Linux基线加固

Z先森 2019-04-13 AM 2491℃ 0条
#!/bin/bash
#阿里云linux系统基线加固
#敏感文件权限
chown root:root /etc/passwd /etc/shadow /etc/group /etc/gshadow
chmod 0644 /etc/group
chmod 0644 /etc/passwd
chmod 0400 /etc/shadow
chmod 0400 /etc/gshadow

#设置SSH LogLevel设置为INFO
sed -i "s/#LogLevel INFO/LogLevel INFO/g" /etc/ssh/sshd_config

#设置SSH空闲超时退出时间
sed -i "s/^#ClientAliveInterval.*$/ClientAliveInterval 900/g" /etc/ssh/sshd_config
sed -i "s/^#ClientAliveCountMax.*$/ClientAliveCountMax 0/g" /etc/ssh/sshd_config

#SSHD强制使用V2安全协议
if [[ `grep "Protocol 2" /etc/ssh/sshd_config |wc -l` == "0" ]];then
        echo "Protocol 2" >>/etc/ssh/sshd_config
fi

#确保SSH MaxAuthTries设置为3到6之间
sed -i "s/#MaxAuthTries/MaxAuthTries/g" /etc/ssh/sshd_config
sed -i "s/^MaxAuthTries.*$/MaxAuthTries 4/g" /etc/ssh/sshd_config

#设置密码修改最小间隔时间
sed -i "s/^PASS_MIN_DAYS.*$/PASS_MIN_DAYS   7/g" /etc/login.defs
chage --mindays 7 root

#设置密码失效时间 
sed -i "s/^PASS_MAX_DAYS.*$/PASS_MAX_DAYS   90/g" /etc/login.defs
chage --maxdays 90 root

#禁止SSH空密码用户登录
sed -i "s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g" /etc/ssh/sshd_config

service sshd restart
标签: linux, root, ssh, sed

如无特殊说明,本博所有文章均为博主原创。

评论啦~