Shulou(Shulou.com)06/01 Report--

How to protect CentOS system security, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Nowadays, the use of the network is becoming more and more insecure, and the resulting security problems make many users uneasy, and everyone is looking for an excellent way to protect their computers. This time, although we can not say that we have come up with an excellent way, but this setting has definitely helped you a lot.

1. In the CentOS system, if you use a firewall to close any unnecessary ports, other people can't PING the server, and the threat is naturally reduced by more than half.

Ways for CentOS systems to prevent others from ping:

1) type at the command prompt

Echo 1 > / proc/sys/net/ipv4/icmp_ignore_all

2) disable (or discard) icmp packets with a firewall

Iptables-An INPUT-p icmp-j DROP

3) do not respond to all packets that communicate with ICMP

Like PING TRACERT.

2. If the SSH port is changed to more than 10000 in the CentOS system, the probability of others scanning the port will also be reduced.

Vi / etc/ssh/sshd_config

Change PORT to more than 1000 ports

At the same time, create a normal login user and cancel direct root login

Useradd 'username'

Passwd 'username'

Vi / etc/ssh/sshd_config

Add the following sentence in * *:

PermitRootLogin no # cancel root direct remote login

3. Delete the bloated and redundant account of the CentOS system: userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp, if you do not allow anonymous FTP, delete the user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers.

4. Change the following file permissions so that no one has the permission to change the account: chattr + I / etc/passwd chattr + I / etc/shadow chattr + I / etc/group chattr + I / etc/gshadow

5 、 chmod 600 / etc/xinetd.conf

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.