ÉîÈëÃ÷È·LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÏÂÁîµÄÔËÓÃÓëά»¤
ÉîÈëÃ÷È·LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÏÂÁîµÄÔËÓÃÓëά»¤
Ëæ×Å»¥ÁªÍøµÄÉú³¤£¬LinuxЧÀÍÆ÷µÄÇå¾²ÐÔÏÔµÃÓÈΪҪº¦¡£±£»¤Ð§ÀÍÆ÷ÃâÊܶñÒâ¹¥»÷ºÍ²»·¨ÈëÇÖ¹ØÓÚά»¤ÏµÍ³µÄÕý³£ÔËÐÐÖÁ¹ØÖ÷Òª¡£±¾ÎĽ«ÏÈÈÝһЩ³£ÓõÄLinuxÏÂÁîÒÔ¼°ËüÃÇÔÚЧÀÍÆ÷Çå¾²ÐÔά»¤ÖеÄÓ¦Óã¬Í¨¹ýÉîÈëÃ÷È·ÕâЩÏÂÁÎÒÃÇÄܹ»¸üºÃµØ±£»¤ÎÒÃǵÄЧÀÍÆ÷¡£
·À»ðǽÉèÖÃ
·À»ðǽÊDZ£»¤Ð§ÀÍÆ÷µÄµÚÒ»µÀ·ÀµØ¡£Í¨¹ýÏÞÖÆÍøÂçÁ÷Á¿£¬Ëü¿ÉÒÔ±ÜÃâ²»·¨»á¼ûºÍ¶ñÒâ¹¥»÷¡£Ê¹ÓÃÒÔÏÂÏÂÁî¿ÉÒÔÉèÖ÷À»ðǽ¹æÔò£º
iptables -A INPUT -p tcp –dport 22 -j DROP
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
Õâ¸öÀý×ÓÖУ¬ÎÒÃÇͨ¹ýiptablesÏÂÁî¹Ø±ÕÁËSSH£¨¶Ë¿Ú22£©µÄ»á¼û£¬È»ºóÔÊÐíÁËHTTP£¨¶Ë¿Ú80£©ºÍHTTPS£¨¶Ë¿Ú443£©µÄ»á¼û¡£ÕâÑù¿ÉÒÔ±ÜÃâδ¾ÊÚȨµÄÓû§»á¼ûЧÀÍÆ÷¡£
Óû§È¨ÏÞÖÎÀí
׼ȷÖÎÀíÓû§È¨ÏÞÒ²ÊDZ£»¤Ð§ÀÍÆ÷µÄÖ÷Òª²½·¥Ö®Ò»¡£ÒÔÏÂÊÇÓÃÓÚÖÎÀíÓû§ºÍ×éµÄ³£ÓÃÏÂÁ
Óû§ÖÎÀí£º
½¨ÉèÓû§£ºuseradd username
ɾ³ýÓû§£ºuserdel username
ÐÞ¸ÄÃÜÂ룺passwd username
Éó²éÓû§ÁÐ±í£ºcat /etc/passwd
×éÖÎÀí£º
½¨Éè×飺groupadd groupname
ɾ³ý×飺groupdel groupname
Ìí¼ÓÓû§µ½×飺usermod -a -G groupname username
Éó²é×éÁÐ±í£ºcat /etc/group
ͨ¹ýÊʵ±µÄÓû§ºÍ×éÖÎÀí£¬¿ÉÒÔÏÞÖƶÔЧÀÍÆ÷×ÊÔ´µÄ»á¼û¡£
ÎļþȨÏÞÉèÖÃ
ÎļþȨÏÞÊDZ£»¤Ð§ÀÍÆ÷Êý¾ÝµÄÖ÷Òª²½·¥Ö®Ò»¡£ÒÔÏÂÊÇÓÃÓÚÖÎÀíÎļþȨÏ޵ij£ÓÃÏÂÁ
¸ü¸ÄÎļþËùÓÐÕߣºchown username filename
¸ü¸ÄÎļþËùÊô×飺chgrp groupname filename
¸ü¸ÄÎļþȨÏÞ£ºchmod permissions filename
ʹÓÃÕâЩÏÂÁ¿ÉÒÔÈ·±£Ö»ÓÐÊÚȨµÄÓû§Äܹ»»á¼ûºÍÐÞ¸ÄÒªº¦Îļþ¡£
ÈÕÖ¾¼Í¼ÓëÉó¼Æ
ÈÕÖ¾¼Í¼ºÍÉó¼ÆÊÇʶ±ðºÍ×·×ÙDZÔÚ¹¥»÷µÄÖ÷ÒªÊֶΡ£ÒÔÏÂÊÇÓÃÓÚÖÎÀíÈÕÖ¾¼Í¼ºÍÉó¼ÆµÄ³£ÓÃÏÂÁ
Éó²éϵͳÈÕÖ¾£ºtail -f /var/log/syslog
Éó²éµÇ¼ÈÕÖ¾£ºtail -f /var/log/auth.log
Éó²éÓû§Ô˶¯ÈÕÖ¾£ºlast username
ͨ¹ý°´ÆÚ¼ì²éÕâЩÈÕÖ¾Îļþ£¬ÎÒÃÇ¿ÉÒÔ¿ìËÙ·¢Ã÷DZÔÚµÄÇå¾²Òþ»¼²¢½ÓÄÉÏìÓ¦²½·¥¡£
¼ÓÃÜÓëSSLÖ¤Êé
ΪÁ˱£»¤Ð§ÀÍÆ÷ºÍÓû§Ö®¼äµÄÊý¾Ý´«Ê䣬¼ÓÃܺÍSSLÖ¤ÊéÆðµ½ÁËÒªº¦µÄ×÷Óá£ÒÔÏÂÊÇÓÃÓÚÖÎÀí¼ÓÃܺÍSSLÖ¤ÊéµÄ³£ÓÃÏÂÁ
ÌìÉúSSLÖ¤Ê飺openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key
×°ÖÃSSLÖ¤Ê飺cp server.crt /etc/apache2/ssl.crt/
ÐÞ¸ÄApacheÉèÖÃÎļþÒÔÆôÓÃSSL£ºvi /etc/apache2/sites-available/default-ssl.conf
ͨ¹ý׼ȷÉèÖúÍÖÎÀíSSLÖ¤Ê飬¿ÉÒÔÈ·±£Ð§ÀÍÆ÷Óë¿Í»§¶ËÖ®¼äµÄÊý¾Ý´«ÊäÊÇÇå¾²µÄ¡£
×ܽ᣺
LinuxЧÀÍÆ÷Çå¾²ÐÔµÄά»¤Àë²»¿ªÏÂÁîµÄÔËÓᣱ¾ÎÄÏÈÈÝÁËһЩ³£¼ûµÄÏÂÁ²¢¸ø³öÁËʹÓÃʾÀý¡£Í¨¹ýÉîÈëÃ÷È·ÕâЩÏÂÁîµÄ×÷ÓúÍÓ÷¨£¬ÎÒÃÇ¿ÉÒÔ¸üºÃµØ±£»¤ÎÒÃǵÄЧÀÍÆ÷¡£ËäÈ»£¬ÕâÖ»ÊÇЧÀÍÆ÷Çå¾²ÐÔµÄÒ»¸ö·½Ã棬³ýÁËÏÂÁîÐй¤¾ß£¬ÉÐÓÐÐí¶àÆäËûµÄÇå¾²ÐÔ²½·¥ºÍÊÖÒÕÐèÒª×ÛºÏÓ¦Óá£ÔÚ±£»¤Ð§ÀÍÆ÷Çå¾²ÐÔµÄÀú³ÌÖУ¬ÎÒÃÇӦһֱѧϰºÍÕÆÎÕеÄ֪ʶ£¬ÒÔÓ¦¶Ôһֱת±äµÄÇå¾²Íþв¡£
ÒÔÉϾÍÊÇÉîÈëÃ÷È·LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºÏÂÁîµÄÔËÓÃÓëά»¤µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡