Untuk keamanan server Linux Centos kita maka kita perlu mengubah port SSH daemon. Setelah kita mengubah port SSH daemon maka kita perlu melakukan penyesuaian seting pada firewalld
Langkah-langkah penyesuian port SSHD pada firewalld adalah
- Pastikan SELinux Disabled
- Mematikan firewalld:
# systemctl stop firewalld
- Mengubah port SSH daemon:
# vi /etc/ssh/sshd_config
# cat /etc/ssh/sshd_config | grep Port
Port 1022
- Merestart SSH daemon:
# systemctl restart sshd
- Menyesuaikan seting firewalld:
# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/# vi /etc/firewalld/services/ssh.xml# cat /etc/firewalld/services/ssh.xml
<?xml version=”1.0″ encoding=”utf-8″?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol=”tcp” port=”1022″/>
</service>
- Melihat konfigurasi zone:
[root@mail5 firewalld]# pwd
/etc/firewalld[root@mail5 firewalld]# cat firewalld.conf | grep DefaultZone
DefaultZone=public[root@mail5 firewalld]# cat zones/public.xml
<?xml version=”1.0″ encoding=”utf-8″?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name=”ssh”/>
<service name=”dhcpv6-client”/>
<service name=”ftp”/>
</zone>
- Menghidupkan firewalld
# systemctl start firewalld
Informasi lebih lanjut silahkan mengunjungi
1. https://firewalld.org/documentation/
2. https://firewalld.org/documentation/concepts.html
3. https://firewalld.org/documentation/configuration/directories.html .
Kunjungi www.proweb.co.id untuk menambah wawasan anda.
Pingback:Service Zone – PT Proweb Indonesia