How to use Linux for security vulnerability scanning and remediation

How to use Linux to scan and repair security vulnerabilities

In today's digital era, network security threats are becoming increasingly serious, and security vulnerabilities have become an important factor restricting the stability and reliability of network systems. As one of the core operating systems of network systems, Linux systems have always attracted much attention in terms of security. This article will introduce how to use Linux to scan and repair security vulnerabilities, helping users improve system security.

1. Security vulnerability scanning

1. Use OpenVAS for vulnerability scanning

OpenVAS is an open source vulnerability scanner that provides a wide range of Vulnerability scanning and remediation solutions. In Linux systems, you can install and configure OpenVAS through the following steps:

1) Execute the following command in the terminal to install OpenVAS:

sudo apt-get install openvas

2) After the installation is complete, execute the following command to initialize OpenVAS:

sudo openvas-setup

3) After the initialization is completed, execute the following command to start the OpenVAS service:

sudo openvas-start

4) After starting the service, enter the following address in the browser: https://localhost:9392, use Log in to the OpenVAS management interface with the default username and password.

5) In the OpenVAS management interface, you can set the scan target and scan strategy, and then execute the scan task. The scan results will display information about security vulnerabilities existing in the system.

2. Use Nmap for vulnerability scanning

Nmap is a well-known open source network scanning tool. It provides rich scanning functions and can be used to identify vulnerabilities existing in the network. Security vulnerabilities. In Linux systems, you can install and use Nmap through the following command:

1) Execute the following command in the terminal to install Nmap:

sudo apt-get install nmap

2) After the installation is complete, execute the following command to perform vulnerability scanning :

sudo nmap -p 1-65535 -T4 -A -v <target>

Where, b4bef09dd2761803871f1d83e55d08b2 is the IP address or domain name of the target host.

3) Nmap will perform port scanning and service detection on the target host, and determine whether there are security vulnerabilities based on the scanning results.

2. Security vulnerability repair

1. Timely update of system patches

System manufacturers will regularly release system patches to repair discovered security vulnerabilities. In the Linux system, you can update the system patch through the following command:

sudo apt-get update
sudo apt-get upgrade

2. Configuring the firewall

The Linux system comes with a set of powerful firewall tools iptables, which can be Configure iptables rules to prevent unauthorized access.

1) View the current iptables rules:

sudo iptables -L

2) Configure iptables rules:

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -j DROP

The above rules are for reference only and can be adjusted according to actual needs.

3. Disable unnecessary services

Disabling unnecessary services in the system can reduce the attack surface of the system. You can use the following command to view the services running in the system:

sudo systemctl list-unit-files --type=service | grep enabled

Then use the following command to disable unnecessary services:

sudo systemctl disable <service>

Among them, 2562a309fd5e0c9cc93294a3a8564eb1 is the name of the service.

4. Strengthen Password Policy

Setting a strong password policy can effectively prevent passwords from being guessed or brute force cracked. You can modify the password policy through the following command:

sudo nano /etc/pam.d/common-password

Find the following line and modify it:

password        requisite                       pam_pwquality.so retry=3
password        sufficient                      pam_unix.so obscure sha512

Set the value of retry to 3, and change the obscure in front of pam_unix.so to minlen=8 ucredit =-1 lcredit=-1 dcredit=-1 ocredit=-1.

5. Log monitoring and auditing

Regular monitoring and auditing of system logs is an important means to discover and respond to security vulnerabilities. You can view the system log through the following command:

sudo tail -f /var/log/syslog

You can configure rsyslogd to persistently store and regularly back up the system log.

Summary:

This article introduces how to use Linux to scan and repair security vulnerabilities, by using tools such as OpenVAS and Nmap to scan vulnerabilities, update system patches in a timely manner, configure firewall rules, and disable unnecessary Services, strengthening password policies, and monitoring and auditing system logs can improve system security and reduce risks caused by security vulnerabilities. However, security work never ends, and users should perform regular security scans and repairs to maintain the health of the system.

The above is the detailed content of How to use Linux for security vulnerability scanning and remediation. For more information, please follow other related articles on the PHP Chinese website!