Fix the permissions under “/etc/rc.d/init.d” directory for script files
Fix the permissions of the script files that are responsible for starting and stopping all your normal processes that need to run at boot time.
[root@deep /]# chmod -R 700 /etc/rc.d/init.d/* (Далее…)
Disable the Control-Alt-Delete keyboard shutdown command
Commenting out the line (with a “#”) listed below in your 7etc/inittab” file will disable the possibility of using the Control-Alt-Delete command to shutdown your computer. This is pretty important if you don’t have the best physical security on the box. (Далее…)
Shell logging
To make it easy for you to repeat long commands, the bash shell stores up to 500 old commands in the “~/.bash_history” file (where”-/” is your home directory). Each user that has an account on the system will have this file “.bashjiistory” in their home directory. Reducing the number of old commands the “.bashjiistory” files can hold may protect users on the server who enter by mistake their password on the screen in plain text and have their password stored for a long time in the “.bash_history” file. (Далее…)
Resource limits
The limits.conf file located under the “/etc/security” directory can be used to control and limit resources for the users on your system. It is important to set resource limits on all your users so they can’t perform denial of service attacks (number of processes, amount of memory, etc). These limits will have to be set up for the user when he or she logs in. For example, limits for all users on your system might look like this. (Далее…)
Blocking anyone to su to root
The su (Substitute User) command allows you to become other existing users on the system. For example you can temporarily become “root” and execute commands as the super-user “root”. If you don’t want anyone to su to root or restrict “su” command to certain users then add the following two lines to the top of your “su” configuration file in the 7etc/pam.d/” directory. We highly recommend that you limit the person allowed to “su” to the root account. (Далее…)