Harden Linux servers: Use command line tools to improve security
Overview:
In today's network environment, server security is crucial. To protect your server from malicious attacks and unauthorized access, hardening your Linux server using command line tools is a necessary step. This article will introduce some commonly used command line tools, as well as their usage methods and sample codes to help you improve the security of your server.
SSH encrypted transmission:
SSH (Secure Shell) is an encrypted network protocol used for remote login and command execution. By using SSH, malicious users can be prevented from intercepting and eavesdropping on data in transit. Here is sample code to generate and use a key pair using SSH:
Generate an SSH key pair:
ssh-keygen -t rsa -b 4096
Copy the public key to Remote server:
ssh-copy-id 用户名@IP地址
Disable password login (optional):
sudo vi /etc/ssh/sshd_config
Find the line #PasswordAuthentication yes, Change it to PasswordAuthentication no, then save and exit.
Restart SSH service:
sudo systemctl restart sshd
Firewall settings:
A firewall is a network security device used to monitor and control the network data flow on. Use a firewall to limit inbound and outbound traffic on your server, providing protection against malicious attacks. The following is sample code to set firewall rules using the iptables command:
Install iptables:
sudo apt-get install iptables
Create a new firewall Rules file:
sudo touch /etc/iptables.rules sudo vi /etc/iptables.rules
Add the following rules in the file:
*filter # 默认策略 :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] # 允许本地回环接口的访问 -A INPUT -i lo -j ACCEPT # 允许已经建立的、相关的连接进入 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 允许SSH连接 -A INPUT -p tcp --dport 22 -j ACCEPT # 允许其他必要的端口 # -A INPUT -p tcp --dport 80 -j ACCEPT # -A INPUT -p tcp --dport 443 -j ACCEPT # 允许ICMP (Ping)请求 -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # 允许限制的IP地址范围 -A INPUT -s 允许连接的IP地址/子网掩码 -j ACCEPT # 允许某个IP地址范围的访问 # -A INPUT -s 允许连接的IP地址/子网掩码 -j ACCEPT # 拒绝所有其他入站流量 -A INPUT -j DROP COMMIT
Load firewall rules and set startup:
sudo iptables-restore < /etc/iptables.rules sudo touch /etc/network/if-pre-up.d/iptables sudo chmod +x /etc/network/if-pre-up.d/iptables sudo vi /etc/network/if-pre-up.d/iptables
Add the following to the file:
#!/bin/sh /sbin/iptables-restore < /etc/iptables.rules
Restart the server to apply the new firewall rules:
sudo reboot
Log and Monitoring:
Logging and monitoring are important components of server security. By regularly reviewing server logs, unusual activity can be discovered and acted upon. The following is sample code using common logging and monitoring tools:
View system logs:
sudo tail -f /var/log/syslog
View authorized user logs:
sudo tail -f /var/log/auth.log
Monitor network connections:
sudo apt-get install nethogs sudo nethogs
Monitor system resource usage:
sudo apt-get install htop sudo htop
Summary:
By using the above command line tools and sample code, you can enhance the security of your Linux server. From generating SSH key pairs and disabling password logins to setting up firewall rules and monitoring server logs, these steps can help you protect your server from malicious attacks and unauthorized access. When operating and maintaining the server, be sure to regularly review server logs and monitor system resource usage to ensure the security and stability of the server.
The above is the detailed content of Hardening Linux Servers: Using Command Line Tools to Improve Security. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
