Üns*_*maz 0 security centos dedicated-server
我们有干净的 CentOS 5.6 设置和 virtualmin,仅此而已。您建议什么样的安全步骤是合适的?
http://www.wiredtree.com/supportservices/servershield.php这个页面有一个很好的我认为的清单摘要。这些都需要做哪些步骤?或者你有更好的建议而不是那些安全强化:
(特别是ddos和蛮力攻击保护似乎是一个问题)
Firewall Protection:
APF – Configure both ingress and egress firewall protection.
BFD – Detect and prevent brute force attacks.
CPHulk – Detect and prevent brute force attacks.
HTTP Intrusion and DOS Protection:
Mod_security – Install and configure mod_security for Apache with auto-updating ruleset.
Mod_evasive – Install and configure DOS, DDOS, and brute force detection and suppression for Apache.
PHP SuHosin – PHP Hardening through the Hardened PHP Project. Available on request.
Server Hardening:
Disable IP Source Routing – Enable protection against IP source route attacks.
Disable ICMP Redirect Acceptance – Enable protection against ICMP redirect attacks.
Enable syncookie protection – Enable protection against TCP Syn Flood attacks.
Enable ICMP rate-limiting – Enable protection against ICMP flood attacks.
Harden host.conf – Enable spoofing protection and protection against DNS poisoning attacks.
Harden Apache – Prevent module and version disclosure information.
Harden SSH – Allow only SSH version 2 connections.
Harden Named – Enable protection against DNS recursion attacks.
Ensure Filesystem Permissions – Fix permission on world writable directories and prevent against directory-transversal attacks.
Harden temporary directory and shared memory locations – Enforce noexec, nosuid on tmp and shm mounts.
Harden “fetching” utilities - Allows root-only access of wget, curl, and other utilties often used in web-based attacks.
Remove unnecessary packages – removes RPMS which are not needed to prevent against potential vulnerabilities and free up disk space.
Disable unused services – Disable services which are not used.
Disable unneeded processes – Disable processes which are not needed for server operation.
PAM Resource Hardening – Protects against exploits which use core dumps and against user resource exhausting through fork bombs and other shell attacks.
PHP Hardening – Enable OpenBaseDir protection.
Security Audits:
Rootkit Hunter – Nightly scan to detect system intrusions.
Chkrootkit – Nightly scan to detect system intrusions.
Nobody Process Scanner – Scans for unauthorized "nobody" processes.
这是一个范围广泛的问题,我的第一个回答可能听起来很粗鲁:
删除Virtualmin!
请不要误会,但点击几下就可以打开一些门直接指向最大的安全线:键盘和椅子之间的主题。
如果你想要一个安全的设置,你应该:
如果你有一个大的自动化安全堆栈,你根本不明白,你被黑客攻击的风险可能比小堆栈更大,你真的知道。
托管环境中最大的常见错误是 webapps 和 db(connection) 设置。照顾好Joomla和朋友,让你的数据库只在本地主机上听。始终尽可能限制性地使用设置。例如:避免使用 chmod 777,阅读您的日志。用nagios监控机器。偏执。
我真的很确定,您会在这里找到特定情况下的帮助。在许多情况下,“安全设置操作系统应用程序”会在您选择的搜索引擎上生成有用的搜索结果。
| 归档时间: |
|
| 查看次数: |
1641 次 |
| 最近记录: |