CentOS System Security Configuration Guide

System security has always been our http://www.aliyun.com/zixun/aggregation/18665.html in the server "> application area of the more important links, after all, the normal production environment for system security level is also relatively high, Now a lot of server operating systems are choosing Linux, and in this area of the platform is undoubtedly CentOS Linux is the industry leader, CentOS based on Red Hat Enterprise Linux according to the Open source code released by the code compiled. So demanding servers with a high degree of stability is a great choice for CentOS instead of the commercial version of Red Hat Enterprise Linux.

For CentOS installation and initialization settings, you can view the following articles:

CentOS 6.0 schematic Installation Tutorial: Preparing for installation

Http://www.ithov.com/linux/114733.shtml

CentOS 6.0 schematic Installation Tutorial: CD installation

Http://www.ithov.com/linux/114734.shtml

CentOS 6.0 schematic Installation tutorial: Post-Setup initialization settings

Http://www.ithov.com/linux/114735.shtml

CentOS 6.0 schematic Installation Tutorial: Basic configuration after installation

Http://www.ithov.com/linux/114739.shtml

If you are familiar with the installation of the CentOS Linux system, you can skip over the content and go to the following content to learn.

When the system installation is completed, we need to CentOS system security Configuration and Web server security configuration, the following wind network will be divided into two chapters to explain to everyone.

Let's take a look at the first part: System security Configuration

If you want to build a Linux server, and want to be able to maintain long-term, you need to consider security performance and speed, and many other factors. A proper Linux basic Security Configuration manual is particularly important.

1. Delete System Special user account:

Disable all default accounts that are not required by the operating system itself, when you first install the system should do this check, Linux provides a variety of accounts, you may not need, if you do not need this account, remove it, you have more accounts, the more vulnerable to attack.

#为删除你系统上的用户, use the following command:

[root@c1gstudio]# Userdel username

#批量删除方式

#这里删除 "ADM LP sync shutdown halt mail news UUCP operator games FTP" account

#如果你开着ftp等服务可以把ftp账号保留下来.

For I in ADM LP sync shutdown halt Mail news uucp ope rator Games Gopher ftp;d o userdel $i;d One

2. Delete System Special group account number

[root@c1gstudio]# Groupdel GroupName

#批量删除方式

For I in ADM LP Mail news UUCP games Dip pppusers pop users slipusers;d o groupdel $i;d One

3. User Password setting

When installing Linux, the default password minimum length is 5 bytes, but that's not enough to set it to 8 bytes. Modifying the minimum password length requires editing the Login.defs file #vi/etc/login.defs

Pass_max_days 99999 # #密码设置最长有效期 (default)
Pass_min_days 0 # #密码设置最短有效期
Pass_min_len 5 # #设置密码最小长度, change 5 to 8
Pass_warn_age 7 # #提前多少天警告用户密码即将过期.

And then modify the root password

#passwd Root
New UNIX Password:
Retype new UNIX Password:
Passwd:all authentication tokens updated successfully.