I. Linux hardening targets and objectsobjective of the project strengthening: to solve the security problems of Linux servers identified by the company in the risk assessment work this year, and to promote the security status of Linux servers to a higher level of security, in combination with the requirements of the re
, such as: DD, cpio, tar, dump, etc.7 Other 7.1 using firewallsFirewall is an important aspect of network security, we will have another topic to elaborate on the firewall, including the principle of the firewall, Linux 2.2 kernel under the IPChains implementation, Linux 2.4 kernel NetFilter implementation, commercial firewall product applications.7.2 Using third-party security toolsLinux has a lot of good
;/etc/issueCp-f/etc/issue/etc/issue.netEcho >>/etc/issue2) for Apache configuration file, find Servertokens and serversignature two directive, modify its default properties as follows, use no echo version number:Servertokens PRODServersignature OFFVi. iptables Firewall Rules:Iptables-a input-p--dport 22-j ACCEPTIptables-a input-i eth0-p TCP--dport 80-j ACCEPTIptables-a input-m State--state established,related-j ACCEPTIptables-a input-j DROPThe above rule will block TCP active pick-up from the in
Php implements troubleshooting and hardening of Linux server Trojans. Php implements troubleshooting and hardening of Linux server Trojans. linux reinforced websites are often infected with Trojans for some improvement. this problem can be basically solved because discuzx an
login directly.Operation Steps
Create normal rights account and configure password to prevent remote login;
Use the command to vi /etc/ssh/sshd_config modify the configuration file to change the value of Permitrootlogin to No, save it, and then use the Restart service sshd restart service.
2. Service2.1. Turn off unnecessary servicesReduce risk by shutting down unnecessary services, such as normal services and xinetd services.Operation StepsUse systemctl disable the command t
/ sysctl.confsysctl-p# Modifying a configuration file Vi/etc/login.defspass_max_days 90 #新建用户的密码最长使用天数 pass_min_days 0 #新建用户的密码最短使用天数 pass_warn_age 7 #新建用户的密码到期提前提醒天数 Pass_min_len 9 # Minimum password length 9---5. Limit which accounts can switch to ROOT1) #vi/etc/pam.d/suauth required/lib/security/pam_wheel.so group=dba#usermod-gdba test Join the test user to the DBA group---6. System kernel Security vi/etc/sysctl.conf# Kernel sysctl configuration file for Red Hat
unlock_time=120To the second row.The server needs to be restarted for the configuration to take effect.
Check host access control (IP limit)To perform a backup:#cp-P/etc/hosts.allow/etc/hosts.allow_bak#cp-P/etc/hosts.deny/etc/hosts.deny_bakVim/etc/hosts.allow #插入all:*. *.*.*:allowVim/etc/hosts.deny #插入sshd: 555.555.555.555:deny
Check Password lifecycle requirementsCp-p/etc/login.defs/etc/login.defs_bakTo modify policy settings:#vi/etc/login.defsModify the value of Pass_min_len to 5, modify
Linux server security is important for protecting user data and intellectual property, while also reducing the time you face hackers. At work, the system administrator is usually responsible for the security of Linux, and in this article, 20 recommendations for hardening Linux systems are described. All of the recommen
Write in front: Blog Writing in mind 5w 1 H law: w hat,w hy,w hen,w here,w ho,h ow.
The main content of this article:Authority authenticationSELinux operating mode/startup modeSecurity Context View and modification
Brief introduction:SELinux is all called security Enhanced Linux, which means secure hardening of Linux.It is designed to prevent "misuse of internal staff resources". It
unnecessary ports, timely patching loopholes and other technologies to increase the security of the system. From this, I have compiled a short Linux reinforcement article, only for Linux beginners, I hope to be able to help you. Network security has always been the most important and the biggest gap in the Internet, and it is imperative to ensure the security of Internet users. 2. What is the security
appropriate room security is scheduled.#9, disable services that you do not need. Disable all unnecessary services and daemons, and remove them from the system boot. Use the following command to check if a service is booting with the system.grep ' 3:on 'To disable a service, you can use the following command:# service ServiceName stop# chkconfig serviceName off#9.1, check the network monitoring port.Use the netstat command to see which listener ports are on the server # NETSTAT-TULPN if you hav
,denyDeny from allTrojan Avira and Prevention:Grep-r--include=*.php ' [^a-z]eval ($_post '/home/wwwroot/Grep-r--include=. php ' file_put_contents (. $_post[.*]); '/home/wwwroot/Using Find Mtime to find the last two days or the days of discovering a trojan, which PHP files have been modified:Find-mtime-2-type F-name *.phpTo change directory and file properties:Find-type f-name *.php-exec chomd 644 {} \;Find-type d-exec chmod 755 {} \;Chown-r www.www/home/wwwroot/www.test.comTo prevent cross-site
Write in front:When you get a server, don't worry about deploying apps, security is a top priority. If you sort the order, the Linux system can be secured by following several steps. This article is mainly for the enterprise common CentOS system, Ubuntu system slightly different can be Baidu query.1. System User Optimization2. System service Optimization3.SSH Access Policy4. Firewall configuration1. System User OptimizationNote: When we perform system
the file system has the script file stored in the "/opt" directory. Running a script into the file system's "/opt" directory automatically cures the Linux system to EMMC, which automatically formats the EMMC as the boot partition and ROOTFS partition.2.1 SD System boot Card partition mount descriptionUsing SD card to launch the Development Board, go to the Development Board file system execute the following instructions to view the system detailed mo
the user is rejected if it does not matchPermitrootlogin no//deny root user LoginCp/etc/ssh/sshd_config/etc/ssh/sshd_config.bakgrep Banner/etc/ssh/sshd_configbanner/etc/ssh/ssh_login_banner# Banner None//Cancel Banner message cat/etc/ssh/ssh_login_bannerwelcome to CentOS 6.5See if there's any/etc/inittab inside.#ca:: Ctrlaltdel:/sbin/shutdown-t3-r now//disable Ctrl+alt+delvi/etc/pam.d/system-authauth required pam_tally.so ONERR=FA Il deny=6 unlock_time=300//password consecutive error 6 times, a
Check the desktop environment in Linux, and view the desktop environment in linux
Linux desktop systems include gnome, kde, mate, cinnamon, lxde, xfce, and jwm. Common examples are gnome, kde, and xfce. So how can we determine whi
Do you know what Linux XDMCP is? This very advanced application technology will be explained by me. Where is Linux XDMCPNB? I will introduce you to the unlimited field of Linux XDMCP. To configure Linux XDMCP, you can access the Linux de
In Linux, the desktop program icon file is written in linux. desktop
[Desktop Entry] // each desktop file starts with this label, indicating that this is a Desktop Entry file Version =
A complete Click-by-click, step-by-step video of this article are available here.OR ... You can read the article, Line-by-line.It all starts with a Linux Server running in the Windows Azure cloud ...Onto This "ll install a Remote Desktop Protocol (RDP) server called XRDP.But to get this server software installed, you need to configure the Linux server. You'll use
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.