服务器信息:
[root@centos8 ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@centos8 ~]#
[root@centos8 ~]# uname -r
4.18.0-193.el8.x86_64
[root@centos8 ~]# hostname
centos8.zhuohua.store
[root@centos8 ~]# cat /etc/hostname
centos8.zhuohua.store
[root@centos8 ~]# ifconfig
-bash: ifconfig: 未找到命令
[root@centos8 ~]#
[root@centos8 ~]# yum -y install net-tools
[root@centos8 ~]# ifconfig ens160 |grep netmask |awk '{print $2}'
192.168.168.154
下载Nginx:
[root@centos8 ~]# dnf -y install wget
[root@centos8 ~]#
[root@centos8 ~]# wget -c --progress=bar:force http://nginx.org/download/nginx-1.14.2.tar.gz
安装Nginx:
yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make psmisc
useradd -M -s /sbin/nologin nginx
tar -zxvf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module && make && make install
ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/
### 开机自动运行Nginx
[root@centos8 ~]# vi /etc/init.d/nginx
#!/bin/bash
#chkconfig: 35 99 20
#description:Nginx Service Control Script
case "$1" in
start)
/usr/local/nginx/sbin/nginx
;;
stop)
/usr/bin/killall -s QUIT nginx
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage:$0 {start|stop|restart}"
exit 1
esac
exit 0
[root@centos8 ~]# chmod a+x /etc/init.d/nginx
[root@centos8 ~]# chkconfig --add nginx
启动Nginx:
[root@centos8 ~]# service nginx start
查看Nginx的进程:
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root 17200 1 0 11:32 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 17201 17200 0 11:32 ? 00:00:00 nginx: worker process
开机自动启动Nginx:
[root@centos8 ~]# systemctl enable nginx
nginx.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable nginx
确认开机自动启动Nginx:
[root@centos8 ~]# systemctl is-enabled nginx
nginx.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled nginx
enabled
查看Nginx的版本:
[root@centos8 ~]# nginx -v
nginx version: nginx/1.14.2
[root@centos8 ~]# nginx -V
nginx version: nginx/1.14.2
built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)
built with OpenSSL 1.1.1c FIPS 28 May 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module
服务器本地测试Nginx:
[root@centos8 ~]# yum -y install lsof
[root@centos8 ~]# lsof -nP -iTCP:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 17200 root 9u IPv4 48956 0t0 TCP *:80 (LISTEN)
nginx 17201 nginx 9u IPv4 48956 0t0 TCP *:80 (LISTEN)
停止Nginx:
[root@centos8 ~]# service nginx stop
或
[root@centos8 ~]# killall -9 nginx
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
[root@centos8 ~]#
[root@centos8 ~]# lsof -nP -iTCP:80
[root@centos8 ~]#
重启Nginx:
[root@centos8 ~]# service nginx restart
[root@centos8 ~]# ps -ef |grep nginx |grep -v grep
root 17554 1 0 11:35 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx 17555 17554 0 11:35 ? 00:00:00 nginx: worker process
[root@centos8 ~]# lsof -nP -iTCP:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 17554 root 9u IPv4 51071 0t0 TCP *:80 (LISTEN)
nginx 17555 nginx 9u IPv4 51071 0t0 TCP *:80 (LISTEN)
在防火墙(Firewalld)打开TCP 80端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
查看防火墙所有打开的端口:
[root@centos8 ~]# firewall-cmd --zone=public --list-ports
80/tcp
关闭SELinux:
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
客户端通过浏览器访问服务器IP地址,理应可以看到Nginx的测试页:
############
############
安装云锁:
[root@centos8 ~]# tar -zxvf yunsuo_agent_64bit.tar.gz
[root@centos8 ~]# chmod a+x yunsuo_install/install
[root@centos8 ~]# yunsuo_install/install
Welcome.
If you encounter any problems during installation, you can use 'ctrl-c' to cancel.
checking installation environment:[ OK ]
decompression package:[ OK ]
Install Selinux Policy Module:[ OK ]
Initialize Configuration Information:[ OK ]
Install Auto-start Script:[ OK ]
Install Protection Driver:[ OK ]
Starting SoftWare:[ OK ]
Install Complete.
云锁会自动启动:
[root@centos8 ~]# service yunsuo status
● yunsuo.service - SYSV: start and stop mainserver
Loaded: loaded (/etc/rc.d/init.d/yunsuo; generated)
Active: active (running) since Sun 2021-02-21 11:37:44 CST; 4min 32s ago
Docs: man:systemd-sysv-generator(8)
Process: 17725 ExecStart=/etc/rc.d/init.d/yunsuo start (code=exited, status=0/SUCCESS)
Tasks: 63 (limit: 11298)
Memory: 43.1M
CGroup: /system.slice/yunsuo.service
└─17760 ./yunsuo_agent_service -c config.xml -l runlog/run_log.log -e ALL -t ALL -s safe -m daemon
Feb 21 11:37:43 centos8.zhuohua.store systemd[1]: Starting SYSV: start and stop mainserver...
Feb 21 11:37:44 centos8.zhuohua.store yunsuo[17725]: Starting yunsuo: [ 确定 ]
Feb 21 11:37:44 centos8.zhuohua.store systemd[1]: Started SYSV: start and stop mainserver.
服务器重启后,云锁会自动启动的:
[root@centos8 ~]# systemctl is-enabled yunsuo
yunsuo.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled yunsuo
enabled
添加服务器到云中心,输入以下命令即可绑定自己的服务器:(要到云锁官网注册账号)
[root@centos8 ~]# /usr/local/yunsuo_agent/agent_smart_tool.sh -u 133921xxx -p Jackxxx
Bind Server Success.
############
Windows客户端管理云锁:(要到云锁的官网下载云锁PC控制端)
可以看到刚刚添加的服务器:(双击进入可以针对指定的服务器进行管理)
服务器信息》开启所有的常用功能防护:
应用防护:(这里可以看到Web服务器软件为Nginx)
安装Nginx插件:
Nginx的Web防护开启成功:
备注:
Nginx必须采用编译的方式安装,使用Yum安装会无法安装Web防护的插件;
点击上面的“Web防护”》进入网站漏洞防护:
将网站漏洞防护设置为“防护模式”:(默认是监控模式)
客户端通过浏览器,测试Nginx的Web防护:
http://192.168.168.154/?order%20by
应用防护》登录防护:
默认就是允许所有用户、IP地址进行SSH登录:
新增一条规则:
新增规则(成功):(默认的规则要关闭)
客户端使用非允许IP将无法SSH登录到服务器,效果如下图:
开启sshd服务的爆破防护:
sshd服务的爆破防护开启成功:
############
############
在服务器卸载云锁:
[root@centos8 ~]# /usr/local/yunsuo_agent/uninstall
Are you sure to uninstall?(y/n)y
Unbind Server Failed[101]: Uninstall Protection Driver:[ OK ]
Clearup Configuration Information:[ OK ]
Uninstall WebServer Plugin:
[1]: Nginx 80[ OK ]
Uninstall Selinux Policy Module:[ OK ]
Uninstall Success.
还要在云锁PC控制端删除指定的服务器:
相关文章:
CentOS8_云锁+Apache
CentOS7_云锁+Nginx
CentOS8_lnmp1.7_更改Nginx的版本
Nginx/1.14.2重新编译安装使用Jemalloc
CentOS6安装服务器安全狗、Nginx版网站安全狗 |