In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
1. New users:
Useradd dk
Passwd dk
Add the ordinary user dk to the sudo permission table, so that when dk wants permission, it will sudo + command:
Vi / etc/sudoers
Find root ALL= (ALL) ALL
Add a line below: new username ALL= (ALL) ALL
: x! Save exit
Ssh (key login):
1. Ssh key creation:
Ssh-keygen-t rsa
Enter enter
. Rename the public key file to authorized_keys
$mv id_rsa.pub authorized_keys
Set the directory .ssh permission to 700and the public key file authorized_keys to 644
$chmod 700.. / .ssh/
$chmod 644 authorized_keys
Download the id_rsa private key to your local location.
2. Modify the default port of sshd:
# vim / etc/ssh/sshd_config
# port 22 changed to
Port 2222
# usedns yes changed to
Usedns no
# PermitRootLogin yes changed to
PermitRootLogin no (finally change this, disable root remote login with ssh, disable password login)
# permitEmpt passwords yes changed to
PermitEmpt passwords no
# PasswordAuthentication yes changed to
PasswordAuthentication no
# print last login yes changed to
Print last login yes
# printmotd yes changed to
Printmotd yes
Modify the ssh connection warning message:
# vim / etc/motd
Warning! This is DKS centosystems!
Chkconfig sshd on
Service sshd restart
3. Firewall opens the ssh port.
Iptables-F
Iptables-X
Iptables-I INPUT-p tcp-- dport 2222-j ACCEPT
/ etc/init.d/iptables save
/ etc/init.d/iptables start
Chkconfig iptables on
4 、 selinux:
# setenforce 0 temporarily shuts down selinux
# vim / etc/selinux/config
Change SELINUX=enforcing to SELINUX=disabled permanent shutdown
Ip address:
# vim
/ etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.63
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
NETMASK=255.255.255.0
Modify the dns address:
# etc/resolv.conf
Nameserver 114.114.114.114
# service
Network restart
Fail2ban:
# tar zxvf fail2ban-0.8.10.tar.gz
# cd fail2ban-0.8.10
# python setup.py install
# cd files
Cp. / redhat-initd / etc/init.d/fail2ban
# chkconfig-add fail2ban
# service fail2ban start
Note: if you restart iptables, you must also restart fail2ban, otherwise it will not take effect. The filter table of fail2ban is added after iptables starts.
II. Configuration
1. Fail2ban's own configuration
There are only three parameters in the default fail2ban.conf, and all of them have comments.
Vi / etc/fail2ban/fail2ban.conf
# default log level
Loglevel = 3
# Log storage path
Logtarget = / var/log/fail2ban.log
# location of socket
Socket = / tmp/fail2ban.sock
2. Fail2ban protection configuration
Global Settin
Vi / etc/fail2ban/jail.conf deceives the IP range if there are more than two groups using blanks as intervals
Ignoreip = 127.0.0.1 Compact 24 # blacklist / list of rejected links
Set the time (in seconds) when IP is blocked. If the value is-1, it means permanently blocked.
Bantime = 86400
Set the number of times to reach maxretry within a certain period of time.
Findtime = 600,
Set the number of times to reach maxretry within a certain period of time.
Maxretry = 3
Number of attempts allowed
Classification settin
# Protection against sshd violence
[ssh-iptables]
Enabled = true
Filter = sshd
Action = iptables [name=SSH, port=2222, protocol=tcp]
Sendmail-whois [name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
Logpath = / var/log/secure
If there is an individual frequency setting, it will be set here.
Maxretry = 3
# Protection against vsftpd violence
[vsftpd-iptables]
Enabled = true
Filter = vsftpd
Action = iptables [name=VSFTPD, port=ftp, protocol=tcp]
Sendmail-whois [name=VSFTPD, dest=you@mail.com]
Logpath = / var/log/secure
Maxretry = 3
# chkconfig-- level 345 fail2ban on
# service fail2ban start
Test:
Echo "test mail | mail-s test@xuegod.cn"
Iptables-L
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.