Linux security protection ten tricks 1. Increase the boot password for LILO - "Add options to the /etc/lilo.conf file, so that the password is required to enhance the security of the system when LILO is started. The specific settings are as follows: ---- Boot = / dev / hda ---- map = / boot / map ---- install = / boot / boot.b ---- Time-out = 60 # Wait 1 minute - --- prompt ---- default = Linux ---- Password = ---- # Password Setting ---- Image = / boot / vmlinuz-2.2.14-12 ---- label = Linux ---- initrd = / boot / initrd-2.2.14-12.img ---- root = / dev / hda6 ---- Read-Only ---- At this point, it is necessary to pay attention to the password in LILO. Store in a clear code, so you need to set the file attribute of ---- lilo.conf to only root can read and write. ---- # chmod 600 /etc/lilo.conf ---- Of course, you need to set the following settings, so that the changes in lilo.conf take effect. - # / sbin / lilo -v 2. Set the minimum length of the password and --- the shortest use time ---- password is the primary means of authenticating users in the system, the default password when the system is installed, the minimum length is usually 5, but to ensure that the password is not easy to be guessing attack, you can increase your password. The minimum length, at least equal to 8. To do this, modify the parameter pass_min_len in the file /etc/login.defs. At the same time, the password usage time should be restricted to ensure a regular replacement password, and it is recommended to modify the parameter pass_min_days. 3. User timeout logout ---- If the user forgets the logout account, it may bring hidden dangers to system security. You can modify the / etc / profile file to ensure that the account is not available for a period of time without operation. ---- Edit file / etc / profile, the next line in "histfilesize =" is as follows: ---- Tmout = 600 ---- If all users will be automatically logged out after 10 minutes. 4. Access to important documents ---- For some key files in the system, such as inetd.conf, services, and lilo.conf, etc., to prevent accidental modifications and view them by ordinary users. ---- First change the file attribute 600: ---- # chmod 600 /etc/inetd.conf ---- guarantee the owner of the file to be root, and then set it to not change: ---- # Chattr I /etc/inetd.conf - - thus, any change to the file will be disabled. ---- Only ROOT reset the reset flag can be modified: ---- # chattr -i /etc/inetd.conf 5. Allow and disabling remote access ---- In Linux, you can allow and prohibit access to local services from the 2 files through /tc/hosts.allow and /etc/hosts.deny in Linux. The usual approach is: ---- (1) Editing the Hosts.deny file, add the following line: ---- # deny access to everyone. ---- All: All @ all ---- While all services are all External hosts are prohibited unless allowed by the Hosts.allow file.
