Board logo

标题: [Linux/Unix] 如何使你的REDHAD安全 [打印本页]

作者: 论坛管理员    时间: 2010-8-4 11:50     标题: 如何使你的REDHAD安全

This is a collective of information regarding setting up, and securing your new redhat server.

Before we can even start doing anything security modifications we have to know and understand how to use SSH.

Putty is the best, and free SSH Client.

1) Instal & Understand Putty
Learn to use SSH

2) Understand some basic linux commands. This goes a long way with the ret of the guide because you will have a better 'general' understanding of what each command does.
Basic Shell Commands
More Basic Shell Commands

3) Install a Firewall. This is a guide to instal APF. Make sure you enable connections for monitoring if you have SM any level of monitoring. You can find the IP SM supplys in the e-mail from them when you signed up. Or start a ticket asking for the spyglass/admin/monitoring IP. (Note, the ip will be in CIDR form so the slash and # after NEED to be there.)
APF Install

4) Install Brute Force Detection, from the makers of APF.
BFD is a modular shell script for parsing applicable logs and checking for authentication failures.
Brute Force Detection

5) Dsiable Direct Root Login. This will force you to login as another user in (in cpanel the user must be in the wheel group), and then su to root. This helps deny 'wanna-be' hackers.
Disable Root Login

6) Dsiable Telnet Access. Telnet is not secure, and your password is sent in plain text, so don't use it! Disable it forever, and use SSH isntead.
Disable Telnet

7) Force SSH Protocol 2.
Force SSH Protocol 2

icon_cool.gif Install CHKROOTKIT.
CHKROOTKIT is a shell script that checks system binaries for rootkit modification. Then notifying you.
CHKROOKIT

-- The rest are for cPanel Only Servers --

9) Disable cPanel Demo Mode
Disable cPanel Demo Mode

10) Jail All Users' Shell Access
Jail All Users

11) Modify WHM Security Settings
Modify WHM Settings

12) Enable SUEXEC
Enable SuExec




欢迎光临 华人论坛 (http://store.yayabay.com/forum/) Powered by Discuz! 7.2