/etc/shadowsocks.json
###########################
shadowsocks
https://teddysun.com/342.html/comment-page-43#comments
wget --no-check-certificate -O shadowsocks.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh
chmod +x shadowsocks.sh
./shadowsocks.sh 2>&1 | tee shadowsocks.log
/etc/shadowsocks.json
{
"server":"0.0.0.0",
"local_address":"127.0.0.1",
"local_port":1080,
"port_password":{
"8989":"password0",
"9001":"password1",
"9002":"password2",
"9003":"password3",
"9004":"password4"
},
"timeout":300,
"method":"your_encryption_method",
"fast_open": false
}
<!-- 坑 centos7 firewalld 端口的开启 -->
一键安装最新内核并开启 BBR 脚本
https://teddysun.com/489.html
使用root用户登录,运行以下命令:
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh
安装完成后,脚本会提示需要重启 VPS,输入 y 并回车后重启。
重启完成后,进入 VPS,验证一下是否成功安装最新内核并开启 TCP BBR,输入以下命令:
uname -r
查看内核版本,显示为最新版就表示 OK 了
sysctl net.ipv4.tcp_available_congestion_control
返回值一般为:
net.ipv4.tcp_available_congestion_control = bbr cubic reno
或者为:
net.ipv4.tcp_available_congestion_control = reno cubic bbr
sysctl net.ipv4.tcp_congestion_control
返回值一般为:
net.ipv4.tcp_congestion_control = bbr
sysctl net.core.default_qdisc
返回值一般为:
net.core.default_qdisc = fq
lsmod | grep bbr
返回值有 tcp_bbr 模块即说明 bbr 已启动。注意:并不是所有的 VPS 都会有此返回值,若没有也属正常。
(and others on the site https://teddysun.com/489.html)
###########################
###########################
更改默认ssh端口22,及添加多用户的端口相关
vi /etc/ssh/sshd_config
service sshd restart
firewall-cmd --list-ports
添加
firewall-cmd --zone=public --add-port=8765/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
重新载入
firewall-cmd --reload
查看
firewall-cmd --zone=public --query-port=80/tcp
删除
firewall-cmd --zone=public --remove-port=8989/tcp --permanent
http://www.cnblogs.com/moxiaoan/p/5683743.html
systemctl restart sshd
systemctl restart firewalld.service
shutdown -r now
###########################
###########################
Centos7 下 denyHosts 安装及使用
https://blog.csdn.net/hjd199464/article/details/78315909
yum install -y denyhosts
/etc/denyhosts.conf
DENY_THRESHOLD_INVALID = 5 #无效用户名限制登陆次数
DENY_THRESHOLD_VALID = 10 #有效用户名限制登陆次数
DENY_THRESHOLD_ROOT = 5 #root限制登陆次数
AGE_RESET_ROOT = 1d #root用户登录失败计数归零的时间
ADMIN_EMAIL = root@localhost #管理员邮箱
黑名单白名单
vim /etc/hosts.deny
vim /etc/hosts.allow
1
2
hosts.allow(hosts.deny同规则)
sshd:*.*.*.*
1
相关命令
启动命令(yum安装,已默认配好)
service denyhosts start
service denyhosts stop
service denyhosts status
1
2
3
加入自启动
chkconfig denyhosts on
###########################
###########################
防御DDOS攻击
这里主要用到一款优秀的免费软件DDoS Deflate:http://deflate.medialayer.com/
首先,下载DDoS Deflate并安装:
# cd ~
# wget http://www.inetbase.com/scripts/ddos/install.sh
# chmod 0700 install.sh
# ./install.sh
按 Q 键退出,然后编辑配置文件:
# vi /usr/local/ddos/ddos.conf
###########################