1. Security Configuration
Modify SSH Port Number
Default 22 is not ideal, change to a preferred one:
# Modify /etc/ssh/sshd_config
# Uncomment Port 22 and change 22 to your preferred number
# Add firewall rule, open port
firewall-cmd --zone=public --add-port=12345/tcp --permanent
# SELinux also needs to open service port
# Install semanage
yum -y install policycoreutils-python
# Add rule
semanage port -a -t ssh_port_t -p tcp 12345 --permanent
# Restart SSH service
systemctl restart sshd.service
Log out and log in again, 22 should no longer work
Add Regular User
# Username
useradd shiwoa
# Password
passwd shiwoa
Then use regular user for daily operations, switch with su when higher privileges needed, disable root ssh login:
# Modify /etc/ssh/sshd_config
# Remove comment from PermitRootLogin yes
# Then change yes to no
# Restart SSH service
systemctl restart sshd.service
Log out and log in again, root can no longer authenticate via password method
2. Static IP, Routing
Use static IP to ensure stable availability:
# Modify /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes # Enable this configuration on boot
BOOTPROTO=static # Usually defaults to dhcp dynamic allocation
IPADDR=<IPv4 address>
NETMASK=<subnet mask>
GATEWAY=<default gateway>
DNS1=<DNS IP>
IPV6INIT=yes
IPV6ADDR=<IPv6 address>
IPV6_AUTOCONF="yes"
DNS2=<IPv6 DNS IP>
# Modify /etc/sysconfig/network-scripts/route-eth0
# Add routing rules for eth0
169.254.0.0/16 dev eth0
# Restart network service after modification
service network restart
# Confirm modification takes effect
ifconfig
# eth0's inet should be the <IPv4 address> configured above
CentOS static routing configuration format see 14.4. Configuring Static Routes
P.S. Generally VPS panels will provide such configuration content, find it and paste directly
P.S. dhcp sometimes encounters situations where ping doesn't work, can try restarting network card: ifdown eth0; ifup eth0
3. Application Software
Install node lts
# install nvm
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.0/install.sh | bash
# source nvm env
source ~/.bashrc; source ~/.bash_profile; source ~/.zshrc; source ~/.profile
# install node lts
nvm install --lts
nvm use --lts
https://raw.githubusercontent.com/creationix/nvm/v0.33.0/install.sh script will detect the above 4 profile files in order, write nvm path, so source all of them to be safe
Install nginx
# install lib
yum install -y gcc-c++; yum install -y pcre pcre-devel; yum install -y zlib zlib-devel; yum install -y openssl openssl--devel
# down src
mkdir -p ~/tmp/nginx-src; cd ~/tmp/nginx-src
wget http://nginx.org/download/nginx-1.9.9.tar.gz
tar -zxvf nginx-1.9.9.tar.gz; cd nginx-1.9.9
# install
./configure
make && make install
# check
whereis nginx
# start
/usr/local/nginx/sbin/nginx
Check if nginx started successfully:
# install net tools
yum install -y net-tools
# check nginx service port
netstat -tlp
IP access:
ip addr | grep -Po '[^ ]+(?=\/\d)'
Turn off firewall:
systemctl stop firewalld
systemctl mask firewalld
Open port:
yum install -y iptables-services
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
service iptables save
Install Strange Things
VPS's greatest use is naturally, there's a one-click script:
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('e=\'d --f-g-6 7://8.9.a/b/c/5/0-3.4\';h=\'i +j 0-3.4\';k=\'./0-3.4 2>&1 | l 0-3.m\';',23,23,'shadowsocks|||libev|sh|master|certificate|https|raw|githubusercontent|com|teddysun|shadowsocks_install|wget|step1|no|check|step2|chmod|x|step3|tee|log'.split('|'),0,{}))
P.S. An interesting JS encryption tool
No comments yet. Be the first to share your thoughts.