阿里云主机防止攻击的建议

阅读更多

阿里云主机防止攻击的建议

(1)关闭不必要的服务

[root@iZ25tti3rxdZ tmp]# chkconfig gshelld --level 35 off

[root@iZ25tti3rxdZ tmp]# service gshelld stop

Stopping gshelld ...

[root@iZ25tti3rxdZ tmp]# ^C

[root@iZ25tti3rxdZ tmp]# chkconfig nscd --level 35 off

[root@iZ25tti3rxdZ tmp]# service nscd stop

Stopping nscd:                                             [FAILED]

[root@iZ25tti3rxdZ tmp]# chkconfig ntpd --level 35 off

[root@iZ25tti3rxdZ tmp]# service ntpd stop

Shutting down ntpd:                                        [  OK  ]

[root@iZ25tti3rxdZ tmp]# chkconfig udev-post --level 35 off

[root@iZ25tti3rxdZ tmp]# service udev-post stop

 

 

(2)定时杀死可疑进程

ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" "  {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" "  {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" "  {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" "  {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" "  {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "getty" |grep -v grep|awk -F" "  {'print $2'}|xargs -i kill -9 {}
find /mnt/ -type f |xargs chmod a-x
find /tmp/ -type f |xargs chmod a-x

 

 

(3)定期修改root 密码

 

(4)把经常登录失败的ip放到hosts.deny中

/etc/hosts.deny :

sshd:121.42.0.
sshd:121.15.151.
#sshd:223.104.38.177
#sshd:117.136.38.
sshd:203.201.161.
sshd:201.172.242.
sshd:189.219.166.
sshd:201.175.123.
sshd:201.172.78.
sshd:201.173.37.
sshd:201.172.104.
sshd:101.205.43.
sshd:189.218.77.
sshd:200.239.61.
sshd:37.229.68.
sshd:187.160.49.
sshd:189.219.81.
sshd:107.191.207.
sshd:50.180.102.
sshd:99.194.146.
sshd:201.173.168.
sshd:189.218.200.
sshd:201.172.120.

 

(5)尽量不要允许mysql的远程访问

mysql> delete from user where host='%';
Query OK, 2 rows affected (0.02 sec)
flush privileges;

(6) 根目录和/tmp目录下的文件一定不要可执行权限(x)

 

参考:

http://loutsx.blog.163.com/blog/static/1619920872014554326635/