blog.zhuohua.store - Powered by Discuz! Board

标题: CentOS8_云锁+Nginx [打印本页]

作者: admin 时间: 2021-2-12 16:54 标题: CentOS8_云锁+Nginx

服务器信息： [root@centos8 ~]# cat /etc/redhat-release CentOS Linux release 8.2.2004 (Core) [root@centos8 ~]# [root@centos8 ~]# uname -r 4.18.0-193.el8.x86_64 [root@centos8 ~]# hostname centos8.zhuohua.store [root@centos8 ~]# cat /etc/hostname centos8.zhuohua.store [root@centos8 ~]# ifconfig -bash: ifconfig: 未找到命令 [root@centos8 ~]# [root@centos8 ~]# yum -y install net-tools [root@centos8 ~]# ifconfig ens160 |grep netmask |awk '{print $2}' 192.168.168.154 下载Nginx： [root@centos8 ~]# dnf -y install wget [root@centos8 ~]# [root@centos8 ~]# wget -c --progress=bar:force http://nginx.org/download/nginx-1.14.2.tar.gz 安装Nginx： yum -y install pcre-devel openssl-devel zlib-devel gcc-c++ make psmisc useradd -M -s /sbin/nologin nginx tar -zxvf nginx-1.14.2.tar.gz cd nginx-1.14.2 ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module && make && make install ln -sf /usr/local/nginx/sbin/nginx /usr/sbin/ ### 开机自动运行Nginx [root@centos8 ~]# vi /etc/init.d/nginx #!/bin/bash #chkconfig: 35 99 20 #description:Nginx Service Control Script case "$1" in start) /usr/local/nginx/sbin/nginx ;; stop) /usr/bin/killall -s QUIT nginx ;; restart) $0 stop $0 start ;; *) echo "Usage:$0 {start|stop|restart}" exit 1 esac exit 0 [root@centos8 ~]# chmod a+x /etc/init.d/nginx [root@centos8 ~]# chkconfig --add nginx 启动Nginx： [root@centos8 ~]# service nginx start 查看Nginx的进程： [root@centos8 ~]# ps -ef |grep nginx |grep -v grep root 17200 1 0 11:32 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 17201 17200 0 11:32 ? 00:00:00 nginx: worker process 开机自动启动Nginx： [root@centos8 ~]# systemctl enable nginx nginx.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable nginx 确认开机自动启动Nginx： [root@centos8 ~]# systemctl is-enabled nginx nginx.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install is-enabled nginx enabled 查看Nginx的版本： [root@centos8 ~]# nginx -v nginx version: nginx/1.14.2 [root@centos8 ~]# nginx -V nginx version: nginx/1.14.2 built by gcc 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC) built with OpenSSL 1.1.1c FIPS 28 May 2019 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module 服务器本地测试Nginx： [root@centos8 ~]# yum -y install lsof [root@centos8 ~]# lsof -nP -iTCP:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 17200 root 9u IPv4 48956 0t0 TCP *:80 (LISTEN) nginx 17201 nginx 9u IPv4 48956 0t0 TCP *:80 (LISTEN) 停止Nginx： [root@centos8 ~]# service nginx stop 或 [root@centos8 ~]# killall -9 nginx [root@centos8 ~]# ps -ef |grep nginx |grep -v grep [root@centos8 ~]# [root@centos8 ~]# lsof -nP -iTCP:80 [root@centos8 ~]# 重启Nginx： [root@centos8 ~]# service nginx restart [root@centos8 ~]# ps -ef |grep nginx |grep -v grep root 17554 1 0 11:35 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx nginx 17555 17554 0 11:35 ? 00:00:00 nginx: worker process [root@centos8 ~]# lsof -nP -iTCP:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 17554 root 9u IPv4 51071 0t0 TCP *:80 (LISTEN) nginx 17555 nginx 9u IPv4 51071 0t0 TCP *:80 (LISTEN) 在防火墙（Firewalld）打开TCP 80端口： firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --reload 查看防火墙所有打开的端口： [root@centos8 ~]# firewall-cmd --zone=public --list-ports 80/tcp 关闭SELinux： setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 客户端通过浏览器访问服务器IP地址，理应可以看到Nginx的测试页：图片1.png

############ ############ 安装云锁： [root@centos8 ~]# tar -zxvf yunsuo_agent_64bit.tar.gz [root@centos8 ~]# chmod a+x yunsuo_install/install [root@centos8 ~]# yunsuo_install/install Welcome. If you encounter any problems during installation, you can use 'ctrl-c' to cancel. checking installation environment:[ OK ] decompression package:[ OK ] Install Selinux Policy Module:[ OK ] Initialize Configuration Information:[ OK ] Install Auto-start Script:[ OK ] Install Protection Driver:[ OK ] Starting SoftWare:[ OK ] Install Complete. 云锁会自动启动： [root@centos8 ~]# service yunsuo status ● yunsuo.service - SYSV: start and stop mainserver Loaded: loaded (/etc/rc.d/init.d/yunsuo; generated) Active: active (running) since Sun 2021-02-21 11:37:44 CST; 4min 32s ago Docs: man:systemd-sysv-generator(8) Process: 17725 ExecStart=/etc/rc.d/init.d/yunsuo start (code=exited, status=0/SUCCESS) Tasks: 63 (limit: 11298) Memory: 43.1M CGroup: /system.slice/yunsuo.service └─17760 ./yunsuo_agent_service -c config.xml -l runlog/run_log.log -e ALL -t ALL -s safe -m daemon Feb 21 11:37:43 centos8.zhuohua.store systemd[1]: Starting SYSV: start and stop mainserver... Feb 21 11:37:44 centos8.zhuohua.store yunsuo[17725]: Starting yunsuo: [ 确定 ] Feb 21 11:37:44 centos8.zhuohua.store systemd[1]: Started SYSV: start and stop mainserver. 服务器重启后，云锁会自动启动的： [root@centos8 ~]# systemctl is-enabled yunsuo yunsuo.service is not a native service, redirecting to systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install is-enabled yunsuo enabled 添加服务器到云中心，输入以下命令即可绑定自己的服务器：（要到云锁官网注册账号） [root@centos8 ~]# /usr/local/yunsuo_agent/agent_smart_tool.sh -u 133921xxx -p Jackxxx Bind Server Success. ############ Windows客户端管理云锁：（要到云锁的官网下载云锁PC控制端）图片2.png

可以看到刚刚添加的服务器：（双击进入可以针对指定的服务器进行管理）图片4.png

服务器信息》开启所有的常用功能防护：图片5.png

应用防护：（这里可以看到Web服务器软件为Nginx）图片6.png

安装Nginx插件：图片7.png

Nginx的Web防护开启成功：图片10.png

备注： Nginx必须采用编译的方式安装，使用Yum安装会无法安装Web防护的插件；点击上面的“Web防护”》进入网站漏洞防护：图片11.png

将网站漏洞防护设置为“防护模式”：（默认是监控模式）图片12.png

客户端通过浏览器，测试Nginx的Web防护： http://192.168.168.154/?order%20by 图片1.png

应用防护》登录防护：图片3.png

默认就是允许所有用户、IP地址进行SSH登录：图片4.png

新增一条规则：

新增规则（成功）：（默认的规则要关闭）图片7.png

客户端使用非允许IP将无法SSH登录到服务器，效果如下图：图片8.png

开启sshd服务的爆破防护：图片9.png

sshd服务的爆破防护开启成功：图片11.png

############ ############ 在服务器卸载云锁： [root@centos8 ~]# /usr/local/yunsuo_agent/uninstall Are you sure to uninstall?(y/n)y Unbind Server Failed[101]: Uninstall Protection Driver:[ OK ] Clearup Configuration Information:[ OK ] Uninstall WebServer Plugin: [1]: Nginx 80[ OK ] Uninstall Selinux Policy Module:[ OK ] Uninstall Success. 还要在云锁PC控制端删除指定的服务器：图片15.png

图片附件: 图片1.png (2021-2-12 16:46, 44.07 KB) / 下载次数 128
http://blog.zhuohua.store/attachment.php?aid=15390&k=b0942d07a527a3dcc442d0775755c3ab&t=1713599068&sid=YD2Ul2

图片附件: 图片2.png (2021-2-12 16:48, 4.77 KB) / 下载次数 124
http://blog.zhuohua.store/attachment.php?aid=15391&k=853e65d560aae297e707f31155aca595&t=1713599068&sid=YD2Ul2

图片附件: 图片3.png (2021-2-12 16:48, 36.67 KB) / 下载次数 110
http://blog.zhuohua.store/attachment.php?aid=15392&k=5c8b40956216b1b62eec4d2baee0d05a&t=1713599068&sid=YD2Ul2

图片附件: 图片4.png (2021-2-12 16:49, 15.7 KB) / 下载次数 111
http://blog.zhuohua.store/attachment.php?aid=15394&k=5d8b6c7ff51128c4b241a4e3e72f6ae3&t=1713599068&sid=YD2Ul2

图片附件: 图片5.png (2021-2-12 16:49, 24.78 KB) / 下载次数 124
http://blog.zhuohua.store/attachment.php?aid=15395&k=772de0eb89c20ff8e39090782aacaa9b&t=1713599068&sid=YD2Ul2

图片附件: 图片6.png (2021-2-12 16:50, 60.43 KB) / 下载次数 121
http://blog.zhuohua.store/attachment.php?aid=15396&k=a90ffc40726958d27c39572e03574574&t=1713599068&sid=YD2Ul2

图片附件: 图片7.png (2021-2-12 16:50, 23.04 KB) / 下载次数 115
http://blog.zhuohua.store/attachment.php?aid=15397&k=1e43bbb6de2fafaef66205553d796a56&t=1713599068&sid=YD2Ul2

图片附件: 图片9.png (2021-2-12 16:51, 6.67 KB) / 下载次数 122
http://blog.zhuohua.store/attachment.php?aid=15398&k=7d717507e4f59467305f62137af62598&t=1713599068&sid=YD2Ul2

图片附件: 图片10.png (2021-2-12 16:51, 52 KB) / 下载次数 133
http://blog.zhuohua.store/attachment.php?aid=15399&k=28396c0cc4ac2600abaf956d3e2b092b&t=1713599068&sid=YD2Ul2

图片附件: 图片11.png (2021-2-12 16:51, 26.84 KB) / 下载次数 119
http://blog.zhuohua.store/attachment.php?aid=15400&k=31263b3ff5875b10e491c6746fca1d99&t=1713599068&sid=YD2Ul2

图片附件: 图片12.png (2021-2-12 16:52, 77.1 KB) / 下载次数 115
http://blog.zhuohua.store/attachment.php?aid=15401&k=d5b95f3da37b63a9e39e7a435465c2d0&t=1713599068&sid=YD2Ul2

图片附件: 图片15.png (2021-2-12 16:53, 13.99 KB) / 下载次数 120
http://blog.zhuohua.store/attachment.php?aid=15404&k=d329160ed91076d1da406fb03d34bcc8&t=1713599068&sid=YD2Ul2

图片附件: 图片16.png (2021-2-12 16:53, 5.96 KB) / 下载次数 107
http://blog.zhuohua.store/attachment.php?aid=15405&k=de412adef4956ad07281f2e5b15fc135&t=1713599068&sid=YD2Ul2

图片附件: 图片1.png (2021-2-21 13:09, 77.98 KB) / 下载次数 113
http://blog.zhuohua.store/attachment.php?aid=15521&k=9e71bcfb0fe5d5c54b7f16cee4b33118&t=1713599068&sid=YD2Ul2

图片附件: 图片2.png (2021-2-21 13:09, 23.88 KB) / 下载次数 105
http://blog.zhuohua.store/attachment.php?aid=15522&k=a9e2bdb4e62219b5a3bccddbbbe99bec&t=1713599068&sid=YD2Ul2

图片附件: 图片3.png (2021-2-21 13:10, 108.28 KB) / 下载次数 128
http://blog.zhuohua.store/attachment.php?aid=15523&k=8d86d17239689f57ce7aa0dfd85a4088&t=1713599068&sid=YD2Ul2

图片附件: 图片4.png (2021-2-21 13:10, 49.89 KB) / 下载次数 102
http://blog.zhuohua.store/attachment.php?aid=15524&k=237a6dec33f618e7ed8e1890dbf082a2&t=1713599068&sid=YD2Ul2

图片附件: 图片5.png (2021-2-21 13:11, 26.62 KB) / 下载次数 111
http://blog.zhuohua.store/attachment.php?aid=15525&k=19d6631d19fd41dbaf7489e58f64cfb5&t=1713599068&sid=YD2Ul2

图片附件: 图片6.png (2021-2-21 13:11, 28.85 KB) / 下载次数 114
http://blog.zhuohua.store/attachment.php?aid=15526&k=13432f57331a83ac64d55cc3b746ef6c&t=1713599068&sid=YD2Ul2

图片附件: 图片7.png (2021-2-21 13:11, 36.6 KB) / 下载次数 110
http://blog.zhuohua.store/attachment.php?aid=15527&k=8a71d19c2e502005123eb5f8bdd67c25&t=1713599068&sid=YD2Ul2

图片附件: 图片8.png (2021-2-21 13:11, 53.91 KB) / 下载次数 114
http://blog.zhuohua.store/attachment.php?aid=15528&k=0ad2b5c87e462ffa0a43daee06199473&t=1713599068&sid=YD2Ul2

图片附件: 图片9.png (2021-2-21 13:12, 100.16 KB) / 下载次数 109
http://blog.zhuohua.store/attachment.php?aid=15529&k=455deda44a1e76024e748392087e410c&t=1713599068&sid=YD2Ul2

图片附件: 图片10.png (2021-2-21 13:12, 9.62 KB) / 下载次数 108
http://blog.zhuohua.store/attachment.php?aid=15530&k=69c73dbd39cde5a3fc2c7ac13959c51c&t=1713599068&sid=YD2Ul2

图片附件: 图片11.png (2021-2-21 13:12, 95.22 KB) / 下载次数 107
http://blog.zhuohua.store/attachment.php?aid=15531&k=d2dabbd7ba7ac9b31a4561709cbaf152&t=1713599068&sid=YD2Ul2

图片附件: 图片12.png (2021-2-21 13:13, 10.81 KB) / 下载次数 112
http://blog.zhuohua.store/attachment.php?aid=15532&k=40ccfb2c0e36f2a729edf922d357e20f&t=1713599068&sid=YD2Ul2

欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)