Discussion on Linux system management experience

Simply put, Linux is a set of http://www.aliyun.com/zixun/aggregation/17944.html "> free and freely-propagated Unix-like operating systems, which are primarily used on computers based on the Intel x86 series CPUs. This system is designed and implemented by tens of thousands of programmers around the world. The aim is to establish UNIX-compatible products that are freely available to the world without the copyright of any commercial software.

The basic idea of Linux is two: First, everything is a file; second, every software has a certain purpose, and they are written as best as possible. The first, in detail, is that everything in the system comes down to a file, including commands, hardware and software devices, operating systems, processes, and so on, that are considered to have their own attributes or types of files for the operating system kernel. Linux is based on Unix, largely because the basic ideas of the two are very similar.

About partitions

A potential hacker who wants to attack your Linux server will first attempt a buffer overflow. In the past few years, the type of buffer overflow is the most common form of security vulnerabilities
。 More seriously, buffer overflow vulnerabilities account for the vast majority of remote network attacks, which can easily give an anonymous Internet user access to some or all of the control of a host!

To prevent such attacks, we should be aware of this when installing the system. If you use root partitioning to record data, such as log files and emails, it can cause a system crash because of a denial of service that generates a lot of logs or spam. Therefore, it is recommended to open separate partitions for VAR to store logs and mail to avoid overflow of the root partition. It is best to open a separate partition for a particular application, especially a program that generates a large number of logs, and it is recommended that the filesystem be partitioned separately so that they do not fill/partition, thereby avoiding some malicious attacks against the Linux partition overflow.

About BIOS

Remember to set a BIOS password in the BIOS setup and do not receive floppy boot. This prevents malicious people from starting your Linux system with a dedicated startup disk and avoiding other people changing BIOS settings, such as changing floppy boot settings or not ejecting the password box to start the server directly, and so on.

About passwords

Password is the main means of authenticating users in the system, the system installed the default password minimum length is usually 5, but to ensure that passwords are not easily guessed attack, can increase the minimum length of the password, at least equal to 8. To do this, you need to modify the parameter Pass_min_len (minimum password length) in the file/etc/login.defs. At the same time should limit password use time, guarantee to change the password regularly, suggest to modify parameter pass_min_days (password use time).

About Ping

Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following line of command to/etc/rc.d/rc.local so that it automatically runs after each boot, which prevents your system from responding to any external/internal ping requests.

Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all