Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to strengthen the security of the Suse Linux operating system". In the daily operation, I believe many people have doubts about how to strengthen the security of the Suse Linux operating system. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to strengthen the security of the Suse Linux operating system". Next, please follow the editor to study!

This article introduces you to Suse Linux, many people may not understand Suse Linux, it does not matter, you must have a lot of gains after reading this article. The following is a detailed explanation of the problems encountered. After the installation of the Suse Linux operating system is completed, security scanning is needed to shut down the unused ports and strengthen the security of the operating system. Here are the steps:

The system starts the service by default:

Shelly:/etc/init.d # nmap-P0 127.0.0.1

Starting Nmap 4.00 ([url] http://www.insecure.org/nmap/[/url]) at 2007-06-25 15:34 CST

Interesting ports on localhost (127.0.0.1):

(The 1666 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

427/tcp open svrloc

631/tcp open ipp

Nmap finished: 1 IP address (1 host up) scanned in 0.244 seconds

Shelly:/etc/init.d #

Second, the method of temporarily shutting down the service:

1. View the relationship between service and port:

For example, check the associated process of ipp service: # lsof | grep ipp

2. Confirm the relationship between service and port:

Serial Port Service path / etc/init.d status

1) 22ssh sshd retention

2) 25smtppostfix is off

3) 111rpcportmap is off

4) 427svrlocslpd is off

5) 631ippcupsd is off

3. Manual shutdown method:

Stop smtp:/etc/init.d/postfix stop

Stop rpc:/etc/init.d/portmap stop

Stop svrloc:/etc/init.d/slpd stop

Stop ipp:/etc/init.d/cupsd stop

3. Permanent shutdown method:

After the manual shutdown, each time the system starts, the service will start itself, which needs to be permanently disabled from the startup configuration file:

Use the chkconfig-l command to view the auto-loading services of the current system: (intercept only some of the relevant services)

Shelly:/etc/init.d # chkconfig-l | grep on

Cron 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Cups 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Nfs 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Nfsboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Novell-zmd0:off 1:off 2:off 3:on 4:on 5:on 6:off

Nscd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Portmap 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Postfix 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Powersaved0:off 1:off 2:on 3:on 4:off 5:on 6:off

Random 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Resmgr 0:off 1:off 2:on 3:on 4:off 5:on 6:off

Slpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Shelly:/etc/init.d #

Turn off method:

Shelly:/etc/init.d # chkconfig-s cups off

Shelly:/etc/init.d # chkconfig-s nfs off

Shelly:/etc/init.d # chkconfig-s nfsboot off

Shelly:/etc/init.d # chkconfig-s portmap off

Shelly:/etc/init.d # shelly:/etc/init.d # chkconfig-s postfix off

Shelly:/etc/init.d # chkconfig-s slpd off

Note: permanently shutting down portmap is associated with nfs. You must first shut down the nfs and nfsboot processes, otherwise there will be an error as follows.

Shelly:/etc/init.d # chkconfig-s portmap off

Insserv: Service portmap has to be enabled for service nfs

Insserv: Service portmap has to be enabled for service nfsboot

Insserv: exiting now!

/ sbin/insserv failed, exit code 1

Stop order is supported:

Shelly:/etc/init.d # chkconfig-s nfs off

Shelly:/etc/init.d # chkconfig-s nfsboot off

Shelly:/etc/init.d # chkconfig-s portmap off

Shelly:/etc/init.d #

4. Scanning system:

Restart the system and scan the system port

Shelly:/etc/init.d # nmap-P0 127.0.0.1

Starting Nmap 4.00 ([url] http://www.insecure.org/nmap/[/url]) at 2007-06-25 16:16 CST

Interesting ports on localhost (127.0.0.1):

(The 1670 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

Nmap finished: 1 IP address (1 host up) scanned in 0.213 seconds

Shelly:/etc/init.d #

At this point, the study on "how to strengthen the security of the Suse Linux operating system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.