Share How Linux servers Prevent medium Trojan

Everyone's windows machine may often install some anti-virus software or something to prevent poisoning, but on Linux how should we prevent these?

We often encounter this kind of problem in the interview process, so what should we answer to appear to have both logic and depth?

First identify the way we receive attacks, and what channels we use to attack our Linux servers:

BecauseThe Trojan horse under Linux is often a malicious person throughWeb upload directory Way to upload Trojans toLinux servers, depending on the site from which a malicious person visits a website-->linux system-->http Service-Middleware Services --Program code-->db--> storage, Layer multiplication protection

Restrict and manage user access:

1, the development program code to upload file type restrictions, such as cannot upload. PHP program (JS and back-end code control).

2, the content of upload (including text and files) detection, detection method can be through the program, Web services layer (middleware layer), database and other levels of control.

3, control the permissions of the upload directory and non-site Directory permissions (Linux file directory permissions +web service layer control).

4, after the Trojan file access and execution control (Web service layer + file system storage layer).

5, the important configuration files, commands and Web configuration files such as MD5 fingerprint and backup.

6, install anti-virus software CLAMAV, etc., regular monitoring of the Trojan horse.

7, configure the server firewall and intrusion detection services.

8, monitoring server file changes, process changes, port changes, important security logs and timely alarm.

From the internal management perspective: Prevent the right to be raised 1, VPN Management Server or Web Management Server.

2, SSH monitoring intranet.

3, the use of Springboard machine, Operation Audit.

4, sudo centralized management, locking key files.

5, the Site directory, upload directory permissions belong to group control.

6, do system and site file backup fingerprint monitoring alarm.

7, dynamic password Authentication.

The following points are the experience of a man who has been transferred from Daniel:

1. After the Linux system is installed, the firewall is enabled, allowing only trusted sources to access the specified services, removing unnecessary users, shutting down unnecessary services, and so on.

2. Collect logs, including system logs, log logs, program logs, etc., to identify potential risks in a timely manner.

3. Real-time collection for user login, including login time, password retry number and user execution command record, etc.

4. Monitor the changes of sensitive files or directories, such as/etc/passwd,/etc/shadow,/web,/tmp (generally uploading files for power), etc.

5. Process status monitoring to record and notify new or suspicious processes.

6. On-line server system, Web program process Security vulnerability Scan.

Finally, there is no absolute security, only to minimize the attack surface, to provide system protection capabilities.

Share How Linux servers Prevent medium Trojan