System and server security management for website host Security

Source: Internet
Author: User

LinuxAndSolarisIs another two commonServer. Like Freebsd, Linux is a free operating system. They all use the GNU (a great organization) Utility set. Linux is easy to use, but not as simple as Freebsd. Solaris is SUN's commercial operating system. Articles about SUNOS are posted on the Internet, but unfortunately it does not look fast and you must patch it frequently. Let's take a look at the security configurations of the two servers and the security management of the servers.

Initial Linux Security Configuration

After Linux is installed, unnecessary ports are opened by default. Run the netstat-angrepLISTEN command to check all ports opened on the local machine. All ports except the required network ports, such as SSH, FTP, and WEB, are disabled. If you are not familiar with the program corresponding to these ports, see the/etc/services file, which contains a list of ports and services.

After Redhat9.0 is installed by default, log on to/etc/rc2.d and/etc/rc3.d to cancel all unnecessary services opened during system startup. These services usually include sendmail, NFS, and rpc. to log out, rename the service file related to S headers (note that the file name is S or another file with K headers ).

For example, rename/etc/rc2.d/S80sendmail to X80sendmail.

Rename/etc/rc3.d/S13portmap S14nfslock S28autofs S80sendmail to X13portmap X14nfslock X28autofs X80sendmail

RPC has always had many security problems. Be sure not to open port 111.

After the change, restart the Linux server.

If your Linux system directly faces the Internet, you can configure its firewall to implement access control. The Linux2.4 kernel supports iptables, and ipchains are supported below 2.4. Their syntax is similar and they are good firewall tools. For example, if you only allow access to SSH and WWW services from the Internet, add the following statement to the/etc/rc. d/rc. local file:

/Sbin/iptables-F

/Sbin/iptables-a input-p tcp-d 211.96.13. * -- dport 80-ieth0-j ACCEPT

/Sbin/iptables-a input-p tcp-d 211.96.13. * -- dport 22-ieth0-j ACCEPT

/Sbin/iptables-a input-I eth0-j DROP

Note: iptables-F refreshes the iptables rule table. The following two statements allow anyone to access 211.96.13. * For the WWW and SSH services at this address, the last DROP statement filters out other accesses that do not comply with the rules. In this way, the system can automatically run firewall rules after it is started.

Mysql Database Service is usually run on Freebsd or Linux. Do not expose the Database Service port (3306) outside the firewall. If you run Apache, do the same thing as Freebsd.

Initial Security Configuration of Solaris

There is a good article on The security configuration of Solaris, called The SolarisSecurityFAQ.

1) prohibit the root user from logging in directly from the Network: Modify the/etc/default/login file to ensure that the CONSOLE =/dev/console is set. This row only allows the root user to log in from the CONSOLE. Add the root user to/etc/ftpusers to ensure that the root user cannot remotely use ftp.

2) Disable rlogin and rsh access: Delete the/etc/hosts. equiv and/. rhosts files and comment out all r-hitting services from the/etc/inetd. conf file.

3) Account Control: delete, lock, or comment out unnecessary system accounts, including sys/uucp/nuucp/listen

4) change the access permission of the/etc directory: the files in the directory should not be writable to users in the same group. Execute: chmod-R g-w/etc (not recommended)

5) in systems earlier than solaris2.5, create the/etc/notrouter file to disable solaris default route forwarding.

6) Disable automounter: Delete the/etc/auto _ * configuration file and delete/etc/init. d/autofs

7) disable NFS: delete/etc/dfs/dfstab, rename/etc/rc3.d/S15nfs. server, rename/etc/rc2.d/S73nfs. client (do not start with S)

8) disable the rpc service: Rename/etc/rc2.d/S71RPC

9) modify the/etc/inetd. conf file and comment out most unnecessary services. Only the telnet and ftp services are retained, and then restart the inetd process.

10) patch the system, including all versions of the Solaris general patch and a single patch set.

11) Add the following three lines to the/etc/init. d/inetinit file:

Ndd-set/dev/ip ip_forward_directed_broadcasts 0

Ndd-set/dev/ip ip_forward_src_routed 0

Ndd-set/dev/ip ip_forwarding 0

In this way, IP Forwarding and IP source routing are disabled after the system is started.

What should be done in Service Security Management

Server security management is the most important part of site security. Without management, security will become impractical. The following may be what the Windows system security administrator should do every day:

1. check whether there are new accounts in the system, and find out their sources and purposes. check whether there are new accounts in the Administrator group. The accounts in this group should not be added in the future except for those originally set by the system;

2. In the command line status, run the netstat-an command to view the current connection and opened ports and find suspicious connections and ports;

3. Check the "Task Manager" to check whether suspicious applications or background processes are running, and observe the CPU and memory usage status;

4. Run the Registry Editor to check whether suspicious programs have been added to the windows Startup item and check whether any new suspicious services have been added;

5. Use the Windows event viewer to view "system logs", "security logs", and "application logs" to detect suspicious events or events that affect system performance;

6. Check the shared directory. There should be no directories accessible to all users;

7. If MicrosoftIIS is running, check the WEB server logs under C: \ WINNT \ system32 \ LogFiles \ to check whether any attempt to attack the WEB is attempted;

8. Run anti-virus software occasionally to scan and kill viruses;

9. I often browse Microsoft's website to keep the server patches updated synchronously and pay attention to the security announcements released by Microsoft.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.