乐闻世界logo
2月17日 23:36

What are the Linux system security hardening measures, including user management, SSH configuration, and firewall settings?

Linux system security is important knowledge that operations and development personnel must master, involving user management, permission control, firewall configuration, and other aspects.

User and group management:

  • useradd: create user, e.g., useradd -m -s /bin/bash username (create user and set home directory and shell)
  • userdel: delete user, e.g., userdel -r username (delete user and home directory)
  • usermod: modify user attributes, e.g., usermod -aG group username (add user to group)
  • passwd: change user password, e.g., passwd username
  • groupadd: create group, e.g., groupadd groupname
  • groupdel: delete group, e.g., groupdel groupname
  • gpasswd: manage group, e.g., gpasswd -a username groupname (add user to group)
  • id: view user ID and group information
  • whoami: view current user
  • w: view currently logged-in users

SSH security configuration:

  • Configuration file: /etc/ssh/sshd_config
  • Disable root login: PermitRootLogin no
  • Disable password login: PasswordAuthentication no (use key authentication)
  • Change default port: Port 2222
  • Restrict login users: AllowUsers user1 user2
  • Key authentication: ssh-keygen generates key pair, copy public key to server's ~/.ssh/authorized_keys
  • Use ssh-copy-id: ssh-copy-id user@host

Firewall configuration:

  • iptables: traditional firewall tool
    • View rules: iptables -L -n
    • Add rule: iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    • Delete rule: iptables -D INPUT 1
    • Save rules: iptables-save > /etc/iptables/rules.v4
  • firewalld: dynamic firewall management
    • View rules: firewall-cmd --list-all
    • Open port: firewall-cmd --add-port=80/tcp --permanent
    • Reload configuration: firewall-cmd --reload
  • ufw: simplified firewall configuration (Ubuntu)
    • Enable firewall: ufw enable
    • Open port: ufw allow 22
    • View status: ufw status

File permissions and SELinux:

  • chmod: modify file permissions
  • chown: modify file owner
  • chgrp: modify file group
  • SELinux: Security-Enhanced Linux
    • View status: getenforce
    • Temporarily disable: setenforce 0
    • Permanently disable: modify /etc/selinux/config
    • View context: ls -Z

System hardening:

  • Disable unnecessary services: systemctl disable service
  • Update system: apt update && apt upgrade (Debian/Ubuntu) or yum update (CentOS/RHEL)
  • Configure automatic updates: unattended-upgrades (Debian/Ubuntu)
  • Install security tools: fail2ban (prevent brute force attacks), rkhunter (detect rootkits)
  • Configure log auditing: auditd
  • Restrict sudo permissions: edit /etc/sudoers, use visudo command

Security auditing:

  • View login logs: last, lastlog
  • View authentication logs: /var/log/auth.log (Debian/Ubuntu) or /var/log/secure (CentOS/RHEL)
  • View system logs: /var/log/messages, journalctl
  • View processes: ps aux, top
  • View network connections: ss -tulnp, netstat -tulnp
  • View open ports: nmap localhost

Incident response:

  • Check abnormal processes: ps aux | grep -v grep | grep -E "bash|sh|python|perl"
  • Check abnormal network connections: ss -tulnp | grep ESTABLISHED
  • Check abnormal files: find / -perm -4000 -o -perm -2000 (find SUID/SGID files)
  • Check user logins: last, lastlog
  • Isolate infected system: disconnect network
  • Backup important data: backup critical data before cleanup
标签:Linux