linux安全限制
作者 佚名技术
来源 Linux系统
浏览
发布时间 2012-04-06
| ;These username have null code" >> $file awk -F : ''($2 =="") {print $1}'' /etc/shadow >> $file #change system code policy #1 login /etc/login.defs perl -i -pe ''s,99999,90,g'' /etc/login.defs sed -i.bak ''18s/5/8/'' /etc/login.defs echo "PASS_MIN_LEN 8">> /etc/login.defs #2 pam /etc/pam.d/system-auth echo "password required pam_cracklib.so difok=3 minlen=8 dcredit=-1 lcredit=-1 ocredit=-1 maxrepeat=3" >>/etc/pam.d/system-auth echo "password required pam_unix.so use_authtok nullok md5 " >> /etc/pam.d/system-auth sed -i.bak ''13s/password/#password/'' /etc/pam.d/system-auth #perl -i -pe ''s/password requisite pam_cracklib.so try_first_pass retry=3/#password requisite pam_cracklib.so try_first_pass retry=3''/g /etc/pam.d/system-auth #3 ssh /etc/ssh/sshd_config perl -i -pe ''s/#MaxAuthTries 6/MaxAuthTries 5/g'' /etc/ssh/sshd_config #4 telnet /etc/xinetd.d/telnet (chkconfig telnet off 2>&1) > /dev/null #5 ssh /etc/ssh/sshd_config perl -i -pe ''s/#StrictModes/StrictModes/'' /etc/ssh/sshd_config perl -i -pe ''s/#PermitRootLogin yes/PermitRootLogin no/'' /etc/ssh/sshd_config perl -i -pe ''s/#PermitEmptyPasswords/PermitEmptyPasswords/'' /etc/ssh/sshd_config #6 umask /etc/bashrc perl -i -pe ''s/umask 002/umask 077/'' /etc/bashrc perl -i -pe ''s/umask 022/umask 077/'' /etc/bashrc source /etc/bashrc #7 runlevel 3 /etc/inittab perl -i -pe ''s/id:5/id:3/'' /etc/inittab #8 /etc/pam.d/su sed -i.bak ''6s/#auth/auth/'' /etc/pam.d/su #9 securetty /etc/securetty perl -i -pe ''s/^/#/g'' /etc/securetty echo "vc/1" >> /etc/securetty echo "tty1" >> /etc/securetty #10 uid=0 echo "These username''s uid is 0" >> $file awk -F : ''($3==0) {print $1}'' /etc/passwd > $file #11 auto logout /etc/profile.d/ echo "TMOUT=600" >/etc/profile.d/autologout.sh echo "readonly TMOUT">>/etc/profile.d/autologout.sh echo "export TMOUT" >>/etc/profile.d/autologout.sh chmod x /etc/profile.d/autologout.sh #12 ssh ClientAliveInterval perl -i -pe ''s/#ClientAlive/ClientAlive/g'' /etc/ssh/sshd_config sed -i.bak ''106s/0/600/g'' /etc/ssh/sshd_config sed -i.bak ''107s/3/0/g'' /etc/ssh/sshd_config #13 chmod chattr chmod 400 /etc/shadow /etc/gshadow chmod 600 /boot/grub/grub.conf /etc/securetty chattr a /var/log/messages chattr i /var/log/messages chattr i /etc/passwd chattr i /etc/shadow chattr i /etc/gshadow chattr i /etc/group chattr i /etc/services chattr i /etc/securetty (service sshd restart;chkconfig sshd on) > /dev/null 本文出自 “静静的” 博客,谢绝转载! |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于linux安全限制的所有评论
