Help Center/
Security Technologies and Applications/
Best Practices/
Host Security Checks/
Host Security Check (Linux)/
Security Hardening Suggestions for Linux Hosts
Updated on 2022-12-12 GMT+08:00
Security Hardening Suggestions for Linux Hosts
- Set OS system passwords (including administrators and common users) and database account passwords. Set strong passwords for the management account of the web application system. The passwords must contain at least 12 characters.
- Set the host login mode to key login.
- Do not run applications using the administrator account. Disallow applications (such as webs) to use the database administrator account to interact with databases. Open only necessary ports to the public network. Do not allow public network access to service web console ports and LAN internal communication ports. Disable high-risk ports (such as the SSH port), allow limited source IP addresses to access the ports, or use the O&M stream established by VPNs or bastion hosts.
- Periodically back up service data remotely to prevent data loss caused by intrusions.
- Periodically detect security vulnerabilities in the system and software, update system security patches in a timely manner, and upgrade the software to the latest official version.
- Download and install the software from official channels. For the software downloaded from non-official channels, use antivirus software to scan it before running.
- You are advised to use HSS to thoroughly detect the potential security risks of your hosts and applications.
For details about HSS, visit https://www.huaweicloud.com/intl/en-us/product/hss.html.
Parent topic: Host Security Check (Linux)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot