Today's Question:  What does your personal desk look like?        GIVE A SHOUT

Some measures for improving Linux server security

  Peter        2012-08-21 05:08:50       2,183        0    

The hackers often exploit server weakness to gain access control to some servers. With a scanner, aimlessly looking undefended host, backdoor, control, and sold to people in need.

Some basic security measures can be taken on Linux servers to avoid being attacked by hackers.

Disable root remote login

As the default administrative account, root is the account which is most likely to be attacked.Disabling ssh remote login is necessary.

Method:

Edit / etc / ssh / sshd_config

PermitRootLogin no

At the same time, create a personal account for administrator, and assign it to sudoers user group (default is% admin)

 $ sudo adduser example_user 
 $ sudo usermod –a -G admin example_user

Modifying the SSHD default port

The default port 22 of remote service SSHD is also the target of the port scan, Modifing it to other port (usually larger than 1024) can avoid most of the attacks.

Method:

Edit / etc / ssh / sshd_config

 Port 8822 #default 22

Use SCP instead of FTP 

FTP is convenient, but its security has been criticized.

When amanging background file, using encrypted SCP method can better solve this problem.

SCP uses the SSHD service, so there is no additional configuration on the server, you only need to change the account permissions.

In Windows, you can use winscp to connect to the server.

Official Website: http://winscp.net

Install denyhosts

Denyhost can help you automatically analyze security log to prohibit direct brute force attacks.

Debian users can use apt to install

 $ sudo apt-get install denyhosts

Official Website: http://denyhosts.sourceforge.net/

Careful control of the directory and file permissions

For example, if the monitoring program munin need access to web logs, please do not modify the permission settings of the log file, instead, please addl munin to www-data user group

 $ sudo usermod -a -G www-data munin

Use a dedicated account for the system program

Try to use a dedicated account for each system program,  avoid using root account

For mysql, munin,  using a command such as sudo -u example_user.

Download putty from the official website

Putty is a very popular windows platform remote tool, It's very important to download it from the official website, and you had better do integrity check.

Official Website: http://www.chiark.greenend.org.uk/ ~~ sgtatham / putty /

Postscript

I hope these help to improve the security of your site

Reference : http://2byte.us/2012/tips-on-linux-server-security/

LINUX SERVER  SERVER SECURITY 

Share on Facebook  Share on Twitter  Share on Weibo  Share on Reddit 

  RELATED

  0 COMMENT

No comment for this article.