Papa Kuhikuhi ʻatikala
Hou loa HestiaCP ʻO kēia alakaʻi piha no ka hoʻouka ʻana iā Adminer e komo pū ana me ka hoʻolaha hoʻokahi kaomi, ka hoʻopaʻakikī ʻana i ka palekana, a me nā ʻanuʻu hoʻonohonoho hana ponoʻī. Aʻo ia iā ʻoe i kēlā me kēia ʻanuʻu pehea e hoʻolaha ai i nā mea hana hoʻokele waihona ʻikepili a pale i kāu kikowaena, e maʻalahi ai i nā poʻe hoʻomaka e hoʻomaka koke a hoʻoponopono i nā pilikia o ka hana a me ka mālama ʻana o HestiaCP + Adminer.
Inā ʻoe e hoʻohana nei i nā pono hana hoʻokele waihona ʻikepili me ka ʻole o ka palekana, ke hāʻawi nei ʻoe i nā kī i nā hackers.
No ke aha e koho ai iā Adminer ma kahi o... phpMyAdmin?
Loaʻa iā Admin kahi faila PHP hoʻokahi me ka liʻiliʻi ma mua o 1MB, e maʻalahi ai ka hoʻolaha ʻana, wikiwiki, a hoʻohana pono i nā kumuwaiwai.
Ke hoʻohālikelike ʻia me ke ʻano paʻakikī o phpMyAdmin, ʻoi aku ka kūpono o Adminer no VPS, nā pūnaewele liʻiliʻi, a me nā papahana pilikino.
Nā ʻanuʻu e hoʻouka ai i ka Luna Hoʻomalu ma HestiaCP
1. Hoʻoiho i ka faila Luna Hoʻomalu
E hele Pūnaewele Mana o ka Luna Hoʻomalu Hoʻoiho i ka mana hou loa adminer.php.
Hoʻouka i ka faila i ka papa kuhikuhi pūnaewele HestiaCP, no ka laʻana:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. E hana i kahi subdomain a hoʻā i ka SSL.
E hoʻohui i kahi subdomain ma ka panela HestiaCP adminer.domain.comE ho'ā i ka Let's Encrypt SSL no ka hōʻoia ʻana i ka hoʻoili palekana.
3. E hoʻonohonoho i ka palekana ʻōlelo huna Nginx
E hoʻohui i kēia i ka faila hoʻonohonoho Nginx no ka subdomain:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Hoʻopuka i ka faila ʻōlelo huna:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
Ke komo ʻana i ka Luna Hoʻomalu, e puka mai kahi pahu kamaʻilio ʻōlelo huna, a hiki iā ʻoe ke komo wale ma ke komo ʻana i ka inoa inoa a me ka ʻōlelo huna kūpono.
Hoʻohou hou i nā faila Luna Hoʻomalu
I mea e pale aku ai i nā pilikia palekana e pili ana me ka hoʻohana ʻana i nā mana kahiko, hiki ke hoʻokō ʻia nā mea hou me ka hoʻohana ʻana i nā script shell a me nā hana i hoʻonohonoho ʻia e Cron.
Hoʻohou i ka laʻana o ka palapala
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
E mālama ma ke ʻano he /usr/local/bin/update-adminer.shA hoʻohui i kahi hana i hoʻonohonoho ʻia:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
Ma kēia ʻano, e hoʻohou hou ʻia ka faila Administrator i kēlā me kēia Pōʻakahi i ka hola 3 AM.
FaiHoʻouka kaua anti-brute-force l2Ban
Ua palupalu ʻo Simple Basic Auth i nā hoʻouka kaua brute-force, ʻoiai hiki iā Fail2Ban ke ālai aunoa i nā IP ʻino.
Hoʻonohonoho kānana
palapala:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Hoʻonohonoho hale paʻahao (lōʻihi pāpā hoʻonui)
palapala:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Hopena: ʻO ka pāpā mua no 10 mau minuke, ʻo ka lua no 20 mau minuke, ʻo ke kolu no 40 mau minuke, a pēlā aku. E pāpā ʻia nā mea hoʻouka mau no nā wā lōʻihi.
Hoʻopau i ka palapala hoʻolaha hoʻokahi kaomi
E mālama ma ke ʻano he /usr/local/bin/setup-fail2ban-adminer.sh:
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
执行:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Hopena: Ke Kaulike ʻana ma waena o ka Palekana a me ka Pono
Ke manaʻoʻiʻo nei au ʻaʻole hiki iā ʻoe ke waiho wale i nā mea hana hoʻokele waihona ʻikepili ma ka pūnaewele lehulehu a hoʻohana me ka maluhia o ka noʻonoʻo. He mea hoihoi ka hoʻolālā māmā o ka Luna Hoʻomalu, akā pono e hoʻomau nā hana palekana. ʻO ka pale ʻōlelo huna ka laina mua o ka pale, hāʻawi nā mea hou aunoa i ka palekana mau, a hāʻawi ʻo Fail2Ban i nā hana kūʻē akamai. Ma ka hoʻohui ʻana i kēia mau mea ʻekolu hiki iā ʻoe ke hana i kahi ʻano hoʻokele waihona ʻikepili i kūpono a palekana hoʻi.
ʻAʻole ka haku maoli ka mea ʻike wale i ke kūkulu ʻana i nā mea hana, akā, ʻo ka mea ʻike i ke ʻano e pale aku ai iā lākou.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ʻO ka ʻatikala "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" i kaʻana like ʻia ma aneʻi e kōkua paha iā ʻoe.
Welina mai e kaʻana like i ka loulou o kēia ʻatikala:https://www.chenweiliang.com/cwl-34018.html