基于等保2.0标准的Linux安全加固技术研究

Research on Linux Security Reinforcement Technology Based on Classified Protection 2.0 Standard

在等保2.0标准下,以“建立、健全安全的计算机环境”为最终目标,针对网络攻击的特点,深入挖掘Linux系统内核参数、底层模块、核心应用的高级功能,对网络、密码、权限、SSH、日志等保护对象提出了一系列的加固措施,通过构造网络长城、科学分离权限、加固SSH安全通道、封堵系统管理漏洞、增加风险行为审计等做法,实现了满足等保2.0标准的主机加固目标,能充分保障计算机的环境安全。

Under the standard of Cybersecurity 2.0,this paper takes“establishing and perfecting a secure computer environment”as the ultimate goal,and deeply excavates the high-level functions of Linux system core parameters,bottom modules and core applications according to the characteristics of network attacks.At the same time,a series of reinforcement measures are put forward to protect objects such as network,password,authority,SSH and log.By constructing the Great Wall of Network,scientifically separating authority,strengthening SSH security channel,blocking system management loopholes,increasing risk behavior audit and other practices,the goal of host reinforcement meeting the iso-guarantee 2.0 standard has been achieved,which can fully guarantee the environmental safety of computer.