[Tips] Securing your Linux System
As a system administrator, the periodic system, a comprehensive security check is very important. On this post, I am going to share some tips for securing your Linux system.
Whether it is the kind of system, the default installation is unsafe, actually whether you use Windows, the Linux, BSD, or another kind of system, the default installation has a lot of vulnerabilities, how it can become a secure system, This is what our system administrators need to do. Viewing and checking the configuration.
Any system, as long as careful configuration, blocking known vulnerabilities, we can say the system is safe, it is not a lot of friends said, to install the system, the configuration of the firewall, install antivirus software, then security, in fact, If the system does not make any security settings, it is equal to hacking open a door made of paper, complete control over dozens of minutes!
As a Linux system, there are also many loopholes and attacker may use these loopholes to control your entire system, to prevent these problems, we need to do the following steps:
- upgrade the system to upgrade the latest version of all software packages;
- set a more robust firewall;
- regularly check the key log files, configure the antivirus software
- more concerned about the release of safety information warning site, to master some of the latest virus and hacker program features, which are conducive to the normal operation of the system.
In addition to the four listed above is the administrator of the compulsory course, the maintenance of some of the details of the Linux system is also very important. Including:
- configure the log rotation tool, regularly download the backup log, is a very good habit, it will not only reduce the consumption of disk space, improve system efficiency, more timely detection of problems, Linux some very good system log analyzer, can be extracted directly log special items, eliminating the need to read trouble log
- the use of the command lsof -i, netstat -a, ps -e and other commands, regularly check the system service port listening, etc. can also create a regular script execution, these commands are sent to the mailbox after the regular implementation
- regularly check the root user’s history list, last list, vipw user list is normal
- regular backup files, with tar command, will be a good backup, of course, need to download these backups and transfer media
