centos 5.1下的安全设置(适合所有的linux版本)

　　首先再次确认一下ipv6功能是不是被启动的状态。

[root@www ~]# ifconfig -a　← 列出全部网络接口信息
sit0 Link encap:IPv6-in-IPv4　← 确认ipv6是被启动的状态
[root@www ~]# vi /etc/modprobe.conf← 修改相应配置文件，添加如下行到文尾：
alias net-pf-10 off
alias ipv6 off
[root@www ~]# shutdown -r now 　← 重新启动系统，使设置生效
修改/etc/yum.repos.d/CentOS-Base.repo，将镜象站点地址改为在中国的镜象站点地址。不然我们通过yum安装软件速度会极慢。修改如下
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever – Base
baseurl=http://mirrors.shlug.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#released updates
[updates]
name=CentOS-$releasever – Updates
baseurl=http://mirrors.shlug.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever – Addons
baseurl=http://mirrors.shlug.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0
#additional packages that may be useful
[extras]
name=CentOS-$releasever – Extras
baseurl=http://mirrors.shlug.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=0
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever – Plus
baseurl=http://mirrors.shlug.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
protect=1
#contrib – packages by Centos Users
[contrib]
name=CentOS-$releasever – Contrib
baseurl=http://mirrors.shlug.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
protect=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

更新系统[root@www ~]#yum -y upgrade
一些安全的设置
1、用防火墙关闭不须要的任何端口，别人PING不到服务器，威胁自然减少了一大半

防止别人ping的方法：

1）命令提示符下打
echo 1　> /proc/sys/net/ipv4/icmp_ignore_all

2）用防火墙禁止(或丢弃) icmp 包