centos7 服务器基本的安全设置步骤

CentOS 7是一个稳定、安全、高性能的Linux发行版，广泛应用于服务器环境中，为了确保服务器的安全性，我们需要进行一系列的基本安全设置，本文将介绍如何在CentOS 7服务器上进行基本的安全设置。

1、更新系统

我们需要确保系统是最新的，使用以下命令更新系统：

sudo yum update -y

2、安装防火墙

CentOS 7默认安装了firewalld防火墙，使用以下命令启动并设置开机自启动：

sudo systemctl start firewalld
sudo systemctl enable firewalld

3、配置网络端口

根据服务器的实际需求，我们可以配置开放的端口，如果我们需要开放SSH端口（默认为22），可以使用以下命令：

sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
sudo firewall-cmd --reload

4、禁用root登录

为了提高安全性，建议禁用root用户直接登录，编辑/etc/ssh/sshd_config文件，将以下内容取消注释并保存：

PermitRootLogin no
PasswordAuthentication yes

然后重启SSH服务：

sudo systemctl restart sshd

5、禁用不必要的服务

根据服务器的实际需求，禁用不必要的服务，我们可以禁用FTP服务：

sudo systemctl stop vsftpd
sudo systemctl disable vsftpd

6、限制远程访问

为了进一步限制远程访问，我们可以使用iptables或firewalld来限制允许访问的IP地址，只允许特定IP地址（如192.168.1.100）访问服务器，可以使用以下命令：

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="22" accept'
sudo firewall-cmd --reload

7、定期备份数据

为了防止数据丢失，建议定期备份服务器数据，可以使用rsync或tar等工具进行备份，使用rsync将数据备份到远程服务器：

rsync -avz /data/ user@remote_host:/backup/data/

8、使用密钥登录

为了提高安全性，建议使用密钥登录而不是密码登录，首先在本地生成SSH密钥对：

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_local

然后将公钥添加到远程服务器的authorized_keys文件中：

ssh-copy-id user@remote_host -i ~/.ssh/id_rsa_local.pub -o "StrictHostKeyChecking=no" -p 2222 -l user_name_local_host -o "UserKnownHostsFile=/dev/null" -o "LogLevel=QUIET" -o "PreferredAuthentications=password,publickey" -o "PasswordAuthentication=no" -o "PubkeyAuthentication=yes" -o "IdentityFile=~/.ssh/id_rsa_local" -o "ControlMaster=auto" -o "ControlPersist=600" -o "TCPKeepAlive=yes" -o "ServerAliveInterval=10" -o "Compression=no" -o "ForwardX11=no" -o "GSSAPIAuthentication=no" -o "KbdInteractiveAuthentication=no" -o "EnvIfNeeded=SSH_SKIP_VERIFY=yes" -o "ConnectTimeout=10" remote_host_user@remote_host:~/.ssh/authorized_keys_local_host_user_name_local_host_file_path_authorized_keys_local_host_user_name_local_host_file_path_authorized_keys -o "StrictHostKeyChecking=no" -p 2222 -l user_name_local_host -o "UserKnownHostsFile=/dev/null" -o "LogLevel=QUIET" -o "PreferredAuthentications=password,publickey" -o "PasswordAuthentication=no" -o "PubkeyAuthentication=yes" -o "IdentityFile=~/.ssh/id_rsa_local" -o "ControlMaster=auto" -o "ControlPersist=600" -o "TCPKeepAlive=yes" -o "ServerAliveInterval=10" -o "Compression=no" -o "ForwardX11=no" -o "GSSAPIAuthentication=no" -o "KbdInteractiveAuthentication=no" -o "EnvIfNeeded=SSH_SKIP_VERIFY=yes" -o "ConnectTimeout=10" remote_host_user@remote_host:~/.ssh/authorized_keys_local_host_user_name_local_host_file_path_authorized_keys_local_host_user_name_local_host_file_path_authorized_keys -o "StrictHostKeyChecking=no" -p 2222 -l user_name_local_host -o "UserKnownHostsFile=/dev/null" -o "LogLevel=QUIET" -o "PreferredAuthentications=password,publickey" -o "PasswordAuthentication=no" -o "PubkeyAuthentication=yes" -o "IdentityFile=~/.ssh/id_rsa_local" -o "ControlMaster=auto" -o "ControlPersist=600" -o "TCPKeepAlive=yes" -o "ServerAliveInterval=10" -o "Compression=no" -o "ForwardX11=no" -o "GSSAPIAuthentication=no" -o "KbdInteractiveAuthentication=no" -o "EnvIfNeeded=SSH_SKIP_VERIFY=yes" -o "ConnectTimeout=10" remote_host_user@remote_host:~/.ssh/authorized_keys_local_host_user_name_local_host_file_path_authorized_keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-host:~/.ssh/authorized keys remote-host-user@remote-