Linux System Security shell Version 2

Source: Internet
Author: User

This script is the second update. It has been widely used in a large media website system and added some security settings that were not previously imagined. Copy it and save it as a shell file, such as security. sh. upload it to the linux server. Execute sh security. sh to use this script!

 

 
 
  1. #!/bin/sh 
  2. # desc: setup linux system security 
  3. # author:coralzd 
  4. # powered by www.freebsdsystem.org 
  5. # version 0.1.2 written by 2011.05.03 
  6. #account setup 
  7.  
  8. passwd -l xfs 
  9. passwd -l news 
  10. passwd -l nscd 
  11. passwd -l dbus 
  12. passwd -l vcsa 
  13. passwd -l games 
  14. passwd -l nobody 
  15. passwd -l avahi 
  16. passwd -l haldaemon 
  17. passwd -l gopher 
  18. passwd -l ftp 
  19. passwd -l mailnull 
  20. passwd -l pcap 
  21. passwd -l mail 
  22. passwd -l shutdown 
  23. passwd -l halt 
  24. passwd -l uucp 
  25. passwd -l operator 
  26. passwd -l sync 
  27. passwd -l adm 
  28. passwd -l lp 
  29.  
  30. # chattr /etc/passwd /etc/shadow 
  31. chattr +i /etc/passwd 
  32. chattr +i /etc/shadow 
  33. chattr +i /etc/group 
  34. chattr +i /etc/gshadow 
  35. # add continue input failure 3 ,passwd unlock time 5 minite 
  36. sed -i 's#auth        required      pam_env.so#auth        required      pam_env.so\nauth       required       pam_tally.so  onerr=fail deny=3 unlock_time=300\nauth           required     /lib/security/$ISA/pam_tally.so onerr=fail deny=3 unlock_time=300#' /etc/pam.d/system-auth 
  37. # system timeout 5 minite auto logout 
  38. echo "TMOUT=300" >>/etc/profile 
  39.  
  40. # will system save history command list to 10 
  41. sed -i "s/HISTSIZE=1000/HISTSIZE=10/" /etc/profile 
  42.  
  43. # enable /etc/profile go! 
  44. source /etc/profile 
  45.  
  46. # add syncookie enable /etc/sysctl.conf 
  47. echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf 
  48.  
  49. sysctl -p # exec sysctl.conf enable 
  50. # optimizer sshd_config 
  51.  
  52. sed -i "s/#MaxAuthTries 6/MaxAuthTries 6/" /etc/ssh/sshd_config 
  53. sed -i  "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config 
  54.  
  55. # limit chmod important commands 
  56. chmod 700 /bin/ping 
  57. chmod 700 /usr/bin/finger 
  58. chmod 700 /usr/bin/who 
  59. chmod 700 /usr/bin/w 
  60. chmod 700 /usr/bin/locate 
  61. chmod 700 /usr/bin/whereis 
  62. chmod 700 /sbin/ifconfig 
  63. chmod 700 /usr/bin/pico 
  64. chmod 700 /bin/vi 
  65. chmod 700 /usr/bin/which 
  66. chmod 700 /usr/bin/gcc 
  67. chmod 700 /usr/bin/make 
  68. chmod 700 /bin/rpm 
  69.  
  70. # history security 
  71.  
  72. chattr +a /root/.bash_history 
  73. chattr +i /root/.bash_history 
  74.  
  75. # write important command md5 
  76. cat > list << "EOF" && 
  77. /bin/ping 
  78. /bin/finger 
  79. /usr/bin/who 
  80. /usr/bin/w 
  81. /usr/bin/locate 
  82. /usr/bin/whereis 
  83. /sbin/ifconfig 
  84. /bin/pico 
  85. /bin/vi 
  86. /usr/bin/vim 
  87. /usr/bin/which 
  88. /usr/bin/gcc 
  89. /usr/bin/make 
  90. /bin/rpm 
  91. EOF 
  92.  
  93. for i in `cat list` 
  94. do 
  95.    if [ ! -x $i ];then 
  96.    echo "$i not found,no md5sum!" 
  97.   else 
  98.    md5sum $i >> /var/log/`hostname`.log 
  99.   fi 
  100. done 
  101. rm -f list 

 

This article from the "Cui Xiaohui blog" blog, please be sure to keep this source http://coralzd.blog.51cto.com/90341/564887

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.