首 页
站内留言 会员登陆 会员注册 站长推荐: 文字广告
站内搜索: 您的位置素材在线 > 互联网络 > 技术学院 > 服 务 器 > Fressbsd > 新闻内容

FreeBSD 6.1 入门级Web服务器配置手记末

2008-8-28 18:09:00  来源:顶酷手机网  作者:本站整理 【 查看评论

QUOTE:

  # chmod u+x /usr/local/etc/rc.d/pure-ftpd.sh

  # ee /etc/rc.conf

  CODE:

  pure-ftpd_enable=”YES”

  安装配置pureftpdadmin

  QUOTE:

  # mount /cdrom

  # cp –R /cdrom/pureftpdadmin /usr/www/pureftpdadmin

  # ee /usr/www/pureftpdadmin/pureftp.config.php

  CODE:

$PUREFTP_CONFIG_FILE    = '/usr/local/etc/pureftpd-mysql.conf';
$DefaultUser = "ftpadmin";
$DefaultPass = "adminpassword";

  QUOTE:

  # ee /usr/www/pureftpdadmin/goodies/Quota_Checker.php

  CODE:

$PUREFTP_CONFIG_FILE    = '/usr/local/etc/pureftpd-mysql.conf';

  QUOTE:

  # chmod 755 /usr/local/sbin/pure-ftpwho

  # chmod ug+s /usr/local/sbin/pure-ftpwho

  设置pureftpdadmin安全

  QUOTE:

  # ee /usr/local/etc/apache22/httpd.conf

  CODE:

<Directory "/usr/www/pureftpdadmin">
deny from all
Options None
AllowOverride AuthConfig
Order deny,allow
</Directory>

  QUOTE:

  # ee /usr/www/pureftpdadmin/.htaccess

  CODE:

AuthType Basic
AuthUserFile /usr/local/ftpadmin.pwd
AuthName “操作前请登录”
require valid-user
satisfy any

  QUOTE:

# htpasswd -bc /usr/local/ftpadmin.pwd ftpadmin adminpassword

  四、系统安全

  1、防火墙IPFW

 启用防火墙

  QUOTE:

  # ee /etc/rc.conf

  CODE:

firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"

  QUOTE:

  # ee /etc/sysctl.conf

  CODE:

net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5

  编辑防火墙规则

  QUOTE:

# ee /etc/ipfw.rules

  CODE:

# 具体语法请参考http://doc.code365.net/Manual/FreeBSD_HandBook/firewalls-ipfw.html
#
##################
#启动时重载规则列表#
##################
ipfw -q -f flush
#
#############
#设置命令前缀#
#############
cmd="ipfw -q add"
#
#############
#设置DNS地址#
#############
dns="192.168.163.2"
#
################
#公网网卡界面名称#
################
pif="lnc0"
#
################
#不限制loopback#
################
$cmd 00100 allow all from any to any via lo0
#
###############
#允许自定义规则#
###############
$cmd 00200 check-state
#
###############
#允许与DNS通讯#
###############
$cmd 00300 allow tcp from any to $dns 53 out via $pif keep-state
$cmd 00400 allow udp from any to $dna 53 out via $pif keep-state
#
#####################################################
#允许http连接(limit src-addr意为限制同一地址连接数量)#
#####################################################
$cmd 00500 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00600 allow tcp from any to me 80 in via $pif setup limit src-addr 10
#
######################################################
#允许https连接(limit src-addr意为限制同一地址连接数量)#
######################################################
$cmd 00700 allow tcp from any to any 443 out via $pif setup keep-state
$cmd 00800 allow tcp from any to me 443 in via $pif setup limit src-addr 10
#
#######################################################
#允许收发电子邮件(limit src-addr意为限制同一地址连接数量)#
#######################################################
$cmd 00900 allow tcp from any to any 25 out via $pif setup keep-state
#$cmd 01000 allow tcp from any to me 25 in via $pif setup limit src-addr 1
#
$cmd 01100 allow tcp from any to any 110 out via $pif setup keep-state
#$cmd 01100 allow tcp from any to me 110 in via $pif setup limit src-addr 1
#
#########################
#允许CVSP和PORT安装/更新#
#########################
$cmd 01200 allow tcp from any to any via $pif setup keep-state uid root
#
##########
#允许ping#
##########
$cmd 01300 allow icmp from any to any out via $pif keep-state
#$cmd 01300 allow icmp from any to any in via $pif keep-state
#
####################################################
#允许FTP连接(limit src-addr意为限制同一地址连接数量)#
####################################################
$cmd 01400 allow tcp from any to any 21 out via $pif setup keep-state
$cmd 01500 allow tcp from any to any 21 in via $pif setup limit src-addr 2
#
########################################################
#允许SSH远程连接(limit src-addr意为限制同一地址连接数量)#
########################################################
$cmd 01600 allow tcp from any to any 22 out via $pif setup keep-state
$cmd 01700 allow tcp from any to any 22 in via $pif setup limit src-addr 2
#
######################
#禁止此规则以外的所有连接#
######################
$cmd 60000 deny log all from any to any
 2、设置远程登录安全

# ee /etc/ssh/sshd_config
port 22    //可以改成不常用端口,并在防火墙设置中作相应修改
protocol 1
hostkey /etc/ssh/ssh_host_key
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeyFiles .ssh/authorized_keys
PasswordAuthentication no
# ssh-keygen -b 1024 -t rsa1

  一路回车默认

# cp /root/.ssh/identity.pub /usr/www    # 复制到一个可以用ftp下载的地方

  用ftp下载identity.pub,保存到本地;

  在本地启动putty.exe(免费软件);

  在session设置中填好IP和端口;

  在connection-SSH-Auth中,Browse下载的identity.pub;

  勾选Attempt TIS or CryptoCard auth(SSH-1);

  点击open连接;

  按照提示输入用户名、密码

  3、其他安全设置

  关闭一些不安全的服务

# ee /etc/rc.conf
sendmail_enable="NONE"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable=

[1] [2] [3]  下一页

文字链接广告
  • 上一篇:FreeBSD拨号网关的建立上
  • 下一篇:FreeBSD 6.1 入门级Web服务器配置手记下
    • 最新图文
    相关文章列表
    (评论内容只代表网友观点,与本站立场无关!)[ 全部评论 ]

    网友评论:

        用户名:

        评   分:100分 85分 70分 55分 40分 25分 10分 0分

        内 容:

                     (注“”为必填内容。) 验证码: 验证码,看不清楚?请点击刷新验证码

    本类热门文章
    推荐文章
    关于本站 - 网站帮助 - 广告服务 - 网站地图 - 下载声明 - 友情链接 -
    Copyright © 2003-2008 9263.Net. All Rights Reserved .
    联系方式:  E-mail:dincoo@qq.com 在线QQ:9221108