Original text: lwebapp.com/zh/post/cen…

demand

Recently, we encountered the problem that Ali Cloud ECS server was attacked by DDoS, indicating that the security of our server needs to be improved. In terms of SSH login, you can set a subuser for the Linux system and forbid root login to improve security.

In this article you will learn

  • How can I create a user for Linux and CentOS and set a password
  • How to grant permission control to new CentOS users
  • How can I disable root login to improve SERVER SSH Remote Connection security
  • How do I restart the SSHD service
  • How do I view and modify file permissions

User management

  1. Create a user and set a password

    Let’s create a user and give it a name, like lWebApp

    adduser lwebapp
Copy the code

    Setting a password for user LwebApp will trigger interaction, and you can enter the password

    passwd lwebapp To trigger interaction, enter the password lwebappwd
Copy the code

  2. Grant root permission modify sudoers to grant root permission to the newly created user so that all server operations can be completed each time you log in as the new user lwebApp.

    The sudoers file is in the /etc directory

    chmod 777 /etc/sudoers
Copy the code

    Then open it with Vim

    Hit I to go into edit mode

    vim /etc/sudoers
Copy the code

    Root ALL=(ALL) ALL

    lwebapp ALL=(ALL) ALL Grant all permissions to lwebApp, same as root above
Copy the code

    Press Esc, Enter a colon (:) to Enter the vim command mode, Enter wq, and press Enter to save the configuration and exit

    Save the file and then set the file permissions back

    chmod 444 /etc/sudoers
Copy the code

  3. Banning root login because there are new users, the root user login permission to disable, so that hackers can not crack root login to operate the server, at least our new user name is changed, to add a layer of difficulty to the hacker attack

    Locate and edit the sshd_config file

    vim /etc/ssh/sshd_config
Copy the code

    Select PermitRootLogin yes and change “yes” to “no”

    PermitRootLogin no
Copy the code

  4. Restart the SSHD Restart the SSHD to take effect

    systemctl restart sshd.service
Copy the code

Original text: lwebapp.com/zh/post/cen…

Extend the learning

File permissions

  1. View file Permissions

    stat -c '%A %a %n' *
Copy the code

  2. Give 777 permission to all files in a folder

    chmod 777 -R ./webapps
Copy the code

Basic VIM operations

  1. Open a file

    vim file.txt
Copy the code

  2. Enter the edit mode and press I. The bottom of the terminal interface displays — INSERT — which indicates the edit mode

  3. Enter the command mode and enter:, and the cursor is displayed at the bottom of the terminal interface

  4. To exit edit mode or command mode, press Esc

  5. In command mode, Enter wq and press Enter to save the configuration and exit

  6. To forcibly exit the command mode, enter q! Press Enter to complete the forced exit

The SSHD service

  1. Check the SSHD service status

    systemctl status sshd.service
Copy the code

    A series of service states are displayed, such as RUNNING, which indicates a successful startup

  2. Start the SSHD service

    systemctl start sshd.service
Copy the code

  3. Restart the SSHD service

    systemctl restart sshd.service
Copy the code

  4. Set to boot upon startup

    systemctl enable sshd.service
Copy the code

reference

  • Centos creates a user and grants root permission and forbids the login of root
  • Centos7.5 Create an account and grant the root permission
  • This section describes how to restart the SSHD service in centos7