blog.zhuohua.store - Powered by Discuz! Board

标题: Oracle Linux6安装服务器安全狗、Nginx版网站安全狗 [打印本页]

作者: admin 时间: 2020-1-31 16:07 标题: Oracle Linux6安装服务器安全狗、Nginx版网站安全狗

服务器的信息： [root@oracle-linux6 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.9 (Santiago) [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# cat /etc/issue |head -1 Oracle Linux Server release 6.9 [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# uname -r 4.1.12-61.1.28.el6uek.x86_64 [root@oracle-linux6 ~]# hostname oracle-linux6.9 [root@oracle-linux6 ~]# cat /etc/sysconfig/network |tail -1 HOSTNAME=oracle-linux6.9 [root@oracle-linux6 ~]# ifconfig eth0 |grep "inet addr" |awk '{print $2}' |awk -F: '{print $2}' 192.168.168.135 下载nginx-1.10.0.tar.gz：https://pan.baidu.com/s/1K2yEskROiqYBNGZJ3DViGA 安装Nginx： yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make elinks lsof useradd -M -s /sbin/nologin nginx tar -zxvf nginx-1.10.0.tar.gz cd nginx-1.10.0 ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module && make && make install ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/ ### 开机自动运行Nginx [root@oracle-linux6 ~]# vi /etc/init.d/nginx #!/bin/bash #chkconfig: 35 99 20 #description:Nginx Service Control Script case "$1" in start) /usr/local/nginx/sbin/nginx ;; stop) /usr/bin/killall -s QUIT nginx ;; restart) $0 stop $0 start ;; *) echo "Usage:$0 {start|stop|restart}" exit 1 esac exit 0 [root@oracle-linux6 ~]# chmod a+x /etc/init.d/nginx [root@oracle-linux6 ~]# chkconfig --add nginx 启动Nginx： [root@oracle-linux6 ~]# service nginx start 查看Nginx的进程： [root@oracle-linux6 ~]# ps -ef |grep nginx |grep -v grep root 4733 1 0 23:51 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 4734 4733 0 23:51 ? 00:00:00 nginx: worker process 开机自动启动Nginx： [root@oracle-linux6 ~]# chkconfig --level 35 nginx on [root@oracle-linux6 ~]# chkconfig --list nginx nginx 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭查看Nginx的版本： [root@oracle-linux6 ~]# nginx -v nginx version: nginx/1.10.0 [root@oracle-linux6 ~]# nginx -V nginx version: nginx/1.10.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module 服务器本地测试Nginx： [root@oracle-linux6 ~]# elinks 127.0.0.1 图片1.png

[root@oracle-linux6 ~]# lsof -nP -iTCP:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 4733 root 6u IPv4 15718 0t0 TCP *:80 (LISTEN) nginx 4734 nginx 6u IPv4 15718 0t0 TCP *:80 (LISTEN) 要安装一些依赖软件包： [root@oracle-linux6 ~]# yum -y install wget zlib-devel libtool ncurses-devel libxml2-devel mlocate lsof dmidecode 关闭SELinux： sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 重启服务器： init 6 去官网下载最新的安全狗软件包： [root@oracle-linux6 ~]# wget http://down.safedog.cn/safedog_linux64.tar.gz 安装安全狗软件：（这是64位软件） tar -zxvf safedog_linux64.tar.gz cd safedog_an_linux64_2.8.21207/ chmod a+x *.py [root@oracle-linux6 safedog_an_linux64_2.8.21207]# ./install.py extracting files ... Warning: Web defense module will restart web process during installation!!: Web defense module select: 1.apache 2.nginx . Input(Ctrl-C to skip web defense module installation): 2 #输入2，按回车键 step 1/3, start install common lib [ok] step 2/3, start Install Server Defense Module step 2.1, checking os release version... [ok] step 2.2, installing file... [ok] step 2.3, start service... [ok] step 2.4, save safedog install info... Tips: (1)safedog install directory: /etc/safedog (2)install safedog version: 2.8.21207 install safedog completely step 3/3, start install Nginx Defense Module.. step 3.1, Nginx exe path:/usr/local/nginx/sbin/nginx step 3.2, download nginx.. [ok] step 3.3, copy libraries [ok] step 3.4, copy bin and set boot [ok] step 3.5, start the nginx server.. [ok] Tips: (1)If you want to change the configuration of nginx defense module, please modify the files in /etc/safedog/nginx/conf; (2)If you want to check nginx defense module log, please use command: sdalog -n; (3)If nginx defense module is failed to use, you can try to restart Nginx. send command to server ok. Installation is complete! 备注：安装Nginx版网站安全狗时，要连公网。 safedog install directory： /etc/safedog 图片2.png

nginx defense module directory： /etc/safedog/nginx/conf 图片3.png

备注：安全狗默认会随操作系统的启动而自动启动的；如无特殊要求，服务器安全狗、网站安全狗里的规则保持默认即可；查看安全狗是否运行中：（运行时的效果） [root@oracle-linux6 ~]# service safedog status safedog service is running [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# ps -ef |grep sdsvrd |grep -v grep root 2111 2099 7 Feb15 ? 00:00:24 sdsvrd -d 可运行命令sdui进入操作界面： [root@oracle-linux6 ~]# sdui [Firewall]->NetFireWall 图片4.png

备注：DDOS Firewall、CC Attack Defense默认是开启的。安装Nginx版网站安全狗后，Nginx的版本会发生变化： [root@oracle-linux6 ~]# nginx -v safedog-nginx-waf version/2.4 developed by www.safedog.cn nginx version: nginx/1.10.2 [root@oracle-linux6 ~]# nginx -V safedog-nginx-waf version/2.4 developed by www.safedog.cn nginx version: nginx/1.10.2 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-46) built with OpenSSL 1.0.2k 26 Jan 2017 TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-ipv6 --with-http_auth_request_module --with-http_v2_module --with-pcre=../3th_lib/pcre-8.40 --with-openssl=../3th_lib/openssl-1.0.2k --with-cc-opt=-I../../../../Plugin_tag_before_yunyu/NginxSiteShield --with-ld-opt='-Wl,-rpath=/etc/safedog/libs/nginx -Wl,-rpath=/etc/safedog/libs/sdcommon -Wl,-rpath=/etc/safedog/libs/sdcc -Wl,-dynamic-linker=/etc/safedog/libs/sdcommon/ld-linux.so.2 -lstdc++ -lnginx_safedog_plugin -lWPCPlugin -lcurl -liconv -lSPModule -llog4cplus' _fuyun --add-module=../module/3rd_part_module/ngx_cache_purge-2.3 --add-module=../module/3rd_part_module/nginx_upstream_check_module-master --add-module=../module/3rd_part_module/ngx_http_accounting_module-master --add-module=../module/3rd_part_module/testcookie-nginx-module-master 服务器加入服云，参考：Oracle Linux6安装服务器安全狗、Apache版网站安全狗刷新页面，理应就可以看到新添加的服务器了：安全管理》服务器管理图片5.png

注释：可以看到服务器的公网IP、内网IP。服务器安全防护：图片6.png

网站安全防护：（安装了网站安全狗才会有以下选项）图片8.png

备注：漏洞防护要设置为“记录并拦截” 网站防护》HTTP安全检测：图片9.png

测试Nginx版网站安全狗的HTTP安全检测功能： http://192.168.168.135/?order%20by 图片10.png

Nginx版网站安全狗对应的上传防护配置文件： [root@oracle-linux6 ~]# cat /etc/safedog/nginx/conf/WPCDefTrojan.conf [Trojan] ChkTrojan=1 NeedSendInterceptPage=0 NeedSendInterceptPageUploadForbidExt=0 NeedSendInterceptPageOtherOptionRequest=0 NeedSendInterceptPageWebTrojan=0 NeedSendInterceptPageHangTrojan=0 SpeSiteCount=0 WhitePathCount=0 ChkWTBrowsyFile=1 Resource=asa|asax|ascx|ashx|asmx|asp|aspx|cdx|cer|cgi|jsp|php ChkForbidPostExt=1 ForbidPostExt=asa|asax|ascx|ashx|asmx|asp|aspx|cdx|cer|cgi|dll|exe|jsp|php ChkHTCookie=0 ChkHTPost=0 ChkHTUrl=0 SendAlert=1 ForbidOtherRequests=0 ChkCommaLeakStatus=0 相关文章： CentOS6安装服务器安全狗、Nginx版网站安全狗 CentOS6_Nginx反向代理+Nginx版网站安全狗 ################################# ################################# 亲，学习研究也要劳逸结合哦，来我微店逛逛，买点东西好好犒劳犒劳自己和家人吧^_^^_^ 正品飞科电动剃须刀FS868全身水洗充电式男士电动胡须刮胡刀

飞科剃须刀正品FS370电动递刮胡刀男士充电式剃须刀胡须刀剃须刀

飞科正品男士电动剃须刀FS876充电式刮胡刀即插即用刮胡剃须刀

图片附件: bai.png (2020-2-10 14:49, 228.27 KB) / 下载次数 74
http://blog.zhuohua.store/attachment.php?aid=4529&k=f4d2a6b8f3b10bfd0e5311297c210bca&t=1714679651&sid=n9Z6NQ

图片附件: dan.png (2020-2-10 14:49, 111.15 KB) / 下载次数 82
http://blog.zhuohua.store/attachment.php?aid=4530&k=2c8e20a55b92995bcf483d63ffa69656&t=1714679651&sid=n9Z6NQ

图片附件: shuang.png (2020-2-10 14:49, 254.25 KB) / 下载次数 69
http://blog.zhuohua.store/attachment.php?aid=4531&k=5735193cb84d23687b7c5dd4bb62380b&t=1714679651&sid=n9Z6NQ

图片附件: 图片1.png (2021-2-16 16:02, 33.77 KB) / 下载次数 151
http://blog.zhuohua.store/attachment.php?aid=15454&k=6f4c4c6c68a8dce327856b766a3702b5&t=1714679651&sid=n9Z6NQ

图片附件: 图片2.png (2021-2-16 16:04, 117.76 KB) / 下载次数 158
http://blog.zhuohua.store/attachment.php?aid=15455&k=742b25b302f2d2f336f71d72cb044659&t=1714679651&sid=n9Z6NQ

图片附件: 图片3.png (2021-2-16 16:05, 398.9 KB) / 下载次数 150
http://blog.zhuohua.store/attachment.php?aid=15456&k=0b191a139aa7181fc7219654410d3325&t=1714679651&sid=n9Z6NQ

图片附件: 图片4.png (2021-2-16 16:06, 50.32 KB) / 下载次数 160
http://blog.zhuohua.store/attachment.php?aid=15457&k=ff04e23ae5c0c3f45a1d003d4b3ed219&t=1714679651&sid=n9Z6NQ

图片附件: 图片5.png (2021-2-16 16:07, 149.7 KB) / 下载次数 148
http://blog.zhuohua.store/attachment.php?aid=15458&k=0610211a542740613527947b8762a9a9&t=1714679651&sid=n9Z6NQ

图片附件: 图片6.png (2021-2-16 16:08, 124.13 KB) / 下载次数 141
http://blog.zhuohua.store/attachment.php?aid=15459&k=b72b148e59d0f6654ecd21594ed31564&t=1714679651&sid=n9Z6NQ

图片附件: 图片7.png (2021-2-16 16:08, 102.77 KB) / 下载次数 148
http://blog.zhuohua.store/attachment.php?aid=15460&k=53ec36b9dd539684b2728e013dd60737&t=1714679651&sid=n9Z6NQ

图片附件: 图片8.png (2021-2-16 16:09, 61.67 KB) / 下载次数 152
http://blog.zhuohua.store/attachment.php?aid=15461&k=159b76ef0cd201d6704281873f5f688a&t=1714679651&sid=n9Z6NQ

图片附件: 图片9.png (2021-2-16 16:09, 39.8 KB) / 下载次数 163
http://blog.zhuohua.store/attachment.php?aid=15462&k=036def56f3d90f364fb4ef523f8317ad&t=1714679651&sid=n9Z6NQ

图片附件: 图片10.png (2021-2-16 16:09, 95.24 KB) / 下载次数 152
http://blog.zhuohua.store/attachment.php?aid=15463&k=a3dcdac1dd1f9066d79f48ea899ddcde&t=1714679651&sid=n9Z6NQ

图片附件: 图片11.png (2021-2-16 16:11, 35.09 KB) / 下载次数 154
http://blog.zhuohua.store/attachment.php?aid=15464&k=3930696c395d0744c44c90954e7f6917&t=1714679651&sid=n9Z6NQ

欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)