Shulou(Shulou.com)06/01 Report--

This article introduces you how to achieve suse linux operating system security reinforcement, the content is very detailed, interested friends can refer to, hope to be helpful to you.

After the installation of the Suse Linux operating system, security scanning is needed to shut down the unused ports and strengthen the security of the operating system.

The system starts the service by default:

Shelly:/etc/init.d # nmap-P0 127.0.0.1

Starting Nmap 4.00 ([url] http://www.insecure.org/nmap/[/url]) at 2007-06-25 15:34 CST

Interesting ports on localhost (127.0.0.1):

(The 1666 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

427/tcp open svrloc

631/tcp open ipp

Nmap finished: 1 IP address (1 host up) scanned in 0.244 seconds

Shelly:/etc/init.d #

Second, the method of temporarily shutting down the service:

1. View the relationship between service and port:

For example, check the associated process of ipp service: # lsof | grep ipp

2. Confirm the relationship between service and port:

Serial Port Service path / etc/init.d status

1) 22 ssh sshd reservation

2) 25 smtp postfix off

3) 111111rpc portmap shutdown

4) 427 svrloc slpd off

5) 631 ipp cupsd shutdown

3. Manual shutdown method:

Stop smtp:/etc/init.d/postfix stop

Stop rpc:/etc/init.d/portmap stop

Stop svrloc:/etc/init.d/slpd stop

Stop ipp:/etc/init.d/cupsd stop

3. Permanent shutdown method:

After the manual shutdown, each time the system starts, the service will start itself, which needs to be permanently disabled from the startup configuration file:

Use the chkconfig-l command to view the auto-loading services of the current system: (intercept only some of the relevant services)

Shelly:/etc/init.d # chkconfig-l | grep on (in rhel chkconfig-- list | grep on)

Cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Cups 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Nfs 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Nfsboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Novell-zmd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

Nscd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Portmap 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Postfix 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Powersaved 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Random 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Resmgr 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Slpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Shelly:/etc/init.d #

Turn off method:

Shelly:/etc/init.d # chkconfig-s cups off

Shelly:/etc/init.d # chkconfig-s nfs off

Shelly:/etc/init.d # chkconfig-s nfsboot off

Shelly:/etc/init.d # chkconfig-s portmap off

Shelly:/etc/init.d # shelly:/etc/init.d # chkconfig-s postfix off

Shelly:/etc/init.d # chkconfig-s slpd off

Note: permanently shutting down portmap is associated with nfs. You must first shut down the nfs and nfsboot processes, otherwise there will be an error as follows.

Shelly:/etc/init.d # chkconfig-s portmap off

Insserv: Service portmap has to be enabled for service nfs

Insserv: Service portmap has to be enabled for service nfsboot

Insserv: exiting now!

/ sbin/insserv failed, exit code 1

Stop order is supported:

Shelly:/etc/init.d # chkconfig-s nfs off

Shelly:/etc/init.d # chkconfig-s nfsboot off

Shelly:/etc/init.d # chkconfig-s portmap off

Shelly:/etc/init.d #

4. Scanning system:

Restart the system and scan the system port

Shelly:/etc/init.d # nmap-P0 127.0.0.1

Starting Nmap 4.00 ([url] http://www.insecure.org/nmap/[/url]) at 2007-06-25 16:16 CST

Interesting ports on localhost (127.0.0.1):

(The 1670 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

Nmap finished: 1 IP address (1 host up) scanned in 0.213 seconds

Shelly:/etc/init.d #

At the end of this post, Xiao Bing solaris

Add:

Zmd has always had problems up to now, not to mention consuming a lot of system resources, and there are always inexplicable dependency errors in upgrades.

> su-root

# rpm-e zmd rug zen-updater

Then restart, you will see the familiar opensuseupdater in SUSE10 (installed by default)

Can perform online automatic check for updates and other functions.

On how to achieve suse linux operating system security reinforcement to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.