SECURE 日志为空
[root@localhost ~]# vi /etc/ssh/sshd_config
# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
[root@localhost ~]# service syslog restart
[root@localhost ~]# service sshd restart
修改ssh默认端口
[root@localhost ~]# vi /etc/ssh/sshd_config
#Port 22
Port 2594
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
[root@localhost ~]# service sshd restart
history显示操作时间
[root@localhost ~]# echo 'export HISTTIMEFORMAT="%F %T"' >>/etc/profile
[root@localhost ~]# source /etc/profile
[root@localhost ~]# history
屏蔽每天ssh登陆错误超过10次的ip
[root@localhost data]# vi blacklist.sh
#!/bin/bash
DATE=$(date +"%a %b %e")
ABNORMAL_IP=$(lastb |grep "$DATE" |awk '{a[$3]++}END{for(i in a)if(a[i]>10)print i}')
echo
echo "以下ip每天超过10次登陆失败"
echo
for IP in $ABNORMAL_IP; do
insert_ip=`grep "$IP" /etc/hosts.deny | wc -l`
if [ $insert_ip -le 0 ] ; then
echo "屏蔽IP:$IP"
echo "sshd:${IP}" >> /etc/hosts.deny
else
echo "IP:$IP 已存在系统黑名单中"
fi
done
systemctl restart sshd
echo
echo "屏蔽完成"
echo
[root@localhost data]# crontab -e
58 */1 * * * /data/blacklist.sh >> /data/blacklist.log 2>&1
不自动清理tomcat临时目录
[root@localhost ~]# vi /usr/lib/tmpfiles.d/tmp.conf
#添加
x /tmp/tomcat.*
查看服务器公网出口ip
[root@localhost ~]# curl http://ifconfig.me
sshd白名单设置
[root@localhost ~]# vim /etc/hosts.deny
sshd:All
[root@localhost ~]# vim /etc/hosts.allow
sshd:192.168.0.1,192.168.0.51
centos测速
[root@vm speedtest]# wget https://raw.github.com/sivel/speedtest-cli/master/speedtest.py
[root@vm speedtest]# chmod 777 speedtest.py
[root@vm speedtest]# ./speedtest.py
linux设置日志文件保存时间为6个月
[root@localhost ~]# vi /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 24 #rotate 4改为rotate 24
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 6 #rotate 1改为rotate 6
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 6 #rotate 1改为rotate 6
}
# system-specific logs may be also be configured here.
nginx代理udp端口
配置文件添加(与http同一层级)
http { }
stream {
server {
listen <PORT> udp;
proxy_pass <IP>:<PORT>;
}
}
验证端口
[root@localhost ~]# yum install -y nc
[root@localhost ~]# nc -zvu <IP> <端口>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to IP:端口.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.
使用nc进行tcp、udp通信
服务器1 使用udp监听7001端口(参数u表示使用udp协议)
[root@localhost ~]# nc -lvu 7001
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Listening on :::7001
Ncat: Listening on 0.0.0.0:7001
服务器2连接服务器1端口进行通信(参数u表示使用udp协议)
[root@localhost ~]#nc -vu <IP> <端口>
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to <IP> <端口>.
查看SSL证书有效期
[root@localhost ~]# openssl x509 -in <证书名> -noout -dates
查看yum已安装软件包
[root@localhost ~]# yum list | grep xxx