Linux System VPS Server Entry level Security Configuration Guide
Source: Internet
Author: User
KeywordsLinux firewalls VPS
Although Linux is more secure than Windows, some simple security configurations are necessary. There are a lot of tools on the Internet to scan your admin password with a dictionary, we can create some trouble and increase the possibility of being deciphered. Take a look at the entry level security configuration. First: Remote management port modifies SSH's landing port, and the default port is 22. Scan Dictionary Poor lift password They all start with the default. If you change the port to a 4-digit number, it greatly increases their difficulty and time. VI command to edit the SSH configuration file (vi command to use the edit and save a few simple commands, such as if unfamiliar or can not be Baidu or site search): vi/etc/ssh/sshd_config498) this.width=498; OnMouseWheel = ' Javascript:return big (This) ' width= ' height= ' 313 ' src= ' http://images.51cto.com/files/uploadimg/ 20121231/1059550.jpg "alt=" Linux System VPS Server entry-level Security Configuration Guide/> Find #port 22, remove the front # and modify to port 1998 (this number uses 4 digits as much as possible to avoid being occupied by other ports), and then Restart Sshdservice sshd Restart, do not forget to reboot after the SSH client will also change the new port before landing. Second, the root user set a strong password (preferably more than 10: Letters + numbers so the possibility of deciphering the dictionary is as difficult as the lottery) This general background can be modified, such as SOLUSVM platform can be directly modified: 498) this.width=498; OnMouseWheel = ' Javascript:return big (This) ' width= ' height= ' 181 ' src= ' http://images.51cto.com/files/uploadimg/ 20121231/1059551.jpg "alt=" Linux System VPS Server entry-level Security Configuration Guide/> If the other management panel does not modify the password function, you can also use the passwd command in SSH to modify: 498) this.width= 498 ' OnMouseWheel = ' javascript:return big (This) ' width= ' height= ' 231 ' src= ' http://images.51cto.coM/files/uploadimg/20121231/1059552.jpg "alt=" Linux system VPS Server Entry Level Security Configuration Guide/> ( Of course, you can also disable the root user to create a new user to give root permission but the eagle thinks the need is small, as long as the password is powerful enough to decipher. Third, small-scale defense DDoS and Ccddos appear for many years, the domestic room 90% have a certain degree of defense, (configured hardware firewall) Attack principle is very simple is to use false data packets to block your network, but most of the foreign IDC is not to provide defense, we can only use software assistance, Can mitigate the attack to some extent. But this has much to do with the configuration and bandwidth of the server hardware itself. Generally also can only defend against small scale attack, the traffic is big or will be paralyzed. Windows platform has a soft defense and modify the registry to achieve this goal, Linux software today introduced is the DDoS deflate and the system comes with the iptables, implementation of the following: first confirm service iptables Staus services generally default and then start installing; 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' Width= ' "height=" 183 "src=" http:// Images.51cto.com/files/uploadimg/20121231/1059553.jpg "alt=" Linux system VPS Server Entry Level Security Configuration Guide/> Completed after installation is displayed as follows: 498 this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' width= ' height= ' 309 ' src= ' http://images.51cto.com/ Files/uploadimg/20121231/1059554.jpg "alt=" Linux System VPS Server entry-level Security Configuration Guide/> Installation is complete, the file needs to be configured with the VI editor: vi/usr/local/ddos/ Ddos.conf here is mainly apf_ban=1 modified to 0 (using iptables), in addition to email_to= "root" can be changed to your email address, so that the system to run the IP, there will be mail prompts you. 498) this.width=498 ' OnMouseWheel = ' javAscript:return big (This) ' Width= ' "height=" 407 "src=" http://images.51cto.com/files/uploadimg/20121231/1059555. JPG "alt=" Linux System VPS Server entry-level Security Configuration Guide "/> System default Whitelist There are some problems, often mistakes, so we'd better set the manual white list and not be modified. 498) this.width=498 ' OnMouseWheel = ' javascript:return big ' width= "height=" align= "Middle" src= Images.51cto.com/files/uploadimg/20121231/1059556.jpg "alt=" "/> Through the above configuration of the basic security configuration is OK, of course liunx There are a lot of similar free firewalls under the platform, but basically they are English literature. It takes a lot of learning and practice to actually deploy.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.