Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to strengthen Linux security, the content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

It is often said that Linux is more secure than Windows. However, any computer connected to the network cannot be relatively secure. Just as we need to always pay attention to whether the walls of the courtyard can be secured, we also need to maintain and strengthen the operating system. Here, we only talk about the general steps that multiple users can use to strengthen the system.

Before starting to enhance, users need to have a clear view of the following three questions: what purpose the system is used for, what software it needs to run, and what flaws or threats users need to protect against. The three questions are causal in turn, that is, the former question is the cause of the latter question, and the latter question is the result of the previous one.

Start from scratch

It is possible to strengthen a system from a known security form, but in practice this enhancement can also start with a "naked" system. This means that users will have the opportunity to re-partition the system disk, and it is a prudent security method to separate all data files from operating system files.

The next step is to configure a smallest device, of course, to let the system boot, and then add the necessary sequence packages to complete the task. This is an important step. Why is it necessary to minimize the number of devices? The reason is that the less code in the machine, the fewer flaws that can be used: no one can use flaws that don't exist, can they? You also need to patch the operating system, and you have to patch all the order of use that runs on the system.

Note, however, that if someone has physical access to the machine he is accessing, he will be able to boot the computer from a CD or other media and gain access to the system. Therefore, it is best for the user to configure the BIOS of the system, limit the ability to boot from the hard disk, and maintain this configuration with a strong password.

The next step is to compile your own system kernel, and it's still important to include only the parts you need. Once you have finished building your own customized system and rebooting into the kernel, the ability of your kernel to be attacked will be greatly reduced. But the way to strengthen the system is not limited to this, and the best is yet to come.

Reduce servic

After running the experienced slimming system, the next step is to make sure you only run the services you need. So far, users have cleaned up a lot of services before, but there are still many services that are still running in the background. Users need to find these services in multiple locations, such as / etc/init.d and / etc/rc.d/rc.local, including multiple startup processes, and verify everything started by cron. Users can also verify listening sockets in order such as netstat or Nmap. For example, many services that users need to disable can include network file system (samba), remote access services, and so on.

Of course, you can't generalize. Assuming you do need certain services, you should try to limit its potentially damaging effects on other parts of the system and try to make it work in your own chroot path, distinguishing it from other parts of the file system.

Pay attention to permissible questions

As a user or maintainer, you must ensure that no user can perform their unwanted order or open unwanted files. The maintainer should audit the entire system and reduce the tolerance of each document to a minimum feasible level. Our goal is that no one can read or write files that have nothing to do with them. In addition, all sensitive data should be encrypted.

On how to strengthen Linux security to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.