Shulou(Shulou.com)06/01 Report--

This article is about how to configure Linux to ensure the security of its system. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

1. If you use a firewall to close any unnecessary ports, other people's PING will not reach the server, and the threat will naturally be reduced by more than half.

Ways to prevent others from ping:

1) type at the command prompt

Echo 1 > / proc/sys/net/ipv4/icmp_ignore_all

2) disable (or discard) icmp packets with a firewall

Iptables-An INPUT-p icmp-j DROP

3) do not respond to all packets that communicate with ICMP

Like PING TRACERT.

2. To change the SSH port, it is best to change it to more than 10000, and the probability of others scanning the port will also be reduced.

Vi / etc/ssh/sshd_config

Change PORT to more than 1000 ports

At the same time, create a normal login user and cancel direct root login

Useradd 'username'

Passwd 'username'

Vi / etc/ssh/sshd_config

At the end, add the following sentence:

PermitRootLogin no # cancel root direct remote login

3. Delete the bloated and redundant accounts of the system: userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp. If you do not allow anonymous FTP, delete the user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers.

4. Change the following file permissions so that no one has the permission to change the account: chattr + I / etc/passwd chattr + I / etc/shadow chattr + I / etc/group chattr + I / etc/gshadow

5 、 chmod 600 / etc/xinetd.conf

6. Disable login of anonymous users on FTP

Thank you for reading! This is the end of this article on "how to configure Linux to ensure the security of its system". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.