\u751f\u4ea7\u73af\u5883\uff08\u5bf9\u5916\u7f51\u7ad9\uff09<\/p>\n\n\n\n
\u68c0\u67e5\uff1a<\/p>\n\n\n\n
ss -lntp | grep 3306\n<\/code><\/pre>\n\n\n\n\u5982\u679c\u663e\u793a\uff1a<\/p>\n\n\n\n
0.0.0.0:3306\n<\/code><\/pre>\n\n\n\n\u8bf4\u660e\u5bf9\u516c\u7f51\u5f00\u653e \u274c<\/p>\n\n\n\n
\u4fee\u6539 MySQL \u914d\u7f6e\uff1a<\/p>\n\n\n\n
\/etc\/my.cnf\n\u6216\n\/etc\/mysql\/mysql.conf.d\/mysqld.cnf\n<\/code><\/pre>\n\n\n\n\u6539\u6210\uff1a<\/p>\n\n\n\n
bind-address = 127.0.0.1\n<\/code><\/pre>\n\n\n\n\u7136\u540e\uff1a<\/p>\n\n\n\n
systemctl restart mysqld\n<\/code><\/pre>\n\n\n\n\u2714 \u6570\u636e\u5e93\u53ea\u5141\u8bb8\u672c\u673a\u8bbf\u95ee
\u2714 \u66b4\u529b\u7834\u89e3\u76f4\u63a5\u5931\u6548<\/p>\n\n\n\n
\n\n\n\n\u2461 \u4fee\u6539\u5b9d\u5854\u9ed8\u8ba4\u7aef\u53e3 8888<\/h2>\n\n\n\n
\u5b9d\u5854\u9ed8\u8ba4\u7aef\u53e3\u88ab\u5168\u7403\u626b\u63cf\u3002<\/p>\n\n\n\n
\u6539\u7aef\u53e3\uff1a<\/p>\n\n\n\n
\u5b9d\u5854 \u2192 \u8bbe\u7f6e \u2192 \u9762\u677f\u7aef\u53e3<\/p>\n\n\n\n
\u6539\u6210\u4f8b\u5982\uff1a<\/p>\n\n\n\n
24739\n<\/code><\/pre>\n\n\n\n\u7136\u540e\uff1a<\/p>\n\n\n\n
\u2714 \u9632\u706b\u5899\u53ea\u5141\u8bb8\u4f60\u81ea\u5df1\u7684IP\u8bbf\u95ee
\u2714 \u6216\u4f7f\u7528 Cloudflare Tunnel<\/p>\n\n\n\n
\n\n\n\n\u2462 SSH \u5b89\u5168\u914d\u7f6e\uff08\u5fc5\u987b\uff09<\/h2>\n\n\n\n
\u7f16\u8f91\uff1a<\/p>\n\n\n\n
vi \/etc\/ssh\/sshd_config\n<\/code><\/pre>\n\n\n\n\u4fee\u6539\uff1a<\/p>\n\n\n\n
PermitRootLogin no\nPasswordAuthentication no\nClientAliveInterval 600\nClientAliveCountMax 0\n<\/code><\/pre>\n\n\n\n\u7136\u540e\uff1a<\/p>\n\n\n\n
systemctl restart sshd\n<\/code><\/pre>\n\n\n\n\u8bf4\u660e\uff1a<\/p>\n\n\n\n
\n- \u7981\u6b62root\u76f4\u767b<\/li>\n\n\n\n
- \u7981\u6b62\u5bc6\u7801\u767b\u5f55\uff08\u53ea\u5141\u8bb8\u5bc6\u94a5\uff09<\/li>\n\n\n\n
- 10\u5206\u949f\u65e0\u64cd\u4f5c\u81ea\u52a8\u65ad\u5f00<\/li>\n<\/ul>\n\n\n\n
\u26a0 \u505a\u4e4b\u524d\u786e\u8ba4\u4f60\u5df2\u7ecf\u80fd\u7528\u5bc6\u94a5\u767b\u5f55\uff01<\/p>\n\n\n\n
\n\n\n\n\u2463 \u5220\u9664 rsh<\/h2>\n\n\n\nyum remove rsh -y\n# \u6216\napt remove rsh-client -y\n<\/code><\/pre>\n\n\n\nrsh = \u660e\u6587\u534f\u8bae
\u6ca1\u5fc5\u8981\u5b58\u5728\u3002<\/p>\n\n\n\n
\n\n\n\n\u2464 \u4fee\u590d sudo NOPASSWD<\/h2>\n\n\n\n
\u68c0\u67e5\uff1a<\/p>\n\n\n\n
cat \/etc\/sudoers.d\/90-cloud-init-users\n<\/code><\/pre>\n\n\n\n\u5982\u679c\u6709\uff1a<\/p>\n\n\n\n
NOPASSWD\n<\/code><\/pre>\n\n\n\n\u6539\u4e3a\uff1a<\/p>\n\n\n\n
ALL=(ALL) ALL\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83d\udfe0 \u7b2c\u4e8c\u9636\u6bb5\uff1a\u6807\u51c6\u751f\u4ea7\u52a0\u56fa<\/h1>\n\n\n\n
\u8fd9\u4e9b\u662f Linux \u5b89\u5168\u57fa\u7ebf\u3002<\/p>\n\n\n\n
\n\n\n\n\u2460 \u542f\u7528 SYN Cookie\uff08\u9632 SYN Flood\uff09<\/h2>\n\n\n\necho \"net.ipv4.tcp_syncookies=1\" >> \/etc\/sysctl.conf\nsysctl -p\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2461 \u7981\u6b62 ICMP \u91cd\u5b9a\u5411<\/h2>\n\n\n\necho \"net.ipv4.conf.all.accept_redirects=0\" >> \/etc\/sysctl.conf\necho \"net.ipv4.conf.default.accept_redirects=0\" >> \/etc\/sysctl.conf\nsysctl -p\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2462 \u7981\u6b62 Source Route<\/h2>\n\n\n\necho \"net.ipv4.conf.all.accept_source_route=0\" >> \/etc\/sysctl.conf\necho \"net.ipv4.conf.default.accept_source_route=0\" >> \/etc\/sysctl.conf\nsysctl -p\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2463 \/tmp \u52a0 nosuid<\/h2>\n\n\n\n
\u7f16\u8f91\uff1a<\/p>\n\n\n\n
\/etc\/fstab\n<\/code><\/pre>\n\n\n\n\u6539\u4e3a\uff1a<\/p>\n\n\n\n
tmpfs \/tmp tmpfs defaults,noexec,nosuid,nodev 0 0\n<\/code><\/pre>\n\n\n\n\u7136\u540e\uff1a<\/p>\n\n\n\n
mount -o remount \/tmp\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u2464 \u5f00\u542f fail2ban\uff08\u5f3a\u70c8\u5efa\u8bae\uff09<\/h2>\n\n\n\nyum install fail2ban -y\nsystemctl enable fail2ban\nsystemctl start fail2ban\n<\/code><\/pre>\n\n\n\n\u9632\u7206\u7834\u795e\u5668\u3002<\/p>\n\n\n\n
\n\n\n\n\ud83d\udfe2 \u7b2c\u4e09\u9636\u6bb5\uff1a\u4f01\u4e1a\u7ea7\u8fdb\u9636\uff08\u5efa\u8bae\u4f46\u4e0d\u6025\uff09<\/h1>\n\n\n\n
\n\n\n\nauditd<\/h2>\n\n\n\nyum install audit -y\nsystemctl enable auditd\n<\/code><\/pre>\n\n\n\n
\n\n\n\nAIDE \u6587\u4ef6\u5b8c\u6574\u6027\u68c0\u6d4b<\/h2>\n\n\n\nyum install aide -y\naide --init\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u6539 GRUB \u6743\u9650<\/h2>\n\n\n\nchmod 600 \/boot\/grub\/grub.cfg\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\ud83c\udfaf \u5b9d\u5854\u751f\u4ea7\u73af\u5883\u6700\u4f73\u67b6\u6784\uff08\u5efa\u8bae\u4f60\u8003\u8651\uff09<\/h1>\n\n\n\n
\u4f60\u73b0\u5728\u505a\u7f51\u7ad9\uff0c\u6211\u5efa\u8bae\uff1a<\/p>\n\n\n\n
\u516c\u7f51\n \u2193\nCloudflare\n \u2193\nNginx\n \u2193\nPHP\n \u2193\nMySQL (127.0.0.1)\n<\/code><\/pre>\n\n\n\n\u52a0\u4e0a\uff1a<\/p>\n\n\n\n
\n- WAF\uff08Cloudflare\uff09<\/li>\n\n\n\n
- \u53ea\u5f00\u653e 80\/443<\/li>\n\n\n\n
- \u5173\u95ed 3306<\/li>\n\n\n\n
- SSH \u53ea\u5141\u8bb8\u4f60IP<\/li>\n<\/ul>\n\n\n\n
\n\n\n\n\ud83d\udcca \u771f\u5b9e\u98ce\u9669\u6392\u5e8f\uff08\u6309\u88ab\u9ed1\u6982\u7387\uff09<\/h1>\n\n\n\n\u98ce\u9669\u9879<\/th> \u5b9e\u9645\u5371\u9669<\/th><\/tr><\/thead> 3306\u516c\u7f51\u5f00\u653e<\/td> \ud83d\udd34\ud83d\udd34\ud83d\udd34<\/td><\/tr> SSH\u5bc6\u7801\u767b\u5f55<\/td> \ud83d\udd34\ud83d\udd34<\/td><\/tr> \u9762\u677f\u9ed8\u8ba4\u7aef\u53e3<\/td> \ud83d\udd34\ud83d\udd34<\/td><\/tr> \u672a\u542f\u7528fail2ban<\/td> \ud83d\udd34<\/td><\/tr> sysctl\u672a\u52a0\u56fa<\/td> \ud83d\udfe1<\/td><\/tr> audit\u7f3a\u5931<\/td> \ud83d\udfe2<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\u26a0 \u6700\u91cd\u8981\u4e00\u53e5\u8bdd<\/h1>\n\n\n\n
\u751f\u4ea7\u73af\u5883\u670d\u52a1\u5668\uff1a<\/p>\n\n\n\n
\u2714 \u4e0d\u8981\u8ffd\u6c42\u201c\u626b\u63cf\u5168\u7eff\u201d
\u2714 \u91cd\u70b9\u662f\u51cf\u5c11\u53ef\u653b\u51fb\u9762
\u2714 \u7aef\u53e3\u8d8a\u5c11\u8d8a\u5b89\u5168
\u2714 \u670d\u52a1\u8d8a\u5c11\u8d8a\u5b89\u5168<\/p>\n","protected":false},"excerpt":{"rendered":"
\u751f\u4ea7\u73af\u5883\uff08\u5bf9\u5916\u7f51\u7ad9\uff09 \u7b2c\u4e00\u9636\u6bb5\uff1a \u2460 \u5173 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3],"tags":[],"class_list":["post-31","post","type-post","status-publish","format-standard","hentry","category-linux-"],"_links":{"self":[{"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/posts\/31","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/comments?post=31"}],"version-history":[{"count":1,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/posts\/31\/revisions"}],"predecessor-version":[{"id":32,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/posts\/31\/revisions\/32"}],"wp:attachment":[{"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/media?parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/categories?post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/word.ronrin.cn\/index.php\/wp-json\/wp\/v2\/tags?post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}