Matanho ekuchengetedza VPS yedu

Iyi dzidziso inoratidza maitiro ekugadzirira uye kuchengetedza Virtual Yakavanzika Server (VPS) neDebian GNU / Linux. Tisati tatanga, zvimwe zvinhu zvinofungidzirwa:

  1. Iwe une chikamu chepakati chekujairana neGNU / Linux.
  2. Iko kune VPS yekushandisa pachedu kwatinowana kuburikidza neSSH.
  3. Iyo VPS ine yakatsaurwa yekunze ipv4 250.250.250.155 uye mupi wedu muridzi we250.250.0.0/16 block. (1)
  4. MuVPS yedu isu tichava chete ne http, https uye ssh masevhisi anogoneswa kuwana kubva kunze.
  5. External DNS haizogoneswe sezvo ichiwanzoitwa mupaneru redu remupi. (2)
  6. Ichashanda seye superuser.

Kuiswa

Sekutanga nhanho, ngativandudzei sevha uye nekuisa mamwe mapakeji atichada:

# aptitude yekuvandudza & aptitude yakachengeteka-kusimudzira # aptitude -RvW gadza dropbear gesftpserver sslh iptables-inopfuurira ulogd fail2ban nginx-light apache2-utils dnsutils telnet ghostscript poppler-utils zip unzip unrar-yemahara p7zip-yakazara zvishoma multitail tee mc

Setup

Iye zvino tava kuzogadzira mushandisi webasa. Kushanda semidzi paserura hakuna kuchengeteka, saka isu tinotanga tagadzira mushandisi akakosha:

adduser mushandisi usermod -aG Sudo inoshanda

Iwo wekutanga kuraira unogadzira mushandisi mushandisi, wechipiri unowedzera iro kuboka sudo, izvo zvinokutendera iwe kumhanyisa kunyorera se midzi.

Chinja mvumo kune super vashandisi

Nezve kushanda nguva dzose isu tinoshandisa mushandisi anoshanda yatogadzirwa kare, tinofanirwa kugadzirisa sarudzo yekuraira se superuser, yatinoita murairo unotevera:

visudo

Uyu murairo unobvumidza kugadzirisa iyo faira / etc / sudoers; yatinofanira kuve nemitsetse iyi:

Defaults env_reset, timestamp_timeout = 0% Sudo ZVESE = (ZVESE: ZVESE) ZVESE

Mutsara wekutanga sarudzo inowedzerwa kune yakasarudzika tsika timestamp_timeout iyo inobvumidza iwe kumisikidza iyo inopera nguva (mumaminitsi) yeiyo password kana iyo sudo yekuraira yaitwa. Iko kusarudzika ndeye5, asi izvi dzimwe nguva hazvina kuchengeteka nekuda kwezvikonzero zviviri:

  1. Kana isu tisingazivi tosiya komputa yedu yakapinda mukati password isati yapera, mumwe munhu anogona kuita rairo seye superuser pasina zvinorambidzwa.
  2. Kana kuburikidza nekusaziva isu tinoita chishandiso kana chinyorwa chine kodhi yakaipa password isati yapera, iko kunyorera kunogona kuwana mukana kune yedu system seye superuser, pasina mvumo yedu yakajeka.

Saka kuti tidzivise njodzi, isu takaisa kukosha kune zero, ndiko kuti, nguva yega yega paunorayirwa murairo, password ichafanirwa kuiswa. Kana kukosha kwakasarudzika kukamisikidzwa -1, mhedzisiro ndeyekuti password haina kupera, izvo zvinogona kuburitsa zvakapesana mhedzisiro yezvatinoda.

Mutsara wechipiri unojekesa kuti iro sudo boka rinogona kuita chero rairo pane chero komputa, chinova chinhu chinowanzoitika, kunyangwe ichigona kugadziriswa. (3) Kune avo vanoita nyore kuisa mutsetse zvinotevera kuti varege kunyora pasiwedhi:

% Sudo ZVESE = (ZVESE: ZVESE) NOPASSWD: ZVESE

Nekudaro, sekutsanangura kwatakaita izvi zvisati zvave nenjodzi, nekudaro hazvikurudzirwe.

Dzima kutangazve

Nezvikonzero zvekuchengetedza, isu zvakare tichadzima iyo yekutanga zvakare tichishandisa kiyi yekubatanidza Ctrl + Alt + Del, yatinofanira kuwedzera iyi tambo mufaira / etc / inittab:

ca: 12345: ctrlaltdel: / bin / echo "Ctrl + Alt + Del yakaremara."

Tsiva OpenSSH neDropBear

Mazhinji maVPS anouya neOpenSSH yakaiswa, izvo zvinonyanya kubatsira, asi kunze kwekunge tichida kushandisa kwese kushanda kweOpenSSH, kune dzimwe nzira dzakareruka dzeVPS, senge dropbear, iyo inowanzo kwana kushandiswa nguva dzose. Zvisinei, kukanganisa kwechikumbiro ichi ndechekuti hazviuye neyakaunganidzwa SFTP server, uye ndosaka pakutanga takaisa pasuru gesftpserver.

Kugadzirisa Dropbear, isu tichagadzirisa iyo faira / etc / default / dropbear saka kuti iine iyi mitsara miviri:

NO_START = 0 DROPBEAR_EXTRA_ARGS = "- w -p 127.0.0.1: 22 -I 1200 -m"

Mutsara wekutanga unongogonesa sevhisi, uye yechipiri inoita zvinhu zvinoverengeka:

  1. Dzivisa kupinda kwemidzi.
  2. Inoita kuti sevhisi iteerere pachiteshi 22 cheiyo yemuno interface (isu ticha tsanangura kuti sei gare gare).
  3. Inoisa iyo yekumirira nguva (maminetsi makumi maviri).

SSLH

Port 22 (SSH) inonyatso kuzivikanwa uye kazhinji ndeimwe yekutanga kune vabiridzi vanoedza kutyora, saka isu tinoshandisa chiteshi 443 (SSL) pachinzvimbo. Zvinoitika kuti chiteshi ichi chinoshandiswa pakutsvaga kwakachengeteka pamusoro peHTTPS.

Kune izvi isu tinoshandisa iyo sslh package, inova hapana chinopfuura multiplexer iyo inoongorora mapaketi anosvika pachiteshi 443, uye ovaendesa mukati kuenda kune rimwe sevhisi kana imwe zvinoenderana nekuti rudzi rwe traffic iSSH kana SSL.

SSLH haigone kuteerera pane inowanikwa pane imwe sevhisi iri kutoteerera, ndosaka isu takamboita kuti Dropbear iteerere pane yemuno interface.

Zvino izvo zvatinofanira kuita kuratidza kune sslh interface uye chiteshi kuburikidza icho chaanofanira kuteerera uye kupi kwekudzoreredza mapaketi zvichienderana nerudzi rwebasa, uye nekuda kweizvi isu tichagadzirisa iyo faira yekumisikidza / etc / default / sslh:

DAEMONI = / usr / sbin / sslh DAEMON_OPTS = "- mushandisi sslh - teerera 250.250.250.155:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile / var / run / sslh / sslh. pid "RUN = hongu

Pakupedzisira, tinotangazve masevhisi:

sevhisi ssh kumira && sevhisi kudonhedza kutanga && sevhisi sslh kutangazve

Mushure memurairo wekare, chikamu chedu chakachengeteka chingangovhiringidzwa, ipapo zvingakwanise kuti upinde zvakare, asi panguva ino nemushandisi webasa uye uchishandisa chiteshi 443. Kana chikamu chisina kukanganiswa, zvinokurudzirwa kuti uvhare uye tanga futi.netsika dzakakodzera.

Kana zvese zvikashanda nemazvo, tinogona kuenderera tichishanda semidzi uye kana tichida, uninstall OpenSSH:

sudo su - aptitude -r purge kuvhura-server

Firewall

Chinhu chinotevera chatichaita kupatsanura matanda kubva kune firewall mufaira rakaparadzana /var/log/firewall.log kufambisa kumwe kuongorora, ndosaka takaisa iyo ulogd package pakutanga. Kune izvi isu tichagadzirisa iyo faira /etc/logd.conf kugadzirisa chikamu chakakodzera:

[LOGEMU] faira = "/ var / log / firewall.log" sync = 1

Tevere, isu tinoshandura rekodhi kutenderera faira / etc / logrotate / ulogd kuchengetedza kutenderera kwezuva nezuva (nezuva) uye chengetedza makomputa akaomeswa mudhairekitori / var / danda / ulog /:

/var/log/ulog/ * .gz / var / log / ulog / endcript}

Saka isu tichagadzira iyo netfilter mitemo nekuita zvinotevera:

IPT = $ (ndeapi iptables) IPEXT = 250.250.250.155 IPEXTBLK = 250.250.0.0 / 16 IPBCAST = 255.255.255.255 $ IPT -F $ IPT -X $ IPT -Z $ IPT -A INPUT -i lo -j BATIRA $ IPT - P INPUT DROP $ IPT -P PASI DROP $ IPT -P OUTPUT BATIRA $ IPT -A INPUT -m mamiriro --state INVALID -j ULOG --ulog-prefix IN_INVALID $ IPT -A INPUT -p igmp -j ULOG --ulog -prefix IN_IGMP $ IPT -A INPUT -m pkttype --pkt-mhando nhepfenyuro -j ULOG --ulog-prefix IN_BCAST $ IPT -A INPUT -m pkttype --pkt-mhando multicast -j ULOG --ulog-prefix IN_MCAST $ IPT -A KUSVIRA -j ULOG --ulog-prefix PAMUSORO $ IPT -N ICMP_IN $ IPT -A INPUT!  -i lo -p icmp -j ICMP_IN $ IPT -A ICMP_IN -p icmp -f -j ULOG --ulog-prefix IN_ICMP_FRAGMENTED $ IPT -A ICMP_IN -p icmp -m icmp -m kureba!  -hurefu 28: 1322 -j ULOG --ulog-prefix IN_ICMP_INVALIDSIZE $ IPT -A ICMP_IN -p icmp -m icmp -m hashlimit --hashlimit-pamusoro pe4 / sec --hashlimit-mode srcip --hashlimit-srcmask 24 - -hashlimit-zita icmpflood -j ULOG --ulog-prefix IN_ICMP_FLOOD $ IPT -A ICMP_IN -p icmp -m icmp -m hashlimit -hashlimit-upto 64kb / min --hashlimit-mode srcip --hashlimit-srcmask 24 - hashlimit -name icmpattack -j ULOG --ulog-prefix IN_ICMP_FLOOD $ IPT -A ICMP_IN -p icmp -m icmp -m u32!  -u32 "0x4 & 0x3fff = 0x0" -j ULOG --ulog-prefix IN_ICMP_ATTACK $ IPT -A ICMP_IN -p icmp -m icmp!  --icmp-mhando echo-chikumbiro -m mamiriro --state NEW -j ULOG --ulog-prefix IN_ICMP_INVALID $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type echo-request -j ULOG --ulog- chivakashure IN_ICMP $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type echo-kukumbira -m muganho --limit 1 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-mhando echo-pindura -m muganho --limit 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-mhando yekuenda-isingasvikike -m muganho - muganho 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type nguva-yapfuura -m muganho --limit 2 / sec --limit-burst 4 -j BATIRA $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type paramende-dambudziko -m muganho --limit 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -j RETURN $ IPT -N UDP_IN $ IPT -A KUSVIRA!  -i lo -p udp -j UDP_IN $ IPT -A UDP_IN!  -i lo!  -p udp -f -j ULOG --ulog-prefix IN_UDP_FRAGMENTED $ IPT -A UDP_IN -p udp -m udp --sport 53 -m kureba!  -hurefu 28: 576 -j ULOG --ulog-prefix IN_UDP_DNS_INVALIDSIZE $ IPT -A UDP_IN -p udp -m udp --dport 53 -m -state --state NEW -j ULOG --ulog-prefix IN_UDP_DNSREQUEST $ IPT - A UDP_IN -p udp -m udp --dport 53 -m -state --state NEW -j REJECT - ramba-ne icmp-port-isingasvikike $ IPT -A UDP_IN -p udp -m udp!  -Sport 53!  -s $ IPEXTBLK!  -d $ IPBCAST -m state --state NEW -j ULOG --ulog-prefix IN_UDP $ IPT -A UDP_IN -p udp -m udp -m state --state ESTABLISHED, RELATED -j ACCEPT $ IPT -A UDP_IN -j Dzorera $ IPT -N TCP_IN $ IPT -A INPUT!  -i lo -p tcp -j TCP_IN $ IPT -A TCP_IN!  -i lo!  -p tcp -f -j ULOG --ulog-prefix IN_TCP_FRAGMENTED $ IPT -A TCP_IN -p tcp -m tcp --sport 53 -m state --state YAKASIMBISWA, RELATED -m kureba!  -hurefu 513: 1500 -j ULOG --ulog-prefix IN_TCP_DNS_INVALIDSIZE $ IPT -A TCP_IN -p tcp -m tcp --dport 53 -m state --state NEW -j ULOG --ulog-prefix IN_TCP_DNS $ IPT -A TCP_IN -p tcp -m tcp --dport 53 -m mamiriro --state NEW -j REJECT - ramba-ne icmp-port-isingasvikike $ IPT -A TCP_IN -p tcp -m tcp -m multiport!  --dports 80,443 -m state --state NEW -j ULOG --ulog-prefix IN_TCP $ IPT -A TCP_IN -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW -m hashlimit - hashlimit -upto 4 / sec -hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-zita navreq -j ACCEPT $ IPT -A TCP_IN -p tcp -m tcp -m multiport - zviteshi 80,443 -m nyika - nyika YAKASIMBISWA -m kubvumirana!  --connlimit-pamusoro 16 -j BATIRA $ IPT -A TCP_IN -p tcp -m tcp -m multiport! 

Nekugadziriswa kwepamberi, VPS yedu inofanira kuchengetedzwa zvine mutsindo, asi kana tichishuvira kuti tinogona kuzvichengetedza zvishoma, izvo zvatingashandise mimwe mitemo yepamberi.

Haasi ese maVPS anotendera kumisikidzwa kwemamwe ma module enetfilter, asi inobatsira zvikuru ndeye psd, iyo inobvumidza iwe kuti udzivise scans scans. Nehurombo, iyi module haina kubatanidzwa mu netfilter nekumira, saka zvinodikanwa kuti uise mamwe mapakeji uye wozovaka module yacho:

aptitude -RvW gadza iptables-dev mavarai-anowedzera-sosi module-mubatsiri module-mubatsiri --verbose - zvinyorwa-maitiro auto-kuisa maxtxt-anowedzera-sosi

Kana izvo zvataurwa pamusoro zvaitwa, tinogona kuwedzera mutemo wakadai.

iptables -A INPUT -m psd --psd-uremu-chikumbaridzo 15 --psd-kunonoka-chikumbaridzo 2000 --psd-lo-chiteshi-kurema 3 --psd-hi-madoko-kurema 1 -j ULOG --ulog- chivakashure IN_PORTSCAN

Iwo mutemo wepamusoro unoreva kuti isu tichagadzira kaunda iyo ichawedzerwa ne3 nguva imwe neimwe kuyedzwa kunoitwa kuwana chiteshi chakadzika kupfuura 1024 uye na1 nguva imwe neimwe kuyedzwa kunoitwa kuti uwane chiteshi chakakwirira kupfuura 1023, uye kana izvi counter inosvika gumi nemashanu munguva isingasvike makumi maviri masekondi, mapakeji acho anonyoreswa ne ulog semuyedzo pachiteshi. Iwo mapakeji anogona kuramba achiraswa kamwechete, asi mune ino kesi isu tinoda kushandisa wc2c, iyo yatichagadzirisa gare gare.

Kana mitemo ikangogadzirwa, isu tinofanirwa kutora matanho ekuzvidzivirira kuti aenderere mberi, zvikasadaro tinozorasikirwa nawo kana server yatanga patsva. Kune nzira dzinoverengeka dzekuita izvi; Muchidzidzo ichi isu tinoshandisa iptables-inopfuurira package iyo yatakaisa pakutanga, iyo inochengeta iyo mitemo mu /etc/iptables/rules.v4 y /etc/iptables/rules.v6 ye ipv6.

iptables-ponesa> /etc/iptables/rules.v4

Muchokwadi, kunyangwe iko kushandiswa kwe ipv6 muCuba kusati kwapararira, tinogona kugadzira mimwe mirawo yakakosha:

IPT = $ (ndei ip6tables) $ IPT -P INPUT DROP $ IPT -P PASI DROP $ IPT -P OUTPUT BATIRA $ IPT -A INPUT -i lo -j BATSIRA $ IPT -A INPUT! -i lo -m nyika --state YAKASIMBISWA, RELATED -j BVIRA kuseta IPT

Iyi mitemo inogona zvakare kuitwa ichiramba.

ip6tables-ponesa> /etc/iptables/rules.v6

Pakupedzisira kune chengetedzo huru, tinochenesa iro registry yeiyo firewall uye titangise masevhisi:

echo -n> /var/log/firewall.log service logrotate restart service ulogd restart service iptables-inopfuurira kutanga

Nginx

Isu tinoshandisa Nginx sewebhu dura, nekuti maVPS anowanzove neakaganhurirwa huwandu hwe RAM uchienzaniswa neicho chaicho server, saka zvinowanzo kuve nyore kuve nechinhu chakareruka kupfuura Apache.

Tisati tagadzira Nginx, isu tichagadzira chitupa (hapana password) yekushandisa pamusoro peHTTPS:

cd / etc / nginx inovhura genrsa -des3 -kubva cert.key 4096 cp -v cert.key cert.key.original openssl req -new -key cert.key -out cert.csr openssl rsa -in cert.key.original - kunze cert.key openssl x509 -req -mazuva 365 -in cert.csr -signkey cert.key -out cert.crt

Kana izvi zvaitwa, isu tichagadzira password password yemushandisi "elusuario":

htpasswd -c .htpasswd mushandisi

Tevere, isu tinoshandura iyo faira / etc / nginx / saiti-anowanikwa / default kuseta zvido zvekusaiti saiti. Inogona kutaridzika seiyi:

sevha {server_name localhost; index index.html index.htm default.html default.htm; mudzi / var / www; nzvimbo / {# seta odhiyo yekusimbisa uye iyo peji kurodha, kana iyo URI isingawanikwe try_files $ uri $ uri / /index.html; }} seva {teerera 127.0.0.1:443; server_name localhost; index index.html index.htm default.html default.htm; mudzi / var / www; ssl pamusoro; ssl_certificate cert.crt; ssl_certificate_key cert.key; ssl_session_timeout 5m; # Gonesa HTTPS chete pamusoro peTLS (yakachengeteka kupfuura SSL) ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ipa sarudzo kune yakasimba-simba [YEMAHARA] cipher, # fambisa epakati-simba [MEDIUM] zvigaro kusvika kumagumo erondedzero, # dzora yakaderera-simba [LOW] cipher (40 ne56 bits) # dzima cipher nemaexport algorithms [ EXP] # dzima null ciphers [eNULL], pasina kusimbiswa [aNULL], SSL (shanduro 2 ne3) uye DSS (inongobvumira makiyi anosvika 1024 bits) ssl_ciphers HIGH: + MEDIUM :! LOW :! EXP:! ANULL :! eNULL :! SSLv3 :! SSLv2 :! DSS; # Sarudza nzira dzeserver encryption (nekumisikidza mutengi dzinoshandiswa) ssl_prefer_server_ciphers on; nzvimbo / {# inogonesa kusimbiswa auth_basic "Login"; auth_basic_user_file /etc/nginx/.htpasswd; # gadza iwo odhiyo yekusimbisa uye iyo peji kodhi kurodha, kana iyo URI kuyedza_files $ uri $ uri / = 404 isingawanikwe; # bvumira kugadzirwa kweindekisi yevanosimbiswa vashandisi autoindex pa; autoindex_exact_size yabviswa; autoindex_localtime nguva pa; }}

Isu tinoongorora kuti kumisikidzwa kuri kwechokwadi:

nginx -t

Pakupedzisira, tinotangazve sevhisi:

service nginx kutanga

Fail2Ban

Usati watanga kumisikidza Fail2Ban, kuitira chengetedzo huru tinomisa sevhisi uye nekuchenesa iro registry:

kutadza2ban-mutengi mira echo -n> /var/log/fail2ban.log

Tevere, isu tinogadzira iyo yekumisikidza faira /etc/fail2ban/jail.local ine zvinotevera zvemukati zvemukati:

# Tsika yekumisikidza faira /etc/fail2ban/jail.local # [DEFAULT] yekuwana nguva = 43200; Maawa gumi nemaviri bantime = 12; 86400 zuva maxretry = 1; ban ichaitika mushure mekuyedza kwechina [ssh] yakagoneswa = nhema [nginx-auth] inogoneswa = yechokwadi firita = nginx-auth chiito = iptables-multiport [name = NoAuthFailures, port = "http, https"] logpath = / var / log / nginx * / * kukanganisa * .log [nginx-badbots] inogoneswa = chokwadi firita = apache-badbots chiito = iptables-multiport [zita = BadBots, port = "http, https"] logpath = / var / log / nginx * /*access*.log bantime = 3; 4 vhiki maxretry = 604800 [nginx-login] inogoneswa = chokwadi firita = nginx-login chiito = iptables-multiport [zita = NoLoginFailures, port = "http, https"] logpath = / var / log / nginx * / * access *. log bantime = 1; Maminitsi makumi matatu [nginx-noscript] inogoneswa = chokwadi chiito = iptables-multiport [zita = NoScript, port = "http, https"] firita = nginx-noscript logpath = /var/log/nginx*/*access*.log maxretry = 0 [nginx-proxy] inogoneswa = chokwadi chiito = iptables-multiport [name = NoProxy, port = "http, https"] firita = nginx-proxy logpath = /var/log/nginx*/*access*.log bantime = 1800 ; 30 vhiki maxretry = 0 [firewall] inogoneswa = ichokwadi chiito = iptables-multiport [zita = Firewall] firita = firewall logpath = /var/log/firewall.log maxretry = 604800

Kana izvi zvangoitwa, tinogadzira mune dhairekitori /etc/fail2ban/filters.d/ mafaira anotevera:

# /etc/fail2ban/filter.d/nginx-auth.conf # Auth filter # Blocks IPs dzinokundikana kushandisa uchishandisa chokwadi chechokwadi # [Tsanangudzo] failregex = hapana mushandisi / password yakapihwa yekusimbisa kwekutanga. * mutengi: mushandisi. * haina kuwanikwa mukati. * mutengi: mushandisi. * kutadza kwepaswedi. * mutengi: usarege =
# /etc/fail2ban/filter.d/nginx-login.conf # Login filter # Blocks IPs dzinotadza kuvimbisa kushandisa danda rewebhu webhusaiti papeji # Scan log yekuwana yeHTTP 200 + POST / zvikamu => kutadza kupinda # [Tsananguro ] kutadzaregex = ^ -. * POST / zvikamu HTTP / 1 \ .. "200 ignoreregex =
# /etc/fail2ban/filter.d/nginx-noscript.conf # Noscript filter # Bvisa IPs ichiedza kuita zvinyorwa zvakaita se .php, .pl, .exe uye zvimwe zvinyorwa zvinonakidza. # Matches eg # 192.168.1.1 - - "GET /something.php # [Tsanangudzo] failregex = ^ -. * GET. * (\. Php | \ .asp | \ .exe | \ .pl | \ .cgi | \ scgi) yekuregerera =
# /etc/fail2ban/filter.d/proxy.conf # Proxy firita # Bvisa IPs kuyedza kushandisa sevha se proxy. # Matches eg # 192.168.1.1 - - "GET http://www.something.com/ # [Tsanangudzo] failregex = ^ -. * GET http. * Regedzaregex =
# /etc/fail2ban/filter.d/firewall.conf # Firewall firita # [Tsanangudzo] failregex = ^. * IN_ (INVALID | PORTSCAN | UDP | TCP |). * SRC = . * $ usaregex =

Chekupedzisira, isu tinotanga sevhisi uye kurongedza kumisikidza:

kutadza2ban-sevhisi -b kukundikana2ban-mutengi kurodha zvekare

Kuongorora

Sekupedzisira nhanho, tinogona kuona zvinyorwa ne muswe -f o multitail - tevera-zvese. Muchokwadi, iko kwekupedzisira kunyorera kunopa mukana wekuti iyo inobvumidza iwe kuona akawanda mafaera panguva imwe chete uye inopa yakakosha syntax kuratidza.

Kana iyo email account ikasamisikidzwa muVPS, zvinokurudzirwa kudzima yambiro meseji inoonekwa kana uchitanga multitail, yatichaite unotevera kuraira:

echo "check_mail: 0"> ~ / .multitailrc

Muchokwadi, isu tinogona kunyatsogadzira alias (4) kuti tione matanda nekukurumidza nemirairo pfupi, semuenzaniso, "kurova":

alias flog = 'multitail -tevera-ese /var/log/firewall.log /var/log/fail2ban.log'

1) Aya ndiwo maitiro ekunyepedzera.
2) Kugonesa mamwe masevhisi ari nyore kana iwe uchinge wanzwisisa kuti inoshanda sei.
3) Kuti uwane rumwe ruzivo, mhanyisa man sudoers.
4) Nesarudzo inogona kuwedzerwa kune ~ / .bash_aliases faira


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Makomendi gumi, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   msx akadaro

    Kune zvimwe zvinonakidza zvinhu, +1

  2.   yukiteru akadaro

    @Hugo uyu mutsetse mukugadziriswa:

    ssl_protocols SSLv3 TLSv1;

    Ini ndaizotora SSLv3 mairi nekuti iyo protocol haisisina kuchengetedzeka, kunyangwe paDebian Jessie, mazhinji masevhisi akagadzirirwa kudzivirira kushandisa iyo protocol nekuda kwechikonzero icho.

    Mashoko pamusoro wenyaya apa:

    https://www.linode.com/docs/security/security-patches/disabling-sslv3-for-poodle
    http://disablessl3.com/

    1.    Hugo akadaro

      Pfungwa yacho yanga isiri yekupa masevhisi akakosha pamusoro peHTTPS, asi kutsanangura mashandisiro echiteshi 443 cheSSH pasina kurasikirwa nemukana wekuishandisa iyo yeHTTPS kana zvichidikanwa, asi nekutenda yambiro.

      Zvisinei, ini ndakagadzirisa chinyorwa kuti ndigadzirise iyo nginx kumisikidza zvishoma uye sezvineiwo inosanganisira mamwe makomenti kujekesa zvinhu zvishoma nezvenzira dzekunyorera, uye kugadzirisa zvimwe zvikanganiso zvidiki.

  3.   Daniel PZ akadaro

    Ndatenda zvikuru nekuda kwekudzidzisa kukuru uku, zvino ndichaisa mukuita! : D, Chengeta icho Kubva kuLinux, unogara uchindishamisa, Kwaziso kubva kuPeru.

  4.   Ñandekuera akadaro

    Ndatenda zvikuru nekugovana.

  5.   Fernando akadaro

    gwara rakanaka kwazvo uye rinobva pamaparera izvozvi zvandakatanga mune ino blog asi zvakanyanyisa ikozvino sezvo ndave kuda kukwirisa vps yangu yekutanga uye ndichiri nematambudziko mazhinji asi chinyorwa ichi chakandibvisa mukukahadzika kwakawanda, nekutenda nekwaziso