Archive for 4 10 月, 2015

如何修改linux 的SSH的默认端口号?

By tort ( 4 10 月, 2015 at 下午 11:04) · Filed under Linux分享

在安装完毕linux,默认的情况下ssh是开放的,容易受到黑客攻击,简单,有效的操作之一就是修改默认端口号
如下列,我们把22修改我2501
就是修改/etc/ssh/sshd_config   //注意,容易和ssh_config相混合
步骤一
[root@localhost ssh]# more sshd_config
#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.
#Port 22             //先把22注释掉
port 2501            //添加一个新的端口
#Protocol 2,1
步骤二
[root@localhost ~]# service sshd restart
Stopping sshd:[  OK  ]
Starting sshd:[  OK  ]
步骤三
用SecureCRT测试

评论

Linux配置防火墙,开启80端口、3306端口

By tort ( 4 10 月, 2015 at 下午 11:03) · Filed under Linux分享

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#最后重启防火墙使配置生效

评论