Linux安全设置脚本 部分安全

  #!/bin/bash

  #1.备份本次脚本需要修改的文件

  #2.设定密码策略/etc/login.defs

  sed -i '/^PASS_MAX_DAYS/c PASS_MAX_DAYS 90' /etc/login.defs

  sed -i '/^PASS_MIN_DAYS/c PASS_MIN_DAYS  10' /etc/login.defs

  sed -i '/^PASS_MIN_LEN/c PASS_MIN_LEN 8' /etc/login.defs

  sed -i '/^PASS_WARN_AGE/c PASS_WARN_AGE 5' /etc/login.defs

  cat /etc/login.defs|grep -v "^#"|grep -v "^$">>result.txt

  Linux安全设置脚本 部分安全

  #3.修改内核设置:|grep -v "^#"|grep -v "^$"

  echo "net.ipv4.tcp_max_syn_backlog = 4096" >>/etc/sysctl.conf

  echo "net.ipv4.conf.all.rp_filter = 1" >>/etc/sysctl.conf

  echo "net.ipv4.conf.all.accept_source_route = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.all.accept_redirects = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.all.secure_redirects = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.default.rp_filter = 1" >>/etc/sysctl.conf

  echo "net.ipv4.conf.default.accept_source_route = 1" >>/etc/sysctl.conf

  echo "net.ipv4.conf.default.accept_redirects = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.default.secure_redirects = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.all.send_redirects = 0" >>/etc/sysctl.conf

  echo "net.ipv4.conf.default.send_redirects = 0" >>/etc/sysctl.conf

  cat /etc/sysctl.conf|grep -v "^#"|grep -v "^$">>result.txt

  #4.远程登录安全设置sshdconfig

  sed -i '/^#PermitRootLogin/c PermitRootLogin no' /etc/ssh/sshd_config

  sed -i '/^#MaxAuthTries 6/c MaxAuthTries 6' /etc/ssh/sshd_config

  sed -i "/^#UseDNS yes/c UseDNS no" /etc/ssh/sshd_config

  sed -i '/^#ClientAliveCountMax 3/c ClientAliveCountMax 3' /etc/ssh/sshd_config

  #5.增加登录超时设置

  echo "TMOUT=300" >>/etc/profile

  #6.锁定不需要的用户

  passwd -l ftp

  passwd -l nobody

  #7.修改重要文件的权限

  chown root:root /etc/sysctl.conf

  chmod 0600 /etc/sysctl.conf

  sed -i '/^#required pam_wheel.so use.uid/c required pam_wheel.so use.uid' /etc/pam.d/su

  #8.

 

发表评论

邮箱地址不会被公开。 必填项已用*标注