Home >Operation and Maintenance >Linux Operation and Maintenance >How to set up your CentOS system to block port scans from outside attackers

How to set up your CentOS system to block port scans from outside attackers

PHPz
PHPzOriginal
2023-07-05 11:22:552742browse

How to set up a CentOS system to prevent port scanning by external attackers

Abstract:
With the continuous development of the Internet, network security issues are becoming more and more prominent. External attackers often use port scanning to find security holes in systems. To protect our systems, we need to take steps to block these scans. This article will introduce how to set up a CentOS system to prevent port scanning by external attackers and provide relevant code examples.

1. Install and configure the firewall
The CentOS system comes with the firewalld firewall. We can limit port scanning of the system by configuring the firewall.

1. Install firewalld:
sudo yum install firewalld

2. Start the firewalld service:
sudo systemctl start firewalld

3. Set firewalld to start automatically at boot :
sudo systemctl enable firewalld

4. Check the firewalld status:
sudo firewall-cmd --state

2. Add port rules
We can use the firewalld command to Add port rules to block port scans by external attackers.

1. View the ports opened by the system:
sudo firewall-cmd --list-ports

2. Add the ports that are allowed to be accessed:
sudo firewall-cmd --add -port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent

3. Remove the default open port:
sudo firewall-cmd --remove-service=http --permanent
sudo firewall-cmd --remove-service=https --permanent

4. Reload firewalld configuration:
sudo firewall-cmd --reload

3. Disable ICMP responses
In addition to restricting port access, we can also disable ICMP responses, which can effectively prevent external attackers from performing regular ping scans.

1. Disable ICMP response:
sudo firewall-cmd --permanent --add-rich-rule='rule protocol value="icmp" drop'

2. Reload firewalld configuration:
sudo firewall-cmd --reload

4. Turn on SYN Cookie protection
SYN Cookie is a mechanism to prevent DoS and DDoS attacks. By turning on SYN Cookie protection, we can effectively Prevent external attackers from performing port scans on your system.

1. Turn on SYN Cookie protection:
sudo echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
sudo sysctl -p

2. Reload the sysctl configuration:
sudo sysctl --system

5. Restrict SSH access
SSH is one of the commonly used intrusion methods by external attackers. We can reduce the system by restricting SSH access. Risk of attack.

1. Edit the SSH configuration file:
sudo vi /etc/ssh/sshd_config

2. Uncomment the following line and modify it to the specified port and IP:

Port 22

PermitRootLogin yes

PasswordAuthentication yes

AllowUsers user_name@ip_address

3. Save the file and restart the SSH service:
sudo service sshd restart

6. Monitoring system logs
Finally, we should regularly monitor the system logs to detect and respond to possible attacks in a timely manner.

1. View the system log:
sudo tail -f /var/log/messages

Code example:

1. Add ports that allow access to ports 80 and 443 Rules:
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent

2. Disable ICMP Example of response:
sudo firewall-cmd --permanent --add-rich-rule='rule protocol value="icmp" drop'

3. Example of turning on SYN Cookie protection:
sudo echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
sudo sysctl -p

Summary:
By installing and configuring the firewall, adding port rules, and disabling By taking measures such as ICMP response, enabling SYN Cookie protection and restricting SSH access, we can effectively prevent port scanning by external attackers and improve system security. At the same time, we should also monitor system logs regularly to detect and respond to potential attacks in a timely manner. Only by comprehensively applying various security measures can we better protect our systems from the threat of external attacks.

The above is the detailed content of How to set up your CentOS system to block port scans from outside attackers. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn