{"id":9203,"date":"2024-02-22T17:06:54","date_gmt":"2024-02-22T14:06:54","guid":{"rendered":"https:\/\/sunucun.com.tr\/bilgi\/?post_type=dt_articles&#038;p=9203"},"modified":"2024-12-17T13:00:47","modified_gmt":"2024-12-17T10:00:47","slug":"centos-guvenlik-ipuclari-ve-uygulamalari","status":"publish","type":"post","link":"https:\/\/sunucun.com.tr\/blog\/centos-guvenlik-ipuclari-ve-uygulamalari\/","title":{"rendered":"CentOS G\u00fcvenlik \u0130pu\u00e7lar\u0131 ve Uygulamalar\u0131"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunucun.com.tr\/blog\/centos-guvenlik-ipuclari-ve-uygulamalari\/#CentOS_Guvenligi_Neden_Onemlidir\" >CentOS G\u00fcvenli\u011fi Neden \u00d6nemlidir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunucun.com.tr\/blog\/centos-guvenlik-ipuclari-ve-uygulamalari\/#CentOSta_Guvenlik_Nasil_Saglanir\" >CentOS&#8217;ta G\u00fcvenlik Nas\u0131l Sa\u011flan\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunucun.com.tr\/blog\/centos-guvenlik-ipuclari-ve-uygulamalari\/#CentOS_Guvenlik_Yapilari\" >CentOS G\u00fcvenlik Yap\u0131lar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sunucun.com.tr\/blog\/centos-guvenlik-ipuclari-ve-uygulamalari\/#CentOS_Guvenliginin_Onemi\" >CentOS G\u00fcvenli\u011finin \u00d6nemi<\/a><\/li><\/ul><\/nav><\/div>\n<p><!-- Ba\u015fl\u0131k --><\/p>\n<p><!-- Giri\u015f --><\/p>\n<p>Bu makalede, CentOS sunucular\u0131n\u0131n g\u00fcvenli\u011fini art\u0131rmak i\u00e7in izlenmesi gereken en iyi uygulamalar ve ipu\u00e7lar\u0131 ele al\u0131nmaktad\u0131r. CentOS, g\u00fcvenli\u011fiyle bilinen bir Linux da\u011f\u0131t\u0131m\u0131 olsa da, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 en aza indirmek ve sald\u0131r\u0131lara kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir savunma sa\u011flamak i\u00e7in ek \u00f6nlemler al\u0131nmal\u0131d\u0131r. Makalede, temel g\u00fcvenlik yap\u0131land\u0131rmalar\u0131, g\u00fc\u00e7l\u00fc parola politikalar\u0131, g\u00fcvenlik duvar\u0131 (firewall) y\u00f6netimi, SSH eri\u015fiminin g\u00fcvenli hale getirilmesi, g\u00fcncellemelerin d\u00fczenli olarak yap\u0131lmas\u0131 ve izleme ara\u00e7lar\u0131n\u0131n <a href=\"https:\/\/www.sunucun.com.tr\/blog\/dt-article\/centos-guvenlik-ipuclari-ve-uygulamalari\/\">kullan\u0131m\u0131<\/a> gibi konular detayl\u0131 bir \u015fekilde incelenecektir.<\/p>\n<p><!-- G\u00f6rsel --><\/p>\n<figure><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/www.sunucun.com.tr\/blog\/\/wp-content\/uploads\/2024\/02\/centos-wallpaper-2-1024x512.jpg\" alt=\"CentOS G\u00fcvenlik \u0130pu\u00e7lar\u0131\" width=\"822\" height=\"411\" \/><\/figure>\n<p><!-- Neden? --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CentOS_Guvenligi_Neden_Onemlidir\"><\/span>CentOS G\u00fcvenli\u011fi Neden \u00d6nemlidir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CentOS g\u00fcvenli\u011fini sa\u011flamak, sistem b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc koruman\u0131n ve olas\u0131 tehditlere kar\u015f\u0131 \u00f6nlem alman\u0131n en temel yollar\u0131ndan biridir. \u0130\u015fte bu g\u00fcvenlik \u00f6nlemlerinin neden \u00f6nemli oldu\u011funu a\u00e7\u0131klayan baz\u0131 nedenler:<\/p>\n<ol>\n<li><strong>Veri Koruma:<\/strong> Ki\u015fisel ve kurumsal verilerin korunmas\u0131, yasal gerekliliklerin ve gizlilik politikalar\u0131n\u0131n bir par\u00e7as\u0131d\u0131r. Veri ihlalleri, sadece finansal kay\u0131plara de\u011fil, ayn\u0131 zamanda marka itibar\u0131na da zarar verebilir. Bu nedenle, verilerin g\u00fcvenli\u011fini sa\u011flamak \u00f6ncelikli olmal\u0131d\u0131r.<\/li>\n<li><strong>Sistem B\u00fct\u00fcnl\u00fc\u011f\u00fc:<\/strong> Sistemlerin yetkisiz eri\u015fimlere ve zararl\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 korunmas\u0131, i\u015f s\u00fcreklili\u011fini sa\u011flar. Sistem b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fcn ihlali, hizmet kesintilerine ve kritik operasyonlar\u0131n durmas\u0131na neden olabilir. Bu durum, \u00f6zellikle kurumsal ortamlarda ciddi maliyetlere yol a\u00e7abilir.<\/li>\n<li><strong>A\u011f G\u00fcvenli\u011fi:<\/strong> A\u011f g\u00fcvenli\u011fi, i\u00e7 ve d\u0131\u015f tehditlere kar\u015f\u0131 koruma sa\u011flar ve veri s\u0131z\u0131nt\u0131lar\u0131n\u0131 \u00f6nler. Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131, t\u00fcm a\u011f\u0131n tehlikeye girmesine neden olabilir. G\u00fc\u00e7l\u00fc a\u011f g\u00fcvenli\u011fi \u00f6nlemleri, sistemin d\u0131\u015far\u0131dan gelecek sald\u0131r\u0131lara kar\u015f\u0131 dayan\u0131kl\u0131l\u0131\u011f\u0131n\u0131 art\u0131r\u0131r.<\/li>\n<\/ol>\n<p><!-- Nas\u0131l Kullan\u0131l\u0131r? --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CentOSta_Guvenlik_Nasil_Saglanir\"><\/span>CentOS&#8217;ta G\u00fcvenlik Nas\u0131l Sa\u011flan\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>G\u00fcvenlik \u0130pu\u00e7lar\u0131 ve Uygulamalar\u0131:<\/strong><\/p>\n<p>CentOS sistemlerini g\u00fcvende tutmak i\u00e7in uygulanabilecek baz\u0131 temel g\u00fcvenlik ipu\u00e7lar\u0131 ve uygulamalar \u015funlard\u0131r:<\/p>\n<ol>\n<li><strong>G\u00fcncellemeleri D\u00fczenli Yap\u0131n:<\/strong> Sistem ve yaz\u0131l\u0131m g\u00fcncellemelerini d\u00fczenli olarak yapmak, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapat\u0131r. <code>yum update<\/code> veya <code>dnf update<\/code> komutlar\u0131n\u0131 kullanarak sisteminizi g\u00fcncel tutabilirsiniz. Bu ad\u0131m, bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n kapat\u0131lmas\u0131n\u0131 sa\u011flar ve sisteminizin en son g\u00fcvenlik yamalar\u0131yla korundu\u011fundan emin olman\u0131z\u0131 sa\u011flar.<\/li>\n<li><strong>G\u00fc\u00e7l\u00fc \u015eifre Politikalar\u0131:<\/strong> G\u00fc\u00e7l\u00fc \u015fifre politikalar\u0131 uygulay\u0131n ve d\u00fczenli olarak \u015fifreleri de\u011fi\u015ftirin. \u015eifrelerin karma\u015f\u0131k olmas\u0131 ve belirli aral\u0131klarla yenilenmesi, yetkisiz eri\u015fimlere kar\u015f\u0131 ilk savunma hatt\u0131d\u0131r. Ayn\u0131 zamanda, \u015fifrelerinizi iki fakt\u00f6rl\u00fc kimlik do\u011frulama (2FA) ile desteklemek, g\u00fcvenli\u011fi bir ad\u0131m daha ileriye ta\u015f\u0131r.<\/li>\n<li><strong>Firewall ve SELinux\u2019u Etkinle\u015ftirin:<\/strong> <code>firewalld<\/code> ve SELinux gibi yerle\u015fik g\u00fcvenlik ara\u00e7lar\u0131n\u0131 etkinle\u015ftirerek ekstra bir g\u00fcvenlik katman\u0131 ekleyin. Bu ara\u00e7lar, sistemdeki potansiyel tehditleri izler ve tehlikeleri engeller. SELinux, \u00f6zellikle eri\u015fim kontrol politikalar\u0131 ile g\u00fcvenli\u011fi art\u0131r\u0131r, firewalld ise a\u011f trafi\u011fini denetleyerek sisteminize gelebilecek sald\u0131r\u0131lar\u0131 \u00f6nler.<\/li>\n<li><strong>Gereksiz Servisleri Devre D\u0131\u015f\u0131 B\u0131rak\u0131n:<\/strong> Sald\u0131r\u0131 y\u00fczeyini azaltmak i\u00e7in kullan\u0131lmayan servisleri ve daemons\u2019lar\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131n. \u00d6rne\u011fin, sistemde \u00e7al\u0131\u015fmayan veya kullan\u0131lmayan servislerin a\u00e7\u0131k kalmas\u0131, potansiyel sald\u0131r\u0131 vekt\u00f6rlerini art\u0131r\u0131r. Bu nedenle, sadece gerekli servisleri aktif tutmak, sistem g\u00fcvenli\u011fini art\u0131racakt\u0131r.<\/li>\n<li><strong>SSH G\u00fcvenli\u011fini Art\u0131r\u0131n:<\/strong> SSH eri\u015fimi i\u00e7in anahtar tabanl\u0131 kimlik do\u011frulama kullan\u0131n ve root giri\u015fini devre d\u0131\u015f\u0131 b\u0131rak\u0131n. Ayr\u0131ca, SSH eri\u015fim portunu de\u011fi\u015ftirmek, brute force sald\u0131r\u0131lar\u0131na kar\u015f\u0131 ek bir g\u00fcvenlik \u00f6nlemi sa\u011flar. G\u00fc\u00e7l\u00fc SSH g\u00fcvenli\u011fi, sisteminize yetkisiz eri\u015fimlerin \u00f6n\u00fcne ge\u00e7er.<\/li>\n<li><strong>D\u00fczenli Yedeklemeler:<\/strong> Veri kayb\u0131n\u0131 \u00f6nlemek i\u00e7in d\u00fczenli yedeklemeler yap\u0131n. Yedekleme stratejisi, hem veri b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc korur hem de olas\u0131 bir veri ihlali durumunda verilerinizi geri y\u00fcklemenizi sa\u011flar. Yedeklerinizi ayr\u0131ca \u015fifrelemeyi de unutmamal\u0131s\u0131n\u0131z.<\/li>\n<\/ol>\n<p><!-- Yap\u0131lar\u0131 --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CentOS_Guvenlik_Yapilari\"><\/span>CentOS G\u00fcvenlik Yap\u0131lar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CentOS g\u00fcvenlik yap\u0131lar\u0131, sistem ve a\u011f g\u00fcvenli\u011finin \u00e7e\u015fitli y\u00f6nlerini i\u00e7erir:<\/p>\n<ol>\n<li><strong>G\u00fcvenlik Duvar\u0131 (firewalld):<\/strong> Gelen ve giden trafi\u011fi filtreleyerek a\u011f\u0131 korur. Firewalld, sisteminize gelebilecek d\u0131\u015f tehditlere kar\u015f\u0131 ilk savunma hatt\u0131n\u0131 olu\u015fturur. A\u011f trafi\u011fini denetleyerek, istenmeyen ba\u011flant\u0131lar\u0131 engeller ve sisteminize izinsiz eri\u015fimi \u00f6nler.<\/li>\n<li><strong>SELinux (Security-Enhanced Linux):<\/strong> Eri\u015fim kontrol politikalar\u0131 ile sistem g\u00fcvenli\u011fini art\u0131r\u0131r. SELinux, sistemdeki i\u015flemlerin ve dosyalar\u0131n hangi kullan\u0131c\u0131lar taraf\u0131ndan eri\u015filebilece\u011fini denetler. Bu sayede, potansiyel sald\u0131r\u0131lar\u0131n \u00f6n\u00fcne ge\u00e7ilir ve sistem g\u00fcvenli\u011fi \u00fcst seviyeye ta\u015f\u0131n\u0131r.<\/li>\n<li><strong>SSH (Secure Shell):<\/strong> G\u00fcvenli a\u011f ba\u011flant\u0131lar\u0131 i\u00e7in kriptografik a\u011f protokol\u00fc. SSH, <a href=\"https:\/\/sunucun.com.tr\/sunucu-bakimi\" data-internallinksmanager029f6b8e52c=\"138\" title=\"Sunucu bak\u0131m ve y\u00f6netim hizmeti\">sistem y\u00f6netimi<\/a> ve dosya transferleri i\u00e7in g\u00fcvenli bir kanal sa\u011flar. Anahtar tabanl\u0131 kimlik do\u011frulama ve \u015fifreleme, SSH ba\u011flant\u0131lar\u0131n\u0131 g\u00fcvenli hale getirir.<\/li>\n<li><strong>Fail2ban:<\/strong> Brute force sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma sa\u011flayan bir ara\u00e7. Fail2ban, SSH ve di\u011fer servislerde ba\u015far\u0131s\u0131z giri\u015f denemelerini izler ve belirli bir say\u0131dan sonra IP adresini engelleyerek sald\u0131r\u0131lar\u0131 \u00f6nler.<\/li>\n<\/ol>\n<p><!-- \u00d6nemi --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CentOS_Guvenliginin_Onemi\"><\/span>CentOS G\u00fcvenli\u011finin \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CentOS sistemlerinin g\u00fcvenli\u011fi, sadece teknik bir gereklilik de\u011fil, ayn\u0131 zamanda bir i\u015f gereklili\u011fidir. G\u00fcvenlik ihlalleri, itibar kayb\u0131, mali kay\u0131plar ve yasal sorumluluklarla sonu\u00e7lanabilir. Bu nedenle, CentOS sunucular\u0131 ve i\u015fletim sistemleri \u00fczerinde proaktif g\u00fcvenlik \u00f6nlemleri almak, kurulu\u015flar\u0131n korunmas\u0131nda hayati \u00f6neme sahiptir. G\u00fcvenlik, bir sistem y\u00f6neticisinin s\u00fcrekli g\u00f6revi olmal\u0131 ve d\u00fczenli olarak de\u011ferlendirilip g\u00fcncellenmelidir.<\/p>\n<p>G\u00fcvenlik stratejilerinin do\u011fru uygulanmas\u0131, i\u015fletmelerin sadece mevcut tehditlerden korunmas\u0131n\u0131 sa\u011flamakla kalmaz, ayn\u0131 zamanda gelecekte ortaya \u00e7\u0131kabilecek potansiyel risklere kar\u015f\u0131 da haz\u0131rl\u0131kl\u0131 olmalar\u0131n\u0131 sa\u011flar. CentOS, sundu\u011fu g\u00fcvenlik \u00f6zellikleriyle, kullan\u0131c\u0131lar\u0131na g\u00fcvenli bir ortamda \u00e7al\u0131\u015fma imk\u00e2n\u0131 tan\u0131r. Bu nedenle, CentOS sistem y\u00f6neticilerinin g\u00fcvenlik ipu\u00e7lar\u0131n\u0131 d\u00fczenli olarak g\u00f6zden ge\u00e7irmesi ve gerekli g\u00fcncellemeleri yapmas\u0131 \u00f6nemlidir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bu makalede, CentOS sunucular\u0131n\u0131n g\u00fcvenli\u011fini art\u0131rmak i\u00e7in izlenmesi gereken en iyi uygulamalar ve ipu\u00e7lar\u0131 ele al\u0131nmaktad\u0131r. CentOS, g\u00fcvenli\u011fiyle bilinen bir Linux da\u011f\u0131t\u0131m\u0131 olsa da, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 en aza indirmek ve sald\u0131r\u0131lara kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir savunma sa\u011flamak i\u00e7in ek \u00f6nlemler al\u0131nmal\u0131d\u0131r. Makalede, temel g\u00fcvenlik yap\u0131land\u0131rmalar\u0131, g\u00fc\u00e7l\u00fc parola politikalar\u0131, g\u00fcvenlik duvar\u0131 (firewall) y\u00f6netimi, SSH eri\u015fiminin g\u00fcvenli hale&hellip;<\/p>\n","protected":false},"author":1,"featured_media":9204,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1471],"tags":[1475],"class_list":["post-9203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","tag-centos"],"_links":{"self":[{"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9203"}],"version-history":[{"count":0,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9203\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/media\/9204"}],"wp:attachment":[{"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucun.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}