 |
| LINUX OS HARDENING |
The next package enhancement could be a lesson in how you can protect your Linux operations. Therefore, this is usually one of the most important topics in Linux, and many times the recruiter's hiring manager will pass this question to you.that is, how to protect your learning system or how to strengthen the new LINUX OS software package
LINUX OS HARDENING MAINLY DO
USER ACCOUNT
REMOVE UN-WANTED PACKAGE
STOP UN-USED SERVICES
CHECK ON LISTENING PORTS
SECURE SSH
ENABLE FIREWALL
ENABLE SELinux
KEEP YOUR OS UP TO DATE
1. User Account
#cat /etc/passwd
then how do we get all usernames you see the file from password, you will see Go to the list of all users that you use in our system. So, you can change the username to a different name to avoid easy guessing. The other way is about the password policy. How often do you change your password now? How long should your password be? If you run this file, you will see that all users have this username and password. This is a file where you can also define some parameters and you can change these parameters as needed. Manage the security of user accounts and passwords.
#chage -l username
#cat /etc/shadow
#cat /etc/login.defs
#cd /etc/pam.d
#more system-auth
Manage the security of user accounts and passwords.
2.REMOVE UN-WANTED PACKAGE
#rpm - qa
we get the listing of all the packages.
#rpm e <package name>
2. DELETE THE UNWANTED PACKAGE
We get a list of all packages This will remove the package. So remember that when you delete a package, it will tell you that this package depends on another package. So be very careful, if you delete a package and that package depends on other packages or other packages depend on it, it will have some corruption and some programs will not work properly.
3.STOP UN-USED SERVICES
#systemctl -a
They say this will give you all active or inactive services. Therefore, you can stop the service as needed
#systemctl stop <services name>
4.CHECK ON LISTENING PORTS
#netstat -tunlp
All listening ports will be displayed.
#firewall-cmd --permanent --remove-port=port/tcp
You can stop the port with #firewallcmd Permanent removeport = port / tcp
5. SECURE SSH
#cd /etc/ssh
# more sshd_config
Here we can change the port for security reasons. For a secure connection, we can enable some functions of ssh.it to record all user names and login time to record users Information about the event. 6. Enable the firewall You can manage the firewall according to your requirements. Using firewalld in cli is a daemon network filter firewall, which provides an interface to manage runtime and persistent configuration.
6.ENABLE FIREWALL
#firewall-config
You can manage the firewall as needed. Using firewalld in cli is a daemon network filter firewall, which provides an interface to manage runtime and persistent configuration
#firewall-cmd
Use it in the cli firewall is a daemon network filtering firewall. Provides an interface for managing runtime and permanent settings. 7. ENABLE SELinux has a policy that allows users to access programs and services on the system. There are some semanagecontext, port, SELinux User 8 commands to keep your operating system updated. This is also called patching RedHat or CENTOS operating system update alerts. No matter what operating system you are using, just install the update in the email. This is the best way
7.ENABLE SELinux
Has a policy that allows users to access programs and services on the system.
There are some commands semanagecontext, port, SELinux User
chcon-change context
sealert-Troubleshooting for SELinux
setsebool -p ---enable or disable
getenforce-to view selinux mode
setenforce-to set SELinux mode
8.KEEP YOUR OS UP TO DATE
This is also known as patching the RedHat or CENTOS operating system update alert. No matter what operating system you are using, just install the update from the email. This is the best way to
yum update -y
Read more: All about Nagios Monitoring Tools
Read More: Koo app yellow tick verification system
Read More: Install a Windows Server in AWS
Read More: Uses of samba server and key features of the samba server