<i id='it520'><div id='it520'><ins id='it520'></ins></div></i>

    <code id='it520'><strong id='it520'></strong></code>

  1. <ins id='it520'></ins>

      <i id='it520'></i>
      <dl id='it520'></dl>

      <span id='it520'></span>

    1. <tr id='it520'><strong id='it520'></strong><small id='it520'></small><button id='it520'></button><li id='it520'><noscript id='it520'><big id='it520'></big><dt id='it520'></dt></noscript></li></tr><ol id='it520'><table id='it520'><blockquote id='it520'><tbody id='it520'></tbody></blockquote></table></ol><u id='it520'></u><kbd id='it520'><kbd id='it520'></kbd></kbd>
        1. <acronym id='it520'><em id='it520'></em><td id='it520'><div id='it520'></div></td></acronym><address id='it520'><big id='it520'><big id='it520'></big><legend id='it520'></legend></big></address>
          <fieldset id='it520'></fieldset>
        2. linux系统安全shell脚本第二版

          • 时间:
          • 浏览:9
          • 来源:124软件资讯网

              使用要领将其复制  ,生存为一个shell文件 ,好比security.sh.将其上传到linux服务器上 ,执行sh security.sh  ,就可以使用该剧本了!

              代码如下:

              #!/bin/sh

              # desc: setup linux system security

              # author:coralzd

              # powered by www.freebsdsystem.org

              # version 0.1.2 written by 2011.05.03

              #account setup

              passwd -l xfs

              passwd -l news

              passwd -l nscd

              passwd -l dbus

              passwd -l vcsa

              passwd -l games

              passwd -l nobody

              passwd -l avahi

              passwd -l haldaemon

              passwd -l gopher

              passwd -l ftp

              passwd -l mailnull

              passwd -l pcap

              passwd -l mail

              passwd -l shutdown

              passwd -l halt

              passwd -l uucp

              passwd -l operator

              passwd -l sync

              passwd -l adm

              passwd -l lp

              # chattr /etc/passwd /etc/shadow

              chattr +i /etc/passwd

              chattr +i /etc/shadow

              chattr +i /etc/group

              chattr +i /etc/gshadow

              # add continue input failure 3 ,passwd unlock time 5 minite

              sed -i 's#auth required pam_env.so#auth required pam_env.so\nauth required pam_tally.so onerr=fail deny=3 unlock_time=300\nauth required /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' /etc/pam.d/system-auth

              # system timeout 5 minite auto logout

              echo "TMOUT=300" >>/etc/profile

              # will system save history command list to 10

              sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile

              # enable /etc/profile go!

              source /etc/profile

              # add syncookie enable /etc/sysctl.conf

              echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf

              sysctl -p # exec sysctl.conf enable

              # optimizer sshd_config

              sed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_config

              sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config

              # limit chmod important commands

              chmod 700 /bin/ping

              chmod 700 /usr/bin/finger

              chmod 700 /usr/bin/who

              chmod 700 /usr/bin/w

              chmod 700 /usr/bin/locate

              chmod 700 /usr/bin/whereis

              chmod 700 /sbin/ifconfig

              chmod 700 /usr/bin/pico

              chmod 700 /bin/vi

              chmod 700 /usr/bin/which

              chmod 700 /usr/bin/gcc

              chmod 700 /usr/bin/make

              chmod 700 /bin/rpm

              # history security

              chattr +a /root/.bash_history

              chattr +i /root/.bash_history

              # write important command md5

              cat > list << "EOF" &&

              /bin/ping

              /bin/finger

              /usr/bin/who

              /usr/bin/w

              /usr/bin/locate

              /usr/bin/whereis

              /sbin/ifconfig

              /bin/pico

              /bin/vi

              /usr/bin/vim

              /usr/bin/which

              /usr/bin/gcc

              /usr/bin/make

              /bin/rpm

              EOF

              for i in `cat list`

              do

              if [ ! -x $i ];then

              echo "$i not found,no md5sum!"

              else

              md5sum $i >> /var/log/`hostname`.log

              fi

              done

              rm -f list