海博论坛

  1. 海博论坛ÂËÓÍ»úÊ×Ò³
  2. ×ÊÖúÖÐÑë

LinuxЧÀÍÆ÷Çå¾²ÐÔ£ºWeb½Ó¿Ú±£»¤Õ½ÂÔµÄÁ¢Òì½â¾ö¼Æ»®¡£

ȪԴ£º海博论坛ÂËÓÍ»úÍø ÔðÈα༭£º¶÷СÊÏ Ê±¼ä£º2024Äê9ÔÂ19ÈÕ 0

LinuxЧÀÍÆ÷ÔÚµ±½ñµÄ»¥ÁªÍøʱ´úÊÎÑÝ×ÅÖ÷ÒªµÄ½ÇÉ« £¬±»ÆÕ±éÓ¦ÓÃÓÚWebÓ¦ÓóÌÐòµÄÍйܺͰ²ÅÅ¡£È»¶ø £¬ÓÉÓÚÆäÆÕ±éµÄʹÓà £¬LinuxЧÀÍÆ÷Ò²³ÉΪÁ˹¥»÷ÕßµÄÄ¿µÄ¡£ÎªÁ˱£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ £¬Web½Ó¿Ú±£»¤Õ½ÂÔ³ÉΪÁËÒ»Ïî±Ø²»¿ÉÉÙµÄÊÂÇé¡£

±¾ÎĽ«ÏÈÈÝÒ»¸öÁ¢ÒìµÄ½â¾ö¼Æ»® £¬ÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔºÍWeb½Ó¿ÚµÄ±£»¤Õ½ÂÔ £¬Í¨¹ý´úÂëʾÀý¼ÓÉîÃ÷È·¡£

Ê×ÏÈ £¬ÎÒÃÇÐèҪʹÓ÷À»ðǽÀ´ÏÞÖƶÔЧÀÍÆ÷µÄ»á¼û¡£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄiptables¹æÔòµÄʾÀý £¬ËüÔÊÐí´ÓÌض¨IPµØµã»á¼ûЧÀÍÆ÷µÄHTTPºÍSSH¶Ë¿Ú £¬Í¬Ê±¾Ü¾øÆäËûIPµÄ»á¼û¡£

iptables -A INPUT -p tcp -s 192.168.1.100 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 22 -j DROP

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖÐ £¬Ç°Á½Ìõ¹æÔòÔÊÐíIPµØµãΪ192.168.1.100µÄÖ÷ʱ»ú¼ûЧÀÍÆ÷µÄ80¶Ë¿Ú£¨HTTP£©ºÍ22¶Ë¿Ú£¨SSH£© £¬´ËºóÁ½Ìõ¹æÔòÔò¾Ü¾øÆäËûIPµØµãµÄ»á¼û¡£

Æä´Î £¬ÎÒÃÇ¿ÉÒÔʹÓÃFail2banÀ´±ÜÃâ¶ñÒâµÇ¼ʵÑé¡£Fail2banÊÇÒ»¸ö»ùÓÚPythonµÄÓ¦ÓóÌÐò £¬¿ÉÒÔ¼à¿ØЧÀÍÆ÷ÉϵÄÈÕÖ¾Îļþ £¬µ±¼ì²âµ½¶à´Îʧ°ÜµÄµÇ¼ʵÑéʱ £¬×Ô¶¯½«¹¥»÷ÕßµÄIPµØµã¼ÓÈëµ½·À»ðǽµÄºÚÃûµ¥ÖС£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄFail2banÉèÖÃʾÀý¡£

[DEFAULT]
bantime = 86400
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log

[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log

µÇ¼ºó¸´ÖÆ

ÉÏÊöÉèÖÃÎļþÖÐ £¬bantime²ÎÊý½ç˵Á˹¥»÷Õß±»¼ÓÈëºÚÃûµ¥µÄʱ¼ä£¨µ¥Î»ÎªÃ룩 £¬findtime²ÎÊý½ç˵ÁË´¥·¢¼ÓÈëºÚÃûµ¥µÄʧ°ÜµÇ¼ʵÑé´ÎÊýʱ¼ä¶Î £¬maxretry²ÎÊý½ç˵ÁËͳһIPÔÊÐíµÄ×î´óʵÑé´ÎÊý¡£

×îºó £¬ÎÒÃÇ¿ÉÒÔʹÓÃModSecurityÀ´ÔöÇ¿WebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£ModSecurityÊÇÒ»¸ö¿ªÔ´µÄWebÓ¦ÓóÌÐò·À»ðǽ £¬¿ÉÒÔ¼ì²âºÍ±ÜÃâ²î±ðÀàÐ͵Ĺ¥»÷ £¬Èç¿çÕ¾¾ç±¾¹¥»÷£¨XSS£©¡¢SQL×¢Èë¹¥»÷µÈ¡£ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄModSecurityÉèÖÃʾÀý¡£

<IfModule mod_security2.c>
    SecRuleEngine On
    SecAuditEngine On
    SecResponseBodyAccess On

    SecRule REMOTE_ADDR "^127.0.0.1$" phase:1,nolog,allow
    SecRule REQUEST_HEADERS:User-Agent "bot" "phase:1,deny,id:10001"

    Include /etc/modsecurity/crs/*.conf
</IfModule>

µÇ¼ºó¸´ÖÆ

ÉÏÊöÉèÖÃÎļþÖÐ £¬SecRuleEngineºÍSecAuditEngine²ÎÊýÓÃÓÚÆôÓÃModSecurityºÍÉó¼ÆÈÕÖ¾¼Í¼¹¦Ð§ £¬SecResponseBodyAccess²ÎÊýÓÃÓÚÔÊÐí»á¼ûÏìÓ¦ÄÚÈÝ¡£

SecRuleºÍSecResponseBodyAccessÕâÁ½¸ö¹æÔò»®·ÖÓÃÓÚÔÊÐíÀ´×ÔÍâµØIPµØµãµÄÇëÇó £¬²¢¾Ü¾øUser-AgentÖаüÀ¨¡°bot¡±×Ö·û´®µÄÇëÇó¡£

ͨ¹ýÒÔÉÏÏÈÈݵÄÁ¢Òì½â¾ö¼Æ»® £¬ÎÒÃÇ¿ÉÒÔÌá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔºÍWeb½Ó¿ÚµÄ±£»¤Õ½ÂÔ¡£È»¶ø £¬Ð§ÀÍÆ÷Çå¾²ÐÔÊÇÒ»¸ö¶¯Ì¬µÄÀú³Ì £¬ÐèÒªÒ»Ö±¸üкÍά»¤¡£¿ª·¢Ö°Ô±ºÍϵͳÖÎÀíÔ±Ó¦Ç×½ü¹ØעЧÀÍÆ÷µÄÇå¾²Îó²îºÍ×îеÄÇå¾²Íþв £¬²¢½ÓÄÉÏìÓ¦µÄ²½·¥À´±£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔ¡£

ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷Çå¾²ÐÔ£ºWeb½Ó¿Ú±£»¤Õ½ÂÔµÄÁ¢Òì½â¾ö¼Æ»®¡£µÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í海博论坛ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ海博论坛ʵʱÐÞÕý»òɾ³ý¡£

ÉÏһƪ£º

ÏÂһƪ£º

Ïà¹ØÐÂÎÅ

ÁªÏµ海博论坛

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ
ÓÑÇéÁ´½Ó£º×ðÁú¿­Ê±  ¿­·¢k8¹ú¼Ê  ´ó½±¹ú¼Ê  ×ðÁú¿­Ê±  OBÅ·±¦  KU¿áÓÎÌåÓý  海博论坛  yp½Ö»ú  ºÍ¼ÇÓéÀÖ  ×ðÁú¿­Ê±