1、改LOGO--------------
2\改mail.szshequ.com----------------
3、改密码---------
4、改root端口
5、reboot
默认安装后(升级CENTOS后),开放的端口用X-Scan-v3.1扫描可见如下端口:
smtp (25/tcp)
imap (143/tcp)
www (80/tcp)
pop3 (110/tcp)
SSH (22/tcp)
https (443/tcp)
应该说,默认安装还是比较安全的。
由于extman有校验码,需要校对时间
yum -y install ntp
crontab -e
*/15 * * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
[root@mail ~]# vi /usr/local/sbin/fw.sh
service iptables stop
# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
# WWW Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# POP3 Service
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
# SSH Service
/sbin/iptables -A INPUT -p tcp --dport 422 -j ACCEPT
# smtp Service
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# Anti DDOS
/sbin/iptables -I INPUT -p tcp --syn -m ttl --ttl-eq 117 -j DROP
/sbin/iptables -I INPUT -p tcp --syn -m length --length :40 -j DROP
"/usr/local/sbin/fw.sh" [New] 25L, 870C written
[root@mail ~]# chmod 755 /usr/local/sbin/fw.sh
[root@mail ~]# echo '/usr/local/sbin/fw.sh' >> /etc/rc.d/rc.local
[root@mail ~]# cat /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
/usr/bin/freshclam --daemon
/usr/local/slockd/slockd-init start
/usr/local/sbin/fw.sh
[root@mail ~]# ./usr/local/sbin/fw.sh
阅读(3772) | 评论(0) | 转发(0) |