The Linux System Administrator's Guide. Linux Kernel 2.4 Internals. Linux Kernel Newbies. Kernel links. Juan-Mariano de Goyeneche < jmseyas@dit.upm.es > /* * The latest version of this document may be found at: * */ The need for a document like this one became apparent in the linux-kernel mailing list as the same questions, asking for pointers to information, appeared again and again. Fortunately, as more and more people get to GNU/Linux, more and more get interested in the Kernel. But reading the sources is not always enough. Unfortunately, not many documents are available for beginners to start. Please, if you know any paper not listed here or write a new document, send me an e-mail , and I'll include a reference to it here. The papers that follow are listed in no particular order. Enjoy! : "Iptables-tutorial" : Oskar Andreasson. : : iptables, netfilter, firewalls. : The aim of the iptables-tutorial is to explain iptables in a complete and simple way.
. : "Ipsysctl-tutorial" : "The Linux Kernel" Bash commands - Linux MAN Pages. The Flux Research Group. 0. Introductions and Expectations. 20 Linux Server Hardening Security Tips. Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system. Linux Server Hardening Checklist and Tips The following instructions assume that you are using CentOS/RHEL or Ubuntu/Debian based Linux distribution. #1: Encrypt Data Communication All data transmitted over a network is open to monitoring. Use scp, ssh, rsync, or sftp for file transfer. . #1.1: Avoid Using FTP, Telnet, And Rlogin / Rsh Services Under most network configurations, user names, passwords, FTP / telnet / rsh commands and transferred files can be captured by anyone on the same network using a packet sniffer.
. #2: Minimize Software to Minimize Vulnerability Do you really need all sort of web services installed? #3: One Network Service Per System or VM Instance. Top 20 OpenSSH Server Best Security Practices. OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems.
However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Default Config Files and SSH Port /etc/ssh/sshd_config - OpenSSH server configuration file. SSH Session in Action #1: Disable OpenSSH Server Workstations and laptop can work without OpenSSH server. . #2: Only Use SSH Protocol 2 SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. Protocol 2 #3: Limit Users' SSH Access By default all systems user can login via SSH using their password or public key. Only allow root, vivek and jerry user to use the system via SSH, add the following to sshd_config: AllowUsers root vivek jerry #! 25 Best SSH Commands / Tricks. OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is.
OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. The encryption that OpenSSH provides has been strong enough to earn the trust of Trend Micro and other providers of cloud computing.Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands 1) Copy ssh keys to user@host to enable password-less ssh logins. ssh-copy-id user@host To generate the keys use the command ssh-keygen 2) Start a tunnel from some machine’s port 80 to your local post 2001 ssh -N -L2001:localhost:80 somemachine Have Fun. Tips for Linux Explorers.