Tsab ntawv teev npe
- 1 Vim li cas ho xaiv Admin es tsis yog phpMyAdmin?
- 2 Cov kauj ruam rau kev teeb tsa Administrator hauv HestiaCP
- 3 Hloov kho cov ntaub ntawv ntawm Administrator yam tsis tas siv neeg
- 4 Fail2Ban tawm tsam kev tawm tsam brute-force
- 5 Ua tiav ib qho nias rau ntawm tsab ntawv xa tawm
- 6 Xaus Lus: Kev Sib Npaug ntawm Kev Nyab Xeeb thiab Kev Ua Haujlwm Zoo
Tseeb HestiaCP Phau ntawv qhia ua tiav no rau kev teeb tsa Adminer suav nrog kev xa tawm ib zaug xwb, kev ruaj ntseg ruaj khov, thiab cov kauj ruam teeb tsa tsis siv neeg. Nws qhia koj ib kauj ruam zuj zus yuav ua li cas xa cov cuab yeej tswj hwm database thiab tiv thaiv koj lub server, ua rau nws yooj yim rau cov neeg pib tshiab pib sai thiab daws cov teeb meem ntawm HestiaCP + Adminer kev ua haujlwm thiab kev saib xyuas.
Yog tias koj tseem siv cov cuab yeej tswj hwm database yam tsis muaj kev tiv thaiv, koj tab tom muab cov yuam sij rau cov neeg nyiag khoom.
Vim li cas ho xaiv Admin es tsis yog... phpmyadmin?
Tus thawj coj muaj ib cov ntaub ntawv PHP tsawg dua 1MB, ua rau kev xa tawm yooj yim heev, ceev, thiab siv cov peev txheej zoo.
Piv rau cov qauv nyuaj ntawm phpMyAdmin, Adminer zoo dua rau VPS, cov vev xaib me me, thiab cov haujlwm tus kheej.
Cov kauj ruam rau kev teeb tsa Administrator hauv HestiaCP
1. Rub tawm cov ntaub ntawv Administrator
Mus rau Lub Vev Xaib Administrator Rub tawm qhov tseeb tshaj plaws adminer.php.
Upload cov ntaub ntawv mus rau hauv lub vev xaib HestiaCP, piv txwv li:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. Tsim ib lub subdomain thiab qhib SSL.
Ntxiv ib lub subdomain hauv vaj huam sib luag HestiaCP adminer.domain.comQhib Let's Encrypt SSL kom ntseeg tau tias muaj kev xa mus ruaj ntseg.
3. Kho Nginx kev tiv thaiv lo lus zais
Ntxiv cov hauv qab no rau cov ntaub ntawv teeb tsa Nginx rau lub subdomain:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Tsim cov ntaub ntawv password:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
Thaum koj nkag mus rau hauv Administrator, lub thawv sib tham txog lo lus zais yuav tshwm sim, thiab koj tsuas tuaj yeem nkag mus rau hauv los ntawm kev sau lub npe neeg siv thiab lo lus zais kom raug.
Hloov kho cov ntaub ntawv ntawm Administrator yam tsis tas siv neeg
Yuav kom tsis txhob muaj kev pheej hmoo kev ruaj ntseg uas cuam tshuam nrog kev siv cov qauv qub, kev hloov kho tshiab tsis siv neeg tuaj yeem ua tiav los ntawm kev siv cov ntawv sau plhaub thiab Cron cov haujlwm teem sijhawm.
Piv txwv ntawm tsab ntawv hloov tshiab
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
Txuag li /usr/local/bin/update-adminer.shThiab ntxiv ib txoj haujlwm teem sijhawm:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
Li no, cov ntaub ntawv Administrator yuav raug hloov kho tshiab txhua hnub Monday thaum 3 teev sawv ntxov.
Fail2Ban kev tawm tsam tiv thaiv kev siv zog ntau dhau
Simple Basic Auth muaj kev phom sij rau kev tawm tsam brute-force, thaum Fail2Ban tuaj yeem thaiv cov IPs phem.
Kev teeb tsa lim dej
ntaub ntawv:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Kev teeb tsa hauv tsev loj cuj (lub sijhawm txwv tsis pub nkag)
ntaub ntawv:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Cov Nyhuv: Thawj qhov kev txwv yog rau 10 feeb, qhov thib ob rau 20 feeb, qhov thib peb rau 40 feeb, thiab lwm yam. Cov neeg tawm tsam tas li yuav raug txwv rau lub sijhawm ntev dua.
Ua tiav ib qho nias rau ntawm tsab ntawv xa tawm
Txuag li /usr/local/bin/setup-fail2ban-adminer.sh:
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
siv:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Xaus Lus: Kev Sib Npaug ntawm Kev Nyab Xeeb thiab Kev Ua Haujlwm Zoo
Kuv ntseeg ruaj khov tias cov cuab yeej tswj hwm database tsis yog ib yam dab tsi uas koj tuaj yeem tso rau hauv internet pej xeem thiab siv nrog kev thaj yeeb ntawm lub siab. Adminer tus qauv tsim sib dua yog qhov txaus nyiam, tab sis kev ntsuas kev ruaj ntseg yuav tsum ua raws li qhov nrawm. Kev tiv thaiv lo lus zais yog thawj kab ntawm kev tiv thaiv, kev hloov kho tshiab tsis siv neeg muab kev tiv thaiv tas mus li, thiab Fail2Ban muab cov kev ntsuas ntse. Tsuas yog los ntawm kev sib koom ua ke peb yam no koj tuaj yeem tsim ib puag ncig kev tswj hwm database uas ua haujlwm tau zoo thiab muaj kev nyab xeeb.
Ib tug tswv tiag tiag tsis yog ib tug neeg uas tsuas paub tsim cov cuab yeej xwb, tab sis yog ib tug neeg uas paub yuav ua li cas tiv thaiv lawv.
Cia siab Chen Weiliang Blog ( https://www.chenweiliang.com/ Tsab xov xwm "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" uas tau muab qhia rau ntawm no yuav pab tau koj.
Zoo siab txais tos los qhia qhov txuas ntawm kab lus no:https://www.chenweiliang.com/cwl-34018.html