参考文章:
http://www.hksilicon.com/kb/articles/594621/CentOS-7
1. 查看时区是否正确timedatectl,若不正确则设置时区 timedatectl set-timezone Asia/Shanghai
2. 更改root用户密码,输入passwd,数字、大小写、标点符号,15位以上
3. 增加一个普通用户"adduser username",设置密码"passwd username"
4. 禁止root ssh登陆"vim /etc/ssh/sshd_config","#PermitRootLogin yes"改为"PermitRootLogin no",重启ssh服务"systemctl restart sshd.service"
5. 修改ssh端口"vim /etc/ssh/sshd_config","#Port 22"改为"Port xxxx"(xxxx为1024 – 65535中的数字),重启ssh服务"systemctl restart sshd.service"。启动自带防火墙"systemctl start firewalld",修改防火墙ssh端口"cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/","vim /etc/firewalld/services/ssh.xml",查找port="22",改为设定的端口,保存,重启防火墙"firewall-cmd --reload"。
6. 启用公钥验证登入ssh,提交本机id_rsa.pub到服务器的.ssh/authorized_keys。开启双重验证,"vim /etc/ssh/sshd_config",末尾添加"AuthenticationMethods publickey,password",重启ssh服务"systemctl restart sshd.service"
7. 自动更新软件"yum -y update"更新一下软件,安装"yum -y install cronie yum-cron",修改配置文件"vim /etc/yum/yum-cron.conf",改为"apply_updates = yes",开启自动更新服务"systemctl start crond","systemctl start yum-cron"
8. 配置防火墙,"yum install firewalld","firewall-cmd --list-all"