×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÔõÑùʹÓÃÏÂÁîÐÐÀ´±£»¤ÄãµÄLinuxЧÀÍÆ÷

ÔõÑùʹÓÃÏÂÁîÐÐÀ´±£»¤ÄãµÄLinuxЧÀÍÆ÷

¸ÅÊö£º

ÔÚµ±½ñÊý×Ö»¯Ê±´ú  £¬Ð§ÀÍÆ÷µÄÇå¾²ÐÔÓÈΪÖ÷Òª¡£×÷ΪЧÀÍÆ÷ÖÎÀíÔ±  £¬ÎÒÃÇÐèÒª½ÓÄÉһϵÁв½·¥À´±£»¤ÎÒÃǵÄLinuxЧÀÍÆ÷¡£ÏÂÁîÐÐÊÇÒ»ÖÖºÜÊÇÓÐÓõŤ¾ß  £¬¿ÉÒÔ×ÊÖúÎÒÃÇʵÏÖÕâһĿµÄ¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃÏÂÁîÐÐÀ´±£»¤ÄãµÄLinuxЧÀÍÆ÷  £¬²¢ÌṩһЩ´úÂëʾÀý¡£

Ò»¡¢¸üÐÂϵͳ

¼á³ÖЧÀÍÆ÷²Ù×÷ϵͳÊÇ×îеĺÜÊÇÖ÷Òª¡£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÀ´¸üÐÂϵͳ£º

sudo apt update

sudo apt upgrade

¶þ¡¢Ê¹Ó÷À»ðǽ

·À»ðǽÊDZ£»¤Ð§ÀÍÆ÷µÄµÚÒ»µÀ·ÀµØ¡£ÎÒÃÇ¿ÉÒÔʹÓÃiptablesÏÂÁîÀ´ÉèÖúÍÖÎÀí·À»ðǽ¹æÔò¡£ÒÔÏÂÊÇһЩ³£ÓõÄʾÀý£º

ÔÊÐíÌض¨IPµØµã»á¼ûSSH¶Ë¿Ú£¨Ä¬ÒÔΪ22£©£º

sudo iptables -A INPUT -p tcp -s 192.168.1.100 –dport 22 -j ACCEPT

ÔÊÐíÌض¨IPµØµã¹æÄ£»á¼ûHTTP¶Ë¿Ú£¨Ä¬ÒÔΪ80£©£º

sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 –dport 80 -j ACCEPT

¾Ü¾øËùÓÐÆäËûÈëÕ¾ÅþÁ¬£º

sudo iptables -A INPUT -j DROP

Èý¡¢Ê¹ÓÃFail2Ban±£»¤SSH

Fail2BanÊÇÒ»¸ö¿ªÔ´µÄÈëÇÖ·ÀÓù¹¤¾ß  £¬¿ÉÒÔ±£»¤Ð§ÀÍÆ÷ÃâÊܱ©Á¦Æƽ⹥»÷¡£ÒÔÏÂÊÇÔõÑùʹÓÃFail2BanÀ´±£»¤SSHµÄʾÀý£º

×°ÖÃFail2Ban£º

sudo apt install fail2ban

±à¼­Fail2BanÉèÖÃÎļþ£º

sudo nano /etc/fail2ban/jail.local

Ìí¼ÓÒÔÏÂÄÚÈݵ½ÎļþÖУº

[ssh]

enabled = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 3

bantime = 3600

ÖØÐÂÆô¶¯Fail2BanЧÀÍ£º

sudo service fail2ban restart

ËÄ¡¢Ê¹Ó÷ÀÓùÐÔDNSÉèÖÃ

ʹÓ÷ÀÓùÐÔDNSÉèÖÿÉÒÔ×ÊÖú×èֹЧÀÍÆ÷ÉϵĶñÒâÁ÷Á¿¡£ÒÔÏÂÊÇÒ»¸öʾÀý£º

±à¼­resolv.confÎļþ£º

sudo nano /etc/resolv.conf

Ìí¼ÓÒÔÏÂÄÚÈݵ½ÎļþÖУ¨Google Public DNS£©£º

nameserver 8.8.8.8

nameserver 8.8.4.4

ÉúÑIJ¢Í˳öÎļþ¡£

Î塢ʹÓÃÇå¾²µÄSSHÉèÖÃ

SSHÊÇÔ¶³Ì»á¼ûЧÀÍÆ÷µÄÖ÷Òª·½·¨  £¬µ«Ò²ÈÝÒ×Êܵ½¹¥»÷¡£ÒÔÏÂÊÇһЩÉèÖÃÎļþ/etc/ssh/sshd_configÖеĽ¨ÒéÐ޸ģº

¸ü¸ÄSSHĬÈ϶˿ڣ¨½¨Òé1024ÒÔÉϵĶ˿ڣ©£º

Port 2222

½ûÓÃrootÓû§µÇ¼£º

PermitRootLogin no

ÏÞÖƿɵǼµÄÓû§£º

AllowUsers user1 user2

½ûÓÃÃÜÂëµÇ¼  £¬Ê¹ÓÃÃÜÔ¿µÇ¼£º

PasswordAuthentication no

¸ü¸ÄµÇ¼ÏìӦʱ¼ä£º

LoginGraceTime 60

½ûÓÿÕÃÜÂ룺

PermitEmptyPasswords no

ÉúÑIJ¢Í˳öÎļþ  £¬ÖØÆôSSHЧÀÍ£º

sudo service ssh restart

Áù¡¢Ê¹ÓÃÃÜÂëÇ¿¶È¼ì²é

ΪÁ˱£»¤Ð§ÀÍÆ÷ÕË»§  £¬ÎÒÃÇ¿ÉÒÔʹÓÃpasswdqcÏÂÁîÀ´¼ì²éÃÜÂëÇ¿¶È¡£ÒÔÏÂÊÇÒ»¸öʾÀý£º

×°ÖÃpasswdqc£º

sudo apt install libpam-passwdqc

±à¼­ÃÜÂëÕ½ÂÔÉèÖÃÎļþ£º

sudo nano /etc/pam.d/common-password

Ìí¼ÓÒÔÏÂÐУ¨ÔÚpassword requisiteÐÐÖ®ºó£©£º

password requisite pam_passwdqc.so min=disabled,disabled,16,12,8

ÉúÑIJ¢Í˳öÎļþ¡£

×ܽ᣺

ͨ¹ýʹÓÃÏÂÁîÐÐÀ´±£»¤LinuxЧÀÍÆ÷  £¬ÎÒÃÇ¿ÉÒÔÔöÌíЧÀÍÆ÷µÄÇå¾²ÐÔ  £¬²¢±ÜÃâ¶ñÒâ¹¥»÷¡£±¾ÎÄÏÈÈÝÁËһЩ³£ÓõÄÏÂÁîÐвÙ×÷ºÍ´úÂëʾÀý  £¬¹©Ð§ÀÍÆ÷ÖÎÀíÔ±²Î¿¼ºÍʹÓá£Í¬Ê±  £¬ÎÒÃÇÒ²Ó¦¸Ã¾­³£¹ØעЧÀÍÆ÷Çå¾²·½ÃæµÄ×îÐÂÐÅÏ¢  £¬²¢ÊµÊ±¸üÐÂϵͳºÍ¹¤¾ßÀ´Ó¦¶ÔеÄÇå¾²Íþв¡£±£»¤Ð§ÀÍÆ÷µÄÇå¾²ÊÇÒ»¸öһֱѧϰºÍÒ»Á¬Ë¢ÐµÄÀú³Ì¡£

ÒÔÉϾÍÊÇÔõÑùʹÓÃÏÂÁîÐÐÀ´±£»¤ÄãµÄLinuxЧÀÍÆ÷µÄÏêϸÄÚÈÝ  £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí  £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø  £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È  £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ  £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢  £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢  £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå  £¬9:30-18:30  £¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ