Learn to defend: Use command line tools to protect your Linux server

Learn to defend: Use command line tools to protect your Linux server

In today's Internet era, with the continuous development of network technology, server security has become more and more is becoming more and more important. As a server administrator, we need to learn to use various tools and methods to protect our servers from attacks. In Linux systems, command line tools are one of our main weapons. This article will introduce some commonly used command line tools and how to use them to protect your Linux server.

1. iptables

iptables is one of the most commonly used firewall tools in Linux systems. It can be used to manage and configure network packet filtering rules to protect servers from malicious attacks. Here are some examples using iptables:

# 清除所有已有规则
iptables -F
# 允许本地回环接口
iptables -A INPUT -i lo -j ACCEPT
# 允许已建立的、相关的会话流量
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# 允许SSH连接
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# 阻止所有其他入站流量
iptables -A INPUT -j DROP

The above rules first clear all existing rules, then allow traffic on the local loopback interface, then allow established and related session traffic, then allow SSH connections, and finally block All other inbound traffic.

2. fail2ban

fail2ban is a tool used to prevent malicious login attempts. It monitors the server's log files and when multiple failed login attempts are detected, it automatically adds a rule in iptables that blocks that IP address. Here are some configuration examples for fail2ban:

Install fail2ban:

sudo apt-get install fail2ban

Create a custom jail.local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the jail.local file:

sudo nano /etc/fail2ban/jail.local

Add the following content to the file:

[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 3
findtime = 3600
bantime = 86400

Save and exit the file. The above configuration will monitor SSH login attempts in the /var/log/auth.log file, and after three failed login attempts, the IP address will be added to the iptables block list for 24 hours.

Restart the fail2ban service for the configuration to take effect:

sudo service fail2ban restart

3. rkhunter

rkhunter is a tool used to check the system for potential malware. It will scan system files and directories, and will give a warning if abnormal files or configurations are detected. Here is an example of using rkhunter:

Install rkhunter:

sudo apt-get install rkhunter

Run rkhunter for a system scan:

sudo rkhunter --check

Run rkhunter to update its database:

sudo rkhunter --update

4. logwatch

logwatch is a log analysis tool that can help administrators quickly analyze server log files and discover potential security issues. The following is an example of using logwatch:

Install logwatch:

sudo apt-get install logwatch

Run logwatch for log analysis:

sudo logwatch

The above are some commonly used command line tools. By using them, you Can better protect your Linux server from malicious attacks. Of course, in addition to using tools, server security also requires regularly updating systems and applications, using strong passwords, restricting root logins, etc. Only through the comprehensive use of various methods and tools can the security of the server be improved. I wish your server is safe and worry-free!

The above is the detailed content of Learn to defend: Use command line tools to protect your Linux server. For more information, please follow other related articles on the PHP Chinese website!