Pengetahuan Dunia Komputer

Memuat...

Rabu, 14 Desember 2011

Debian Web Server

Berikut adalah cara men-setup sebuah web server Debian menggunakan sebagai sedikit repositori perangkat lunak tambahan dan perangkat lunak kustom-dikompilasi mungkin. Saya berbagi server saya dengan beberapa teman, dan itu disimpan di SharedLayer.
apt-get install sudo screen irssi oidentd


  1. Get Debian Linux installed – minimal install, without anything else
  2. Run “apt-get upgrade” as root user; if a new kernel was installed, reboot into the new kernel
  3. Run “adduser <username>” to create an unprivileged user account.
  4. Add sudo access for that user by running “visudo” – find the line labeled “root    ALL=(ALL) ALL”, and add a line under with the username of your unprivileged user above.
  5. Disable root SSH login and enable a few security settings by editing /etc/ssh/sshd_config:
    • LoginGraceTime 15
    • PermitRootLogin no
    • PrintMotd yes
  6. Restart the SSH server and verify that you are unable to login as “root” over SSH
    • /etc/init.d/sshd restart
  7. Enter the following firewall table to /etc/firewall.conf
*filter
:INPUT DROP [121262:35669320]
:FORWARD ACCEPT [5171418:2511260895]
:OUTPUT ACCEPT [13692255:5696622228]
-A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –update –seconds 120 –hitcount 4 –name DEFAULT –rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name DEFAULT –rsource
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 113 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 80 -j ACCEPT
COMMIT
*filter
:INPUT DROP [121262:35669320]
:FORWARD ACCEPT [5171418:2511260895]
:OUTPUT ACCEPT [13692255:5696622228]
-A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –update –seconds 120 –hitcount 4 –name DEFAULT –rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name DEFAULT –rsource
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 113 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports 80 -j ACCEPT
COMMIT


Diposting oleh di
Label: , ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)