阿里云主机防止攻击的建议
(1)关闭不必要的服务
[root@iZ25tti3rxdZ tmp]# chkconfig gshelld --level 35 off
[root@iZ25tti3rxdZ tmp]# service gshelld stop
Stopping gshelld ...
[root@iZ25tti3rxdZ tmp]# ^C
[root@iZ25tti3rxdZ tmp]# chkconfig nscd --level 35 off
[root@iZ25tti3rxdZ tmp]# service nscd stop
Stopping nscd: [FAILED]
[root@iZ25tti3rxdZ tmp]# chkconfig ntpd --level 35 off
[root@iZ25tti3rxdZ tmp]# service ntpd stop
Shutting down ntpd: [ OK ]
[root@iZ25tti3rxdZ tmp]# chkconfig udev-post --level 35 off
[root@iZ25tti3rxdZ tmp]# service udev-post stop
(2)定时杀死可疑进程
- ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "getty" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- find /mnt/ -type f |xargs chmod a-x
- find /tmp/ -type f |xargs chmod a-x
(3)定期修改root 密码
(4)把经常登录失败的ip放到hosts.deny中
/etc/hosts.deny :
- sshd:121.42.0.
- sshd:121.15.151.
- #sshd:223.104.38.177
- #sshd:117.136.38.
- sshd:203.201.161.
- sshd:201.172.242.
- sshd:189.219.166.
- sshd:201.175.123.
- sshd:201.172.78.
- sshd:201.173.37.
- sshd:201.172.104.
- sshd:101.205.43.
- sshd:189.218.77.
- sshd:200.239.61.
- sshd:37.229.68.
- sshd:187.160.49.
- sshd:189.219.81.
- sshd:107.191.207.
- sshd:50.180.102.
- sshd:99.194.146.
- sshd:201.173.168.
- sshd:189.218.200.
- sshd:201.172.120.
(5)尽量不要允许MySQL的远程访问
- mysql> delete from user where host='%';
- Query OK, 2 rows affected (0.02 sec)
- flush privileges;
(6) 根目录和/tmp目录下的文件一定不要可执行权限(x)
参考:
http://loutsx.blog.163.com/blog/static/1619920872014554326635/
