Shell logging
To make it easy for you to repeat long commands, the bash shell stores up to 500 old commands in the “~/.bash_history” file (where”-/” is your home directory). Each user that has an account on the system will have this file “.bashjiistory” in their home directory. Reducing the number of old commands the “.bashjiistory” files can hold may protect users on the server who enter by mistake their password on the screen in plain text and have their password stored for a long time in the “.bash_history” file. (Далее…)
Resource limits
The limits.conf file located under the “/etc/security” directory can be used to control and limit resources for the users on your system. It is important to set resource limits on all your users so they can’t perform denial of service attacks (number of processes, amount of memory, etc). These limits will have to be set up for the user when he or she logs in. For example, limits for all users on your system might look like this. (Далее…)
Blocking anyone to su to root
The su (Substitute User) command allows you to become other existing users on the system. For example you can temporarily become “root” and execute commands as the super-user “root”. If you don’t want anyone to su to root or restrict “su” command to certain users then add the following two lines to the top of your “su” configuration file in the 7etc/pam.d/” directory. We highly recommend that you limit the person allowed to “su” to the root account. (Далее…)
Special accounts
It is important to DISABLE ALL default vendor accounts that you don’t use on your system (some accounts exist by default even if you have not installed the related services on your server). This should be checked after each upgrade or new software installation. Linux provides these accounts for various system activities, which you may not need if the services are not installed on your server. If you do not need the accounts, remove them. The more accounts you have, the easier it is to access your system. (Далее…)
The “/etc/host.conf” file
Linux uses a resolver library to obtain the IP address corresponding to a host name. The 7etc/host.conf” file specifies how names are resolved. The entries in the “etc/host.conf file tell the resolver library what services to use, and in what order, to resolve names.
Edit the host.conf file (vi /etc/host.conf) and add the following lines: (Далее…)