參考文章:vim
http://www.hksilicon.com/kb/articles/594621/CentOS-7服務器
1. 查看時區是否正確timedatectl,若不正確則設置時區 timedatectl set-timezone Asia/Shanghaiapp
2. 更改root用戶密碼,輸入passwd,數字、大小寫、標點符號,15位以上ssh
3. 增長一個普通用戶"adduser username",設置密碼"passwd username"spa
4. 禁止root ssh登錄"vim /etc/ssh/sshd_config","#PermitRootLogin yes"改成"PermitRootLogin no",重啓ssh服務"systemctl restart sshd.service"rest
5. 修改ssh端口"vim /etc/ssh/sshd_config","#Port 22"改成"Port xxxx"(xxxx爲1024 – 65535中的數字),重啓ssh服務"systemctl restart sshd.service"。啓動自帶防火牆"systemctl start firewalld",修改防火牆ssh端口"cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/","vim /etc/firewalld/services/ssh.xml",查找port="22",改成設定的端口,保存,重啓防火牆"firewall-cmd --reload"。
xml
6. 啓用公鑰驗證登入ssh,提交本機id_rsa.pub到服務器的.ssh/authorized_keys。開啓雙重驗證,"vim /etc/ssh/sshd_config",末尾添加"AuthenticationMethods publickey,password",重啓ssh服務"systemctl restart sshd.service"get
7. 自動更新軟件"yum -y update"更新一下軟件,安裝"yum -y install cronie yum-cron",修改配置文件"vim /etc/yum/yum-cron.conf",改成"apply_updates = yes",開啓自動更新服務"systemctl start crond","systemctl start yum-cron"cmd
8. 配置防火牆,"yum install firewalld","firewall-cmd --list-all"it