返回列表 发帖

CentOS8_云锁+Nginx

服务器信息:
[root@centos8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@centos8 ~]#
[root@centos8 ~]# uname -r
4.18.0-193.el8.x86_64

[root@centos8 ~]# hostname
centos8.zhuohua.store
[root@centos8 ~]# cat /etc/hostname
centos8.zhuohua.store

[root@centos8 ~]# ifconfig
-bash: ifconfig: 未找到命令
[root@centos8 ~]#
[root@centos8 ~]# yum -y install net-tools

[root@centos8 ~]# ifconfig ens160 |grep netmask |awk '{print $2}'
192.168.168.154



下载Nginx:
[root@centos8 ~]# dnf -y install wget
[root@centos8 ~]#
[root@centos8 ~]# wget -c --progress=bar:force http://nginx.org/download/nginx-1.14.2.tar.gz


安装Nginx:
yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make psmisc

useradd -M -s /sbin/nologin nginx
tar -zxvf nginx-1.14.2.tar.gz
cd nginx-1.14.2

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module  --with-http_ssl_module && make && make install

ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/



### 开机自动运行Nginx

[root@centos8 ~]# vi /etc/init.d/nginx
#!/bin/bash
#chkconfig: 35 99 20
#description:Nginx Service Control Script

case "$1" in
start)
/usr/local/nginx/sbin/nginx
;;
stop)
/usr/bin/killall -s QUIT nginx
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage:$0 {start|stop|restart}"
exit 1
esac
exit 0



[root@centos8 ~]# chmod a+x /etc/init.d/nginx

[root@centos8 ~]# chkconfig --add nginx

启动Nginx:
[root@centos8 ~]# service nginx start


查看Nginx的进程:
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root       17200       1  0 11:32 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      17201   17200  0 11:32 ?        00:00:00 nginx: worker process




开机自动启动Nginx:
[root@centos8 ~]# systemctl enable nginx
nginx.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable nginx

确认开机自动启动Nginx:
[root@centos8 ~]# systemctl is-enabled nginx
nginx.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled nginx
enabled



查看Nginx的版本:
[root@centos8 ~]# nginx -v
nginx version: nginx/1.14.2

[root@centos8 ~]# nginx -V
nginx version: nginx/1.14.2
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
built with OpenSSL 1.1.1c FIPS  28 May 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module



服务器本地测试Nginx:
[root@centos8 ~]# yum -y install lsof

[root@centos8 ~]# lsof -nP -iTCP:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   17200  root    9u  IPv4  48956      0t0  TCP *:80 (LISTEN)
nginx   17201 nginx    9u  IPv4  48956      0t0  TCP *:80 (LISTEN)



停止Nginx:
[root@centos8 ~]# service nginx stop

[root@centos8 ~]# killall -9 nginx

[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
[root@centos8 ~]#
[root@centos8 ~]# lsof -nP -iTCP:80
[root@centos8 ~]#


重启Nginx:
[root@centos8 ~]# service nginx restart

[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root       17554       1  0 11:35 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx      17555   17554  0 11:35 ?        00:00:00 nginx: worker process


[root@centos8 ~]# lsof -nP -iTCP:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   17554  root    9u  IPv4  51071      0t0  TCP *:80 (LISTEN)
nginx   17555 nginx    9u  IPv4  51071      0t0  TCP *:80 (LISTEN)




在防火墙(Firewalld)打开TCP 80端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

查看防火墙所有打开的端口:
[root@centos8 ~]# firewall-cmd --zone=public --list-ports
80/tcp


关闭SELinux:
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config



客户端通过浏览器访问服务器IP地址,理应可以看到Nginx的测试页:
图片1.png
2021-2-12 16:46








############
############

安装云锁:
[root@centos8 ~]# tar -zxvf yunsuo_agent_64bit.tar.gz
[root@centos8 ~]# chmod a+x yunsuo_install/install
[root@centos8 ~]# yunsuo_install/install
Welcome.
If you encounter any problems during installation, you can use 'ctrl-c' to cancel.

checking installation environment:[ OK ]
decompression package:[ OK ]
Install Selinux Policy Module:[ OK ]
Initialize Configuration Information:[ OK ]
Install Auto-start Script:[ OK ]
Install Protection Driver:[ OK ]
Starting SoftWare:[ OK ]

Install Complete.



云锁会自动启动:
[root@centos8 ~]# service yunsuo status
● yunsuo.service - SYSV: start and stop mainserver
   Loaded: loaded (/etc/rc.d/init.d/yunsuo; generated)
   Active: active (running) since Sun 2021-02-21 11:37:44 CST; 4min 32s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 17725 ExecStart=/etc/rc.d/init.d/yunsuo start (code=exited, status=0/SUCCESS)
    Tasks: 63 (limit: 11298)
   Memory: 43.1M
   CGroup: /system.slice/yunsuo.service
           └─17760 ./yunsuo_agent_service -c config.xml -l runlog/run_log.log -e ALL -t ALL -s safe -m daemon

Feb 21 11:37:43 centos8.zhuohua.store systemd[1]: Starting SYSV: start and stop mainserver...
Feb 21 11:37:44 centos8.zhuohua.store yunsuo[17725]: Starting yunsuo: [  确定  ]
Feb 21 11:37:44 centos8.zhuohua.store systemd[1]: Started SYSV: start and stop mainserver.


服务器重启后,云锁会自动启动的:
[root@centos8 ~]# systemctl is-enabled yunsuo
yunsuo.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled yunsuo
enabled



添加服务器到云中心,输入以下命令即可绑定自己的服务器:(要到云锁官网注册账号)
[root@centos8 ~]# /usr/local/yunsuo_agent/agent_smart_tool.sh -u 133921xxx -p Jackxxx
Bind Server Success.



############

Windows客户端管理云锁:(要到云锁的官网下载云锁PC控制端)
图片2.png
2021-2-12 16:48


图片3.png
2021-2-12 16:48



可以看到刚刚添加的服务器:(双击进入可以针对指定的服务器进行管理)
图片4.png
2021-2-12 16:49



服务器信息》开启所有的常用功能防护:
图片5.png
2021-2-12 16:49




应用防护:(这里可以看到Web服务器软件为Nginx)
图片6.png
2021-2-12 16:50



安装Nginx插件:
图片7.png
2021-2-12 16:50


图片9.png
2021-2-12 16:51



Nginx的Web防护开启成功:
图片10.png
2021-2-12 16:51

备注:
Nginx必须采用编译的方式安装,使用Yum安装会无法安装Web防护的插件;



点击上面的“Web防护”》进入网站漏洞防护:
图片11.png
2021-2-12 16:51



将网站漏洞防护设置为“防护模式”:(默认是监控模式)
图片12.png
2021-2-12 16:52



客户端通过浏览器,测试Nginx的Web防护:
http://192.168.168.154/?order%20by

图片1.png
2021-2-21 13:09


图片2.png
2021-2-21 13:09






应用防护》登录防护:
图片3.png
2021-2-21 13:10



默认就是允许所有用户、IP地址进行SSH登录:
图片4.png
2021-2-21 13:10



新增一条规则:
图片5.png
2021-2-21 13:11



图片6.png
2021-2-21 13:11



新增规则(成功):(默认的规则要关闭)
图片7.png
2021-2-21 13:11



客户端使用非允许IP将无法SSH登录到服务器,效果如下图:
图片8.png
2021-2-21 13:11






开启sshd服务的爆破防护:
图片9.png
2021-2-21 13:12



图片10.png
2021-2-21 13:12



sshd服务的爆破防护开启成功:
图片11.png
2021-2-21 13:12



图片12.png
2021-2-21 13:13







############
############

在服务器卸载云锁:
[root@centos8 ~]# /usr/local/yunsuo_agent/uninstall
Are you sure to uninstall?(y/n)y
Unbind Server Failed[101]: Uninstall Protection Driver:[ OK ]
Clearup Configuration Information:[ OK ]
Uninstall WebServer Plugin:
        [1]: Nginx      80[ OK ]
Uninstall Selinux Policy Module:[ OK ]

Uninstall Success.



还要在云锁PC控制端删除指定的服务器:
图片15.png
2021-2-12 16:53



图片16.png
2021-2-12 16:53







相关文章:
CentOS8_云锁+Apache
CentOS7_云锁+Nginx

CentOS6安装服务器安全狗、Nginx版网站安全狗

返回列表