#第一点 复杂的ROOT密码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Generate ROOT Password =============================== 默认生成方式 </dev/urandom tr -dc '12345!@#$%qwertQWERTasdfgASDFGzxcvbZXCVB' | head -c32; echo "" 会生成32位密码: TS5g2SCTGg5f4cTXSbrFdSXZs!xrggeV 包含 数字+大小写+特殊字符,属于安全范围 其他生成方式 < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo; date +%s | sha256sum | base64 | head -c 32 ; echo openssl rand -base64 32 tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo |
#第二点 使用密匙登录
且设置指定IP才允许登录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
yum install -y denyhosts cat >>/etc/hosts.allow <<EOF sshd: 1.1.1.1 EOF cat >/var/lib/denyhosts/allowed-hosts <<EOF 1.1.1.1 EOF cat /etc/hosts.allow chkconfig denyhosts on service denyhosts start systemctl restart denyhosts systemctl status denyhosts /etc/init.d/sshd restart #如果有IP是自己的 需要去除黑名单 cd /var/lib/denyhosts grep 2.2.2.2 * |
#第三点 杀毒软件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
杀毒软件安装配置 ===================================== 配置源 yum install -y epel-release #CentOS6 yum -y install clamav clamd chkconfig clamd on /etc/init.d/clamd restart #Centos7 yum install -y clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf sed -i '/^Example/d' /etc/clamd.d/clamd.conf sed -i 's/User <USER>/User clamscan/g' /etc/clamd.d/clamd.conf cat /etc/clamd.d/clamd.conf |grep User User clamscan LocalSocket /var/run/clamd.<SERVICE>/clamd.sock cp /etc/freshclam.conf /etc/freshclam.conf.bak sed -i '/^Example/d' /etc/freshclam.conf cat >/usr/lib/systemd/system/clam-freshclam.service <<EOF # Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target EOF systemctl enable clam-freshclam.service systemctl start clam-freshclam.service systemctl status clam-freshclam.service ls -l /usr/lib/systemd/system/clam* mv /usr/lib/systemd/system/clamd\@.service /usr/lib/systemd/system/clamd.service mv /usr/lib/systemd/system/clamd\@scan.service /usr/lib/systemd/system/clamdscan.service sed -i 's/clamd@/clamd/g' /usr/lib/systemd/system/clamdscan.service cat >/usr/lib/systemd/system/clamdsys.service <<EOF [Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target EOF cd /usr/lib/systemd/system systemctl enable clamdsys.service systemctl enable clamdscan.service systemctl start clamdsys.service systemctl start clamdscan.service 更新病毒库 /usr/bin/freshclam 扫描命令 mkdir /root/bak /usr/bin/clamscan -r --move="/root/bak/" /home >>/root/scan.log & -i 配置自动扫描 mkdir /var/log/clamav vi /etc/cron.daily/manual_clamscan #!/bin/bash SCAN_DIR="/home" LOG_FILE="/var/log/clamav/_clamscan.log" /usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE chmod +x /etc/cron.daily/manual_clamscan #高级 自动删除木马 clamscan -ri --remove /home --include=REGEX |
###第四点 Webshell后门扫描
1 2 3 4 5 6 |
WebShell扫描 =================== cd /opt wget http://raw.github.com/emposha/Shell-Detector/master/shelldetect.py --no-check-certificate wget https://github.com/emposha/Shell-Detector/blob/master/shelldetect.db --no-check-certificate python shelldetect.py -r True -e php,js -d /home |
### 第五点 扫描器
Maldetect
==========================================
cd /opt
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
ls -l | grep maldetect
cd maldetect-1.5
./install.sh
/usr/local/maldetect/conf.maldet
/usr/local/maldetect/maldet -a
后台运行和全盘扫描
/usr/local/maldetect/maldet -a
/usr/local/maldetect/maldet -b -m
### 可选安全
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
安全狗Linux版 =========================== cd /opt wget http://www.safedog.cn/safedog_linux64.tar.gz tar xzvf safedog_linux64.tar.gz cd safedog_linux64 chmod +x *.py ./install.py 卸载 cd /opt/safedog_linux64 chmod +x uninstall.sh ./uninstall.sh sdui 启动界面 sdstart 重启 F5 或者 CTRL+L |