How to do CentOS Stream 8 security settings-CentOS-php.cn

Home

Operation and Maintenance

CentOS

How to do CentOS Stream 8 security settings

James Bond

Apr 14, 2025 pm 04:03 PM

centos

CentOS Stream 8 Security Reinforcement Guide: Key Steps to Improve System Security

This article outlines the key steps to enhance the security of CentOS Stream 8 systems, aiming to build a safer operating environment. These security measures cover account management, system services, network security, and system maintenance.

Account security and permission control

Disable redundant superuser accounts:
- Identify the account with root privileges: Use cat /etc/passwd | awk -F ':' '{print$1,$3}' | grep '0$' command.
- Backup and lock/unlock the account: Back up the /etc/passwd file ( cp -p /etc/passwd /etc/passwd_bak ), and then use passwd -l to lock or passwd -u to unlock the account.
- Delete unnecessary accounts: for example adm , lp , sync , etc., use userdel username and groupdel groupname commands to delete users and groups.
Strengthen password policy:
- Forced use of complex passwords: Passwords should contain uppercase letters, lowercase letters, numbers and special characters, with a length of at least 10 digits.
- Modify the /etc/login.defs file and set the minimum password length: PASS_MIN_LEN 10 .
- Check and process empty password account: Use awk -F ":" '(NF==1) {print $1}' /etc/shadow command to find the empty password account and modify it immediately.
Protect password file:
- Use chattr i command to set unmodified properties for /etc/passwd , /etc/shadow , /etc/group , and /etc/gshadow files to enhance security.

System service management

Disable non-essential services:
- Stop and disable unnecessary system services, such as acpid , autofs , bluetooth , cpuspeed , cups , ip6tables , etc.
Restrict service startup permissions:
- Set permissions for all files in the /etc/rc.d/init.d/ directory to ensure that only root users can manage these services.

Network security settings

Network access control:
- Edit /etc/exports files and configure the strictest NFS shared access permissions.
- The /etc/securetty file restricts the root user to log in only at the specified terminal.
Defense against IP spoofing and DoS attacks:
- Configure /etc/hosts.allow and /etc/hosts.deny files to enhance control over network access to protect against IP spoofing attacks.
- Set system resource limits, such as maximum number of processes and memory usage, to prevent DoS attacks.

System update and maintenance

Regularly update the system:
- Use the dnf update command to regularly update the system packages to ensure that the system is in the latest security state.
- Enable automatic update function: Install dnf-automatic package and configure automatic download and installation of security updates.

Following the above steps can significantly improve the security of CentOS Stream 8 systems. To continuously maintain system security, it is recommended to regularly review and update security configurations to deal with evolving security threats.

The above is the detailed content of How to do CentOS Stream 8 security settings. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

The Future of CentOS: What's Next?May 08, 2025 am 12:01 AM

CentOS will continue to develop through CentOSStream in the future. CentOSStream is no longer a direct clone of RHEL, but is part of RHEL development. Users can experience the new RHEL functions in advance and participate in development.

CentOS: From Development to Production EnvironmentsMay 07, 2025 am 12:08 AM

The transition from development to production in CentOS can be achieved through the following steps: 1. Ensure the consistent development and production environment, use the YUM package management system; 2. Use Git for version control; 3. Use Ansible and other tools to automatically deploy; 4. Use Docker for environmental isolation. Through these methods, CentOS provides powerful support from development to production, ensuring the stable operation of applications in different environments.

CentOS Stream: The Successor and its ImplicationsMay 06, 2025 am 12:02 AM

CentOSStream is a cutting-edge version of RHEL, providing an open platform for users to experience the new RHEL functions in advance. 1.CentOSStream is the upstream development and testing environment of RHEL, connecting RHEL and Fedora. 2. Through rolling releases, users can continuously receive updates, but they need to pay attention to stability. 3. The basic usage is similar to traditional CentOS and needs to be updated frequently; advanced usage can be used to develop new functions. 4. Frequently asked questions include package compatibility and configuration file changes, and requires debugging using dnf and diff. 5. Performance optimization suggestions include regular cleaning of the system, optimizing update policies and monitoring system performance.

CentOS: Examining the Reasons Behind the End of LifeMay 04, 2025 am 12:12 AM

The reason for the end of CentOS is RedHat's business strategy adjustment, community-business balance and market competition. Specifically manifested as: 1. RedHat accelerates the RHEL development cycle through CentOSStream and attracts more users to participate in the RHEL ecosystem. 2. RedHat needs to find a balance between supporting open source communities and promoting commercial products, and CentOSStream can better convert community contributions into RHEL improvements. 3. Faced with fierce competition in the Linux market, RedHat needs new strategies to maintain its leading position in the enterprise-level market.

The Reasons for CentOS's Shutdown: A Detailed AnalysisMay 03, 2025 am 12:05 AM

RedHat shut down CentOS8.x and launches CentOSStream because it hopes to provide a platform closer to the RHEL development cycle through the latter. 1. CentOSStream, as the upstream development platform of RHEL, adopts a rolling release mode. 2. This transformation aims to enable the community to get exposure to new RHEL features earlier and provide feedback to accelerate the RHEL development cycle. 3. Users need to adapt to changing systems and reevaluate system requirements and migration strategies.

CentOS: The Advantages of Using This Linux DistroMay 02, 2025 am 12:10 AM

CentOS stands out among enterprise Linux distributions because of its stability, security, community support and enterprise application advantages. 1. Stability: The update cycle is long and the software package has been strictly tested. 2. Security: Inherit the security features of RHEL, update and announce in a timely manner. 3. Community support: a huge community and detailed documentation to respond to problems quickly. 4. Enterprise applications: Support container technologies such as Docker, suitable for modern application deployment.

Comparing CentOS Replacements: Features and BenefitsMay 01, 2025 am 12:05 AM

Alternatives to CentOS include AlmaLinux, RockyLinux, and OracleLinux. 1.AlmaLinux provides RHEL compatibility and community-driven development. 2. RockyLinux emphasizes enterprise-level support and long-term maintenance. 3. OracleLinux provides Oracle-specific optimization and support. These alternatives have similar stability and compatibility to CentOS, and are suitable for users with different needs.

CentOS vs. Other Linux Distributions: A ComparisonApr 30, 2025 am 12:07 AM

CentOS is suitable for enterprise and server environments due to its stability and long life cycle. 1.CentOS provides up to 10 years of support, suitable for scenarios that require stable operation. 2.Ubuntu is suitable for environments that require quick updates and user-friendly. 3.Debian is suitable for developers who need pure and free software. 4.Fedora is suitable for users who like to try the latest technologies.

See all articles