Create a secure Linux server environment: Master these commands
Introduction:
In the Internet age, protecting server security is crucial. As a stable, secure and customizable operating system, Linux has become the first choice for many servers. This article will introduce some commonly used Linux commands to help administrators create a secure Linux server environment.
First, make sure all software on the server is up to date. This can be done with the following command:
sudo apt update sudo apt upgrade
The above command will check for available software updates and install them.
It is dangerous to use the root user to perform tasks on the server. In order to improve security, we should create an independent account for each user and restrict its permissions. Here are some useful commands for adding and managing users:
sudo adduser username
sudo usermod -aG sudo username
sudo deluser username
The firewall is a key component to protect the server from malicious access. Linux servers often use iptables as a firewall tool. The following are some commonly used commands:
sudo iptables -L
sudo iptables -A INPUT -p tcp --dport port_number -j ACCEPT
sudo iptables -A INPUT -s IP_address -j DROP
sudo iptables-save > /etc/iptables/rules.v4 (IPv4) sudo ip6tables-save > /etc/iptables/rules.v6 (IPv6)
To protect sensitive data on the server, encryption protocols such as SSL/TLS should be used. Here are some relevant commands:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.key -out /etc/ssl/certs/cert.crt
sudo nano /etc/nginx/sites-available/default 在server块中添加以下行: listen 443 ssl; ssl_certificate /etc/ssl/certs/cert.crt; ssl_certificate_key /etc/ssl/private/key.key; 保存并退出文件。重启NGINX: sudo systemctl restart nginx
Regular backup is an important means to restore the server system and data. The following are some backup-related commands:
cp -r /path/to/source /path/to/destination
tar -czvf archive_name.tar.gz /path/to/directory_or_file
find /path/to/backups -mtime +7 -type f -delete
Monitoring system logs is an important way to discover potential security issues. Here are some related commands:
sudo journalctl --vacuum-size=50M
sudo tail -f /var/log/syslog
sudo cat /var/log/auth.log
Conclusion:
Creating a secure Linux server environment requires mastering some basic commands and techniques. This article introduces some commonly used commands, but it's just the tip of the iceberg. Further learning and mastering Linux commands and security technologies will help build a more secure and reliable server environment.
The above is the detailed content of Create a secure Linux server environment: Master these commands. For more information, please follow other related articles on the PHP Chinese website!