Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 43
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
7. General Tips
This section will quickly address some general concepts for maintaining a more secure and reliable system or
network. Let's emphasize "maintaining" here since computer systems change daily, as does the environment
around them. As mentioned before, there isn't any one thing that makes a system secure. There are too many
variables. Security is an approach and an attitude more than it is a reliance on any particular product,
application or specific policy.
Do not allow remote root logins. This may be controlled by a configuration file such as
/etc/securetty. Remove any lines that begin "pts". This is one big security hole.
•
In fact, don't log in as root at all. Period. Log in on your user account and su to root when needed.
Whether the login is remote or local. Or use sudo, which can run individual commands with root
privileges. (Red hat includes a sudo package. ) This takes some getting used to, but it is the
"right" way to do things. And the safest. And will become more a more natural way of doing this as
time goes on.
•
I know someone is saying right now "but that is so much trouble, I am root, and it is my system".
True, but root is a specialized account that was not ever meant to be used as a regular user account.
Root has access to everything, even hardware devices. The system "trusts" root. It believes that you
know what you are doing. If you make a mistook, it assumes that you meant that, and will do it's best
to do what you told it to do...even if that destroys the system!
As an example, let's say you start X as root, open Netscape, and visit a web site. The web page has
badly behaved java script. And conceivably now that badly written java script might have access to
much more of your system than if you had done it the "right" way.
Take passwords seriously. Don't give them out to anyone. Don't use the same one for everything.
Don't use root's password for anything else −− except root's password! Never sign up or register on
line, using any of your system passwords. Passwords should be a combination of mixed case letters,
numbers and/or punctuation and a reasonable length (eight characters or longer). Don't use so−called
"dictionary" words that are easy to guess like "cat" or "dog". Don't incorporate personal information
like names or dates or hostnames. Don't write down system passwords −− memorize them.
•
Use the more secure "shadow" passwords. This has been the default on Red Hat for some time now.
If the file /etc/shadow exists, then it is enabled already. The commands pwconv and grpconv,
can be used to convert password and group files to shadow format if available.
Avoid using programs that require clear text logins over untrusted networks like the Internet.
Telnet is a prime example. ssh is much better. If there is any support for SSL (Secure Socket
Layers), use it. For instance, does your ISP offer POP or IMAP mail via SSL? Recent Red Hat
releases do include openssl, and many Linux applications can use SSL where support is available.
•
Set resource limits. There are various ways to do this. The need for this probably increases with the
number of users accessing a given system. Not only does setting limits on such things as disk space
prevent intentional mischief, it can also help with unintentionally misbehaved applications or
processes. quota (man quota) can be used to set disk space limits. Bash includes the
ulimit command (man ulimit or man bash), that can limit various functions on a per user basis.
•
Also, not discussed here at any length, but PAM (Pluggable Authentication Modules) has a very
sophisticated approach to controlling various system functions and resources. See man pam to get
started. PAM is configured via either /etc/pam.conf or /etc/pam.d/*. Also files in
7. General Tips 40
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
Gembird MHP-EP-001-W manuali
Manuali dei proprietari e guide per l'utente per Cuffie Gembird MHP-EP-001-W.
We fornisce 1 manuali pdf Gembird MHP-EP-001-W per scaricare gratuitamente in base al tipo di documento: Scheda Tecnica
Commenti su questo manuale