Alibaba cloud Q & A 2022-02-13 06:37:31 阅读数:970
Can you be specific
1、 Add normal user login , prohibit root The user login , change SSH Port number .
2、 The server logs in with a key , No password login .
3、 Turn on the firewall , close SElinux , Set corresponding firewall rules according to business requirements .
4、 loading fail2ban This prevents SSH Brute force Software .
5、 Only the company's office network is allowed to export IP Can log in to the server ( Look at the actual needs of the company )
6、 Modify the number of historical command records to 10 strip .
7、 Only servers that need access to the Internet are allowed , Everything else is forbidden .
8、 Do a good job in software protection .
8.1 Set up nginx_waf Modules prevent SQL Inject . 8.2 hold Web Service usage www User start , Change the owner and group of the site directory to www .
copyright:author[Alibaba cloud Q & A],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/02/202202130637293321.html