欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

centos,redhat系统安全初始化(加固,安全,并发,)

来源:本站转载 作者:佚名 时间:2013-07-31 TAG:linux linux安全 Centos 我要投稿

 #!/bin/bash

#
# Script Name: initSystem.sh
# Description: setup linux system init.
# Author: lvsi
# Date: 2012-10-30
#  
#set env
export PATH=$PATH:/bin:/sbin:/usr/sbin
export LANG="zh_CN.GB18030"
#require root to run this script.
if [[ "$(whoami)" != "root" ]]; then
 echo "Please run this script as root." >&2
 exit 1
fi
#define cmd var
SERVICE=`which service`
CHKCONFIG=`which chkconfig`
#Source function library.
. /etc/init.d/functions
#Modify the system yum source  //修改系统Yum源
initYum() {
cat << EOF
+--------------------------------------------------------------+
+------      Welcome to Modify the system yum source.    ------+
+--------------------------------------------------------------+
EOF
 
cd /etc/yum.repos.d/
\cp CentOS-Base.repo CentOS-Base.repo.ori.$(date +%F)
ping -c 1 baidu.com >/dev/null
[ ! $? -eq 0 ] && echo $"Networking not configured - exiting" && exit 1
wget --quiet -o /dev/null http://mirrors.sohu.com/help/CentOS-Base-sohu.repo
\cp CentOS-Base-sohu.repo CentOS-Base.repo
echo "Modify the system yum source.------->OK"
sleep 3
}
#Set the character encoding  //设置字符编码
initI18n() {
cat << EOF
+--------------------------------------------------------------+
+------       Welcome to Set the character encoding.     ------+
+--------------------------------------------------------------+
EOF
echo "#set LANG="zh_cn.gb18030""
\cp /etc/sysconfig/i18n /etc/sysconfig/i18n.$(date +%F)
sed -i 's#LANG="en_US.UTF-8"#LANG="zh_CN.GB18030"#' /etc/sysconfig/i18n
source /etc/sysconfig/i18n
grep LANG /etc/sysconfig/i18n
echo "Set the character encoding.------->OK"
sleep 3
}
#Close the firewall and Selinux  //关闭防火墙和Selinux
initFirewall() {
cat << EOF
+--------------------------------------------------------------+
+------     Welcome to Close the firewall and Selinux.   ------+
+--------------------------------------------------------------+
EOF
\cp /etc/selinux/config /etc/selinux/config.`date +"%Y-%m-%d_%H-%M-%S"`
/etc/init.d/iptables stop
chkconfig iptables off
sed -i 's/SELINUX=enable/SELINUX=disabled/' /etc/selinux/config
setenforce 0
/etc/init.d/iptables status
grep SELINUX=disabled /etc/selinux/config
echo "Close the firewall and Selinux.------->OK"
sleep 3
}
#Close unnecessary system service  //关闭不必要系统服务
initService() {
cat << EOF
+--------------------------------------------------------------+
+------   Welcome to Close unnecessary system service .  ------+
+--------------------------------------------------------------+
EOF
export LANG="en_US.UTF-8"
for i in `chkconfig --list |grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $i off;done
for i in crond network sshd syslog;do chkconfig --level 3 $i on;done
export LANG="zh_CN.GB18030"
echo "Close unnecessary system service.------>OK"
sleep 3
}
#Set the sshConfig banned root login  //设置sshConfig,禁止root登录
initSsh() {
cat << EOF
+--------------------------------------------------------------+
+------  Welcome to Set the sshConfig banned root login. ------+
+--------------------------------------------------------------+
EOF
\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.`date +"%Y-%m-%d_%H-%M-%S"`
sed -i 's%#Port 22%Port 52113%' /etc/ssh/sshd_config
sed -i 's%#PermitRootLogin yes%PermitRootLogin no%' /etc/ssh/sshd_config
sed -i 's%#PermitEmptyPasswords no%PermitEmptyPasswords no%' /etc/ssh/sshd_config
sed -i 's%#UseDNS yes%UseDNS no' /etc/ssh/sshd_config
egrep "UseDNS|52113|RootLogin|EmptyPass" /etc/ssh/sshd_config
/etc/init.d/sshd reload
echo "Set the sshConfig banned root login.------>OK"
sleep 3
}
#Disable ctrlaltdel three key to reboot system  //禁止ctrl+alt+del三个键重启系统
initSafe() {
cat << EOF
+--------------------------------------------------------------+

[1] [2] [3] [4]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载