Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to set up to make the linux operating system more secure, with a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to know about it.

BIOS security

Remember to set a BIOS password in the BIOS settings and do not receive floppy boot. This prevents malicious people from booting your Linux system with a special boot disk, and prevents others from changing BIOS settings, such as changing floppy boot settings or starting the server without popping up a password box.

LILO security

Add three parameters to the "/ etc/lilo.conf" file: time-out, restricted, and password. These options require a password when the startup time (such as "linux single") is transferred to the startup reprinter.

Step 1

Edit the lilo.conf file (/ etc/lilo.conf) to add and change these three options:

QUOTE:

Boot=/dev/hda

Map=/boot/map

Install=/boot/boot.b

Time-out=00 # change this line to 00

Prompt

Default=linux

Restricted # add this line

Password= # add this line and put your password

Image=/boot/vmlinuz-2.2.14-12

Label=linux

Initrd=/boot/initrd-2.2.14-12.img

Root=/dev/hda6

Read-only

Step 2

Because the password is not encrypted, the "/ etc/lilo.conf" file is readable only to the root user.

[root@kapil /] # chmod 600 / etc/lilo.conf (no longer globally readable)

Step 3

After making the above changes, update the configuration file "/ etc/lilo.conf".

[Root@kapil /] # / sbin/lilo-v (update lilo.conf file)

Step 4

Another way to make "/ etc/lilo.conf" more secure is to make it unchangeable with the chattr command:

[root@kapil /] # chattr i / etc/lilo.conf

It will block any changes to the "lilo.conf" file, intentionally or not.

For more information about lilo security, refer to LILO.

Disable all special accounts

Delete all default user and group accounts that you do not use in lp, sync, shutdown, halt, news, uucp, operator, games, gopher, etc.

To delete a user account:

[root@kapil /] # userdel LP

To delete a group account:

[root@kapil /] # groupdel LP

Choose the appropriate password

Follow the following principles when choosing a password:

Password length: the default minimum password length when installing a Linux system is 5 characters. This length is not enough, it should be increased to eight. To change to 8 characters, you must edit the login.defs file (/ etc/login.defs):

PASS_MIN_LEN 5

Change to:

PASS_MIN_LEN 8

"login.defs" is the configuration file for the login program.

Enable blind area password support

Please enable the blind area password feature. To do this, use the "/ usr/sbin/authconfig" utility. If you want to change the existing passwords and groups in the system to blind passwords and groups, use the pwconv and grpconv commands, respectively.

Thank you for reading this article carefully. I hope the article "how to set up to make the linux operating system more secure" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.