포트변경 / SSH root접속차단
========================================================
/etc/ssh/sshd_config
#Port 22
Port 2222
cat /etc/ssh/sshd_config | egrep ^\#?Port
service sshd restart 또는 service ssh restart
/etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin on
service sshd restart 또는 service ssh restart
SSH 허용IP 설정(외 모든IP 차단)
========================================================
/etc/hosts.allow 수정
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 113.157.124.168, 135.79.246.
또는
sshd: 113.157.124.168
sshd: 135.79.246.
/etc/hosts.deny 수정
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd: ALL
Rewrite 설정
vim /etc/nginx/rewrite.rule
rewrite ^/html/index?$ /html/index.html last;
#/html/index.html 접근시 /html/index로 재작성
vim /etc/nginx/sites-available/default
server {
........................
include /etc/nginx/rewrite.rule #마지막줄에 추가
}
nginx -c /etc/nginx/nginx.conf -t #conf 검증
service nginx reload 또는 restart
rule 참고 : http://jasontody.tistory.com/181
설정 참고 : http://sarc.io/index.php/nginx/61-nginx-nginx-conf
'Web Service' 카테고리의 다른 글
OWASP Honeypot (0) | 2022.03.10 |
---|---|
[PHP] IP체크 정규식 (0) | 2016.07.12 |
우분투에 nginx, MySQL, PHP(LEMP) 설치 (0) | 2016.03.09 |