Copy Code code as follows:
#!/bin/sh
# Desc:setup Linux system security
# AUTHOR:CORALZD
# Powered by www.freebsdsystem.org
# version 0.1.2 written by 2011.05.03
#account Setup
Passwd-l XFS
Passwd-l News
Passwd-l NSCD
Passwd-l Dbus
Passwd-l VCSA
Passwd-l Games
Passwd-l Nobody
Passwd-l Avahi
Passwd-l Haldaemon
Passwd-l Gopher
Passwd-l FTP
Passwd-l Mailnull
Passwd-l Pcap
Passwd-l Mail
Passwd-l shutdown
Passwd-l Halt
Passwd-l UUCP
Passwd-l operator
Passwd-l Sync
Passwd-l Adm.
PASSWD-L LP
# Chattr/etc/passwd/etc/shadow
Chattr +i/etc/passwd
Chattr +i/etc/shadow
Chattr +i/etc/group
Chattr +i/etc/gshadow
# Add continue input failure 3, passwd unlock time 5 minite
Sed-i ' S#auth required Pam_env.so#auth required Pam_env.so\nauth required PAM_TALLY.S o onerr=fail deny=3 unlock_time=300\nauth required/lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock _time=300# '/etc/pam.d/system-auth
# system Timeout 5 Minite Auto Logout
echo "tmout=300" >>/etc/profile
# would system save History command list to 10
Sed-i "s/histsize=1000/histsize=10/"/etc/profile
# Enable/etc/profile Go!
Source/etc/profile
# Add Syncookie enable/etc/sysctl.conf
echo "Net.ipv4.tcp_syncookies=1" >>/etc/sysctl.conf
SYSCTL-P # exec sysctl.conf Enable
# Optimizer Sshd_config
Sed-i "s/#MaxAuthTries 6/maxauthtries 6/"/etc/ssh/sshd_config
Sed-i "s/#UseDNS yes/usedns no/"/etc/ssh/sshd_config
# Limit chmod Important commands
chmod 700/bin/ping
chmod 700/usr/bin/finger
chmod 700/usr/bin/who
chmod 700/usr/bin/w
chmod 700/usr/bin/locate
chmod 700/usr/bin/whereis
chmod 700/sbin/ifconfig
chmod 700/usr/bin/pico
chmod 700/bin/vi
chmod 700/usr/bin/which
chmod 700/USR/BIN/GCC
chmod 700/usr/bin/make
chmod 700/bin/rpm
# History Security
Chattr +a/root/.bash_history
Chattr +i/root/.bash_history
# Write IMPORTANT command MD5
Cat > List << "EOF" &&
/bin/ping
/bin/finger
/usr/bin/who
/usr/bin/w
/usr/bin/locate
/usr/bin/whereis
/sbin/ifconfig
/bin/pico
/bin/vi
/usr/bin/vim
/usr/bin/which
/usr/bin/gcc
/usr/bin/make
/bin/rpm
Eof
For i in ' Cat list '
Todo
if [!-X $i];then
echo "$i not Found,no md5sum!"
Else
md5sum $i >>/var/log/' hostname '. log
Fi
Done
Rm-f List