【为什么要限制】
针对来自外部的非法访问,通过以下设置可提高防范能力,更安全地使用服务器
针对来自外部的非法访问,通过以下设置可提高防范能力,更安全地使用服务器
1利用SSH登录到服务器
※请一定以root登录
2显示host.allow文件的编辑画面
[root@vps]# vi /etc/hosts.allow
3设置允许的主机名
※host.allow比host.deny的设置内容更优先。
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ’/usr/sbin/tcpd’ server.
#
>ALL设置想要许可的主机名
# allowed to use the local INET services, as decided
# by the ’/usr/sbin/tcpd’ server.
#
>ALL设置想要许可的主机名
4显示host.deny文件的编辑画面
[root@vps]# vi /etc/hosts.deny
5设置被拒绝的主机名
※host.allow比host.deny的设置内容更优先。
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the ’/usr/sbin/tcpd’ server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
# *not* allowed to use the local INET services, as decided
# by the ’/usr/sbin/tcpd’ server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
如上可设置允许和拒绝通过SSH访问服务器的主机列表
※如果未在host.allow中设置允许访问的主机,仅在host.deny中设置ALL: ALL,一旦注销就不能再访问服务器,请务必注意。
© 版权声明
文章版权归www.vipkj.net所有,未经允许请勿转载。
THE END
暂无评论内容