VPS配置木马防护,家庭vps,云主机是虚拟主机吗,美国纽约服务器vps,国外vps 试用

🗣 Wd提问: VPS配置木马防护

🤖 Ai回答:
VPS木马防护配置指南

1、系统安全基础设置

SSH安全配置
bash
编辑SSH配置文件
sudo vim /etc/ssh/sshd_config

关键配置项
Port 2222 修改默认端口
PermitRootLogin no 禁止root直接登录
PasswordAuthentication no 禁用密码认证，使用密钥
AllowUsers your_username 限制允许登录的用户
MaxAuthTries 3 限制认证尝试次数
ClientAliveInterval 300 连接超时设置

防火墙配置
bash
Ubuntu/Debian UFW防火墙
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp 允许SSH端口
sudo ufw allow 80/tcp HTTP
sudo ufw allow 443/tcp HTTPS
sudo ufw enable

CentOS/RHEL firewalld
sudo firewall-cmd permanent add-service=ssh
sudo firewall-cmd permanent add-port=2222/tcp
sudo firewall-cmd reload

2、安装安全监控工具

ClamAV杀毒软件
bash
安装ClamAV
sudo apt update
sudo apt install clamav clamav-daemon

更新病毒库
sudo freshclam

扫描系统
sudo clamscan -r /home
sudo clamscan -r /var/www

Rootkit检测工具
bash
安装chkrootkit
sudo apt install chkrootkit
运行检测
sudo chkrootkit

安装rkhunter
sudo apt install rkhunter
更新数据库并扫描
sudo rkhunter update
sudo rkhunter propupd
sudo rkhunter check

3、文件完整性监控

Tripwire配置
bash
安装Tripwire
sudo apt install tripwire

初始化配置
sudo tripwire init

创建策略文件
sudo vim /etc/tripwire/twpol.txt

重要目录监控
/rbin $(ReadOnly) ;
/usr/sbin $(ReadOnly) ;
/etc $(Dynamic) -i /etc/mtab ;
/var/log $(Dynamic) ;

更新策略
sudo tripwire update-policy /etc/tripwire/twpol.txt

AIDE (Advanced Intrusion Detection Environment)
bash
安装AIDE
sudo apt install aide

初始化数据库
sudo aide init
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

配置监控规则
sudo vim /etc/aide/aide.conf

示例配置
/etc p+i+n+u+g+s+b+m+c+acl+selinux+xattrs+sha512
/bin p+i+n+u+g+s+b+m+c+acl+selinux+xattrs+sha512
/sbin p+i+n+u+g+s+b+m+c+acl+selinux+xattrs+sha512

执行检查
sudo aide check

4、实时监控和告警

Fail2ban配置
bash
安装Fail2ban
sudo apt install fail2ban

创建本地配置文件
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

配置文件内容
sudo vim /etc/fail2ban/jail.local

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 3

[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

启动服务
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

日志监控脚本
bash
!/bin/bash
创建实时日志监控脚本
cat /usr/local/bin/log_monitor.sh << 'EOF'
!/bin/bash

LOG_FILE=/var/log/auth.log
ALERT_EMAIL=admin@yourdomain.com

tail -f $LOG_FILE | while read line; do
检测异常登录尝试
if echo $line | grep -E (Failed|Invalid) | grep sshd; then
echo Security Alert: $line | mail -s SSH Attack Detected $ALERT_EMAIL
fi

检测新进程启动
if echo $line | grep session opened; then
echo Login Alert: $line /var/log/security_alerts.log
fi
done
EOF

chmod +x /usr/local/bin/log_monitor.sh

5、进程和服务管理

系统服务审查
bash
查看运行中的服务
systemctl list-units type=service state=running

查看开机自启服务
systemctl list-unit-files type=service | grep enabled

禁用不必要的服务
sudo systemctl disable [service_name]

监控进程创建
ps aux forest

使用Systemd监控
bash
创建服务监控脚本
cat /etc/systemd/system/process-monitor.service << 'EOF'
[Unit]
Description=Process Monitor Service
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/process_monitor.py
Restart=always
User=root

[Install]
WantedBy=multi-user.target
EOF

Python监控脚本示例
cat /usr/local/bin/process_monitor.py << 'EOF'
!/usr/bin/env python3
import psutil
import time
import logging

logging.basicConfig(filename='/var/log/process_monitor.log',
level=logging.INFO,
format='%(asctime)s %(message)s')

whitelist = ['systemd', 'sshd', 'nginx', 'mysql']

def monitor_processes():
for proc in psutil.process_iter(['pid', 'name']):
try:
if proc.info['name'] not in whitelist:
logging.warning(fSuspicious process: {proc.info})
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass

if __name__ == __main__:
while True:
monitor_processes()
time.sleep(60)
EOF

6、网络安全防护

IPTables高级配置
bash
基础防护规则
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

允许已建立连接
iptables -A INPUT -m state state ESTABLISHED,RELATED -j ACCEPT

允许本地回环
iptables -A INPUT -i lo -j ACCEPT

允许特定端口
iptables -A INPUT -p tcp dport 2222 -j ACCEPT
iptables -A INPUT -p tcp dport 80 -j ACCEPT
iptables -A INPUT -p tcp dport 443 -j ACCEPT

防止DDoS攻击
iptables -A INPUT -p tcp dport 80 -m limit limit 25/minute limit-burst 100 -j ACCEPT

保存规则
iptables-save /etc/iptables/rules.v4

网络流量监控
bash
安装网络监控工具
sudo apt install nethogs iftop

实时查看网络连接
sudo netstat -tulpn

查看活动连接
sudo ss -tuln

监控网络流量
sudo iftop -i eth0

7、定期安全检查脚本

bash
!/bin/bash
创建自动安全检查脚本
cat /usr/local/bin/security_check.sh << 'EOF'
!/bin/bash

REPORT=/var/log/security_report_$(date +%Y%m%d).txt

echo === Security Check Report $(date) === $REPORT

1、检查最近登录
echo Recent Logins: $REPORT
last | head -10 $REPORT

2、检查当前登录用户
echo -e \nCurrently Logged In: $REPORT
who $REPORT

3、检查可疑进程
echo -e \nSuspicious Processes: $REPORT
ps aux | grep -v -E (grep|systemd|sshd|bash|sh) | awk '{if($31.0) print}' $REPORT

4、检查开放端口
echo -e \nOpen Ports: $REPORT
netstat -tuln $REPORT

5、检查磁盘使用情况
echo -e \nDisk Usage: $REPORT
df -h $REPORT

6、运行恶意软件扫描
echo -e \nMalware Scan Results: $REPORT
clamscan -i /tmp /var/tmp 2/dev/null $REPORT

发送报告邮件
mail -s Security Report admin@yourdomain.com < $REPORT
EOF

chmod +x /usr/local/bin/security_check.sh

添加到定时

Ai作答

📣 商家广告：