How to protect CentOS servers from cyberattacks

How to protect CentOS servers from network attacks

Nowadays, network security issues are becoming increasingly serious, and server security is one of the key elements for the operation of websites and applications. This article will explain how to protect CentOS servers from network attacks and provide some specific code examples.

1. Update system patches in a timely manner
   Vulnerabilities in server operating systems and software are one of the common entry points for hacker attacks. In order to protect the server from known vulnerabilities, it is very important to keep system patches updated.

On CentOS, you can use the following command to update system packages:

sudo yum update

2. Install the firewall
   The firewall can control network traffic in and out of the server to prevent unauthorized access Access. The default firewall used by CentOS is firewalld. The following are some commonly used commands:

# 检查防火墙状态
sudo systemctl status firewalld

# 启动防火墙
sudo systemctl start firewalld

# 停止防火墙
sudo systemctl stop firewalld

# 开机启动防火墙
sudo systemctl enable firewalld

# 关闭开机启动
sudo systemctl disable firewalld

# 开启端口
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

# 重新加载规则
sudo firewall-cmd --reload

3. Configuring SSH security
   SSH is a common tool for remote management services, and it is also the main target of hacker attacks. The following are some measures to strengthen SSH security:

• Disable SSH root login:
  Use an ordinary user to log in to the server, and then use the su command to switch to root User performs management operations.
• Modify the default SSH port:
  Hackers usually scan the default port 22 of the server. Changing the SSH port to a non-common port can increase security.
• Use key login:
  Key login is more secure than password login and can be implemented using an SSH key pair. The following are the steps for key generation and configuration:

# 生成密钥对
ssh-keygen -t rsa

# 复制公钥到服务器
ssh-copy-id user@server

# 修改SSH配置文件
sudo vi /etc/ssh/sshd_config
将以下行修改或添加为：
PasswordAuthentication no
PubkeyAuthentication yes

• Configure the limit on the number of SSH login failures:
  Hackers often try to use brute force to log in to SSH, which can be mitigated by limiting the number of failed logins. risk. The following is an example:

# 修改SSH配置文件
sudo vi /etc/ssh/sshd_config
将以下行修改或添加为：
MaxAuthTries 3

4. Use secure protocol and encrypted connection
   Use HTTPS protocol and SSL/TLS certificate to provide an encrypted connection for the website to ensure data security. The following is an example of configuring the Nginx server to use HTTPS:

# 安装Nginx
sudo yum install nginx

# 生成SSL证书
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.crt

# 配置Nginx
sudo vi /etc/nginx/conf.d/default.conf
将以下行修改或添加为：
server {
  listen 443 ssl;
  ssl_certificate /etc/nginx/nginx.crt;
  ssl_certificate_key /etc/nginx/nginx.key;
  ...
}

# 重启Nginx
sudo systemctl restart nginx

5. Install the intrusion detection system
   The intrusion detection system (Intrusion Detection System, referred to as IDS) can monitor abnormal behaviors and malicious activities and take appropriate measures in a timely manner. Here is an example using Snort as an IDS:

# 安装Snort
sudo yum install epel-release -y
sudo yum install snort -y

# 配置Snort
sudo vi /etc/snort/snort.conf
进行必要的配置，如网络IP、规则文件等。

# 启动Snort
sudo snort -d -c /etc/snort/snort.conf

To sum up, protecting CentOS servers from network attacks is a multifaceted effort. Only through the comprehensive use of multiple security measures can server security be better protected. The most important thing is to update the system in time, install firewalls, harden SSH and use security protocols. With the installation of an intrusion detection system, abnormal behaviors can be discovered in a timely manner and responded accordingly. The sample code provided above can help you better implement these security measures.

The above is the detailed content of How to protect CentOS servers from cyberattacks. For more information, please follow other related articles on the PHP Chinese website!