昆山ssl适用于网站、小程序/APP、API接口等需要进行数据传输应用场景,ssl证书未来市场广阔!成为创新互联公司的ssl证书销售渠道,可以享受市场价格4-6折优惠!如果有意向欢迎电话联系或者加微信:18982081108(备注:SSL证书合作)期待与您的合作!
2、权限安全
这里放上西部数码的一个安全脚本safe.cmd
west_server_safe.rar,自己解压缩下吧。
再放一份源码版的
复制代码 代码如下:
@echo off
echo y|cacls.exe C:\ /p Administrators:f system:f "network service":r
echo y|cacls.exe D:\ /p Administrators:f system:f servU:f "network service":r
echo y|cacls.exe E:\ /p Administrators:f system:f servU:f "network service":r
echo y|cacls.exe "C:\Program Files" /t /p Administrators:f system:f everyone:r
echo y|cacls.exe "C:\Program Files\Common Files" /t /g Administrators:f system:f everyone:r
echo y|cacls.exe c:\windows /p Administrators:f system:f
echo y|cacls.exe c:\windows\system32 /p Administrators:f system:f
echo y|cacls.exe C:\WINDOWS\system32\inetsrv /p Administrators:f system:f everyone:r
echo y|cacls.exe "C:\Documents and Settings" /p Administrators:f system:f
echo y|cacls.exe "C:\Documents and Settings\All Users" /t /p Administrator:f system:f everyone:r
echo y|cacls.exe c:\windows\temp /p everyone:f
echo y|cacls.exe %systemroot%\system32\shell32.dll /p Administrators:f
echo y|cacls.exe %systemroot%\system32\wshom.ocx /p Administrators:f
echo y|cacls.exe c:\windows\system32\*.exe /p Administrators:f system:f
echo y|cacls.exe "c:\Documents and Settings\All Users" /e /g everyone:r
echo y|cacls.exe %systemroot%\system32\svchost.exe /e /g "network service":r
echo y|cacls.exe %systemroot%\system32\msdtc.exe /e /g "network service":r
echo y|cacls.exe %windir%\system32\mtxex.dll /e /g everyone:r
echo y|cacls.exe c:\windows\system32\cmd.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\net1.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\sc.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\at.exe /p Administrator:f
echo y|cacls.exe %windir%\system32\dllhost.exe /e /g everyone:r
echo y|cacls.exe c:\windows\system32\netsh.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\net.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\cacls.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\cmdkey.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\ftp.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\tftp.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\reg.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\regedt32.exe /p Administrator:f
echo y|cacls.exe c:\windows\system32\regini.exe /p Administrator:f
echo y|cacls.exe %windir%\assembly /e /t /g "network service":r
echo y|cacls.exe %windir%\Microsoft.NET /e /t /g everyone:r
echo y|cacls.exe "%windir%\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /g everyone:f
echo y|cacls.exe %windir%\system32\mscoree.dll /e /g everyone:r
echo y|cacls.exe %windir%\system32\ws03res.dll /e /g everyone:r
echo y|cacls.exe %windir%\system32\msxml*.dll /e /g everyone:r
echo y|cacls.exe C:\WINDOWS\system32\urlmon.dll /e /g everyone:r
echo y|cacls.exe C:\WINDOWS\system32\mlang.dll /e /g everyone:r
echo y|cacls.exe C:\WINDOWS\system32\TAPI32.dll /e /g everyone:r
echo y|cacls.exe C:\WINDOWS\system32\WININET.dll /e /g everyone:r
cacls c:\windows\assembly /e /t /p "network service":r
cacls c:\windows\Microsoft.NET /e /t /p "network service":r
cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f
cacls C:\WINDOWS\system32\mscoree.dll /e /g everyone:r
cacls C:\WINDOWS\system32\ws03res.dll /e /g everyone:r
cacls c:\WINDOWS /e /g "network service":r
if exist c:\windows cacls c:\windows /e /g "network service":r
cacls c:\windows\Microsoft.NET /e /t /p "network service":r
cacls "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files" /e /t /p "network service":f
cacls "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /e /t /p "network service":f
cacls c:\windows\system32 /e /g "network service":r
cacls c:\windows\system32\rasapi32.dll /e /g "network service":r
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\adsiis.dll /p Administrators:f autosystem:f
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\iisadmpwd /p Administrators:f autosystem:f
echo y|cacls.exe C:\WINDOWS\system32\inetsrv\MetaBack /p Administrators:f autosystem:f
cacls C":\Program Files\Serv-U" /e /g "servu":f
cacls d:\wwwroot /e /g servU:f
cacls c:\windows /e /g everyone:R
net stop Browser
sc config Browser start= disabled
net stop lanmanserver
sc config lanmanserver start= disabled
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share admin$ /delete
net share ipc$ /delete
echo .. delshare.reg .......
echo Windows Registry Editor Version 5.00> c:\delshare.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>> c:\delshare.reg
echo "AutoShareWks"=dword:00000000>> c:\delshare.reg
echo "AutoShareServer"=dword:00000000>> c:\delshare.reg
echo .. delshare.reg .....
regedit /s c:\delshare.reg
echo .. delshare.reg ....
del c:\delshare.reg
echo .
echo ........
echo .
echo =========================================================
echo .
echo .....................dos....
echo .
echo .........
echo Windows Registry Editor Version 5.00> c:\dosforwin.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>> c:\dosforwin.reg
echo "EnableICMPRedirect"=dword:00000000>> c:\dosforwin.reg
echo "DeadGWDetectDefault"=dword:00000001>> c:\dosforwin.reg
echo "DontAddDefaultGatewayDefault"=dword:00000000>> c:\dosforwin.reg
echo "EnableSecurityFilters"=dword:00000000">> c:\dosforwin.reg
echo "AllowUnqualifiedQuery"=dword:00000000>> c:\dosforwin.reg
echo "PrioritizeRecordData"=dword:00000001>> c:\dosforwin.reg
echo "ReservedPorts"=hex(7):31,00,34,00,33,00,33,00,2d,00,31,00,34,00,33,00,34,00,\>> c:\dosforwin.reg
echo 00,00,00,00>> c:\dosforwin.reg
echo "SynAttackProtect"=dword:00000002>> c:\dosforwin.reg
echo "EnablePMTUDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "NoNameReleaseOnDemand"=dword:00000001>> c:\dosforwin.reg
echo "EnableDeadGWDetect"=dword:00000000>> c:\dosforwin.reg
echo "KeepAliveTime"=dword:00300000>> c:\dosforwin.reg
echo "PerformRouterDiscovery"=dword:00000000>> c:\dosforwin.reg
echo "EnableICMPRedirects"=dword:00000000>> c:\dosforwin.reg
echo .
echo ==========================================================
echo .. dosforwin.reg .....
regedit /s c:\dosforwin.reg
echo .. dosforwin.reg ....
del c:\dosforwin.reg
echo ==============================================================
echo .
echo ===============================================================
echo ..Remote Registry Service...........
echo .........
echo .
echo Windows Registry Editor Version 5.00> c:\regedit.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]>> c:\regedit.reg
echo "Start"=dword:00000004>> c:\regedit.reg
echo .
echo .. regedit.reg .....
regedit /s c:\regedit.reg
echo .
echo ......
del c:\regedit.reg
echo ===============================================================
echo ..Messenger.......
echo .........
echo Windows Registry Editor Version 5.00> c:\message.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]>> c:\message.reg
echo "Start"=dword:00000004>> c:\message.reg
echo .
echo .. message.reg .....
regedit /s c:\message.reg
echo .
echo .. message.reg
del c:\message.reg
echo ===============================================================
echo ===============================================================
echo ..lanmanserver.......
echo .........
echo Windows Registry Editor Version 5.00> c:\lanmanserver.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]>> c:\lanmanserver.reg
echo "Start"=dword:00000004>> c:\lanmanserver.reg
echo .
echo .. lanmanserver.reg .....
regedit /s c:\lanmanserver.reg
echo .
echo .. lanmanserver.reg
del c:\lanmanserver.reg
echo ==============================================================
echo ...TCP/IP NetBIOS Helper Service
echo .........
echo Windows Registry Editor Version 5.00> c:\netbios.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]>> c:\netbios.reg
echo "Start"=dword:00000004>> c:\netbios.reg
echo .
echo .. netbios.reg .....
regedit /s c:\netbios.reg
echo .
echo .. netbios.reg
del c:\netbios.reg
regedit /s forddos.reg
脚本上未带Serv-u的目录安全权限,就一条。单独发这里了
cacls "C:\Program Files\Serv-U" /t /P administrators:f servu:r
还有一个反操作的,已经打包到上面的文件里面了。
注意哦,里面的目录路径自己都要改成自己的哦。
3、脚本映射
删除无用的脚本映射,让你的服务器会更安全。这里根据西部数码的收集了一份
最简单的修改方法是在这个文件C:\WINDOWS\system32\inetsrv\MetaBase.xml,具体自己打开看了。
SHTML脚本映射
.shtm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.shtml,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
.stm,C:\WINDOWS\system32\inetsrv\ssinc.dll,5,GET,POST
ASP脚本映射
.asp,C:\windows\System32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
.asa,C:\windows\System32\inetsrv\asp.dll,5,GET,HEAD,POST,TRACE
PHP CGI脚本映射
.php,D:\wwwsoft\PHP\php-cgi.exe,5,GET,HEAD,POST,TRACE
.php3,D:\wwwsoft\PHP\php-cgi.exe,5,GET,HEAD,POST,TRACE
PHP ISAPI脚本映射
.php,D:\wwwsoft\PHP\php5isapi.dll,5,GET,HEAD,POST,TRACE
.php3,D:\wwwsoft\PHP\php5isapi.dll,5,GET,HEAD,POST,TRACE
ASP.NET v2.0脚本映射
ASP.net2.0兼容v1.0,所以一般使用2.0的设置就可以了
.asax,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ascx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ashx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.asmx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.aspx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.axd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.vsdisco,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rem,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.soap,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.config,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cs,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.csproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vbproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.webinfo,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.licx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.resources,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.xoml,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.rules,C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.master,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.skin,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.compiled,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.browser,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.mdb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.jsl,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.vjsproj,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sitemap,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.msgx,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.ad,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.dd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.cd,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.adprototype,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.lddprototype,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
;.sdm,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.sdmDocument,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldb,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.svc,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,1,GET,HEAD,POST,DEBUG
.mdf,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.ldf,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.java,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.exclude,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
.refresh,c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll,5,GET,HEAD,POST,DEBUG
不解,上面怎么有java的映射呢?
新闻名称:来自西部数码的WEB服务器安全设置
文章起源:http://www.gawzjz.com/qtweb2/news43/28443.html
网站建设、网络推广公司-创新互联,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联