Tip: 更新完成后,对服务器进行重启 init 6
在同一个网络中,最好将时间进行统一,否则日志信息都会误导分析,更不用说一些对时间非常敏感的服务了
[root@check-list ~]# cp /etc/ntp.conf /etc/ntp.conf.bak.160329
[root@check-list ~]# vim /etc/ntp.conf
[root@check-list ~]# ntpdate ntp-server
29 Mar 16:07:09 ntpdate[6657]: step time server 192.168.22.123 offset 29060.498313 sec
[root@check-list ~]# date
Tue Mar 29 16:07:13 CST 2016
[root@check-list ~]# chkconfig --list | grep ntp
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@check-list ~]# chkconfig ntpd on
[root@check-list ~]# /etc/init.d/ntpd start
Starting ntpd: [ OK ]
[root@check-list ~]# chkconfig --list | grep ntp
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@check-list ~]#
云主机服务商提供了初始登录密码,但显然不是一个安全的密码,需要进行修改
[root@check-list ~]# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@check-list ~]#
禁止root的ssh登录可以有效防止通过直接破解root密码来获取系统最高权限,或者通过多次的尝试失败来进行登录的DOS攻击
[root@check-list ~]# grep RootLogin /etc/ssh/sshd_config
#PermitRootLogin yes
# the setting of "PermitRootLogin without-password".
[root@check-list ~]# vim /etc/ssh/sshd_config
[root@check-list ~]# grep RootLogin /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no
# the setting of "PermitRootLogin without-password".
[root@check-list ~]#
要使生效,得重启sshd服务
不能直接使用root登录,就得创建管理员用户,来登录管理(不能登录系统,就没法管)
并且要赋予sudo权限
[root@check-list ~]# useradd saops
[root@check-list ~]# passwd saops
Changing password for user saops.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@check-list ~]# visudo
----------
User_Alias USERSU = saops
USERSU ALL=(root) ALL
防火墙是安全领域中的重要环节,能够有效过滤掉非法访问
确认防火墙是开启的,并且只有22号端口是开放的,以后随着业务的扩展会逐步更新防火墙配置
[root@check-list ~]# chkconfig --list | grep ipta
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@check-list ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2120 171K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1 84 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
3 494 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 1480 packets, 171K bytes)
pkts bytes target prot opt in out source destination
[root@check-list ~]#
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。