一级片免费电影,久久精品区,好吊日在线观看

Linux安全設置腳本部分安全

責編：admin ｜2015-02-10 16:09:03

　　#！/bin/bash

　　#1.備份本次腳本需要修改的文件

　　#2.設定密碼策略/etc/login.defs

　　sed -i '/^PASS_MAX_DAYS/c PASS_MAX_DAYS 90' /etc/login.defs

　　sed -i '/^PASS_MIN_DAYS/c PASS_MIN_DAYS 10' /etc/login.defs

　　sed -i '/^PASS_MIN_LEN/c PASS_MIN_LEN 8' /etc/login.defs

　　sed -i '/^PASS_WARN_AGE/c PASS_WARN_AGE 5' /etc/login.defs

　　cat /etc/login.defs|grep -v "^#"|grep -v "^$">>result.txt

　　Linux安全設置腳本部分安全

　　#3.修改內核設置：|grep -v "^#"|grep -v "^$"

　　echo "net.ipv4.tcp_max_syn_backlog = 4096" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.all.rp_filter = 1" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.all.accept_source_route = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.all.accept_redirects = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.all.secure_redirects = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.default.rp_filter = 1" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.default.accept_source_route = 1" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.default.accept_redirects = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.default.secure_redirects = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.all.send_redirects = 0" >>/etc/sysctl.conf

　　echo "net.ipv4.conf.default.send_redirects = 0" >>/etc/sysctl.conf

　　cat /etc/sysctl.conf|grep -v "^#"|grep -v "^$">>result.txt

　　#4.遠程登錄安全設置sshdconfig

　　sed -i '/^#PermitRootLogin/c PermitRootLogin no' /etc/ssh/sshd_config

　　sed -i '/^#MaxAuthTries 6/c MaxAuthTries 6' /etc/ssh/sshd_config

　　sed -i "/^#UseDNS yes/c UseDNS no" /etc/ssh/sshd_config

　　sed -i '/^#ClientAliveCountMax 3/c ClientAliveCountMax 3' /etc/ssh/sshd_config

　　#5.增加登錄超時設置

　　echo "TMOUT=300" >>/etc/profile

　　#6.鎖定不需要的用戶

　　passwd -l ftp

　　passwd -l nobody

　　#7.修改重要文件的權限

　　chown root：root /etc/sysctl.conf

　　chmod 0600 /etc/sysctl.conf

　　sed -i '/^#required pam_wheel.so use.uid/c required pam_wheel.so use.uid' /etc/pam.d/su

　　#8.