Linux has many advantages in terms of functionality, price or performance. However, as an open operating system, it inevitably has some security risks. Regarding how to solve these hidden dangers and provide a safe operating platform for applications, this article will tell you some of the most basic, most commonly used and most effective tricks.
Linux is a Unix-like operating system. In theory, Unix itself has no major security flaws in its design. Over the years, most of the security issues found on Unix operating systems have mainly existed in individual programs, so most Unix manufacturers claim to be able to solve these problems and provide a secure Unix operating system. But Linux is a little different because it does not belong to a certain manufacturer, and no manufacturer claims to provide security guarantees for it, so users can only solve security problems themselves.
Linux is an open system that can find many ready-made programs and tools on the network, which is convenient for users and hackers, because they can also easily find programs and tools to sneak into Linux systems or steal important information on Linux systems. However, as long as we carefully set various system functions of Linux and add necessary security measures, hackers can take advantage of it.
Generally speaking, security settings for Linux systems include canceling unnecessary services, restricting remote access, hiding important information, patching security vulnerabilities, using security tools, and frequent security checks. This article teaches you ten ways to improve the security of Linux system. Although the tricks are not big, they work, so you might as well give it a try.
Step 1: Cancel unnecessary services
In the early Unix versions, each different network service had a service program running in the background, and later versions used a unified /etc/inetd server program to take on this important task. Inetd is the abbreviation of Internetdaemon. It monitors multiple network ports at the same time. Once the connection information is received from the outside world, it will perform the corresponding TCP or UDP network services.
Because it is under unified command of inetd, most TCP or UDP services in Linux are set in /etc/ file. Therefore, the first step to cancel unnecessary services is to check /etc/ file and add a "#" number before unnecessary services.
Generally speaking, except http, smtp, telnet and ftp, other services should be cancelled, such as the simple file transfer protocol tftp, the imap/ipop transmission protocol used for network mail storage and reception, the gopher for finding and searching for information, and the daytime and time for time synchronization, etc.
There are also some services that report system status, such as finger, efinger, systat and netstat. Although it is very useful for system error checking and finding users, it also provides convenience for hackers. For example, hackers can use the finger service to find users' phone calls, directory usage, and other important information. Therefore, many Linux systems cancel all or partially cancel these services to enhance the security of the system.
In addition to using /etc/ to set system service items, Inetd also uses /etc/services archive to find the ports used by various services. Therefore, users must carefully check the settings of each port in the file to avoid security vulnerabilities.
There are two different service types in Linux: one is a service that is only executed when necessary, such as a finger service; the other is a service that is always executed without stopping. This type of service starts to be executed when the system is activated, so it cannot be stopped by modifying inetd, but can only be modified from modifying /etc//rc[n].d/ file or using Runleveleditor. NFS servers that provide archive services and news that provide NNTP news services are both of these services. If it is not necessary, it is best to cancel these services.
Step 2: Restrict the system's entry and exit
Before entering the Linux system, all users need to log in, that is, users need to enter the user account and password. Only after they pass the system verification can users enter the system.
Like other Unix operating systems, Linux generally encrypts the password and stores it in /etc/passwd file. All users on Linux systems can read the /etc/passwd file. Although the password saved in the file has been encrypted, it is still not very secure. Because ordinary users can use ready-made password cracking tools to guess passwords in an exhaustive way. A safer method is to set the shadow file /etc/shadow, allowing users with special permissions to read the file.
In Linux systems, if you want to use shadow files, all utilities must be recompiled to support shadow files. This method is more troublesome, and the simpler method is to use the plug-in verification module (PAM). Many Linux systems come with Linux tool program PAM, which is an authentication mechanism that can be used to dynamically change the authentication methods and requirements without requiring recompiling other utilities. This is because PAM uses a closure method, hiding all the logic related to authentication in the module, so it is the best helper for using shadow archives.
In addition, PAM has many security features: it can rewrite the traditional DES encryption method into other stronger encryption methods to ensure that the user's password will not be easily deciphered; it can set the upper limit of each user's computer resources; it can even set the user's on-board time and place.
Linux system administrators only need to spend a few hours installing and setting up PAMs to greatly improve the security of Linux systems and block many attacks from the system.
Tip 3: Maintain the latest system core
Since there are many Linux circulation channels and update programs and system patches often appear, in order to strengthen system security, the system kernel must be updated frequently.
Kernel is the core of the Linux operating system. It resides in memory and is used to load other parts of the operating system and implements the basic functions of the operating system. Because Kernel controls various functions of computers and networks, its security is crucial to the security of the entire system.
The early Kernel versions had many well-known security vulnerabilities, and they were not very stable. Only the 2. or above versions were relatively stable and secure, and the operation efficiency of the new version also improved greatly. When setting the functions of the Kernel, only select the necessary functions and never accept all functions, otherwise the Kernel will become large, occupying system resources and leaving hackers with an opportunity to take advantage of.
There are often the latest security patches on the Internet, and Linux system administrators should be well informed and frequent the security news group to check for new patches.
Tip 4: Check the login password
Setting a login password is a very important security measure. If the user's password is not set properly, it will be easily deciphered, especially for users with super user permissions. If there is no good password, it will cause great security vulnerabilities to the system.
In a multi-user system, if each user is forced to choose a password that is difficult to guess, the security of the system will be greatly improved. However, if the passwd program cannot force every user to use the appropriate password, to ensure the security of the password, you can only rely on the password cracking program.
In fact, a password cracker is a tool in the hacker toolbox. It encrypts all the commonly used passwords or words in the English dictionary that may be used as passwords into password words with the program, and then compares them with the /etc/passwd password file or /etc/shadow shadow file of the Linux system. If you find that there is a matching password, you can find the clear code.
There are many password cracking programs that can be found on the Internet, and the more famous program is crack. Users can execute the password cracking program first to find the password that is easily cracked by hackers. It is better to correct it first than hackers to crack it.
Tip 5: Set the security level of the user account
In addition to passwords, user accounts also have security levels. This is because each account can be given different permissions on Linux. Therefore, when creating a new user ID, the system administrator should give the account different permissions as needed and merge them into different user groups.
In tcpd on Linux systems, a list of people who are allowed to be on the computer and not allowed to be on the computer can be set. Among them, the list of people on board is allowed to be set in /etc/, and the list of people on board is not allowed to be set in /etc/. After the setup is completed, the inetd program needs to be reactivated before it takes effect. In addition, Linux will automatically record the results that are allowed or not allowed to enter into the /rar/log/secure file, and the system administrator can find suspicious entry records based on this.
Each account ID should be responsible. In an enterprise, if the employee responsible for an ID leaves, the administrator should immediately delete the account from the system. Many intrusions have been borrowed from accounts that have not been used for a long time.
Among user accounts, hackers prefer accounts with root permissions the most. This kind of super user has the right to modify or delete various system settings and can travel freely in the system. Therefore, it must be carefully considered before giving root permissions to any account.
The /etc/securetty file in Linux system contains a set of terminal names that can be logged in with a root account. For example, in RedHatLinux systems, the initial value of this file only allows the local virtual console (rtys) to log in with root privileges, and does not allow remote users to log in with root privileges. It is best not to modify the file. If you must log in remotely to root permissions, it is best to log in with a normal account first, and then use the su command to upgrade to a super user.
6: Eliminate Hacker Crime
In Unix systems, there is a series of r-headed utilities, which are weapons used by hackers to invade, which are very dangerous, so never open the root account to these utilities. Since these utilities are approved for entry using .rhosts files or files, be sure to make sure that the root account is not included in these files.
Since r-head instructions are a breeding ground for hackers, many security tools are designed for this security vulnerability. For example, the PAM tool can be used to deprive the functions of the r-header utility. It adds instructions that must be approved for login to the /etc//rlogin file, so that users of the entire system cannot use the .rhosts file in their home directory.
Step 7: Enhance the safety protection tools
SSH is the abbreviation of the secure socket layer, which is a set of program groups that can be safely used to replace utilities such as rlogin, rsh and rcp. SSH uses public key technology to encrypt communication information between two hosts on the network and uses its keys as a tool for authentication.
Since SSH encrypts information on the network, it can be used to securely log in to remote hosts and to safely transmit information between two hosts. In fact, SSH not only guarantees secure communication between Linux hosts, but Windows users can also securely connect to Linux servers through SSH.
8th trick: Limit the power of superusers
As we mentioned earlier, root is the focus of Linux protection. Since it has unlimited power, it is best not to easily authorize super users. However, the installation and maintenance of some programs must require the permissions of super users. In this case, other tools can be used to give such users the permissions of some super users. Sudo is such a tool.
The Sudo program allows ordinary users to log in again with the user's own password after configuration settings to obtain the permissions of the super user, but can only execute a few limited instructions. For example, after applying sudo, the administrator who manages tape backup can log in to the system on time every day and obtain super user permission to perform file backup work, but does not have the privilege to do other tasks that only super users can do.
Sudo not only restricts the user's permissions, but also records the instructions executed by using sudo every time, regardless of whether the execution of the instruction is successful or failed. In large enterprises, sometimes many people manage different parts of the Linux system at the same time. Each administrator has the ability to authorize some users with sudo to super user permissions. From sudo's logs, you can track who did what and which parts of the system have been changed.
It is worth noting that sudo cannot limit all user behavior, especially when some simple instructions do not set a limit, it may be abused by hackers. For example, the /etc/cat directive that is generally used to display file contents, if you have the permissions of the super user, hackers can use it to modify or delete some important files.
Tip 9: Track the Hacker's Trace
After you carefully set up various Linux-related configurations and install the necessary security protection tools, the security of the Linux operating system is indeed greatly improved, but it cannot guarantee that those skilled and brave network hackers will be prevented from invasion.
In normal times, network managers should be vigilant, pay attention to various suspicious situations at any time, and check various system log files on time, including general information logs, network connection logs, file transfer logs, and user login logs. When checking these logs, be careful whether there are unreasonable time records. For example:
• Normal users log in at midnight;
•Unormal logging, such as the logging is cut off after only half of the log is recorded, or the entire log file is deleted;
•Users enter the system from unfamiliar URLs;
•Log records that are abandoned due to password errors or user account errors, especially those trial and error methods that fail repeatedly and continuously but have a certain mode;
•Instructions for illegally using or improperly using super user permissions su;
•Records of rebooting or reactivate various services.
10th move: Joint defense and ensure safety
From the perspective of computer security, there is no computer system in the world that is absolutely airtight and 100% safe, and Linux system is no exception. Although the above security rules can greatly improve the security of the Linux system and prevent hackers and computer players from easily entering, they may not necessarily stop those martial arts masters with unique skills. Therefore, corporate users also need to use other security tools such as firewalls to jointly defend against hacker intrusions to ensure that the system is foolproof.