1. Close IPV6
VI /etc/sysconfig/network
Networking_ipv6=no #掉
SOURCE /etc/sysconfig/network
Vi/etc/modprobe.conf
Join alias Net-pf-10 off
Alias IPv6 off
2. Disable normal user shutdown, restart permissions (control permissions)
Vi/etc/inittab
Staring off Ca::ctrlaltdel;/sbin/shutdown–t3–rnow (no hot start)
3. User Access control (I did not use this action for the company's sake)
Vi/etc/hosts.deny
to join; All:all no matter what an IP address I don't agree to interview.
Vi/etc/hosts.allow
sshd:192.168.2.10 agree to ssh login with IP 10
4. Change the alias file
Vi/etc/aliases
Gaze out the following: Games Ingres System Toor Manager dumper decode root may contain operator
5. Prohibit pin access, direct input
Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
To recover, change echo 1 to echo 0.
6. Prohibit source routing (generally forbidden)
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/default/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/eth0/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/eth1/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/lo/accept_source_route
; 7. Prevent SYN Attacks
Echo 1 >/proc/sys/net/ipv4/tcp_syncookies
Some of the configurations in Linux system upgrades