我们的生活是多么美好呀!!!!
全部博文(225)
分类: 网络与安全
2011-11-16 16:12:46
1. 超时自动注销登陆
文本模式下,如果忘记注销用户,5分钟内自动关闭该连接。
sed -i '/HISTSIZE/a TMOUT=300' /etc/profile
2. 防止误按Ctrl + Alt + Delete重启服务器
sed -i 's/^ca::ctrlaltdel/\#ca::ctrlaltdel/' /etc/inittab
3. 禁止root远程登录
sed -i 's/^\#PermitRootLogin\ yes/PermitRootLogin\ no/' /etc/ssh/sshd_config
#/etc/init.d/sshd restart
4. 删除无用的系统账户
userdel lp
groupdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
groupdel news
userdel uucp
groupdel uucp
userdel operator
userdel games
groupdel games
userdel gopher
groupdel ghpher
cat /etc/passwd |egrep -i "lp|sync|shutdown|halt|news|uucp|operator|games|gopher"
cat /etc/group |egrep -i "lp|news|uucp|games|ghpher"
5. 添加监控帐户ccnmonitor:c@nonair
useradd ccnmonitor
echo |passwd ccnmonitor --stdin
useradd zhangxu;echo passwd | passwd --stdin zhangxu
6. (中级)更改服务器被SSH端口
更该服务器SSH端口,由22口改到10022
sed -i 's/^\#Port\ 22/Port\ 10022/' /etc/ssh/sshd_config
/etc/init.d/sshd restart
7. (中级)更改服务器密码设置规则
设置最大过期时间
#sed -i 's/^PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t60/' /etc/login.defs
设置最小过期时间
#sed -i 's/^PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t45/' /etc/login.defs
密码位数
#sed -i 's/^PASS_MIN_LEN\t5/PASS_MIN_LEN\t8/' /etc/login.defs
过期前提醒的天数
#sed -i 's/^PASS_WARN_AGE\t7/PASS_WARN_AGE\t10/' /etc/login.defs
监控帐户CCNMONITOR永不过期
#usermod -e 12/30/2030 ccnmonitor
8. (高级)禁止非root账户su
# sed -i '/^\#\%PAM-1.0/a auth\trequired\t/lib/security/pam_wheel.so' /etc/pam.d/su;sed -i '/^\#\%PAM-1.0/a auth\tsufficient\t/lib/security/pam_rootok.so\tdebug' /etc/pam.d/su
9. 禁止ping
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
解除禁止
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
