Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about vulnerability protection under the premise of ensuring the security of the Linux system. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

As an open operating system, Linux is loved by many programmers, and many senior programmers like to write software related to the Linux operating system. This makes the Linux operating system has rich software support, as well as countless technicians as technical backing and technical support, which makes Linux more and more popular among programmers.

However, one of the biggest disadvantages of this open operating system is that the level of each programmer is different, and he does not pay attention to the vulnerabilities in his own program after writing the relevant software. There is no unified vulnerability checking, which makes Linux software appear a lot of vulnerabilities, while software developers are difficult to detect the vulnerabilities of their own programs, but hackers will pay close attention to these vulnerabilities and will take advantage of them to achieve their own goals. So is the Linux system not safe? In fact, you don't have to worry, as long as you do the following points, you can feel at ease to use the Linux system.

I. cancel unnecessary services

In early versions of Unix, each different network service had a service program running in the background, and later versions used a unified / etc/inetd server program to do this. Inetd is the abbreviation of Internetdaemon, it monitors multiple network ports at the same time, and once it receives the connection information from the outside, it executes the corresponding TCP or UDP network service.

Because it is under the unified command of inetd, most TCP or UDP services in Linux are set in the / etc/inetd.conf file. So the first step in canceling unnecessary services is to check the / etc/inetd.conf file and add a "#" number before unwanted services.

In general, services other than http, smtp, telnet and ftp should be cancelled, such as simple File transfer Protocol (tftp), imap/ipop transport protocol for network mail storage and reception, gopher for finding and searching data, and daytime and time for time synchronization.

There are also services that report the status of the system, such as finger, efinger, systat, and netstat, which are useful for checking system errors and finding users, but also provide a convenient door for hackers. For example, hackers can use finger services to find users' phones, usage directories, and other important information. Therefore, many Linux systems cancel all or part of these services to enhance the security of the system.

In addition to setting up system service items with / etc/inetd.conf, Inetd also uses the / etc/services file to find the ports used by each service. Therefore, the user must carefully check the settings of each port in the file to avoid security vulnerabilities.

There are two different types of services in Linux: one is a service that is executed only when needed, such as a finger service, and the other is a non-stop service that is always executing. This type of service starts when the system starts up, so its services cannot be stopped by modifying inetd, but only by modifying the / etc/rc.d/ RC [n] .d / file or using Run

After reading the above, do you have any further understanding of vulnerability protection on the premise of ensuring the security of Linux systems? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.