Improve Linux server security using command line tools

Use command line tools to improve the security of Linux servers

Abstract: With the development of the Internet, Linux server security issues have received more and more attention. This article will introduce some commonly used command line tools to help administrators improve the security of Linux servers. At the same time, we will also provide code examples for each tool so that readers can better understand and apply them in actual situations.

Introduction:
With the popularity of the Internet and the development of technology, Linux servers have become the system of choice for many enterprises and individuals. However, at the same time, server security issues have become increasingly prominent. Hacking attacks, vulnerability exploits, and data leaks all pose significant threats to servers. In order to protect servers and data, administrators need to take some measures to improve the security of Linux servers.

1. Properly set password policy
A secure password policy is crucial to server security. We can use command line tools to set password policies, including password length, complexity requirements, and expiration dates.

1.1 Set the password length:
Using the command line tool passwd, we can modify PASS_MIN_LEN## in the /etc/login.defs file #Field to set the minimum password length. Here is a sample script:

#!/bin/bash
sed -i 's/^PASS_MIN_LEN.*$/PASS_MIN_LEN 8/' /etc/login.defs

1.2 Set password complexity:

Using the command line tool
pam_pwquality, we can modify /etc/security/pwquality.confParameters in the file to set password complexity requirements. The following is a sample script:

#!/bin/bash
sed -i 's/^minlen.*$/minlen=8/' /etc/security/pwquality.conf
sed -i 's/^dcredit.*$/dcredit=-1/' /etc/security/pwquality.conf
sed -i 's/^ucredit.*$/ucredit=-1/' /etc/security/pwquality.conf
sed -i 's/^ocredit.*$/ocredit=-1/' /etc/security/pwquality.conf
sed -i 's/^lcredit.*$/lcredit=-1/' /etc/security/pwquality.conf

1.3 Set password validity period:

Using the command line tool
chage, we can view and modify the user's password validity period. The following is a sample script:

#!/bin/bash
# 查看用户的密码有效期
chage -l username
# 修改用户的密码有效期为30天
chage -M 30 username

2. Restrict users’ remote login

In order to reduce the risk of server intrusion, we can restrict users’ remote login permissions. Specifically, we can use the command line tool
sshd to configure the /etc/ssh/sshd_config file to restrict users' SSH login.

2.1 Disable root remote login:

By modifying the
/etc/ssh/sshd_config file, change the value of the PermitRootLogin field to no. The following is a sample script:

#!/bin/bash
sed -i 's/^PermitRootLogin.*$/PermitRootLogin no/' /etc/ssh/sshd_config

2.2 Limit the IP range for SSH login:

By modifying the
/etc/ssh/sshd_config file, use the AllowUsers field limit IP range that allows SSH login. The following is a sample script:

#!/bin/bash
echo "AllowUsers 192.168.1.0/24" >> /etc/ssh/sshd_config

3. Use firewall to protect the server

Firewall is an important part of protecting server security. We can use the command line tool
iptables to configure firewall rules.

3.1 Close unnecessary ports:

Use the
iptables command to close unnecessary ports on the server to provide better protection for the server. The following is a sample script:

#!/bin/bash
# 关闭80端口
iptables -A INPUT -p tcp --dport 80 -j DROP

3.2 Set ALLOW/DENY rules:

Use the
iptables command to set ALLOW/DENY rules to allow or deny access to specific IPs or IP ranges. The following is a sample script:

#!/bin/bash
# 允许192.168.1.100访问80端口
iptables -A INPUT -s 192.168.1.100 -p tcp --dport 80 -j ACCEPT
# 拒绝192.168.1.200访问22端口
iptables -A INPUT -s 192.168.1.200 -p tcp --dport 22 -j DROP

Conclusion:

This article introduces several commonly used command line tools to help administrators improve the security of Linux servers. By setting password policies, restricting users from logging in remotely, and using firewalls, we can effectively protect servers from the risk of attacks and data leaks. I hope readers can master these tools and apply them in practice to improve server security.

References:

None

The above is the detailed content of Improve Linux server security using command line tools. For more information, please follow other related articles on the PHP Chinese website!