备份集如何防勒索.docx

近期,周边发了几起勒索病毒事件，大多事件的备份集也一并故修改加密,导致系统瘫痪、备份不可用,针对此情况，我对我们当前的备份方案紧急做了个调整优化：原来备份的方式至挂在备份NAS,定时开启备份脚本,备份完成,修改之后，大致改为了到备份时间时，主动挂在备份NAS,调用备份脚本，开启备份，备份完成后，解挂备份NAS4另外增加操作系统挂在备份文件夹的权限管控，脚本大致如下：。S*ChQttr的默认俞令8例tfNsrbinchottrusrbin1.o0ckBkFH1.etf0.定时任多员点3分片连接四份存储介康,并涧试连接成£淋1，连接笈份存赫,淞用的份袋才荣：/SacktJi.cp/ShengChanFiles/data.csv6ackpFilesdata-2220829.csvA；”45Ccd/BackUpFilesZtar-CZdata_2022829.csvopenssldes3-salt-kAal23456-out/BackUpFiles/data_2e22e829.tar.gz乩纤6为：openss1.des3d-kAal234561.odckBkFille+i/BackUpFiles/data_20220829.tar.gzf另：针对有备份软件的公司，建议启动备份软件防勒索的功能。大多WindoWS感染勒索比较容易,但是现在UnUX系统也频频出现中勒索的情况,建议部署1.inUX系统按照基线部四,可参考如下脚本：»!/bin/sh#Name:centos7-os-init.shtiUriteby:Janff1.astModify:2019-09-20»DESC:Ilnux系统优化於安全接*楙CMD:shcentos7-os-init.sht50说明：谈瞬本共建用于CentOS潟优.作为相对通用的模板.行一定的普适性.但烂一般汽实际生产环境ttititttttttittttttt中会亥据第绩的不问功能.进行不同的悉数优化,请各位注急.«-#0港抑epel的yum幽耳echo"epe1.">>/etc/yum.repos.d/epe1.repoftttecho"nameE×traPackagesforCentos7-$basearch">>etcyum.repos.d/epe1.repottUecho"baseur1.=http:/epe1.7ServerSbasearch*'»/exc/yurn.repos,d/epe1.repoinfecho"fax1.overmethod=priority">>etcyum.repos.d/epe1.repo/ftfecho"enabled=1”»etcyum.repos.d/cpe1.repo/f/fecho9gpgcheck0”>>stcy三.repos.depe1.repo#於Z1.J拉么物#yu的cleana1.1.ftftyumyuminstallyWgetwget-Petcyum.repos.d/http:/mirrors.aliyun.co<nrepoepel-7.repoyumcleanallyummakecacheyumrepolist焚rpm-ivhyuminstall-yntpdatecp/usr/share/zoneinfo/Asia/Shanghaietclocaltimentp-path='whichntpdate'$ntp_path172.16.2.89hwclock-wccho,l13t$ntp_path172.16.2.89">>varspoolcronrootmkdir-pulshellmkdir-pulsrcmkdir-pu2logmkdir-pu3bakmkdir-pu03nasusername',jan19jpasSM>rdl,123456a>n/172.16.2.78/DB_baku03nos.di"；.'.：:.，：；/：'<echo'fsoftnproc65536">>etcsecuritylimits.confechohardnproc65536',>>etcsecuritylimits.confechoo*softnofile65536,*>>etcsecurityliits.confechom*hardnofile65536,>>etcsecuritylimits.confecho"softnproc65536M>/etc/security/limits.d/20-nproc.conf«Kho"rootsoftnprocunlimited">>etcsecuritylimits.d20-nproc.confecho”测试方式:当前SeSSion退出后期新量该执行：UIimit-Snulimit-Hnwcpetcsysctl.confetcsysctl.conf.bkecho''>etcsysctl.conf.echo,net.ipv6.conf.all.disable-ipv6l">>etcsysctl.conflcho*net.ipv6.conf.default.disable_ipv6=l*>>etcsysctl.confecho,net.ipv4.icmp_echo_ignore_broadcasts=l,>>etcsysctl.conftemp./>,AS÷echo-net.ipv4.icm-ignore-bogus-error-responses»l">>etcsysctl.confecho11net.ipv4.ip_fonward-,>>>etcsysctl.confecho-net.ipv4.conf.all.send-redirects-">>etcsysctl.COnfRChC-net.ipv4.conf.default.sendredirects=">>etcsysctl.confecho,net.ipv4.conf.all.rp-filter=l*>>etcsysctl.confecho-net.ipv4.conf.default.rp_fliter三1m>>etcsysct1.confecho*net.ipv4.conf.al1.acceptsourceroute=0*>>etcsysctl.confecho,et.iv4.conf.defaultaccept_source_route«">>etcsysctl.confecho,'kernel.sysrq=0u>>etcsysctl.confecho,'kernel.coreusespid=1">>etcsysct1.confecho*net.ipv4.tcp-syncookies=1">>etcsysctl.confechowkernel.msgmnb=65536">>etcsysctl.confecho"kernel.msgmax三65536,>>>etcsysctl.conforac1.e；'.fcSGAecho"kernel.shmnax=17179869184">>etcsysctl.confecho,kernel.Shmall-419434">>etcsysctl.conf。融rv)e1.ShmmQx4K8<4096"tffnei”的段依以“18000echo,net.ipv4.tcp-ma×-tw-buckets6000'*>>etcsysctl.confechomnet.ipv4.tcpsack=l">>etcsysctl.confecho,net.ipv4.tcp_window_scaling=l,*>>etcsysctl.confhoMnet.ipv4.tcp_rneri-40968738419434">>etcsysctl.confo,et.ipv4.tcp-wneC409616384419434">>etcsysctl.confecho*,net.core.vnefndefault=8388608">>etcsysctl.confecno,et.core.rmem-default=838868*'>>etcsysctl.conf4c11o,net.core.r«nem_max=16777216">>etcsysctl.confecho,'net.core.wmem-max=16777216,>>etcsysctl.conf1,÷77.echownet.corenetdev-max-backlog=262144,>>etcsysctl.C0f,net.ipv4.tcp-ma×-orphans3276800',>>etcsysctl.confecho,net.ipv4.tcp_max_syn_backlog=262144">>etcsysctl.confecho*,net.ipv4.tcptImestamps=0h>>etcsysctl.confC1.O"net.ipv4.tcp_synack_retries-ll,>>etcsysctl.conf?echn"net.ipv4.tcpsynretries=l,*>>etcsysctl.confecho,*net.ipv4.tcp-tw-recycIe=lw>>etcsysctl.confQ加允冷将T科EZAlTsocketsN甑用t即泊TCPZiecho,net.ipv4.tcp_tw_reusc-l*>>etcsysctl.confecho,net.ipv4.tcp-mem-94S00009i5ee«ee927eo00e->>etcsyscti.conf.ho,net.ipv4.tcp-fin-timeout=l">>etcsysctl.confTCPy<ikeepa1.ive.'2echoet.ipv4.tcp-keepalive-time30">>etcsysctl.confecho,*net.ipv4.ip_local_port_range=3276865000,>>etcfi1.ter.nf_conntrack_fnax=fi1.ter.nf_conntrack_tcp_timeout_estab1.ished-12004f檎保尢人能SW收急由kecho,net.ipv4.conf.all.accept-redirects-0">>etcsysctl.confecho"netipv4.conf.default.accept-redirects=0">>etcsysctl.confec,o,et.ipv4conf.all.secure-redirects=,'>>etcsysctl.confecho,net.ipv4.conf,default.secure-redirects0u>>etcsysctl.confechomnet.ipv4.conf.a11.log-martians=1,>>etcsysctl.confpchc,>>etcsysct1.confcho">>etcsysctl.cofccho,<>>etcsysctl.confecho,*>>etcsysctl.confecho'>>>etcsysctl.confcho">>etcsysctl.conf钟启用内核中的SyNcookie"net.ipv4.conf.default.log-martians=1-fs.file-max=6815744"fs.aio-ma×-nr三1648576"kernel.sh11rani-4096"kernel.sem=2S0320。100128"echoT>"netipv4.route.gc-timeout=lprocsysnetipv4tcp-sycookies,vm.swapiness=10">>etcsysctl.confsysctl-p,4.1Sc1.inuxsed-i,sSE1.INUXenforcingSE1.INUX-disabledg*etcselinuxconfig#4.2关闭不常用曦务.根扭:凝务器的旧途租安装系统时嫉的限拼进行优化,解不必枣的展OffUchkconftgip6tab1.es务关闭,提麻性能.Zfchkconfigiptab1.esOfftfchkconfigabrtccppOffUchkconfigacpidOffitchkconfigauditdOfftfchkconfigb1.k-avai1.abi1.ityOffuchkconfigcertmongeroff#ChkCOnfigcupOffttchkconfigfirstbootOf尸ChkcQnfig/monitorOffuchkconfigpostfixOffltchkconfigrdiscUchkconfigSas1.authd1Offitchkconfigpa_supp1.icantoff/fchkconfigabrtdOffWchkconfigatdoffchkconfxgautofsOffffchkconfigbluetoothOffffchkconfigCpuspeedofffchkcofigdnsmaqoffchkconfigRdUmPOffnchkconfignetconso1.eOffftchkconfigquota_n1.dOffnchkconfigrestorecondOffttchkconfigsmartdOffitchkconfigypbindOffoff# 4.3女装施挣年户源林袋隧控客户端userdeladmuserdelIpuserdelSyncuserdelShutdownuserdelhaltuserdelOperatoruserdelftp# 4.51.inuxi>f>etcisse>etc# 4.6系统关河Ptng#关切Ptng,使系统对Ptng小敞反N."视络安全大育好处,Zfecho1>procysnet/ipv4icmp_echo_ignore_a1.1./feeho"echo1>procsysnetipv4icmp_echo_ignore_a1.1.,9>>/etc/rcd/rc.IocgIH谀旦系线的Psg阴友：uechoe>/proc/sys/net/ipv4/icmp_echo_ignore_a1.1.# #4.7升级OpenSSHOpenSS1.今:安全版佃WWWWW#桑止root聚户.法方优心曲义SSh螭/Zttitsed-i*s/UPort22/Port2022/g1etcsshsshd_configsed-i*s/HPertnitRoot1.oginyes/PermitRoot1.oginno/g,etcsshsshdconfig；-：XeyUminstall-ytelnet#4.9创建督通用户,指定/u0Iu02u03所在部#groupQddgopp#USerGddggappappuser#echol,apuserPMD"passwd-tdinQPPUSer#Chon-Rappuser.goppuiuttchown-Rappuser.gappu02chown-Roppuser.gappu3chown-Aappuser.gappetcrc.1.oca1.uchownRappuser.gappetcrc.d/rc.1.oca1.ffffchwnRappuser.gappetcprof1.effffchown-Rappuser.gappvarspoo1./cronchown-Rroot,rootvarspoo1.cronroot年源源4.19楼定关键文件系统禁止地修&8*chattr+ietcpasswdffffchattr+t/etcinittabcattrietcgroupnffchattr÷i/etc/ShadowttUchQttr+i/etcgshadh4fchattr÷0var1.ogmessogetffflf,(¢7/Chattr命令卜；.为支全我打湎要将3h%H才由Wusrbinchattrusrbin1.ockkeyfi1.e»4.11history命令加入时间和螺作不IP的试性*ChQ,tHISTFI1.ESIZE=4&00n>>etcprofiIeUechofHISTSIZE=40009>>/etc/profxCeUechO'HISTTIMEFORMAhRF/T'whoamicutd(f2cutd)f'whoami',l>>>etcprofi1.eflecho"expertHISTTIMEFORMATt>>etcprofI1.eecho,'HISTFI1.ESIZE=4eHISTSIZE=40HlSTTlMEFORMAT="%F%Twhoamicut-d(-f2cut-d)-fl'whoami,e×portHISTTlMEFRMAT->>etcrofilesobcoetcprofIlesystemctlstopfirewalld.Servicesystemctldisablefirewalld.serviceyuminstall-ygccretxx>t