Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Security Hardening

Setting the Login Session Timeout

A login session times out if it is inactive for 30 minutes or shorter.

  1. Log in to the node where BoostIO is installed.
  2. Open the /etc/profile file.
    vim /etc/profile
  3. Press i to enter the insert mode and add the following content to the end of the file:
    export TMOUT=1800
readonly TMOUT
  4. Press Esc, type :wq!, and press Enter to save the file and exit.

Setting the umask Value

You are advised to set the umask of the server to a value ranging from 027 to 777 to increase the file permission.

In this example, umask is set to 027.

  1. Log in to the server as the root user and open the /etc/profile file.
    vim /etc/profile
  2. Add umask 027 to the end of the /etc/profile file, save the file, and exit.
  3. Make the setting take effect.
    source /etc/profile

Updating Keys

The BoostIO service needs to be restarted after keys are updated. Properly plan the key update period.

For details about key management, see Enabling TLS Authentication.

Buffer Overflow Prevention

To prevent buffer overflow attacks, you are advised to use the address space layout randomization (ASLR) technology to randomize the layout of linear areas such as the heap, stack, and shared library mapping to make it more difficult for attackers to predict target addresses and locate code. This technology can be applied to heaps, stacks, and memory mapping areas (mmap base addresses, shared libraries, and vDSO pages).

How to enable ASLR:

echo 2 >/proc/sys/kernel/randomize_va_space