Yum check or install only security updates


With yum you are able to check for or install only necessary security relevant updates. You need to install the security plugin.

yum install yum-security

Thereafter you can check for security updates;

yum --security check-updates

or update only security relevant updates;

yum --security update

Prevent users entering single usermode


To prevent unauthorized access or prevent users entering single usermode or be able to change settings at boottime you could change some BIOS settings and use a password for the GRUB bootloader. First disable your system by changing some BIOS settings (depends on your hardware/BIOS version) to be able to boot from usb-, and other external devices, floppy drives, CD/DVD drives and set a BIOS password. Second, set a GRUB bootloader password. Generate a password hash using the command /sbin/grub-md5-crypt. Add the hash to the first line of /etc/grub.conf as follows:


Securing SSH with IPTABLES

Securing ssh access to your server is important. Every second your system can be a target for dictionary attacks by someone who want to get into your system via ssh. Therefor you should always take precautions like some basic security options i.e. disabling ssh root access and limit ssh access to certain users.

If you take a look at /var/log/secure you might see a lot of Failed password for.... entries on your system:

Force strong passwords


On a Linux machine users normaly can change the password of their own account. A lot of users use weak passwords and their password might be cracked with a dictionary-, or brute-force attack. The PAM module will perform a number of checks on the new password. For example, the new password may not match the old password, the new password may not be the old password reversed neither the same password but in different case. Weak passwords are not allowed. (These check are also done by the module pam_unix if set to obscure.)


Account locking


Usually a system will drop the connection after 3 unsuccessful login attempts and may reconnect to try it again. If you setup account lockout you can prevent this, after a number of unsuccessful login attempts the account will be locked out automaticaly.

Edit the file /etc/pam.d/system-auth and add the lines:
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  Next 
  •  End 
  • »
Page 1 of 2


You are here: Home Howtos and FAQs Security