乐闻世界logo
搜索文章和话题

What are the Linux system security hardening measures, including user management, SSH configuration, and firewall settings?

2月17日 23:36

Linux system security is important knowledge that operations and development personnel must master, involving user management, permission control, firewall configuration, and other aspects.

User and group management:

  • useradd: create user, e.g., useradd -m -s /bin/bash username (create user and set home directory and shell)
  • userdel: delete user, e.g., userdel -r username (delete user and home directory)
  • usermod: modify user attributes, e.g., usermod -aG group username (add user to group)
  • passwd: change user password, e.g., passwd username
  • groupadd: create group, e.g., groupadd groupname
  • groupdel: delete group, e.g., groupdel groupname
  • gpasswd: manage group, e.g., gpasswd -a username groupname (add user to group)
  • id: view user ID and group information
  • whoami: view current user
  • w: view currently logged-in users

SSH security configuration:

  • Configuration file: /etc/ssh/sshd_config
  • Disable root login: PermitRootLogin no
  • Disable password login: PasswordAuthentication no (use key authentication)
  • Change default port: Port 2222
  • Restrict login users: AllowUsers user1 user2
  • Key authentication: ssh-keygen generates key pair, copy public key to server's ~/.ssh/authorized_keys
  • Use ssh-copy-id: ssh-copy-id user@host

Firewall configuration:

  • iptables: traditional firewall tool
    • View rules: iptables -L -n
    • Add rule: iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    • Delete rule: iptables -D INPUT 1
    • Save rules: iptables-save > /etc/iptables/rules.v4
  • firewalld: dynamic firewall management
    • View rules: firewall-cmd --list-all
    • Open port: firewall-cmd --add-port=80/tcp --permanent
    • Reload configuration: firewall-cmd --reload
  • ufw: simplified firewall configuration (Ubuntu)
    • Enable firewall: ufw enable
    • Open port: ufw allow 22
    • View status: ufw status

File permissions and SELinux:

  • chmod: modify file permissions
  • chown: modify file owner
  • chgrp: modify file group
  • SELinux: Security-Enhanced Linux
    • View status: getenforce
    • Temporarily disable: setenforce 0
    • Permanently disable: modify /etc/selinux/config
    • View context: ls -Z

System hardening:

  • Disable unnecessary services: systemctl disable service
  • Update system: apt update && apt upgrade (Debian/Ubuntu) or yum update (CentOS/RHEL)
  • Configure automatic updates: unattended-upgrades (Debian/Ubuntu)
  • Install security tools: fail2ban (prevent brute force attacks), rkhunter (detect rootkits)
  • Configure log auditing: auditd
  • Restrict sudo permissions: edit /etc/sudoers, use visudo command

Security auditing:

  • View login logs: last, lastlog
  • View authentication logs: /var/log/auth.log (Debian/Ubuntu) or /var/log/secure (CentOS/RHEL)
  • View system logs: /var/log/messages, journalctl
  • View processes: ps aux, top
  • View network connections: ss -tulnp, netstat -tulnp
  • View open ports: nmap localhost

Incident response:

  • Check abnormal processes: ps aux | grep -v grep | grep -E "bash|sh|python|perl"
  • Check abnormal network connections: ss -tulnp | grep ESTABLISHED
  • Check abnormal files: find / -perm -4000 -o -perm -2000 (find SUID/SGID files)
  • Check user logins: last, lastlog
  • Isolate infected system: disconnect network
  • Backup important data: backup critical data before cleanup
标签:Linux
热门标签
更多
Git(114)C语言(23)C++(15)前端(148)React(32)JavaScript(56)Linux(20)Rust(10)Docker(65)Cypress(4)TypeScript(23)Tailwind CSS(29)Vue(13)CSS(19)网络(12)MySQL(7)TypeORM(31)Next.js(30)