I. Linux hardening targets and objectsobjective of the project strengthening: to solve the security problems of Linux servers identified by the company in the risk assessment work this year, and to promote the security status of Linux servers to a higher level of security, in combination with the requirements of the re
Php implements troubleshooting and hardening of Linux server Trojans. Php implements troubleshooting and hardening of Linux server Trojans. linux reinforced websites are often infected with Trojans for some improvement. this problem can be basically solved because discuzx an
, such as: DD, cpio, tar, dump, etc.7 Other 7.1 using firewallsFirewall is an important aspect of network security, we will have another topic to elaborate on the firewall, including the principle of the firewall, Linux 2.2 kernel under the IPChains implementation, Linux 2.4 kernel NetFilter implementation, commercial firewall product applications.7.2 Using third-party security toolsLinux has a lot of good
;/etc/issueCp-f/etc/issue/etc/issue.netEcho >>/etc/issue2) for Apache configuration file, find Servertokens and serversignature two directive, modify its default properties as follows, use no echo version number:Servertokens PRODServersignature OFFVi. iptables Firewall Rules:Iptables-a input-p--dport 22-j ACCEPTIptables-a input-i eth0-p TCP--dport 80-j ACCEPTIptables-a input-m State--state established,related-j ACCEPTIptables-a input-j DROPThe above rule will block TCP active pick-up from the in
login directly.Operation Steps
Create normal rights account and configure password to prevent remote login;
Use the command to vi /etc/ssh/sshd_config modify the configuration file to change the value of Permitrootlogin to No, save it, and then use the Restart service sshd restart service.
2. Service2.1. Turn off unnecessary servicesReduce risk by shutting down unnecessary services, such as normal services and xinetd services.Operation StepsUse systemctl disable the command t
/ sysctl.confsysctl-p# Modifying a configuration file Vi/etc/login.defspass_max_days 90 #新建用户的密码最长使用天数 pass_min_days 0 #新建用户的密码最短使用天数 pass_warn_age 7 #新建用户的密码到期提前提醒天数 Pass_min_len 9 # Minimum password length 9---5. Limit which accounts can switch to ROOT1) #vi/etc/pam.d/suauth required/lib/security/pam_wheel.so group=dba#usermod-gdba test Join the test user to the DBA group---6. System kernel Security vi/etc/sysctl.conf# Kernel sysctl configuration file for Red Hat
unlock_time=120To the second row.The server needs to be restarted for the configuration to take effect.
Check host access control (IP limit)To perform a backup:#cp-P/etc/hosts.allow/etc/hosts.allow_bak#cp-P/etc/hosts.deny/etc/hosts.deny_bakVim/etc/hosts.allow #插入all:*. *.*.*:allowVim/etc/hosts.deny #插入sshd: 555.555.555.555:deny
Check Password lifecycle requirementsCp-p/etc/login.defs/etc/login.defs_bakTo modify policy settings:#vi/etc/login.defsModify the value of Pass_min_len to 5, modify
Linux server security is important for protecting user data and intellectual property, while also reducing the time you face hackers. At work, the system administrator is usually responsible for the security of Linux, and in this article, 20 recommendations for hardening Linux systems are described. All of the recommen
Write in front: Blog Writing in mind 5w 1 H law: w hat,w hy,w hen,w here,w ho,h ow.
The main content of this article:Authority authenticationSELinux operating mode/startup modeSecurity Context View and modification
Brief introduction:SELinux is all called security Enhanced Linux, which means secure hardening of Linux.It is designed to prevent "misuse of internal staff resources". It
Tags: assigning ISO grub.con an unload performing read-write associated HIDAbout "Security hardening"Safety is relative.Reinforcement may involve all aspects of the system: (1) hardware. For example: Intel X86 Hardware vulnerability; (2) operating system. Run from installation to installation and (3) system services. The service itself installs the configuration, the system resources involved in the service, and the external access to the service (dat
unnecessary ports, timely patching loopholes and other technologies to increase the security of the system. From this, I have compiled a short Linux reinforcement article, only for Linux beginners, I hope to be able to help you. Network security has always been the most important and the biggest gap in the Internet, and it is imperative to ensure the security of Internet users. 2. What is the security
/profile/etc/profile.bakecho export tmout=600 >>/etc/profile #增加10分钟超时退出echo export histtimeformat=\ '%F% T ' WhoAmI ' >>/etc/profile #记录操作历史记录的时间echo export histfilesize=10000 >>/etc/profileecho export hists ize=10000 >>/etc/profilesource/etc/profileNote: Historical command history can effectively record the behavior of the user, on the one hand can be easily found, but also to see when the user did what action. This article is from the "Ljohn" blog, make sure to keep this source http://ljohn.b
appropriate room security is scheduled.#9, disable services that you do not need. Disable all unnecessary services and daemons, and remove them from the system boot. Use the following command to check if a service is booting with the system.grep ' 3:on 'To disable a service, you can use the following command:# service ServiceName stop# chkconfig serviceName off#9.1, check the network monitoring port.Use the netstat command to see which listener ports are on the server # NETSTAT-TULPN if you hav
,denyDeny from allTrojan Avira and Prevention:Grep-r--include=*.php ' [^a-z]eval ($_post '/home/wwwroot/Grep-r--include=. php ' file_put_contents (. $_post[.*]); '/home/wwwroot/Using Find Mtime to find the last two days or the days of discovering a trojan, which PHP files have been modified:Find-mtime-2-type F-name *.phpTo change directory and file properties:Find-type f-name *.php-exec chomd 644 {} \;Find-type d-exec chmod 755 {} \;Chown-r www.www/home/wwwroot/www.test.comTo prevent cross-site
This article describes how to use php to troubleshoot and reinforce Linux Server Trojans. This article describes how to search for, search for recently modified files, and modify php Based on the pattern. ini, modify nginx. conf and other methods.
This article describes how to use php to troubleshoot and reinforce Linux Server Trojans. This article describes how to search for, search for recently modified f
Write in front:When you get a server, don't worry about deploying apps, security is a top priority. If you sort the order, the Linux system can be secured by following several steps. This article is mainly for the enterprise common CentOS system, Ubuntu system slightly different can be Baidu query.1. System User Optimization2. System service Optimization3.SSH Access Policy4. Firewall configuration1. System User OptimizationNote: When we perform system
the file system has the script file stored in the "/opt" directory. Running a script into the file system's "/opt" directory automatically cures the Linux system to EMMC, which automatically formats the EMMC as the boot partition and ROOTFS partition.2.1 SD System boot Card partition mount descriptionUsing SD card to launch the Development Board, go to the Development Board file system execute the following instructions to view the system detailed mo
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.