页面“Linux安全及服务器安全”与“Filebeat nginx log”之间的差异

来自linux中国网wiki
(页面间的差异)
跳到导航 跳到搜索
 
 
第1行: 第1行:
=2020遇到的安全问题=
+
[[category:ops]]
zerotie 病毒
 
  
服务器中了 zerotier-one
+
=ins and config=
 +
==Download and install Filebeat==
 +
<pre>
  
  
 +
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.12.0-amd64.deb
 +
sudo dpkg -i filebeat-7.12.0-amd64.deb
 +
</pre>
 +
==Edit the configuration ==
 +
<pre>
 +
Modify /etc/filebeat/filebeat.yml to set the connection information:
  
Jenkins是一个开源软件项目,是基于Java开发的一种持续集成工具,用于监控持续重复的工作,旨在提供一个开放易用的软件平台,使软件的持续集成变成可能。Jenkins历史上出现过多种高危漏洞,比如CVE_2015_8103、CVE_2017_1000353、控制台未授权访问漏洞等等。
+
output.elasticsearch:
漏洞详情:https://jenkins.io/security/advisories/
+
  hosts: ["<es_url>"]
 +
  username: "elastic"
 +
  password: "<password>"
 +
setup.kibana:
 +
  host: "<kibana_url>"
  
 +
Where <password> is the password of the elastic user, <es_url> is the URL of Elasticsearch, and <kibana_url> is the URL of Kibana.
  
[https://xz.aliyun.com/t/4756 Jenkins RCE漏洞成ImposterMiner挖矿木马新"跳板" ]
+
</pre>
  
[https://blog.csdn.net/g6U8W7p06dCO99fQ3/article/details/90205674  jenkins漏洞导致服务器中了挖矿病毒!cpu飙高351%!看我如何消灭它!]
+
==Enable and configure the nginx module ==
  
[https://bbs.csdn.net/topics/393688224?utm_medium=distribute.pc_relevant_t0.none-task-discussion_topic-BlogCommendFromBaidu-1.control&depth_1-utm_source=distribute.pc_relevant_t0.none-task-discussion_topic-BlogCommendFromBaidu-1.control  最近几天爆发的jenkins漏洞感染挖矿病毒有没有办法治治他? ]
+
<pre>
 +
sudo filebeat modules enable nginx
  
=安全扫描=
+
Modify the settings in the /etc/filebeat/modules.d/nginx.yml file.
git clone https://github.com/grayddq/GScan.git  && cd  GScan  && python GScan.py
 
  
=账户和登录安全=
+
</pre>
==删除特殊的用户和用户组==
 
==关闭不要的服务 ==
 
sendmail telnet
 
  
== 密码安全==
+
== Start Filebeat==
用key  不用直接root  use sudo -i
 
== 删减系统登录欢迎信息==
 
  
=远程访问和认证安全=
+
<pre>
== 远程登录取消telnet 只用ssh==
+
The setup command loads the Kibana dashboards. If the dashboards are already set up, omit this command.
==启用tcp_wrappers ==
 
  
== ==
+
sudo filebeat setup
 
+
sudo service filebeat start
== ==
+
</pre>
 
 
==非root 运行服务==
 
eg redis
 
 
 
= Fail2Ban=
 
[https://zhuanlan.zhihu.com/p/33546122 如何在 Linux 上用 Fail2Ban 保护服务器免受暴力攻击]
 
 
 
[https://www.debian.cn/archives/2880  Debian 安装 fail2ban 方式SSH爆破攻击]
 
 
 
[https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7 How To Protect SSH With Fail2Ban on CentOS 7]
 
 
 
=firewall=
 
 
 
==ufw==
 
https://wiki.ubuntu.com.cn/Ufw%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97
 
 
 
https://wiki.ubuntu.com.cn/UFW%E9%98%B2%E7%81%AB%E5%A2%99%E7%AE%80%E5%8D%95%E8%AE%BE%E7%BD%AE
 
 
 
=ssh=
 
[[Openssh安全性配置]]
 
 
 
= =
 
 
 
=deny root =
 
  
 +
== Module status==
 +
<pre>
 +
Module status  右边的 check data 按键  -- > Nginx logs dashboard
  
 +
</pre>
 +
systemctl daemon-reload
  
 
=see also=
 
=see also=
[https://www.ibm.com/developerworks/cn/linux/security/l-ossec/part3/index.html 系统安全工具介绍]
 
 
[https://blog.csdn.net/kwame211/article/details/77100280 Linux系统安全加固设置详细教程]
 
  
[https://www.cnblogs.com/sun-sunshine123/p/7119472.html Linux系统安全配置基线]
+
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-nginx.html
  
[https://wiki.ubuntu.com.cn/StrongPasswords StrongPasswords]
 
  
[[category:ops]]
+
[https://www.cnblogs.com/kuku0223/p/8317965.html ELK--filebeat nginx模块]

2021年4月27日 (二) 09:25的版本


ins and config

Download and install Filebeat



curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.12.0-amd64.deb
sudo dpkg -i filebeat-7.12.0-amd64.deb

Edit the configuration

Modify /etc/filebeat/filebeat.yml to set the connection information:

output.elasticsearch:
  hosts: ["<es_url>"]
  username: "elastic"
  password: "<password>"
setup.kibana:
  host: "<kibana_url>"

Where <password> is the password of the elastic user, <es_url> is the URL of Elasticsearch, and <kibana_url> is the URL of Kibana.

Enable and configure the nginx module

sudo filebeat modules enable nginx

Modify the settings in the /etc/filebeat/modules.d/nginx.yml file.

Start Filebeat

The setup command loads the Kibana dashboards. If the dashboards are already set up, omit this command.

sudo filebeat setup
sudo service filebeat start

Module status

Module status  右边的 check data 按键  -- > Nginx logs dashboard

systemctl daemon-reload

see also

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-nginx.html


ELK--filebeat nginx模块

取自“http://wiki.linuxchina.net/index.php?title=Linux安全及服务器安全&oldid=6191