Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security."— Presentation transcript:

1 Linux Security 資管研究生 劉順德

2 Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security information –Linux worm

3 General Security Account –The password length –Set login time out for root account –Special account –Blocking anyone to su to root

4 General Security Local –Find all files with SUID/SGID bit enabled –Local login access control –More control on mounting a file system –Fix the permissions under “/etc/rc.d/init.d” –Resource limits –Integrity Checking

5 General Security Network –Use xinetd An program to replace inetd and tcp wrapper –Routing Protocol Disable source routing –Enable TCP SYN Cookie Protection Echo 1> /proc/sys/net/ipv4/tcp_syncookies –Clear issue file

6 Patch –Patch information : http://www.redhat.com/support/errata/ –Download ftp://updates.redhat.com/ –Integrity Check rpm –checksig –Install : Rpm –Uvh General Security

7 Securing Sendmail The Sendmail restricted shell “smrsh” The “/etc/aliases” file Prevent your sendmail being abused by unauthorized users Restrict who may examine the queue’s contents Set the immutable bit on important sendmail files

8 Securing BIND/DNS Running BIND/DNS in a chroot jail

9 Securing Apache Change some inportant permission file and directories of your web server Automatic indexing Create the.dbmpasswd password file for users authentication Immunize important configuration file like “httpd.conf” Running apache in a chroot jail Configuration of the new “/etc/logrotate.d/apache” file

10 Securing FTP server The ftpusers file The anonymous FTP program The upload command The special file “.notar” The noretrieve command

11 Recent Linux security information Linux worm –Radmen (infect Redhat6.2 & 7.0) –Lion (infect Bind 8.2.x ) The Same features –According an Vulnerability to attack –The same work flow

12 Syn scan Logging ip attack ftp

13

14 Reference www.securityfocus.com Securing and Optimizing RedHat Linux Maximum Linux security Linux security How-To

Download ppt "Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security."

Similar presentations

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Linux’ Security Haifa Linux Club 21.10.99 Orr Dunkelman.

Linux’ Security Haifa Linux Club Orr Dunkelman.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
1 實驗十:以 Linux 架設 Internet/Intranet 伺服 器 教師: 助教:. 2 Outline  Background  Linux system  Popular Internet services  Internet services  Internet  HTTP.

1 實驗十:以 Linux 架設 Internet/Intranet 伺服 器 教師: 助教:. 2 Outline  Background  Linux system  Popular Internet services  Internet services  Internet  HTTP.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Computer Security for Student-Administered Computers.

Computer Security for Student-Administered Computers.
1 COP 4343 Unix System Administration Unit 16: file server – samba.

1 COP 4343 Unix System Administration Unit 16: file server – samba.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Similar presentations

Ads by Google