Essential Linux Security Practices: Account Management, Network Hardening, and More

Operating system security is a fundamental issue in information security, and with the rapid growth of Internet technologies in China, Linux has become a popular server OS, bringing both opportunities and new security risks.

The article uses Red Hat Enterprise Linux Server release 6.7 to illustrate basic security mechanisms and implementation methods, covering five main areas.

1. System Account and Password Management

Accounts and passwords are the first line of defense. Administrators should enforce strong passwords, require regular changes, validate account legitimacy, delete unnecessary accounts, and prevent unauthorized root UID changes.

1.1 Delete or disable unused accounts Linux stores accounts in /etc/passwd. Regularly audit this file and remove default service accounts (e.g., ftp, apache) and accounts without business needs.

If an account must be retained, lock it or set its login shell to /sbin/nologin.

1.2 Password complexity policy Enforce minimum length of 8 characters, require at least one non‑alphabetic character, forbid inclusion of the account name, require password change every 90 days, set minimum lifecycle to 1 day, prevent reuse of the last 8 passwords, lock the account after five failed attempts, and force password change on first login.

1.3 Protect the shadow password file Passwords are stored encrypted in /etc/shadow. Ensure only root can read this file and avoid opening it in the presence of others.

1.4 Prevent unauthorized root account changes Monitor UID 0 accounts; any non‑root user with UID 0 should be investigated and removed.

2. Linux Network Security

Linux servers are widely used, but vulnerable network services can be exploited. Key measures include:

2.1 Ping restriction – disable external ping requests while allowing outbound pings.

2.2 Port security – close unnecessary services, change default ports, and enable a firewall.

2.3 Denial‑of‑service mitigation – configure /etc/security/limits.conf and use ulimit -a to limit resources per user.

2.4 Harden Xinetd – disable unused services in its configuration and stop the daemon if not needed.

2.5 Disable Xinetd startup:

chkconfig –level 345 xinetd off

3. Filesystem Security

Proper permission control prevents privilege escalation.

3.1 Global readable/writable files – use find to locate such files and restrict access.

3.2 Ownerless files – identify and assign proper ownership or delete them.

3.3 Device file permissions – protect /dev/* entries, especially disk devices.

3.4 Disk partitioning – use quotas, separate critical filesystems, and allocate dedicated partitions for data.

3.5 Set GRUB password – generate an MD5 hash and configure GRUB to require the password on boot.

3.6 Restrict su – limit its use to a specific group (e.g., wheel).

4. System Log Preservation

Logs are crucial for auditing and detecting attacks. Important logs include:

Account login records – who, /var/log/wtmp, /var/log/btmp, viewed with last and lastb.

Secure log – authentication and su events in /var/log/secure.

Message log – system messages in /var/log/messages.

Cron log – scheduled task activity in /var/log/cron.

History log – user command history in ~/.bash_history.

Regularly back up critical logs and store them off‑site to prevent attackers from erasing evidence.

5. Kernel Updates and Security Patches

Applying patches closes known vulnerabilities. For Red Hat, register on RHN, configure repositories in /etc/yum.repos.d/, and run yum update to install the latest patches.

Conclusion

Ensuring Linux system security requires a comprehensive strategy that balances cost, benefit, and organizational needs, employing the built‑in security tools, strict policies, and regular maintenance to achieve high availability and protect critical information.