How to write linux security hardening script-Linux Operation and Maintenance-php.cn

Home

Operation and Maintenance

Linux Operation and Maintenance

How to write linux security hardening script

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 21, 2023 pm 11:43 PM

linux

#linux加固脚本
#!/bin/bash
#
#version1.0;
#write at 2021-08-27;
#write by jiangzhehao;
#只在centos7上测试过
#1、账号安全
#1.1 账号加固
#备份文件
cp /etc/login.defs /etc/login.defs.bak
echo "对密码安全策略进行加固，设置密码存在时间、密码长度、密码过期提醒！"
read -p "设置密码有效时间(建议90天)：" A
read -p "设置密码最短长度（建议8位）：" C
read -p "设置密码过期提醒（建议15天）：" D
sed -i '/^PASS_MAX_DAYS/c\PASS_MAX_DAYS   '$A /etc/login.defs
sed -i '/^PASS_MIN_DAYS/c\PASS_MIN_DAYS   '0 /etc/login.defs
sed -i '/^PASS_MIN_LEN/c\PASS_MIN_LEN    '$C /etc/login.defs
sed -i '/^PASS_WARN_AGE/c\PASS_WARN_AGE   '$D /etc/login.defs
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "对密码安全策略进行加固，新用户不得和旧密码相同，且新密码必须同时包含大写字母、小写字母、数字！"
#备份文件
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
sed -i '/pam_pwquality.so/c\password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= difok=1 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1' /etc/pam.d/system-auth
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "对密码进行加固，如果输入错误密码超过3次，则锁定账户！"
sed -i '/^auth        required      pam_deny.so/i\auth        required      pam_tally.so onerr=fail deny=10 unlock_time=300' /etc/pam.d/system-auth
echo "被锁定的用户可以使用 faillog -u root -r  解除锁定。"
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "禁止root用户ssh远程登录,需要root用时，使用su切换！"
#备份文件
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak 
sed -i '/PermitRootLogin/c\PermitRootLogin no' /etc/ssh/sshd_config
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "限制远程登录主机地址！"
read -p "设置远程登录地址段(格式为10.1.*.*)：" E
sed -i '/ListenAddress /i\ALLOWUSERS *@'$E'' /etc/ssh/sshd_config
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "清除信任主机列表（信任主机登录不需要验证）！"
echo "" > /etc/hosts.equiv
echo "" > /$home/.rhosts
echo "加固已完成。"
echo "*****************************************************************************************"
#
echo "history设置优化（建议保存条数1000条，超时时间为300秒）！"
read -p "设置历史命令保存条数（建议1000）：" F
read -p "设置账户自动注销时间（建议300）：" G
sed -i '/^HISTSIZE/c\HISTSIZE='$F'' /etc/profile
sed -i '/^HISTSIZE/a\TMOUT='$G'' /etc/profile
echo "加固已完成。"
echo "*****************************************************************************************"
#
#1.2用户检查
echo "即将对系统中的账户进行检查......"
echo "系统中有登录权限的用户有："
awk -F: '($7=="/bin/bash"){print $1}' /etc/passwd
echo "********************************************"
echo "系统中UID=0的特权用户有："
awk -F: '($3=="0"){print $1}' /etc/passwd
echo "********************************************"
N=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
echo "系统中空密码用户有：$N"
if [ $N -eq 0 ];then
 echo "恭喜你，系统中无空密码用户！！"
 echo "********************************************"
else
 i=1
 while [ $N -gt 0 ]
 do
 None=`awk -F: '($2==""){print $1}' /etc/shadow|awk 'NR=='$i'{print}'`
 echo "------------------------"
 echo $None
 echo "必须为空用户设置密码！！"
 passwd $None
 let N--
 done
 M=`awk -F: '($2==""){print $1}' /etc/shadow|wc -l`
 if [ $M -eq 0 ];then
 echo "恭喜，系统中已经没有空密码用户了！"
 else
echo "系统中还存在空密码用户：$M"
 fi
fi
#
#2、文件系统安全加固
#设置umask值
echo "设置umask值为077！"
sed -i '/^UMASK/c\UMASK           077' /etc/login.defs
echo "加固已完成。"
echo "*****************************************************************************************"
#
#3、禁用不需要的服务
/sbin/chkconfig ip6tables off
/sbin/chkconfig avahi-daemon off
/sbin/chkconfig avahi-dnsconfd off
#
#4、设置需要开启的端口
#yum install iptables-services -y
#systemctl start iptables
#iptables -F
#iptables -P INPUT DROP
#iptables -A INPUT -p tcp --dport 22

Copy after login

The above is the detailed content of How to write linux security hardening script. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Saving in R.E.P.O. Explained (And Save Files)

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7569

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

107

Related knowledge

How to use docker desktop Apr 15, 2025 am 11:45 AM

How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).

Difference between centos and ubuntu Apr 14, 2025 pm 09:09 PM

The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)

What to do if the docker image fails Apr 15, 2025 am 11:21 AM

Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.

How to view the docker process Apr 15, 2025 am 11:48 AM

Docker process viewing method: 1. Docker CLI command: docker ps; 2. Systemd CLI command: systemctl status docker; 3. Docker Compose CLI command: docker-compose ps; 4. Process Explorer (Windows); 5. /proc directory (Linux).

Detailed explanation of docker principle Apr 14, 2025 pm 11:57 PM

Docker uses Linux kernel features to provide an efficient and isolated application running environment. Its working principle is as follows: 1. The mirror is used as a read-only template, which contains everything you need to run the application; 2. The Union File System (UnionFS) stacks multiple file systems, only storing the differences, saving space and speeding up; 3. The daemon manages the mirrors and containers, and the client uses them for interaction; 4. Namespaces and cgroups implement container isolation and resource limitations; 5. Multiple network modes support container interconnection. Only by understanding these core concepts can you better utilize Docker.

What computer configuration is required for vscode Apr 15, 2025 pm 09:48 PM

VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)

vscode cannot install extension Apr 15, 2025 pm 07:18 PM

The reasons for the installation of VS Code extensions may be: network instability, insufficient permissions, system compatibility issues, VS Code version is too old, antivirus software or firewall interference. By checking network connections, permissions, log files, updating VS Code, disabling security software, and restarting VS Code or computers, you can gradually troubleshoot and resolve issues.

How to switch Chinese mode with vscode Apr 15, 2025 pm 11:39 PM

VS Code To switch Chinese mode: Open the settings interface (Windows/Linux: Ctrl, macOS: Cmd,) Search for "Editor: Language" settings Select "Chinese" in the drop-down menu Save settings and restart VS Code

See all articles