Linux Basic Security Configuration Setting script

Easy to set basic linux Security Settings

 
# Vi autosafe. sh
 
#! /Bin/bash
######################################## #################################
#
# File: autosafe. sh
# Description:
# Language: GNU Bourne-Again SHell
# Version: 1.1
# Date: 2010-6-23
# Corp.: c1gstudio.com
# Author: c1g
# WWW: http://blog.c1gstudio.com
### END INIT INFO
######################################## #######################################
 
V_DELUSER = "adm lp sync shutdown halt mail news uucp operator games gopher ftp"
V_DELGROUP = "adm lp mail news uucp games gopher mailnull floppy dip pppusers popusers slipusers daemon"
V_PASSMINLEN = 8
V_HISTSIZE = 30
V_TMOUT = 300
V_GROUPNAME = suadmin
V_SERVICE = "acpid anacron apmd atd auditd autofs secure-daemon secure-secure bluetooth cpuspeed cups dhcpd firstboot gpm secure hidd secure ipsec isdn Protocol lpd mcstrans secure netfs nfs nfslock nscd pcscd portmap too many connections rpcidmapd rstatd sendmail setroubleshoot snmpd sysstat xfs xinetd yppasswdd ypserv yum-updatesd"
V_TTY = "3 | 4 | 5 | 6"
V_SUID = (
'/Usr/bin/chage'
'/Usr/bin/gpasswd'
'/Usr/bin/wall'
'/Usr/bin/chfn'
'/Usr/bin/chsh'
'/Usr/bin/newgrp'
'/Usr/bin/write'
'/Usr/sbin/usernetctl'
'/Bin/traceroute'
'/Bin/mount'
'/Bin/umount'
'/Sbin/netreport'
)
Version = 1.0
 
 
# We need root to run
If test "'id-U'"-ne 0
Then
Echo "You need to start as root! "
Exit
Fi
 
Case $1 in
"Deluser ")
Echo "delete user ..."
For I in $ V_DELUSER; do
Echo "deleting $ I ";
Userdel $ I;
Done
;;
 
"Delgroup ")
Echo "delete group ..."
For I in $ V_DELGROUP; do
Echo "deleting $ I ";
Groupdel $ I;
Done
;;
 
"Password ")
Echo "change password limit ..."
Echo "/etc/login. defs"
Echo "PASS_MIN_LEN $ V_PASSMINLEN"
Sed-I "/^ PASS_MIN_LEN/s/5/$ V_PASSMINLEN/"/etc/login. defs
;;
 
"History ")
Echo "change history limit ..."
Echo "/etc/profile"
Echo "HISTSIZE $ V_HISTSIZE"
Sed-I "/^ HISTSIZE/s/1000/$ V_HISTSIZE/"/etc/profile
;;
 
"Logintimeout ")
Echo "change login timeout ..."
Echo "/etc/profile"
Echo "TMOUT = $ V_TMOUT"
Sed-I "/^ HISTSIZE/a \ TMOUT = $ V_TMOUT"/etc/profile
;;
 
"Bashhistory ")
Echo "denied bashhistory ..."
Echo "/etc/skel/. bash_logout"
Echo 'rm-f $ HOME/. bash_history'
If egrep "bash_history"/etc/skel/. bash_logout>/dev/null
Then
Echo 'Warning: existed'
Else
Echo 'rm-f $ HOME/. bash_history '>/etc/skel/. bash_logout
Fi
 
;;
"Addgroup ")
Echo "groupadd $ V_GROUPNAME ..."
Groupadd $ V_GROUPNAME
;;
 
"Sugroup ")
Echo "permit $ V_GROUPNAME use su ..."
Echo "/etc/pam. d/su"
Echo "auth sufficient/lib/security/pam_rootok.so debug"
Echo "auth required/lib/security/pam_wheel.so group = $ V_GROUPNAME"
If egrep "auth sufficient/lib/security/pam_rootok.so debug"/etc/pam. d/su>/dev/null
Then
Echo 'Warning: existed'
Else
Echo 'auth sufficient/lib/security/pam_rootok.so debug'>/etc/pam. d/su
Echo "auth required/lib/security/pam_wheel.so group =$ {V_GROUPNAME}">/etc/pam. d/su
Fi
;;
 
"Denyrootssh ")
Echo "denied root login ..."
Echo "/etc/ssh/sshd_config"
Echo "PermitRootLogin no"
Sed-I '/^ # PermitRootLogin/s/# PermitRootLogin yes/PermitRootLogin no/'/etc/ssh/sshd_config
;;
 
"Stopservice ")
Echo "stop services ..."
For I in $ V_SERVICE; do
Service $ I stop;
Done
;;
 
"Closeservice ")
Echo "close services autostart ..."
For I in $ V_SERVICE; do
Chkconfig $ I off;
Done
;;
 
"Tty ")
Echo "close tty ..."
Echo "/etc/inittab"
Echo "#3: 2345: respawn:/sbin/mingetty tty3"
Echo "#4: 2345: respawn:/sbin/mingetty tty4"
Echo "#5: 2345: respawn:/sbin/mingetty tty5"
Echo "#6: 2345: respawn:/sbin/mingetty tty6"
Sed-I '/^ [$ V_TTY]: 2345/s/^/#/'/etc/inittab
;;
 
"Ctrlaltdel ")
Echo "close ctrl + alt + del ..."
Echo "/etc/inittab"
Echo "# ca: ctrlaltdel:/sbin/shutdown-t3-r now"
Sed-I '/^ ca:/s/^/#/'/etc/inittab
;;
 
"Lockfile ")
Echo "lock user & services ..."
Echo "chattr + I/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/services"
Chattr + I/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/services
;;
 
"Unlockfile ")
Echo "unlock user & services ..."
Echo "chattr-I/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/services"
Chattr-I/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/services
;;
 
"Chmodinit ")
Echo "init script only for root ..."
Echo "chmod-R 700/etc/init. d /*"
Echo "chmod 600/etc/grub. conf"
Echo "chattr + I/etc/grub. conf"
Chmod-R 700/etc/init. d /*
Chmod 600/etc/grub. conf
Chattr + I/etc/grub. conf
;;
 
"Chmodcommand ")
Echo "remove SUID ..."
Echo "/usr/bin/chage/usr/bin/gpasswd ..."
For I in $ {V_SUID [@]};
Do
Chmod a-s $ I
Done
;;
 
"Version ")
Echo "Version: Autosafe for Linux $ version"
;;
 
*)
Echo "Usage: $0 <action>"
Echo ""
Echo "deluser delete user"
Echo "delgroup delete group"
Echo "password change password limit"
Echo "history change history limit"
Echo "logintimeout change login timeout"
Echo "bashhistory denied bashhistory"
Echo "addgroup groupadd $ V_GROUPNAME"
Echo "sugroup permit $ V_GROUPNAME use su"
Echo "denyrootssh denied root login"
Echo "stopservice stop services"
Echo "closeservice close services"
Echo "tty close tty"
Echo "ctrlaltdel close ctrl + alt + del"
Echo "lockfile lock user & services"
Echo "unlockfile unlock user & services"
Echo "chmodinit init script only for root"
Echo "chmodcommand remove SUID"
Echo "version"
Echo ""
 
;;
Esac
Set permissions
 
Chmod u + x./autosafe. sh
Run scripts
 
./Autosafe. sh deluser
./Autosafe. sh delgroup
.....