Shulou(Shulou.com)06/01 Report--

Linux server security tips, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

If your Linux server is accessed by unauthorized users (such as servers in public computer rooms and public offices), there will be serious risks to its security.

 uses single-user mode to enter the system

Boot: when prompted after  Linux starts, use a special command, such as Linuxsingle or Linux 1, to enter single-user mode (Single-User mode). This command is very useful, such as forgetting the superuser (root) password. Restart the system and type Linux single (or Linux 1) at the boot: prompt. After the super user enters the system, edit the Passwd file and remove the x from the root line.

Countermeasures against :

 enters the system as superuser (root), edits the / etc/inittab file, changes the settings of id:3:initdefault, and adds an additional line (as follows) to prompt for the superuser password when the system is rebooted into single-user mode:

 ~: S:walt:/sbin/sulogin

 then executes the command: / sbin/init Q to make this setting work.

 passes hazard parameters to the core when the system starts up

The most commonly used boot loader tool for  under Linux is LILO, which is responsible for managing the boot system (which can be added to other partitions and operating systems). But some illegal users may start Linux casually or pass dangerous parameters to the core when the system starts, which is also quite dangerous.

Countermeasures against :

 edits the file / etc/lilo.conf and adds the restricted parameter, which must be used with the following passWord parameter, indicating that you need to enter a password when passing some parameters to the Linux kernel at the boot: prompt.

The  passWord parameter can be used with restricted or alone, as described below.

 is used with restricted: it is important to note that a password is required only when you need to pass to kernel parameters at startup, while in normal (default) mode, you do not need a password.

 is used alone (not with restricted): it means that Linux always requires a password no matter what startup mode is used; if there is no password, there is no way to start Linux, in which case it is more secure, which is equivalent to adding another layer of defense to the perimeter. There are disadvantages, of course-you can't restart the system remotely unless you add the restricted parameter.

 because the password is not encrypted in plaintext, the / etc/lilo.conf file must be set to be readable only to the superuser, and can be set using the following command:

 chmod 600 / ietc/lilo.conf

 then executes the command: / sbin/lilo-V, writes it to boot sector, and makes the change take effect.

 to enhance the security of the / etc/liIo.conf file, you can also set the file to an immutable attribute, using the command:

 chattr + i/etc/lilo.conf

 if you want to modify the / etc/liIo.conf file later, use the chattr-i/etc/lilo.conf command to remove this attribute.

 restarts using the "Ctrl+Alt+Del" key combination

 is very important and easy to ignore. If an illegal user has access to the server's keyboard, he can use the key combination "Ctrl+AIt+Del" to restart your server.

Countermeasures against :

 edit the / etc/inittab file and comment ca::ctrlaltdel:/sbin/shutdown-t3-r now with # ca::ctrlaltdeI:/sbin/shutdown-t3-r now.

 then executes the command: / sbin/init Q to make the change take effect.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.