Server security has always been a very sensitive and important issue, but the Internet does not seem to be absolutely secure, just to whom
Of course, we can use some optimization settings or methods to make our servers safer or safer.
Here, let's talk about my point of view.
In my opinion, server security includes two parts:
System-level security
Application-level security
system-level security, for example, the system starts unrelated services or ports, or a Program vulnerability in the system kernel may cause
application-level security, which usually refers to our applications, for example, our website, our forum, and our online store
How do we operate?
for the system level, the most basic security principle is to enable only necessary services and ports to minimize the number of systems.
that is, some unrelated applications or services are disconnected, all unused ports are disabled, and firewall (iptables restrictions)
modify some default service ports, for example, ssh port 22 can avoid brute-force cracking and scanning, which can be modified in the wdcp background
Another point is also very important, that is, do not use a simple password, or use the default password of some application software, such as wdcp, that is, after these applications are installed, what must be done on the home page is to modify the default password to make more in-depth optimization settings for your own password. You can set access/modification restrictions for some sensitive files, and set/cancel the S-bit program, back up important files and MD5 values
This is hard to say for the application level.
If it is a self-developed system, it is necessary to ensure the security of the program to be able or more optimized and multi-Analysis
If you are using other programs or systems, pay more attention to the wdlinxu website. If some vulnerabilities occur, update and patch them in time.
You can also restrict some executable Web operations or commands through the system, such as the commands, Han numbers, directories, and so on that can be executed by PHP. This can also play a certain role and effect.
Here is just a rough introduction of ideas, there are no detailed instructions or steps
There are also a lot of such tutorials, and a lot of them are found on the Internet.
Reprinted Please note: wdlinux Knowledge Base
Connection: http://www.wdlinux.cn/bbs/thread-5469-1-1.html