Some practical techniques for preventing attacks in Linux operating systems

Article Title: some practical skills for protecting Linux operating systems from attacks. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Linux is a multi-user system. Once a root user is obtained, he can do whatever he wants on your system. Because a single user has full control permissions on the system, if the operation is improper or is entered by others, the consequences will be unimaginable. There are several considerations to prevent the entry of a single user.

1. Protect the/etc/inittab file. If you change 3 in id: 3: initdefault to 1, you can directly access the single-user mode at each startup. For the/etc/inittab file, use the root identity to enter the chown 700/etc/inittab and set the attribute to something other users cannot modify.

2. If the lilo mode is used for boot, you may use linuxconf or directly modify lilo. conf to set the waiting time for the boot to 0 or the shortest time. In this case, if you enter the single-user mode, you can use a floppy disk for boot.

3. If GRUB is used for boot, the simplest method is to use the GRUB Password to protect the startup options.

4. In order to prevent remote damage and restart the system, in addition to effectively managing the ROOT password and files in the/etc directory, the CMOS password should also be set, in this way, even if the system is changed to a single user mode, the computer cannot be started directly.