Shulou(Shulou.com)06/02 Report--

Although the linux system is safe, efficient and stable, it will not be safe if we do not pay attention to security optimization. This time, we will introduce account security, system boot and login security, as well as weak password detection, the use of network scanning tools.

I. account security control

1. System account cleanup

Set the shell of non-logged-in users to / sbin/nologin

Usermod-s / sbin/nologin

two。 Lock accounts that have not been used for a long time

Method 1: passwd-l username will appear before the ciphertext 2! Unlock passwd-u to view passwd-S

Method 2: 1 will appear before the usermod-L username ciphertext! Unlock usermod-U

3. Delete useless accounts

Userdel-r user name

4. Lock accounts that have not been used for a long time

Method 1: passwd-l username will appear before the ciphertext 2! Unlock passwd-u to view passwd-S

Method 2: 1 will appear before the usermod-L username ciphertext! Unlock usermod-U

5.。 Lock the file

Chattr + I / etc/shadow / etc/passwd

Cannot create a new user in the locked state

6.。 View file status

Lsattr / etc/passwd / etc/shadow

7.。 Unlock a file

Chattr-I / etc/passwd / etc/shadow

two。 Password security control

1. Modify the password validity period of an existing user:

Chage-M days username

two。 Modify the valid time of the password of the newly created user

Vim / etc/login.defs

Create a new user to see if it is successful

3. Force password change the next time you log in

Chage-d 0 zhangsan

(note that the new password cannot use consecutive characters or numbers, otherwise the new password is invalid)

three。 Command history limit

1. Reduce the number of historical commands

History command (1000 by default)

History view used history commands

History-c emptying history

Vim edit / etc/profile file (system global variable file, where all commands related to variables are placed), modify the value after "HISTSIZE="

two。 Automatic emptying history command on logout

Method: vim edits the ".bash _ logout" file in the host directory, and adds "history-c"

3. Terminal automatic logout

Vim edit / etc/profile file, add "export TMOUT= value"

After modifying the configuration file, enter the command source / etc/profiles to execute

No process is running, and the system logs out automatically after 15 seconds.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.