科技常识:linux系统安全shell脚本第二版

导读 今天小编跟大家讲解下有关linux系统安全shell脚本第二版 ,相信小伙伴们对这个话题应该也很关注吧,小编也收集到了有关linux系统安全shell

今天小编跟大家讲解下有关linux系统安全shell脚本第二版 ,相信小伙伴们对这个话题应该也很关注吧,小编也收集到了有关linux系统安全shell脚本第二版 的相关资料,那么大家可可以点击(前往)进行了解。

使用方法将其复制,保存为一个shell文件,比如security.sh.将其上传到linux服务器上,执行sh security.sh,就可以使用该脚本了!复制代码代码如下:#!/bin/sh # desc: setup linux system security # author:coralzd # powered by www.freebsdsystem.org # version 0.1.2 written by 2011.05.03 #account setup passwd -l xfs passwd -l news passwd -l nscd passwd -l dbus passwd -l vcsa passwd -l games passwd -l nobody passwd -l avahi passwd -l haldaemon passwd -l gopher passwd -l ftp passwd -l mailnull passwd -l pcap passwd -l mail passwd -l shutdown passwd -l halt passwd -l uucp passwd -l operator passwd -l sync passwd -l adm passwd -l lp # chattr /etc/passwd /etc/shadow chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow # add continue input failure 3 ,passwd unlock time 5 minite sed -i 's#auth required pam_env.so#auth required pam_env.so\nauth required pam_tally.so onerr=fail deny=3 unlock_time=300\nauth required /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' /etc/pam.d/system-auth # system timeout 5 minite auto logout echo"TMOUT=300">>/etc/profile # will system save history command list to 10 sed -i"s/HISTSIZE=1000/HISTSIZE=10/"/etc/profile # enable /etc/profile go! source /etc/profile # add syncookie enable /etc/sysctl.conf echo"net.ipv4.tcp_syncookies=1">> /etc/sysctl.conf sysctl -p # exec sysctl.conf enable # optimizer sshd_config sed -i"s/#MaxAuthTries 6/MaxAuthTries 6/"/etc/ssh/sshd_config sed -i"s/#UseDNS yes/UseDNS no/"/etc/ssh/sshd_config # limit chmod important commands chmod 700 /bin/ping chmod 700 /usr/bin/finger chmod 700 /usr/bin/who chmod 700 /usr/bin/w chmod 700 /usr/bin/locate chmod 700 /usr/bin/whereis chmod 700 /sbin/ifconfig chmod 700 /usr/bin/pico chmod 700 /bin/vi chmod 700 /usr/bin/which chmod 700 /usr/bin/gcc chmod 700 /usr/bin/make chmod 700 /bin/rpm # history security chattr +a /root/.bash_history chattr +i /root/.bash_history # write important command md5 cat > list <<"EOF"&& /bin/ping /bin/finger /usr/bin/who /usr/bin/w /usr/bin/locate /usr/bin/whereis /sbin/ifconfig /bin/pico /bin/vi /usr/bin/vim /usr/bin/which /usr/bin/gcc /usr/bin/make /bin/rpm EOF for i in `cat list` do if [ ! -x $i ];then echo"$i not found,no md5sum!"else md5sum $i >> /var/log/`hostname`.log fi done rm -f list 本文出自 崔晓辉的博客 http://coralzd.blog.51cto.com/90341/564887

来源:爱蒂网

点击前往【百度热搜】查看详细

郑重声明:本文版权归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时候联系我们修改或删除,多谢