A Research Of Baseline Security Reinforcement Tools Based On The Linux

As the proportion of GNU/Linux operating system server in the enterprise production environment is increasing, the security problem gradually attention by people. Open source software is more and more welcomed by enterprises at present. For one thing, the open source software project funds can be saved and does not involve copyright issues; for another, the security of open source software is relatively higher than closed-source software.But open source software dominates under the circumstances (enterprise production environment), open source software is not absolutely safe. In addition to the system vulnerabilities in terms of risk we all know, the operating system baseline configuration is also a weak link in the host security. Operating system often keep certain security features, but it is not necessarily open is not necessarily open defaut when it’s installated, this requires a system management manual to deploy these security configuration, and even some projects need selective configuration according to business demand, this topic is mainly on the basis of the Linux system (redhat, centos, Suse, etc.), researching the operating system security construction and strengthening the basic content of the baseline.Thesis analyzes the security defects existing in the network, and puts forward the overall automation baseline verification tools development framework, focuses on the baseline based on Linux operating system safe checkpoints, configuration method and the result of the configuration of detection method; From several aspects, such as the account password, certificate authority, log audit, protocol security and so on, enhancing the security of the Linux operating system. After researching on baseline verification tool, we developed a set of automatic reinforcement script, to repair uncompliant system configuration items, at the same time also print out the appendix, such as ports, services, and host information and so on, providing some suggestions and reference for strengthening the system administrator.