Mehato ea ho boloka VPS ea rona

Thupelo ena e bonts'a mokhoa oa ho lokisa le ho boloka Virtual Private Server (VPS) le Debian GNU / Linux. Pele re qala, ho na le lintho tse ling tse nahanoang:

  1. U na le boemo ba lipakeng ba ho tloaelana le GNU / Linux.
  2. Ho na le VPS bakeng sa ts'ebeliso ea motho ka mong eo re ka e fumanang ka SSH.
  3. VPS e na le ipv4 250.250.250.155 ea kantle e inehetseng mme mofani oa rona o na le block ea 250.250.0.0/16. (1)
  4. Ho VPS ea rona re tla ba le lits'ebeletso tsa http, https le ssh feela tse nolofalitsoeng ho fihlella ho tsoa kantle.
  5. DNS ea kantle e ke ke ea fuoa matla hobane hangata e etsoa ka phanele ea mofani oa mofani oa rona. (2)
  6. E tla sebetsa joalo ka superuser.

Kopo

E le mohato oa pele, ha re ntlafatse seva ebe re kenya liphutheloana tseo re tla li hloka:

Ntlafatso ea boiphihlelo le boiphihlelo bo loketseng ba polokeho

phetolo

Joale re tla theha mosebelisi oa mosebetsi. Ho sebetsa e le motso ho seva ha ho na ts'ireletso, ka hona re tla qala ho theha mosebelisi ea ikhethang:

sesebelisoa sa adduser usermod -aG sudo opareitara

Taelo ea pele e theha mosebelisi, ea bobeli ee eketsa sehlopheng sudo, e tla lumella ho tsamaisa lits'ebetso e le motso.

Fetola litumello bakeng sa basebelisi ba phahameng

Mabapi le ho sebetsa khafetsa re tla sebelisa mosebelisi opereishene e bōpiloeng pejana, re hloka ho fetola likhetho tsa ho etsa litaelo joalo ka superuser, eo re phethang taelo e latelang ho eona:

visudo

Taelo ena ha e le hantle e lumella ho fetola file / joalo-joalo / sudoers; moo re lokelang ho ba le mela ena:

Ho fapana ka env_reset, timestamp_timeout = 0% sudo ALL = (TSOHLE: TSOHLE) TSOHLE

Moleng oa pele khetho e eketsoa ho litekanyetso tsa kamehla timestamp_timeout e lumellang ho beha nako ea ho felloa ke nako (ka metsotso) ea phasewete ha taelo ea sudo e etsoa. Ho sa feleng ke 5, empa ka linako tse ling sena ha se bolokehe ka mabaka a mabeli:

  1. Haeba re sa hlokomele re siea komporo ea rona e kentsoe pele phasewete e felile, motho e mong a ka phethisa taelo e le motso ntle le lithibelo.
  2. Haeba ka ho hloka tsebo re tsamaisa kopo kapa sengoloa se nang le khoutu e kotsi pele phasewete e felloa ke nako, ts'ebeliso e kanna ea fihlella sistimi ea rona e le mohlokomeli ntle le tumello e hlakileng

Kahoo ho qoba likotsi, re behile boleng ho zero, ke hore, nako le nako ha taelo ea sudo e etsoa, ​​phasewete e tla tlameha ho kengoa. Haeba boleng bo fosahetseng bo behiloe joalo ka -1, phello ke hore phasewete ha e felloe ke nako, e ka hlahisang sephetho se fapaneng le seo re se batlang.

Moleng oa bobeli ho hlakisoa hore sehlopha sa sudo se ka phethisa taelo efe kapa efe khomphuteng efe kapa efe, e tloaelehileng, leha e ka fetoloa. (3) Ho na le bao molemong oa bona ba behang mohala ka tsela e latelang ho qoba ho tlameha ho ngola phasewete:

% sudo TSOHLE = (TSOHLE: TSOHLE) NOPASSWD: TSOHLE

Leha ho le joalo, joalo ka ha re hlalositse pele, sena se kotsi, ka hona ha se khothalletsoe.

Thibela ho qala bocha

Bakeng sa mabaka a ts'ireletso, re tla boela re thibele ho qala bocha re sebelisa motsoako oa senotlolo Del Del + Alt +, eo re lokelang ho eketsa mola ona ho eona faeleng / etc / inittab:

ca: 12345: ctrlaltdel: / bin / echo "Ctrl + Alt + Del e holofetse."

Kenya sebaka sa OpenSSH ka DropBear

Boholo ba VPS bo tla le OpenSSH e kentsoe, e leng molemo haholo, empa ntle le haeba re hloka ho sebelisa ts'ebetso eohle ea OpenSSH, ho na le mekhoa e bobebe bakeng sa VPS, joalo ka Lerato, eo hangata e lekaneng ho sebelisoa khafetsa. Leha ho le joalo, tšitiso ea kopo ena ke hore ha e tle le seva e kopaneng ea SFTP, ke ka hona re kentseng sephutheloana qalong sebetsa.

Ho hlophisa Dropbear, re tla fetola faele / etc / default / dropbear e le hore e na le mela ena e 'meli:

NO_START = 0 DROPBEAR_EXTRA_ARGS = "- w -p 127.0.0.1:22 -I 1200 -m"

Mohala oa pele o nolofalletsa tšebeletso, 'me oa bobeli o etsa lintho tse' maloa:

  1. Qoba phihlello ea metso.
  2. E etsa hore ts'ebeletso e mamele koung ea 22 ea sebopeho sa lehae (re tla hlalosa hore na hobaneng hamorao).
  3. E beha nako ea ho leta (metsotso e 20).

SSLH

Port 22 (SSH) ea tsebahala ebile ke e 'ngoe ea tsa pele tseo basomi ba lekang ho li tlola, ka hona re tla sebelisa port 443 (SSL). Hoa etsahala hore boema-kepe bona bo sebelisetsoa ho bala ka mokhoa o sireletsehileng ka HTTPS.

Ka lebaka lena re tla sebelisa sephutheloana sa sslh, e leng ntho e 'ngoe e fetang multiplexer e hlahlobang lipakete tse fihlang koung ea 443, ebe e li tsamaisa ka hare ho ts'ebeletso e' ngoe ho latela hore na sephethephethe ke SSH kapa SSL.

SSLH e sitoa ho mamela sebopeho sa ts'ebeletso moo ts'ebeletso e 'ngoe e seng e mametse, ke ka lebaka leo pele re neng re etsa hore Dropbear e mamele sebopeho sa lehae.

Joale seo re hlokang ho se etsa ke ho bonts'a sslh sehokelo le kou eo e lokelang ho e mamela le moo e ka lebisang lipakete teng ho latela mofuta oa ts'ebeletso, mme bakeng sa sena re tla fetola faele ea phetolo / etc / default / sslh:

DAEMON = / usr / sbin / sslh DAEMON_OPTS = "- mosebelisi sslh - mamela 250.250.250.155:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443 --pidfile / var / run / sslh / sslh. pid "RUN = e

Qetellong, re qala lits'ebeletso hape:

service ssh stop && service dropbear qala && qala ts'ebeletso sslh

Kamora taelo ea pejana, seboka sa rona se sireletsehileng se kanna sa sitisoa, moo ho lekane ho kena hape, empa lekhetlong lena le mosebelisi oa mosebetsi le ho sebelisa port 443. Haeba seboka se sa sitisoe, ho bohlokoa ho se koala le qala hape.ka litekanyetso tse loketseng.

Haeba tsohle li sebetsa ka nepo, re ka tsoelapele ho sebetsa re le motso 'me haeba re lakatsa, tlosa OpenSSH:

Sudo su - aptitude -r ho hloekisa opensh-server

Mollo oa mollo

Ntho e latelang eo re tla e etsa ke ho arola likutung ho tsoa ho firewall ho ea faeleng e arohaneng /var/log/firewall.log ho tsamaisa tlhahlobo e tsoelang pele, ke ka hona re kentseng sephutheloana sa ulogd qalong. Bakeng sa sena re tla hlophisa faele /etc/logd.conf ho lokisa karolo e amehang:

[LOGEMU] file = "/ var / log / firewall.log" sync = 1

E latelang, re tla fetola faele ea potoloho ea rekoto / etc / logrotate / ulogd ho boloka ho potoloha letsatsi le letsatsi (ka letsatsi) le ho boloka li-salvoes tse hatelletsoeng bukaneng / var / log / ulog /:

/var/log/ulog/ * .gz / var / log / ulog / endcript}

Joale re tla theha melao ea netfilter ka ho etsa tse latelang:

IPT = $ (e iptables) IPEXT = 250.250.250.155 IPEXTBLK = 250.250.0.0 / 16 IPBCAST = 255.255.255.255 $ IPT -F $ IPT -X $ IPT -Z $ IPT -A INPUT -i lo -j AMOHELA $ IPT - P INPUT DROP $ IPT -P FORWARD DROP $ IPT -P OUTPUT Amohela $ IPT -A INPUT -m state --state INVALID -j ULOG --ulog-prefix IN_INVALID $ IPT -A INPUT -p igmp -j ULOG --ulog -prefix IN_IGMP $ IPT -A INPUT -m pkttype --pkt-type Broadcast -j ULOG --ulog-prefix IN_BCAST $ IPT -A INPUT -m pkttype --pkt-type multicast -j ULOG --ulog-prefix IN_MCAST $ IPT -A MOSEBETSI -j ULOG --ulog-prefix FORWARD $ IPT -N ICMP_IN $ IPT -A INPUT!  -i lo -p icmp -j ICMP_IN $ IPT -A ICMP_IN -p icmp -f -j ULOG --ulog-prefix IN_ICMP_FRAGMENTED $ IPT -A ICMP_IN -p icmp -m icmp -m bolelele!  --length 28: 1322 -j ULOG --ulog-prefix IN_ICMP_INVALIDSIZE $ IPT -A ICMP_IN -p icmp -m icmp -m hashlimit --hashlimit-above 4 / sec --hashlimit-mode srcip --hashlimit-srcmask 24 - -hashlimit-lebitso icmpflood -j ULOG --ulog-prefix IN_ICMP_FLOOD $ IPT -A ICMP_IN -p icmp -m icmp -m hashlimit -hashlimit-upto 64kb / min --hashlimit-mode srcip --hashlimit-srcmask 24 - hashlimit -name icmpattack -j ULOG --ulog-prefix IN_ICMP_FLOOD $ IPT -A ICMP_IN -p icmp -m icmp -m u32!  -u32 "0x4 & 0x3fff = 0x0" -j ULOG --ulog-prefix IN_ICMP_ATTACK $ IPT -A ICMP_IN -p icmp -m icmp!  -icmp-type echo-request -m state --state NEW -j ULOG --ulog-prefix IN_ICMP_INVALID $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type echo-request -j ULOG --ulog- sehlongwapele IN_ICMP $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type echo-request -m limit --limit 1 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type echo-reply -m limit --limit 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type destination-unreachable -m limit - moeli 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -p icmp -m icmp --icmp-type time-exceeded -m limit --limit 2 / sec --limit-burst 4 -j amohela AC IPT -A ICMP_IN -p icmp -m icmp --icmp-type parameter-bothata -m moeli --limit 2 / sec --limit-burst 4 -j ACCEPT $ IPT -A ICMP_IN -j RETURN $ IPT -N UDP_IN $ KENO-IPT -A!  -i lo -p udp -j UDP_IN $ IPT -A UDP_IN!  -a bona!  -p udp -f -j ULOG --ulog-prefix IN_UDP_FRAGMENTED $ IPT -A UDP_IN -p udp -m udp -sport 53 -m bolelele!  --length 28: 576 -j ULOG --ulog-prefix IN_UDP_DNS_INVALIDSIZE $ IPT -A UDP_IN -p udp -m udp --dport 53 -m -state --state NEW -j ULOG --ulog-prefix IN_UDP_DNSREQUEST $ IPT - UDP_IN -p udp -m udp --dport 53 -m -state --state NEW -j REJECT --reject-with icmp-port-unreachable $ IPT -A UDP_IN -p udp -m udp!  --Sport 53!  -s $ IPEXTBLK!  -d $ IPBCAST -m state --state NEW -j ULOG --ulog-prefix IN_UDP $ IPT -A UDP_IN -p udp -m udp -m state --state ESTABLISHED, RELATED -j ACCEPT $ IPT -A UDP_IN -j PUSELETSA $ IPT -N TCP_IN $ IPT -A KENYETSO!  -i lo -p tcp -j TCP_IN $ IPT -A TCP_IN!  -a bona!  -p tcp -f -j ULOG --ulog-prefix IN_TCP_FRAGMENTED $ IPT -A TCP_IN -p tcp -m tcp --sport 53 -m state --state ESTABLISHED, RELATED -m bolelele!  --length 513: 1500 -j ULOG --ulog-prefix IN_TCP_DNS_INVALIDSIZE $ IPT -A TCP_IN -p tcp -m tcp --dport 53 -m state --state NEW -j ULOG --ulog-prefix IN_TCP_DNS $ IPT -A TCP_IN -p tcp -m tcp -dport 53 -m state -state NEW -j REJECT -reject-with icmp-port-unreachable $ IPT -A TCP_IN -p tcp -m tcp -m multiport!  --dports 80,443 -m state --state NEW -j ULOG --ulog-prefix IN_TCP $ IPT -A TCP_IN -p tcp -m tcp -m multiport --dports 80,443 -m state --state NEW -m hashlimit - hashlimit -upto 4 / sec -hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name navreq -j ACCEPT $ IPT -A TCP_IN -p tcp -m tcp -m multiport --dports 80,443 -m state - state ESTABLISHED Khokahano!  --connlimit-kaholimo ho 16 -j AMOHELA $ IPT -A TCP_IN -p tcp -m tcp -m multiport! 

Ka phetolo e fetileng, VPS ea rona e lokela ho sirelletsoa ka nepo, empa haeba re lakatsa re ka e boloka hanyane, eo re ka sebelisang melao e tsoetseng pele ho eona.

Ha se li-VPS tsohle tse lumellang ho kenya li-module tse eketsehileng bakeng sa netfilter, empa e bohlokoa haholo ke psd, e o lumellang ho qoba litlhahlobo tsa port. Ka bomalimabe, module ena ha e kenyelelitsoe ho netfilter ka boiketsetso, ka hona ho hlokahala ho kenya liphutheloana tse itseng ebe o aha module:

aptitude -RvW kenya iptables-dev xtables-addons-mohloli oa module-motlatsi oa mothusi-mothusi --verbose - mongolo-motlolo oa ho kenya li-incxt-addons-source

Hang ha se kaholimo se phethiloe, re ka eketsa molao o kang ona:

iptables -A INPUT -m psd --psd-weight-monyako 15 --psd-lieha-monyako 2000 --psd-lo-port-boima 3 --psd-hi-ports-boima 1 -j ULOG --ulog- sehlongwapele IN_PORTSCAN

Molao o fetileng o bolela hore re tla theha khaontara e tla eketseha ka 3 nako le nako ha ho etsoa boiteko ba ho fihlella boema-kepe bo ka tlase ho 1024 le ka 1 nako le nako ha ho etsoa boiteko ba ho fihlella koung e phahameng ho feta 1023, mme ha khaontara ena e etsoa. fihla 15 ka nako ea metsotso e ka tlase ho 20, liphutheloana li tla ngolisoa ke ulog joalo ka teko ho portcan. Lipakete li ntse li ka lahloa hang-hang, empa ntlheng ena re ikemiselitse ho li sebelisa fokotsa2ban, eo re tla e hlophisa hamorao.

Hang ha melao e thehiloe, re tlameha ho nka mehato e itseng ho etsa hore e phehelle, ho seng joalo re tla e lahleheloa ke ha seva e qala bocha. Ho na le mekhoa e mengata ea ho etsa sena; Thutong ena re tla sebelisa lipakete tse phehellang tsa iptables tseo re li kentseng qalong, tse bolokang melao ho /etc/iptables/rules.v4 y /etc/iptables/rules.v6 bakeng sa ipv6.

iptables-save> /etc/iptables/rules.v4

Ebile, leha ts'ebeliso ea ipv6 naheng ea Cuba e so ka e atoloha, re ka theha melao ea mantlha:

IPT = $ (which ip6tables) $ IPT -P INPUT DROP $ IPT -P FORWARD DROP $ IPT -P OUTPUT ACCEPT $ IPT -A INPUT -i lo -j AMOHELA $ IPT -A KENYETSO! -i lo -m state -state ESTABLISHED, RELATED -j AMOLELA unset IPT

Melao ena e ka etsoa khafetsa:

ip6tables-save> /etc/iptables/rules.v6

Qetellong bakeng sa ts'ireletso e kholo, re hloekisa ngoliso ea firewall ebe re qala lits'ebeletso hape:

echo -n> /var/log/firewall.log service logrotate restart service ulogd restart service iptables-e phehellang qala

Nginx

Re tla sebelisa Nginx joalo ka seva ea webo, hobane li-VPS li na le palo e fokotsehileng ea RAM ha e bapisoa le seva ea 'nete, ka hona ke mohopolo o motle ho ba le ho hong ho bobebe ho feta Apache.

Pele o hlophisa Nginx, re tla theha setifikeiti (ha ho na phasewete) bakeng sa ts'ebeliso ea HTTPS:

cd / etc / nginx openssl genrsa -des3 -out cert.key 4096 cp -v cert.key cert.key.original openssl req -new -key cert.key -out cert.csr openssl rsa -in cert.key.original - tsoa cert.key openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

Hang ha sena se felile, re tla etsa faele ea phasewete bakeng sa mosebelisi "elusuario":

htpasswd -c .htpasswd mosebelisi

Ka mor'a moo, re tla fetola faele / etc / nginx / libaka tse fumanehang / default ho seta likhetho tsa sebaka sa mantlha. E ka shebahala tjena:

seva {server_name localhost; index index.html index.htm default.html default.htm; motso / var / www; sebaka / {# hlophisa tatellano ea netefatso le leqephe le lokelang ho jarisoa, haeba URI e sa fumanoe try_files $ uri $ uri / /index.html; }} seva {mamela 127.0.0.1:443; seva_name localhost; index index.html index.htm default.html default.htm; motso / var / www; ssl ka; ssl_certificate cert.crt; ssl_certificate_key cert.key; ssl_session_timeout 5m; # Lumella HTTPS feela ka TLS (e sireletsehileng ho feta SSL) ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # fana ka khetho ho li-cipher tse matla a holimo [HIGH], # tsamaisa matla a mahareng a matla [MEDIUM] ho ea qetellong ea lenane, # tima li-cipher tse nang le matla a tlase [LOW] (li-bits tse 40 le tse 56) # tima li-cipher tse nang le li-algorithms tsa ho rekisa kantle ho naha [ EXP] # disable null ciphers [eNULL], ntle le netefatso [aNULL], SSL (mofuta 2 le 3) le DSS (e lumella feela linotlolo ho fihla ho li-bits tse 1024) ssl_ciphers HIGH: + MEDIUM :! LOW :! EXP:! A NULL :! eNULL :! SSLv3 :! SSLv2 :! DSS; # Khetha mekhoa ea ho patala seva (ka mokhoa o ikhethileng mekhoa ea moreki e sebelisoa) ssl_prefer_server_ciphers on; sebaka / {# lumella netefatso auth_basic "Login"; auth_basic_user_file /etc/nginx/.htpasswd; # beha tatellano ea netefatso le khoutu ea leqephe e tla jarisoa, haeba URI leka_files $ uri $ uri / = 404 e sa fumanoe; # lumella tlhahiso ea index bakeng sa basebelisi ba netefalitsoeng autoindex ho; autoindex_exact_size off; autoindex_localtime on; }}

Re netefatsa hore phetolo e nepahetse:

bo-mpa-ba

Qetellong, re qala tšebeletso hape:

ts'ebetso ea ts'ebetso ea nginx

Ho hloloa2Ban

Pele o qala ho hlophisa Fail2Ban, bakeng sa ts'ireletso e kholo re emisa ts'ebeletso mme re hloekisa ngoliso:

fail2ban-client emisa echo -n> /var/log/fail2ban.log

Ka mor'a moo, re theha faele ea phetolo /etc/fail2ban/jail.local ka litaba tse latelang tsa moetlo:

# Faele ea setaele ea moetlo /etc/fail2ban/jail.local # [DEFAULT] nako ea ho fumana = 43200; Nako ea lihora tse 12 = 86400; 1 maxretry = 3; thibelo e tla qala ho sebetsa kamora 'teko ea 4 [ssh] e lumelletsoe = bohata [nginx-auth] e lumelletsoe =' nete filtara = nginx-auth action = iptables-multiport [name = NoAuthFailures, port = "http, https"] logpath = / var / log / nginx * / * phoso * .log [nginx-badbots] enabled = true filter = apache-badbots action = iptables-multiport [name = BadBots, port = "http, https"] logpath = / var / log / nginx * /*access*.log bantime = 604800; Beke e le 'ngoe maxretry = 1 [nginx-login] e lumelletsoe =' nete filter = nginx-login action = iptables-multiport [name = NoLoginFailures, port = "http, https"] logpath = / var / log / nginx * / * access *. log bantime = 0; Metsotso e 1800 [nginx-noscript] enabled = true action = iptables-multiport [name = NoScript, port = "http, https"] filter = nginx-noscript logpath = /var/log/nginx*/*access*.log maxretry = 30 [nginx-proxy] enabled = true action = iptables-multiport [name = NoProxy, port = "http, https"] filter = nginx-proxy logpath = /var/log/nginx*/*access*.log bantime = 0 ; Beke e le 'ngoe maxretry = 604800 [firewall] e thusitsoe = ketso ea' nete = iptables-multiport [name = Firewall] filter = firewall logpath = /var/log/firewall.log maxretry = 1

Hang ha sena se felile, re iketsetsa ka har'a sesebelisoa /etc/fail2ban/filters.d/ lifaele tse latelang:

" user. * ha ea fumanoa ho. * client: mosebelisi. * password e fosahetseng. * moreki: hlokomoloharegex =
# /etc/fail2ban/filter.d/nginx-login.conf # Login filter # Blocks IPs e hlōlehang ho netefatsa ho sebelisa log log application leqepheng la # Scan log log for HTTP 200 + POST / sessions => log in # [Tlhaloso ] hlleharegex = ^ -. * POSA / mananeo HTTP / 1 \ .. "200 ignoreregex =
# /etc/fail2ban/filter.d/nginx-noscript.conf # Filter ea Noscript # Thibela li-IPs tse lekang ho etsa lingoloa tse kang .php, .pl, .exe le lingoloa tse ling tse qabolang. Matches # mohlala 192.168.1.1 - - "GET /something.php # [Tlhaloso] failregex = ^ -. * GET. * (\ Php | \ .asp | \ .exe | \ .pl | \ .cgi | \ scgi) hlokomoloharegex =
# /etc/fail2ban/filter.d/proxy.conf # Proxy filter # Block IPs e leka ho sebelisa seva e le moemeli. Matches # mohlala 192.168.1.1 - - "FUMANA http://www.something.com/ # [Tlhaloso] failregex = ^ -. * FUMANA http. * Hlokomoloha =
# /etc/fail2ban/filter.d/firewall.conf # Firewall filter # [Tlhaloso] failregex = ^. * IN_ (INVALID | PORTSCAN | UDP | TCP |). * SRC = . * $ hlokomolohax =

Kamora nako re qala ts'ebeletso mme re laole phetisetso:

fail2ban-service -b hloleha2ban-moreki reload

Netefatso

E le mohato oa ho qetela, re ka sheba lirekoto ka mohatla -f o multitail-latela-tsohle. Ebile, ts'ebeliso ea morao-rao e fana ka monyetla oa hore e u lumella ho sheba lifaele tse ngata ka nako e le 'ngoe hape e fana ka leseli la mantlha la syntax.

Haeba ak'haonte ea lengolo-tsoibila e sa hlophisoa ho VPS, ho bohlokoa hore o thibele molaetsa o lemosang o hlahang ha o qala multitail, eo re tla etsa taelo e latelang ho eona:

pheta "check_mail: 0"> ~ / .multitailrc

Ebile, re ka etsa li-alias (4) ho bona likutung kapele ka taelo e khuts'oane, ka mohlala, "ho shapa":

alias flog = 'multitail - following-all /var/log/firewall.log /var/log/fail2ban.log'

1) Tsena ke litekanyetso tsa boiqapelo.
2) Ho nolofalletsa lits'ebeletso tse ling ho bonolo ha o se o utloisisa hore na e sebetsa joang.
3) Bakeng sa lintlha tse ling, tsamaisa man sudoers.
4) Ka khetho o ka kenyelletsoa ho file ea ~ / .bash_aliases


Litaba tsa sengoloa sena li latela melao-motheo ea rona ea melao ea boitšoaro ea bongoli. Ho tlaleha phoso tlanya mona.

Maikutlo a 6, siea ea hau

Siea maikutlo a hau

aterese ya hao ya imeile ke ke ho phatlalatswa.

*

*

  1. E ikarabella bakeng sa data: Miguel Ángel Gatón
  2. Morero oa data: Laola SPAM, tsamaiso ea maikutlo.
  3. Molao: Tumello ea hau
  4. Puisano ea data: Lintlha li ke ke tsa tsebisoa batho ba boraro ntle le ka tlamo ea molao.
  5. Polokelo ea data: Database e hapiloeng ke Occentus Networks (EU)
  6. Litokelo: Nako efe kapa efe o ka fokotsa, oa hlaphoheloa mme oa hlakola tlhaiso-leseling ea hau.

  1.   msx a re

    Ho na le lintho tse ling tse khahlisang, +1

  2.   yukiteru a re

    @Hugo mohala ona ka tlhophiso:

    ssl_protocols SSLv3 TLSv1;

    Ke ne ke tla tlosa SSLv3 ho eona hobane protocol eo ha e sa sireletseha, esita le ho Debian Jessie, lits'ebeletso tse ngata li hlophiselitsoe ho qoba ho sebelisa protocol ka lebaka leo.

    Tlhahisoleseling ka taba e mona:

    https://www.linode.com/docs/security/security-patches/disabling-sslv3-for-poodle
    http://disablessl3.com/

    1.    Hugo a re

      Morero e ne e se ho fana ka lits'ebeletso tsa mantlha ho feta HTTPS, empa e le ho hlalosa mokhoa oa ho sebelisa port 443 bakeng sa SSH ntle le ho lahleheloa ke monyetla oa ho e sebelisa bakeng sa HTTPS ha ho hlokahala, empa ka lebaka la tlhokomeliso.

      Leha ho le joalo ke ntlafalitse sengoloa sena ho fetola mochini oa nginx hanyane mme ka mokhoa o ts'oanang ke kenyelletsa litlatsetso tse ling ho hlakisa lintho hanyane ka sena sa mekhoa ea encryption, le ho lokisa liphoso tse nyane.

  3.   Daniel PZ a re

    Ke leboha haholo ka thupelo ena e ntle, joale ke tla e sebelisa! : D, E boloke ho tsoa Linux, o lula o 'makatsa, Litumeliso tse tsoang Peru.

  4.   Ñandekuera a re

    Ke leboha haholo ka ho arolelana.

  5.   Fernando a re

    tataiso e ntle haholo 'me e tsoa liperela joale ha ke qala ho blog ena empa le ho feta hajoale kaha ke se ke le haufi le ho nyolla vps ea ka ea pele mme ke ntse ke na le mathata a mangata empa sengoloa sena se ntlositse lipelaelong tse ngata, kea leboha

bool('nete)