×ðÁú¿­Ê±¹ÙÍøµÇ¼

LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºWeb½Ó¿Ú±£»¤Õ½ÂÔµÄÁ¢Òì½â¾ö¼Æ»®¡£

LinuxЧÀÍÆ÷ÔÚµ±½ñµÄ»¥ÁªÍøʱ´úÊÎÑÝ×ÅÖ÷ÒªµÄ½ÇÉ«£¬±»ÆÕ±éÓ¦ÓÃÓÚWebÓ¦ÓóÌÐòµÄÍйܺͰ²ÅÅ¡£È»¶ø£¬ÓÉÓÚÆäÆÕ±éµÄʹÓã¬LinuxЧÀÍÆ÷Ò²³ÉΪÁ˹¥»÷ÕßµÄÄ¿µÄ¡£ÎªÁ˱£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ£¬Web½Ó¿Ú±£»¤Õ½ÂÔ³ÉΪÁËÒ»Ïî±Ø²»¿ÉÉÙµÄÊÂÇé¡£

±¾ÎĽ«ÏÈÈÝÒ»¸öÁ¢ÒìµÄ½â¾ö¼Æ»®£¬ÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔºÍWeb½Ó¿ÚµÄ±£»¤Õ½ÂÔ£¬Í¨¹ý´úÂëʾÀý¼ÓÉîÃ÷È·¡£

Ê×ÏÈ£¬ÎÒÃÇÐèҪʹÓ÷À»ðǽÀ´ÏÞÖƶÔЧÀÍÆ÷µÄ»á¼û¡£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄiptables¹æÔòµÄʾÀý£¬ËüÔÊÐí´ÓÌض¨IPµØµã»á¼ûЧÀÍÆ÷µÄHTTPºÍSSH¶Ë¿Ú£¬Í¬Ê±¾Ü¾øÆäËûIPµÄ»á¼û¡£

iptables -A INPUT -p tcp -s 192.168.1.100 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 22 -j DROP

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖУ¬Ç°Á½Ìõ¹æÔòÔÊÐíIPµØµãΪ192.168.1.100µÄÖ÷ʱ»ú¼ûЧÀÍÆ÷µÄ80¶Ë¿Ú£¨HTTP£©ºÍ22¶Ë¿Ú£¨SSH£©£¬´ËºóÁ½Ìõ¹æÔòÔò¾Ü¾øÆäËûIPµØµãµÄ»á¼û¡£

Æä´Î£¬ÎÒÃÇ¿ÉÒÔʹÓÃFail2banÀ´±ÜÃâ¶ñÒâµÇ¼ʵÑé¡£Fail2banÊÇÒ»¸ö»ùÓÚPythonµÄÓ¦ÓóÌÐò£¬¿ÉÒÔ¼à¿ØЧÀÍÆ÷ÉϵÄÈÕÖ¾Îļþ£¬µ±¼ì²âµ½¶à´Îʧ°ÜµÄµÇ¼ʵÑéʱ£¬×Ô¶¯½«¹¥»÷ÕßµÄIPµØµã¼ÓÈëµ½·À»ðǽµÄºÚÃûµ¥ÖС£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄFail2banÉèÖÃʾÀý¡£

[DEFAULT]
bantime = 86400
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log

[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log

µÇ¼ºó¸´ÖÆ

ÉÏÊöÉèÖÃÎļþÖУ¬bantime²ÎÊý½ç˵Á˹¥»÷Õß±»¼ÓÈëºÚÃûµ¥µÄʱ¼ä£¨µ¥Î»ÎªÃ룩£¬findtime²ÎÊý½ç˵ÁË´¥·¢¼ÓÈëºÚÃûµ¥µÄʧ°ÜµÇ¼ʵÑé´ÎÊýʱ¼ä¶Î£¬maxretry²ÎÊý½ç˵ÁËͳһIPÔÊÐíµÄ×î´óʵÑé´ÎÊý¡£

×îºó£¬ÎÒÃÇ¿ÉÒÔʹÓÃModSecurityÀ´ÔöÇ¿WebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£ModSecurityÊÇÒ»¸ö¿ªÔ´µÄWebÓ¦ÓóÌÐò·À»ðǽ£¬¿ÉÒÔ¼ì²âºÍ±ÜÃâ²î±ðÀàÐ͵Ĺ¥»÷£¬Èç¿çÕ¾¾ç±¾¹¥»÷£¨XSS£©¡¢SQL×¢Èë¹¥»÷µÈ¡£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄModSecurityÉèÖÃʾÀý¡£

<IfModule mod_security2.c>
    SecRuleEngine On
    SecAuditEngine On
    SecResponseBodyAccess On

    SecRule REMOTE_ADDR "^127.0.0.1$" phase:1,nolog,allow
    SecRule REQUEST_HEADERS:User-Agent "bot" "phase:1,deny,id:10001"

    Include /etc/modsecurity/crs/*.conf
</IfModule>

µÇ¼ºó¸´ÖÆ

ÉÏÊöÉèÖÃÎļþÖУ¬SecRuleEngineºÍSecAuditEngine²ÎÊýÓÃÓÚÆôÓÃModSecurityºÍÉó¼ÆÈÕÖ¾¼Í¼¹¦Ð§£¬SecResponseBodyAccess²ÎÊýÓÃÓÚÔÊÐí»á¼ûÏìÓ¦ÄÚÈÝ¡£

SecRuleºÍSecResponseBodyAccessÕâÁ½¸ö¹æÔò»®·ÖÓÃÓÚÔÊÐíÀ´×ÔÍâµØIPµØµãµÄÇëÇ󣬲¢¾Ü¾øUser-AgentÖаüÀ¨¡°bot¡±×Ö·û´®µÄÇëÇó¡£

ͨ¹ýÒÔÉÏÏÈÈݵÄÁ¢Òì½â¾ö¼Æ»®£¬ÎÒÃÇ¿ÉÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔºÍWeb½Ó¿ÚµÄ±£»¤Õ½ÂÔ¡£È»¶ø£¬Ð§ÀÍÆ÷Çå¾²ÐÔÊÇÒ»¸ö¶¯Ì¬µÄÀú³Ì£¬ÐèÒªÒ»Ö±¸üкÍά»¤¡ £¿ª·¢Ö°Ô±ºÍϵͳÖÎÀíÔ±Ó¦Ç×½ü¹ØעЧÀÍÆ÷µÄÇå¾²Îó²îºÍ×îеÄÇå¾²Íþв£¬²¢½ÓÄÉÏìÓ¦µÄ²½·¥À´±£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ¡£

ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷Çå¾²ÐÔ£ºWeb½Ó¿Ú±£»¤Õ½ÂÔµÄÁ¢Òì½â¾ö¼Æ»®¡£µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ