Shulou(Shulou.com)06/02 Report--

This article mainly introduces what is the Linux server security tips, has a certain reference value, friends in need can refer to. I hope you will learn a lot after reading this article. Next, let the editor take you to learn about it.

1. Strong password policy

Setting a strong password is the first step in securing the server. Do not use a common name as your password, such as name, date of birth, mobile phone number, etc. The password should be alphanumeric with uppercase and lowercase letters.

You can use the password aging policy on the Linux machine to force users to change their passwords there on a regular basis.

Example:

Get password aging information

# chage-l username

Change password aging information

# chage-m 7-M 60-W 15 username-m: Minimum number of days between password change-M: Maximum number of days between password change-W: Number of days of warning before password expires

Disable password aging (not recommended on production servers)

# chage-M 99999 username

2. Disable root login

The root account has unlimited privileges, so keep the root account disabled on the server. Also make sure that no other user uses the following command, uid or gid 0, and that only the root user line should list both commands.

# awk-F:'($3 = = "0") {print}'/ etc/passwd# awk-F:'($4 = = "0") {print}'/ etc/passwd

To execute root-level commands, you can configure sudo permissions on the server.

3. Keep the system up to date

Always use the latest software patches or updates to keep the system up to date. You can use the Linux utility (yum,apt-get, etc.) to update the latest system. Ensure that the system is updated regularly.

For example:

# yum updateor# apt-get update & & apt-get upgrade

You can also use the yum-updatesd service to enable email notification when any new updates are found.

4. Remote access using security protocols

A security protocol is used to access data from a remote or transport server. All security protocols are encrypted data transmission.

Do not use:

> rcp

> telnet

> ftp

Use

> ssh

> scp

> sftp (FTP over SSL)

5. Disable unwanted services

There are many services running in the background in the system. Identify and disable all unwanted services.

Find all services that will be started when the system starts

# chkconfig-- list | grep': on'

Stop all services not needed on the server.

# service service-name stop

Disable the service to start at system boot

# chkconfig service-name off Thank you for reading this article carefully. I hope the editor will share what the Linux server security tips are helpful to you. At the same time, I also hope you can support us, pay attention to the industry information channel, and find out if you have any problems. Detailed solutions are waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.