Linux安全优化
2015-06-07 10:52
609 查看
iptables iptables -A INPUT -p all -m state --state INVALID -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -A INPUT -p icmp --icmp-type 0 -m length --length :100 -m limit --limit 6/s --limit-burst 10 -j ACCEPT iptables -A INPUT -p icmp --icmp-type 8 -m length --length :100 -m limit --limit 6/s --limit-burst 10 -j ACCEPT iptables -A INPUT -p icmp --icmp-type 11 -m length --length :100 -m limit --limit 6/s --limit-burst 10 -j ACCEPT iptables -A INPUT -p icmp -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --syn -m state --state NEW --dport 80 -j ACCEPT iptables -A INPUT -p tcp --syn -m state --state NEW --dport 1433 -j ACCEPT iptables -A INPUT -p tcp --syn -m state --state NEW --dport 3389 -j ACCEPT iptables -A INPUT -p tcp --syn -m state --state NEW --dport 5022 -j ACCEPT iptables -A INPUT -p udp --dport 3389 -j ACCEPT iptables -A INPUT -p tcp -m multiport --dport 80,1433,3389,5022 -j DROP netfilter net.ipv4.tcp_fastopen = 1 net.ipv4.tcp_thin_linear_timeouts= 0 net.ipv4.tcp_thin_dupack= 0 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.ip_conntrack_max = 655360 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 kernel.exec-shield = 1 kernel.randomize_va_space = 1- -
相关文章推荐
- Linux命令-文件文本操作grep
- Linux rpm 命令参数使用详解
- Linux 没有 my.cnf 解决方案文件完全我自己的整个教程很多口才
- Linux有问必答:Ubuntu桌面上如何禁用默认的密钥环解锁提示
- gvim配置及相关插件安装(过程详细,附图)
- linux入门基础——linux扩展权限
- vim配置及插件安装管理(超级详细)
- linux运行时间
- Linux系统分区
- 初步了解及熟悉Linux
- CentOS 配置java环境变量
- linux mysql 数据按表名称备份
- (linux)使用cat命令时如何退出
- Linux skb->priority Qos
- linux下添加PATH的方法
- Linux下利用backtrace追踪函数调用堆栈
- Linux 系统任务有关命令
- SecureCRT连接VMWare中的linux系统相关配置
- 数据对齐 posix_memalign 函数详解
- Linux 下基本的查找命令和查看信息