×ðÁú¿­Ê±¹ÙÍøµÇ¼

  1. ×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÊ×Ò³
  2. ×ÊÖúÖÐÑë

ÔõÑùÉèÖÃCentOSϵͳÒÔ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃè

ȪԴ£º×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø ÔðÈα༭£º¶÷СÊÏ Ê±¼ä£º2024Äê9ÔÂ19ÈÕ 0

ÔõÑùÉèÖÃcentosϵͳÒÔ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃè

ͻ񻣼

Ëæ×Å»¥ÁªÍøµÄÒ»Ö±Éú³¤£¬ÍøÂçÇå¾²ÎÊÌâÔ½À´Ô½Í»³ö¡£Íⲿ¹¥»÷Õß¾­³£Í¨¹ý¶Ë¿ÚɨÃèÀ´Ñ°ÕÒϵͳÖеÄÇå¾²Îó²î¡£ÎªÁ˱£»¤ÎÒÃǵÄϵͳ£¬ÎÒÃÇÐèÒª½ÓÄɲ½·¥À´×èÖ¹ÕâЩɨÃè¡£±¾ÎĽ«ÏÈÈÝÔõÑùÉèÖÃcentosϵͳÒÔ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃ裬²¢ÌṩÁËÏà¹ØµÄ´úÂëʾÀý¡£

Ò»¡¢×°Öò¢ÉèÖ÷À»ðǽ

CentOSϵͳ×Ô´øÁËfirewalld·À»ðǽ£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÉèÖ÷À»ðǽÀ´ÏÞÖƶÔϵͳµÄ¶Ë¿ÚɨÃè¡£

1.×°ÖÃfirewalld£º

sudo yum install firewalld

2.Æô¶¯firewalldЧÀÍ£º

sudo systemctl start firewalld

3.ÉèÖÃfirewalld¿ª»ú×ÔÆô¶¯£º

sudo systemctl enable firewalld

4.Éó²éfirewalld״̬£º

sudo firewall-cmd –state

¶þ¡¢Ìí¼Ó¶Ë¿Ú¹æÔò

ÎÒÃÇ¿ÉÒÔʹÓÃfirewalldÏÂÁîÀ´Ìí¼Ó¶Ë¿Ú¹æÔò£¬ÒÔ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃè¡£

1.Éó²éϵͳ¿ª·ÅµÄ¶Ë¿Ú£º

sudo firewall-cmd –list-ports

2.Ìí¼ÓÔÊÐí»á¼ûµÄ¶Ë¿Ú£º

sudo firewall-cmd –add-port=80/tcp –permanent

sudo firewall-cmd –add-port=443/tcp –permanent

3.ÒƳýĬÈÏ¿ª·ÅµÄ¶Ë¿Ú£º

sudo firewall-cmd –remove-service=http –permanent

sudo firewall-cmd –remove-service=https –permanent

4.ÖØмÓÔØfirewalldÉèÖãº

sudo firewall-cmd –reload

Èý¡¢½ûÓÃICMP»ØÓ¦

³ýÁËÏÞÖƶ˿ڻá¼û£¬ÎÒÃÇ»¹¿ÉÒÔ½ûÓÃICMP»ØÓ¦£¬ÕâÑù¿ÉÒÔÓÐÓÃ×èÖ¹Íⲿ¹¥»÷Õß¾ÙÐÐͨÀýµÄpingɨÃè¡£

1.½ûÓÃICMP»ØÓ¦£º

sudo firewall-cmd –permanent –add-rich-rule=’rule protocol value=”icmp” drop’

2.ÖØмÓÔØfirewalldÉèÖãº

sudo firewall-cmd –reload

ËÄ¡¢¿ªÆôSYN Cookie±£»¤

SYN CookieÊÇÒ»ÖÖÌá·ÀDoSºÍDDoS¹¥»÷µÄ»úÖÆ£¬Í¨¹ý¿ªÆôSYN Cookie±£»¤£¬ÎÒÃÇ¿ÉÒÔÓÐÓñÜÃâÍⲿ¹¥»÷Õ߶Ôϵͳ¾ÙÐж˿ÚɨÃè¡£

1.¿ªÆôSYN Cookie±£»¤£º

sudo echo “net.ipv4.tcp_syncookies = 1” >> /etc/sysctl.conf

sudo sysctl -p

2.ÖØмÓÔØsysctlÉèÖãº

sudo sysctl –system

Îå¡¢ÏÞÖÆSSH»á¼û

SSHÊÇÍⲿ¹¥»÷Õß³£ÓõÄÈëÇÖÊÖ¶ÎÖ®Ò»£¬ÎÒÃÇ¿ÉÒÔͨ¹ýÏÞÖÆSSH»á¼ûÀ´ïÔ̭ϵͳÊܵ½¹¥»÷µÄΣº¦¡£

1.±à¼­SSHÉèÖÃÎļþ£º

sudo vi /etc/ssh/sshd_config

2.½«ÒÔÏÂÐÐ×¢ÊÍ×÷·Ï²¢ÐÞ¸ÄΪָ¶¨µÄ¶Ë¿ÚºÍIP£º

Port 22

PermitRootLogin yes

PasswordAuthentication yes

AllowUsers user_name@ip_address

3.ÉúÑÄÎļþ²¢ÖØÐÂÆô¶¯SSHЧÀÍ£º

sudo service sshd restart

Áù¡¢¼à¿ØϵͳÈÕÖ¾

×îºó£¬ÎÒÃÇÓ¦¸Ã°´ÆÚ¼à¿ØϵͳµÄÈÕÖ¾£¬ÒÔ±ãʵʱ·¢Ã÷²¢Ó¦¶Ô¿ÉÄܵĹ¥»÷¡£

1.Éó²éϵͳÈÕÖ¾£º

sudo tail -f /var/log/messages

´úÂëʾÀý£º

1.Ìí¼ÓÔÊÐí80ºÍ443¶Ë¿Ú»á¼ûµÄ¹æÔò£º

sudo firewall-cmd –add-port=80/tcp –permanent

sudo firewall-cmd –add-port=443/tcp –permanent

2.½ûÓÃICMP»ØÓ¦µÄʾÀý£º

sudo firewall-cmd –permanent –add-rich-rule=’rule protocol value=”icmp” drop’

3.¿ªÆôSYN Cookie±£»¤µÄʾÀý£º

sudo echo “net.ipv4.tcp_syncookies = 1” >> /etc/sysctl.conf

sudo sysctl -p

×ܽ᣺

ͨ¹ý×°Öò¢ÉèÖ÷À»ðǽ¡¢Ìí¼Ó¶Ë¿Ú¹æÔò¡¢½ûÓÃICMP»ØÓ¦¡¢¿ªÆôSYN Cookie±£»¤ºÍÏÞÖÆSSH»á¼ûµÈ²½·¥£¬ÎÒÃÇ¿ÉÒÔÓÐÓõØ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃ裬Ìá¸ßϵͳµÄÇå¾²ÐÔ¡£Í¬Ê±£¬ÎÒÃÇÒ²Ó¦¸Ã°´ÆÚ¼à¿ØϵͳÈÕÖ¾£¬ÊµÊ±·¢Ã÷²¢Ó¦¶ÔDZÔڵĹ¥»÷¡£Ö»ÓÐ×ÛºÏÔËÓÃÖÖÖÖÇå¾²²½·¥£¬ÎÒÃDzŻª¸üºÃµØ±£»¤ÎÒÃǵÄϵͳÃâÊÜÍⲿ¹¥»÷µÄÍþв¡£

ÒÔÉϾÍÊÇÔõÑùÉèÖÃCentOSϵͳÒÔ×èÖ¹Íⲿ¹¥»÷ÕߵĶ˿ÚɨÃèµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

ÉÏһƪ£º

ÏÂһƪ£º

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ