linux的安全設置
平臺Redhad linux 9.0
1,禁止普通用戶使用su
only the user who belongs to the wheel group permits su command.
add following content in /etc/pam.d/su:
“auth required /lib/security/$ISA/pam_wheel.so use_uid “
2,禁止root遠程登錄
prohibits root user login from remote..
Describe "PermitRootLogin no" in /etc/ssh/sshd_config.
3,禁止telnet
telnet shoud be prohibited.
Add following description in configuration file: /etc/xinetd.d/telnet :
「disable = yes」.
4,禁止IP轉發
IP forwarding function should be disabled.
Add description in configuration file /etc/sysctl.conf:
“net.ipv4.ip_forward = 0. “
5,防範IP Spoofing attack
"IP Spoofing attack" protection should be enabled.
Add description in configuration file /etc/sysctl.conf:
“net.ipv4.conf.all.rp_filter = 1.”
6,禁止ICMP redirection packet
OS should not accept ICMP redirection packet..
Add description in configuration file /etc/sysctl.conf:
“net.ipv4.conf.all.accept_redirects = 0.”
7,禁止relay ICMP redirection packet
OS should not relay ICMP redirection packet..
Add description in configuration file /etc/sysctl.conf:
“net.ipv4.conf.all.send_redirects = 0.”
8,禁止reply to broadcast ICMP packet.
OS should not reply to broadcast ICMP packet.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.icmp_echo_ignore_broadcasts = 1.”
9,禁止時間戳
OS should avoid the time stamp.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.tcp_timestamps = 0.”
10,禁止僞造廣播幀
OS should restrain the warning of the replying of the imitation to the broadcast frame.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.icmp_ignore_bogus_error_responses = 1.”
