Whether you are an ordinary Linux Desktop user or a system administrator managing multiple servers, you are faced with the same problem: an increasing number of threats. Linux is an open system that allows you to find many ready-made programs and tools on the network. This facilitates both users and hackers, because they can also easily find programs and tools to sneak into the Linux system, or steal important information from the Linux system. However, as long as we carefully set various Linux system functions and add the necessary security measures, hackers will be able to win.
In general, security settings for Linux systems include canceling unnecessary services, restricting remote access, hiding important information, fixing security vulnerabilities, using security tools, and regular security checks. This article teaches you ten ways to improve Linux system security. Although the number of moves is not big, the moves work. You might as well try.
1. Deploy a firewall
This sounds like the most "obvious" suggestion (just like using a strong password), but it is surprising that few people actually set up a firewall. Even if your vro may have a built-in firewall, deploying a software firewall in a Linux system is very easy and you will benefit from it.
Graphic firewalls, such as Firestarter, are very suitable for defining port forwarding and monitoring activity rules.
2. disable unnecessary Networks
In general, all services except http, smtp, telnet, and ftp should be canceled, such as the simple File Transfer Protocol tftp, the imap/ipop transport protocol used for network mail storage and receiving, the gopher for data searching, and the daytime and time used for time synchronization.
There are also some services that report system status, such as finger, efinger, systat, and netstat. Although it is very useful for system error detection and user searching, it also provides a convenient portal for hackers. For example, hackers can use the finger service to find users' phones, directories, and other important information. Therefore, many Linux systems cancel all or partially cancel these services to enhance system security.
3. Use a safer transmission alternative
SSH is short for Secure Sockets Layer. It is a set of program groups that can be safely used to replace public programs such as rlogin, rsh, and rcp. SSH uses public key technology to encrypt the communication information between two hosts on the network, and uses its key as an authentication tool.
Because SSH encrypts information on the network, it can be used to securely log on to a remote host and transmit information between the two hosts securely. In fact, SSH not only ensures secure communication between Linux Hosts, but also allows Windows users to Securely connect to Linux servers through SSH.
4. Cancel non-root access
At first, you may feel a little inconvenient, but you should ensure that normal users cannot access system tools-even if fsck and ifconfig are almost "harmless" features. The best way to achieve this effect is to use sudo. The Sudo program allows the general user to log on again with the user's own password after the configuration is set, and obtain the permissions of the Super User, but only a few commands can be executed. For example, after applying sudo, you can have the tape backup Management Personnel log on to the system on time every day and obtain the superuser permission to perform document backup, however, there is no privilege to do other jobs that only super users can do. Sudo not only limits user permissions, but also records the commands executed by using sudo each time,
Whether the command is executed successfully or fails.
5. View and copy logs frequently
Network administrators should always be vigilant, pay attention to various suspicious situations, and check various system log files on time, including general information logs, network connection logs, file transfer logs, and user logon logs. When checking these logs, pay attention to whether there are unreasonable time records. Hackers often make changes to logs that have hidden their traces. Therefore, you need to save a copy of the logs in an unconventional place. It is recommended that logs be stored on a remote server in a separate House.
6. password aging)
Password aging is an enhanced system password authentication mechanism. Although it may weaken users' convenience, it can ensure regular password replacement, this is a very good security measure. Therefore, if an account is attacked by a hacker and is not found, but in the next password change cycle, the account cannot be accessed.
7. strictly restrict root logon
It is not a good idea to log on as "root. Security means that you log on as a normal user, use su or sudo to obtain the permissions of the Super User, and then perform the relevant work.
8. Physical protection
Although most attacks rely on the Internet, and hackers have very limited access to your computer, it does not mean that you do not need to be defended.
Add password protection to the boot program to ensure that it is always locked when you leave the computer. And you should be sure that no one can start your server from an external device.
9. Install the latest security updates
In addition to regular updates, all popular Linux distributions will soon release updates and patches as long as they encounter security vulnerabilities, all you need to do is pay attention to the security updates and patch release, and install them in a timely manner.
10. Pay attention to open files
Many Linux distributions contain some very useful gadgets. lsof is one of them. Lsof can list all files opened by the current system. In linux, everything exists in the form of a file. Through a file, you can not only access common data, but also access network connections and hardware. The lsof tool allows you to view which processes are using which ports, whose process IDs, and who are running it. If you find some exceptions, you must check them carefully.