Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to realize the security management under the linux system". In the daily operation, I believe that many people have doubts about how to realize the security management under the linux system. The editor has consulted all kinds of materials and sorted out the simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to realize the security management under the linux system". Next, please follow the editor to study!

1. Bootstrap security

Linux system root password is easy to crack, of course, the premise is that you do not set the bootstrap password, such as GRUB or LILO, in order to prevent the bootstrap program from cracking the root password, it is strongly recommended to set the GRUB or LILO boot password, you can edit its configuration file / etc/grub.conf or / etc/lilo.conf, set the password parameter.

two。 Unsafe permission settin

The common file permission under linux is r w x, but in fact, there is another permission called s. If the s permission is assigned to a file, the file will have the permissions of the corresponding host user or host group user when it is executed, for example:

# chmod Utility testfile

# ls-la testfile

Rwsr- root root 10 testfile

In this way, when the file is executed by another user, the user has the execute rights to the testfile of the file host user root. Similarly, when the host group of a file has s permission, the user executing the file has the permissions of the file host group user on the file, which is quite dangerous.

Just imagine, if the file that commands chmod is given s permission, what else can't other users do? Then it can change the permissions of any file, of course, s permissions need to be used in conjunction with x permissions, s permissions without x permissions do not make any sense.

3. Automatic logout

When a user forgets to log out after using the server, it is also dangerous. At this time, the administrator can set the timeout parameter of the / etc/profile file, and when the user does nothing for a period of time, the system automatically logs off the user.

4. Set password complexity

In order to prevent the system user password from being too simple to be deciphered, you can edit the / etc/login.defs file and set the system user password complexity, such as the longest password, the shortest password, the expiration time and so on.

5. Prohibit unnecessary users from logging in to the system

To prevent other non-system users from logging in to the system, you can add users with a non-existent home directory and a non-existent shell environment, and of course, it is best to change the access permissions for the / etc/passwd and / etc/shadow files so that root users can access them later.

At this point, the study on "how to achieve security management under the linux system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.