ʹÓÃLinuxÏÂÁîά»¤Ð§ÀÍÆ÷Çå¾²
ʹÓÃLinuxÏÂÁîά»¤Ð§ÀÍÆ÷Çå¾²
ÔÚÍøÂçʱ´ú£¬Ð§ÀÍÆ÷Çå¾²ÖÁ¹ØÖ÷Òª¡£Linux×÷ΪһÖÖÆÕ±éʹÓõIJÙ×÷ϵͳ£¬ÌṩÁ˸»ºñµÄÏÂÁîºÍ¹¤¾ßÀ´Î¬»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ¡£±¾ÎĽ«ÏÈÈÝһЩ³£ÓõÄLinuxÏÂÁ×ÊÖúÖÎÀíÔ±±£»¤Ð§ÀÍÆ÷µÄÇå¾²¡£
¸üÐÂÈí¼þ
¾³£¸üÐÂÈí¼þ¿ÉÒÔ¼á³ÖЧÀÍÆ÷µÄÇå¾²ÐÔ£¬ÓÉÓÚÈí¼þ¸üÐÂͨ³£°üÀ¨Á˶ÔÒÑÖªÎó²îµÄÐÞ¸´¡£ÔÚLinuxÖУ¬ÎÒÃÇ¿ÉÒÔʹÓÃapt-get»òyumÏÂÁî¾ÙÐÐÈí¼þ¸üУ¬ÏêϸµÄÏÂÁîÈçÏ£º
sudo apt-get update # ¸üÐÂÈí¼þ°üÁбí sudo apt-get upgrade # ¸üÐÂÒÑ×°ÖõÄÈí¼þ°ü
µÇ¼ºó¸´ÖÆ
·À»ðǽÉèÖÃ
·À»ðǽÄܹ»¹ýÂ˺ÍÖÎÀíÊÕ֧ЧÀÍÆ÷µÄÍøÂçÁ÷Á¿£¬ÓÐÓõØ×èÖ¹²»·¨»á¼û¡£ÔÚLinuxÖУ¬¿ÉÒÔʹÓÃiptablesÀ´ÉèÖ÷À»ðǽ¹æÔò¡£
# ÔÊÐíSSH»á¼û sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # ÔÊÐíHTTP»á¼û sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # ÔÊÐíHTTPS»á¼û sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT # ĬÈϾܾøËùÓÐÆäËûÁ÷Á¿ sudo iptables -P INPUT DROP
µÇ¼ºó¸´ÖÆ
ÒÔÉÏʾÀýÖУ¬ÎÒÃÇÔÊÐíSSH¡¢HTTPºÍHTTPSµÄÁ÷Á¿Í¨¹ý£¬¶ø¾Ü¾øËùÓÐÆäËûÁ÷Á¿¡£
ÃÜÂëÕ½ÂÔ
ÓÅÒìµÄÃÜÂëÕ½ÂÔ¿ÉÒÔ¼«´óµØÔöǿЧÀÍÆ÷µÄÇå¾²ÐÔ¡£LinuxÌṩÁËpasswdºÍchageÀ´ÖÎÀíÓû§ÃÜÂëºÍÃÜÂëÕ½ÂÔ¡£
# ÉèÖÃÓû§ÃÜÂë sudo passwd username # ·¿ªÃÜÂëÓâÆÚÌáÐѹ¦Ð§ sudo chage -M 90 username # ½ûÓÃÓû§ÃÜÂë sudo passwd -l username
µÇ¼ºó¸´ÖÆ
ÒÔÉÏʾÀýÖУ¬ÎÒÃÇÉèÖÃÁËÓû§ÃûΪ”username”µÄÓû§µÄÃÜÂ룬²¢ÇÒ·¿ªÁËÃÜÂëÓâÆÚÌáÐѹ¦Ð§£¬Ê¹µÃÃÜÂëÔÚ90ÌìºóÓâÆÚ¡£Í¬Ê±£¬¿ÉÒÔʹÓÃpasswd -lÏÂÁîÀ´½ûÓÃÓû§ÃÜÂë¡£
ÈÕÖ¾ÆÊÎö
°´ÆÚÆÊÎöЧÀÍÆ÷µÄÈÕÖ¾¿ÉÒÔʵʱ·¢Ã÷Òì³£Ô˶¯ºÍÈëÇÖʵÑé¡£LinuxÌṩÁËһЩÏÂÁîÀ´´¦ÀíÈÕÖ¾Îļþ£¬ÀýÈçgrep¡¢tailºÍawk¡£
# ²éÕÒÒªº¦´Ê"error"µÄÈÕÖ¾¼Í¼ sudo grep "error" /var/log/syslog # Éó²é×îºó10ÐÐÈÕÖ¾ sudo tail -n 10 /var/log/syslog # ʹÓÃawkÌáÈ¡Ìض¨ÐÅÏ¢ sudo awk '/error/ {print $3}' /var/log/syslog
µÇ¼ºó¸´ÖÆ
ÒÔÉÏʾÀýÖУ¬ÎÒÃÇʹÓÃgrepÏÂÁî²éÕÒ°üÀ¨Òªº¦´Ê”error”µÄÈÕÖ¾¼Í¼£¬Ê¹ÓÃtailÏÂÁîÉó²é×îºó10ÐÐÈÕÖ¾£¬Ê¹ÓÃawkÌáÈ¡ÈÕÖ¾ÖÐÌض¨µÄÐÅÏ¢¡£
×ܽá
±¾ÎÄÏÈÈÝÁ˼¸¸ö³£ÓõÄLinuxÏÂÁîÀ´Î¬»¤Ð§ÀÍÆ÷µÄÇå¾²¡£¸üÐÂÈí¼þ¡¢ÉèÖ÷À»ðǽ¡¢ÖÎÀíÃÜÂëÕ½ÂÔºÍÆÊÎöÈÕÖ¾ÊÇЧÀÍÆ÷Çå¾²µÄÒªº¦·½Ã档ͨ¹ýʹÓÃÕâЩÏÂÁîºÍ¹¤¾ß£¬ÖÎÀíÔ±¿ÉÒÔ¸üºÃµØ±£»¤Ð§ÀÍÆ÷ÃâÊÜDZÔÚµÄÍþв¡£È»¶ø£¬ÕâЩֻÊÇά»¤Ð§ÀÍÆ÷Çå¾²µÄ»ù´¡ÖªÊ¶£¬ÉÐÓиü¶à¸ß¼¶µÄÊÖÒպͲ½·¥¿ÉÒÔÓ¦Óá£Òò´Ë£¬½¨ÒéÖÎÀíÔ±Ò»Á¬Ñ§Ï°ºÍÑо¿Ïà¹ØµÄÇå¾²ÁìÓò֪ʶ£¬ÒÔÌá¸ßЧÀÍÆ÷µÄÇå¾²ÐÔ¡£
²Î¿¼×ÊÁÏ£º
https://www.digitalocean.com/community/tutorials/an-introduction-to-linux-firewalld-commands
https://linuxize.com/post/about-the-pam-chage-password-expiry-guide/
ÒÔÉϾÍÊÇʹÓÃLinuxÏÂÁîά»¤Ð§ÀÍÆ÷Çå¾²µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡