Linux 服务器安全运维
1.1
删除多余的用户和组
可删除的用户:adm,lp,sync,shutdown,halt,news,uucp,operator,games,gopher
可删除的组:adm,lp,news,uucp,games,dip,pppusers,popusers,slipusers
eg:
userdel games
groupdel games
禁用用户的登录功能
usermod -s /sbin/nologin user1
关闭不必要的服务
chkconfig –level 345 bluetooth off
ubuntu下是 update-rc.d
密码安全策略 ssh
修改配置 启用PublicKey认证,禁用密码认证
Protocol 2
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
su, sudo
允许sudo权限
user0 ALL=/bin/more /etc/shadow
允许sudo执行固定命令免密码
user0 ALL= NOPASSWD:/bin/more /etc/shadow
sudo免密码放行所有命令
user0 ALL=(ALL)NOPASSWD:ALL