CentOS System Security Settings Shell script
We create common system security configurations as a shell script. You only need to run this shell script on the server to complete the security settings.
The Shell script for Linux system security settings is the second update. It has been widely used in a large media website system and added some security settings that were not previously imagined. Copy it and save it as a shell file, such as security. sh. upload it to the Linux server. Execute sh security. sh to use this script!
#!/bin/sh# desc: setup linux system security# powered by www.lvtao.net#account setuppasswd -l xfspasswd -l newspasswd -l nscdpasswd -l dbuspasswd -l vcsapasswd -l gamespasswd -l nobodypasswd -l avahipasswd -l haldaemonpasswd -l gopherpasswd -l ftppasswd -l mailnullpasswd -l pcappasswd -l mailpasswd -l shutdownpasswd -l haltpasswd -l uucppasswd -l operatorpasswd -l syncpasswd -l admpasswd -l lp# chattr /etc/passwd /etc/shadowchattr +i /etc/passwdchattr +i /etc/shadowchattr +i /etc/groupchattr +i /etc/gshadow# add continue input failure 3 ,passwd unlock time 5 minitesed -i 's#auth required pam_env.so#auth required pam_env.sonauth required pam_tally.so onerr=fail deny=3 unlock_time=300nauth required /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' /etc/pam.d/system-auth# system timeout 5 minite auto logoutecho "TMOUT=300" >>/etc/profile# will system save history command list to 10sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile# enable /etc/profile go!source /etc/profile# add syncookie enable /etc/sysctl.confecho "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.confsysctl -p # exec sysctl.conf enable# optimizer sshd_configsed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_configsed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config# limit chmod important commandschmod 700 /bin/pingchmod 700 /usr/bin/fingerchmod 700 /usr/bin/whochmod 700 /usr/bin/wchmod 700 /usr/bin/locatechmod 700 /usr/bin/whereischmod 700 /sbin/ifconfigchmod 700 /usr/bin/picochmod 700 /bin/vichmod 700 /usr/bin/whichchmod 700 /usr/bin/gccchmod 700 /usr/bin/makechmod 700 /bin/rpm# history securitychattr +a /root/.bash_historychattr +i /root/.bash_history# write important command md5cat > list << "EOF" && /bin/ping /bin/finger /usr/bin/who /usr/bin/w /usr/bin/locate /usr/bin/whereis /sbin/ifconfig /bin/pico /bin/vi /usr/bin/vim /usr/bin/which /usr/bin/gcc /usr/bin/make /bin/rpm EOF for i in `cat list` do if [ ! -x $i ];then echo "$i not found,no md5sum!" else md5sum $i >> /var/log/`hostname`.logfidonerm -f list