×ðÁú¿­Ê±¹ÙÍøµÇ¼

LinuxЧÀÍÆ÷Çå¾²ÐÔÊÃ÷ÈÕ½£ºÓÃÏÂÁîÐй¤¾ß¾ÙÐзÀÓù

LinuxЧÀÍÆ÷Çå¾²ÐÔÊÃ÷ÈÕ½£ºÓÃÏÂÁîÐй¤¾ß¾ÙÐзÀÓù

СÐò£º

×÷ΪһÃûLinuxЧÀÍÆ÷ÖÎÀíÔ±£¬ÎÒÃDZØÐèʱ¿Ì±£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ¡£ÔÚÒ»Ñùƽ³£ÊÂÇéÖУ¬Ê¹ÓÃÏÂÁîÐй¤¾ß¾ÙÐÐЧÀÍÆ÷µÄ·ÀÓùÊÇÒ»ÖÖ¼òÆÓ¸ßЧµÄÒªÁì¡£±¾ÎĽ«ÏÈÈÝһЩ³£ÓõÄÏÂÁîÐй¤¾ß£¬²¢¸ø³öÏìÓ¦µÄ´úÂëʾÀý£¬×ÊÖúÖÎÀíÔ±ÔöǿЧÀÍÆ÷µÄÇå¾²ÐÔ¡£

Ò»¡¢·À»ðǽÉèÖÃ

·À»ðǽÊDZ£»¤Ð§ÀÍÆ÷ÃâÊܶñÒâ¹¥»÷µÄÖ÷Òª¹¤¾ß¡£LinuxϵͳÖг£ÓõķÀ»ðǽ¹¤¾ßÊÇiptables¡£ÒÔÏÂÊÇһЩ³£ÓõÄiptablesÏÂÁÓÃÓÚÉèÖÃЧÀÍÆ÷µÄ·À»ðǽ¹æÔò£º

ÔÊÐíÖ¸¶¨IP»á¼ûÌض¨¶Ë¿Ú£º

iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT

µÇ¼ºó¸´ÖÆ

¾Ü¾øËùÓÐÆäËûIP»á¼ûÖ¸¶¨¶Ë¿Ú£º

iptables -A INPUT -p tcp --dport 22 -j DROP

µÇ¼ºó¸´ÖÆ

Éó²éÄ¿½ñ·À»ðǽ¹æÔò£º

iptables -L

µÇ¼ºó¸´ÖÆ

¶þ¡¢SSHÇå¾²ÉèÖÃ

SSHÊÇЧÀÍÆ÷Óë¿Í»§¶ËÖ®¼äÇ徲ͨѶµÄ»ù´¡¡£Æ¾Ö¤ÏêϸÐèÇ󣬿ÉÒÔ¶ÔSSH¾ÙÐÐÒÔÏÂÇå¾²ÉèÖãº

ÐÞ¸ÄSSHĬÈ϶˿ڣ¨Ä¬ÒÔΪ22£©£º

vi /etc/ssh/sshd_config
# ÐÞ¸ÄPort 22ΪÆäËû¶Ë¿ÚºÅ

µÇ¼ºó¸´ÖÆ

եȡrootÓû§Í¨¹ýSSHÔ¶³ÌµÇ¼£º

vi /etc/ssh/sshd_config
# ÐÞ¸ÄPermitRootLoginΪno

µÇ¼ºó¸´ÖÆ

եȡ¿ÕÃÜÂëµÇ¼£º

vi /etc/ssh/sshd_config
# ÐÞ¸ÄPermitEmptyPasswordsΪno

µÇ¼ºó¸´ÖÆ

Èý¡¢ÈëÇÖ¼ì²âϵͳ£¨HIDS£©

ÈëÇÖ¼ì²âϵͳ£¨Host-based Intrusion Detection System£¬¼ò³ÆHIDS£©¿ÉÒÔ¼ì²âºÍ·ÀÓùЧÀÍÆ÷ÉϵÄÇå¾²Íþв¡£ÒÔÏÂÊÇһЩ³£ÓõÄHIDS¹¤¾ßºÍÏÂÁ

ʹÓÃOpen Source Tripwire¾ÙÐÐÎļþÍêÕûÐÔ¼ì²é£º

tripwire --check

µÇ¼ºó¸´ÖÆ

ʹÓÃAIDE£¨Advanced Intrusion Detection Environment£©¾ÙÐÐÎļþÍêÕûÐÔ¼ì²é£º

aide --check

µÇ¼ºó¸´ÖÆ

ËÄ¡¢ÍøÂçÁ÷Á¿ÆÊÎö

ÍøÂçÁ÷Á¿ÆÊÎö¿ÉÒÔ×ÊÖúÖÎÀíÔ±¼à¿ØЧÀÍÆ÷µÄÍøÂçÔ˶¯£¬ÊµÊ±·¢Ã÷Òì³£²¢½ÓÄÉÏìÓ¦µÄÇå¾²²½·¥¡£ÒÔÏÂÊÇһЩ³£ÓõÄÍøÂçÁ÷Á¿ÆÊÎö¹¤¾ßºÍÏÂÁ

ʹÓÃtcpdump²¶»ñÍøÂçÁ÷Á¿£º

tcpdump -i eth0 -s 0 -w output.pcap

µÇ¼ºó¸´ÖÆ

ʹÓÃWiresharkÆÊÎö²¶»ñµÄÍøÂçÁ÷Á¿£º

wireshark -r output.pcap

µÇ¼ºó¸´ÖÆ

Îå¡¢ÈÕÖ¾ÆÊÎö

ÈÕÖ¾ÆÊÎöÊÇʵʱ·¢Ã÷ЧÀÍÆ÷Òì³£µÄÖ÷ÒªÊֶΡ£ÒÔÏÂÊÇһЩ³£ÓõÄÈÕÖ¾ÆÊÎö¹¤¾ßºÍÏÂÁ

ͳ¼ÆµÇ¼ʧ°ÜµÄÓû§£º

grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn

µÇ¼ºó¸´ÖÆ

¼ì²éµÇ¼ÀֳɵÄÓû§£º

grep "Accepted password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn

µÇ¼ºó¸´ÖÆ

Áù¡¢ÃÜÂëÇå¾²Õ½ÂÔ

ÓÅÒìµÄÃÜÂëÇå¾²Õ½ÂÔÊDZ£»¤Ð§ÀÍÆ÷Çå¾²ÐÔµÄÒªº¦¡£ÒÔÏÂÊÇһЩ³£ÓõÄÃÜÂëÇå¾²Õ½ÂÔÏÂÁ

ÐÞ¸ÄÃÜÂë×îС³¤¶È£º

vi /etc/login.defs
# ÐÞ¸ÄPASS_MIN_LENΪËùÐèµÄ×îСÃÜÂ볤¶È

µÇ¼ºó¸´ÖÆ

ÃÜÂëÖØƯºóÕ½ÂÔÉèÖãº

vi /etc/pam.d/common-password
# ÐÞ¸Äpassword requisite pam_cracklib.so²ÎÊý£¬ÉèÖÃÃÜÂëÖØƯºóÕ½ÂÔ

µÇ¼ºó¸´ÖÆ

½áÂÛ£º

ͨ¹ýÔËÓÃÏÂÁîÐй¤¾ß¾ÙÐзÀÓù£¬ÎÒÃÇ¿ÉÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔ¡£±¾ÎÄÏÈÈÝÁËһЩ³£ÓõÄÏÂÁîÐй¤¾ß£¬²¢¸ø³öÁËÏìÓ¦µÄ´úÂëʾÀý£¬Ï£ÍûÄܸøÖÎÀíÔ±ÌṩһЩ²Î¿¼¡£

²Î¿¼ÎÄÏ×£º

[1] Linux¿ØÖÆ̨ÏÂÁî·À»ðǽÉèÖÃÉèÖÃÏÂÁîiptablesÏÈÈÝ£¬https://blog.csdn.net/u010648555/article/details/82840741

[2] Linux·À»ðǽÉèÖÃÏê½â£¬https://cloud.tencent.com/developer/article/1006847

[3] SSHÔ¶³ÌµÇ¼µÄÇå¾²ÉèÖã¬https://www.cnblogs.com/me115/p/13098681.html

ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷Çå¾²ÐÔÊÃ÷ÈÕ½£ºÓÃÏÂÁîÐй¤¾ß¾ÙÐзÀÓùµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ