Centos 7 安全加固命令行
Posted liweiming
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Centos 7 安全加固命令行相关的知识,希望对你有一定的参考价值。
authconfig --passminlen=8 --update authconfig --enablereqdigit --update authconfig --enablereqlower --update authconfig --enablerequpper --update authconfig --enablereqother --update sed -i ‘s/password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5/‘ /etc/pam.d/system-auth sed -i ‘s/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= enforce_for_root/‘ /etc/pam.d/system-auth sed -i ‘/PASS_MAX_DAYS/ s/99999/90/‘ /etc/login.defs sed -i ‘/PASS_MIN_DAYS/ s/0/14/‘ /etc/login.defs sed -i ‘/PASS_WARN_AGE/ s/7/14/‘ /etc/login.defs echo " Authorized users only! All activity may be monitored and reported! " > /etc/motd echo " Be sure you are authorized to access this system! " > /etc/issue echo " Be sure you are authorized to access this system! " > /etc/issue.net echo "UseDNS no" >> /etc/ssh/sshd_config echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config echo "Protocol 2" >> /etc/ssh/sshd_config sed -i ‘/#PermitRootLogin yes/a\PermitRootLogin no‘ /etc/ssh/sshd_config systemctl restart sshd.service sed -i ‘s/umask 022/umask 027/‘ /etc/profile echo "export TMOUT=300" >> /etc/profile systemctl stop kdump.service systemctl disable kdump.service systemctl stop firewalld.service systemctl disable firewalld.service systemctl disable avahi-daemon systemctl disable cups systemctl disable nfs systemctl disable nfs-server systemctl disable rpcbind systemctl disable vsftpd systemctl disable snmpd systemctl disable rsyncd systemctl disable dhcpd systemctl disable slapd systemctl disable named systemctl disable httpd systemctl disable doveco systemctl disable smb systemctl disable squid systemctl disable ypserv systemctl disable rsh.socket systemctl disable rlogin.socket systemctl disable rexec.socket systemctl disable ntalk systemctl disable telnet.socket systemctl disable tftp.socket systemctl list-unit-files |egrep "^firewalld|^post|^NetworkManager" |awk ‘print $1‘|sed -r ‘s#(.*)#systemctl disable &#g‘|bash sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘/etc/selinux/config rm -f /usr/lib/systemd/system/ctrl-alt-del.target echo ‘HISTTIMEFORMAT="<%F %T>: " ‘ >> /etc/profile echo ‘HISTFILESIZE=2000‘ >> /etc/profile echo ‘HISTSIZE=2000‘ >> /etc/profile echo ‘*.err;auth.info /var/adm/messages‘ >> /etc/rsyslog.conf echo ‘* soft nofile 409600‘ >> /etc/security/limits.conf echo ‘* hard nofile 409600‘ >> /etc/security/limits.conf sed -i ‘s/* soft nproc 4096/#* soft nproc 4096/‘ /etc/security/limits.d/20-nproc.conf
以上是关于Centos 7 安全加固命令行的主要内容,如果未能解决你的问题,请参考以下文章