linux:linuxϵͳ°²È«Ïê½â
×÷Õß ØýÃû¼¼Êõ
À´Ô´ Linuxϵͳ
ä¯ÀÀ
·¢²¼Ê±¼ä 2012-04-18
·ÀÖ¹DOSÀàÐ͹¥»÷. ÐèÒª±à¼Îļþ [root@tp /]# vi /etc/security/limits.conf ... (ÕâÈýÐÐÊÇÌí¼ÓµÄ) * hard core 0 ½ûÖ¹´´½¨coreÎļþ * hard rss 5000 ÆäËûÓû§(³ýroot)×î¶àʹÓÃ5MÄÚ´æ * hard nproc 20 ×î¶à½ø³ÌÊýÏÞÖÆÔÚ20 ×¢:*±íʾËùÓеǽµ½linuxµÄÓû§. # End of file [root@tp /]# vi /etc/pam.d/login ... ÔÚÎļþĩβ¼ÓÈëÏÂÃæÒ»ÐÐ session required /lib/security/pam_limits.so 2,ÏÞÖÆ¿ØÖÆ̨µÄ·ÃÎÊ [root@tp /]# vi /etc/securetty ... ÎÒÃÇ×¢Ê͵ô tty1 # tty2 # tty3 # tty4 # tty5 # tty6 Ö»ÁôÏÂtty1,Õâʱ,root½ö¿ÉÔÚtty1Öն˵Ǽ 3,½ûÖ¹ÍâÀ´pingÇëÇó. [root@tp /]# vi /etc/rc.d/rc.local ... ÔÚ¼ÓÈëÒ»ÐÐ echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all 4,·ÀÖ¹IPµØÖ·ÆÛÆ [root@tp /]# vi /etc/host.conf ¼ÓÈëÈçϼ¸ÐÐ order bind,hosts multi off nospoof on 5,½ûÖ¹suÃüÁî½øÈëroot(ÕâÒ»²¿ÎÒ·´¸´²âÊÔ×ÜÊDz»³É¹¦,group×éÀïµÄÓû§ÒÀÈ»²»ÄÜsu³ÉrootÓû§.Ï£ÍûÖªµÀµÄÅó ÓѸæËßÎÒ,лл) [root@tp pam.d]# vi /etc/pam.d/su ... ÔÚÏÂÃæ¼ÓÈëÈçÏÂÁ½ÐÐ auth sufficient /lib/security/pam_rootok.so debug auth required /lib/security/pam_wheel.so group=xxx Õâ±íʾֻÓÐxxx×éµÄÓû§¿ÉÒÔsu³Éroot. 6,ʹÓÃTCP_WRAPPER ÔÚĬÈÏÇé¿öÏÂlinuxϵͳÔÊÐíËùÓÐÇëÇó,¿ÉÓÃTCP_WRAPPERÔöÇ¿°²È«ÐÔ, ÔÚ/etc/hosts.denyдÈë"ALL:ALL"½ûÖ¹ËùÓÐÇëÇó [root@tp etc]# vi /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the ''/usr/sbin/tcpd'' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! "ALL:ALL" °ÑÔÊÐí·ÃÎʵĿͻ§,»ò·þÎñÌí¼Óµ½/etc/hosts.allow,ðºÅ×ó±ßΪ·þÎñ,ðºÅÓÒ±ßΪÊÚȨµÄ»úÆ÷ [root@tp etc]# vi /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the ''/usr/sbin/tcpd'' server. # vsftp:211.101.46.253 ×¢:½öÈçÐíIPµØַΪ211.101.46.253µÄ»úÆ÷·ÃÎÊFIP·þÎñÆ÷ 7£®É¾¼õµÇ¼ÐÅÏ¢ [root@tp ~]# rm -f /etc/issue [root@tp ~]# rm -f /etc/issue.net [root@tp ~]# touch /etc/issue [root@tp ~]# touch /etc/issue.net Î塢ȷ±£¿ªÆô·þÎñµÄ°²È«ÐÔ ÎÒÃÇÏÈÀ´¿´Ò»ÏÂ×Ô¼ºÏµÍ³¿ªÆôÁ˶àÉÙ·þÎñ. [root@tp ~]# ps -eaf | wc -l 55 ÎÒµÄÊÇ55 ÎÒÃÇ¿ÉÒÔͨ¹ýµ±Ç°µÄ½ø³ÌÀïÔÚÀ´¿´Ò»Ï¶¼ÊÇʲô·þÎñ [root@tp ~]# ps -aux Warning: bad syntax, perhaps a bogus ''-''? See /usr/share/doc/procps-3.2.3/FAQ USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 2592 560 ? S 21:02 0:00 init [3] root 2 0.0 0.0 0 0 ? SN 21:02 0:00 [ksoftirqd/0] root 3 0.0 0.0 0 0 ? S< 21:02 0:00 [events/0] root 4 0.0 0.0 0 0 ? S< 21:02 0:00 [khelper] root 5 0.0 0.0 0 0 ? S< 21:02 0:00 [kacpid] root 20 0.0 0.0 0 0 ? S< 21:02 0:00 [kblockd/0] root 30 0.0 0.0 0 0 ? S 21:02 0:00 [pdflush] root 31 0.0 0.0 0 0 ? S 21:02 0:00 [pdflush] root 33 0.0 0.0 0 0 ? S< 21:02 0:00 [aio/0] root 21 0.0 0.0 0 0 ? S 21:02 0:00 [khubd] root 32 0.0 0.0 0 0 ? S 21:02 0:00 [kswapd0] root 107 0.0 0.0 0 0 ? S 21:02 0:00 [kseriod] root 181 0.0 0.0 0 0 ? S< 21:03 0:00 [kmirrord] root 182 0.0 0.0 0 0 ? S< 21:03 0:00 [kmir_mon] root 190 0.0 0.0 0 0 ? S 21:03 0:00 [kjournald] root 1085 0.0 0.1 2604 444 ? S&l |
ÁèÖڿƼ¼×¨ÒµÌṩ·þÎñÆ÷×âÓᢷþÎñÆ÷Íйܡ¢ÆóÒµÓʾ֡¢ÐéÄâÖ÷»úµÈ·þÎñ£¬¹«Ë¾ÍøÕ¾£ºhttp://www.lingzhong.cn ΪÁ˸ø¹ã´ó¿Í»§Á˽â¸ü¶àµÄ¼¼ÊõÐÅÏ¢£¬±¾¼¼ÊõÎÄÕÂÊÕ¼¯À´Ô´ÓÚÍøÂç,ÁèÖڿƼ¼×ðÖØÎÄÕÂ×÷ÕߵİæȨ£¬Èç¹ûÓÐÉæ¼°ÄãµÄ°æȨÓбØҪɾ³ýÄãµÄÎÄÕ£¬ÇëºÍÎÒÃÇÁªÏµ¡£ÒÔÉÏÐÅÏ¢ÓëÎÄÕÂÕýÎÄÊDz»¿É·Ö¸îµÄÒ»²¿·Ö,Èç¹ûÄúҪתÔر¾ÎÄÕÂ,Çë±£ÁôÒÔÉÏÐÅÏ¢£¬Ð»Ð»! |