Centos 安全加固

#!/bin/bash
L1="\E[0;41m"
R1="\E[0m \n"
backPatch
sshdConfPath=/etc/ssh
sshdConf=sshd_config

cp -pf ${sshdConfPath}/${sshdConf} /etc/ssh/sshd_config.bak
grep -v "^[[:space:]]*#" ${sshdConfPath}/${sshdConf} | egrep "^PermitRootLogin\s*no|^permitRootLogin\s*no"
if [ $? != 0 ];
then
    echo -e "####################"\\n \
    PermitRootLogin no\\n \
    >> ${sshdConfPath}/${sshdConf}
fi

grep  -v "^[[:space:]]*#" ${sshdConfPath}/${sshdConf} | egrep "^protocol\s*2|^Protocol\s*2"
if [ $? != 0 ];
then
    echo -e PermitRootLogin no\\n \
    >> ${sshdConfPath}/${sshdConf}
    systemctl restart sshd
    /etc/init.d/sshd restart
fi

netstat -anolt | awk '{print $4}'| grep ":23$"
if [ $? == 0 ];
then
    echo -e "${L1}"telnet 服务端开启中 ！！"${R1}"
fi

chkconfig snmpd
if [ $? == 0 ] || [ -f /etc/snmpd.conf ];
then
    sed -i "s/rocommunity public/rocommunity fscr5.r3EF/g" /etc/snmp/snmpd.conf
    sed -i "s/rwcommunity public/rocommunity fscr5.r3EF/g" /etc/snmp/snmpd.conf
fi

opensslV=$(openssl version | awk '{print $2}')
echo "${opensslV}" | grep "1.0.0|1.0.1f|1.0.1e|1.0.1d|1.0.1c|1.0.1b|1.0.1a|1.0.1|1.0.2-beta|1.0.2-beta1"
if [ $? == 0 ];
then
    echo -e "${L1}"openssl 存在漏洞 ！！"${R1}"
fi

authPath="/etc/pam.d/system-auth"
cp -p ${authPath} /etc/pam.d/system-auth.bak
grep "account.*.required.*.pam_tally.so" ${authPath}
if [ $? != 0 ];
then
    grep "account.*.required.*.pam_tally2.so" ${authPath}
    if [ $? != 0 ];
    then
        lineN=0
        lineN=$(sed -n "/account/=" ${authPath} | head -n 1)
        sed -i "${lineN}s/$/\n account    required    pam_tally2.so/g" ${authPath}
    fi
fi

grep "auth required .*. deny=5 .*. unlock_time=180$" ${authPath}
if [ $? != 0 ];
then
    lineN=0
    lineN=$(sed -n "/^auth/=" ${authPath} | head -n 1)
    sed -i "${lineN}s/$/\n auth required pam_tally2.so deny=5 onerr=fail no_magic_root unlock_time=180/g" ${authPath}
fi

loginD="/etc/login.defs"
cp -p ${loginD}  ${loginD}.bak
grep "^PASS_MAX_DAYS.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS   90/g" ${loginD}
else
    echo "PASS_MAX_DAYS   90" >> ${loginD}
fi

grep "^PASS_MIN_DAYS.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MIN_DAYS.*/PASS_MIN_DAYS   10/g" ${loginD}
else
    echo "PASS_MIN_DAYS   10" >> ${loginD}
fi

grep "^PASS_MIN_LEN.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_MIN_LEN.*/PASS_MIN_LEN   8/g" ${loginD}
else
    echo "PASS_MIN_LEN   8" >> ${loginD}
fi

grep "^PASS_WARN_AGE.*" ${loginD}
if [ $? == 0 ];
then
    sed -i "s/PASS_WARN_AGE.*/PASS_WARN_AGE   7/g" ${loginD}
else
    echo "PASS_WARN_AGE   7" >> ${loginD}
fi

本栏目推荐文章
• Centos安装docker步骤
• CentOS7虚拟机突然远程连不上了
• CentOS 7复制文件和文件夹都阿里云OSS的指定目录
• centos7.9内核升级至6.1.12-1
• centos8配置网络环境及阿里云网络yum源
• centos 编译安装 curl
• CentOS7 mysql5.7 (rpm安装)
• CentOS7上配置MySQL5.7主从备份
• CentOS7安装MySQL5.7.36 rpm
• Centos6与Centos7防火墙设置与端口开放的方法

Centoscentos7 centos8 centos6 centos9 centos7 centos linux-centos centos docker centos系统 centos yum centos7 centos docker