CentOS Stream 8 Security Reinforcement Guide: Key Steps to Improve System Security
This article outlines the key steps to enhance the security of CentOS Stream 8 systems, aiming to build a safer operating environment. These security measures cover account management, system services, network security, and system maintenance.
Account security and permission control
-
Disable redundant superuser accounts:
- Identify the account with root privileges: Use
cat /etc/passwd | awk -F ':' '{print$1,$3}' | grep '0$'command. - Backup and lock/unlock the account: Back up the
/etc/passwdfile (cp -p /etc/passwd /etc/passwd_bak), and then usepasswd -lto lock orpasswd -uto unlock the account. - Delete unnecessary accounts: for example
adm,lp,sync, etc., useuserdel usernameandgroupdel groupnamecommands to delete users and groups.
- Identify the account with root privileges: Use
-
Strengthen password policy:
- Forced use of complex passwords: Passwords should contain uppercase letters, lowercase letters, numbers and special characters, with a length of at least 10 digits.
- Modify the
/etc/login.defsfile and set the minimum password length:PASS_MIN_LEN 10. - Check and process empty password account: Use
awk -F ":" '(NF==1) {print $1}' /etc/shadowcommand to find the empty password account and modify it immediately.
-
Protect password file:
- Use
chattr icommand to set unmodified properties for/etc/passwd,/etc/shadow,/etc/group, and/etc/gshadowfiles to enhance security.
- Use
System service management
-
Disable non-essential services:
- Stop and disable unnecessary system services, such as
acpid,autofs,bluetooth,cpuspeed,cups,ip6tables, etc.
- Stop and disable unnecessary system services, such as
-
Restrict service startup permissions:
- Set permissions for all files in the
/etc/rc.d/init.d/directory to ensure that only root users can manage these services.
- Set permissions for all files in the
Network security settings
-
Network access control:
- Edit
/etc/exportsfiles and configure the strictest NFS shared access permissions. - The
/etc/securettyfile restricts the root user to log in only at the specified terminal.
- Edit
-
Defense against IP spoofing and DoS attacks:
- Configure
/etc/hosts.allowand/etc/hosts.denyfiles to enhance control over network access to protect against IP spoofing attacks. - Set system resource limits, such as maximum number of processes and memory usage, to prevent DoS attacks.
- Configure
System update and maintenance
-
Regularly update the system:
- Use the
dnf updatecommand to regularly update the system packages to ensure that the system is in the latest security state. - Enable automatic update function: Install
dnf-automaticpackage and configure automatic download and installation of security updates.
- Use the
Following the above steps can significantly improve the security of CentOS Stream 8 systems. To continuously maintain system security, it is recommended to regularly review and update security configurations to deal with evolving security threats.
The above is the detailed content of How to do CentOS Stream 8 security settings. For more information, please follow other related articles on the PHP Chinese website!
What Comes After CentOS: The Road AheadApr 16, 2025 am 12:07 AMAlternatives to CentOS include RockyLinux, AlmaLinux, OracleLinux, and SLES. 1) RockyLinux and AlmaLinux provide RHEL-compatible binary packages and long-term support. 2) OracleLinux provides enterprise-level support and Ksplice technology. 3) SLES provides long-term support and stability, but commercial licensing may increase costs.
CentOS: Exploring the AlternativesApr 15, 2025 am 12:03 AMAlternatives to CentOS include UbuntuServer, Debian, Fedora, RockyLinux, and AlmaLinux. 1) UbuntuServer is suitable for basic operations, such as updating software packages and configuring the network. 2) Debian is suitable for advanced usage, such as using LXC to manage containers. 3) RockyLinux can optimize performance by adjusting kernel parameters.
Centos shutdown command lineApr 14, 2025 pm 09:12 PMThe CentOS shutdown command is shutdown, and the syntax is shutdown [Options] Time [Information]. Options include: -h Stop the system immediately; -P Turn off the power after shutdown; -r restart; -t Waiting time. Times can be specified as immediate (now), minutes ( minutes), or a specific time (hh:mm). Added information can be displayed in system messages.
Difference between centos and ubuntuApr 14, 2025 pm 09:09 PMThe key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
Centos configuration IP addressApr 14, 2025 pm 09:06 PMSteps to configure IP address in CentOS: View the current network configuration: ip addr Edit the network configuration file: sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 Change IP address: Edit IPADDR= Line changes the subnet mask and gateway (optional): Edit NETMASK= and GATEWAY= Lines Restart the network service: sudo systemctl restart network verification IP address: ip addr
How to install centosApr 14, 2025 pm 09:03 PMCentOS installation steps: Download the ISO image and burn bootable media; boot and select the installation source; select the language and keyboard layout; configure the network; partition the hard disk; set the system clock; create the root user; select the software package; start the installation; restart and boot from the hard disk after the installation is completed.
Centos8 restarts sshApr 14, 2025 pm 09:00 PMThe command to restart the SSH service is: systemctl restart sshd. Detailed steps: 1. Access the terminal and connect to the server; 2. Enter the command: systemctl restart sshd; 3. Verify the service status: systemctl status sshd.
How to restart the network in centos8Apr 14, 2025 pm 08:57 PMRestarting the network in CentOS 8 requires the following steps: Stop the network service (NetworkManager) and reload the network module (r8169), start the network service (NetworkManager) and check the network status (by ping 8.8.8.8)
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
SublimeText3 Linux new version
SublimeText3 Linux latest version
Dreamweaver CS6
Visual web development tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
