Shulou(Shulou.com)06/01 Report--

How to set up the security of CentOS operating system, in view of this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

This time we are still talking about security issues, in the CentOS operating system, we can avoid a lot of problems through effective security settings. The following settings will protect your computer from being disturbed.

Because the root user has full authority to operate the CentOS operating system, in order to avoid some erroneous operations, it is recommended that in general, log in to the CentOS operating system as an ordinary user, and when necessary, log in to the root user through the "su -" command when you need the right to operate on the root.

In general, the average user can log in as a root user to configure the CentOS operating system at the administrator level by executing the "su -" command and entering the correct root password. However, in order to further strengthen the security of the CentOS operating system, it is necessary to establish a group of administrators, which only allows users of this group to log in as root users by executing the "su -" command, while users of other groups cannot log in as root users even if they execute "su -" and enter the correct root password. Under UNIX, the name of this group is usually "wheel".

First, let's create two ordinary user tom john

[root@www ~] # useradd tom

[root@www ~] # passwd tom

Enter your password

[root@www ~] # useradd john

[root@www ~] # passwd john

Enter your password

[root@www ~] # usermod-g wheel tom adds tom users to the wheel group

[root@www ~] # vi / etc/pam.d/su ← Open this configuration file and find this sentence and comment out the # preceding it on line 6

# auth required pam_wheel.so use_uid

[root@www ~] # echo "SU_WHEEL_ONLY yes" > > / etc/login.defs

Then you can log in with tom and john respectively. Users who have not joined the wheel group can execute the "su -" command. Even if they enter the correct root password, they will not be able to log in as root users.

When there is an error in the CentOS operating system or when an important notification is sent to root, let the system automatically forward it to the mailbox we usually use, so that it is easy to consult the relevant reports and logs.

[root@www ~] # vi / etc/aliases

Under these two sentences, mailer-daemon: postmaster

Postmaster:root

Add this sentence to root:zy66289214@126.com and write your own email here.

[root@www ~] # newaliases rebuild aliasesdb

[root@www ~] # echo test | mail root sends test software to root

[8] define the unofficial library of yum

In the process of building the server, some of the tools we will use do not exist in the official library of yum in the CentOS operating system, so we need to define the unofficial library files of yum so that some necessary tools can be installed through yum.

[root@sample ~] # vi / etc/yum.repos.d/dag.repo ← establishes dag.repo and defines unofficial database

[dag]

Name=Dag RPM Repository for Red Hat Enterprise Linux

Baseurl= http://apt.sw.be/redhat/el$releasever/en/$basearch/dag

Gpgcheck=1

Enabled=1

[root@sample ~] # rpm-- import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt ← imports GPG of unofficial library

[9] CentOS operating system stops printing service

If you are not going to provide a printing service, stop the printing service that is set to start automatically by default.

[root@sample ~] # / etc/rc.d/init.d/cups stop ← stops printing service

Stopping cups: [OK] ← stopped service successfully with "OK" appearing

[root@sample ~] # chkconfig cups off ← prohibits printing service from starting automatically

[root@sample ~] # chkconfig-- list cups ← confirms the self-starting setting status of the printing service

Cups 0:off 1:off 2:off 3:off 4:off 5:off 6:off ← 0-6 is OK if the status is off (the current printing service self-startup is prohibited)

[10] stop ipv6

Ipv6 is enabled by default in the CentOS operating system. Because we don't use ipv6, stop ipv6 and keep it safe and fast at * limits.

First of all, reconfirm that the ipv6 function is enabled.

[root@www ~] # ifconfig-a ← lists all network interface information

Sit0 Link encap:IPv6-in-IPv4 ← confirms that ipv6 is started.

[root@www ~] # vi / etc/modprobe.conf ← modify the configuration file and add the following line to the end of the text:

Alias net-pf-10 off

Alias ipv6 off

[root@www ~] # shutdown-r now ← restart the system for the settings to take effect

Modify / etc/yum.repos.d/CentOS-Base.repo to change the mirror site address to the mirror site address in China. Otherwise, we will be very slow to install software through yum. Modify as follows

# CentOS-Base.repo # # This file uses a new mirrorlist system developed by Lance Davis for CentOS. # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. [base] name=CentOS-$releasever-Base baseurl= http://mirrors.shlug.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 protect=1 # released updates [updates] name=CentOS-$releasever-Updates baseurl= http://mirrors.shlug.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 protect=1 # packages used/produced in the build but not released [addons ] name=CentOS-$releasever-Addons baseurl= http://mirrors.shlug.org/centos/$releasever/addons/$basearch/ gpgcheck=1 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 protect=0 # additional packages that may be useful [extras] name=CentOS-$releasever-Extras baseurl= http://mirrors.shlug.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 protect=0 # additional packages that extend functionality of existing packages [centosplus ] name=CentOS-$releasever-Plus baseurl= http://mirrors.shlug.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 protect=1 # contrib-packages by Centos Users [contrib] name=CentOS-$releasever-Contrib baseurl= http://mirrors.shlug.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 protect=0 gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

Update CentOS operating system [root@www ~] # yum-y upgrade

This is the end of the answer to the question on how to set up the security of the CentOS operating system. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.