Resource limits
The limits.conf file located under the “/etc/security” directory can be used to control and limit resources for the users on your system. It is important to set resource limits on all your users so they can’t perform denial of service attacks (number of processes, amount of memory, etc). These limits will have to be set up for the user when he or she logs in. For example, limits for all users on your system might look like this. (Далее…)
Blocking anyone to su to root
The su (Substitute User) command allows you to become other existing users on the system. For example you can temporarily become “root” and execute commands as the super-user “root”. If you don’t want anyone to su to root or restrict “su” command to certain users then add the following two lines to the top of your “su” configuration file in the 7etc/pam.d/” directory. We highly recommend that you limit the person allowed to “su” to the root account. (Далее…)
Special accounts
It is important to DISABLE ALL default vendor accounts that you don’t use on your system (some accounts exist by default even if you have not installed the related services on your server). This should be checked after each upgrade or new software installation. Linux provides these accounts for various system activities, which you may not need if the services are not installed on your server. If you do not need the accounts, remove them. The more accounts you have, the easier it is to access your system. (Далее…)
The “/etc/host.conf” file
Linux uses a resolver library to obtain the IP address corresponding to a host name. The 7etc/host.conf” file specifies how names are resolved. The entries in the “etc/host.conf file tell the resolver library what services to use, and in what order, to resolve names.
Edit the host.conf file (vi /etc/host.conf) and add the following lines: (Далее…)
General System Security
Linux General Security
Overview
A secure Linux server depends on how the administrator makes it. Once we have eliminated the potential securities risk by removing unneeded RPM services, we can start to secure our existing services and software on our server. In this chapter we will discuss some of the more general, basic techniques used to secure your system. The following is a list of features that can be used to help prevent attacks from external and internal sources. (Далее…)