Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the example analysis of the Linux security reinforcement script, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

# Security hardening script #! / bin/bash # version1.0;write at 2017-03-29 security reinforcement by Ringoo; # 1. Change the root administrator name to Ringoouseradd-u 0-g 0-o ringoouseradd pso # 2. Modify the default password policy # backup file cp / etc/login.defs / etc/login.defs.baksed-I'/ etc/login.defs # 3. Set 3 incorrectly typed passwords to lock user # backup file cp / etc/pam.d/system-auth / etc/pam.d/system-auth.baksed-e'5 I\ auth required / lib64/security/pam_tally2.so deny=3 unlock_time=300'-I / etc/pam.d/system-auth# password complexity set sed-e "14 I\ password requisite pam_cracklib.so minlen=10 difok=3 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=- 1 try_first_pass retry=3 "- I / etc/pam.d/system-authsed-e '15d'-I / etc/pam.d/system-auth # modify / etc/profile# backup file cp / etc/profile / etc/profile.baksed-e's to HISTSIZE 1000 and HISTSIZE1000 to HISTSIZE1000-I / etc/profilesed-I" / HISTSIZE=3000/a HISTTIMEFORMAT=\ "% F% T\" / etc/profilesed-I "/ HISTSIZE=3000/a TMOUT=1800" / etc/profilesed-I "$a \ export HISTORY_FILE=/var/log/useraudit.log "/ etc/profilesed-I" $a\ export PROMPT_COMMAND=\'{h =\ `history 1\ ` W =\ `who am i\ `; echo-e\ $(date\ "+% Y-%m-%d% H:%M:%S\")--\ $w--\ $h } > >\ $HISTORY_FILE\'"/ etc/profile / bin/touch / var/log/useraudit.log/bin/chmod 777 / var/log/useraudit.log/usr/bin/chattr + a / var/log/useraudit.log # modify sshd configuration # backup file cp / etc/ssh/sshd_config / etc/ssh/sshd_config.baksed-e's /\ # PermitRootLogin yes/PermitRootLogin no/'-I / etc/ssh/sshd_configsed-e's /\ # Port 22 / Port 2222Universe'- I / etc/ssh/sshd_configsed-e's /\ # UseDNS yes/UseDNS no/'-I / etc/ssh/sshd_configsed-e 's/X11Forwarding yes/X11Forwarding no/'-I / etc/ssh/sshd_configsed-e 's/GSSAPIAuthentication yes/\ # GSSAPIAuthentication yes/'-I / etc/ssh/sshd_configsed-e 's/GSSAPICleanupCredentials yes/\ # GSSAPICleanupCredentials yes/'-I / etc/ssh/sshd_config#/etc/init.d / sshd restart # disable unwanted services / sbin/chkconfig ip6tables off/sbin/chkconfig iptables off/sbin/chkconfig avahi-daemon off/sbin/chkconfig avahi-dnsconfd off # database server here configure # backup file # cp / etc/pam.d/login / etc/pam.d/login.bak#cp / etc/security/limits.conf / etc/security/limits.conf.bak#sed-I "$a\ session required / lib64/security/pam_ as appropriate Limits.so "/ etc/pam.d/login#sed-I" $a\ * soft nofile 65535 "/ etc/security/limits.conf#sed-I" $a\ * hard nofile 65535 "/ etc/security/limits.conf echo" please restart the server for the settings to take effect After reading the above content, press enter exit "read pauseexit 1 Do you have any further understanding of the sample analysis of the Linux security hardening script? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.