Centos7的安全防范

1。历史命令

# 当前用户不记录历史命令

echo "HISTSIZE=0" >>  ~/.bash_profile

# 情况记录的历史命令

> ~/.bash_history

# 推出重新打开测试

 2。防火墙关闭

systemctl stop firewalld.service＃停止防火墙

systemctl disable firewalld.service＃禁止firewall开机启动

 3.sudo 免密码

echo 'password'|passwd --stdin root

useradd username

echo 'password'|passwd --stdin username

\cp /etc/sudoers /etc/sudoers.ori-$(date +%m%d)

echo 'username  ALL=(ALL) NOPASSWD: ALL,!/usr/bin/passwd,/usr/bin/passwd[a-zA-Z]*,!/usr/bin/passwd root' >>/etc/sudoers

tail -1 /etc/sudoers

visudo -c

mv /usr/bin/sudo  /usr/bin/bcbsudo

sed -i  's#4096#40960#g' /etc/security/limits.d/20-nproc.conf

sed -i "s#\#PermitRootLogin\ yes#PermitRootLogin\ no#g"  /etc/ssh/sshd_config

systemctl  restart sshd.service