We will use the common system security configuration as a shell script, only to run this shell script on the server to complete the security settings.
Linux system security Settings Shell script is the second update, has been heavily used in a large media web site system, adding some of the previously not thought of some security settings. Use the method to copy it, save it as a shell file, such as security.sh. Upload it to a Linux server, execute SH security.sh, you can use the script!
Copy Code code as follows:
#!/bin/sh
# Desc:setup Linux system security
#account Setup
Passwd-l XFS
Passwd-l News
Passwd-l NSCD
Passwd-l Dbus
Passwd-l VCSA
Passwd-l Games
Passwd-l Nobody
Passwd-l Avahi
Passwd-l Haldaemon
Passwd-l Gopher
Passwd-l FTP
Passwd-l Mailnull
Passwd-l Pcap
Passwd-l Mail
Passwd-l shutdown
Passwd-l Halt
Passwd-l UUCP
Passwd-l operator
Passwd-l Sync
Passwd-l Adm.
PASSWD-L LP
# Chattr/etc/passwd/etc/shadow
Chattr +i/etc/passwd
Chattr +i/etc/shadow
Chattr +i/etc/group
Chattr +i/etc/gshadow
# Add continue input failure 3, passwd unlock time 5 minite
Sed-i ' S#auth required Pam_env.so#auth required Pam_env.sonauth required pam_tally.so onerr=fail deny=3 unlock_time=300n Auth required/lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300# '/etc/pam.d/system-auth
# system Timeout 5 Minite Auto Logout
echo "tmout=300" >>/etc/profile
# would system save History command list to 10
Sed-i "s/histsize=1000/histsize=10/"/etc/profile
# Enable/etc/profile Go!
Source/etc/profile
# Add Syncookie enable/etc/sysctl.conf
echo "Net.ipv4.tcp_syncookies=1" >>/etc/sysctl.conf
SYSCTL-P # exec sysctl.conf Enable
# Optimizer Sshd_config
Sed-i "s/#MaxAuthTries 6/maxauthtries 6/"/etc/ssh/sshd_config
Sed-i "s/#UseDNS yes/usedns no/"/etc/ssh/sshd_config
# Limit chmod Important commands
chmod 700/bin/ping
chmod 700/usr/bin/finger
chmod 700/usr/bin/who
chmod 700/usr/bin/w
chmod 700/usr/bin/locate
chmod 700/usr/bin/whereis
chmod 700/sbin/ifconfig
chmod 700/usr/bin/pico
chmod 700/bin/vi
chmod 700/usr/bin/which
chmod 700/USR/BIN/GCC
chmod 700/usr/bin/make
chmod 700/bin/rpm
# History Security
Chattr +a/root/.bash_history
Chattr +i/root/.bash_history
# Write IMPORTANT command MD5
Cat > List << "EOF" &&/bin/ping/bin/finger/usr/bin/who/usr/bin/w/USR/BIN/LOCATE/USR/BIN/WHEREIS/SB in/ifconfig/bin/pico/bin/vi/usr/bin/vim/usr/bin/which/usr/bin/gcc/usr/bin/make/bin/rpm EOF for I in ' cat list ' do I f [!-X $i];then echo "$i not found,no md5sum!" Else md5sum $i >>/var/log/' hostname '. log
Fi
Done
Rm-f List