Article Title: Top 10 security protection methods for Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
1. Add a boot password for LILO
Add options to the/etc/lilo. conf file so that LILO requires a password when starting to enhance system security. The specific settings are as follows:
Boot =/dev/hda
Map =/boot/map
Install =/boot. B
Time-out = 60 # Wait 1 minute
Prompt
Default = Linux
Password =
# Password settings
Image =/boot/vmlinuz-2.2.14-12
Label = Linux
Initrd =/boot/initrd-2.2.14-12.img
Root =/dev/hda6
Read-only
Note that the password in LILO is stored in plaintext
The file attribute of lilo. conf is set to read and write only by root.
# Chmod 600/etc/lilo. conf
Of course, you also need to make the following settings
The change to lilo. conf takes effect. #/Sbin/lilo-v
2. Set the Minimum Password Length and Minimum Password Use Time.
Password is the main means to authenticate users in the system. The default minimum password length during system installation is usually 5. To ensure that the password is not easy to guess, you can increase the minimum password length, at least 8. To this end, modify the parameter PASS_MIN_LEN in the/etc/login. defs file. At the same time, the password usage time should be limited to ensure regular password replacement. We recommend that you modify the PASS_MIN_DAYS parameter.
3. User logout upon timeout
If you forget to log out of your account when you leave, the system may have security risks. You can modify the/etc/profile file to ensure that the account is automatically canceled from the system after it has not been operated for a period of time.
Edit the/etc/profile file and add the following line in the next line of "HISTFILESIZE =": TMOUT = 600
All users will log out automatically after 10 minutes of no operation.
4. prohibit access to important files
You can modify attributes of key files such as inetd. conf, services, and lilo. conf in the system to prevent accidental modification and viewing by common users.
First, change the file attribute to 600: # chmod 600/etc/inetd. conf.
Ensure that the owner of the file is root, and set it as unchangeable: # chattr + I/etc/inetd. conf
In this way, any changes to the file will be prohibited.
You can only modify the reset flag after the root user resets the reset flag: # chattr-I/etc/inetd. conf
[1] [2] Next page