As we all know, network security is a very important topic, and servers are the most critical link in network security. Linux is considered to be a safer Internet server. as an open-source operating system, once a security vulnerability is found in Linux, volunteers from around the world on the Internet will actively fix it.
As we all know, network security is a very important topic, and servers are the most critical link in network security. Linux is considered to be a safer Internet server. as an open-source operating system, once a security vulnerability is found in Linux, volunteers from around the world on the Internet will actively fix it.
However, system administrators often cannot obtain and correct information in a timely manner, which gives hackers an opportunity. Compared with the security vulnerabilities of these systems, more security problems are caused by improper configuration, which can be prevented by appropriate configuration. The following is a simple list of the following points for your reference:
1. use a firewall to close unnecessary ports. if someone else fails to PING the server, the threat is naturally reduced by more than half.
Methods to prevent ping by others:
1) at the command prompt
Echo 1>/proc/sys/net/ipv4/icmp_ignore_all
2) use a firewall to prohibit (or discard) icmp packets
Iptables-a input-p icmp-j DROP
3) do not respond to all ICMP packets
For example, ping tracert.
2. change the SSH port to over 10000, and the chances of others scanning the port will also decrease.
Vi/etc/ssh/sshd_config
Change PORT to PORT 1000 or above
Create a common logon user and cancel direct root logon.
Useradd username
Passwd username
Vi/etc/ssh/sshd_config
Add the following sentence at the end:
PermitRootLogin no # cancel root direct remote login
3. delete unused accounts with a bloated system:
Userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uuucp userdel operator userdel games userdel gopher userdel ftp if you do not allow anonymous FTP, delete this user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers
4. change the following file permissions so that no one has the permission to change the account:
Chattr + I/etc/passwd chattr + I/etc/shadow chattr + I/etc/group chattr + I/etc/gshadow
5. chmod 600/etc/xinetd. conf
6. disable anonymous FTP user login