Senior Linux System Administrator network security experience

Article Title: Senior Linux System Administrator network security experience. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

If a potential hacker attempts to attack your Linux server, he will first try Buffer Overflow. In the past few years, buffer overflow is the most common form of security vulnerabilities. More seriously, the buffer overflow vulnerability accounts for the vast majority of remote network attacks. Such attacks can easily give an anonymous Internet user the opportunity to gain some or all control over a host! Author: yunyankong Source: CCID technical community Release Date: 2007.01.15
If a potential hacker attempts to attack your Linux server, he will first try Buffer Overflow. In the past few years, buffer overflow is the most common form of security vulnerabilities. More seriously, the buffer overflow vulnerability accounts for the vast majority of remote network attacks. Such attacks can easily give an anonymous Internet user the opportunity to gain some or all control over a host!

To prevent such attacks, we should pay attention to them when installing the system. If you use the root partition to record data, such as log files and emails, a large number of logs or spam messages may be generated due to denial of service, resulting in system crash. Therefore, we recommend that you create separate partitions for/var to store logs and emails to avoid overflow of the root partition. It is best to separate a partition for a special application, especially for programs that can generate a large number of logs. We also recommend that you separate a partition for/home so that they cannot fill up/partition, this avoids some malicious attacks against Linux partition overflow.

About BIOS

Remember to set a BIOS password in the BIOS settings and do not receive the boot from a floppy disk. This prevents malicious users from starting your Linux system with a dedicated boot disk, and prevents others from changing BIOS settings, such as changing the boot settings of a floppy disk or directly starting the server without a password box.

Password

Password is the main means to authenticate users in the system. The default minimum password length during system installation is usually 5. To ensure that the password is not easy to guess, you can increase the minimum password length, at least 8. To this end, modify the PASS_MIN_LEN parameter in the/etc/login. defs file (minimum password length ). At the same time, the password usage time should be limited to ensure regular password replacement. We recommend that you modify the parameter PASS_MIN_DAYS (password usage time ).

Ping

Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following command to/etc/rc. d/rc. local to automatically run after each startup. This will prevent your system from responding to any external/internal ping requests.


　　
Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
　
About Telnet

If you want to use Telnet to remotely log on to your server without displaying the operating system and version information (which can prevent targeted vulnerability attacks), you should rewrite/etc/inetd. the line in conf is as follows:


Telnet stream tcp nowait root/usr/sbin/tcpd in. telnetd-h

Add the-h sign to the end so that the telnet background does not display system information, but only login.

About privileged accounts

Disable all accounts that are started by the operating system and do not need it by default. This check should be performed when you install the system for the first time. Linux provides various accounts, which you may not need, if you do not need this account, remove it. The more accounts you have, the more vulnerable you will be to attacks.

To delete users on your system, run the following command: userdel username

To delete a group user account on your system, run the following command: groupdel username

Run the following command on the terminal to delete the following privileged account:

Userdel adm
　　
Userdel lp
　　
Userdel sync
　　
Userdel shutdown
　　
Userdel halt
　　
Userdel mail
　
If you do not need the sendmail server, delete these accounts:
Userdel news
　　
Userdel uuucp
　　
Userdel operator
　　
Userdel games
　
If you do not need X windows Server, delete this account.

Userdel gopher

If you do not allow anonymous FTP, delete this User Account:

[1] [2] Next page