Home >Operation and Maintenance >Linux Operation and Maintenance >How to protect your Linux server with command line tools
How to protect your Linux server through command line tools
The security of Linux servers is crucial, and they often host important applications and data. In many cases, command line tools are a simple and efficient way to protect your Linux servers. This article will introduce some commonly used command line tools and provide code examples to help you protect your Linux server.
iptables is a command line tool for configuring firewalls on Linux servers. You can protect your server from malicious traffic by allowing or denying specific network connections.
The following are some commonly used iptables command examples:
iptables -A INPUT -s 192.168.0.1 -j ACCEPT
iptables -A INPUT -s 192.168.0.2 -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j DROP
fail2ban is a tool for detecting and blocking malicious IP addresses. It can monitor login attempts and block logins from malicious IPs via iptables.
The following is an example of how to use fail2ban to configure protected SSH:
sudo apt-get install fail2ban
sudo vi /etc/fail2ban/jail.conf
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3
sudo systemctl start fail2ban
Using SSH keys as a method of authentication is more secure than using passwords. You can use the ssh-keygen command to generate a pair of keys: a private key and a public key. Deploy the public key to the server and save the private key locally.
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
Now, you can use the private key key to authenticate via SSH without entering a password.
If you want only specific users to be able to access your website or application, you can use the htpasswd tool to create basic authentication.
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/apache2/.htpasswd user1
This way, only users with a valid username and password can access the directory or application.
Summary
By using command line tools to protect your Linux server, you can enhance its security. This article introduces some commonly used command line tools, including iptables, fail2ban, ssh-keygen and htpasswd. By properly configuring and using these tools, you can effectively protect your server from malicious attacks and unauthorized access.
Remember that good security practices are an ongoing process and you should update your servers frequently and check and review security settings regularly.
The above is the detailed content of How to protect your Linux server with command line tools. For more information, please follow other related articles on the PHP Chinese website!