Home > Article > Operation and Maintenance > The key to Linux server security: Effective use of the command line
The key to Linux server security: Effective use of the command line
In the current digital era, the development of computer technology has brought unprecedented opportunities and challenges to enterprises. However, with the popularity of the Internet and the frequent occurrence of data security incidents, server security has received more and more attention. For Linux servers, effective use of the command line is a key factor in ensuring server security.
The command line is the core of the Linux system. It not only provides rich functions and flexible operation methods, but also can control the server without a graphical user interface. Here are a few ways to effectively use the command line to improve server security.
Keeping your system and software up to date is one of the important steps to ensure server security. Operating systems and software programs can be easily updated via the command line. The following are examples of commands to update software on Debian/Ubuntu systems:
sudo apt update sudo apt upgrade
Before executing these commands, you need to ensure that the system is connected to the Internet. Updating systems and software can fix security vulnerabilities and provide the latest security patches to reduce potential security risks.
Strong passwords are one of the effective ways to protect your server from unauthorized access. Through the command line, you can set the complexity and expiration date of user passwords. The following is an example of a command to set a user password policy on a Linux system:
Modify the password complexity policy:
sudo nano /etc/login.defs
Find the PASS_MAX_DAYS and PASS_MIN_DAYS parameters to set the maximum number of valid days and the minimum number of days to change the password .
Modify the minimum password length:
sudo nano /etc/pam.d/common-password
Find the minlen parameter in the file and change it to the required minimum length.
For Linux servers, correctly managing user permissions is the key to ensuring server security. Through the command line, you can control user access to files and directories. Here are some commonly used commands:
Add a user:
sudo adduser username
Assign a user to a specific group:
sudo usermod -aG groupname username
Change permissions on a file or directory:
sudo chmod permissions file/directory
For example, set the owner permissions of the file to read and write, and set the read-only permissions for the group and other users:
sudo chmod 644 filename
Linux system comes with it Firewall tools such as iptables can help administrators protect servers from network attacks. Through the command line, you can configure firewall rules to restrict untrusted network traffic. The following are some examples of commonly used firewall setting commands:
View firewall rules:
sudo iptables -S
Allow traffic on specific ports:
sudo iptables -A INPUT -p tcp --dport portnumber -j ACCEPT
Deny access to specific IP addresses:
sudo iptables -A INPUT -s IPAddress -j DROP
Key login is a more secure way to replace the traditional username and password login method. From the command line, you can generate a key pair and configure the server to accept key logins. The following are some commonly used key login command examples:
Generate a key pair:
ssh-keygen -t rsa
Copy the public key to the server:
ssh-copy-id username@server_ip
Modify the server SSH configuration file, Disable password login:
sudo nano /etc/ssh/sshd_config
Find the PasswordAuthentication parameter and set it to no.
Sensitive information stored on Linux servers (such as database passwords, API keys, etc.) needs to be properly protected to prevent unauthorized access . Via the command line, you can encrypt sensitive files using encryption algorithms. The following are some commonly used encryption and decryption command examples:
Encrypted files:
openssl aes-256-cbc -in inputfile -out outputfile
Decrypted files:
openssl aes-256-cbc -d -in inputfile -out outputfile
The above are some methods that effectively improve the security of Linux servers through the command line. method. Of course, server security does not only rely on the use of the command line, but also needs to be combined with other security measures to fully protect the server. Therefore, administrators should constantly learn and update their knowledge to respond to ever-changing security threats.
The above is the detailed content of The key to Linux server security: Effective use of the command line. For more information, please follow other related articles on the PHP Chinese website!