Python Initialization server script

Source: Internet
Author: User
Tags inotify ssh port

Note: in order to facilitate the initial installation of the server to do basic security hardening, specially written this script

Features: 1. Specify DNS, hostname, SSH login username, password, ssh port, disable root remote

2. Allow SSH login IP, if there are multiple please add a comma in the middle

3. Close the selinux,iptables and let go of the SSH port

4. Install Fail2ban to prevent brute force password

5. History command Add display time

6. Time synchronization and logging only warning above messages

Note: the server will have a base package group installed

use:vim a file, paste the code below to save the exit, and then the Python file name is called

Restart the server when you are finished running

Tip: This script only implements the above basic functions, not optimized

#/usr/bin/env python  # -*- coding: utf-8 -*-import sys import  osnetfile= '/etc/sysconfig/network-scripts/ifcfg-eth0 ' #ip =raw_input ("Please enter IP address:") #mask =raw_input ("Subnet Mask:") # Gateway=raw_input ("Gateway:") dns=raw_input ("DNS address:") host=raw_input ("Host name:") sshuser=raw_input (' SSH user name: ') Sshpasswd=raw _input (' SSH user password: ') sshport=raw_input (' SSH port: ') sshallow=raw_input (' Allow SSH to log in IP: ') def shell (cmd):     os.system (cmd)  def file (Lu,rw,neirong):     f=open (LU,RW)      f.write (Neirong)     f.close () Def fail2ban ():     Os.system (' rm -rf /etc/yum.repos.d/* ')     os.system (' wget -P /etc/ Yum.repos.d/ http://mirrors.163.com/.help/centos6-base-163.repo ')     os.system (' wget  ftp://rpmfind.net/linux/centos/6.6/os/x86_64/packages/gamin-python-0.1.10-9.el6.x86_64.rpm ')      os.system (' WGet ftp://rpmfind.net/linux/epel/6/x86_64/python-inotify-0.9.1-1.el6.noarch.rpm && wget  ftp://rpmfind.net/linux/epel/6/x86_64/fail2ban-0.8.14-1.el6.noarch.rpm ')      Os.system (' rpm -ivh gamin-python-0.1.10-9.el6.x86_64.rpm ')     os.system (' rpm  -ivh python-inotify-0.9.1-1.el6.noarch.rpm ')     os.system (' rpm -ivh  fail2ban-0.8.14-1.el6.noarch.rpm ')     os.system (' sed -i s/' bantime  =  600 "/" bantime  = 1800 "/ /etc/fail2ban/jail.conf ')     os.system (' Sed -i s/port=ssh/port=%s/ /etc/fail2ban/jail.conf '  %sshport)      Os.system (' sed -i s/' maxretry = 5 "/" maxretry = 3 "/ /etc/fail2ban/jail.conf ' )     os.system (' Chkconfig fail2ban on && service fail2ban  start ')   &nbsP; shell (' sed -i s/onboot=no/onboot=yes/ %s '  % netfile) #file (Netfile, ' a ', ' \ nipaddr=%s\nnetmask=%s\ndns1=%s\ngateway=%s '  %  (ip,mask,dns,gateway)) file (Netfile, ' a ', ' \ndns1=%s '  % dns) Shell (' Service network restart ') file ('/etc/sysconfig/network ', ' w ', ' networking=yes\ nhostname=%s '  % host) shell (' Sed -i s/selinux=enforcing/selinux=disabled/ /etc/selinux /config ') shell (' useradd %s && echo %s|passwd --stdin %s '  % (Sshuser, Sshpasswd,sshuser)) Shell (' Setfacl -m u:%s:r /var/log/btmp && setfacl -m  u:%s:r /var/log/messages '  % (sshuser,sshuser)) file ('/etc/ssh/sshd_config ', ' a ', ' \nPort %s\ Npermitrootlogin no\nusedns no '  %sshport) shell (' sed -i s/'--dport 22 "/"--dport  %s "/ /etc/sysconfig/iptables '  %sshport) file ('/etc/hosts.allow ', ' a ', ' \nsshd:%s '  %sshallow) File ('/etc/hosts.deny ',' A ', ' \nsshd:all ') Fail2ban () shell (' echo  ' 10 5 * * * /usr/sbin/ntpdate  202.112.10.60 ">/var/spool/cron/root ') shell (' sed -i s/*.info/*.warning/ /etc/rsyslog.conf ') File ('/ETC/BASHRC ', ' a ', ' \nexport histfilesize=1000000000\nexport histsize=1000000\nexport  Prompt_command= "History -a" \nexport histtimeformat= "%y-%m-%d  %h:%m:%s  " ')


Python Initialization server script

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.