Linux Server 安全配置

apt-get install fail2ban
useradd dummy
mkdir /home/dummy
mkdir /home/dummy/.ssh
chmod 700 /home/dummy/.ssh
vim /home/dummy/.ssh/authorized_keys
chmod 400 /home/dummy/.ssh/authorized_keys
chown dummy:dummy /home/dummy -R
passwd dummy
visudo
# lock ssh to particular IPs:
vim /etc/ssh/sshd_config
# adding these lines to the file
PermitRootLogin no
PasswordAuthentication no
AllowUsers deploy@(your-ip) deploy@(another-ip-if-any)
# restart ssh
service ssh restart
# set up a firewall
# ubuntu provides ufw
ufw allow from {your-ip} to any port 22
ufw allow 80
ufw allow 443
ufw enable
# Automated security updates
apt-get install unattended-upgrades
vim /etc/apt/apt.conf.d/10periodic
# update the file to look like this
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
# edit
vim /etc/apt/apt.conf.d/50unattended-upgrades
# update the file to this
Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
//      "Ubuntu lucid-updates";
};
# Install Logwatch to keep an eye on things
apt-get install logwatch
vim /etc/cron.daily/00logwatch
# add this line
/usr/sbin/logwatch --output mail --mailto [email protected] --detail high
# All Done!

link

你可能感兴趣的:(Linux Server 安全配置)