Khusela iserver yakho yasekhaya kuhlaselo lwangaphandle.

@Jlcmux

Imizuzu ye5

Namhlanje, ndiza kukunika iingcebiso malunga nendlela yokufumana iseva yasekhaya ekhuselekileyo (okanye enkulu kancinci). Kodwa ngaphambi kokuba bandikrazule ndiphila.

AKUKHO NTO IKHUSELEKILEYO

Ngale ndawo ichazwe kakuhle, ndiyaqhubeka.

Ndiza kuhamba ngenxalenye kwaye andizukuchaza inkqubo nganye ngocoselelo. Ndiza kuyithetha kwaye ndicacise enye okanye enye into encinci, ukuze baye kuGoogle ngombono ocacileyo wento abayifunayo.

Ngaphambi naphakathi kokufakwa

  • Kuyacetyiswa kakhulu ukuba iserver mayifakwe "njenge" encinci "kangangoko kunokwenzeka. Ngale ndlela sithintela iinkonzo ukuba zisebenze esingazi nokuba zikhona, okanye zezokuba zenzelwe ntoni. Oku kuqinisekisa ukuba lonke useto luyasebenza ngokwakho.
  • Kuyacetyiswa ukuba iserver ingasetyenziswa njengendawo yokusebenzela yemihla ngemihla. (Ngale nto ufunda le posi. Umzekelo)
  • Ndiyathemba ukuba iserver ayinayo imeko yemizobo

Ukwahlula.

  • Kuyacetyiswa ukuba iifolda ezisetyenziswa ngumsebenzisi ezinje nge "/ home /" "/ tmp /" "/ var / tmp /" "/ opt /" zabelwe ulwahlulo olwahlukileyo kunenkqubo enye.
  • Iifolda ezibalulekileyo ezifana "/ var / log" (Apho zonke iigodo zenkqubo zigcinwa) zibekwa kwisahlulelo esahlukileyo.
  • Ngoku, kuxhomekeke kudidi lomncedisi, ukuba umzekelo ngumncedisi weposi. Isiqulathi Seefayili "/var/mail kunye / okanye /var/spool/mail»Kufuneka ibe yisahlulelo esahlukileyo.

Inombolo yokuvula.

Akukho mfihlo kuye nakubani na ukuba iphasiwedi yabasebenzisi benkqubo kunye / okanye ezinye iintlobo zeenkonzo abazisebenzisayo, kufuneka zikhuseleke.

Iingcebiso zezi:

  • Oko akuqulathanga: Igama lakho, igama lesilwanyana sakho sasekhaya, Igama lezihlobo, imihla ekhethekileyo, Iindawo, njl. Ukuququmbela. Iphasiwedi akufuneki ibe nayo nantoni na enxulumene nawe, okanye nantoni na ejikeleze wena okanye ubomi bakho bemihla ngemihla, kwaye ayifanelanga ukuba nayo nantoni na enxulumene neakhawunti uqobo.  Umzekelo: twitter # 123.
  • Iphasiwedi kufuneka ihambelane neeparameter ezinje: Dibanisa oonobumba abakhulu, amagama amancinci, amanani kunye noonobumba abakhethekileyo.  Umzekelo: I-DiAFsd · $ 354

Emva kokufaka inkqubo

  • Yinto yobuqu. Kodwa ndiyathanda ukucima umsebenzisi we-ROOT kwaye ndinike onke amalungelo omnye umsebenzisi, ke ndiyakuthintela ukuhlaselwa kuloo msebenzisi. Ukuba yinto eqhelekileyo.
Ifayile / njl / yesudoers kufuneka ihlelwe. Apho sidibanisa umsebenzisi esifuna ukuba NGEENJONGO kwaye emva koko sicime uMsebenzisi wethu Omdala (Ingcambu)
  • Kuyenzeka kakhulu ukuba ubhalise kuluhlu lweposi apho ukhuseleko lwempazamo kulwabiwo olusebenzisayo lubhengezwa. Ukongeza kwiibhloko, i-bugzilla okanye ezinye iimeko ezinokukuxwayisa ngeeBugs ezinokwenzeka.
  • Njengamaxesha onke, ukuhlaziywa rhoqo kwenkqubo kunye nezinto zayo kuyacetyiswa.
  • Abanye abantu bancoma ukukhusela iGrub okanye i-LILO kunye ne-BIOS yethu ngegama eligqithisiweyo.
  • Kukho izixhobo ezinje nge "chage" evumela abasebenzisi ukuba banyanzelwe ukuba batshintshe ipassword yabo ngalo lonke ixesha le-X, ukongeza kwelona xesha lincinci ekufuneka belilindile ukwenza njalo kunye nezinye iindlela.

Zininzi iindlela zokukhusela iPC yethu. Zonke ezi zinto zingasentla zaziphambi kokufaka inkonzo. Kwaye khankanya nje izinto ezimbalwa.

Kukho iincwadana ezibanzi ezifanele ukufundwa. Ixesha elingaphezulu uyakufunda enye okanye enye into encinci. Kwaye uyakuqonda ukuba ihlala ilahleka .. Soloko ...

Ngoku masiqinisekise kancinci IINKONZO. Ingcebiso yam yokuqala ihlala: "SUKUYEKE INDLELA YOKUQINISEKISA". Soloko uye kwifayile yoqwalaselo lwenkonzo, funda okuncinci malunga nento eyenziwayo yiparameter nganye kwaye ungayishiyi njengoko ifakwe. Ihlala izisa iingxaki ngayo.

Nangona kunjalo:

I-SSH (/ njl / ssh / sshd_config)

Kwi-SSH sinokwenza izinto ezininzi ukuze kungabikho lula ukuyaphula.

Umzekelo:

-Ungavumeli ukungena kwe-ROOT (Kwimeko apho ungakhange uyitshintshe):

"PermitRootLogin no"

-Ungavumeli iipassword zingabinanto.

"PermitEmptyPasswords no"

-Shintsha izibuko apho limamela khona.

"Port 666oListenAddress 192.168.0.1:666"

-Gunyazisa abasebenzisi abathile kuphela.

"AllowUsers alex ref me@somewhere"   I-me @ kwenye indawo kukunyanzela loo msebenzisi ukuba asoloko exhuma kwi-IP efanayo.

-Gunyazisa amaqela athile.

"AllowGroups wheel admin"

Iingcebiso.

  • Kukhuselekile kwaye phantse kunyanzelekile ukuba usebenzise i-ssh kubasebenzisi be-chroot.
  • Unokukhubaza ukuhanjiswa kwefayile.
  • Nciphisa inani lokuzama ukungena ngemvume okungaphumelelanga.

Phantse izixhobo eziyimfuneko.

Fail2ban: Esi sixhobo sikwiindawo zokuphumla, sisivumela ukuba sinciphise inani lokufikelela kwiintlobo ezininzi zeenkonzo "ftp, ssh, apache ... njl.", Ukuthintela i-ip edlula kumda wokuzama.

Abenza nzima: Zizixhobo ezisivumela ukuba "siqine" okanye endaweni yoko sixhobise ukufakelwa kwethu ngeeFirewall kunye / okanye ngamanye amaxesha. Phakathi kwabo "Ekhuselekileyo kunye neBastille Linux«

Izixhobo zokungena ngaphakathi: Zininzi i-NIDS, i-HIDS kunye nezinye izixhobo ezisivumela ukuba sizikhusele kwaye sizikhusele kuhlaselo, ngemithi kunye nezilumkiso. Phakathi kwezinye izixhobo ezininzi. Ikhona "I-OSSEC«

Ukuququmbela. Le yayingeyo ncwadana yezokhuseleko, kodwa yayiluchungechunge lwezinto ekufuneka zithathelwe ingqalelo ukuze zibe neserver ekhuselekileyo.

Njengengcebiso yakho. Funda okuninzi malunga nendlela yokujonga kunye nokuhlalutya ii-LOGS, kwaye masibe zii-nerptable nerds. Ukongeza, isoftware efakwe kwiserver, kokukhona iya isiba sesichengeni, umzekelo, i-CMS kufuneka ilawulwe kakuhle, uyihlaziye kwaye ujonge ukuba loluphi uhlobo lweeplagi esizongezayo.

Emva kwexesha ndifuna ukuthumela iposti ngendlela yokuqinisekisa into ethile. Apho ukuba ndinganika iinkcukacha ezithe kratya kwaye ndenze umkhuba.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   elinx sitsho
    yenzayo 11 iminyaka

    Igcinwe kwiintandokazi!

    Nibuliso!

    Phendula u-Elynx
  2.   UIvan Barra sitsho
    yenzayo 11 iminyaka

    IINKCUKACHA ezigqwesileyo, kakuhle, kunyaka ophelileyo, ndafaka "I-AIRLINE EBALULEKILEYO YESIZWE" iinkqubo ezininzi zokukhusela kunye nokubeka iliso kwaye ndamangaliswa kukufumanisa ukuba ngaphandle kwamashumi ezigidi zeedola kwizixhobo (ILANGA Solaris, Red Hat, VM WARE, Windows Iseva, i-Oracle DB, njl), ukhuseleko lwe-NADA.

    Ndisebenzise i-Nagios, i-Nagvis, i-Centreon PNP4Nagios, i-Nessus kunye ne-OSSEC, igama eligqithisiweyo elineengcombolo lolwazi loluntu, ewe, ngonyaka konke okucociweyo, obe kufanelekile ukufumana imali eninzi, kodwa namava amaninzi kolu hlobo into. Ayikhe ibabuhlungu ukuthatha yonke into oyichazileyo.

    Ukubulisa

    Phendula uIván Barra
  3.   UBlaire pascal sitsho
    yenzayo 11 iminyaka

    Intle. Ngqo kwiintandokazi zam.

    Phendula uBlaire Pascal
  4.   mzantsi6001 sitsho
    yenzayo 11 iminyaka

    Inqaku elikhulu ... <3

    Phendula kwi-guzman6001
  5.   UJuan Ignacio sitsho
    yenzayo 11 iminyaka

    Che, kwixesha elizayo ungaqhubeka uchaze indlela yokusebenzisa i-ossec okanye ezinye izixhobo! Kuhle kakhulu kwisithuba! Ngakumbi, nceda!

    Phendula uJuan Ignacio
    1.    UIvan Barra sitsho
      yenzayo 11 iminyaka

      NgoFebruwari, ngeholide yam, ndifuna ukusebenzisana neposi yeNagios kunye nezixhobo zokubeka iliso.

      Ukubulisa

      Phendula uIván Barra
  6.   ikoratsuki sitsho
    yenzayo 11 iminyaka

    Inqaku elilungileyo, bendicwangcise ukulungisa nje i-PC yam ukuba ndibhale i-tilin ebanzi, kodwa uye phambi kwam xD. Igalelo elifanelekileyo!

    Phendula Koratsuki
  7.   UArturo Molina sitsho
    yenzayo 11 iminyaka

    Ndingathanda ukubona iposti enikezelwe kubacuphi bokungena. Ngale nto ndiyongeza kwiintandokazi.

    Phendula kuArturo Molina