1. Disk partition 1. If it is a newly installed system, security should be considered for disk partitions: 1) The root directory (/), user directory (/home), temporary directory (/tmp) and /var directories should be separated into different disk partitions;
2) The disk space size of the partition where the above directories are located should be fully considered to avoid system crashes due to some reasons due to the use of partition space; 2. For the partitions where the /tmp and /var directories are located, in most cases, programs with suid attributes are not required, so nosuid attributes should be added to these partitions; Method 1: Modify the /etc/fstab file and add the nosuid attribute word. For example: /dev/hda2 /tmp ext2 exec,dev,nosuid,rw 0 0
^^^^^^
Method 2: If you are not familiar with the operation of /etc/fstab file, it is recommended to modify it through the linuxconf program. *Run linuxconf program;
*Select "Access local drive" under "File systems";
*Select the disk partition where the attributes need to be modified;
*Select the "No setuid programs allowed" option;
*Select other options as needed;
*Exit normally. (It is generally prompted to remount the partition) 2. Installation 1. For non-test hosts, too many software packages should not be installed. This reduces the possibility of security vulnerabilities due to software packages.
2. For non-test hosts, non-essential services should not be selected when selecting host to start services. For example, routed, ypbind, etc. 3. Security configuration and enhancement Kernel upgrade. At least upgrade to version 2.2.16 or above. GNU libc shared library upgrade. (Warning: If you have no experience, you cannot try it easily. You can postpone it.)
Turn off dangerous network services. echo, charger, shell, login, finger, NFS, RPC, etc.
Turn off non-essential network services. Talk, ntalk, pop-2, etc.
Common network service security configuration and upgrade
Ensure that the version used by the network service is the latest and most secure version currently.
Cancel anonymous FTP access
Remove non-essential suid programs
Using tcpwrapper
Using ipchains firewall
Log system syslogd