How to do CentOS Stream 8 security settings

CentOS Stream 8 Security Reinforcement Guide: Key Steps to Improve System Security

This article outlines the key steps to enhance the security of CentOS Stream 8 systems, aiming to build a safer operating environment. These security measures cover account management, system services, network security, and system maintenance.

Account security and permission control

• Disable redundant superuser accounts:

  • Identify the account with root privileges: Use cat /etc/passwd | awk -F ':' '{print$1,$3}' | grep '0$' command.
  • Backup and lock/unlock the account: Back up the /etc/passwd file ( cp -p /etc/passwd /etc/passwd_bak ), and then use passwd -l to lock or passwd -u to unlock the account.
  • Delete unnecessary accounts: for example adm , lp , sync , etc., use userdel username and groupdel groupname commands to delete users and groups.

• Strengthen password policy:

  • Forced use of complex passwords: Passwords should contain uppercase letters, lowercase letters, numbers and special characters, with a length of at least 10 digits.
  • Modify the /etc/login.defs file and set the minimum password length: PASS_MIN_LEN 10 .
  • Check and process empty password account: Use awk -F ":" '(NF==1) {print $1}' /etc/shadow command to find the empty password account and modify it immediately.

• Protect password file:

  • Use chattr i command to set unmodified properties for /etc/passwd , /etc/shadow , /etc/group , and /etc/gshadow files to enhance security.

System service management

• Disable non-essential services:

  • Stop and disable unnecessary system services, such as acpid , autofs , bluetooth , cpuspeed , cups , ip6tables , etc.

• Restrict service startup permissions:

  • Set permissions for all files in the /etc/rc.d/init.d/ directory to ensure that only root users can manage these services.

Network security settings

• Network access control:

  • Edit /etc/exports files and configure the strictest NFS shared access permissions.
  • The /etc/securetty file restricts the root user to log in only at the specified terminal.

• Defense against IP spoofing and DoS attacks:

  • Configure /etc/hosts.allow and /etc/hosts.deny files to enhance control over network access to protect against IP spoofing attacks.
  • Set system resource limits, such as maximum number of processes and memory usage, to prevent DoS attacks.

System update and maintenance

• Regularly update the system:

  • Use the dnf update command to regularly update the system packages to ensure that the system is in the latest security state.
  • Enable automatic update function: Install dnf-automatic package and configure automatic download and installation of security updates.

Following the above steps can significantly improve the security of CentOS Stream 8 systems. To continuously maintain system security, it is recommended to regularly review and update security configurations to deal with evolving security threats.

The above is the detailed content of How to do CentOS Stream 8 security settings. For more information, please follow other related articles on the PHP Chinese website!