页面“Ufw on debian”与“Debian服务器初始化”之间的差异

来自linux中国网wiki
(页面间的差异)
跳到导航 跳到搜索
 
 
第1行: 第1行:
[[category:ops]]  [[category:debian]] 
 
  
=*  install=
+
[[Salt-ssh批量初始化机器]]
 +
= os init=  
 +
== change sources ==
 +
===10源===
 +
<pre>
  
apt  install ufw
+
deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
 +
deb http://mirrors.aliyun.com/debian-security buster/updates main
 +
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
 +
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
 +
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
 +
 
 +
</pre>
 +
===9 源===
 +
<pre>
  
=* Configuration=
+
echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
<pre>
+
deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
ufw enable
+
deb http://mirrors.aliyun.com/debian-security stretch/updates main
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
+
deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
Firewall is active and enabled on system startup
+
deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
 +
deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
 +
deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list
 +
</pre>
  
 +
== ssh config==
 +
<pre>
 +
echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
 +
"  >> /root/.ssh/authorized_keys
  
 +
sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
  
ufw default deny incoming
+
sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
ufw default allow outgoing
+
 
 +
systemctl restart sshd
 +
#service  sshd restart
  
ufw status verbose
 
 
</pre>
 
</pre>
 +
==常用软件==
 +
<pre>
 +
useradd -d /data/evan  -s /bin/bash -m  evan
 +
数m表示如果该目录不存在,则创建该目录
 +
 +
 +
apt install net-tools  rsync wget  firewalld  vim  build-essential dnsutils screen  curl sudo lsb-release  iotop software-properties-common  -y  #dig dnsutils
 +
 +
#全面的开发工具
 +
sudo apt  install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`
 +
 +
 +
#ps
 +
apt install procps
 +
 +
 +
安装Fail2Ban
 +
</pre>
  
 +
[https://www.debian.cn/archives/2880 Debian 安装 fail2ban 方式SSH爆破攻击]
  
=* Firewall Rules=
+
 
 +
[[Debian配置iptables]]
 +
 
 +
=时间同步=
 
<pre>
 
<pre>
ufw app list
+
UTC时区切换到CST 时区
 
  
  ufw  allow 'SSH'
+
#用这个啦
ufw  allow WWW #其实就是80
+
# 设置亚洲时区 tzselect 有时不准
 +
timedatectl set-timezone Asia/Shanghai
 +
# 启用NTP同步 #关闭是 false
 +
timedatectl set-ntp yes
  
 
 
ufw allow 'Nginx HTTP'
 
  
 +
echo "export TZ='Asia/Shanghai'"  >> /etc/profile 
 +
cat /etc/profile |grep TZ 
 +
source /etc/profile
  
ufw allow 53/tcp </pre>
+
date -R  #时区查看
 +
date
 +
Sat Aug 19 17:03:17 CST 2017
 +
</pre>
  
 +
=security=
 +
==ufw==
  
 +
==firewalld==
 +
这个放弃了
  
==** Port Ranges ==
+
详情可见 [[Centos7 firewalld防火墙基础]]
<pre>
+
 
Port ranges may also be specified, a simple example for tcp would be:
+
[https://computingforgeeks.com/how-to-install-and-configure-firewalld-on-debian/ How To Install and Configure Firewalld on Debian 10]
 +
 
 +
[https://ywnz.com/linuxaq/5495.html 在Debian 10(Buster)上安装和配置Firewalld]
  
  ufw allow 1000:2000/tcp
+
=参考=
  
and for udp:
+
[https://blog.51cto.com/wzlinux/2043586 Ubuntu 新装服务器部署流程]
  
  ufw allow 1000:2000/udp</pre>
+
[https://www.howtoing.com/install-java-in-debian-and-ubuntu 如何在Debian和Ubuntu系统中安装Java 9]
  
==** IP address==
+
[http://www.ruanyifeng.com/blog/2014/03/server_setup.html Linux服务器的初步配置流程]
<pre>An IP address may also be used:
 
  
ufw allow from 111.222.333.444</pre>
+
[http://spenserj.com/blog/2013/07/15/securing-a-linux-server/ Securing a Linux Server]
  
=* Deleting Rules=
+
[http://blog.51cto.com/feihan21/1060365 Linux服务器初始化配置脚本]
<pre>
 
Rules may be deleted with the following command:
 
  
ufw delete allow ssh</pre>
+
[https://blog.imdst.com/linux-fu-wu-qi-chu-shi-hua-an-quan-jia-gu/ Linux服务器初始化调优及安全加固]
 
 
=* see also=
 
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29
 
  
 +
[https://linux.cn/article-5067-1.html 如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击]
  
https://help.ubuntu.com/community/UFW
+
[https://blog.csdn.net/developerinit/article/details/73065229?utm_source=blogxgwz7 Debian的一些常用命令]
  
https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
 
  
[https://zhuanlan.zhihu.com/p/36646621 ubuntu ufw 防火墙]
+
[https://www.cnblogs.com/yoyotl/p/8151409.html Debian 8 设置时区和时间配置]
 +
[[category:ops]]  [[category:debian]]

2020年2月27日 (四) 10:28的版本

Salt-ssh批量初始化机器

os init

change sources

10源


deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib

9 源


echo 'deb http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch main non-free contrib
deb http://mirrors.aliyun.com/debian-security stretch/updates main
deb-src http://mirrors.aliyun.com/debian-security stretch/updates main
deb http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ stretch-backports main non-free contrib ' >sources.list

ssh config

echo "ssh-rsa AAAAB3NzaC you_prk_key root@ops
"  >> /root/.ssh/authorized_keys

sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config

systemctl restart sshd
#service  sshd restart

常用软件

useradd -d /data/evan  -s /bin/bash -m  evan
数m表示如果该目录不存在,则创建该目录


apt install net-tools  rsync wget  firewalld  vim  build-essential dnsutils screen  curl sudo lsb-release  iotop software-properties-common  -y  #dig dnsutils 

#全面的开发工具
sudo apt  install git golang build-essential gcc g++ gdb libboost-dev make automake autogen autoconf cscope global cmake cmake-gui astyle clang-format clang llvm lldb libsqlite3-dev sqlite3 bison flex ruby-dev linux-headers-`uname -r`


#ps 
apt install procps


安装Fail2Ban
 

Debian 安装 fail2ban 方式SSH爆破攻击


Debian配置iptables

时间同步

UTC时区切换到CST 时区

#用这个啦 
# 设置亚洲时区  tzselect 有时不准
timedatectl set-timezone Asia/Shanghai
# 启用NTP同步 #关闭是 false 
timedatectl set-ntp yes


 echo "export TZ='Asia/Shanghai'"  >> /etc/profile  
 cat /etc/profile |grep TZ  
source /etc/profile

date -R  #时区查看 
 date 
Sat Aug 19 17:03:17 CST 2017

security

ufw

firewalld

这个放弃了

详情可见 Centos7 firewalld防火墙基础

How To Install and Configure Firewalld on Debian 10

在Debian 10(Buster)上安装和配置Firewalld

参考

Ubuntu 新装服务器部署流程

如何在Debian和Ubuntu系统中安装Java 9

Linux服务器的初步配置流程

Securing a Linux Server

Linux服务器初始化配置脚本

Linux服务器初始化调优及安全加固

如何使用 fail2ban 防御 SSH 服务器的暴力破解攻击

Debian的一些常用命令


Debian 8 设置时区和时间配置