1. Close IPV6
VI /etc/sysconfig/network
Networking_ipv6=no #掉
SOURCE /etc/sysconfig/network
Vi/etc/modprobe.conf
Add alias net-pf-10 off
Alias IPv6 off
2. Disable normal user shutdown, restart permissions (control permissions)
Vi/etc/inittab
Comment out Ca::ctrlaltdel;/sbin/shutdown–t3–rnow (no hot start)
3. User Access control (I did not take this action for the sake of the company)
Vi/etc/hosts.deny
add; all:all any one IP address access I will not be allowed to access
Vi/etc/hosts.allow
sshd:192.168.2.10 allow SSH login with IP 10
4. Modify the alias file
Vi/etc/aliases
comment out the following: Games Ingres System Toor Manager dumper decode root may contain operator
5. Prohibit pin access, direct input
Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
To recover, change echo 1 to echo 0.
6. Prohibit source routing (generally forbidden)
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/default/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/eth0/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/eth1/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/lo/accept_source_route
; 7. Prevent SYN Attacks
Echo 1 >/proc/sys/net/ipv4/tcp_syncookies
Some of the configurations in Linux system upgrades