Securing and Optimizing Linux:RedHat Edition | All about OS

Shell logging

Категория: Securing and Optimizing

To make it easy for you to repeat long commands, the bash shell stores up to 500 old commands in the “~/.bash_history” file (where”-/” is your home directory). Each user that has an account on the system will have this file “.bashjiistory” in their home directory. Reducing the number of old commands the “.bashjiistory” files can hold may protect users on the server who enter by mistake their password on the screen in plain text and have their password stored for a long time in the “.bash_history” file.
Stepi
The HISTFILESIZE and HISTSIZE lines in the “/etc/profile” file determine the size of old commands the “.bashjiistory” file for all users on your system can hold. For all accounts I would highly recommend setting the HISTFILESIZE and HISTSIZE in “/etc/profile” file to a low value such as 20.
Edit the profile file (vi /etc/profile) and change the lines to:
HISTFILESIZE=20 HISTSIZE=20
Which mean, the “.bashjiistory” file in each users home directory can store 20 old commands and no more. Now, if a cracker tries to see the “-/.bashjiistory” file of users on your server to find some password typed by mistake in plain text, he or she has less chance to find one.
Step 2
The administrator should also add into the 7etc/skel/.bashjogout” file the “rm -f $HOME/.bashJiistory” line, so that each time a user logs out, its “.bashjiistory” file will be deleted so crackers will not be able to use “.bashjiistory” file of users who are not presently logged into the system.
Edit the .bash Jogout file (vi /etc/skel/.bashjogout) and add the following line: rm -f $HOME/.bash_history
NOTE: The above hack will only work for future users you’ll add in the server. If you already have existing users in the 7etc/passwd” file, you must edit and add the above line into their “.bashjogout” files manually.
The “/etc/lilo.conf’ file
LILO is the most commonly used boot loader for Linux. It manages the boot process and can boot Linux kernel images from floppy disks, hard disks or can even act as a “boot manager” for other operating systems. LILO is very important in the Linux system and for this reason, we must protect it the best we can. The most important configuration file of LILO is the “lilo.conf” file, and it resides under the “/etc” directory. It is with this file that we can configure and improve the security of our LILO program and Linux system. Following are three important options that will improve the security of our valuable LILO program.

Страниц: 1 2

« Resource limits
Disable the Control-Alt-Delete keyboard shutdown command »