{"id":120368,"date":"2025-10-24T15:23:56","date_gmt":"2025-10-24T08:23:56","guid":{"rendered":"https:\/\/tino.vn\/blog\/?p=120368"},"modified":"2025-10-24T15:25:53","modified_gmt":"2025-10-24T08:25:53","slug":"bao-mat-vps-ubuntu","status":"publish","type":"post","link":"https:\/\/tino.vn\/blog\/bao-mat-vps-ubuntu\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn b\u1ea3o m\u1eadt VPS Ubuntu: Bi\u1ebfn m\u00e1y ch\u1ee7 th\u00e0nh ph\u00e1o \u0111\u00e0i b\u1ea5t kh\u1ea3 x\u00e2m ph\u1ea1m"},"content":{"rendered":"\n<p><strong>Chi\u1ebfc <a href=\"https:\/\/tino.vn\/blog\/vps-la-gi\/\" target=\"_blank\" data-type=\"post\" data-id=\"78084\" rel=\"noreferrer noopener\">VPS<\/a> m\u00e0 b\u1ea1n d\u00e0y c\u00f4ng x\u00e2y d\u1ef1ng kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t m\u00e1y ch\u1ee7 &#8211; \u0111\u00f3 l\u00e0 n\u1ec1n t\u1ea3ng cho website, \u1ee9ng d\u1ee5ng, hay to\u00e0n b\u1ed9 d\u1ef1 \u00e1n t\u00e2m huy\u1ebft c\u1ee7a b\u1ea1n. Trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi, vi\u1ec7c b\u1ecf qua c\u00e1c b\u01b0\u1edbc b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n c\u0169ng gi\u1ed1ng nh\u01b0 g\u1eedi m\u1ed9t l\u1eddi m\u1eddi g\u1ecdi \u0111\u1ebfn nh\u1eefng k\u1ebb c\u00f3 \u00fd \u0111\u1ed3 x\u1ea5u. V\u1ea5n \u0111\u1ec1 kh\u00f4ng ph\u1ea3i l\u00e0 li\u1ec7u VPS c\u1ee7a b\u1ea1n c\u00f3 b\u1ecb t\u1ea5n c\u00f4ng hay kh\u00f4ng, m\u00e0 l\u00e0 khi n\u00e0o. C\u00f9ng Tino t\u00ecm hi\u1ec3u c\u00e1ch b\u1ea3o m\u1eadt VPS Ubuntu qua b\u00e0i vi\u1ebft d\u01b0\u1edbi \u0111\u00e2y nh\u00e9!<\/strong><\/p>\n\n\n\n<h2 id=\"T\u1ea1i_sao_b\u1ea3o_m\u1eadt_VPS_Ubuntu_l\u1ea1i_quan_tr\u1ecdng_h\u01a1n_bao_gi\u1edd_h\u1ebft?\"><a id=\"post-120368-_lzxrcobmgh0t\"><\/a>T\u1ea1i sao b\u1ea3o m\u1eadt VPS Ubuntu l\u1ea1i quan tr\u1ecdng h\u01a1n bao gi\u1edd h\u1ebft?<\/h2>\n\n\n\n<h3 id=\"R\u1ee7i_ro_ti\u1ec1m_\u1ea9n_khi_VPS_kh\u00f4ng_\u0111\u01b0\u1ee3c_b\u1ea3o_m\u1eadt\"><a id=\"post-120368-_46gwlk8splaf\"><\/a><strong>R\u1ee7i ro ti\u1ec1m \u1ea9n khi VPS kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>M\u1ea5t d\u1eef li\u1ec7u: <\/strong>Hacker c\u00f3 th\u1ec3 x\u00f3a, m\u00e3 h\u00f3a t\u1ed1ng ti\u1ec1n (ransomware), ho\u1eb7c \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ee7a b\u1ea1n v\u00e0 kh\u00e1ch h\u00e0ng.<\/li>\n\n\n\n<li><strong>B\u1ecb l\u1ee3i d\u1ee5ng cho m\u1ee5c \u0111\u00edch x\u1ea5u: <\/strong>VPS c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 b\u1ecb bi\u1ebfn th\u00e0nh m\u1ed9t ph\u1ea7n c\u1ee7a m\u1ea1ng botnet \u0111\u1ec3 t\u1ea5n c\u00f4ng <a href=\"https:\/\/tino.vn\/blog\/ddos-la-gi\/\" target=\"_blank\" data-type=\"post\" data-id=\"265\" rel=\"noreferrer noopener\">DDoS<\/a>, g\u1eedi th\u01b0 r\u00e1c, ho\u1eb7c \u0111\u00e0o ti\u1ec1n \u1ea3o, l\u00e0m ti\u00eau t\u1ed1n t\u00e0i nguy\u00ean v\u00e0 khi\u1ebfn nh\u00e0 cung c\u1ea5p kh\u00f3a t\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n.<\/li>\n\n\n\n<li><strong>M\u1ea5t uy t\u00edn: <\/strong>Website b\u1ecb ch\u00e8n m\u00e3 \u0111\u1ed9c, hi\u1ec3n th\u1ecb n\u1ed9i dung l\u1eeba \u0111\u1ea3o s\u1ebd l\u00e0m s\u1ee5t gi\u1ea3m nghi\u00eam tr\u1ecdng l\u00f2ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 \u1ea3nh h\u01b0\u1edfng ti\u00eau c\u1ef1c \u0111\u1ebfn th\u1ee9 h\u1ea1ng <a href=\"https:\/\/tino.vn\/blog\/seo-la-gi\/\" target=\"_blank\" data-type=\"post\" data-id=\"16068\" rel=\"noreferrer noopener\">SEO<\/a>.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-1.png\" alt=\"R\u1ee7i ro ti\u1ec1m \u1ea9n khi VPS kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt\" class=\"wp-image-120370\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-1.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-1-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong><strong>R\u1ee7i ro ti\u1ec1m \u1ea9n khi VPS kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt<\/strong><\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h3 id=\"L\u1ee3i_\u00edch_c\u1ee7a_m\u1ed9t_h\u1ec7_th\u1ed1ng_\u0111\u01b0\u1ee3c_gia_c\u1ed1_v\u1eefng_ch\u1eafc\"><a id=\"post-120368-_kb6jkrs7nhc6\"><\/a><strong>L\u1ee3i \u00edch c\u1ee7a m\u1ed9t h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c gia c\u1ed1 v\u1eefng ch\u1eafc<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u0110\u1ea3m b\u1ea3o t\u00ednh to\u00e0n v\u1eb9n d\u1eef li\u1ec7u:<\/strong> B\u1ea1n c\u00f3 th\u1ec3 ch\u1eafc ch\u1eafn r\u1eb1ng t\u00e0i s\u1ea3n s\u1ed1 c\u1ee7a m\u00ecnh, ch\u1eb3ng h\u1ea1n nh\u01b0 th\u00f4ng tin kinh doanh v\u00e0 d\u1eef li\u1ec7u kh\u00e1ch h\u00e0ng lu\u00f4n ch\u00ednh x\u00e1c, kh\u00f4ng b\u1ecb can thi\u1ec7p hay s\u1eeda \u0111\u1ed5i tr\u00e1i ph\u00e9p.<\/li>\n\n\n\n<li><strong>T\u1ed1i \u0111a h\u00f3a th\u1eddi gian ho\u1ea1t \u0111\u1ed9ng (Uptime):<\/strong> M\u1ed9t h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 s\u1ebd \u0111\u1ee9ng v\u1eefng tr\u01b0\u1edbc c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS\/DDoS) \u1edf m\u1ee9c \u0111\u1ed9 c\u01a1 b\u1ea3n, \u0111\u1ea3m b\u1ea3o d\u1ecbch v\u1ee5 c\u1ee7a b\u1ea1n lu\u00f4n th\u00f4ng su\u1ed1t v\u00e0 \u1ed5n \u0111\u1ecbnh.<\/li>\n\n\n\n<li><strong>An t\u00e2m t\u1eadp trung ph\u00e1t tri\u1ec3n:<\/strong> Thay v\u00ec s\u1ed1ng trong lo s\u1ee3 v\u00e0 t\u1ed1n th\u1eddi gian &#8220;d\u1eadp l\u1eeda&#8221; sau c\u00e1c s\u1ef1 c\u1ed1, b\u1ea1n c\u00f3 th\u1ec3 gi\u1ea3i ph\u00f3ng t\u00e2m tr\u00ed \u0111\u1ec3 t\u1eadp trung v\u00e0o \u0111i\u1ec1u quan tr\u1ecdng nh\u1ea5t: ph\u00e1t tri\u1ec3n s\u1ea3n ph\u1ea9m v\u00e0 kinh doanh.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-2.png\" alt=\"L\u1ee3i \u00edch c\u1ee7a m\u1ed9t h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c gia c\u1ed1 v\u1eefng ch\u1eafc\" class=\"wp-image-120371\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-2.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-2-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong>L\u1ee3i \u00edch c\u1ee7a m\u1ed9t h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c gia c\u1ed1 v\u1eefng ch\u1eafc<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 id=\"H\u01b0\u1edbng_d\u1eabn_10_b\u01b0\u1edbc_b\u1ea3o_m\u1eadt_VPS_Ubuntu_to\u00e0n_di\u1ec7n_A-Z\"><a id=\"post-120368-_nmz9hom7xgma\"><\/a>H\u01b0\u1edbng d\u1eabn 10 b\u01b0\u1edbc b\u1ea3o m\u1eadt VPS Ubuntu to\u00e0n di\u1ec7n A-Z<\/h2>\n\n\n\n<p><em>10 b\u01b0\u1edbc b\u1ea3o m\u1eadt d\u01b0\u1edbi \u0111\u00e2y s\u1ebd \u0111\u01b0\u1ee3c chia th\u00e0nh 4 giai \u0111o\u1ea1n.<\/em><a id=\"post-120368-_s7tkfdvkiwbt\"><\/a><\/p>\n\n\n\n<h3 id=\"Giai_\u0111o\u1ea1n_1:_thi\u1ebft_l\u1eadp_n\u1ec1n_t\u1ea3ng_&#8220;s\u1ea1ch&#8221;_ngay_t\u1eeb_\u0111\u1ea7u\"><strong>Giai \u0111o\u1ea1n 1: thi\u1ebft l\u1eadp n\u1ec1n t\u1ea3ng &#8220;s\u1ea1ch&#8221; ngay t\u1eeb \u0111\u1ea7u<\/strong><\/h3>\n\n\n\n<p>\u0110\u00e2y l\u00e0 nh\u1eefng b\u01b0\u1edbc c\u1ea7n ph\u1ea3i th\u1ef1c hi\u1ec7n ngay sau khi b\u1ea1n nh\u1eadn VPS.<\/p>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_1:_T\u1ea1o_ng\u01b0\u1eddi_d\u00f9ng_m\u1edbi_v\u1edbi_quy\u1ec1n_sudo_(kh\u00f4ng_d\u00f9ng_root)\"><a id=\"post-120368-_wm3h7v7ofizc\"><\/a>B\u01b0\u1edbc 1: T\u1ea1o ng\u01b0\u1eddi d\u00f9ng m\u1edbi v\u1edbi quy\u1ec1n sudo (kh\u00f4ng d\u00f9ng root)<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>L\u00e0m vi\u1ec7c tr\u1ef1c ti\u1ebfp v\u1edbi t\u00e0i kho\u1ea3n root l\u00e0 c\u1ef1c k\u1ef3 nguy hi\u1ec3m. M\u1ed9t l\u1ec7nh g\u00f5 nh\u1ea7m c\u00f3 th\u1ec3 ph\u00e1 h\u1ee7y to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng. Thay v\u00e0o \u0111\u00f3, ch\u00fang ta s\u1ebd t\u1ea1o m\u1ed9t ng\u01b0\u1eddi d\u00f9ng th\u01b0\u1eddng v\u00e0 c\u1ea5p cho h\u1ecd quy\u1ec1n qu\u1ea3n tr\u1ecb khi c\u1ea7n.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u0110\u0103ng nh\u1eadp v\u00e0o VPS b\u1eb1ng t\u00e0i kho\u1ea3n root.<\/li>\n\n\n\n<li>T\u1ea1o ng\u01b0\u1eddi d\u00f9ng m\u1edbi (thay ten_cua_ban b\u1eb1ng t\u00ean b\u1ea1n mu\u1ed1n):<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>adduser ten_cua_ban<\/code><\/pre>\n\n\n\n<p>H\u1ec7 th\u1ed1ng s\u1ebd y\u00eau c\u1ea7u b\u1ea1n \u0111\u1eb7t m\u1eadt kh\u1ea9u v\u00e0 \u0111i\u1ec1n m\u1ed9t s\u1ed1 th\u00f4ng tin.<\/p>\n\n\n\n<p>Th\u00eam ng\u01b0\u1eddi d\u00f9ng n\u00e0y v\u00e0o nh\u00f3m sudo \u0111\u1ec3 c\u00f3 quy\u1ec1n qu\u1ea3n tr\u1ecb:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>usermod -aG sudo ten_cua_ban<\/code><\/pre>\n\n\n\n<p>B\u00e2y gi\u1edd, h\u00e3y \u0111\u0103ng xu\u1ea5t v\u00e0 \u0111\u0103ng nh\u1eadp l\u1ea1i b\u1eb1ng t\u00e0i kho\u1ea3n m\u1edbi n\u00e0y cho t\u1ea5t c\u1ea3 c\u00e1c b\u01b0\u1edbc sau.<\/p>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_2:_C\u1eadp_nh\u1eadt_to\u00e0n_b\u1ed9_h\u1ec7_th\u1ed1ng\"><a id=\"post-120368-_c8ctb13odg93\"><\/a>B\u01b0\u1edbc 2: C\u1eadp nh\u1eadt to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>Lu\u00f4n \u0111\u1ea3m b\u1ea3o h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 c\u00e1c ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>sudo apt update: <\/strong>L\u1ec7nh n\u00e0y l\u00e0m m\u1edbi danh s\u00e1ch c\u00e1c g\u00f3i ph\u1ea7n m\u1ec1m t\u1eeb c\u00e1c kho l\u01b0u tr\u1eef. N\u00f3 cho h\u1ec7 th\u1ed1ng bi\u1ebft c\u00f3 nh\u1eefng phi\u00ean b\u1ea3n m\u1edbi n\u00e0o.<\/li>\n\n\n\n<li><strong>sudo apt upgrade -y: <\/strong>L\u1ec7nh n\u00e0y s\u1ebd t\u1ea3i v\u1ec1 v\u00e0 c\u00e0i \u0111\u1eb7t c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt \u0111\u00f3. T\u00f9y ch\u1ecdn -y t\u1ef1 \u0111\u1ed9ng tr\u1ea3 l\u1eddi &#8220;yes&#8221; cho c\u00e1c c\u00e2u h\u1ecfi.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update &amp;&amp; sudo apt upgrade -y<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-3.png\" alt=\"Giai \u0111o\u1ea1n 1: thi\u1ebft l\u1eadp n\u1ec1n t\u1ea3ng &quot;s\u1ea1ch&quot; ngay t\u1eeb \u0111\u1ea7u\" class=\"wp-image-120372\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-3.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-3-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong>Giai \u0111o\u1ea1n 1: thi\u1ebft l\u1eadp n\u1ec1n t\u1ea3ng &#8220;s\u1ea1ch&#8221; ngay t\u1eeb \u0111\u1ea7u<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h4 id=\"B\u01b0\u1edbc_3:_\u0110\u1ed3ng_b\u1ed9_h\u00f3a_th\u1eddi_gian_(NTP)\"><a id=\"post-120368-_rtwznlgew6gu\"><\/a>B\u01b0\u1edbc 3: \u0110\u1ed3ng b\u1ed9 h\u00f3a th\u1eddi gian (NTP)<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>Th\u1eddi gian ch\u00ednh x\u00e1c l\u00e0 y\u1ebfu t\u1ed1 s\u1ed1ng c\u00f2n cho vi\u1ec7c ghi log v\u00e0 b\u1ea3o m\u1eadt.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo timedatectl set-ntp on<\/code><\/pre>\n\n\n\n<p>Ki\u1ec3m tra l\u1ea1i b\u1eb1ng l\u1ec7nh timedatectl v\u00e0 \u0111\u1ea3m b\u1ea3o d\u00f2ng NTP service \u0111ang active.<\/p>\n\n\n\n<h3 id=\"Giai_\u0111o\u1ea1n_2:_X\u00e2y_d\u1ef1ng_h\u00e0ng_r\u00e0o_ph\u00f2ng_th\u1ee7\"><a id=\"post-120368-_tub7vdirs2xt\"><\/a><strong>Giai \u0111o\u1ea1n 2: X\u00e2y d\u1ef1ng h\u00e0ng r\u00e0o ph\u00f2ng th\u1ee7<\/strong><\/h3>\n\n\n\n<p>N\u1ec1n t\u1ea3ng \u0111\u00e3 v\u1eefng, gi\u1edd l\u00e0 l\u00fac d\u1ef1ng l\u00ean c\u00e1c l\u1edbp ph\u00f2ng th\u1ee7.<\/p>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_4:_C\u1ea5u_h\u00ecnh_t\u01b0\u1eddng_l\u1eeda_UFW_(Uncomplicated_Firewall)\"><a id=\"post-120368-_12y48ujipukj\"><\/a>B\u01b0\u1edbc 4: C\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda UFW (Uncomplicated Firewall)<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>T\u01b0\u1eddng l\u1eeda gi\u1ed1ng nh\u01b0 ng\u01b0\u1eddi b\u1ea3o v\u1ec7, ch\u1ec9 cho ph\u00e9p nh\u1eefng k\u1ebft n\u1ed1i m\u00e0 b\u1ea1n cho ph\u00e9p \u0111i v\u00e0o. UFW l\u00e0 c\u00f4ng c\u1ee5 t\u01b0\u1eddng l\u1eeda m\u1eb7c \u0111\u1ecbnh c\u1ee7a Ubuntu, r\u1ea5t m\u1ea1nh m\u1ebd v\u00e0 d\u1ec5 s\u1eed d\u1ee5ng.<\/p>\n\n\n\n<p><strong>Cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i c\u1ea7n thi\u1ebft:<\/strong> Tr\u01b0\u1edbc khi b\u1eadt t\u01b0\u1eddng l\u1eeda, b\u1ea1n ph\u1ea3i \u0111\u1ea3m b\u1ea3o c\u1ed5ng SSH \u0111\u01b0\u1ee3c ph\u00e9p, n\u1ebfu kh\u00f4ng b\u1ea1n s\u1ebd t\u1ef1 kh\u00f3a m\u00ecnh \u1edf ngo\u00e0i!<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Cho ph\u00e9p SSH\n\nsudo ufw allow OpenSSH\n\n# N\u1ebfu b\u1ea1n ch\u1ea1y web server, h\u00e3y cho ph\u00e9p HTTP v\u00e0 HTTPS\n\nsudo ufw allow 'Nginx Full'\n\n# Ho\u1eb7c 'Apache Full' n\u1ebfu b\u1ea1n d\u00f9ng Apache<\/code><\/pre>\n\n\n\n<p><strong>K\u00edch ho\u1ea1t UFW:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw enable<\/code><\/pre>\n\n\n\n<p>H\u1ec7 th\u1ed1ng s\u1ebd c\u1ea3nh b\u00e1o r\u1eb1ng vi\u1ec7c n\u00e0y c\u00f3 th\u1ec3 ng\u1eaft k\u1ebft n\u1ed1i SSH, g\u00f5 <strong>y<\/strong> v\u00e0 <strong>Enter<\/strong>.<\/p>\n\n\n\n<p><strong>Ki\u1ec3m tra tr\u1ea1ng th\u00e1i:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw status<\/code><\/pre>\n\n\n\n<p>B\u1ea1n s\u1ebd th\u1ea5y danh s\u00e1ch c\u00e1c quy t\u1eafc \u0111ang ho\u1ea1t \u0111\u1ed9ng.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-4.png\" alt=\"Giai \u0111o\u1ea1n 2: X\u00e2y d\u1ef1ng h\u00e0ng r\u00e0o ph\u00f2ng th\u1ee7\" class=\"wp-image-120373\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-4.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-4-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong>Giai \u0111o\u1ea1n 2: X\u00e2y d\u1ef1ng h\u00e0ng r\u00e0o ph\u00f2ng th\u1ee7<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h4 id=\"B\u01b0\u1edbc_5:_Gia_c\u1ed1_c\u1ed5ng_giao_ti\u1ebfp_quan_tr\u1ecdng_nh\u1ea5t_&#8211;_SSH\"><a id=\"post-120368-_roh1clraohwr\"><\/a>B\u01b0\u1edbc 5: Gia c\u1ed1 c\u1ed5ng giao ti\u1ebfp quan tr\u1ecdng nh\u1ea5t &#8211; SSH<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>SSH l\u00e0 c\u1eeda ng\u00f5 ch\u00ednh \u0111\u1ec3 qu\u1ea3n tr\u1ecb VPS. \u0110\u00e2y c\u0169ng l\u00e0 m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn nh\u1ea5t.<\/p>\n\n\n\n<p><strong><em><span style=\"text-decoration: underline;\">Thay \u0111\u1ed5i c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh (Port 22<\/span><\/em><\/strong><em><span style=\"text-decoration: underline;\"><strong>)<\/strong><\/span><\/em><\/p>\n\n\n\n<p>H\u1ea7u h\u1ebft c\u00e1c bot t\u1ef1 \u0111\u1ed9ng ch\u1ec9 qu\u00e9t c\u1ed5ng 22. Vi\u1ec7c \u0111\u1ed5i c\u1ed5ng s\u1ebd gi\u00fap b\u1ea1n &#8220;t\u00e0ng h\u00ecnh&#8221; tr\u01b0\u1edbc ch\u00fang.<\/p>\n\n\n\n<p><strong>M\u1edf file c\u1ea5u h\u00ecnh SSH:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<p>T\u00ecm d\u00f2ng #Port 22, b\u1ecf d\u1ea5u # \u1edf \u0111\u1ea7u v\u00e0 \u0111\u1ed5i 22 th\u00e0nh m\u1ed9t s\u1ed1 b\u1ea5t k\u1ef3 trong kho\u1ea3ng 1024-65535 (v\u00ed d\u1ee5: 2222).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Port 2222<\/code><\/pre>\n\n\n\n<p>L\u01b0u file (<strong>Ctrl <\/strong>+ <strong>X<\/strong>, <strong>Y<\/strong>, <strong>Enter<\/strong>).<\/p>\n\n\n\n<p><strong>Quan tr\u1ecdng:<\/strong> M\u1edf c\u1ed5ng m\u1edbi n\u00e0y tr\u00ean t\u01b0\u1eddng l\u1eeda TR\u01af\u1edaC KHI kh\u1edfi \u0111\u1ed9ng l\u1ea1i SSH.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 2222\/tcp<\/code><\/pre>\n\n\n\n<p><strong>Kh\u1edfi \u0111\u1ed9ng l\u1ea1i d\u1ecbch v\u1ee5 SSH \u0111\u1ec3 \u00e1p d\u1ee5ng thay \u0111\u1ed5i:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart ssh<\/code><\/pre>\n\n\n\n<p>B\u00e2y gi\u1edd, b\u1ea1n c\u1ea7n \u0111\u0103ng nh\u1eadp l\u1ea1i b\u1eb1ng l\u1ec7nh <code>ssh ten_cua_ban@&lt;ip_vps> -p 2222<\/code>.<\/p>\n\n\n\n<p><strong><em><span style=\"text-decoration: underline;\">V\u00f4 hi\u1ec7u h\u00f3a quy\u1ec1n \u0111\u0103ng nh\u1eadp c\u1ee7a t\u00e0i kho\u1ea3n root<\/span><\/em><\/strong><\/p>\n\n\n\n<p>Kh\u00f4ng bao gi\u1edd cho ph\u00e9p \u0111\u0103ng nh\u1eadp SSH tr\u1ef1c ti\u1ebfp b\u1eb1ng root.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1edf l\u1ea1i file \/etc\/ssh\/sshd_config.<\/li>\n\n\n\n<li>T\u00ecm v\u00e0 s\u1eeda d\u00f2ng PermitRootLogin th\u00e0nh no.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin no<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>L\u01b0u v\u00e0 kh\u1edfi \u0111\u1ed9ng l\u1ea1i SSH.<\/li>\n<\/ul>\n\n\n\n<p><strong><em><span style=\"text-decoration: underline;\">Ph\u01b0\u01a1ng ph\u00e1p b\u1ea3o m\u1eadt t\u1ed1i th\u01b0\u1ee3ng: S\u1eed d\u1ee5ng SSH Keys thay cho m\u1eadt kh\u1ea9u <\/span><\/em><\/strong><\/p>\n\n\n\n<p>\u0110\u00e2y l\u00e0 c\u00e1ch an to\u00e0n nh\u1ea5t. Thay v\u00ec d\u00f9ng m\u1eadt kh\u1ea9u d\u1ec5 b\u1ecb d\u00f2, b\u1ea1n s\u1ebd d\u00f9ng m\u1ed9t c\u1eb7p kh\u00f3a m\u00e3 h\u00f3a.<\/p>\n\n\n\n<p><strong>Tr\u00ean m\u00e1y t\u00ednh c\u00e1 nh\u00e2n c\u1ee7a b\u1ea1n<\/strong>, m\u1edf terminal v\u00e0 ch\u1ea1y l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen -t rsa -b 4096<\/code><\/pre>\n\n\n\n<p>Nh\u1ea5n <strong>Enter<\/strong> \u0111\u1ec3 ch\u1ea5p nh\u1eadn c\u00e1c gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh.<\/p>\n\n\n\n<p><strong>Sao ch\u00e9p kh\u00f3a c\u00f4ng khai l\u00ean VPS:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-copy-id -p 2222 ten_cua_ban@&lt;ip_vps><\/code><\/pre>\n\n\n\n<p>(S\u1eed d\u1ee5ng port SSH m\u1edbi c\u1ee7a b\u1ea1n). L\u1ec7nh n\u00e0y s\u1ebd y\u00eau c\u1ea7u m\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n l\u1ea7n cu\u1ed1i.<\/p>\n\n\n\n<p><strong>V\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u tr\u00ean VPS:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>M\u1edf file <code>\/etc\/ssh\/sshd_config<\/code> tr\u00ean VPS.<\/li>\n\n\n\n<li>T\u00ecm v\u00e0 s\u1eeda d\u00f2ng PasswordAuthentication th\u00e0nh no.<\/li>\n\n\n\n<li>L\u01b0u v\u00e0 kh\u1edfi \u0111\u1ed9ng l\u1ea1i SSH: <code>sudo systemctl restart ssh<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>T\u1eeb gi\u1edd, ch\u1ec9 c\u00f3 m\u00e1y t\u00ednh ch\u1ee9a kh\u00f3a ri\u00eang t\u01b0 m\u1edbi c\u00f3 th\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0o VPS c\u1ee7a b\u1ea1n.<\/p>\n\n\n\n<h3 id=\"Giai_\u0111o\u1ea1n_3:_T\u1ef1_\u0111\u1ed9ng_h\u00f3a_vi\u1ec7c_ph\u00f2ng_th\u1ee7_\"><a id=\"post-120368-_9ujc3bunvpaw\"><\/a><strong>Giai \u0111o\u1ea1n 3: T\u1ef1 \u0111\u1ed9ng h\u00f3a vi\u1ec7c ph\u00f2ng th\u1ee7 <\/strong><\/h3>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_6:_C\u00e0i_\u0111\u1eb7t_v\u00e0_c\u1ea5u_h\u00ecnh_Fail2Ban\"><a id=\"post-120368-_v54txjpqrpu\"><\/a>B\u01b0\u1edbc 6: C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh Fail2Ban<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>Fail2Ban l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 ch\u1ed1ng x\u00e2m nh\u1eadp t\u1ef1 \u0111\u1ed9ng. C\u00f4ng c\u1ee5 n\u00e0y n\u00e0y s\u1ebd theo d\u00f5i log h\u1ec7 th\u1ed1ng, ph\u00e1t hi\u1ec7n c\u00e1c h\u00e0nh vi \u0111\u00e1ng ng\u1edd (nh\u01b0 nh\u1eadp sai m\u1eadt kh\u1ea9u SSH nhi\u1ec1u l\u1ea7n) v\u00e0 t\u1ef1 \u0111\u1ed9ng d\u00f9ng t\u01b0\u1eddng l\u1eeda \u0111\u1ec3 ch\u1eb7n IP c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng trong m\u1ed9t kho\u1ea3ng th\u1eddi gian.<\/p>\n\n\n\n<p><strong>C\u00e0i \u0111\u1eb7t:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install fail2ban<\/code><\/pre>\n\n\n\n<p><strong>K\u00edch ho\u1ea1t v\u00e0 kh\u1edfi \u0111\u1ed9ng d\u1ecbch v\u1ee5:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable fail2ban\n\nsudo systemctl start fail2ban<\/code><\/pre>\n\n\n\n<p>M\u1eb7c \u0111\u1ecbnh, Fail2Ban \u0111\u00e3 \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1ec3 b\u1ea3o v\u1ec7 SSH. B\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra tr\u1ea1ng th\u00e1i b\u1eb1ng l\u1ec7nh sudo fail2ban-client status sshd \u0111\u1ec3 xem nh\u1eefng IP n\u00e0o \u0111\u00e3 b\u1ecb ch\u1eb7n.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-5.png\" alt=\"Giai \u0111o\u1ea1n 3: T\u1ef1 \u0111\u1ed9ng h\u00f3a vi\u1ec7c ph\u00f2ng th\u1ee7 \" class=\"wp-image-120374\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-5.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-5-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong>Giai \u0111o\u1ea1n 3: T\u1ef1 \u0111\u1ed9ng h\u00f3a vi\u1ec7c ph\u00f2ng th\u1ee7 <\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h4 id=\"B\u01b0\u1edbc_7:_C\u00e0i_\u0111\u1eb7t_c\u1eadp_nh\u1eadt_b\u1ea3o_m\u1eadt_t\u1ef1_\u0111\u1ed9ng\"><a id=\"post-120368-_wc7wirhflydm\"><\/a>B\u01b0\u1edbc 7: C\u00e0i \u0111\u1eb7t c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt t\u1ef1 \u0111\u1ed9ng<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc c\u1ef1c k\u1ef3 quan tr\u1ecdng \u0111\u1ec3 h\u1ec7 th\u1ed1ng lu\u00f4n \u0111\u01b0\u1ee3c v\u00e1 l\u1ed7i k\u1ecbp th\u1eddi.<\/p>\n\n\n\n<p><strong>C\u00e0i \u0111\u1eb7t g\u00f3i c\u1ea7n thi\u1ebft:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install unattended-upgrades<\/code><\/pre>\n\n\n\n<p><strong>K\u00edch ho\u1ea1t:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dpkg-reconfigure -plow unattended-upgrades<\/code><\/pre>\n\n\n\n<p>M\u1ed9t c\u1eeda s\u1ed5 s\u1ebd hi\u1ec7n ra, h\u00e3y ch\u1ecdn <strong>Yes<\/strong>. Gi\u1edd \u0111\u00e2y, c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt quan tr\u1ecdng s\u1ebd \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng c\u00e0i \u0111\u1eb7t.<\/p>\n\n\n\n<h3 id=\"Giai_\u0111o\u1ea1n_4:_Gi\u00e1m_s\u00e1t_v\u00e0_b\u1ea3o_tr\u00ec_ch\u1ee7_\u0111\u1ed9ng\"><a id=\"post-120368-_vbszyuaxsmd0\"><\/a><strong>Giai \u0111o\u1ea1n 4: Gi\u00e1m s\u00e1t v\u00e0 b\u1ea3o tr\u00ec ch\u1ee7 \u0111\u1ed9ng<\/strong><\/h3>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_8:_L\u00ean_l\u1ecbch_sao_l\u01b0u_t\u1ef1_\u0111\u1ed9ng\"><a id=\"post-120368-_iwj8r3givzxu\"><\/a>B\u01b0\u1edbc 8: L\u00ean l\u1ecbch sao l\u01b0u t\u1ef1 \u0111\u1ed9ng<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>B\u1ea3o m\u1eadt t\u1ed1t \u0111\u1ebfn \u0111\u00e2u c\u0169ng kh\u00f4ng th\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n 100%. Backup l\u00e0 l\u1edbp b\u1ea3o v\u1ec7 cu\u1ed1i c\u00f9ng, l\u00e0 c\u1ee9u c\u00e1nh khi \u0111i\u1ec1u t\u1ed3i t\u1ec7 nh\u1ea5t x\u1ea3y ra.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ph\u01b0\u01a1ng ph\u00e1p:<\/strong> B\u1ea1n c\u00f3 th\u1ec3 d\u00f9ng c\u00e1c c\u00f4ng c\u1ee5 nh\u01b0 rsync k\u1ebft h\u1ee3p v\u1edbi cronjob \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng sao l\u01b0u file \u0111\u1ebfn m\u1ed9t n\u01a1i l\u01b0u tr\u1eef kh\u00e1c (nh\u01b0 <a href=\"https:\/\/drive.google.com\/drive\" data-type=\"link\" data-id=\"https:\/\/drive.google.com\/drive\" rel=\"nofollow noopener\" target=\"_blank\">Google Drive<\/a>, <a href=\"https:\/\/www.dropbox.com\/\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/www.dropbox.com\/\" rel=\"noreferrer noopener nofollow\">Dropbox<\/a>, ho\u1eb7c m\u1ed9t VPS kh\u00e1c).<\/li>\n\n\n\n<li><strong>Nh\u00e0 cung c\u1ea5p:<\/strong> H\u1ea7u h\u1ebft c\u00e1c <a href=\"https:\/\/tino.vn\/vps-gia-re?php=1596\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/tino.vn\/vps-gia-re?php=1596\" rel=\"noreferrer noopener\">nh\u00e0 cung c\u1ea5p VPS <\/a>\u0111\u1ec1u c\u00f3 d\u1ecbch v\u1ee5 snapshot (ch\u1ee5p \u1ea3nh tr\u1ea1ng th\u00e1i) t\u1ef1 \u0111\u1ed9ng, \u0111\u00e2y l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn r\u1ea5t ti\u1ec7n l\u1ee3i.<\/li>\n\n\n\n<li><strong>Nguy\u00ean t\u1eafc:<\/strong> Lu\u00f4n l\u01b0u b\u1ea3n sao l\u01b0u \u1edf m\u1ed9t n\u01a1i kh\u00e1c (off-site) so v\u1edbi m\u00e1y ch\u1ee7 ch\u00ednh.<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"700\" height=\"375\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-6.png\" alt=\"Giai \u0111o\u1ea1n 4: Gi\u00e1m s\u00e1t v\u00e0 b\u1ea3o tr\u00ec ch\u1ee7 \u0111\u1ed9ng\" class=\"wp-image-120375\" title=\"\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-6.png 700w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2025\/10\/bao-mat-vps-ubuntu-6-300x161.png 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption class=\"wp-element-caption\"><strong>Giai \u0111o\u1ea1n 4: Gi\u00e1m s\u00e1t v\u00e0 b\u1ea3o tr\u00ec ch\u1ee7 \u0111\u1ed9ng<\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h4 id=\"B\u01b0\u1edbc_9:_T\u1ef1_\u0111\u1ed9ng_ph\u00e2n_t\u00edch_log_v\u1edbi_logwatch\"><a id=\"post-120368-_64t62j1unzo5\"><\/a>B\u01b0\u1edbc 9: T\u1ef1 \u0111\u1ed9ng ph\u00e2n t\u00edch log v\u1edbi logwatch<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>Thay v\u00ec \u0111\u1ecdc log th\u1ee7 c\u00f4ng, h\u00e3y \u0111\u1ec3 h\u1ec7 th\u1ed1ng g\u1eedi b\u00e1o c\u00e1o cho b\u1ea1n h\u00e0ng ng\u00e0y.<\/p>\n\n\n\n<p><strong>C\u00e0i \u0111\u1eb7t:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install logwatch<\/code><\/pre>\n\n\n\n<p><strong>Ch\u1ea1y th\u1eed v\u00e0 xem b\u00e1o c\u00e1o:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo logwatch<\/code><\/pre>\n\n\n\n<p>\u0110\u1ec3 c\u1ea5u h\u00ecnh g\u1eedi email, b\u1ea1n c\u1ea7n c\u00e0i \u0111\u1eb7t m\u1ed9t Mail Transfer Agent nh\u01b0 Postfix v\u00e0 ch\u1ec9nh s\u1eeda file <code>\/etc\/cron.daily\/00logwatch<\/code>.<\/p>\n\n\n\n<h4 id=\"B\u01b0\u1edbc_10:_Ch\u1ee7_\u0111\u1ed9ng_qu\u00e9t_Rootkit_v\u00e0_Malware\"><a id=\"post-120368-_2qtr0tfmdncz\"><\/a>B\u01b0\u1edbc 10: Ch\u1ee7 \u0111\u1ed9ng qu\u00e9t Rootkit v\u00e0 Malware<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>\u0110\u1ecbnh k\u1ef3 ki\u1ec3m tra xem h\u1ec7 th\u1ed1ng c\u00f3 b\u1ecb c\u00e0i c\u1eafm ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i hay kh\u00f4ng.<\/p>\n\n\n\n<p><strong>C\u00e0i \u0111\u1eb7t c\u00f4ng c\u1ee5:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install chkrootkit rkhunter<\/code><\/pre>\n\n\n\n<p><strong>Th\u1ef1c hi\u1ec7n qu\u00e9t:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Qu\u00e9t b\u1eb1ng chkrootkit\n\nsudo chkrootkit\n\n# C\u1eadp nh\u1eadt c\u01a1 s\u1edf d\u1eef li\u1ec7u cho rkhunter r\u1ed3i qu\u00e9t\n\nsudo rkhunter --update\n\nsudo rkhunter --checkall<\/code><\/pre>\n\n\n\n<p>H\u00e3y ch\u1ea1y c\u00e1c l\u1ec7nh n\u00e0y \u0111\u1ecbnh k\u1ef3 (v\u00ed d\u1ee5: h\u00e0ng tu\u1ea7n) v\u00e0 ki\u1ec3m tra k\u1ef9 c\u00e1c c\u1ea3nh b\u00e1o (warning) m\u00e0 ch\u00fang \u0111\u01b0a ra.<\/p>\n\n\n\n<h3 id=\"K\u1ebft_lu\u1eadn\"><a id=\"post-120368-_yswj6bw51sob\"><\/a>K\u1ebft lu\u1eadn<\/h3>\n\n\n\n<p>B\u1ea3o m\u1eadt cho m\u1ed9t VPS Ubuntu kh\u00f4ng ph\u1ea3i l\u00e0 c\u00f4ng vi\u1ec7c l\u00e0m m\u1ed9t l\u1ea7n r\u1ed3i qu\u00ean, m\u00e0 l\u00e0 m\u1ed9t qu\u00e1 tr\u00ecnh li\u00ean t\u1ee5c, \u0111\u00f2i h\u1ecfi s\u1ef1 c\u1ea9n tr\u1ecdng v\u00e0 ch\u1ee7 \u0111\u1ed9ng. B\u1eb1ng c\u00e1ch th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc t\u1eeb vi\u1ec7c gia c\u1ed1 n\u1ec1n t\u1ea3ng, d\u1ef1ng l\u00ean t\u01b0\u1eddng l\u1eeda, t\u1ef1 \u0111\u1ed9ng h\u00f3a ph\u00f2ng th\u1ee7 v\u00e0 c\u1eadp nh\u1eadt, cho \u0111\u1ebfn ch\u1ee7 \u0111\u1ed9ng gi\u00e1m s\u00e1t v\u00e0 qu\u00e9t m\u00e3 \u0111\u1ed9c, b\u1ea1n \u0111\u00e3 bi\u1ebfn chi\u1ebfc VPS c\u1ee7a m\u00ecnh t\u1eeb m\u1ed9t m\u1ee5c ti\u00eau ti\u1ec1m n\u0103ng th\u00e0nh m\u1ed9t ph\u00e1o \u0111\u00e0i \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 nghi\u00eam ng\u1eb7t.<\/p>\n\n\n\n<h2 id=\"Nh\u1eefng_c\u00e2u_h\u1ecfi_th\u01b0\u1eddng_g\u1eb7p\"><a id=\"post-120368-_qkbw1ow1zyk1\"><\/a>Nh\u1eefng c\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p<\/h2>\n\n\n\t\t<section\t\thelp class=\"sc_fs_faq sc_card    \"\n\t\t\t\t>\n\t\t\t\t<h2 id=\"VPS_c\u1ee7a_t\u00f4i_ch\u1ec9_ch\u1ea1y_m\u1ed9t_blog_nh\u1ecf,_c\u00f3_th\u1eadt_s\u1ef1_c\u1ea7n_l\u00e0m_t\u1ea5t_c\u1ea3_c\u00e1c_b\u01b0\u1edbc_ph\u1ee9c_t\u1ea1p_n\u00e0y_kh\u00f4ng?_\">VPS c\u1ee7a t\u00f4i ch\u1ec9 ch\u1ea1y m\u1ed9t blog nh\u1ecf, c\u00f3 th\u1eadt s\u1ef1 c\u1ea7n l\u00e0m t\u1ea5t c\u1ea3 c\u00e1c b\u01b0\u1edbc ph\u1ee9c t\u1ea1p n\u00e0y kh\u00f4ng? <\/h2>\t\t\t\t<div>\n\t\t\t\t\t\t<div class=\"sc_fs_faq__content\">\n\t\t\t\t\n\n<p>C\u00f3. Quy m\u00f4 kh\u00f4ng quan tr\u1ecdng, v\u00ec c\u00e1c bot t\u1ea5n c\u00f4ng t\u1ef1 \u0111\u1ed9ng tr\u00ean internet qu\u00e9t m\u1ecdi \u0111\u1ecba ch\u1ec9 IP m\u00e0 kh\u00f4ng ph\u00e2n bi\u1ec7t m\u1ee5c ti\u00eau l\u1edbn hay nh\u1ecf. Vi\u1ec7c b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n l\u00e0 b\u1eaft bu\u1ed9c cho t\u1ea5t c\u1ea3 m\u1ecdi ng\u01b0\u1eddi.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section\t\thelp class=\"sc_fs_faq sc_card    \"\n\t\t\t\t>\n\t\t\t\t<h2 id=\"N\u1ebfu_\u0111\u00e3_c\u00e0i_\u0111\u1eb7t_c\u1eadp_nh\u1eadt_t\u1ef1_\u0111\u1ed9ng_(unattended-upgrades),_t\u00f4i_c\u00f3_c\u1ea7n_ch\u1ea1y_apt_upgrade_th\u1ee7_c\u00f4ng_n\u1eefa_kh\u00f4ng?\">N\u1ebfu \u0111\u00e3 c\u00e0i \u0111\u1eb7t c\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng (unattended-upgrades), t\u00f4i c\u00f3 c\u1ea7n ch\u1ea1y apt upgrade th\u1ee7 c\u00f4ng n\u1eefa kh\u00f4ng?<\/h2>\t\t\t\t<div>\n\t\t\t\t\t\t<div class=\"sc_fs_faq__content\">\n\t\t\t\t\n\n<p>C\u00f3, b\u1ea1n v\u1eabn n\u00ean ch\u1ea1y th\u1ee7 c\u00f4ng \u0111\u1ecbnh k\u1ef3. C\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng th\u01b0\u1eddng ch\u1ec9 \u00e1p d\u1ee5ng cho c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt quan tr\u1ecdng, trong khi apt upgrade s\u1ebd c\u1eadp nh\u1eadt to\u00e0n b\u1ed9 ph\u1ea7n m\u1ec1m, bao g\u1ed3m c\u1ea3 c\u00e1c t\u00ednh n\u0103ng m\u1edbi v\u00e0 b\u1ea3n s\u1eeda l\u1ed7i th\u00f4ng th\u01b0\u1eddng.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section\t\thelp class=\"sc_fs_faq sc_card    \"\n\t\t\t\t>\n\t\t\t\t<h2 id=\"L\u00e0m_th\u1ebf_n\u00e0o_\u0111\u1ec3_xem_c\u00e1c_\u0111\u1ecba_ch\u1ec9_IP_\u0111\u00e3_b\u1ecb_Fail2Ban_ch\u1eb7n_v\u00e0_l\u00e0m_c\u00e1ch_n\u00e0o_\u0111\u1ec3_b\u1ecf_ch\u1eb7n_m\u1ed9t_IP?\">L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 xem c\u00e1c \u0111\u1ecba ch\u1ec9 IP \u0111\u00e3 b\u1ecb Fail2Ban ch\u1eb7n v\u00e0 l\u00e0m c\u00e1ch n\u00e0o \u0111\u1ec3 b\u1ecf ch\u1eb7n m\u1ed9t IP?<\/h2>\t\t\t\t<div>\n\t\t\t\t\t\t<div class=\"sc_fs_faq__content\">\n\t\t\t\t\n\n<p>\u0110\u1ec3 xem IP b\u1ecb ch\u1eb7n (v\u00ed d\u1ee5 cho SSH): sudo fail2ban-client status sshd. \u0110\u1ec3 b\u1ecf ch\u1eb7n m\u1ed9t IP: sudo fail2ban-client set sshd unbanip &lt;\u0110\u1ecaA_CH\u1ec8_IP>.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section\t\thelp class=\"sc_fs_faq sc_card    \"\n\t\t\t\t>\n\t\t\t\t<h2 id=\"Nh\u00e0_cung_c\u1ea5p_VPS_\u0111\u00e3_c\u00f3_T\u01b0\u1eddng_l\u1eeda_M\u1ea1ng_(Network_Firewall),_t\u1ea1i_sao_t\u00f4i_v\u1eabn_c\u1ea7n_c\u00e0i_\u0111\u1eb7t_UFW_tr\u00ean_m\u00e1y_ch\u1ee7?\">Nh\u00e0 cung c\u1ea5p VPS \u0111\u00e3 c\u00f3 T\u01b0\u1eddng l\u1eeda M\u1ea1ng (Network Firewall), t\u1ea1i sao t\u00f4i v\u1eabn c\u1ea7n c\u00e0i \u0111\u1eb7t UFW tr\u00ean m\u00e1y ch\u1ee7?<\/h2>\t\t\t\t<div>\n\t\t\t\t\t\t<div class=\"sc_fs_faq__content\">\n\t\t\t\t\n\n<p>\u0110\u00f3 l\u00e0 chi\u1ebfn l\u01b0\u1ee3c &#8220;ph\u00f2ng th\u1ee7 theo chi\u1ec1u s\u00e2u&#8221;. H\u00e3y coi T\u01b0\u1eddng l\u1eeda M\u1ea1ng l\u00e0 h\u00e0ng r\u00e0o c\u1ee7a khu ph\u1ed1, c\u00f2n UFW l\u00e0 c\u1eeda kh\u00f3a c\u1ee7a ch\u00ednh nh\u00e0 b\u1ea1n. Lu\u00f4n c\u1ea7n c\u1ea3 hai l\u1edbp b\u1ea3o v\u1ec7 \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng an ninh t\u1ed1i \u0111a.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section\t\thelp class=\"sc_fs_faq sc_card    \"\n\t\t\t\t>\n\t\t\t\t<h2 id=\"N\u1ebfu_t\u00f4i_l\u00e0m_m\u1ea5t_SSH_key_(v\u00ed_d\u1ee5:_m\u00e1y_t\u00ednh_b\u1ecb_h\u1ecfng),_l\u00e0m_c\u00e1ch_n\u00e0o_\u0111\u1ec3_truy_c\u1eadp_l\u1ea1i_v\u00e0o_VPS?\">N\u1ebfu t\u00f4i l\u00e0m m\u1ea5t SSH key (v\u00ed d\u1ee5: m\u00e1y t\u00ednh b\u1ecb h\u1ecfng), l\u00e0m c\u00e1ch n\u00e0o \u0111\u1ec3 truy c\u1eadp l\u1ea1i v\u00e0o VPS?<\/h2>\t\t\t\t<div>\n\t\t\t\t\t\t<div class=\"sc_fs_faq__content\">\n\t\t\t\t\n\n<p>S\u1eed d\u1ee5ng t\u00ednh n\u0103ng <strong>&#8220;Console&#8221;<\/strong> ho\u1eb7c <strong>ch\u1ebf \u0111\u1ed9 c\u1ee9u h\u1ed9 (Rescue Mode)<\/strong> c\u1ee7a nh\u00e0 cung c\u1ea5p. T\u1eeb \u0111\u00f3, b\u1ea1n c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng, t\u1ea1m th\u1eddi cho ph\u00e9p \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u tr\u1edf l\u1ea1i v\u00e0 th\u00eam SSH key m\u1edbi c\u1ee7a m\u00ecnh.<\/p>\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/section>\n\t\t\n<script type=\"application\/ld+json\">\n\t{\n\t\t\"@context\": \"https:\/\/schema.org\",\n\t\t\"@type\": \"FAQPage\",\n\t\t\"mainEntity\": [\n\t\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"VPS c\u1ee7a t\u00f4i ch\u1ec9 ch\u1ea1y m\u1ed9t blog nh\u1ecf, c\u00f3 th\u1eadt s\u1ef1 c\u1ea7n l\u00e0m t\u1ea5t c\u1ea3 c\u00e1c b\u01b0\u1edbc ph\u1ee9c t\u1ea1p n\u00e0y kh\u00f4ng? \",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"<p>C\u00f3. Quy m\u00f4 kh\u00f4ng quan tr\u1ecdng, v\u00ec c\u00e1c bot t\u1ea5n c\u00f4ng t\u1ef1 \u0111\u1ed9ng tr\u00ean internet qu\u00e9t m\u1ecdi \u0111\u1ecba ch\u1ec9 IP m\u00e0 kh\u00f4ng ph\u00e2n bi\u1ec7t m\u1ee5c ti\u00eau l\u1edbn hay nh\u1ecf. Vi\u1ec7c b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n l\u00e0 b\u1eaft bu\u1ed9c cho t\u1ea5t c\u1ea3 m\u1ecdi ng\u01b0\u1eddi.<\/p>\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"N\u1ebfu \u0111\u00e3 c\u00e0i \u0111\u1eb7t c\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng (unattended-upgrades), t\u00f4i c\u00f3 c\u1ea7n ch\u1ea1y apt upgrade th\u1ee7 c\u00f4ng n\u1eefa kh\u00f4ng?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"<p>C\u00f3, b\u1ea1n v\u1eabn n\u00ean ch\u1ea1y th\u1ee7 c\u00f4ng \u0111\u1ecbnh k\u1ef3. C\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng th\u01b0\u1eddng ch\u1ec9 \u00e1p d\u1ee5ng cho c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt quan tr\u1ecdng, trong khi apt upgrade s\u1ebd c\u1eadp nh\u1eadt to\u00e0n b\u1ed9 ph\u1ea7n m\u1ec1m, bao g\u1ed3m c\u1ea3 c\u00e1c t\u00ednh n\u0103ng m\u1edbi v\u00e0 b\u1ea3n s\u1eeda l\u1ed7i th\u00f4ng th\u01b0\u1eddng.<\/p>\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 xem c\u00e1c \u0111\u1ecba ch\u1ec9 IP \u0111\u00e3 b\u1ecb Fail2Ban ch\u1eb7n v\u00e0 l\u00e0m c\u00e1ch n\u00e0o \u0111\u1ec3 b\u1ecf ch\u1eb7n m\u1ed9t IP?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"<p>\u0110\u1ec3 xem IP b\u1ecb ch\u1eb7n (v\u00ed d\u1ee5 cho SSH): sudo fail2ban-client status sshd. \u0110\u1ec3 b\u1ecf ch\u1eb7n m\u1ed9t IP: sudo fail2ban-client set sshd unbanip &lt;\u0110\u1ecaA_CH\u1ec8_IP>.<\/p>\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"Nh\u00e0 cung c\u1ea5p VPS \u0111\u00e3 c\u00f3 T\u01b0\u1eddng l\u1eeda M\u1ea1ng (Network Firewall), t\u1ea1i sao t\u00f4i v\u1eabn c\u1ea7n c\u00e0i \u0111\u1eb7t UFW tr\u00ean m\u00e1y ch\u1ee7?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"<p>\u0110\u00f3 l\u00e0 chi\u1ebfn l\u01b0\u1ee3c \\\"ph\u00f2ng th\u1ee7 theo chi\u1ec1u s\u00e2u\\\". H\u00e3y coi T\u01b0\u1eddng l\u1eeda M\u1ea1ng l\u00e0 h\u00e0ng r\u00e0o c\u1ee7a khu ph\u1ed1, c\u00f2n UFW l\u00e0 c\u1eeda kh\u00f3a c\u1ee7a ch\u00ednh nh\u00e0 b\u1ea1n. Lu\u00f4n c\u1ea7n c\u1ea3 hai l\u1edbp b\u1ea3o v\u1ec7 \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng an ninh t\u1ed1i \u0111a.<\/p>\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t,\t\t\t\t{\n\t\t\t\t\"@type\": \"Question\",\n\t\t\t\t\"name\": \"N\u1ebfu t\u00f4i l\u00e0m m\u1ea5t SSH key (v\u00ed d\u1ee5: m\u00e1y t\u00ednh b\u1ecb h\u1ecfng), l\u00e0m c\u00e1ch n\u00e0o \u0111\u1ec3 truy c\u1eadp l\u1ea1i v\u00e0o VPS?\",\n\t\t\t\t\"acceptedAnswer\": {\n\t\t\t\t\t\"@type\": \"Answer\",\n\t\t\t\t\t\"text\": \"<p>S\u1eed d\u1ee5ng t\u00ednh n\u0103ng <strong>\\\"Console\\\"<\/strong> ho\u1eb7c <strong>ch\u1ebf \u0111\u1ed9 c\u1ee9u h\u1ed9 (Rescue Mode)<\/strong> c\u1ee7a nh\u00e0 cung c\u1ea5p. T\u1eeb \u0111\u00f3, b\u1ea1n c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng, t\u1ea1m th\u1eddi cho ph\u00e9p \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u tr\u1edf l\u1ea1i v\u00e0 th\u00eam SSH key m\u1edbi c\u1ee7a m\u00ecnh.<\/p>\"\n\t\t\t\t\t\t\t\t\t}\n\t\t\t}\n\t\t\t\t\t\t]\n\t}\n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>Chi\u1ebfc VPS m\u00e0 b\u1ea1n d\u00e0y c\u00f4ng x\u00e2y d\u1ef1ng kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t m\u00e1y ch\u1ee7 &#8211; \u0111\u00f3 l\u00e0 n\u1ec1n t\u1ea3ng cho website, \u1ee9ng d\u1ee5ng, hay to\u00e0n b\u1ed9 d\u1ef1 \u00e1n t\u00e2m huy\u1ebft c\u1ee7a b\u1ea1n. Trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi, vi\u1ec7c b\u1ecf qua c\u00e1c b\u01b0\u1edbc b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n c\u0169ng gi\u1ed1ng [&hellip;]<\/p>\n","protected":false},"author":23,"featured_media":120376,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7376],"tags":[7436],"class_list":["post-120368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thu-thuat-hosting-vps","tag-bao-mat-vps"],"_links":{"self":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/posts\/120368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/comments?post=120368"}],"version-history":[{"count":6,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/posts\/120368\/revisions"}],"predecessor-version":[{"id":120381,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/posts\/120368\/revisions\/120381"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media\/120376"}],"wp:attachment":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media?parent=120368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/categories?post=120368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/tags?post=120368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}