Home > Operation and Maintenance > Linux Operation and Maintenance > Learn to defend: Use command line tools to protect your Linux server

Learn to defend: Use command line tools to protect your Linux server

王林
Release: 2023-09-08 14:43:42
Original
971 people have browsed it

Learn to defend: Use command line tools to protect your Linux server

Learn to defend: Use command line tools to protect your Linux server

In today's Internet era, with the continuous development of network technology, server security has become more and more is becoming more and more important. As a server administrator, we need to learn to use various tools and methods to protect our servers from attacks. In Linux systems, command line tools are one of our main weapons. This article will introduce some commonly used command line tools and how to use them to protect your Linux server.

  1. iptables

iptables is one of the most commonly used firewall tools in Linux systems. It can be used to manage and configure network packet filtering rules to protect servers from malicious attacks. Here are some examples using iptables:

# 清除所有已有规则
iptables -F
# 允许本地回环接口
iptables -A INPUT -i lo -j ACCEPT
# 允许已建立的、相关的会话流量
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# 允许SSH连接
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# 阻止所有其他入站流量
iptables -A INPUT -j DROP
Copy after login

The above rules first clear all existing rules, then allow traffic on the local loopback interface, then allow established and related session traffic, then allow SSH connections, and finally block All other inbound traffic.

  1. fail2ban

fail2ban is a tool used to prevent malicious login attempts. It monitors the server's log files and when multiple failed login attempts are detected, it automatically adds a rule in iptables that blocks that IP address. Here are some configuration examples for fail2ban:

Install fail2ban:

sudo apt-get install fail2ban
Copy after login

Create a custom jail.local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Copy after login

Edit the jail.local file:

sudo nano /etc/fail2ban/jail.local
Copy after login

Add the following content to the file:

[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3
findtime = 3600
bantime = 86400
Copy after login

Save and exit the file. The above configuration will monitor SSH login attempts in the /var/log/auth.log file, and after three failed login attempts, the IP address will be added to the iptables block list for 24 hours.

Restart the fail2ban service for the configuration to take effect:

sudo service fail2ban restart
Copy after login
  1. rkhunter

rkhunter is a tool used to check the system for potential malware. It will scan system files and directories, and will give a warning if abnormal files or configurations are detected. Here is an example of using rkhunter:

Install rkhunter:

sudo apt-get install rkhunter
Copy after login

Run rkhunter for a system scan:

sudo rkhunter --check
Copy after login

Run rkhunter to update its database:

sudo rkhunter --update
Copy after login
  1. logwatch

logwatch is a log analysis tool that can help administrators quickly analyze server log files and discover potential security issues. The following is an example of using logwatch:

Install logwatch:

sudo apt-get install logwatch
Copy after login

Run logwatch for log analysis:

sudo logwatch
Copy after login

The above are some commonly used command line tools. By using them, you Can better protect your Linux server from malicious attacks. Of course, in addition to using tools, server security also requires regularly updating systems and applications, using strong passwords, restricting root logins, etc. Only through the comprehensive use of various methods and tools can the security of the server be improved. I wish your server is safe and worry-free!

The above is the detailed content of Learn to defend: Use command line tools to protect your Linux server. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template