Ò׽ؽØÍ¼Èí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

20 Linux Server Hardening Security Tips

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.
#1: Encrypt Data Communication
All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates.
Use scp, ssh, rsync, or sftp for file transfer. You can also mount remote server file system or your own home directory using special sshfs and fuse tools.
GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories.
Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and is thus much less vulnerable to third-party interception. Another option is FileZilla - a cross-platform client that supports FTP, FTP over SSL/TLS (FTPS), and SSH File Transfer Protocol (SFTP).
OpenVPN is a cost-effective, lightweight SSL VPN.
Lighttpd SSL (Secure Server Layer) Https Configuration And Installation
Apache SSL (Secure Server Layer) Https (mod_ssl) Configuration And Installation
#1.1: Avoid Using FTP, Telnet, And Rlogin / Rsh
Under most network configurations, user names, passwords, FTP / telnet / rsh commands and transferred files can be captured by anyone on the same network using a packet sniffer. The common solution to this problem is to use either OpenSSH , SFTP, or FTPS (FTP over SSL), which adds SSL or TLS encryption to FTP. Type the following command to delete NIS, rsh and other outdated service:
# yum erase inetd xinetd ypserv tftp-server telnet-server rsh-serve
#2: Minimize Software to Minimize Vulnerabili


Ïà¹ØÎĵµ£º

Linux System ProgrammingÔĶÁ±Ê¼ÇÖ® read(....)

¹ØÓÚread(...)·µ»ØÖµµÄÕýÈ·Åжϣºp30
File I/O µÄ read(...)º¯ÊýÓ÷¨£º
ÓÐÎÊÌâµÄ´úÂ룬ֻÅжϷµ»ØÖµÎª-1µÄÇé¿ö¡£
unsigned long word;
ssize_t nr;
/* read a couple bytes into 'word' from 'fd' */
nr = read (fd, &word, sizeof (unsigned long));
if (nr == -1)
/* error */
Indeed, a call to read( ) ca ......

Linux²Ù×÷ϵͳÏÂRouteÃüÁîÏêϸʹÓÃ˵Ã÷

http://linux.vbird.org/linux_server/0140networkcommand.php
ʹÓ÷ÓÉ·½Ê½£¬Ê¹ÓÃrouteÃüÁî¡£
-- RouteÃüÁîµÄÕýÈ·Ó÷¨
ʹÓà Route ÃüÁîÐй¤¾ß²é¿´²¢±à¼­¼ÆËã»úµÄ IP ·ÓÉ±í¡£Route ÃüÁîºÍÓï·¨ÈçÏÂËùʾ£º
route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]
-f Ç ......

Èý´ó¶¥¼¶Linux·¢ÐÐ°æ ½ñÌìÄãÓÃÁËÂð£¿

ÕªÒª£ºÕ§¿´ÉÏÈ¥£¬RedHatµÄFedora 12¡¢NovellµÄOpenSUSE 11.2ºÍCanonicalµÄUbuntu 9.10ÕâÈý¸öĿǰ×î¶¥¼¶µÄLinux·¢Ðа漸ºõûÓÐÊ²Ã´Çø±ð¡£ËüÃǶ¼»ùÓÚ×îеÄLinuxÄںˣ¬¶¼°üº¬ÁËÈçOpenOfficeºÍFirefoxµÈ¿ªÔ´Ó¦Óᣲ»¹ý£¬Ö»ÒªÄã×Ðϸ¹Û²ì¾Í»á·¢ÏÖÕæÕýµÄ²î±ð£¬Ã¿¸ö·¢Ðа涼Õë¶Ô×Ų»Í¬µÄÓû§¡£
¡¾51CTO.com¿ìÒë×Ô12ÔÂ18ÈÕÍâµçÍ·Ì ......

linux mysql php apache ÅäÖð²×°

 ¡¡ÎÒÃǰÑÏÂÔØµÄÈý¸öÈí¼þ°ü·Åµ½/var/localĿ¼Ï£¨ÕâÊDZÊÕ߸öÈ˵Äϰ¹ß£©£¬ËüÃǶ¼ÊÇtar.gz°ü£¬¿ÉÒÔÓÃÃüÁîtar -xzpvf °üÃû£¬°ÑËüÃÇÔÚµ±Ç°Ä¿Â¼£¨/var/local/£©Öн⿪£º
cd /var/local
tar -xzpvf mysql-4.0.15.tar.gz
tar -xzpvf php-4.3.3.tar.gz
tar -xzpvf httpd-2.0.47.tar.gz
¡¡¡¡½â°üºó¿ÉÒÔ¿ªÊ¼½øÈëÕýʽ°²×°¡£ ......

linux ifÃüÁî

linux ifÃüÁî
   ÎÞÂÛʲô±à³ÌÓïÑÔ¶¼Àë²»¿ªÌõ¼þÅжϡ£SHELLÒ²²»ÀýÍâ¡£
      if list then
          do something here
      elif list then
          ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØÍ¼ | ¸ÓICP±¸09004571ºÅ