安裝 Vesta

安裝 Vesta
curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh
==================================
How to force https/SSL on a domain
1. Install custom nginx template
cd /usr/local/vesta/data/templates/web
wget http://c.vestacp.com/0.9.8/rhel/force-https/nginx.tar.gz
tar -xzvf nginx.tar.gz
rm -f nginx.tar.gz
==================================
To get SSL working for your VestaCP:
(如果一開始主機沒設網域時才使用)

You can do the following:

CODE: SELECT ALL
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.crt.backup

CODE: SELECT ALL
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate.key.backup

CODE: SELECT ALL
nano /usr/local/vesta/ssl/certificate.crt #paste your crt -> save.
CODE: SELECT ALL
nano /usr/local/vesta/ssl/certificate.key #paste your key -> save.

CODE: SELECT ALL
service vesta restart
==================================

################################################################

項目 1. centos 安全設定

1.建立新帳號密碼
adduser 帳號
passwd 帳號
ex:
adduser admin <==新增帳號
passwd admin <==修改帳號admin 密碼

2.停用root ssh登入
編輯 /etc/ssh/sshd_config
nano /etc/ssh/sshd_config
尋找:
#PermitRootLogin yes
修改為:
PermitRootLogin no
最後輸入以下指令重新啟動
systemctl restart sshd.service

項目 2. 每天自動更新
yum -y update
yum -y install cronie
yum -y install yum-cron

編輯 /etc/yum/yum-cron.conf
nano /etc/yum/yum-cron.conf
尋找:
apply_updates = no
修改為:
apply_updates = yes

確認一下 update_messages = yes, download_updates = yes, apply_updates = yes

最後,啟動 crond 和 yum-cron:
systemctl start crond
systemctl start yum-cron

項目 3. 修改防火牆 fail2ban

nano /etc/fail2ban/jail.conf

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5 # 最多幾次 (改成 3 次)
findtime = 600 # 時間區間
bantime = 1200 # 要 ban 多久 (改成86400 一天)
.
service fail2ban restart

相關於文件參考:
https://newtoypia.blogspot.tw/2016/04/fail2ban.html
http://www.vixual.net/blog/archives/252

廣告