×ðÁú¿­Ê±¹ÙÍøµÇ¼

Çå¾²µÄLinuxЧÀÍÆ÷ÇéÐΣºÊ¹ÓÃÏÂÁîÐоÙÐÐÉèÖÃÓë± £»¤

Çå¾²µÄLinuxЧÀÍÆ÷ÇéÐΣºÊ¹ÓÃÏÂÁîÐоÙÐÐÉèÖÃÓë± £»¤

ͻ񻣼

Linux²Ù×÷ϵͳÔÚЧÀÍÆ÷ÁìÓò±»ÆÕ±éÓ¦Ó㬵«ËæÖ®¶øÀ´µÄÊÇЧÀÍÆ÷Çå¾²ÐÔµÄÌôÕ½¡£±¾ÆªÎÄÕ½«ÏÈÈÝÔõÑùʹÓÃÏÂÁîÐÐÀ´ÉèÖúͱ £»¤LinuxЧÀÍÆ÷ÇéÐΣ¬ÒÔÈ·±£ÆäÇå¾²ÐÔ¡£ÎÒÃǽ«º­¸Ç³£¼ûµÄÇå¾²ÉèÖÃÎÊÌ⣬²¢ÌṩһЩÓÐÓõĴúÂëʾÀý¡£

Ç¿»¯SSH»á¼û

SSHÊÇÔ¶³ÌЧÀÍÆ÷ÖÎÀíµÄ³£Óù¤¾ß£¬È»¶øĬÈϵÄÉèÖÿÉÄܱ£´æÇå¾²Òþ»¼¡£ÒÔÏÂÊÇһЩ½¨ÒéµÄÉèÖÃÒªÁ죺

1.1 ½ûÓÃrootÓû§µÇ¼

ÔÚ/etc/ssh/sshd_configÎļþÖУ¬½«PermitRootLoginµÄÖµÐÞ¸ÄΪno£¬¼´¿ÉեȡrootÓû§Í¨¹ýSSHµÇ¼ЧÀÍÆ÷¡£

ʾÀý´úÂ룺

sudo nano /etc/ssh/sshd_config

µÇ¼ºó¸´ÖÆ

ÕÒµ½PermitRootLogin£¬²¢½«ÆäÐÞ¸ÄΪno¡£ÉúÑÄÎļþ²¢ÖØÆôSSHЧÀÍ¡£

sudo service ssh restart

µÇ¼ºó¸´ÖÆ

1.2 ʹÓù«Ô¿Éí·ÝÑéÖ¤

¹«Ô¿Éí·ÝÑéÖ¤ÌṩÁ˸üÇ¿µÄÇå¾²ÐÔ£¬ÓÉÓÚËü²»ÒÀÀµÓÚÃÜÂ롣ʹÓÃssh-keygenÏÂÁîÌìÉú¹«Ë½Ô¿¶Ô£¬²¢½«¹«Ô¿ÉÏ´«µ½Ð§ÀÍÆ÷µÄ~/.ssh/authorized_keysÎļþÖС£

ʾÀý´úÂ룺

ssh-keygen
ssh-copy-id user@server_ip

µÇ¼ºó¸´ÖÆ

·À»ðǽÓëÍøÂçÇå¾²

2.1 ÉèÖ÷À»ðǽ

ÉèÖ÷À»ðǽÊDZ £»¤Ð§ÀÍÆ÷µÄÖ÷Òª°ì·¨¡£ÔÚLinuxÖУ¬Ê¹ÓÃiptables»òfirewalld¾ÙÐзÀ»ðǽÉèÖá£ÒÔÏÂÊÇһЩ»ù±¾µÄ·À»ðǽ¹æÔò£º

ʾÀý´úÂ룺

sudo iptables -P INPUT DROP   # ĬÈϾܾøËùÓÐÈëÕ¾ÅþÁ¬
sudo iptables -P FORWARD DROP # ĬÈϾܾøËùÓÐת·¢ÅþÁ¬
sudo iptables -P OUTPUT ACCEPT # ÔÊÐíËùÓгöÕ¾ÅþÁ¬

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # ÔÊÐíÒѽ¨ÉèµÄÅþÁ¬
sudo iptables -A INPUT -p icmp -j ACCEPT      # ÔÊÐípingÇëÇó
sudo iptables -A INPUT -i lo -j ACCEPT        # ÔÊÐíÍâµØ»Ø»·½Ó¿Ú

µÇ¼ºó¸´ÖÆ

2.2 ÉèÖÃÍøÂçÇå¾²

ÍøÂçÇå¾²Ò²ÊÇЧÀÍÆ÷Çå¾²µÄÖ÷Òª·½Ãæ¡£ÒÔÏÂÊÇһЩÍøÂçÇå¾²ÉèÖý¨Ò飺

2.2.1 ½ûÓò»ÐëÒªµÄЧÀÍ

ÔÚLinuxÖУ¬Í¨¹ýsystemctlÏÂÁî¿ÉÒÔ½ûÓò»ÐëÒªµÄЧÀÍ£¬ÒÔïÔ̭DZÔÚµÄÇ徲Σº¦¡£

ʾÀý´úÂ룺

sudo systemctl disable service_name

µÇ¼ºó¸´ÖÆ

2.2.2 ÆôÓÃSYN CookieÌá·ÀSYNºéË®¹¥»÷

SYN Cookie¿ÉÒÔÓÐÓÃÌá·ÀSYNºéË®¹¥»÷£¬Í¨¹ýÒÔÏÂÏÂÁî¿ÉÒÔÆôÓÃSYN Cookie£º

ʾÀý´úÂ룺

sudo sysctl -w net.ipv4.tcp_syncookies=1

µÇ¼ºó¸´ÖÆ

°´ÆÚ¸üкͼà¿Ø

3.1 °´ÆÚ¸üÐÂÈí¼þ°ü

ʵʱ¸üÐÂÈí¼þ°üÊǼá³ÖЧÀÍÆ÷Çå¾²ÐÔµÄÒªº¦¡£Ê¹ÓÃÒÔÏÂÏÂÁî¿ÉÒÔ°´ÆÚ¸üÐÂÈí¼þ°ü£º

ʾÀý´úÂ룺

sudo apt update
sudo apt upgrade

µÇ¼ºó¸´ÖÆ

3.2 ¼à¿ØЧÀÍÆ÷Ô˶¯

¼à¿ØЧÀÍÆ÷Ô˶¯ÓÐÖúÓÚʵʱ·¢Ã÷²¢Ó¦¶ÔDZÔÚµÄÇå¾²Íþв¡£Ê¹Óù¤¾ßÈçfail2ban»òlogwatch¿ÉÒÔʵÏÖÈÕÖ¾¼à¿ØºÍ×·×Ù¡£

ʾÀý´úÂ룺

sudo apt install fail2ban
sudo apt install logwatch

µÇ¼ºó¸´ÖÆ

½áÂÛ£º

±¾ÎÄÏÈÈÝÁËʹÓÃÏÂÁîÐоÙÐÐLinuxЧÀÍÆ÷ÇéÐÎÉèÖÃÓë± £»¤µÄÒªÁ죬°üÀ¨Ç¿»¯SSH»á¼û¡¢ÉèÖ÷À»ðǽ¼°ÍøÂçÇå¾²£¬ÒÔ¼°°´ÆÚ¸üкͼà¿ØЧÀÍÆ÷Ô˶¯µÄÖ÷ÒªÐÔ¡£Ï£Íû¶ÁÕßÄܹ»Í¨¹ýÕâЩҪÁìÌá¸ßLinuxЧÀÍÆ÷Çå¾²ÐÔ£¬²¢± £»¤Ð§ÀÍÆ÷ÃâÊÜDZÔÚµÄÇå¾²Íþв¡£

ÒÔÉϾÍÊÇÇå¾²µÄLinuxЧÀÍÆ÷ÇéÐΣºÊ¹ÓÃÏÂÁîÐоÙÐÐÉèÖÃÓë± £»¤µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ