建议在linux下自动安装之后能符合安全标准

[star-plu-cn-sk2]

1, 建立单独的nps用户而不是使用root运行

cat /etc/passwd | grep nps

nps:x:1001:1001::/etc/nps/conf:/bin/false

2,优化systemd脚本
cat /etc/systemd/system/Nps.service
[Unit]
Description=NPS服务器
ConditionFileIsExecutable=/usr/bin/nps

Requires=network.target
After=network-online.target syslog.target
[Service]
LimitNOFILE=65536
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/bin/nps "service"
User=nps
Group=nps
Restart=always
RestartSec=120
[Install]
WantedBy=multi-user.target

3,收紧/etc/nps/下文件权限
文件夹权限 750
文件权限 660
ll
total 16
drwxr-xr-x 4 root root 4096 Dec 2 03:22 ./
drwxr-xr-x 100 root root 4096 Feb 7 00:18 ../
drwxr-x--- 2 nps nps 4096 Feb 6 10:06 conf/
drwxr-x--- 4 nps nps 4096 Dec 2 03:22 web/
ll conf/
total 24
drwxr-x--- 2 nps nps 4096 Feb 6 10:06 ./
drwxr-xr-x 4 root root 4096 Dec 2 03:22 ../
-rw-r--r-- 1 nps nps 0 Feb 6 09:59 clients.json
-rw-r--r-- 1 nps nps 0 Feb 6 10:06 clients.json.tmp
-rw-rw---- 1 nps nps 0 Dec 2 03:22 hosts.json
-rw-rw---- 1 nps nps 1966 Feb 6 09:57 nps.conf
-rw-rw---- 1 nps nps 408 Feb 6 09:59 nps.log
-rw-rw---- 1 nps nps 1679 Dec 2 03:22 server.key
-rw-rw---- 1 nps nps 1346 Dec 2 03:22 server.pem
-rw-rw---- 1 nps nps 0 Dec 2 03:22 tasks.json

4, 站点文件,配置文件和数据文件分离
clients.json
nps.log
单独放到/etc/nps/data目录里面

5, 这是我修改后的nps服务
root@nps-server:/etc/nps# systemctl status Nps
● Nps.service - NPS服务器
Loaded: loaded (/etc/systemd/system/Nps.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2025-02-06 09:59:52 UTC; 22h ago
Main PID: 136058 (nps)
Tasks: 8 (limit: 4475)
Memory: 9.6M
CPU: 1min 1.936s
CGroup: /system.slice/Nps.service
└─136058 /usr/bin/nps service

Feb 06 09:59:52 nps-server systemd[1]: Started NPS服务器.