Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the security hidden danger prevention countermeasures of Linux". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the security hidden danger prevention countermeasures of Linux?"

Boot: when prompted after Linux starts, use a special command, such as Linuxsingle or Linux 1, to enter single-user mode (Single-User mode). This command is very useful, such as forgetting the superuser (root) password. Restart the system and type Linux single (or Linux 1) at the boot: prompt. After the super user enters the system, edit the Passwd file and remove the x from the root line.

Preventive measures:

Enter the system as superuser (root), edit the / etc/inittab file, change the settings of id:3:initdefault, and add an additional line (as follows) to prompt for the superuser password when the system is rebooted into single-user mode:

◆ ~: S:walt:/sbin/sulogin

Then execute the command: / sbin/init Q to make this setting work.

Pass hazard parameters to the core when the system starts up

The most commonly used boot load (boot loader) tool under Linux is LILO, which is responsible for managing the boot system (you can add other partitions and operating systems). But some illegal users may start Linux casually or pass dangerous parameters to the core when the system starts, which is also quite dangerous.

Preventive measures:

Edit the file / etc/lilo.conf to include the restricted parameter, which must be used with the following password parameter, indicating that you need to enter a password when passing some parameters to the Linux kernel at the boot: prompt.

The ◆ password parameter can be used with restricted or alone, as described below.

Use with restricted: it is important to note that passwords are required only when kernel parameters need to be passed to the kernel at startup, while in normal (default) mode, passwords are not required.

Used alone (not used with restricted): indicates that Linux always requires a password no matter what startup mode is used; if there is no password, there is no way to start Linux, in which case it is more secure, which is equivalent to adding another layer of defense to the perimeter. There are disadvantages, of course-you can't restart the system remotely unless you add the restricted parameter.

Since the password is not encrypted in plaintext, the / etc/lilo.conf file must be set to be readable only to the superuser, and can be set using the following command:

◆ chmod 600 / ietc/lilo.conf

Then execute the command: / sbin/lilo-V, write it to boot sector, and make the change take effect.

To enhance the security of the / etc/liIo.conf file, you can also set the file to an immutable attribute, using the command:

◆ chattr + i/etc/lilo.conf

If you want to modify the / etc/liIo.conf file later, use the chattr-i/etc/lilo.conf command to remove this attribute.

Restart using the "Ctrl+Alt+Del" key combination

This is very important and easy to ignore. If an illegal user has access to the server's keyboard, he can use the key combination "Ctrl+AIt+Del" to restart your server.

Preventive measures:

Edit the / etc/inittab file and comment ca::ctrlaltdel:/sbin/shutdown-t3-r now with # ca::ctrlaltdeI:/sbin/shutdown-t3-r now.

Then execute the command: / sbin/init Q to make this change effective.

Thank you for your reading. The above is the content of "what are the countermeasures against the hidden dangers of Linux". After the study of this article, I believe you have a deeper understanding of what the countermeasures against the hidden dangers of Linux have, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.