#!/bin/bash#1.备份本次脚本需要修改的文件#2.设定密码策略/etc/login.defssed -i '/^PASS_MAX_DAYS/c PASS_MAX_DAYS 90' /etc/login.defssed -i '/^PASS_MIN_DAYS/c PASS_MIN_DAYS 10' /etc/login.defssed -i '/^PASS_MIN_LEN/c PASS_MIN_LEN 8' /etc/login.defssed -i '/^PASS_WARN_AGE/c PASS_WARN_AGE 5' /etc/login.defscat /etc/login.defs|grep -v "^#"|grep -v "^$"result.txt#3.修改内核设置:|grep -v "^#"|grep -v "^$"echo "net.ipv4.tcp_max_syn_backlog = 4096" /etc/sysctl.confecho "net.ipv4.conf.all.rp_filter = 1" /etc/sysctl.confecho "net.ipv4.conf.all.accept_source_route = 0" /etc/sysctl.confecho "net.ipv4.conf.all.accept_redirects = 0" /etc/sysctl.confecho "net.ipv4.conf.all.secure_redirects = 0" /etc/sysctl.confecho "net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.confecho "net.ipv4.conf.default.accept_source_route = 1" /etc/sysctl.confecho "net.ipv4.conf.default.accept_redirects = 0" /etc/sysctl.confecho "net.ipv4.conf.default.secure_redirects = 0" /etc/sysctl.confecho "net.ipv4.conf.all.send_redirects = 0" /etc/sysctl.confecho "net.ipv4.conf.default.send_redirects = 0" /etc/sysctl.confcat /etc/sysctl.conf|grep -v "^#"|grep -v "^$"result.txt#4.远程登录安全设置sshdconfigsed -i '/^#PermitRootLogin/c PermitRootLogin no' /etc/ssh/sshd_configsed -i '/^#MaxAuthTries 6/c MaxAuthTries 6' /etc/ssh/sshd_configsed -i "/^#UseDNS yes/c UseDNS no" /etc/ssh/sshd_configsed -i '/^#ClientAliveCountMax 3/c ClientAliveCountMax 3' /etc/ssh/sshd_config#5.增加登录超时设置echo "TMOUT=300" /etc/profile#6.锁定不需要的用户passwd -l ftppasswd -l nobody#7.修改重要文件的权限chown root:root /etc/sysctl.confchmod 0600 /etc/sysctl.confsed -i '/^#required pam_wheel.so use.uid/c required pam_wheel.so use.uid' /etc/pam.d/su
原文始发于微信公众号(菜鸟小新):Linux安全设置脚本 部分安全
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论