Top 10 security protection methods in Linux

Article Title: Top 10 security protection methods on Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

　　1. Add a boot password for LILO

Add options to the/etc/lilo. conf file so that LILO requires a password when starting to enhance system security. The specific settings are as follows:

Boot =/dev/hda

Map =/boot/map

Install =/boot. B

Time-out = 60 # Wait 1 minute

Prompt

Default = linux

Password =

# Password settings

Image =/boot/vmlinuz-2.2.14-12

Label = linux

Initrd =/boot/initrd-2.2.14-12.img

Root =/dev/hda6

Read-only

Note that the password in LILO is stored in plaintext

The file attribute of lilo. conf is set to read and write only by root.

# Chmod 600/etc/lilo. conf

Of course, you also need to make the following settings

The change to lilo. conf takes effect.

#/Sbin/lilo-v

　　2. Set the minimum length and

Shortest time

Password is the main means to authenticate users in the system. The default minimum password length during system installation is usually 5. To ensure that the password is not easy to guess, you can increase the minimum password length, at least 8. To this end, modify the parameter PASS_MIN_LEN in the/etc/login. defs file. At the same time, the password usage time should be limited to ensure regular password replacement. We recommend that you modify the PASS_MIN_DAYS parameter.

　　3. User logout upon timeout

If you forget to log out of your account when you leave, the system may have security risks. You can modify the/etc/profile file to ensure that the account is automatically canceled from the system after it has not been operated for a period of time.

Edit the/etc/profile file and add the following line to the next line of "HISTFILESIZE =:

TMOUT = 600

All users will log out automatically after 10 minutes of no operation.

　　4. prohibit access to important files

You can modify attributes of key files such as inetd. conf, services, and lilo. conf in the system to prevent accidental modification and viewing by common users.

First, change the file property to 600:

# Chmod 600/etc/inetd. conf

Ensure that the owner of the file is root, and set it to unchangeable:

# Chattr + I/etc/inetd. conf

In this way, any changes to the file will be prohibited.

Only after the reset flag is reset by the root user can it be modified:

# Chattr-I/etc/inetd. conf

[1] [2] Next page