Article Title: Linux server security policy details (5 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Chapter 2 Linux network services and xinetd
4.1 Linux Startup Process
4.1.1 Linux Startup Process details
1. From BIOS to Kernel
(1) BIOS self-check
After the comp
Article Title: Linux server security policy details (11 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
6.3 configure a safe Apache server
Reasonable network configuration can protect Apache servers from many attacks.
6.3.1 frequent Patching
The latest changelogs on h
Linux security policy: only open the 443 Management port for a fixed IP address-Linux Enterprise Application-Linux server application information. For more information, see the following. First, make sure that your firewall is on. If you do not know how to enable the firewall on the internet, find the security directory under/etc, which contains an iptable file.
Article Title: Linux server security policy explanation 12. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
6.3.8. Password protection for Apache servers
The. htaccess file is a configuration file on the Apache server. It is a text file that can be written in any text ed
wu-ftpd. If the skate user in the skate group cannot switch to another directory during logon, modify the configuration file to add:
DefaultRoot ~ Skate, skate
In this way, it can only stay in its home directory.
(4) restrict FTP command privileges
Prohibit some users from creating or deleting directories. If you find that some users have threatening behaviors, you can put them in a specific group (badusers ). Use the following Configuration:
Order deny, allow
DenyGroup badusers
AllowAll
In thi
. The default value is ".".
Defaultshell: Displays the path location of the shell installation. The default value is:%systemroot%system32cmd.exe/q/k
Maxfailedlogins: Displays the maximum number of unsuccessful attempts to log on before the connection terminates. The default is 3.
Loginscript: Displays the path location of the Telnet server logon script. The default location is "%systemroot%system32login.cmd", and you can change the script content s
corresponding IP, that is, need to have a corresponding resolution service, DNS or hosts file can be. Similar to the Require IP statement, there are similar uses for a specific host,授权特定主机访问:Require host HOSTNAME拒绝特定主机访问:Require not host HOSTNAME124, deny all host access, only allow hostname for CENTOS7 host access. The configuration is as follows:5, to allow all host access, except to deny hostname for CENTOS7 host access. The same Require not Ip,require not host is also required to be used in
Download and install the latest Tomcat version, the latest version is generally fixed the old version of the problem, including security issues; modify the Tomcat management background account and password (tomcat \ conf \ tomcat-user.xml) modify the user permission for
servlet technology has added many features (including access security, session management, and thread control ), however, it is just roughly equivalent to the CGI interface customized for fast and direct Java language calls. JSP provides a simple way to process dynamically generated HTML pages. these HTML pages are directly compiled into servlets for quick operation.
In addition to these two technologies, Tomc
Tomcat security configuration in CentOS1. initialize the configuration after installation
After Tomcat is installed, you must do the following:
Delete all the codes in webapps immediately after the first installation.
rm -rf /srv/apache-tomcat/webapps/*
Comment or delete all user permissions for the
Author: Akash kava Translator: misthill
Tomcat is a web server widely used in the world to support JSP and servlets. It runs well in Java and supports Web application deployment.It is easy to run tomcat. Download the installation program from the Tomcat website to install Tomcat. No one has a thorough understanding of
tcp--dport 80-j REDIRECT--to-port 8080
View Rules
Iptables-t nat-lThe other is the 80 request to call 8080 of the scheme
This scheme can add a reverse proxy to the front of Tomcat, such as Nginx,apache,squid,varnish or F5, array devices, etc.
3. Application Security
Turn off the War automatic deployment Unpackwars= "false" autodeploy= "false". Prevent the implantation of malicious programs such as Tro
Release date:Updated on:
Affected Systems:Apache Group Tomcat 7.xApache Group Tomcat 6.xUnaffected system:Apache Group Tomcat 7.0.23Apache Group Tomcat 6.0.35Description:--------------------------------------------------------------------------------Bugtraq id: 51442Cve id: CVE-2011-3375
Apache
format certificate library cannot be imported directly, we must first export the client certificate as a separate CER file, using the following command:keytool-export-alias tianli-keystore d:/downloads/p12/tianli.p12-storetype pkcs12-storepass tianli-rfc-file D: /downloads/cert/tianli.cerwith the above command, the client certificate is exported to the "D:/downloads/cert/tianli.cer r" file. The next step is to import the file into the certificate Library of the server and add it as a Trust cert
This article describes security and is not very useful to us. For example, if we build a machine and install Tomcat and run some applications in it, if a user writes a JSP like this:
This JSP will cause Tomcat to exit. Because the entire JVM has exited. This document describes how Tomcat configures a
for each person, if you can repeat the above operation also achieve the purpose, considering the need for a lot of testing, and deployed on different machines, think of the method of using the program to automatically generate commands. The program that generates the command is written using java, and the build command needs to be set up in advance with the following items: 1. basedir the location of the generated command file, the generated command runs after the generated CER and p12 format f
For messages from the Tomcat email list, all Tomcat vulnerabilities are exposed.
CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilitiesSecurity level: low
This vulnerability affects all current Tomcat versions. The Tomcat development team said t
Solutions:Principle: Slow read attacks through concurrent connection pooling (based on TCP persistence time), and so on. Slow attacks are based on the HTTP protocol, which, through careful design and construction, can cause server delays, which can result in a denial of service when the server's load capacity is too highSolution:1 set Tomcat/server.xml file ConnectionTimeout value, default is 20000ms, modified to 8000ms (
In the Web application has ten proactive security measures, do not know users do not know? Is this a good way to secure systems and browsers? Let's go and have a look! nbsp; 1:content-security-policy nbsp; nbsp; content Security
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.