How to implement secure hardening shell script in linux Server 01/28 Update SLTechnology News&Howtos

How to implement secure hardening shell script in linux Server

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article is about how linux servers implement security hardening shell scripts. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The code is as follows:

#! / bin/sh

# desc: setup linux system security

# author:coralzd

# powered by www.freebsdsystem.org

# version 0.1.2 written by 2011.05.03

# account setup

Passwd-l xfs

Passwd-l news

Passwd-l nscd

Passwd-l dbus

Passwd-l vcsa

Passwd-l games

Passwd-l nobody

Passwd-l avahi

Passwd-l haldaemon

Passwd-l gopher

Passwd-l ftp

Passwd-l mailnull

Passwd-l pcap

Passwd-l mail

Passwd-l shutdown

Passwd-l halt

Passwd-l uucp

Passwd-l operator

Passwd-l sync

Passwd-l adm

Passwd-l lp

# chattr / etc/passwd / etc/shadow

Chattr + I / etc/passwd

Chattr + I / etc/shadow

Chattr + I / etc/group

Chattr + I / etc/gshadow

# add continue input failure 3, passwd unlock time 5 minite

Sed-I 's#auth required pam_env.so#auth required pam_env.so\ nauth required pam_tally.so onerr=fail deny=3 unlock_time=300\ nauth required / lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' / etc/pam.d/system-auth

# system timeout 5 minite auto logout

Echo "TMOUT=300" > > / etc/profile

# will system save history command list to 10

Sed-I "s/HISTSIZE=1000/HISTSIZE=10/" / etc/profile

# enable / etc/profile go!

Source / etc/profile

# add syncookie enable / etc/sysctl.conf

Echo "net.ipv4.tcp_syncookies=1" > > / etc/sysctl.conf

Sysctl-p # exec sysctl.conf enable

# optimizer sshd_config

Sed-I "s/#MaxAuthTries 6/MaxAuthTries 6" / etc/ssh/sshd_config

Sed-I "s/#UseDNS yes/UseDNS no/" / etc/ssh/sshd_config

# limit chmod important commands

Chmod 700 / bin/ping

Chmod 700 / usr/bin/finger

Chmod 700 / usr/bin/who

Chmod 700 / usr/bin/w

Chmod 700 / usr/bin/locate

Chmod 700 / usr/bin/whereis

Chmod 700 / sbin/ifconfig

Chmod 700 / usr/bin/pico

Chmod 700 / bin/vi

Chmod 700 / usr/bin/which

Chmod 700 / usr/bin/gcc

Chmod 700 / usr/bin/make

Chmod 700 / bin/rpm

# history security

Chattr + a / root/.bash_history

Chattr + I / root/.bash_history

# write important command md5

Cat > list > / var/log/ `hostname`.log

Done

Rm-f list

Thank you for reading! On "linux server how to achieve security reinforcement shell script" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, you can share it out for more people to see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.