1、用防火牆關閉不須要的任何連接埠,別人PING不到伺服器,威脅自然減少了一大半
防止別人ping的方法:
1)命令提示字元下打
echo 1 > /proc/sys/net/ipv4/icmp_ignore_all
2)用防火牆禁止(或丟棄)icmp 包
iptables -A INPUT -p icmp -j DROP
3)對所有用ICMP通訊的包不予響應
比如PING TRACERT
2、更改SSH連接埠,最好改為10000以上,別人掃描到連接埠的機率也會下降
vi /etc/ssh/sshd_config
將PORT改為1000以上連接埠
同時,建立一個普通登入使用者,並取消直接root登入
useradd 'username'
passwd 'username'
vi /etc/ssh/sshd_config
在最後添加如下一句:
PermitRootLogin no #取消root直接遠程登入
3、刪除系統臃腫多餘的帳號:
userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp 如果你不允許匿名FTP,就刪掉這個使用者帳號 groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers
4、更改下列檔案許可權,使任何人沒有更改賬戶許可權:
chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow
5、chmod 600 /etc/xinetd.conf
6、關閉FTP匿名使用者登陸
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
