页面“Linux安全及服务器安全”与“Filebeat nginx log”之间的差异

跳到导航 跳到搜索
第1行: 第1行:
zerotie 病毒
服务器中了 zerotier-one
=ins and config=
==Download and install Filebeat==
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.12.0-amd64.deb
sudo dpkg -i filebeat-7.12.0-amd64.deb
==Edit the configuration ==
Modify /etc/filebeat/filebeat.yml to set the connection information:
  hosts: ["<es_url>"]
[https://xz.aliyun.com/t/4756 Jenkins RCE漏洞成ImposterMiner挖矿木马新"跳板" ]
  username: "elastic"
  password: "<password>"
  host: "<kibana_url>"
Where <password> is the password of the elastic user, <es_url> is the URL of Elasticsearch, and <kibana_url> is the URL of Kibana.
git clone https://github.com/grayddq/GScan.git  && cd  GScan  && python GScan.py
==关闭不要的服务 ==
sendmail telnet
== 密码安全==
==Enable and configure the nginx module ==
用key  不用直接root  use sudo -i
== 删减系统登录欢迎信息==
== 远程登录取消telnet 只用ssh==
sudo filebeat modules enable nginx
==启用tcp_wrappers ==
== ==
Modify the settings in the /etc/filebeat/modules.d/nginx.yml file.
== ==
==非root 运行服务==
== Start Filebeat==
eg redis
= Fail2Ban=
[https://zhuanlan.zhihu.com/p/33546122 如何在 Linux 上用 Fail2Ban 保护服务器免受暴力攻击]
The setup command loads the Kibana dashboards. If the dashboards are already set up, omit this command.
[https://www.debian.cn/archives/2880  Debian 安装 fail2ban 方式SSH爆破攻击]
sudo filebeat setup
sudo service filebeat start
[https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7 How To Protect SSH With Fail2Ban on CentOS 7]
= =
=deny root =
== Module status==
Module status  右边的 check data 按键  -- > Nginx logs dashboard
systemctl daemon-reload
=see also=
=see also=
[https://www.ibm.com/developerworks/cn/linux/security/l-ossec/part3/index.html 系统安全工具介绍]
[https://blog.csdn.net/kwame211/article/details/77100280 Linux系统安全加固设置详细教程]
[https://www.cnblogs.com/sun-sunshine123/p/7119472.html Linux系统安全配置基线]
[https://wiki.ubuntu.com.cn/StrongPasswords StrongPasswords]
[https://www.cnblogs.com/kuku0223/p/8317965.html ELK--filebeat nginx模块]

2021年4月27日 (二) 09:25的版本

ins and config

Download and install Filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.12.0-amd64.deb
sudo dpkg -i filebeat-7.12.0-amd64.deb

Edit the configuration

Modify /etc/filebeat/filebeat.yml to set the connection information:

  hosts: ["<es_url>"]
  username: "elastic"
  password: "<password>"
  host: "<kibana_url>"

Where <password> is the password of the elastic user, <es_url> is the URL of Elasticsearch, and <kibana_url> is the URL of Kibana.

Enable and configure the nginx module

sudo filebeat modules enable nginx

Modify the settings in the /etc/filebeat/modules.d/nginx.yml file.

Start Filebeat

The setup command loads the Kibana dashboards. If the dashboards are already set up, omit this command.

sudo filebeat setup
sudo service filebeat start

Module status

Module status  右边的 check data 按键  -- > Nginx logs dashboard

systemctl daemon-reload

see also


ELK--filebeat nginx模块