Home Operation and Maintenance Linux Operation and Maintenance How to set up security in linux system

How to set up security in linux system

Mar 13, 2020 pm 03:08 PM
linux Safety

How to set up security in linux system

1. Download and install security software

2. Cancel Telnet login, use SSH and change the configuration of ssh server remote login

(1 ) The Telnet login protocol is unencrypted in plain text and is insecure, so the more secure SSH protocol is used.

(2) Change the configuration related to remote login of the ssh server.

修改默认文件路径
vim /etc/ssh/sshd_config

修改的参数
port       #端口
PermitEmptyPasswords      #是否允许密码为空的用户远程登录
PermitRootLogin           #是否允许root登录
UseDNS                    #指定sshd是否应该对远程主机名进行反向解析,以检查主机名是否与其IP地址真实对应。默认yes.建议改成no ,否则可能会导致SSH连接很慢。
GSSAPIAuthentication no   #解决linux之间使用SSH远程连接慢的问题
ListenAddress             #监听指定的IP地址

批量操作:
sed -ir '13 iPort 55666\nPermitRootLogin  no\nPermitEmptyPasswords  no\nUseDNS no\nGSSAPIAuthentication no'  /etc/ssh/sshd_config
Copy after login

Recommended tutorial: linux tutorial

3. User management related

(1) Delete unnecessary users and user groups.

(2) User password management

4. Check the system log

Your system log tells you what activities occurred on the system, including whether the attacker successfully entered or Try to access the system. Always be vigilant, this is your first line of defense, and regular monitoring of system logs is to guard this line of defense.

5. Turn off selinux

SELinux is a kernel mandatory access control security system. It is not recommended to turn it on if you don’t understand its principles.

6. Apply kernel patches

No system is bug-free and absolutely safe. Linux is also the same. Apply more kernel patches to enhance the security of the kernel.

7. Shut down unnecessary services for the system

Some systems are equipped with many unnecessary services. These unnecessary services sometimes start running. On the one hand, they occupy system resources, and on the other hand, they take up system resources. On the one hand, it can easily cause security risks and you can choose to turn it off.

8. Disable dangerous commands

rm -rf
Copy after login
dd if=/dev/random of=/dev/sda
Copy after login

The dd command will erase the contents under /dev/sda and then write random garbage data, causing data pollution.

Recommended related video tutorials: linux video tutorial

The above is the detailed content of How to set up security in linux system. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

deepseek web version entrance deepseek official website entrance deepseek web version entrance deepseek official website entrance Feb 19, 2025 pm 04:54 PM

DeepSeek is a powerful intelligent search and analysis tool that provides two access methods: web version and official website. The web version is convenient and efficient, and can be used without installation; the official website provides comprehensive product information, download resources and support services. Whether individuals or corporate users, they can easily obtain and analyze massive data through DeepSeek to improve work efficiency, assist decision-making and promote innovation.

How to install deepseek How to install deepseek Feb 19, 2025 pm 05:48 PM

There are many ways to install DeepSeek, including: compile from source (for experienced developers) using precompiled packages (for Windows users) using Docker containers (for most convenient, no need to worry about compatibility) No matter which method you choose, Please read the official documents carefully and prepare them fully to avoid unnecessary trouble.

BITGet official website installation (2025 beginner's guide) BITGet official website installation (2025 beginner's guide) Feb 21, 2025 pm 08:42 PM

BITGet is a cryptocurrency exchange that provides a variety of trading services including spot trading, contract trading and derivatives. Founded in 2018, the exchange is headquartered in Singapore and is committed to providing users with a safe and reliable trading platform. BITGet offers a variety of trading pairs, including BTC/USDT, ETH/USDT and XRP/USDT. Additionally, the exchange has a reputation for security and liquidity and offers a variety of features such as premium order types, leveraged trading and 24/7 customer support.

Ouyi okx installation package is directly included Ouyi okx installation package is directly included Feb 21, 2025 pm 08:00 PM

Ouyi OKX, the world's leading digital asset exchange, has now launched an official installation package to provide a safe and convenient trading experience. The OKX installation package of Ouyi does not need to be accessed through a browser. It can directly install independent applications on the device, creating a stable and efficient trading platform for users. The installation process is simple and easy to understand. Users only need to download the latest version of the installation package and follow the prompts to complete the installation step by step.

Get the gate.io installation package for free Get the gate.io installation package for free Feb 21, 2025 pm 08:21 PM

Gate.io is a popular cryptocurrency exchange that users can use by downloading its installation package and installing it on their devices. The steps to obtain the installation package are as follows: Visit the official website of Gate.io, click "Download", select the corresponding operating system (Windows, Mac or Linux), and download the installation package to your computer. It is recommended to temporarily disable antivirus software or firewall during installation to ensure smooth installation. After completion, the user needs to create a Gate.io account to start using it.

Ouyi Exchange Download Official Portal Ouyi Exchange Download Official Portal Feb 21, 2025 pm 07:51 PM

Ouyi, also known as OKX, is a world-leading cryptocurrency trading platform. The article provides a download portal for Ouyi's official installation package, which facilitates users to install Ouyi client on different devices. This installation package supports Windows, Mac, Android and iOS systems. Users can choose the corresponding version to download according to their device type. After the installation is completed, users can register or log in to the Ouyi account, start trading cryptocurrencies and enjoy other services provided by the platform.

gate.io official website registration installation package link gate.io official website registration installation package link Feb 21, 2025 pm 08:15 PM

Gate.io is a highly acclaimed cryptocurrency trading platform known for its extensive token selection, low transaction fees and a user-friendly interface. With its advanced security features and excellent customer service, Gate.io provides traders with a reliable and convenient cryptocurrency trading environment. If you want to join Gate.io, please click the link provided to download the official registration installation package to start your cryptocurrency trading journey.

What is Binance C2C? What are the risks? Is it safe? Binance C2C Coins Buying and Selling Coins Tutorial What is Binance C2C? What are the risks? Is it safe? Binance C2C Coins Buying and Selling Coins Tutorial Mar 05, 2025 pm 04:48 PM

Binance C2C Trading Guide: Safe and convenient way to deposit and withdraw money in cryptocurrency. This article will explain the Binance C2C (CustomertoCustomer) trading model in detail, explain its security, characteristics and operation procedures, and provide graphic tutorials to help you easily master the Binance C2C deposit and withdraw money in ease. What is Binance C2C? Binance C2C is a user-to-user cryptocurrency trading service provided by the Binance platform, providing users with convenient cryptocurrency and fiat currency exchange channels. Launched in 2019, the service supports multiple cryptocurrencies and fiat currency transactions through a peer-to-peer trading model, and provides enhanced security and multiple features. Compared with traditional OTC trading, Binance C2C platform authenticates both parties to the transaction and provides complete support.

See all articles