Jang go Sireletsa Linux Server ya Gago (Hardening)
Dikgato tse di botlhokwa go sireletsa Linux server ya gago kgatlhanong le phithelelo e e sa letlelelwang le ditlhaselo.
Tshireletso e botlhokwa thata fa o tsamaisa server mo inthaneteng. Kaelo e e akaretsa dikgato tse di botlhokwa go 'thatafatsa' (harden) Linux server ya gago le go e sireletsa kgatlhanong le matshosetsi a a tlwaelegileng.
1. Boloka System ya Gago e Ntšhwafaditswe
# Ya Ubuntu/Debian
sudo apt update && sudo apt upgrade -y
# Ya RHEL / CentOS / Alma / Rocky
sudo yum update -y2. Sireletsa SSH Access
Thibela netefatso ya password le root login go thibela ditlhaselo tsa brute-force. Fetola /etc/ssh/sshd_config:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
# Fetola port go oketsa tshireletso
Port 22223. Beakanya Firewall
Letlelela fela di-port tse di tlhokegang. Fa o fetotse SSH port, gakologelwa go e letlelela!
sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable4. Tsenya Fail2Ban
Fail2Ban e sireletsa kgatlhanong le ditlhaselo tsa brute-force ka go thibela di-IP tse di supang matshwao a a diphatsa.
sudo apt install fail2ban -y
# Peakanyo ya default gantsi e lekane5. Dirisa Modirisi yo e seng Root
Tlogela go dirisa modirisi wa root go ditiro tsa letsatsi le letsatsi. Tlhama modirisi yo mosha ka ditshwanelo tsa sudo:
sudo adduser username
sudo usermod -aG sudo usernameLenaane la Tlhahlobo la Tshireletso
- Dirisa SSH keys go na le di-password
- Letlelela di-update tsa tshireletso tsa otomatiki
- Tlhahloba di-port tse di bulegileng ka gale (netstat -tulpn)
- Dirisa di-password tse di thata, tse di sa tshwaneng go di-akhaonto tsotlhe
- Tlhokomela di-log tsa system (/var/log/auth.log)
- Thibela ditirelo tse di sa dirisiweng le go tlosa software e e sa tlhokegeng