Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to make Linux workstation more solid", the content is simple and easy to understand, organized clearly, I hope to help you solve doubts, let Xiaobian lead you to study and learn "how to make Linux workstation more solid" this article bar.

For every system administrator, here are some necessary steps to take:

1. Firewire and Thunderbolt modules are disabled. 2. Check the firewall to make sure all inbound ports are filtered. 3. Make sure root mail is forwarded to the account you checked. 4. Set up an automatic OS update schedule or update reminders.

In addition, you should also consider some of the best steps to take to further strengthen the system:

1. Check to make sure the sshd service is disabled by default. 2. Set the screensaver to lock automatically after a period of inactivity. 3. Install logwatch. 4. Install and use rkhunter 5. Install intrusion detection system 1. Blacklisting related modules

To blacklist Firewire and Thunderbolt modules, add the following lines to the file in/etc/modprobe.d/blacklist-dma.conf:

blacklist firewire-coreblacklist thunderbolt

Once the system is restarted, these modules will be blacklisted. Even if you don't have these ports, there's no harm in doing so.

2. root mail

By default, root messages are saved entirely on the system and are often never read. Make sure you set up/etc/aliases to forward root mail to the mailbox you actually read, otherwise you risk missing important system notifications and reports:

# Person who should get root’s mailroot: bob@example.com

After this editing, run newaliases and test it to make sure the mail has actually been delivered, because some email providers reject emails from domains that don't exist or that can't be routed. If this is the case, you will need to adjust your mail forwarding configuration until it is feasible.

3. Firewall, sshd and listening daemons

Default firewall settings will depend on your distribution, but many allow inbound sshd ports. Unless you have a good reason to allow inbound ssh, you should filter this out and disable the sshd daemon.

systemctl disable sshd.servicesystemctl stop sshd.service

If you need to use it, you can always activate it temporarily.

In general, your system should not have any listening ports other than ping. This will help you guard against zero-day vulnerabilities at the network level.

4. Automatic updates or notifications

It is recommended to turn on automatic updates unless you have a very good reason not to, such as fear that automatic updates will make your system unusable (this has happened before, so this fear is not unfounded). At the very least, you should enable automatic notification of available updates. Most distributions already have the service running automatically for you, so you probably don't have to do anything about it. Check out the documentation for the distribution to learn more.

5. view the log

You should pay close attention to all activities that occur on the system. For this reason, logwatch should be installed and configured to send activity reports nightly indicating everything that is happening on the system. This doesn't prevent dedicated attackers, but it's a good safety net feature that needs to be deployed.

Note that many systemd distributions no longer automatically install the syslog server required by logwatch (that's because systemd relies on its own logs), so you need to install and enable rsyslog to ensure that/var/log is not empty before logwatch has any use.

6. rkhunter and IDS

Unless you actually understand how it works and take the necessary steps to set it up properly (such as placing the database on external media, running checks from trusted environments, remembering to update the hash database after performing system updates and configuration changes, etc.), installing an intrusion detection system (IDS) such as rkhunter and aid or tripwire is not very useful. If you are unwilling to take these steps and adjust the way you perform tasks on your workstation, these tools will only cause trouble without any real security benefits.

We do recommend that you install rkhunter and run it at night. It's fairly easy to learn and use; it won't spot tricky attackers, but it will help you spot your own mistakes.

That's all for "How to Make Linux Workstations Stronger", thanks for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.