centos7服务器初始配置

!增强VPS SSH账号安全:改端口,禁用Root,密钥登录,Denyhosts防暴力攻击

1.防火墙

systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动


iptables -I  INPUT -m state --state NEW -m tcp -p tcp --dport 27938 -j ACCEPT

 yum install iptables  -y # 安装iptables
 yum install iptables-services  -y 
service  iptables  restart  #重启防火墙使配置生效
service iptables  save  #保存配置
systemctl enable iptables.service #设置防火墙开机启动

2.ssh

sed -i 's/^#Port 22$/Port 27938/g'  /etc/ssh/sshd_config  && cat /etc/ssh/sshd_config |grep "Port" #修改并查看端口

service sshd restart #重启ssh

#检查一下端口是否可用

ssh-keygen -t rsa  #生成密钥

cat ~/.ssh/id_rsa.pub  >>  ~/.ssh/authorized_keys #添加到可信任的列表

chmod 600 ~/.ssh/authorized_keys  #必须600 否则不能正常登陆
#使用id_rsa生成一个公钥和私钥

service sshd restart

sed -i 's/^PasswordAuthentication yes$/PasswordAuthentication no/g'  /etc/ssh/sshd_config  && cat /etc/ssh/sshd_config |grep "Password" 

service sshd restart

3.安装java

#若地址失效到https://www.oracle.com/technetwork/java/javase/downloads/index.html 查找最新版java
mkdir ~/data && cd ~/data

wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" https://download.oracle.com/otn-pub/java/jdk/8u201-b09/42970487e3af4f5aa5bca3f542482c60/jdk-8u201-linux-x64.tar.gz

mkdir /usr/local/java && cd /usr/local/java/ && cp ~/data/jdk-8u201-linux-x64.tar.gz ./ && tar -zxvf jdk-8u201-linux-x64.tar.gz  &&  rm -f  jdk-8u201-linux-x64.tar.gz 

sed -i '$aJAVA_HOME=/usr/local/java/jdk1.8.0_201\nexport JRE_HOME=${JAVA_HOME}/jre\nexport CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib\nexport PATH=${JAVA_HOME}/bin:$PATH' /etc/profile  #添加系统变量到最后一行

source /etc/profile && java -version #生效并验证
posted @ 2019-04-09 20:52  thewindkee  阅读(105)  评论(0编辑  收藏  举报