5.22. Tighten scripts under /etc/rc.d/

Fix the permissions of the script files that are responsible for starting and stopping all your normal processes that need to run at boot time.


            [root@deep] /# chmod -R 700  /etc/rc.d/init.d/*
            
Which means just root is allowed to Read, Write, and Execute scripts files on this directory. I don't think regular users need to know what is inside those script files.

Important: If you install a new program or update a program that use the init system V script located under /etc/rc.d/init.d/ directory, don't forget to change or verify the permission of this script file again.

5.22.1. The /etc/rc.d/rc.local file

By default, when you login to a Linux box, it tells you the Linux distribution name, version, kernel version, and the name of the server. This is giving away too much info. We'd rather just prompt users with a Login:

  1. To do this, Edit the /etc/rc.d/rc.local file and Place # in front of the following lines as shown:

    
            
                # This will overwrite /etc/issue at every boot.  So, make any changes you
                # want to make to /etc/issue here or you will lose them when you reboot.
                #echo "" > /etc/issue
                #echo "$R" >> /etc/issue
                #echo "Kernel $(uname -r) on $a $(uname -m)" >> /etc/issue
                #
                #cp -f /etc/issue /etc/issue.net
                #echo >> /etc/issue
                

  2. Then, remove the following files: issue.net and issue under /etc directory:

    
            [root@deep] /# rm -f  /etc/issue
                [root@deep] /# rm -f  /etc/issue.net
                

The /etc/issue.net file is the login banner that users will see when they make a networked i.e. telnet, SSH connection to your machine. You will find it in the /etc directory, along with a similar file called issue, which is the login banner that gets displayed to local users. It is simply a text file and can be customized to your own taste, but be aware that as noted above, if you do change it or remove it like we do, you'll also need to modify the /etc/rc.d/rc.local shell script, which re-creates both the issue and issue.net files every time the system boots.