Note: in order to facilitate the initial installation of the server to do basic security hardening, specially written this script
Features: 1. Specify DNS, hostname, SSH login username, password, ssh port, disable root remote
2. Allow SSH login IP, if there are multiple please add a comma in the middle
3. Close the selinux,iptables and let go of the SSH port
4. Install Fail2ban to prevent brute force password
5. History command Add display time
6. Time synchronization and logging only warning above messages
Note: the server will have a base package group installed
use:vim a file, paste the code below to save the exit, and then the Python file name is called
Restart the server when you are finished running
Tip: This script only implements the above basic functions, not optimized
#/usr/bin/env python # -*- coding: utf-8 -*-import sys import osnetfile= '/etc/sysconfig/network-scripts/ifcfg-eth0 ' #ip =raw_input ("Please enter IP address:") #mask =raw_input ("Subnet Mask:") # Gateway=raw_input ("Gateway:") dns=raw_input ("DNS address:") host=raw_input ("Host name:") sshuser=raw_input (' SSH user name: ') Sshpasswd=raw _input (' SSH user password: ') sshport=raw_input (' SSH port: ') sshallow=raw_input (' Allow SSH to log in IP: ') def shell (cmd): os.system (cmd) def file (Lu,rw,neirong): f=open (LU,RW) f.write (Neirong) f.close () Def fail2ban (): Os.system (' rm -rf /etc/yum.repos.d/* ') os.system (' wget -P /etc/ Yum.repos.d/ http://mirrors.163.com/.help/centos6-base-163.repo ') os.system (' wget ftp://rpmfind.net/linux/centos/6.6/os/x86_64/packages/gamin-python-0.1.10-9.el6.x86_64.rpm ') os.system (' WGet ftp://rpmfind.net/linux/epel/6/x86_64/python-inotify-0.9.1-1.el6.noarch.rpm && wget ftp://rpmfind.net/linux/epel/6/x86_64/fail2ban-0.8.14-1.el6.noarch.rpm ') Os.system (' rpm -ivh gamin-python-0.1.10-9.el6.x86_64.rpm ') os.system (' rpm -ivh python-inotify-0.9.1-1.el6.noarch.rpm ') os.system (' rpm -ivh fail2ban-0.8.14-1.el6.noarch.rpm ') os.system (' sed -i s/' bantime = 600 "/" bantime = 1800 "/ /etc/fail2ban/jail.conf ') os.system (' Sed -i s/port=ssh/port=%s/ /etc/fail2ban/jail.conf ' %sshport) Os.system (' sed -i s/' maxretry = 5 "/" maxretry = 3 "/ /etc/fail2ban/jail.conf ' ) os.system (' Chkconfig fail2ban on && service fail2ban start ') &nbsP; shell (' sed -i s/onboot=no/onboot=yes/ %s ' % netfile) #file (Netfile, ' a ', ' \ nipaddr=%s\nnetmask=%s\ndns1=%s\ngateway=%s ' % (ip,mask,dns,gateway)) file (Netfile, ' a ', ' \ndns1=%s ' % dns) Shell (' Service network restart ') file ('/etc/sysconfig/network ', ' w ', ' networking=yes\ nhostname=%s ' % host) shell (' Sed -i s/selinux=enforcing/selinux=disabled/ /etc/selinux /config ') shell (' useradd %s && echo %s|passwd --stdin %s ' % (Sshuser, Sshpasswd,sshuser)) Shell (' Setfacl -m u:%s:r /var/log/btmp && setfacl -m u:%s:r /var/log/messages ' % (sshuser,sshuser)) file ('/etc/ssh/sshd_config ', ' a ', ' \nPort %s\ Npermitrootlogin no\nusedns no ' %sshport) shell (' sed -i s/'--dport 22 "/"--dport %s "/ /etc/sysconfig/iptables ' %sshport) file ('/etc/hosts.allow ', ' a ', ' \nsshd:%s ' %sshallow) File ('/etc/hosts.deny ',' A ', ' \nsshd:all ') Fail2ban () shell (' echo ' 10 5 * * * /usr/sbin/ntpdate 202.112.10.60 ">/var/spool/cron/root ') shell (' sed -i s/*.info/*.warning/ /etc/rsyslog.conf ') File ('/ETC/BASHRC ', ' a ', ' \nexport histfilesize=1000000000\nexport histsize=1000000\nexport Prompt_command= "History -a" \nexport histtimeformat= "%y-%m-%d %h:%m:%s " ')
Python Initialization server script