《备份集如何防勒索.docx》由会员分享,可在线阅读,更多相关《备份集如何防勒索.docx(5页珍藏版)》请在课桌文档上搜索。
1、近期,周边发了几起勒索病毒事件,大多事件的备份集也一并故修改加密,导致系统瘫痪、备份不可用,针对此情况,我对我们当前的备份方案紧急做了个调整优化:原来备份的方式至挂在备份NAS,定时开启备份脚本,备份完成,修改之后,大致改为了到备份时间时,主动挂在备份NAS,调用备份脚本,开启备份,备份完成后,解挂备份NAS4另外增加操作系统挂在备份文件夹的权限管控,脚本大致如下:。S*ChQttr的默认俞令8例tfNsrbinchottrusrbin1.o0ckBkFH1.etf0.定时任多员点3分片连接四份存储介康,并涧试连接成淋1,连接笈份存赫,淞用的份袋才荣:/SacktJi.cp/ShengChan
2、Files/data.csv6ackpFilesdata-2220829.csvA;”45Ccd/BackUpFilesZtar-CZdata_2022829.csvopenssldes3-salt-kAal23456-out/BackUpFiles/data_2e22e829.tar.gz乩纤6为:openss1.des3d-kAal234561.odckBkFille+i/BackUpFiles/data_20220829.tar.gzf另:针对有备份软件的公司,建议启动备份软件防勒索的功能。大多WindoWS感染勒索比较容易,但是现在UnUX系统也频频出现中勒索的情况,建议部署1.inU
3、X系统按照基线部四,可参考如下脚本:!/bin/sh#Name:centos7-os-init.shtiUriteby:Janff1.astModify:2019-09-20DESC:Ilnux系统优化於安全接*楙CMD:shcentos7-os-init.sht50说明:谈瞬本共建用于CentOS潟优.作为相对通用的模板.行一定的普适性.但烂一般汽实际生产环境ttititttttttittttttt中会亥据第绩的不问功能.进行不同的悉数优化,请各位注急.-#0港抑epel的yum幽耳echoepe1./etc/yum.repos.d/epe1.repoftttechonameEtraPack
4、agesforCentos7-$basearchetcyum.repos.d/epe1.repottUechobaseur1.=http:/epe1.7ServerSbasearch*/exc/yurn.repos,d/epe1.repoinfechofax1.overmethod=priorityetcyum.repos.d/epe1.repo/ftfechoenabled=1”etcyum.repos.d/cpe1.repo/f/fecho9gpgcheck0”stcy三.repos.depe1.repo#於Z1.J拉么物#yu的cleana1.1.ftftyumyuminstallyWg
5、etwget-Petcyum.repos.d/http:/mirrors.aliyun.covarspoolcronrootmkdir-pulshellmkdir-pulsrcmkdir-pu2logmkdir-pu3bakmkdir-pu03nasusername,jan19jpasSMrdl,123456an/172.16.2.78/DB_baku03nos.di;.::.,:;/:etcsecuritylimits.confechohardnproc65536,etcsecuritylimits.confechoo*softnofile65536,*etcsecurityliits.co
6、nfechom*hardnofile65536,etcsecuritylimits.confechosoftnproc65536M/etc/security/limits.d/20-nproc.confKhorootsoftnprocunlimitedetcsecuritylimits.d20-nproc.confecho”测试方式:当前SeSSion退出后期新量该执行:UIimit-Snulimit-Hnwcpetcsysctl.confetcsysctl.conf.bkechoetcsysctl.conf.echo,net.ipv6.conf.all.disable-ipv6letcsys
7、ctl.conflcho*net.ipv6.conf.default.disable_ipv6=l*etcsysctl.confecho,net.ipv4.icmp_echo_ignore_broadcasts=l,etcsysctl.conftemp./,ASecho-net.ipv4.icm-ignore-bogus-error-responsesletcsysctl.confecho11net.ipv4.ip_fonward-,etcsysctl.confecho-net.ipv4.conf.all.send-redirects-etcsysctl.COnfRChC-net.ipv4.c
8、onf.default.sendredirects=etcsysctl.confecho,net.ipv4.conf.all.rp-filter=l*etcsysctl.confecho-net.ipv4.conf.default.rp_fliter三1metcsysct1.confecho*net.ipv4.conf.al1.acceptsourceroute=0*etcsysctl.confecho,et.iv4.conf.defaultaccept_source_routeetcsysctl.confecho,kernel.sysrq=0uetcsysctl.confecho,kerne
9、l.coreusespid=1etcsysct1.confecho*net.ipv4.tcp-syncookies=1etcsysctl.confechowkernel.msgmnb=65536etcsysctl.confechokernel.msgmax三65536,etcsysctl.conforac1.e;.fcSGAechokernel.shmnax=17179869184etcsysctl.confecho,kernel.Shmall-419434etcsysctl.conf。融rv)e1.ShmmQx4K8etcsysctl.confechomnet.ipv4.tcpsack=le
10、tcsysctl.confecho,net.ipv4.tcp_window_scaling=l,*etcsysctl.confhoMnet.ipv4.tcp_rneri-40968738419434etcsysctl.confo,et.ipv4.tcp-wneC409616384419434etcsysctl.confecho*,net.core.vnefndefault=8388608etcsysctl.confecno,et.core.rmem-default=838868*etcsysctl.conf4c11o,net.core.rnem_max=16777216etcsysctl.co
11、nfecho,net.core.wmem-max=16777216,etcsysctl.conf1,77.echownet.corenetdev-max-backlog=262144,etcsysctl.C0f,net.ipv4.tcp-ma-orphans3276800,etcsysctl.confecho,net.ipv4.tcp_max_syn_backlog=262144etcsysctl.confecho*,net.ipv4.tcptImestamps=0hetcsysctl.confC1.Onet.ipv4.tcp_synack_retries-ll,etcsysctl.conf?
12、echnnet.ipv4.tcpsynretries=l,*etcsysctl.confecho,*net.ipv4.tcp-tw-recycIe=lwetcsysctl.confQ加允冷将T科EZAlTsocketsN甑用t即泊TCPZiecho,net.ipv4.tcp_tw_reusc-l*etcsysctl.confecho,net.ipv4.tcp-mem-94S00009i5eeee927eo00e-etcsyscti.conf.ho,net.ipv4.tcp-fin-timeout=letcsysctl.confTCPyetcsysctl.confecho,*net.ipv4.i
13、p_local_port_range=3276865000,etcfi1.ter.nf_conntrack_fnax=fi1.ter.nf_conntrack_tcp_timeout_estab1.ished-12004f檎保尢人能SW收急由kecho,net.ipv4.conf.all.accept-redirects-0etcsysctl.confechonetipv4.conf.default.accept-redirects=0etcsysctl.confec,o,et.ipv4conf.all.secure-redirects=,etcsysctl.confecho,net.ipv4
14、.conf,default.secure-redirects0uetcsysctl.confechomnet.ipv4.conf.a11.log-martians=1,etcsysctl.confpchc,etcsysct1.confchoetcsysctl.cofccho,etcsysctl.confecho,*etcsysctl.confechoetcsysctl.confchoetcsysctl.conf钟启用内核中的SyNcookienet.ipv4.conf.default.log-martians=1-fs.file-max=6815744fs.aio-ma-nr三1648576k
15、ernel.sh11rani-4096kernel.sem=2S0320。100128echoTnetipv4.route.gc-timeout=lprocsysnetipv4tcp-sycookies,vm.swapiness=10etcsysctl.confsysctl-p,4.1Sc1.inuxsed-i,sSE1.INUXenforcingSE1.INUX-disabledg*etcselinuxconfig#4.2关闭不常用曦务.根扭:凝务器的旧途租安装系统时嫉的限拼进行优化,解不必枣的展OffUchkconftgip6tab1.es务关闭,提麻性能.Zfchkconfigiptab
16、1.esOfftfchkconfigabrtccppOffUchkconfigacpidOffitchkconfigauditdOfftfchkconfigb1.k-avai1.abi1.ityOffuchkconfigcertmongeroff#ChkCOnfigcupOffttchkconfigfirstbootOf尸ChkcQnfig/monitorOffuchkconfigpostfixOffltchkconfigrdiscUchkconfigSas1.authd1Offitchkconfigpa_supp1.icantoff/fchkconfigabrtdOffWchkconfiga
17、tdoffchkconfxgautofsOffffchkconfigbluetoothOffffchkconfigCpuspeedofffchkcofigdnsmaqoffchkconfigRdUmPOffnchkconfignetconso1.eOffftchkconfigquota_n1.dOffnchkconfigrestorecondOffttchkconfigsmartdOffitchkconfigypbindOffoff# 4.3女装施挣年户源林袋隧控客户端userdeladmuserdelIpuserdelSyncuserdelShutdownuserdelhaltuserdel
18、Operatoruserdelftp# 4.51.inuxifetcisseetc# 4.6系统关河Ptng#关切Ptng,使系统对Ptng小敞反N.视络安全大育好处,Zfecho1procysnet/ipv4icmp_echo_ignore_a1.1./feehoecho1procsysnetipv4icmp_echo_ignore_a1.1.,9/etc/rcd/rc.IocgIH谀旦系线的Psg阴友:uechoe/proc/sys/net/ipv4/icmp_echo_ignore_a1.1.# #4.7升级OpenSSHOpenSS1.今:安全版佃WWWWW#桑止root聚户.法方优心
19、曲义SSh螭/Zttitsed-i*s/UPort22/Port2022/g1etcsshsshd_configsed-i*s/HPertnitRoot1.oginyes/PermitRoot1.oginno/g,etcsshsshdconfig;-:XeyUminstall-ytelnet#4.9创建督通用户,指定/u0Iu02u03所在部#groupQddgopp#USerGddggappappuser#echol,apuserPMDpasswd-tdinQPPUSer#Chon-Rappuser.goppuiuttchown-Rappuser.gappu02chown-Roppuser.
20、gappu3chown-Aappuser.gappetcrc.1.oca1.uchownRappuser.gappetcrc.d/rc.1.oca1.ffffchwnRappuser.gappetcprof1.effffchown-Rappuser.gappvarspoo1./cronchown-Rroot,rootvarspoo1.cronroot年源源4.19楼定关键文件系统禁止地修&8*chattr+ietcpasswdffffchattr+t/etcinittabcattrietcgroupnffchattri/etc/ShadowttUchQttr+i/etcgshadh4fchat
21、tr0var1.ogmessogetffflf,(7/Chattr命令卜;.为支全我打湎要将3h%H才由Wusrbinchattrusrbin1.ockkeyfi1.e4.11history命令加入时间和螺作不IP的试性*ChQ,tHISTFI1.ESIZE=4&00netcprofiIeUechofHISTSIZE=40009/etc/profxCeUechOHISTTIMEFORMAhRF/Twhoamicutd(f2cutd)fwhoami,letcprofi1.eflechoexpertHISTTIMEFORMATtetcprofI1.eecho,HISTFI1.ESIZE=4eHISTSIZE=40HlSTTlMEFORMAT=%F%Twhoamicut-d(-f2cut-d)-flwhoami,eportHISTTlMEFRMAT-etcrofilesobcoetcprofIlesystemctlstopfirewalld.Servicesystemctldisablefirewalld.serviceyuminstall-ygccretxxt
