centos7.9系统安全加固

devtools/2024/9/23 0:50:42/

1、限制用户登陆

vim /etc/hosts.deny，若禁止192.168.0.158对服务器进行ssh的登陆，添加如下内容
sshd : 192.168.0.158

添加完毕后就生效了，直接用192.168.0.158访问主机，就无法连接了，显示
Connection closing...Socket close.
Connection closed by foreign host.
Disconnected from remote host(192.168.0.x:22) at 09:46:24.

2、限制密码尝试失败次数
修改vim /etc/ssh/sshd_config
MaxAuthTries 2

SSH连接服务器密码尝试次数为2次，输错两次后自动断开连接

设置完毕后，必须重启SSH服务systemctl restart sshd

3、关闭centos的sftp功能
vim /etc/ssh/sshd_config
找到Subsystem sftp /usr/libexec/openssh/sftp-server这样
把这行注释掉,如下:
#Subsystem sftp /usr/libexec/openssh/sftp-server
退出保存后,重启sshd
systemctl restart sshd
以上就是Linux系统中禁止sftp命令的方法了。

4、centos7.9关闭TCP25端口对应的信箱服务
查看开启的IP端口
[root@niway ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*

查看网络IP和端口和进程号使用情况
[root@niway ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1182/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1509/master
tcp 0 52 192.168.0.164:22 192.168.70.33:55380 ESTABLISHED 1707/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1182/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1509/master

[root@niway /]# ps aux | grep 1509
root 1509 0.0 0.0 89708 2124 ? Ss 09:48 0:00 /usr/libexec/postfix/master -w
root 1831 0.0 0.0 112824 976 pts/0 S+ 10:07 0:00 grep --color=auto 1509