Security

Manage operating system firewall, SSH service, operating system root user, Brute force protection, Compiler Access, Anti Intrusion, System Hardening, view SSH login logs

Firewall

Manage network access to this server. The default firewall rule is to deny access.

External access is required and the corresponding port or IP rules need to be allowed.

• Turn on to Firewall : Turn off the system firewall. It is not recommended to turn it off unless necessary.

• Turn on to Block ICMP : Disable ping. After it is turned on, other devices cannot ping this machine.

• Site Logs : Display the log path and size of the website. Click Clear to clear.

Port rule

Deny or allow IP access to the port.

Function	Describe
Add Port Rule	Add a port rule
Import rules	Upload files and import port rules
Export rules	Export port rules and download the file
All directions	View rules for all directions
Inbound	Click to view inbound directions
Outbound	Click to view outbound directions
Protocol	Port protocol type:TCP/UDP,TCP,UDP
Port	port range is1-65535
Status	Port status:ListeningorNot Listening, some ports can be viewed using Details
Strategy	portAlloworDeny Strategy.
Direction	port InboundorOutbound Directions
Source IP	Deny or allow sourcesAllorSpecify IPVisits
Remarks	Remarks on port rules
Add Time	Time to add rules
Edit	Edit port rules
Delete	Delete port rule

Add Port Rule or Edit

• Protocol : Select protocol type optionalTCP,TCP/UDP,UDP
• Port : Input port, the port range is1-65535
• Source IP : Source IP is selectable AllorSpecify IP
• Strategy : Port policy is selectableAlloworDeny
• Direction : Direction optionalInboundorOutbound
• Remarks : Comments on this rule

IP rules

Deny or allow IP access.

Function	Describe
Add ip Rule	Add an IP rule
Import rules	Upload files and import IP rules
Export rules	Export IP rules and download the file
Inbound	Click to view inbound directions
Outbound	Click to view outbound directions
Source IP	BlockorReleaseSource IP
Strategy	IP policyBlockorRelease
Direction	IP policyInboundorOutboundDirections
Remarks	Notes on IP rules
Add Time	Time to add IP rules
Edit	Edit IP Rules
Delete	Delete IP rules

• Block: access Deny
• Release: Allow access

Add ip Rule or Edit

• Source IP : Enter the source IP
• Strategy : For the source IPBlockorRelease Release
• Direction : Direction optionalInboundorOutbound
• Remarks : Comments on this rule

Port forward

Forward access traffic from one port to another port on the local machine or the port of the target server.

Typically used to implement Network Address Translation (NAT), which forwards external requests to a specific device or service on the internal network.

Function	Describe
Add port forward	Add a port forward rule
lmport rules	Upload files and import port forward rules
Export rules	Export port forward rules and download the file
Protocol	Port protocol type:TCP,UDP
Source port	source port1-65535
Target IP	Forward to target IP
Target port	Port forwarded to target
Remarks	Comments on this rule
Add Time	Time to add rules
Edit	Edit port forward rules
Delete	Delete port forward rules

Add port forward or Edit

• Protocol : Select the protocol of the port source:TCPorUDP
• Source port : The source port of the traffic
• Target IP : The target IP to forward to or 127.0.0.1(localhost)
• Target port : the port to forward to
• Remarks : Comments on this rule

Area rules

Deny or allow IP segments in the region to access the server.

Area rules default to Allow

Since IP addresses are not 100% accurate, please use them with caution. It is recommended to release your IP segment first and then ban it.

Function	Describe
Add area rule	Add an Area rule
Import rules	Upload files and import Area rules
Export rules	Export Area rules and download the file
Area	BlockArea
Strategy	Area strategyBlock
Port	to AreaAll portsorSpecified portBlock Visit
Add Time	Time to add rules
Edit	Edit Area Rules
Delete	Delete Area Rules

Add area rule or Edit

• Strategy :Block rules
• Port : Select the areaAll portsorSpecified portForbidden access
• Area : Select one or more Areas to deny access

SSH

SSH login settings, SSH login log.

SSH allows remote users to log into the server over the network and execute commands.

• Turn on SSH : Enable or stop the SSH service. It will be enabled automatically after restarting the server.
• SSH Login Details : SSH login log, showing the total or today's number of successful and failed logins.

Basic setup (SSH)

• SSH Password login : Allow or prohibit root user password login
• SSH key login : Enable or disable SSH key login
• SSH port : The default port is 22. It is recommended to change it to other ports to avoid being scanned.
• Root login Settings
  1. yes - keys and passwords
  2. no - no login
  3. without-password - only key login
  4. forced-commands-only-can onlyexecute commands
• Root password : reset root password
• Root key : View and download the public key of the root key
• SSH login alarm : After the root user logs in, an alarm message is sent.

SSH login logs

If malicious access is found (a lot of failed logins)：

1. It is recommended to modify the SSH port to avoid being attacked. Please release the port in the server provider's security group before modification.
2. In the Security menu, turn on IP Address-based Protection (Based on ssh) under Brute force protection.

• Refresh : Retrieve the latest data

• ALL : View all login logs

• Success : View successful login log

• Failure : View failed login logs

• IP:Port: Login IP and port

• Place of attribution : Login area

• User : Login user

• Status : Login status

• Operation time : Login time

Brute force protection

• aaPanel Brute Force Protection : Enable or disable aaPanel brute force protection

• Configuration

  1. Username-based Protection (Based on aapanel)

     For aaPanel users

     • AAPanel brute-force cracking protection. When enabled, the user will be locked out when the username or password is incorrect for more than a certain number of times.
     • After locking a user, the user cannot log in and needs to wait for a certain period of time before unblocking, or use the command bt 33 to unblock.

  2. IP Address-based Protection (Based on ssh)

     For operating system SSH users

     • SSH brute-force cracking protection. When enabled, when the IP address error exceeds a certain number of times, the IP address will be locked.
     • After locking the IP address, the IP address cannot access server. Need to wait for a certain period of time before unblocking it, or use the command ipset del aapanel.ipv4.blacklist to replace it with an IP address to unblock it.

  3. Login History

     • History Reports Display logs of failed SSH logins at the specified time

• WhiteList : IP address whitelist, not affected by configuration, multiple IP addresses can be added.

• BlackList : IP address blacklist, prohibiting access to all ports of the server.

• History Reports

  1. Refresh : Get the latest data on SSH login failures
  2. Remove Blocks and Clear Reports : Remove all bans and IP addresses and clear reports
  3. Select a Report

     • Failed Logins : Display logs of failed SSH logins at the specified time

     • Blocked IP Addresses : Displays the blocked IP address and blocking time. Click Unblock to unblock it.

Compiler Access

Disable specified users from using the Gcc compiler.

Anti Intrusion

Disable user operation commands for specified users and record traces

• Intrusion Prevention Switch : Turn Anti Intrusion on or off

• Intrusion interception times : Display the number of times this plug-in intercepts intrusion

• Protection days : Displays the number of days this plug-in protects the operating system

• Overview

  1. User: Display all users existing in the operating system

  2. Total: Displays the total number of commands executed by this user

  3. Today: Displays the total number of commands executed by users today

  4. Protection: Turn on or off protection for this user. Please do not turn it on for ordinary users, as it will result in the inability to log in or execute commands.

  5. Log: Turn on or off logging for this user

  6. Remark; displays user notes and whether they can log in

  • Logs ： View user protection log records

---

• Process whitelist

  1. Add process whitelist : Add process whitelist, protection is invalid for this process.
  2. Delete : Delete process whitelist

• Operation logs : View Anti Intrusion operation log

System Hardening

• System hardening : Turn on or off System Hardening

• Protection :

  1. Name: Protection project name

     • Service: Protect system services. Once enabled, services cannot be added or deleted, and some software cannot be installed!

     • ENV: Protects user environment variables from being modified. User environment variables cannot be customized after being enabled!

     • User: Protect users. After turning it on, you will not be able to added, deleted users and modified user passwords!

     • Directory: Protect key system files from modification and replacement!

     • Crontab: Protect Cron tasks from being tampered with. Once enabled, Cron tasks cannot be added, modified, or deleted!

     • SSH: Protect SSH from brute force cracking and record user login logs

     • Abnormal process: Abnormal process is detected and the process is automatically terminated

  2. Desc : Protect the description of this project

  3. Status: This project is on or off

  • Modify : Add or delete the protection specified path of this project

• Block IP :

  1. Add : IP addresses that are prohibited from being used by SSH services
  2. Unblock now : Unblock the corresponding IP address

• Operation logs : View System Hardening operation log