Chinaunix首页 | 论坛 | 博客
  • 博客访问: 287837
  • 博文数量: 78
  • 博客积分: 3018
  • 博客等级: 少校
  • 技术积分: 950
  • 用 户 组: 普通用户
  • 注册时间: 2006-04-07 02:33
文章分类

全部博文(78)

文章存档

2013年(1)

2012年(19)

2011年(45)

2008年(13)

分类: LINUX

2011-12-26 14:01:52

  1. #!/bin/sh
  2. # desc: setup linux system security
  3. # author:coralzd
  4. #account setup

  5. passwd -l xfs
  6. passwd -l news
  7. passwd -l nscd
  8. passwd -l dbus
  9. passwd -l vcsa
  10. passwd -l games
  11. passwd -l nobody
  12. passwd -l avahi
  13. passwd -l haldaemon
  14. passwd -l gopher
  15. passwd -l ftp
  16. passwd -l mailnull
  17. passwd -l pcap
  18. passwd -l mail
  19. passwd -l shutdown
  20. passwd -l halt
  21. passwd -l uucp
  22. passwd -l operator
  23. passwd -l sync
  24. passwd -l adm
  25. passwd -l lp

  26. # chattr /etc/passwd /etc/shadow
  27. chattr +i /etc/passwd
  28. chattr +i /etc/shadow
  29. chattr +i /etc/group
  30. chattr +i /etc/gshadow

  31. # add continue input failure 3 ,passwd unlock time 5 minite
  32. sed -i 's#auth required pam_env.so#auth required pam_env.sonauth required pam_tally.so onerr=fail deny=3 unlock_time=300nauth required /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' /etc/pam.d/system-auth
  33. # system timeout 5 minite auto logout
  34. echo "TMOUT=300" >>/etc/profile

  35. # will system save history command list to 10
  36. sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile

  37. # enable /etc/profile
  38. source /etc/profile

  39. # add syncookie enable /etc/sysctl.conf
  40. echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf

  41. sysctl -p # exec sysctl.conf enable
  42. # optimizer sshd_config

  43. sed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_config
  44. sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config

  45. # limit chmod important commands
  46. chmod 700 /bin/ping
  47. chmod 700 /usr/bin/finger
  48. chmod 700 /usr/bin/who
  49. chmod 700 /usr/bin/w
  50. chmod 700 /usr/bin/locate
  51. chmod 700 /usr/bin/whereis
  52. chmod 700 /sbin/ifconfig
  53. chmod 700 /usr/bin/pico
  54. chmod 700 /bin/vi
  55. chmod 700 /usr/bin/which
  56. chmod 700 /usr/bin/gcc
  57. chmod 700 /usr/bin/make
  58. chmod 700 /bin/rpm

  59. # history security

  60. chattr +a /root/.bash_history
  61. chattr +i /root/.bash_history

  62. # write important command md5
  63. cat > list << "EOF" &&
  64. /bin/ping
  65. /bin/finger
  66. /usr/bin/who
  67. /usr/bin/w
  68. /usr/bin/locate
  69. /usr/bin/whereis
  70. /sbin/ifconfig
  71. /bin/pico
  72. /bin/vi
  73. /usr/bin/vim
  74. /usr/bin/which
  75. /usr/bin/gcc
  76. /usr/bin/make
  77. /bin/rpm
  78. EOF

  79. for i in `cat list`
  80. do
  81. if [ ! -x $i ];then
  82. echo "$i not found,no md5sum!"
  83. else
  84. md5sum $i >> /var/log/`hostname`.log
  85. fi
  86. done
  87. rm -f list
阅读(684) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~