VPS Security Measures (CentOS 6)

A new VPS, the first thing to do is probably to do a good job security.

Here are some of the things I've done to make the CentOS 6 random:

1. Change root password
2. Ssh-key Login
3. Configure Iptable
4. Installing Fail2ban

1. Change the root password

Login to the VPS, type passwd to change the root password, and note that the input is not rendered as an asterisk.

2. Login with Ssh-key

The advantage of signing in with a key is that if someone knows your root password, but he doesn't have a key file, then he can't login to the VPS via SSH. This key file only exists on your own computer, unless your hard drive is stolen or hacked. There are too many tutorials, here's a brief:

1 //server-side (generate key pair)2 Ssh-keygen-T RSA//generate the key and follow the instructions3 //download Id_rsa and id_rsa.pub from the Root/.ssh directory to a local4cd/root/.SSH                 //Change working directory to/root/.ssh5 MVId_rsa.pub Authorized_keys//Rename id_rsa.pub to Authorized_keys6 chmod  -Authorized_keys//set 600 permissions for Authorized_keys7 VI/etc/SSH/sshd_config//To edit an sshd configuration file8 //Remove Rsaauthentication and pubkeyauthentication in front of the two lines #9/etc/init.d/sshd restart//Restart sshd Service

 1  //  2   open Puttygen.exe, load key (id_ RSA file, no suffix), enter the key password set in SSH, and finally save the private key (putty applicable type, suffix PPK).  3  open Putty.exe, locate the connection (Connection)-ssh-authentication (Auth), locate the "Certified private key File" column (private key for  authentication), click Browse, load the PPK file that you just saved, you should be able to log in successfully. 

1 // server-side (Close password login) 2 vi /etc/ssh/sshd_config       // Edit sshd configuration file 3//  Find passwordauthentication back to No, save 4 /etc/init.d/sshd restart      // restart sshd Service 

To this, the VPS key login configuration is complete.

3. Configure Iptables

iptables is a command-line tool that configures the Linux kernel firewall and is part of the NetFilter project. The term iptables also often refers to this kernel-level firewall. The iptables can be configured directly or through many front-end and graphical interfaces . Iptables for IPv4,ip6tables for IPv6.

Iptables entries in the ArchLinux Wiki

Iptables research will take a lot of time, if you are interested, may wish to step: Iptables Guide 1.1.19

Paste your own configuration below:

*filter:input ACCEPT [0:0]:forward ACCEPT [0:0]:output ACCEPT [0:0]# Open Local and Ping-A input-i lo-J ACCEPT-A input-p ICMP-J accept# Keep the current SSH connection-A input-m state--state related,established-J accept# Control Port # HTTP (only used by station) #-A Input-p TCP--dport the-J accept# Nginx (will be used in the building station)#-A Input-p TCP--dport8384-J ACCEPT# SSH (self-modifying)-A Input-p TCP--dport$ (SSH)-J accept# SS (self-modifying)-A Input-p TCP--dport$ (SS)-J accept# Reject other-A input-p icmp-j REJECT--reject-with icmp-port-Unreachable-A input-j REJECT--reject-with icmp-port-Unreachable-A forward-j REJECT--reject-with icmp-port-unreachable# Open Export-A OUTPUT-J Acceptcommit

4.fail2ban

The literal understanding is that "login failed to ban you", you can prevent some malicious people from violent login to your VPS.

Refer to: Installation and configuration of Fail2ban under CentOS

VPS Security Measures (CentOS 6)