Check whether the NTP service is configured:
Backup cp/etc/ntp.conf/etc/ntp.conf.bal1105
Edit vi/etc/ntp.conf
Insert Restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
To start the NTPD service:
Service NTPD Start
Check if password policy settings meet complexity requirements
Cp-p/etc/pam.d/system-auth/etc/pam.d/system-auth_bak
Vi/etc/pam.d/system-auth
Password complexity can be achieved using the Pam Pam_cracklib module or PAM_PASSWDQC module, which cannot be used simultaneously
Password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minclass=2 minlen=8
Password sufficient pam_unix.so MD5 shadow Nullok try_first_pass Use_authtok
Check login prompt-whether to set warning after successful login banner
Modify the contents of the file/etc/motd, or create it without the file.
#echo "Authorized users only. All activity monitored and reported ">/ETC/MOTD
Check Password lock policy
To perform a backup:
#cp-P/etc/pam.d/system-auth/etc/pam.d/system-auth_bak
To modify policy settings:
#vi/etc/pam.d/system-auth
Add auth required pam_tally2.so deny=6 onerr=fail no_magic_root unlock_time=120
To the second row.
The server needs to be restarted for the configuration to take effect.
Check host access control (IP limit)
To perform a backup:
#cp-P/etc/hosts.allow/etc/hosts.allow_bak
#cp-P/etc/hosts.deny/etc/hosts.deny_bak
Vim/etc/hosts.allow #插入all:*. *.*.*:allow
Vim/etc/hosts.deny #插入sshd: 555.555.555.555:deny
Check Password lifecycle requirements
Cp-p/etc/login.defs/etc/login.defs_bak
To modify policy settings:
#vi/etc/login.defs
Modify the value of Pass_min_len to 5, modify the value of Pass_max_days to 90, modify the value of Pass_min_days/pass_warn_age as required, save exit
The configuration completion results are as follows: #
Pass_max_days 90
Pass_min_days 0
Pass_min_len 5
Pass_warn_age 7
Check whether anonymous FTP is disabled
Modify/etc/vsftpd/vsftpd.conf
To add a row to the configuration file:
Anonymous_enable=no
Restart VSFTPD Services Service vsftpd restart
Check FTP configuration-Limit the directories that FTP users can access after they log on
Modify/etc/vsftpd/vsftpd.conf
Make sure the following line is not commented out, and if there is no line, add:
Chroot_local_user=yes
Restart VSFTPD Service vsftpd restart Restart Network Service
#/etc/init.d/xinetd Restart
Check whether remote log save is configured
Backup Cp-p/etc/rsyslog.conf/etc/rsyslog.conf_bak Edit vim/etc/rsyslog.conf
Insert *. * (TAB) @192.168.0.1
Restart/etc/init.d/rsyslog stop/etc/init.d/rsyslog Start
This article is from the "httpblog.mvp-610163.com" blog, make sure to keep this source http://341103.blog.51cto.com/331103/1834811