标题:
Oracle Linux6安装服务器安全狗、Nginx版网站安全狗
[打印本页]
作者:
admin
时间:
2020-1-31 16:07
标题:
Oracle Linux6安装服务器安全狗、Nginx版网站安全狗
服务器的信息: [root@oracle-linux6 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.9 (Santiago) [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# cat /etc/issue |head -1
Oracle Linux Server release 6.9
[root@oracle-linux6 ~]# [root@oracle-linux6 ~]# uname -r 4.1.12-61.1.28.el6uek.x86_64 [root@oracle-linux6 ~]# hostname oracle-linux6.9 [root@oracle-linux6 ~]# cat /etc/sysconfig/network |tail -1 HOSTNAME=oracle-linux6.9 [root@oracle-linux6 ~]# ifconfig eth0 |grep "inet addr" |awk '{print $2}' |awk -F: '{print $2}'
192.168.168.135
下载nginx-1.10.0.tar.gz:
https://pan.baidu.com/s/1K2yEskROiqYBNGZJ3DViGA
安装Nginx: yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make elinks lsof useradd -M -s /sbin/nologin nginx tar -zxvf nginx-1.10.0.tar.gz cd nginx-1.10.0 ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module && make && make install ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/ ### 开机自动运行Nginx [root@oracle-linux6 ~]# vi /etc/init.d/nginx #!/bin/bash #chkconfig: 35 99 20 #description:Nginx Service Control Script case "$1" in start) /usr/local/nginx/sbin/nginx ;; stop) /usr/bin/killall -s QUIT nginx ;; restart) $0 stop $0 start ;; *) echo "Usage:$0 {start|stop|restart}" exit 1 esac exit 0 [root@oracle-linux6 ~]# chmod a+x /etc/init.d/nginx [root@oracle-linux6 ~]# chkconfig --add nginx 启动Nginx: [root@oracle-linux6 ~]# service nginx start 查看Nginx的进程: [root@oracle-linux6 ~]# ps -ef |grep
nginx
|grep -v grep
root 4733 1 0 23:51 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4734 4733 0 23:51 ? 00:00:00 nginx: worker process
开机自动启动Nginx: [root@oracle-linux6 ~]# chkconfig --level 35 nginx on [root@oracle-linux6 ~]# chkconfig --list nginx nginx 0:关闭 1:关闭 2:关闭
3:启用
4:关闭
5:启用
6:关闭 查看Nginx的版本: [root@oracle-linux6 ~]# nginx -v nginx version: nginx/
1.10.0
[root@oracle-linux6 ~]# nginx -V nginx version: nginx/
1.10.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module 服务器本地测试Nginx: [root@oracle-linux6 ~]# elinks 127.0.0.1
下载
(33.77 KB)
2021-2-16 16:02
[root@oracle-linux6 ~]# lsof -nP -iTCP:
80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 4733 root 6u IPv4 15718 0t0 TCP *:80 (LISTEN) nginx 4734 nginx 6u IPv4 15718 0t0 TCP *:80 (LISTEN)
要安装一些依赖软件包: [root@oracle-linux6 ~]# yum -y install wget zlib-devel libtool ncurses-devel libxml2-devel mlocate lsof dmidecode 关闭SELinux: sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 重启服务器: init 6 去官网下载最新的安全狗软件包: [root@oracle-linux6 ~]# wget http://down.safedog.cn/safedog_linux
64
.tar.gz 安装安全狗软件:(这是
64
位软件) tar -zxvf safedog_linux
64
.tar.gz cd safedog_an_linux
64
_2.8.21207/ chmod a+x *.py [root@oracle-linux6 safedog_an_linux64_2.8.21207]#
./install.py
extracting files ... Warning: Web defense module will restart web process during installation!!: Web defense module select: 1.apache
2.nginx
. Input(Ctrl-C to skip web defense module installation):
2
#输入2,按回车键
step 1/3, start install common lib [ok] step 2/3, start Install Server Defense Module step 2.1, checking os release version... [ok] step 2.2, installing file... [ok] step 2.3, start service... [ok] step 2.4, save safedog install info... Tips: (1)safedog install directory:
/etc/safedog
(2)install safedog version:
2.8.21207
install safedog completely
step 3/3, start install Nginx Defense Module.. step 3.1, Nginx exe path:/usr/local/nginx/sbin/nginx step 3.2, download nginx.. [ok] step 3.3, copy libraries [ok] step 3.4, copy bin and set boot [ok] step 3.5, start the nginx server.. [ok] Tips: (1)If you want to change the configuration of nginx defense module, please modify the files in
/etc/safedog/nginx/conf
; (2)If you want to check nginx defense module log, please use command:
sdalog -n
; (3)If nginx defense module is failed to use, you can try to restart Nginx. send command to server ok.
Installation is complete!
备注:安装Nginx版网站安全狗时,要连公网。
safedog install directory:
/etc/safedog
下载
(117.76 KB)
2021-2-16 16:04
nginx defense module directory:
/etc/safedog/nginx/conf
下载
(398.9 KB)
2021-2-16 16:05
备注: 安全狗默认会随操作系统的启动而自动启动的; 如无特殊要求,服务器安全狗、网站安全狗里的规则保持默认即可; 查看安全狗是否运行中:(运行时的效果) [root@oracle-linux6 ~]# service safedog status
safedog service is running
[root@oracle-linux6 ~]# [root@oracle-linux6 ~]# ps -ef |grep
sdsvrd
|grep -v grep
root 2111 2099 7 Feb15 ? 00:00:24 sdsvrd -d
可运行命令
sdui
进入操作界面: [root@oracle-linux6 ~]#
sdui
[Firewall]->NetFireWall
下载
(50.32 KB)
2021-2-16 16:06
备注:DDOS Firewall、CC Attack Defense默认是开启的。 安装Nginx版网站安全狗后,Nginx的版本会发生变化: [root@oracle-linux6 ~]# nginx -v
safedog-nginx-waf version/2.4 developed by www.safedog.cn
nginx version: nginx/
1.10.2
[root@oracle-linux6 ~]# nginx -V
safedog-nginx-waf version/2.4 developed by www.safedog.cn
nginx version: nginx/
1.10.2
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-46) built with OpenSSL 1.0.2k 26 Jan 2017 TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-ipv6 --with-http_auth_request_module --with-http_v2_module --with-pcre=../3th_lib/pcre-8.40 --with-openssl=../3th_lib/openssl-1.0.2k --with-cc-opt=-I../../../../Plugin_tag_before_yunyu/NginxSiteShield --with-ld-opt='-Wl,-rpath=/etc/safedog/libs/nginx -Wl,-rpath=/etc/safedog/libs/sdcommon -Wl,-rpath=/etc/safedog/libs/sdcc -Wl,-dynamic-linker=/etc/safedog/libs/sdcommon/ld-linux.so.2 -lstdc++ -lnginx_safedog_plugin -lWPCPlugin -lcurl -liconv -lSPModule -llog4cplus' _fuyun --add-module=../module/3rd_part_module/ngx_cache_purge-2.3 --add-module=../module/3rd_part_module/nginx_upstream_check_module-master --add-module=../module/3rd_part_module/ngx_http_accounting_module-master --add-module=../module/3rd_part_module/testcookie-nginx-module-master 服务器加入服云,参考:
Oracle Linux6安装服务器安全狗、Apache版网站安全狗
刷新页面,理应就可以看到新添加的服务器了: 安全管理》服务器管理
下载
(149.7 KB)
2021-2-16 16:07
注释:可以看到服务器的公网IP、内网IP。 服务器安全防护:
下载
(124.13 KB)
2021-2-16 16:08
下载
(102.77 KB)
2021-2-16 16:08
网站安全防护:(安装了网站安全狗才会有以下选项)
下载
(61.67 KB)
2021-2-16 16:09
备注:漏洞防护要设置为“记录并拦截” 网站防护》HTTP安全检测:
下载
(39.8 KB)
2021-2-16 16:09
测试Nginx版网站安全狗的HTTP安全检测功能: http://192.168.168.135
/?order%20by
下载
(95.24 KB)
2021-2-16 16:09
在服务器上查看Nginx版网站安全狗的防护日志: [root@oracle-linux6 ~]#
sdalog -n
Total 3 records! Time |Type |AttackIP |FullUrl |AttackContent |PhysicalPath 2021-02-16 00:07:18 |SQL injection |192.168.168.138 |192.168.168.135/?order%20by |防止order by函数利用,可疑内容:192.168.16.. | 2021-02-16 00:08:21 |SQL injection |192.168.168.138 |192.168.168.135/?order%20by |防止order by函数利用,可疑内容:192.168.16.. | 2021-02-16 00:09:55 |SQL injection |192.168.168.138 |192.168.168.135/?order%20by |防止order by函数利用,可疑内容:192.168.16.. |
网站防护》上传防护:
下载
(35.09 KB)
2021-2-16 16:11
Nginx版网站安全狗对应的上传防护配置文件: [root@oracle-linux6 ~]# cat /etc/safedog/
nginx
/conf/
WPCDefTrojan.conf
[Trojan] ChkTrojan=1 NeedSendInterceptPage=0 NeedSendInterceptPageUploadForbidExt=0 NeedSendInterceptPageOtherOptionRequest=0 NeedSendInterceptPageWebTrojan=0 NeedSendInterceptPageHangTrojan=0 SpeSiteCount=0 WhitePathCount=0 ChkWTBrowsyFile=1 Resource=asa|asax|ascx|ashx|asmx|asp|aspx|cdx|cer|cgi|jsp|php ChkForbidPostExt=1 ForbidPostExt=
asa|asax|ascx|ashx|asmx|asp|aspx|cdx|cer|cgi|dll|exe|jsp|php
ChkHTCookie=0 ChkHTPost=0 ChkHTUrl=0 SendAlert=1 ForbidOtherRequests=0 ChkCommaLeakStatus=0 相关文章:
CentOS6安装服务器安全狗、Nginx版网站安全狗
CentOS6_Nginx反向代理+Nginx版网站安全狗
################################# #################################
亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^
正品飞科电动剃须刀FS868全身水洗充电式男士电动胡须刮胡刀
下载
(228.27 KB)
2020-2-10 14:49
飞科剃须刀正品FS370电动递刮胡刀男士充电式剃须刀胡须刀剃须刀
下载
(111.15 KB)
2020-2-10 14:49
飞科正品男士电动剃须刀FS876充电式刮胡刀即插即用刮胡剃须刀
下载
(254.25 KB)
2020-2-10 14:49
图片附件:
bai.png
(2020-2-10 14:49, 228.27 KB) / 下载次数 74
http://blog.zhuohua.store/attachment.php?aid=4529&k=f4d2a6b8f3b10bfd0e5311297c210bca&t=1714679651&sid=n9Z6NQ
图片附件:
dan.png
(2020-2-10 14:49, 111.15 KB) / 下载次数 82
http://blog.zhuohua.store/attachment.php?aid=4530&k=2c8e20a55b92995bcf483d63ffa69656&t=1714679651&sid=n9Z6NQ
图片附件:
shuang.png
(2020-2-10 14:49, 254.25 KB) / 下载次数 69
http://blog.zhuohua.store/attachment.php?aid=4531&k=5735193cb84d23687b7c5dd4bb62380b&t=1714679651&sid=n9Z6NQ
图片附件:
图片1.png
(2021-2-16 16:02, 33.77 KB) / 下载次数 151
http://blog.zhuohua.store/attachment.php?aid=15454&k=6f4c4c6c68a8dce327856b766a3702b5&t=1714679651&sid=n9Z6NQ
图片附件:
图片2.png
(2021-2-16 16:04, 117.76 KB) / 下载次数 158
http://blog.zhuohua.store/attachment.php?aid=15455&k=742b25b302f2d2f336f71d72cb044659&t=1714679651&sid=n9Z6NQ
图片附件:
图片3.png
(2021-2-16 16:05, 398.9 KB) / 下载次数 150
http://blog.zhuohua.store/attachment.php?aid=15456&k=0b191a139aa7181fc7219654410d3325&t=1714679651&sid=n9Z6NQ
图片附件:
图片4.png
(2021-2-16 16:06, 50.32 KB) / 下载次数 160
http://blog.zhuohua.store/attachment.php?aid=15457&k=ff04e23ae5c0c3f45a1d003d4b3ed219&t=1714679651&sid=n9Z6NQ
图片附件:
图片5.png
(2021-2-16 16:07, 149.7 KB) / 下载次数 148
http://blog.zhuohua.store/attachment.php?aid=15458&k=0610211a542740613527947b8762a9a9&t=1714679651&sid=n9Z6NQ
图片附件:
图片6.png
(2021-2-16 16:08, 124.13 KB) / 下载次数 141
http://blog.zhuohua.store/attachment.php?aid=15459&k=b72b148e59d0f6654ecd21594ed31564&t=1714679651&sid=n9Z6NQ
图片附件:
图片7.png
(2021-2-16 16:08, 102.77 KB) / 下载次数 148
http://blog.zhuohua.store/attachment.php?aid=15460&k=53ec36b9dd539684b2728e013dd60737&t=1714679651&sid=n9Z6NQ
图片附件:
图片8.png
(2021-2-16 16:09, 61.67 KB) / 下载次数 152
http://blog.zhuohua.store/attachment.php?aid=15461&k=159b76ef0cd201d6704281873f5f688a&t=1714679651&sid=n9Z6NQ
图片附件:
图片9.png
(2021-2-16 16:09, 39.8 KB) / 下载次数 163
http://blog.zhuohua.store/attachment.php?aid=15462&k=036def56f3d90f364fb4ef523f8317ad&t=1714679651&sid=n9Z6NQ
图片附件:
图片10.png
(2021-2-16 16:09, 95.24 KB) / 下载次数 152
http://blog.zhuohua.store/attachment.php?aid=15463&k=a3dcdac1dd1f9066d79f48ea899ddcde&t=1714679651&sid=n9Z6NQ
图片附件:
图片11.png
(2021-2-16 16:11, 35.09 KB) / 下载次数 154
http://blog.zhuohua.store/attachment.php?aid=15464&k=3930696c395d0744c44c90954e7f6917&t=1714679651&sid=n9Z6NQ
欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)
Powered by Discuz! 7.2