Centos 安全加固 

#!/bin/bash
L1="\E[0;41m"
R1="\E[0m \n"
backPatch
sshdConfPath=/etc/ssh
sshdConf=sshd_config

cp -pf ${sshdConfPath}/${sshdConf} /etc/ssh/sshd_config.bak
grep -v "^[[:space:]]*#" ${sshdConfPath}/${sshdConf} | egrep "^PermitRootLogin\s*no|^permitRootLogin\s*no"
if [ $? != 0 ];
then
    echo -e "####################"\\n \
    PermitRootLogin no\\n \
    >> ${sshdConfPath}/${sshdConf}
fi

grep  -v "^[[:space:]]*#" ${sshdConfPath}/${sshdConf} | egrep "^protocol\s*2|^Protocol\s*2"
if [ $? != 0 ];
then
    echo -e PermitRootLogin no\\n \
    >> ${sshdConfPath}/${sshdConf}
    systemctl restart sshd
    /etc/init.d/sshd restart
fi

netstat -anolt | awk '{print $4}'| grep ":23$"
if [ $? == 0 ];
then
    echo -e "${L1}"telnet 服务端开启中 !!"${R1}"
fi

chkconfig snmpd
if [ $? == 0 ] || [ -f /etc/snmpd.conf ];
then
    sed -i "s/rocommunity public/rocommunity fscr5.r3EF/g" /etc/snmp/snmpd.conf
    sed -i "s/rwcommunity public/rocommunity fscr5.r3EF/g" /etc/snmp/snmpd.conf
fi

opensslV=$(openssl version | awk '{print $2}')
echo "${opensslV}" | grep "1.0.0|1.0.1f|1.0.1e|1.0.1d|1.0.1c|1.0.1b|1.0.1a|1.0.1|1.0.2-beta|1.0.2-beta1"
if [ $? == 0 ];
then
    echo -e "${L1}"openssl 存在漏洞 !!"${R1}"
fi

authPath="/etc/pam.d/system-auth"
cp -p ${authPath} /etc/pam.d/system-auth.bak
grep "account.*.required.*.pam_tally.so" ${authPath}
if [ $? != 0 ];
then
    grep "account.*.required.*.pam_tally2.so" ${authPath}
    if [ $? != 0 ];
    then
        lineN=0
        lineN=$(sed -n "/account/=" ${authPath} | head -n 1)
        sed -i "${lineN}s/$/\n account    required    pam_tally2.so/g" ${authPath}
    fi
fi

grep "auth required .*. deny=5 .*. unlock_time=180$" ${authPath}
if [ $? != 0 ];
then
    lineN=0
    lineN=$(sed -n "/^auth/=" ${authPath} | head -n 1)
    sed -i "${lineN}s/$/\n auth required pam_tally2.so deny=5 onerr=fail no_magic_root unlock_time=180/g" ${authPath}
fi

loginD="/etc/login.defs"
cp -p ${loginD}  ${loginD}.bak
grep "^PASS_MAX_DAYS.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS   90/g" ${loginD}
else
    echo "PASS_MAX_DAYS   90" >> ${loginD}
fi

grep "^PASS_MIN_DAYS.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MIN_DAYS.*/PASS_MIN_DAYS   10/g" ${loginD}
else
    echo "PASS_MIN_DAYS   10" >> ${loginD}
fi

grep "^PASS_MIN_LEN.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MIN_LEN.*/PASS_MIN_LEN   8/g" ${loginD}
else
    echo "PASS_MIN_LEN   8" >> ${loginD}
fi

grep "^PASS_WARN_AGE.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_WARN_AGE.*/PASS_WARN_AGE   7/g" ${loginD}
else
    echo "PASS_WARN_AGE   7" >> ${loginD}
fi
posted @   炒鸡蛋  阅读(62)  评论(0编辑  收藏  举报
相关博文:
· ceph常用命令
· k8s对接ceph存储(块存储)使用
· CentOS7.X-安全加固
· Centos7.9-升级openssh9.7p1,修复安全漏洞
· Centos7 安全优化脚本
阅读排行:
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)
点击右上角即可分享
微信分享提示