站点安全 - 爱码网

一：环境配置
[[email protected] ~]# cd /media/cdrom/Packages/
[[email protected] Packages]# yum –disablerepo=* –enablerepo=c7-media install httpd -y
[[email protected] Packages]# yum –disablerepo=* –enablerepo=c7-media install psmisc -y
二：来源控制
只让其来访问，不让其它来访问
[[email protected] Packages]# vim /etc/httpd/conf/httpd.conf
站点安全
[[email protected] Packages]# systemctl restart httpd
[[email protected] ~]# lynx http://192.168.159.135

[[email protected] Packages]# yum –disablerepo=* –enablerepo=c7-media install lynx -y
不让其来访问，让其它来访问
[[email protected] Packages]# vim /etc/httpd/conf/httpd.conf
站点安全
[[email protected] Packages]# systemctl restart httpd

[[email protected] ~]# lynx http://192.168.159.135

三：身份验证
[[email protected] html]# vim .htaccess

[[email protected] html]# cat .htaccess
authuserfile /var/www/html/.htpasswd
[[email protected] html]# htpasswd -c .htpasswd zhangsan #建立账号库
New password:
Re-type new password:
Adding password for user zhangsan
[[email protected] html]# cat .htpasswd
[[email protected] html]# htpasswd .htpasswd lisi #加入新身份
New password:
Re-type new password:
Adding password for user lisi
[[email protected] html]# cat .htpasswd
zhangsan: $a p r 1$ vzEoNd2l $S s t c c e 2 L 1 O 0765 a 8 f l 4 w 9 / l i s i :$ apr1 $a 39 p Y S n B$ PDD8yTn1Bzeb2WUzBnZFt1
打开身份验证
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
站点安全
[[email protected] ~]# service httpd restart

点击取消：

[[email protected] html]# lynx http://192.168.159.135

四：加密访问
[[email protected] ~]# yum –disablerepo=* –enablerepo=c7-media install httpd -y
[[email protected] ~]# cd /etc/pki/CA/
[[email protected] CA]# touch index.txt
[[email protected] CA]# touch serial
[[email protected] CA]# echo “01” >serial
站点安全
1 ：办理CA的权限
修改/etc/pki/CA/tls/openssl.conf
[[email protected] ~]# cd /etc/pki
[[email protected] pki]# vim /etc/pki/tls/openssl.cnf

产生私钥
[[email protected] CA]# openssl genrsa 1024 >private/cakey.pem
[[email protected] CA]# vim private/cakey.pem
[[email protected] CA]# chmod 600 private/cakey.pem #加密
产生CA的证书
[[email protected] CA]# openssl req -new -key private/cakey.pem -x509 -out cacert.pem
站点安全
2：办理自己的权限
[[email protected] CA]# yum –disablerepo=* –enablerepo=c7-media install mod_ssl -y
产生私钥
[[email protected] pki]# mkdir /etc/httpd/certs #创建新文件
[[email protected] pki]# cd /etc/httpd/certs
[[email protected] certs]# openssl genrsa 1024 >httpd.key #产生私钥
[[email protected] certs]# chmod 600 httpd.key #加密
请求文件
[[email protected] certs]# openssl req -new -key httpd.key -out httpd.req
站点安全
web服务器证书
[[email protected] certs]# openssl ca -in httpd.req -out httpd.cer

[[email protected] CA]# vim /etc/httpd/conf.d/ssl.conf

[[email protected] CA]# systemctl start httpd
[[email protected] html]#firewall-cmd –zone=public –add-service http –permanent
[[email protected] html]#firewall-cmd –zone=public –add-service https –permanent
[[email protected] html]#firewall-cmd –reload
[[email protected] html]#firewall-cmd –zone=public –list-all
[[email protected] html]#systemctl status firewalld
站点安全

只要密文不要铭文：
[[email protected] html]#vim /etc/httpd/conf/httpd.cong

[[email protected] html]#service httpd restart