SSH 루트 계정 불허
/etc/ssh/sshd_config
PermitRootLogin noPorts: 다른 포트번호로 설정
열려있는 포트확인
$ netstat -atun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:65131 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:65130 0.0.0.0:* LISTEN
tcp 0 0 10.113.255.97:40902 10.114.0.219:18000 ESTABLISHED
tcp 0 0 10.113.255.97:46670 10.114.0.220:18000 ESTABLISHED
tcp 0 0 10.113.255.97:60392 10.118.202.84:10280 TIME_WAIT
tcp 0 0 10.113.255.97:33588 10.118.203.103:80 TIME_WAIT
tcp 0 0 10.113.255.97:40952 10.118.202.91:14505 ESTABLISHED
tcp 0 0 10.113.255.97:59506 10.114.0.221:18000 ESTABLISHED
tcp 0 0 10.113.255.97:543 10.113.130.44:41820 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::2105 :::* LISTEN
tcp6 0 0 :::543 :::* LISTEN
tcp6 0 0 :::544 :::* LISTEN
udp 0 0 0.0.0.0:35903 0.0.0.0:*
udp 0 0 0.0.0.0:61355 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:161 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:58699 0.0.0.0:*
udp6 0 0 :::13270 :::*
iptables 방화벽 설정
/etc/sysconfig/iptables- RHEL7 에서는
iptables가 firewalld 로 바뀜
$ sudo /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
부팅암호