Linux°²È«ÉèÖÃÊÖ²á

±¾ÎÄÊÇһƪ±È½ÏÔçÆڵľ­µäÉèÖýéÉÜ£¬µ«ÊÇÆä¹ØÓÚlinux°²È«µÄÂÛÊöºÍ¹Ûµã»¹ÊÇÖµµÃ²Î¿¼£¬Ëü½²ÊöÁËÈçºÎͨ¹ý»ù±¾µÄ°²È«´ëÊ©£¬Ê¹ÄãµÄLinuxϵͳ±äµÃ¸üΪ°²È«¿É¿¿¡£linux°²È«
1¡¢Bios¡¡Security
Ò»¶¨Òª¸øBiosÉèÖÃÃÜÂ룬ÒÔ·Àͨ¹ýÔÚBiosÖиıäÆô¶¯Ë³Ðò£¬¶ø¿ÉÒÔ´ÓÈíÅÌÆô¶¯¡£ÕâÑù¿ÉÒÔ×èÖ¹±ðÈËÊÔͼÓÃÌØÊâµÄÆô¶¯ÅÌÆô¶¯ÄãµÄϵͳ£¬»¹¿ÉÒÔ×èÖ¹±ðÈ˽øÈëBios¸Ä¶¯ÆäÖеÄÉèÖ㨱ÈÈçÔÊÐíͨ¹ýÈíÅÌÆô¶¯µÈ£©¡£
2¡¢LILO¡¡Security
ÔÚ"/etc/lilo.conf"ÎļþÖмÓÈëÏÂÃæÈý¸ö²ÎÊý£ºtime-out,restricted,password¡£ÕâÈý¸ö²ÎÊý¿ÉÒÔʹÄãµÄϵͳÔÚÆô¶¯liloʱ¾ÍÒªÇóÃÜÂëÑéÖ¤¡£
µÚÒ»²½£º
±à¼­lilo.confÎļþ£¨vi¡¡/etc/lilo.comf£©,¼ÙÈç»ò¸Ä±äÕâÈý¸ö²ÎÊý£º
boot=/dev/hda¡¡
map=/boot/map¡¡
install=/boot/boot.b¡¡
time-out=00¡¡¡¡¡¡#°ÑÕâÐиÃΪ00
prompt¡¡
Default=linux¡¡
restricted¡¡¡¡¡¡#¼ÓÈëÕâÐÐ
password=¡¡¡¡¡¡#¼ÓÈëÕâÐв¢ÉèÖÃ×Ô¼ºµÄÃÜÂë
image=/boot/vmlinuz-2.2.14-12¡¡
label=linux¡¡
initrd=/boot/initrd-2.2.14-12.img¡¡
root=/dev/hda6¡¡
read-only¡¡
µÚ¶þ²½£º
ÒòΪ"/etc/lilo.conf"ÎļþÖаüº¬Ã÷ÎÄÃÜÂ룬ËùÒÔÒª°ÑËüÉèÖÃΪrootȨÏÞ¶ÁÈ¡¡£
[root@kapil¡¡/]#¡¡chmod¡¡600¡¡/etc/lilo.conf¡¡
µÚÈý²½£º
¸üÐÂϵͳ£¬ÒÔ±ã¶Ô"/etc/lilo.conf"Îļþ×öµÄÐÞ¸ÄÆð×÷Óá£
[Root@kapil¡¡/]#¡¡/sbin/lilo¡¡-v
µÚËIJ½£º
ʹÓÃ"chattr"ÃüÁîʹ"/etc/lilo.conf"Îļþ±äΪ²»¿É¸Ä±ä¡£
[root@kapil¡¡/]#¡¡chattr¡¡+i¡¡/etc/lilo.conf¡¡
ÕâÑù¿ÉÒÔ·ÀÖ¹¶Ô"/etc/lilo.conf"Èκθı䣨ÒÔÍâ»òÆäËûÔ­Òò£©
3¡¢É¾³ýËùÓеÄÌØÊâÕË»§
ÄãÓ¦¸Ãɾ³ýËùÓв»ÓõÄȱʡÓû§ºÍ×éÕË»§£¨±ÈÈçlp,¡¡sync,¡¡shutdown,¡¡halt,¡¡news,¡¡uucp,¡¡operator,¡¡games,¡¡gopherµÈ£©¡£
ɾ³ýÓû§£º
[root@kapil¡¡/]#¡¡userdel¡¡LP¡¡
ɾ³ý×飺
[root@kapil¡¡/]#¡¡groupdel¡¡LP¡¡
4¡¢Ñ¡ÔñÕýÈ·µÄÃÜÂë
ÔÚÑ¡ÔñÕýÈ·ÃÜÂë֮ǰ»¹Ó¦×÷ÒÔÏÂÐ޸ģº
ÐÞ¸ÄÃÜÂ볤¶È£ºÔÚÄã°²×°linuxʱĬÈϵÄÃÜÂ볤¶ÈÊÇ5¸ö×Ö½Ú¡£µ«Õâ²¢²»¹»£¬Òª°ÑËüÉèΪ8¡£ÐÞ¸Ä×î¶ÌÃÜÂ볤¶ÈÐèÒª±à¼­login.defsÎļþ£¨vi¡¡/etc/login.defs£©£¬°ÑÏÂÃæÕâÐÐ
PASS_MIN_LEN¡¡¡¡¡¡¡¡5¡¡
¸ÄΪ
PASS_MIN_LEN¡¡¡¡¡¡¡¡8
login.defsÎļþÊÇlogin³ÌÐòµÄÅäÖÃÎļþ¡£
5¡¢´ò¿ªÃÜÂëµÄshadowÖ§³Ö¹¦ÄÜ£º
ÄãÓ¦¸Ã´ò¿ªÃÜÂëµÄshadow¹¦ÄÜ£¬À´¶Ôpassword¼ÓÃÜ¡£Ê¹ÓÃ"/usr/sbin/authconfig"¹¤¾ß´ò¿ªshadow¹¦ÄÜ¡£Èç¹ûÄãÏë°ÑÒÑÓеÄÃÜÂëºÍ×éת±äΪshadow¸ñʽ£¬¿ÉÒÔ·Ö±ðʹÓÃ"pwcov,grpcon