|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
[root@localhost ~]
# vi optimizing.sh
#!/bin/bash
cat
<< EOF
+---------------------------------------+
| Start Optimize ...... |
+---------------------------------------+
EOF
########## Shut selinux ##########
sed
-i
"s/SELINUX=enforcing/SELINUX=disabled/g"
/etc/selinux/config
echo
"Shut selinux. [ OK ]"
########## Set firewall ##########
/sbin/iptables
-F
/sbin/iptables
-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables
-A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables
-A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables
-A INPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables
-A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables
-A INPUT -p udp --dport 123 -j ACCEPT
/sbin/iptables
-A INPUT -p icmp -j ACCEPT
/sbin/iptables
-P INPUT DROP
/etc/init
.d
/iptables
save >
/dev/null
2>&1
echo
"Set firewall. [ OK ]"
########## Auth and add user ##########
/usr/sbin/useradd
user >
/dev/null
2>&1
#添加user用户并设置密码123.com
if
[[ $? -
eq
0 ]];
then
echo
"123.com"
|
passwd
--stdin user >
/dev/null
2>&1
sed
-i
"99 s/^/user ALL=(ALL) ALL/"
/etc/sudoers
echo
"Auth and add user. [ OK ]"
else
echo
"User already exist! [Fail]"
fi
########## Shut root login ##########
sed
-i
"s/#PermitRootLogin yes/PermitRootLogin no/g"
/etc/ssh/sshd_config
sed
-i
"s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g"
/etc/ssh/sshd_config
sed
-i
"s/#UseDNS yes/UseDNS no/g"
/etc/ssh/sshd_config
echo
"Shut root login. [ OK ]"
########## Forbidden not use service ##########
/sbin/chkconfig
auditd off
/sbin/chkconfig
blk-availability off
/sbin/chkconfig
ip6tables off
/sbin/chkconfig
lvm2-monitor off
/sbin/chkconfig
netfs off
/sbin/chkconfig
udev-post off
echo
"Forbidden not use service. [ OK ]"
########## Delete not use user ##########
/usr/sbin/userdel
adm >
/dev/null
2>&1
/usr/sbin/userdel
lp >
/dev/null
2>&1
/usr/sbin/userdel
shutdown
>
/dev/null
2>&1
/usr/sbin/userdel
halt >
/dev/null
2>&1
/usr/sbin/userdel
uucp >
/dev/null
2>&1
/usr/sbin/userdel
operator >
/dev/null
2>&1
/usr/sbin/userdel
games >
/dev/null
2>&1
/usr/sbin/userdel
gopher >
/dev/null
2>&1
if
[[ $? -
eq
0 ]];
then
echo
"Delete not use service. [ OK ]"
else
echo
"Not use user already deleted! [Fail]"
fi
########## Shut reboot combination key ##########
sed
-i
's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#'
/etc/init/control-alt-delete
.conf
echo
"Shut reboot combination key. [ OK ]"
########## Modify file descriptor size ##########
echo
"* soft nofile 102400"
>>
/etc/security/limits
.conf
echo
"* hard nofile 102400"
>>
/etc/security/limits
.conf
echo
"Modify file descriptor size. [ OK ]"
########## Modify system show message ##########
echo
"Welcome to Server."
>
/etc/issue
echo
"Welcome to Server."
>
/etc/redhat-release
echo
"Modify system show message. [ OK ]"
########## Modify history ##########
sed
-i
"s/HISTSIZE=1000/HISTSIZE=10/g"
/etc/profile
source
/etc/profile
echo
"Modify history. [ OK ]"
########## Sync timezone ##########
yum
install
ntp -y >
/dev/null
2>&1
cp
-rf
/usr/share/zoneinfo/Asia/Shanghai
/etc/localtime
/usr/sbin/ntpdate
cn.pool.ntp.org >
/dev/null
2>&1
/sbin/hwclock
-w
echo
"0 * * * * /usr/sbin/ntpdate cn.pool.ntp.org ; hwclock -w"
>>
/etc/crontab
echo
"Sync timezone. [ OK ]"
########## Kernel optimize ##########
cat
>>
/etc/sysctl
.conf << EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 4096 65000
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_max_syn_backlog = 4096
net.core.netdev_max_backlog = 10240
net.core.somaxconn = 2048
net.core.wmem_default = 4096000
net.core.rmem_default = 4096000
net.core.rmem_max = 4096000
net.core.wmem_max = 4096000
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_mem = 94500000 915000000 927000000
EOF
echo
"Kernel optimize. [ OK ]"
cat
<< EOF
+---------------------------------------+
| Optimize the end ...... |
| Please reboot your system ! |
+---------------------------------------+
EOF
|
CenOS6.5安全加固及性能优化(脚本)
2016-05-06
2128
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《
阿里云开发者社区用户服务协议》和
《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写
侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介:
目录
相关文章
|
6月前
|
安全
网络安全
|
安全
Linux
|
安全
Shell
|
安全
Shell
Linux
|
安全
Linux
|
安全
网络协议
Shell
Linux系统安全加固脚本
1961
0
1
|
安全
Linux
网络安全
linux系统安全加固脚本
1615
0
0
|
安全
网络协议
网络安全
CenOS6.5安全加固及性能优化
1199
0
0
|
安全
网络安全
CenOS6.5安全加固及性能优化(脚本)
1207
0
0
|
安全
Unix
Linux
