zoukankan      html  css  js  c++  java
  • Centos 7 安全加固命令行

    authconfig --passminlen=8 --update
    authconfig --enablereqdigit --update
    authconfig --enablereqlower --update
    authconfig --enablerequpper --update
    authconfig --enablereqother --update
    
    sed -i  's/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5/' /etc/pam.d/system-auth
    
    sed -i  's/password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=/password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= enforce_for_root/' /etc/pam.d/system-auth
    
    sed -i '/PASS_MAX_DAYS/ s/99999/90/' /etc/login.defs
    
    sed -i '/PASS_MIN_DAYS/ s/0/14/' /etc/login.defs
    
    sed -i '/PASS_WARN_AGE/ s/7/14/' /etc/login.defs
    
    
    echo " Authorized users only! All activity may be monitored and reported! " > /etc/motd
    
    echo " Be sure you are authorized to access this system! " > /etc/issue
    echo " Be sure you are authorized to access this system! " > /etc/issue.net
    
    echo "UseDNS no" >> /etc/ssh/sshd_config
    
    echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config
    
    echo "Protocol 2" >> /etc/ssh/sshd_config
    
    sed -i '/#PermitRootLogin yes/aPermitRootLogin no' /etc/ssh/sshd_config
    
    systemctl restart sshd.service
    
    sed -i  's/umask 022/umask 027/' /etc/profile
    
    echo "export TMOUT=300" >> /etc/profile
    
    
    systemctl stop kdump.service
    systemctl disable kdump.service
    systemctl stop firewalld.service
    systemctl disable firewalld.service
    systemctl disable avahi-daemon
    systemctl disable cups
    systemctl disable nfs
    systemctl disable nfs-server
    systemctl disable rpcbind
    systemctl disable vsftpd
    systemctl disable snmpd
    systemctl disable rsyncd
    systemctl disable dhcpd
    systemctl disable slapd
    systemctl disable named
    systemctl disable httpd
    systemctl disable doveco
    systemctl disable smb
    systemctl disable squid
    systemctl disable ypserv
    systemctl disable rsh.socket
    systemctl disable rlogin.socket
    systemctl disable rexec.socket
    systemctl disable ntalk
    systemctl disable telnet.socket
    systemctl disable tftp.socket
    
    systemctl list-unit-files |egrep "^firewalld|^post|^NetworkManager" |awk '{print $1}'|sed -r 's#(.*)#systemctl disable &#g'|bash
    
    
    sed -i  's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
    
    rm -f /usr/lib/systemd/system/ctrl-alt-del.target
    
    echo 'HISTTIMEFORMAT="<%F %T>: "  ' >> /etc/profile
    echo 'HISTFILESIZE=2000' >> /etc/profile
    echo 'HISTSIZE=2000' >> /etc/profile
    echo '*.err;auth.info        /var/adm/messages' >> /etc/rsyslog.conf
    
    echo '*               soft    nofile            409600' >> /etc/security/limits.conf
    echo '*               hard    nofile            409600' >> /etc/security/limits.conf
    
    sed -i 's/*          soft    nproc     4096/#*          soft    nproc     4096/' /etc/security/limits.d/20-nproc.conf
  • 相关阅读:
    codeforce1029B B. Creating the Contest(简单dp,简单版单调栈)
    spfa算法
    spfa算法
    HDU King (非连通图的差分约束,经典好题)
    HDU King (非连通图的差分约束,经典好题)
    差分约束系统相关证明(存在负环则无解证明)
    Java API 读取HDFS的单文件
    採用邻接矩阵创建图
    旧金山攻略
    一个jeecg整合activiti的学习样例,源代码下载
  • 原文地址:https://www.cnblogs.com/liweiming/p/11275951.html
Copyright © 2011-2022 走看看