删用户
#!/bin/sh
userdel username
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
groupdel username
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/gshadow
chattr +i /etc/group
chattr +i /etc/services
补充:
查看是否有隐藏属性: lsattr
i 参数:系统不允许对这个文件进行任何的修改。如果目录具有这个属性,那么任何的进程只能修改目录之下的文件,不允许建立和删除文件。
关闭不需要的服务
chkconfig --level 12345 avahi-daemon off
chkconfig --level 12345 cups off
chkconfig --level 12345 portmap off
chkconfig --level 12345 nfslock off
chkconfig --level 12345 bluetooth off
chkconfig --level 12345 pcscd off
chkconfig --level 12345 rhnsd off
chkconfig --level 12345 sendmail off
chkconfig --level 12345 yum-updatesd off
有关apache
1 /opt/apache/cgi-bin
mv printenv pritenv.old
2 /opt/apache/httpd.conf
注销掉有关/cgi-bin ,/icons,/manual的配置
3
/opt/apache/conf/httpd.conf
去掉注释 #UserDir public_html
修改为 UserDir disable
另添加 ServerTokens Prod
另添加 TraceEnable off
修改ServerSignature On
为ServerSignature Off
Order deny,allow
Deny from all
6.禁止无用的apache目录
6.1 注销cgi目录
编辑/opt/apache/httpd.conf
使用#注销掉下面的配置,同时删除/opt/apache/cgi-bin目录
ScriptAlias /cgi-bin/ "/opt/apache/cgi-bin/"
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock logs/cgisock
#
# "/opt/apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
AllowOverride None
Options None
Order allow,deny
Allow from all
6.2 注销icons目录
编辑/opt/apache/httpd.conf
使用#注销掉下面的配置,同时删除/opt/apache/icons目录
Alias /icons/ "/opt/apache/icons/"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
6.3注销manual目录
编辑/opt/apache/httpd.conf
使用#注销掉下面的配置
AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/opt/apache/manual$1"
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
SetHandler type-map
SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
7.关于apache的提示信息
在以上的步骤中,我们已经使用ServerTokens Prod 参数使apache的提示减少到最少,HTTP响应包头就会被设置成:
Server:Apache
而不是类似于:
Apache/2.0.59 (Unix) PHP/4.3.8
如果必须要替换掉该提示信息,需要重新编译安装apache,因为涉及到与weblogic,webspher的结合,不建议重新编辑安装。
附:重新编译安装apache时需要修改的参数:
以Apache 2.0.59为例,编辑ap_release.h文件,修改“#define AP_SERVER_BASEPRODUCT \"Apache\"”为“#define AP_SERVER_BASEPRODUCT \"Microsoft-IIS/5.0\"”。编辑os/unix/os.h文件,修改“#define PLATFORM \"Unix\"”为“#define PLATFORM \"Win32\"”。修改完毕后,重新编译、安装Apache。
4
SSHv1协议支持启用
低风险
Negociate SSHd 连接
22
解决办法:
/etc/ssh/sshd_config
去掉注释 #Protocol 1,2
修改为 Protocol 2
阅读(1767) | 评论(0) | 转发(0) |