Sengoli sa Lingoloa
- 1 Hobaneng o lokela ho kgetha Adminer ho ena le phpMyAdmin?
- 2 Mehato ea ho kenya Motsamaisi ho HestiaCP
- 3 Ntlafatsa lifaele tsa Motsamaisi ka bohona
- 4 Tlhaselo ea Fail2Ban khahlanong le matla a mabifi
- 5 Tlatsa sengoloa sa ho kenya tshebetsong ka ho tobetsa hanngoe
- 6 Qetello: Ho Leka-lekanya Polokeho le Bokgoni
Haufinyane HestiaCP Tataiso ena e felletseng ea ho kenya Adminer e kenyelletsa ho kenya hanngoe feela, ho thatafatsa ts'ireletso, le mehato ea ho hlophisa ka boiketsetso. E u ruta mohato ka mohato mokhoa oa ho kenya lisebelisoa tsa taolo ea database le ho sireletsa seva ea hau, e leng se etsang hore ho be bonolo ho ba qalang ho qala kapele le ho rarolla mathata a ts'ebetso le tlhokomelo ea HestiaCP + Adminer.
Haeba o ntse o sebedisa disebediswa tsa taolo ya database ntle le tshireletso, o nehelana ka dinotlolo ho di-hacker.
Hobaneng o lokela ho kgetha Adminer ho ena le... phpMyAdmin?
Adminer e na le faele e le 'ngoe ea PHP e ka tlase ho 1MB, e leng se etsang hore ho kenngoa ha faele ho be bonolo haholo, ho potlake, le ho sebelisa mehloli hantle.
Ha e bapisoa le sebopeho se rarahaneng sa phpMyAdmin, Admininer e loketse haholoanyane bakeng sa VPS, liwebsaete tse nyane le merero ea botho.
Mehato ea ho kenya Motsamaisi ho HestiaCP
1. Khoasolla faele ea Motsamaisi
E ea ho Webosaete ea Semmuso ea Motsamaisi Khoasolla mofuta oa morao-rao adminer.php.
Kenya faele bukeng ea webosaete ea HestiaCP, mohlala:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. Theha subdomain mme o kgone ho kenya tshebetsong SSL.
Kenya subdomain phanele ea HestiaCP adminer.domain.comNolofatsa A re Encrypt SSL ho netefatsa phetiso e sireletsehileng.
3. Lokisa tšireletso ea phasewete ea Nginx
Kenya tse latelang faeleng ea tlhophiso ea Nginx bakeng sa subdomain:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Hlahisa faele ea phasewete:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
Ha o kena ho Motsamaisi, lebokose la puisano la phasewete le tla hlaha, mme o ka kena feela ka ho kenya lebitso la mosebedisi le phasewete tse nepahetseng.
Ntlafatsa lifaele tsa Motsamaisi ka bohona
Ho qoba likotsi tsa ts'ireletso tse amanang le ho sebelisa mefuta ea khale, lintlafatso tse iketsang li ka finyelloa ka ho sebelisa li-script tsa shell le mesebetsi e reriloeng ea Cron.
Ntlafatsa mohlala oa sengoloa
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
Boloka e le /usr/local/bin/update-adminer.sh'Me u kenye mosebetsi o reriloeng:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
Ka tsela ena, faele ea Motsamaisi e tla ntlafatsoa ka bo eona Mantaha o mong le o mong ka 3 hoseng.
Fail2 Thibela tlhaselo e khahlanong le matla a mabifi
Simple Basic Auth e kotsing ea ho hlaseloa ke litlhaselo tsa brute-force, ha Fail2Ban e ka thibela li-IP tse kotsi ka bo eona.
Tlhophiso ea sefa
tokomane:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Tlhophiso ea chankana (nako e eketsehileng ea thibelo)
tokomane:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Phello: Thibelo ea pele ke ea metsotso e 10, ea bobeli ke ea metsotso e 20, ea boraro ke ea metsotso e 40, jj. Bahlaseli ba tsoelang pele ba tla thibeloa ka nako e telele le ho feta.
Tlatsa sengoloa sa ho kenya tshebetsong ka ho tobetsa hanngoe
Boloka e le /usr/local/bin/setup-fail2ban-adminer.sh:
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
kenya tshebetsong:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Qetello: Ho Leka-lekanya Polokeho le Bokgoni
Ke lumela ka tieo hore lisebelisoa tsa taolo ea database ha se ntho eo u ka e tlohelang feela inthaneteng ea sechaba 'me ua e sebelisa ka khotso ea kelello. Moralo o bobebe oa Adminer oa ipiletsa, empa mehato ea ts'ireletso e tlameha ho tsamaisana le lebelo. Tšireletso ea phasewete ke mola oa pele oa tšireletso, lintlafatso tse iketsang li fana ka tšireletso e tsoelang pele, 'me Fail2Ban e fana ka mehato e bohlale ea ho itšireletsa. Ke ka ho kopanya likarolo tsena tse tharo feela moo u ka thehang tikoloho ea taolo ea database e sebetsang hantle le e sireletsehileng.
Mong'a 'nete ha se motho ea tsebang ho haha lisebelisoa feela, empa ke motho ea tsebang ho li sireletsa.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Sengoloa se reng "Ho Kenya Tsamaiso ea HestiaCP: Litlhophiso tsa Ts'ireletso ea Otomatiki + Ntlafatso ea Tsamaiso ea Database" se arolelanoang mona se ka ba molemo ho uena.
Rea u amohela ho arolelana sehokelo sa sengoloa sena:https://www.chenweiliang.com/cwl-34018.html