estel/estel_docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

删除本地content目录,改为由github获取

Browse Source
This commit is contained in:
estel
2025-08-08 10:59:21 +08:00
parent ff52407ef9
commit 9e8a7f5c14
57 changed files with 2 additions and 7101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
content/blog/1.技术栈/996.安装 VS Code到浏览器 -- Code Server copy.md
View File

@@ -1,213 +0,0 @@
---
title: 安装 VS Code到浏览器 -- Code Server
description: 在浏览器中安装 VS Code
date: 2025-05-23
img: https://lijue-me.oss-cn-chengdu.aliyuncs.com/20250616220449750.png
navigation:
icon: simple-icons:visualstudiocode
---
> 🔒 **文档说明**:本文针对新部署的 Debian 12 云服务器,提供必做的安全加固与性能优化配置清单。适用于**运维人员**及**Linux初学者**,可有效防御 90% 的常见攻击向量。
## 技术TAG
`#Debian12安全设置` `#Linux加固` `#服务器优化` `#云服务器安全` `#SSH加固`
---
## 一、初始登录与用户安全
### 1. 创建替代root的用户
```bash
# 创建管理员用户(示例用户名为 sysadmin
adduser sysadmin
usermod -aG sudo sysadmin
# 验证新用户sudo权限
su - sysadmin
sudo whoami # 应返回root
```
### 2. 禁用root SSH登录
```bash
sudo nano /etc/ssh/sshd_config
# 修改以下配置:
PermitRootLogin no
PasswordAuthentication no # 强制使用密钥登录
```
> ⚠️ **关键提示**
> 1. 操作前必须配置好SSH密钥否则会锁定服务器
> 2. 执行后重载服务:`sudo systemctl reload ssh`
---
## 二、防火墙配置
### UFW基础设置
```bash
# 安装UFW
sudo apt install ufw -y
# 默认策略
sudo ufw default deny incoming
sudo ufw default allow outgoing
# 允许端口(按需开放)
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
# 启用防火墙
sudo ufw enable
sudo ufw status verbose # 验证规则
```
### 端口安全技巧
```bash
# 更改SSH端口可选
sudo nano /etc/ssh/sshd_config
# 修改: Port 2222 # 改为非标准端口
# 仅允许特定IP访问SSH
sudo ufw allow proto tcp from 192.168.1.100 to any port 22
```
---
## 三、系统更新与自动维护
### 初始全面更新
```bash
sudo apt update && sudo apt full-upgrade -y
sudo apt autoremove && sudo apt clean
```
### 配置自动安全更新
```bash
sudo apt install unattended-upgrades apt-listchanges
# 启用配置
sudo dpkg-reconfigure -plow unattended-upgrades
# 验证状态:
sudo systemctl status unattended-upgrades
```
> 🔧 **配置文件优化** (`/etc/apt/apt.conf.d/50unattended-upgrades`)
> ```json
> Unattended-Upgrade::Remove-Unused-Dependencies "true";
> Unattended-Upgrade::Automatic-Reboot "true";
> Unattended-Upgrade::Automatic-Reboot-Time "03:00";
> ```
---
## 四、安全加固关键措施
### 1. 启用基础入侵防护
```bash
# 安装fail2ban
sudo apt install fail2ban -y
# 配置SSH防护
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
```
```ini
[sshd]
enabled = true
maxretry = 3
bantime = 1h
```
### 2. 内核安全加固
```bash
# 安装安全组件
sudo apt install linux-hardened apparmor apparmor-utils -y
# 启用AppArmor
sudo apparmor_status
sudo aa-enforce /etc/apparmor.d/* # 强制所有配置
```
---
## 五、性能优化设置
### 1. 交换空间优化
```bash
# 调整Swappiness值推荐10-30
echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf
# 启用Zswap压缩缓存内存<8GB时尤其有效
echo 'zswap.enabled=1' | sudo tee -a /etc/sysctl.conf
```
### 2. 文件描述符与进程优化
```bash
# 提高系统限制
sudo nano /etc/security/limits.conf
```
```conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
```
### 3. 日志管理(防止占满磁盘)
```bash
# 安装日志轮询工具
sudo apt install logrotate -y
# 手动压缩现有大日志
sudo find /var/log -size +100M -exec truncate -s 10M {} \;
```
---
## 六、审计与监控
### 安装基础监控组件
```bash
sudo apt install sysstat htop net-tools tree ncdu
# 启用sysstat数据收集
sudo sed -i 's/false/true/g' /etc/default/sysstat
sudo systemctl enable --now sysstat
```
### 关键审计命令
```bash
# 检查异常登录:
sudo lastb -a | head -20
# 检查SUID文件
sudo find / -perm /4000 -ls
# 列出开放端口:
sudo ss -tunlp
```
> 📊 **推荐可视化工具**
> - Cockpit (轻量级Web面板)`sudo apt install cockpit`
> - Netdata (实时监控)`bash <(curl -Ss https://my-netdata.io/kickstart.sh)`
---
**最终安全检查清单**
```bash
echo "[+] SSH 配置"
sudo sshd -t && grep -E "PermitRoot|PasswordAuth" /etc/ssh/sshd_config
echo "[+] 防火墙状态"
sudo ufw status
echo "[]+ 更新状态"
sudo unattended-upgrades --dry-run
```
![服务器安全架构](https://example.com/img/debian-security-layers.png)
*(安全层示意图:网络防火墙→系统加固→应用防护)*
> 🔐 **维护建议**
> 1. 每月执行:`sudo lynis audit system` (安装:`apt install lynis`)
> 2. 每季度更新所有SSL证书即使未到期
> 3. 使用自动配置管理工具如Ansible维护服务器状态
**文档版本**: v1.2
**测试环境**: Debian 12.5 (Kernel 6.1.x) 云服务器
**最后更新**: 2024-06-15