zoukankan      html  css  js  c++  java
  • Centos 7 安全加固命令行

    authconfig --passminlen=8 --update
    authconfig --enablereqdigit --update
    authconfig --enablereqlower --update
    authconfig --enablerequpper --update
    authconfig --enablereqother --update
    
    sed -i  's/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5/' /etc/pam.d/system-auth
    
    sed -i  's/password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=/password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= enforce_for_root/' /etc/pam.d/system-auth
    
    sed -i '/PASS_MAX_DAYS/ s/99999/90/' /etc/login.defs
    
    sed -i '/PASS_MIN_DAYS/ s/0/14/' /etc/login.defs
    
    sed -i '/PASS_WARN_AGE/ s/7/14/' /etc/login.defs
    
    
    echo " Authorized users only! All activity may be monitored and reported! " > /etc/motd
    
    echo " Be sure you are authorized to access this system! " > /etc/issue
    echo " Be sure you are authorized to access this system! " > /etc/issue.net
    
    echo "UseDNS no" >> /etc/ssh/sshd_config
    
    echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config
    
    echo "Protocol 2" >> /etc/ssh/sshd_config
    
    sed -i '/#PermitRootLogin yes/aPermitRootLogin no' /etc/ssh/sshd_config
    
    systemctl restart sshd.service
    
    sed -i  's/umask 022/umask 027/' /etc/profile
    
    echo "export TMOUT=300" >> /etc/profile
    
    
    systemctl stop kdump.service
    systemctl disable kdump.service
    systemctl stop firewalld.service
    systemctl disable firewalld.service
    systemctl disable avahi-daemon
    systemctl disable cups
    systemctl disable nfs
    systemctl disable nfs-server
    systemctl disable rpcbind
    systemctl disable vsftpd
    systemctl disable snmpd
    systemctl disable rsyncd
    systemctl disable dhcpd
    systemctl disable slapd
    systemctl disable named
    systemctl disable httpd
    systemctl disable doveco
    systemctl disable smb
    systemctl disable squid
    systemctl disable ypserv
    systemctl disable rsh.socket
    systemctl disable rlogin.socket
    systemctl disable rexec.socket
    systemctl disable ntalk
    systemctl disable telnet.socket
    systemctl disable tftp.socket
    
    systemctl list-unit-files |egrep "^firewalld|^post|^NetworkManager" |awk '{print $1}'|sed -r 's#(.*)#systemctl disable &#g'|bash
    
    
    sed -i  's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
    
    rm -f /usr/lib/systemd/system/ctrl-alt-del.target
    
    echo 'HISTTIMEFORMAT="<%F %T>: "  ' >> /etc/profile
    echo 'HISTFILESIZE=2000' >> /etc/profile
    echo 'HISTSIZE=2000' >> /etc/profile
    echo '*.err;auth.info        /var/adm/messages' >> /etc/rsyslog.conf
    
    echo '*               soft    nofile            409600' >> /etc/security/limits.conf
    echo '*               hard    nofile            409600' >> /etc/security/limits.conf
    
    sed -i 's/*          soft    nproc     4096/#*          soft    nproc     4096/' /etc/security/limits.d/20-nproc.conf
  • 相关阅读:
    React(七)独立组件间的共享Mixins
    React(六)Props属性
    React(五)State属性
    React(四)组件生命周期
    React(三)JSX内置表达式
    Python(一)缺点
    Vue(二十六)父子组件通信
    React(二)组件
    React(一)使用脚手架创建React项目
    Vue(二十五)打包后路径报错问题
  • 原文地址:https://www.cnblogs.com/liweiming/p/11275951.html
Copyright © 2011-2022 走看看