阿里云linux服务器安全设置(防火墙策略等)

幸福有爱 發表於 2023-10-10 00:00:00

阿里云linux服务器安全设置(防火墙策略等)

<p>   
首先需要进行linux的基础安全设置</p><p>   
1、Linux系统脚本</p><div class="jb51code"><div><div class="syntaxhighlighterbash" id="highlighter_992854"><div class="toolbar">?</div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr class="firstRow"><td class="gutter"><div class="line number1 index0 alt2">1</div><div class="line number2 index1 alt1">2</div><div class="line number3 index2 alt2">3</div><div class="line number4 index3 alt1">4</div><div class="line number5 index4 alt2">5</div><div class="line number6 index5 alt1">6</div><div class="line number7 index6 alt2">7</div><div class="line number8 index7 alt1">8</div><div class="line number9 index8 alt2">9</div><div class="line number10 index9 alt1">10</div><div class="line number11 index10 alt2">11</div><div class="line number12 index11 alt1">12</div><div class="line number13 index12 alt2">13</div><div class="line number14 index13 alt1">14</div><div class="line number15 index14 alt2">15</div><div class="line number16 index15 alt1">16</div><div class="line number17 index16 alt2">17</div><div class="line number18 index17 alt1">18</div><div class="line number19 index18 alt2">19</div><div class="line number20 index19 alt1">20</div><div class="line number21 index20 alt2">21</div><div class="line number22 index21 alt1">22</div><div class="line number23 index22 alt2">23</div><div class="line number24 index23 alt1">24</div><div class="line number25 index24 alt2">25</div><div class="line number26 index25 alt1">26</div><div class="line number27 index26 alt2">27</div><div class="line number28 index27 alt1">28</div><div class="line number29 index28 alt2">29</div><div class="line number30 index29 alt1">30</div><div class="line number31 index30 alt2">31</div><div class="line number32 index31 alt1">32</div><div class="line number33 index32 alt2">33</div><div class="line number34 index33 alt1">34</div><div class="line number35 index34 alt2">35</div><div class="line number36 index35 alt1">36</div><div class="line number37 index36 alt2">37</div><div class="line number38 index37 alt1">38</div><div class="line number39 index38 alt2">39</div><div class="line number40 index39 alt1">40</div><div class="line number41 index40 alt2">41</div><div class="line number42 index41 alt1">42</div><div class="line number43 index42 alt2">43</div><div class="line number44 index43 alt1">44</div><div class="line number45 index44 alt2">45</div><div class="line number46 index45 alt1">46</div><div class="line number47 index46 alt2">47</div><div class="line number48 index47 alt1">48</div><div class="line number49 index48 alt2">49</div><div class="line number50 index49 alt1">50</div><div class="line number51 index50 alt2">51</div><div class="line number52 index51 alt1">52</div><div class="line number53 index52 alt2">53</div><div class="line number54 index53 alt1">54</div><div class="line number55 index54 alt2">55</div><div class="line number56 index55 alt1">56</div><div class="line number57 index56 alt2">57</div><div class="line number58 index57 alt1">58</div><div class="line number59 index58 alt2">59</div><div class="line number60 index59 alt1">60</div><div class="line number61 index60 alt2">61</div><div class="line number62 index61 alt1">62</div><div class="line number63 index62 alt2">63</div><div class="line number64 index63 alt1">64</div><div class="line number65 index64 alt2">65</div><div class="line number66 index65 alt1">66</div><div class="line number67 index66 alt2">67</div><div class="line number68 index67 alt1">68</div><div class="line number69 index68 alt2">69</div><div class="line number70 index69 alt1">70</div><div class="line number71 index70 alt2">71</div><div class="line number72 index71 alt1">72</div><div class="line number73 index72 alt2">73</div><div class="line number74 index73 alt1">74</div><div class="line number75 index74 alt2">75</div><div class="line number76 index75 alt1">76</div><div class="line number77 index76 alt2">77</div><div class="line number78 index77 alt1">78</div><div class="line number79 index78 alt2">79</div><div class="line number80 index79 alt1">80</div><div class="line number81 index80 alt2">81</div><div class="line number82 index81 alt1">82</div><div class="line number83 index82 alt2">83</div><div class="line number84 index83 alt1">84</div><div class="line number85 index84 alt2">85</div><div class="line number86 index85 alt1">86</div><div class="line number87 index86 alt2">87</div><div class="line number88 index87 alt1">88</div><div class="line number89 index88 alt2">89</div><div class="line number90 index89 alt1">90</div><div class="line number91 index90 alt2">91</div><div class="line number92 index91 alt1">92</div><div class="line number93 index92 alt2">93</div><div class="line number94 index93 alt1">94</div><div class="line number95 index94 alt2">95</div><div class="line number96 index95 alt1">96</div><div class="line number97 index96 alt2">97</div><div class="line number98 index97 alt1">98</div><div class="line number99 index98 alt2">99</div><div class="line number100 index99 alt1">100</div><div class="line number101 index100 alt2">101</div><div class="line number102 index101 alt1">102</div><div class="line number103 index102 alt2">103</div><div class="line number104 index103 alt1">104</div><div class="line number105 index104 alt2">105</div><div class="line number106 index105 alt1">106</div><div class="line number107 index106 alt2">107</div><div class="line number108 index107 alt1">108</div><div class="line number109 index108 alt2">109</div><div class="line number110 index109 alt1">110</div><div class="line number111 index110 alt2">111</div><div class="line number112 index111 alt1">112</div><div class="line number113 index112 alt2">113</div><div class="line number114 index113 alt1">114</div><div class="line number115 index114 alt2">115</div><div class="line number116 index115 alt1">116</div><div class="line number117 index116 alt2">117</div><div class="line number118 index117 alt1">118</div><div class="line number119 index118 alt2">119</div><div class="line number120 index119 alt1">120</div><div class="line number121 index120 alt2">121</div><div class="line number122 index121 alt1">122</div><div class="line number123 index122 alt2">123</div><div class="line number124 index123 alt1">124</div><div class="line number125 index124 alt2">125</div><div class="line number126 index125 alt1">126</div><div class="line number127 index126 alt2">127</div><div class="line number128 index127 alt1">128</div><div class="line number129 index128 alt2">129</div><div class="line number130 index129 alt1">130</div><div class="line number131 index130 alt2">131</div><div class="line number132 index131 alt1">132</div><div class="line number133 index132 alt2">133</div><div class="line number134 index133 alt1">134</div><div class="line number135 index134 alt2">135</div><div class="line number136 index135 alt1">136</div><div class="line number137 index136 alt2">137</div><div class="line number138 index137 alt1">138</div><div class="line number139 index138 alt2">139</div><div class="line number140 index139 alt1">140</div><div class="line number141 index140 alt2">141</div><div class="line number142 index141 alt1">142</div><div class="line number143 index142 alt2">143</div><div class="line number144 index143 alt1">144</div><div class="line number145 index144 alt2">145</div><div class="line number146 index145 alt1">146</div><div class="line number147 index146 alt2">147</div><div class="line number148 index147 alt1">148</div><div class="line number149 index148 alt2">149</div><div class="line number150 index149 alt1">150</div><div class="line number151 index150 alt2">151</div><div class="line number152 index151 alt1">152</div><div class="line number153 index152 alt2">153</div><div class="line number154 index153 alt1">154</div><div class="line number155 index154 alt2">155</div><div class="line number156 index155 alt1">156</div><div class="line number157 index156 alt2">157</div><div class="line number158 index157 alt1">158</div><div class="line number159 index158 alt2">159</div><div class="line number160 index159 alt1">160</div><div class="line number161 index160 alt2">161</div><div class="line number162 index161 alt1">162</div><div class="line number163 index162 alt2">163</div><div class="line number164 index163 alt1">164</div><div class="line number165 index164 alt2">165</div><div class="line number166 index165 alt1">166</div><div class="line number167 index166 alt2">167</div><div class="line number168 index167 alt1">168</div><div class="line number169 index168 alt2">169</div><div class="line number170 index169 alt1">170</div><div class="line number171 index170 alt2">171</div><div class="line number172 index171 alt1">172</div><div class="line number173 index172 alt2">173</div><div class="line number174 index173 alt1">174</div><div class="line number175 index174 alt2">175</div><div class="line number176 index175 alt1">176</div><div class="line number177 index176 alt2">177</div><div class="line number178 index177 alt1">178</div><div class="line number179 index178 alt2">179</div><div class="line number180 index179 alt1">180</div><div class="line number181 index180 alt2">181</div><div class="line number182 index181 alt1">182</div><div class="line number183 index182 alt2">183</div><div class="line number184 index183 alt1">184</div><div class="line number185 index184 alt2">185</div><div class="line number186 index185 alt1">186</div><div class="line number187 index186 alt2">187</div><div class="line number188 index187 alt1">188</div><div class="line number189 index188 alt2">189</div><div class="line number190 index189 alt1">190</div><div class="line number191 index190 alt2">191</div><div class="line number192 index191 alt1">192</div><div class="line number193 index192 alt2">193</div><div class="line number194 index193 alt1">194</div><div class="line number195 index194 alt2">195</div><div class="line number196 index195 alt1">196</div><div class="line number197 index196 alt2">197</div></td><td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash preprocessor bold">#!/bin/bash</code></div><div class="line number2 index1 alt1"><code class="bash comments">#########################################</code></div><div class="line number3 index2 alt2"><code class="bash comments">#Function: linux drop port</code></div><div class="line number4 index3 alt1"><code class="bash comments">#Usage:  bash linux_drop_port.sh</code></div><div class="line number5 index4 alt2"><code class="bash comments">#Author:  Customer Service Department</code></div><div class="line number6 index5 alt1"><code class="bash comments">#Company:  Alibaba Cloud Computing</code></div><div class="line number7 index6 alt2"><code class="bash comments">#Version:  2.0</code></div><div class="line number8 index7 alt1"><code class="bash comments">#########################################</code></div><div class="line number9 index8 alt2"><code class="bash spaces"> </code></div><div class="line number10 index9 alt1"><code class="bash plain">check_os_release()</code></div><div class="line number11 index10 alt2"><code class="bash plain">{</code></div><div class="line number12 index11 alt1"><code class="bash spaces"> </code><code class="bash keyword">while</code> <code class="bash functions">true</code></div><div class="line number13 index12 alt2"><code class="bash spaces"> </code><code class="bash keyword">do</code></div><div class="line number14 index13 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash string">"Red Hat Enterprise Linux Server release"</code><code class="bash plain">/etc/issue</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number15 index14 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash string">"Red Hat Enterprise Linux Server release"</code><code class="bash plain">/etc/redhat-release</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number16 index15 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number17 index16 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number18 index17 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 5"</code> <code class="bash plain">></code><code class="bash plain">/dev/null2</code><code class="bash plain">>&1</code></div><div class="line number19 index18 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number20 index19 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=redhat5</code></div><div class="line number21 index20 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number22 index21 alt1"><code class="bash spaces">  </code><code class="bash keyword">elif</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 6"</code><code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number23 index22 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number24 index23 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=redhat6</code></div><div class="line number25 index24 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number26 index25 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number27 index26 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number28 index27 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number29 index28 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number30 index29 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number31 index30 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number32 index31 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash string">"Aliyun Linux release"</code> <code class="bash plain">/etc/issue2</code><code class="bash plain">></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number33 index32 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash string">"Aliyun Linux release"</code> <code class="bash plain">/etc/aliyun-release2</code><code class="bash plain">></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number34 index33 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number35 index34 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number36 index35 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 5"</code> <code class="bash plain">></code><code class="bash plain">/dev/null2</code><code class="bash plain">>&1</code></div><div class="line number37 index36 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number38 index37 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=aliyun5</code></div><div class="line number39 index38 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number40 index39 alt1"><code class="bash spaces">  </code><code class="bash keyword">elif</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 6"</code><code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number41 index40 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number42 index41 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=aliyun6</code></div><div class="line number43 index42 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number44 index43 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number45 index44 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number46 index45 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number47 index46 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number48 index47 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number49 index48 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number50 index49 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash string">"CentOS release"</code> <code class="bash plain">/etc/issue</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number51 index50 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash string">"CentOS release"</code> <code class="bash plain">/etc/</code><code class="bash plain">*release2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number52 index51 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number53 index52 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number54 index53 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 5"</code> <code class="bash plain">></code><code class="bash plain">/dev/null2</code><code class="bash plain">>&1</code></div><div class="line number55 index54 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number56 index55 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=centos5</code></div><div class="line number57 index56 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number58 index57 alt1"><code class="bash spaces">  </code><code class="bash keyword">elif</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"release 6"</code><code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number59 index58 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number60 index59 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=centos6</code></div><div class="line number61 index60 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number62 index61 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number63 index62 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number64 index63 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number65 index64 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number66 index65 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number67 index66 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number68 index67 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash plain">-i </code><code class="bash string">"ubuntu"</code> <code class="bash plain">/etc/issue</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number69 index68 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash plain">-i </code><code class="bash string">"ubuntu"</code> <code class="bash plain">/etc/lsb-release2</code><code class="bash plain">></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number70 index69 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number71 index70 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number72 index71 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"Ubuntu 10"</code> <code class="bash plain">></code><code class="bash plain">/dev/null2</code><code class="bash plain">>&1</code></div><div class="line number73 index72 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number74 index73 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=ubuntu10</code></div><div class="line number75 index74 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number76 index75 alt1"><code class="bash spaces">  </code><code class="bash keyword">elif</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"Ubuntu 12.04"</code><code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number77 index76 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number78 index77 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=ubuntu1204</code></div><div class="line number79 index78 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number80 index79 alt1"><code class="bash spaces">  </code><code class="bash keyword">elif</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"Ubuntu 12.10"</code><code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number81 index80 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number82 index81 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=ubuntu1210</code></div><div class="line number83 index82 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number84 index83 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number85 index84 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number86 index85 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number87 index86 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number88 index87 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number89 index88 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number90 index89 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash plain">-i </code><code class="bash string">"debian"</code> <code class="bash plain">/etc/issue</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number91 index90 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash plain">-i </code><code class="bash string">"debian"</code> <code class="bash plain">/proc/version</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number92 index91 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number93 index92 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number94 index93 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code> <code class="bash string">"Linux 6"</code> <code class="bash plain">></code><code class="bash plain">/dev/null2</code><code class="bash plain">>&1</code></div><div class="line number95 index94 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number96 index95 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=debian6</code></div><div class="line number97 index96 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number98 index97 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number99 index98 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number100 index99 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number101 index100 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number102 index101 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number103 index102 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number104 index103 alt1"><code class="bash spaces"> </code><code class="bash plain">os_release=$(</code><code class="bash functions">grep</code> <code class="bash string">"openSUSE"</code> <code class="bash plain">/etc/issue</code> <code class="bash plain">2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number105 index104 alt2"><code class="bash spaces"> </code><code class="bash plain">os_release_2=$(</code><code class="bash functions">grep</code> <code class="bash string">"openSUSE"</code> <code class="bash plain">/etc/</code><code class="bash plain">*release 2></code><code class="bash plain">/dev/null</code><code class="bash plain">)</code></div><div class="line number106 index105 alt1"><code class="bash spaces"> </code><code class="bash keyword">if</code> <code class="bash plain">[ </code><code class="bash string">"$os_release"</code> <code class="bash plain">] && [ </code><code class="bash string">"$os_release_2"</code> <code class="bash plain">]</code></div><div class="line number107 index106 alt2"><code class="bash spaces"> </code><code class="bash keyword">then</code></div><div class="line number108 index107 alt1"><code class="bash spaces">  </code><code class="bash keyword">if</code> <code class="bash functions">echo</code> <code class="bash string">"$os_release"</code><code class="bash plain">|</code><code class="bash functions">grep</code><code class="bash string">"13.1"</code> <code class="bash plain">></code><code class="bash plain">/dev/null</code> <code class="bash plain">2>&1</code></div><div class="line number109 index108 alt2"><code class="bash spaces">  </code><code class="bash keyword">then</code></div><div class="line number110 index109 alt1"><code class="bash spaces">  </code><code class="bash plain">os_release=opensuse131</code></div><div class="line number111 index110 alt2"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number112 index111 alt1"><code class="bash spaces">  </code><code class="bash keyword">else</code></div><div class="line number113 index112 alt2"><code class="bash spaces">  </code><code class="bash plain">os_release=</code><code class="bash string">""</code></div><div class="line number114 index113 alt1"><code class="bash spaces">  </code><code class="bash functions">echo</code> <code class="bash string">"$os_release"</code></div><div class="line number115 index114 alt2"><code class="bash spaces">  </code><code class="bash keyword">fi</code></div><div class="line number116 index115 alt1"><code class="bash spaces">  </code><code class="bash keyword">break</code></div><div class="line number117 index116 alt2"><code class="bash spaces"> </code><code class="bash keyword">fi</code></div><div class="line number118 index117 alt1"><code class="bash spaces"> </code><code class="bash keyword">break</code></div><div class="line number119 index118 alt2"><code class="bash spaces"> </code><code class="bash keyword">done</code></div><div class="line number120 index119 alt1"><code class="bash plain">}</code></div><div class="line number121 index120 alt2"><code class="bash spaces"> </code></div><div class="line number122 index121 alt1"><code class="bash plain">exit_script()</code></div><div class="line number123 index122 alt2"><code class="bash plain">{</code></div><div class="line number124 index123 alt1"><code class="bash spaces"> </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033</code></div><div class="line number149 index148 alt2"><code class="bash keyword">then</code></div><div class="line number150 index149 alt1"><code class="bash spaces"> </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033</code></div><div class="line number159 index158 alt2"><code class="bash keyword">then</code></div><div class="line number160 index159 alt1"><code class="bash spaces"> </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033</code></div><div class="line number168 index167 alt1"><code class="bash keyword">then</code></div><div class="line number169 index168 alt2"><code class="bash spaces"> </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033[1;40;31mThe OS does not identify,So this script isnot executede.\n\033[0m"</code></div><div class="line number170 index169 alt1"><code class="bash spaces"> </code><code class="bash functions">rm</code><code class="bash plain">-f $LOCKfile</code></div><div class="line number171 index170 alt2"><code class="bash spaces"> </code><code class="bash functions">exit</code> <code class="bash plain">0</code></div><div class="line number172 index171 alt1"><code class="bash keyword">else</code></div><div class="line number173 index172 alt2"><code class="bash spaces"> </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033[40;32mThis OS is $os_release.\n\033[40;37m"</code></div><div class="line number174 index173 alt1"><code class="bash keyword">fi</code></div><div class="line number175 index174 alt2"><code class="bash spaces"> </code></div><div class="line number176 index175 alt1"><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033[40;32mStep 3.Begen toconfig firewall.\n\033[40;37m"</code></div><div class="line number177 index176 alt2"><code class="bash keyword">case</code> <code class="bash string">"$os_release"</code> <code class="bash keyword">in</code></div><div class="line number178 index177 alt1"><code class="bash plain">redhat5|centos5|redhat6|centos6|aliyun5|aliyun6)</code></div><div class="line number179 index178 alt2"><code class="bash spaces"> </code><code class="bash plain">service iptables start</code></div><div class="line number180 index179 alt1"><code class="bash spaces"> </code><code class="bash plain">config_iptables</code></div><div class="line number181 index180 alt2"><code class="bash spaces"> </code><code class="bash plain">;;</code></div><div class="line number182 index181 alt1"><code class="bash plain">debian6)</code></div><div class="line number183 index182 alt2"><code class="bash spaces"> </code><code class="bash plain">config_iptables</code></div><div class="line number184 index183 alt1"><code class="bash spaces"> </code><code class="bash plain">;;</code></div><div class="line number185 index184 alt2"><code class="bash plain">ubuntu10|ubuntu1204|ubuntu1210)</code></div><div class="line number186 index185 alt1"><code class="bash spaces"> </code><code class="bash plain">ufwenable <<EOF</code></div><div class="line number187 index186 alt2"><code class="bash plain">y</code></div><div class="line number188 index187 alt1"><code class="bash plain">EOF</code></div><div class="line number189 index188 alt2"><code class="bash spaces"> </code><code class="bash plain">ubuntu_config_ufw</code></div><div class="line number190 index189 alt1"><code class="bash spaces"> </code><code class="bash plain">;;</code></div><div class="line number191 index190 alt2"><code class="bash plain">opensuse131)</code></div><div class="line number192 index191 alt1"><code class="bash spaces"> </code><code class="bash plain">config_iptables</code></div><div class="line number193 index192 alt2"><code class="bash spaces"> </code><code class="bash plain">;;</code></div><div class="line number194 index193 alt1"><code class="bash plain">esac</code></div><div class="line number195 index194 alt2"><code class="bash spaces"> </code></div><div class="line number196 index195 alt1"><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">"\033[40;32mConfig firewallsuccess,this script now exit!\n\033[40;37m"</code></div><div class="line number197 index196 alt2"><code class="bash functions">rm</code> <code class="bash plain">-f $LOCKfile</code></div></div></td></tr></tbody></table></div></div><div class="codetool" id="codetool"><div class="code_n"></div></div></div><p>   
上述文件下载到机器内部直接执行即可。</p><p>   
2、设置iptables，限制访问</p><div class="jb51code"><div><div class="syntaxhighlighterbash" id="highlighter_228861"><div class="toolbar">?</div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr class="firstRow"><td class="gutter"><div class="line number1 index0 alt2">1</div><div class="line number2 index1 alt1">2</div><div class="line number3 index2 alt2">3</div><div class="line number4 index3 alt1">4</div><div class="line number5 index4 alt2">5</div><div class="line number6 index5 alt1">6</div><div class="line number7 index6 alt2">7</div><div class="line number8 index7 alt1">8</div><div class="line number9 index8 alt2">9</div><div class="line number10 index9 alt1">10</div><div class="line number11 index10 alt2">11</div><div class="line number12 index11 alt1">12</div><div class="line number13 index12 alt2">13</div></td><td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-P INPUT ACCEPT</code></div><div class="line number2 index1 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-F</code></div><div class="line number3 index2 alt2"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-X</code></div><div class="line number4 index3 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-Z</code></div><div class="line number5 index4 alt2">                                   
 </div><div class="line number6 index5 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -i lo -j ACCEPT </code></div><div class="line number7 index6 alt2"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -p tcp --dport 22 -j ACCEPT</code></div><div class="line number8 index7 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -p tcp --dport 80 -j ACCEPT</code></div><div class="line number9 index8 alt2"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -p tcp --dport 8080 -j ACCEPT</code></div><div class="line number10 index9 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -p icmp -m icmp --icmp-</code><code class="bash functions">type</code> <code class="bash plain">8 -j ACCEPT</code></div><div class="line number11 index10 alt2"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-A INPUT -m state --state ESTABLISHED -j ACCEPT</code></div><div class="line number12 index11 alt1"><code class="bash plain">/sbin/iptables</code> <code class="bash plain">-P INPUT DROP</code></div><div class="line number13 index12 alt2"><code class="bash spaces"> </code><code class="bash plain">service iptables save</code></div></div></td></tr></tbody></table></div></div><div class="codetool" id="codetool"><div class="code_n"></div></div></div><p>   
以上脚本，在每次重装完系统后执行一次即可，其配置会保存至/etc/sysconfig/iptables</p><p>   
3、常用网络监控命令<br/>
（1） netstat -tunl：查看所有正在监听的端口</p><div class="jb51code"><div><div class="syntaxhighlighterbash" id="highlighter_653860"><div class="toolbar">?</div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr class="firstRow"><td class="gutter"><div class="line number1 index0 alt2">1</div><div class="line number2 index1 alt1">2</div><div class="line number3 index2 alt2">3</div><div class="line number4 index3 alt1">4</div><div class="line number5 index4 alt2">5</div><div class="line number6 index5 alt1">6</div><div class="line number7 index6 alt2">7</div><div class="line number8 index7 alt1">8</div></td><td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># netstat -tunl</code></div><div class="line number2 index1 alt1"><code class="bash plain">Active Internet connections (only servers)</code></div><div class="line number3 index2 alt2"><code class="bash plain">Proto Recv-Q Send-Q Local Address    Foreign Address    State  </code></div><div class="line number4 index3 alt1"><code class="bash plain">tcp  0  0 0.0.0.0:22     0.0.0.0:*     LISTEN  </code></div><div class="line number5 index4 alt2"><code class="bash plain">udp  0  0 ip:123   0.0.0.0:*        </code></div><div class="line number6 index5 alt1"><code class="bash plain">udp  0  0 ip:123   0.0.0.0:*        </code></div><div class="line number7 index6 alt2"><code class="bash plain">udp  0  0 127.0.0.1:123    0.0.0.0:*        </code></div><div class="line number8 index7 alt1"><code class="bash plain">udp  0  0 0.0.0.0:123     0.0.0.0:*</code></div></div></td></tr></tbody></table></div></div><div class="codetool" id="codetool"><div class="code_n"></div></div></div><p>   
其中123端口用于NTP服务。<br/>
（2）netstat -tunp：查看所有已连接的网络连接状态，并显示其PID及程序名称。</p><div class="jb51code"><div><div class="syntaxhighlighterbash" id="highlighter_303421"><div class="toolbar">?</div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr class="firstRow"><td class="gutter"><div class="line number1 index0 alt2">1</div><div class="line number2 index1 alt1">2</div><div class="line number3 index2 alt2">3</div><div class="line number4 index3 alt1">4</div><div class="line number5 index4 alt2">5</div></td><td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash plain"></code><code class="bash comments"># netstat -tunp</code></div><div class="line number2 index1 alt1"><code class="bash plain">Active Internet connections (w</code><code class="bash plain">/o</code> <code class="bash plain">servers)</code></div><div class="line number3 index2 alt2"><code class="bash plain">Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID</code><code class="bash plain">/Program</code> <code class="bash plain">name   </code></div><div class="line number4 index3 alt1"><code class="bash plain">tcp        0     96 ip:22            221.176.33.126:52699        ESTABLISHED 926</code><code class="bash plain">/sshd</code>            </div><div class="line number5 index4 alt2"><code class="bash plain">tcp        0      0 ip:34385         42.156.166.25:80            ESTABLISHED 1003</code><code class="bash plain">/aegis_cli</code></div></div></td></tr></tbody></table></div></div><div class="codetool" id="codetool"><div class="code_n"></div></div></div><p>   
根据上述结果，可以根据需要kill掉相应进程。<br/>
如:<br/>
kill -9 1003</p><p>   
（3）netstat -tunlp<br/>
（4）netstat常用选项说明：</p><p>   
-t: tcp  <br/>
-u : udp<br/>
-l, --listening<br/>
       Show only listening sockets.  (These are omitted by default.)<br/>
-p, --program<br/>
       Show the PID and name of the program to which each socket belongs.<br/>
--numeric , -n<br/>
Show numerical addresses instead of trying to determine symbolic host, port or user names.</p><p><strong>4、修改ssh的监听端口</strong></p><p>   
（1）修改 /etc/ssh/sshd_config</p><p>   
原有的port 22</p><p>   
改为port 44</p><p>   
（2）重启服务</p><p>   
/etc/init.d/sshd restart<br/>
（3）查看情况</p><div class="jb51code"><div><div class="syntaxhighlighterbash" id="highlighter_165433"><div class="toolbar">?</div><table border="0" cellpadding="0" cellspacing="0"><tbody><tr class="firstRow"><td class="gutter"><div class="line number1 index0 alt2">1</div><div class="line number2 index1 alt1">2</div><div class="line number3 index2 alt2">3</div><div class="line number4 index3 alt1">4</div><div class="line number5 index4 alt2">5</div><div class="line number6 index5 alt1">6</div><div class="line number7 index6 alt2">7</div><div class="line number8 index7 alt1">8</div></td><td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash functions">netstat</code> <code class="bash plain">-tunl</code></div><div class="line number2 index1 alt1"><code class="bash plain">Active Internet connections (only servers)</code></div><div class="line number3 index2 alt2"><code class="bash plain">Proto Recv-Q Send-Q Local Address    Foreign Address    State  </code></div><div class="line number4 index3 alt1"><code class="bash plain">tcp  0  0 0.0.0.0:44    0.0.0.0:*     LISTEN  </code></div><div class="line number5 index4 alt2"><code class="bash plain">udp  0  0 ip:123   0.0.0.0:*        </code></div><div class="line number6 index5 alt1"><code class="bash plain">udp  0  0 ip:123   0.0.0.0:*        </code></div><div class="line number7 index6 alt2"><code class="bash plain">udp  0  0 127.0.0.1:123    0.0.0.0:*        </code></div><div class="line number8 index7 alt1"><code class="bash plain">udp  0  0 0.0.0.0:123     0.0.0.0:*</code></div></div></td></tr></tbody></table></div></div><div class="codetool" id="codetool"><div class="code_n"></div></div></div><p>   
 </p>

頁: [1]

琼殿技术论坛's Archiver

阿里云linux服务器安全设置(防火墙策略等)