1.开启防火墙
firewall-cmd --state systemctl start firewalld systemctl status firewalld
2.修改ssh端口
vim /etc/ssh/sshd_config Port 22 Port 50500
3.开通selinux
semanage port -l | grep ssh semanage port -a -t ssh_port_t -p tcp 50005
4.防火墙打开端口
firewall-cmd --permanent --query-port=50005/tcp firewall-cmd --zone=public --add-port=50005/tcp --permanent firewall-cmd --reload firewall-cmd --permanent --query-port=50005/tcp
6.重启ssh和防火墙
systemctl restart sshd systemctl restart firewalld.service
7.fail2ban
yum install fail2ban vim /etc/fail2ban/jail.d/jail.local [DEFAULT] ignoreip = 127.0.0.1/8 bantime = 3600 findtime = 600 maxretry = 3 [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh , protocol=tcp] logpath = /var/log/secure maxretry = 3 systemctl start fail2ban fail2ban-client reload fail2ban-client status ssh-iptables
8.防止ping
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
9.最近访问信息
last lastb vim /var/log/secure find /etc -mtime +1 -type f -print | ll -t
10.重启docker
systemctl restart docker
