Chinese
Strengthen the method of safety of Redhat Linux system
From;    Author:Stand originally
To Linux I am not very perfectness, I am an abecedarian only, because of the reason of time, also pass without careful research. Summed up the ace of a few small methods that enhances security of Redhat Linux system to ask today evasive

1, taboo is all and special account: In Lp, sync, shutdown, halt, news, games, in the user such as Gopher, do not use acquiescent account: [Root@redhat/]#userdel LP deletes group account: [Root@redhat/]#groupdel LP

2, the Shadow that start, mix password of the existing password in the system and group instead Shadow group: With / Usr/sbin/authconfig program opens Shadow to use Pwconv and Grpconv respectively again two commands

3, prohibit all average user visits to console: Move [Root@redhat/]#rm–f/etc/security/console.apps/halt
[Root@redhat/]#rm–f/etc/security/console.apps/poweroff
[Root@redhat/]#rm–f/etc/security/console.apps/reboot
[Root@redhat/]#rm–f/etc/security/console.apps/shutdown
Also can delete Xserver file of course, such besides Root outside, can start Xserver without the person

4, make the system does not respond to Ping: Increase Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all order / in Etc/rc.d/rc.local file, when making the system restarts, prohibit automatically responding to Ping

5, indication system releases a document: Be in / the Telnet option instead in Etc/inetd.conf file: Telnet Stream Tcp Nowait Root/usr/sbin/tcpd In.teknetd –h

6, do not accept the root user that never is the same as console to land: Editor / Ect/security file adds # to ban the equipment that chooses with place in front of the Tty that does not need

7, protect / Ect/services file: Move [Root@redhat/]#chattr i/ect/services

8, editor / Ect/host.conf file: In / add in Ect/host.conf file
#Lookup Names Via DNS First Then Fall Back To /ect/hosts
Order Bing, hosts
#We Have Machines With Multiple IP AddressMulti On
#Check For IP Address SpoofingNospoof On

9, conceal systematic information: Be in above all / before # of Ect/rc.d/rc.local file lieutenant general writes in these travel
# This Will Overwrite/ect/issue At Every Boot.So.make Any Changes You
# Want To Make To/ect/issue Here Or You Will Lose Them When You Reboot
#echo ””>/ect/issue
#echo “$R”>>/ect/issue
#echo “Kernel $(uname –r) On $a $(uname –m)”>> / Ect/issue
#
#cp –f/ect/issue/ect/issue.net
#echo >>/ect/issue
Be in next / Issue and Issue.net file are deleted below Ect catalog
[Root@redhat/]#rm –f/ect/issue
[Root@redhat]#rm –f/ect/issue.net

10, delete.bash_history file: In / Rm –f$HOME/.bash_history is added to make in Ect/skel/.bash_logout file every time the user exits when delete.bash_history file automatically