banner
[面包]MrTwoC

[面包]MrTwoC

你好,欢迎来到这个基于区块链的个人博客 名字:面包 / MrTwoc 爱好:跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向:Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发
bilibili
steam
email
github
HomeArchives[Code]Rust[区块链]Blockchain[引擎]Rust-Bevy[安全]Web2Security

Linux System Hardening

#Web2Security#Linux18
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text discusses system commands, user management, user group management, user account management, password management, and Linux file system introduction. It mentions the use of sudo command to temporarily borrow root privileges, the creation and modification of user accounts, the checking and deletion of user accounts, the management of user passwords, preventing weak passwords, disabling remote root login and su to root, and provides a summary of user management. It also briefly introduces the Linux file system.

System Commands#

Superuser
UID=0, Username=root; can manage all resources within the system
System User
Cannot be used for login, UID=1~999; for example, the http process in the system runs using the user apache
Regular User
UID=1000~65535, can use most resources, some special permissions will be controlled, users only have write permissions for their own directories.

sudo command: Regular users temporarily borrow root permissions to execute commands, need to enter password verification, and all operations are recorded
/etc/password——User account file
Username: Password: User ID: Primary Group ID: Full Name: Home Directory: Login Shell
/etc/shadow——User password file
Password: Last password change time: Minimum days between two password changes: Maximum days: Days in advance to warn about password expiration: Days after expiration to disable user: Expiration time: Reserved fields
/etc/group——User group file
Group name: Password: Group ID and user list
/etc/gshadow saves the passwords of all groups in the system
/etc/skel Every time a new account is created, the system automatically copies all content (including directories and files) from the /etc/skel directory to the new user's home directory "/home/"

User Management#

useradd test Create user test
passwd test Change password for user test
image.png
image.png

User Group Management#

image.png

User Account Management#

  1. Check
    #cat /etc/passwd #cat /etc/shadow
    #awk -F: '$3==0 {print $1}' /etc/passwd Query users with UID=0
    2. Remove excess accounts
    #userdel -r username
    3. Lock account
    #passwd -l username #passwd -u username (unlock account)

User Password Management#

Check if the user has an empty password in /etc/shadow: Password field is an exclamation mark
#awk -F:'length($2)==0 {print $1}' /etc/shadow
#awk -F ":"'($2==""){print $1}' /etc/shadow
image.png

Prevent Weak Passwords#

Modify file:
vi /etc/pam.d/system-auth
image.png

Password lifespan:
vi /etc/login.defs
image.png

Disable Root Remote Login#

image.png

Disable su to root#

image.png

User Management Summary#

image.png

Introduction to the Linux File System#

image.png

File System Attributes#

image.png

Change file and directory ownership
chown
#chown -R root: users /test

Change file access permissions
chmod
Two methods: 1. Character method: u, g, o 2. Numeric method: 4/2/1
image.png
image.png
image.png

Permission Management#

image.png
image.png

Log Security#

Log Classification#

image.png
image.png
image.png
image.png
/var/log/messages Server system log
/var/log/secure Records system login behavior
var/log/wtmp, /var/log/lastlog Records system login and logout information

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.