Vikela iseva yakho yasekhaya ekuhlaselweni kwangaphandle.

Namuhla, ngizokunikeza amathiphu wokuthi ungaba kanjani nesiphakeli sasekhaya esiphephe kakhudlwana (noma okuthe ukudlwana) Kodwa ngaphambi kokuba bangihlukanise ngiphila.

AKUKHO OKUPHEPHILE ngokuphelele

Ngalokhu kubhuka okuchazwe kahle, ngiyaqhubeka.

Ngizohamba ngezingxenye futhi angizukuchaza inqubo ngayinye ngokucophelela. Ngizoyisho kuphela futhi ngicacise into eyodwa noma enye into encane, ukuze baye kuGoogle benombono ocacile walokho abakufunayo.

Ngaphambi nangesikhathi sokufakwa

• Kunconywa kakhulu ukuthi iseva ifakwe njenge- "minimal" ngangokunokwenzeka. Ngale ndlela sivimbela izinsizakalo ukuthi zisebenze esingazi nokuthi zikhona, noma zenzelwe ini. Lokhu kuqinisekisa ukuthi konke ukusetha kusebenza ngokwakho.
• Kunconywa ukuthi iseva ingasetshenziswa njengendawo yokusebenza yansuku zonke. (Ofunda ngalokhu okuthunyelwe. Isibonelo)
• Ngiyethemba ukuthi iseva ayinayo indawo yokuqhafaza

Ukwahlukanisa.

• Kunconywa ukuthi amafolda asetshenziswa ngumsebenzisi afana ne "/ home /" "/ tmp /" "/ var / tmp /" "/ opt /" abelwe ukwahlukanisa okwehlukile kunesistimu eyodwa.
• Amafolda abucayi afana ne "/ var / log" (Lapho kugcinwa khona wonke amalogi wesistimu) afakwa esahlukweni esihlukile.
• Manje, kuya ngohlobo lweseva, uma ngokwesibonelo iseva yeposi. Ifolda "/var/mail futhi / noma /var/spool/mail»Kufanele kube ukwahlukanisa okwehlukile.

Iphasiwedi.

Akuyona imfihlo kunoma ngubani ukuthi iphasiwedi yabasebenzisi bohlelo kanye / noma ezinye izinhlobo zezinsizakalo ezizisebenzisayo, kufanele zivikeleke.

Izincomo yilezi:

• Lokho akuqukethe: Igama lakho, Igama lesilwane sakho sasekhaya, Igama lezihlobo, Izinsuku ezikhethekile, Izindawo, njll. Ekuphetheni. Iphasiwedi akufanele ibe nento ehlobene nawe, noma yini ekuzungezile noma impilo yakho yansuku zonke, futhi akufanele ibe nokuthile okuhlobene ne-akhawunti uqobo.  Isibonelo: twitter # 123.
• Iphasiwedi kufanele futhi ihambisane nemingcele efana nale: Hlanganisa usonhlamvukazi, izinhlamvu ezincane, izinombolo nezinhlamvu ezikhethekile.  Isibonelo: I-DiAFsd · $ 354 ″

Ngemuva kokufaka uhlelo

• Kuyinto yomuntu siqu. Kepha ngithanda ukususa umsebenzisi we-ROOT futhi ngabela wonke amalungelo wonke omunye umsebenzisi, ngakho-ke ngigwema ukuhlaselwa kulowo msebenzisi. Ukuba ovame kakhulu.

• Kusebenza kakhulu ukubhalisela uhlu lwamakheli lapho kumenyezelwa khona izimbungulu zokuphepha zokusabalalisa okusebenzisayo. Ngokungeziwe kuma-blogs, i-bugzilla noma ezinye izehlakalo ezingakuxwayisa ngama-Bugs.
• Njengenjwayelo, kunconywa ukuvuselelwa njalo kohlelo kanye nezinto zalo.
• Abanye abantu batusa futhi ukuvikela iGrub noma i-LILO ne-BIOS yethu nge-password.
• Kunamathuluzi afana ne- "chage" avumela abasebenzisi ukuthi baphoqeleke ukuthi bashintshe i-password yabo ngaso sonke isikhathi se-X, ngaphezu kwesikhathi esincane okumele balinde ukwenza kanjalo nezinye izinketho.

Kunezindlela eziningi zokuvikela i-PC yethu. Konke okungenhla kwakungaphambi kokufaka insiza. Futhi khuluma nje izinto ezimbalwa.

Kunemibhalo enwetshiwe ebanzi okufanele ifundwe. ukufunda ngalolu lwandle olukhulu lwamathuba.Ngokuhamba kwesikhathi uzofunda into eyodwa noma enye into encane. Futhi uzobona ukuthi ihlale ilahlekile .. Njalo ...

Manje ake siqinisekise okuthe xaxa IMISEBENZI. Isincomo sami sokuqala ngaso sonke isikhathi: «UNGASHIYI IZILUNGISELELO ZOKWENZAKALA». Hlala uye kufayela lokumiswa kwensiza, funda kancane ngalokho okwenziwa ipharamitha ngayinye futhi ungayishiyi njengoba ifakwe. Kuhlala kuletha izinkinga ngakho.

Noma kunjalo:

I-SSH (/ etc / ssh / sshd_config)

Ku-SSH singenza izinto eziningi ukuze kungabi lula kangako ukwephula.

Isibonelo:

-Ungavumeli ukungena kwe-ROOT (Uma kwenzeka ungayishintshi):

"PermitRootLogin no"

-Ungavumeli amaphasiwedi angabi nalutho.

"PermitEmptyPasswords no"

-Shintsha itheku lapho lilalela khona.

"Port 666oListenAddress 192.168.0.1:666"

-Gunyaza abasebenzisi abathile kuphela.

"AllowUsers alex ref me@somewhere"   Mina @ kwenye indawo ukuphoqa lowo msebenzisi ukuthi axhume njalo kusuka ku-IP efanayo.

-Gunyaza amaqembu athile.

"AllowGroups wheel admin"

Amathiphu.

• Kuphephe impela futhi kucishe kuphoqeleke ukufaka i-cage ssh abasebenzisi nge-chroot.
• Futhi ungakhubaza ukudluliswa kwefayela.
• Khawulela inani lemizamo yokungena ngemvume ehlulekile.

Cishe amathuluzi abalulekile.

I-Fail2ban: Leli thuluzi elisezindaweni zokuphumula, lisivumela ukuthi sinciphise inani lokufinyelela ezinhlotsheni eziningi zezinsizakalo "i-ftp, i-ssh, i-apache ... njll", ukuvimbela ama-IP adlula umkhawulo wemizamo.

Abahlukumezi: Angamathuluzi asivumela ukuthi "siqine" noma kunalokho sihlome ukufakwa kwethu ngama-Firewalls kanye / noma ezinye izimo. Phakathi kwazo "Harden neBastille Linux«

Imitshina engenayo: Kunezinto eziningi ze-NIDS, HIDS namanye amathuluzi asivumela ukuthi sizivikele futhi sizivikele ekuhlaselweni, ngokusebenzisa izingodo nezixwayiso. Phakathi kwamanye amathuluzi amaningi. Kukhona "I-OSSEC«

Ekuphetheni. Lokhu bekungeyona ibhukwana lokuphepha, kunalokho bekuluchungechunge lwezinto ezizocatshangelwa ukuthi zibe neseva evikelekile.

Njengeseluleko somuntu siqu. Funda okuningi mayelana nokuthi ungabuka kanjani futhi uhlaziye ama-LOGS, futhi ake sibe ngama-Iptable nerds. Ngaphezu kwalokho, lapho iSoftware ifakwa kakhulu kuseva, iba sengozini kakhulu, ngokwesibonelo i-CMS kufanele iphathwe kahle, iyivuselele futhi ibukeke kahle ukuthi hlobo luni lwama-plugins esiwafakayo.

Kamuva ngifuna ukuthumela okuthunyelwe kokuthi ungaqinisekisa kanjani okuthile okuthile. Lapho uma nginganikeza imininingwane eminingi futhi ngenze umkhuba.