter.
2. Insecure permission settings
Generally, the file permission in linux is r w x. In fact, there is another permission called s. If the s permission is granted to a file, this file will have the permissions of the corresponding host user or host group user during execution, for example:
# Chmod u + s testfile
# Ls-la testfile
Rwsr ----- root 10 testfile
In this way, when the file is executed by another user, the user has the permission of the root user of the file to execute testfile. Similarly, when the file's host group has the s permission, the user who executes the file has the permission of the file's host group, which is quite dangerous.
You can imagine that if the chmod file is granted the s permission, what else can't other users do? Then it can change the permissions of any file. Of course, the s permission must be used in combination with the x permission, and the s permission without the x permission is meaningless.
3. automatic logout
It is also very dangerous for a user to forget to log out after using the server. At this time, the administrator can set the timeout parameter of the/etc/profile file. When the user does not perform any operation for a period of time, the system automatically logs out of this user.
4. Set Password Complexity
To prevent the System user password from being deciphered because it is too simple, you can edit the/etc/login. defs file and set the complexity of the system user password, such as the longest, shortest, and expiration time.
5. Do not log on to the system as unnecessary users.
To prevent other non-system users from logging on to the system, you can assign the user a home directory that does not exist and a shell environment that does not exist when adding the user. Of course, it is better to change the access permissions of the/etc/passwd and/etc/shadow files so that the root user can access them later.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
