聯(lián)通辦公primary安裝檢查項情況

echo'else'>>/tmp/uncomtestecho'echo"Permtsrootlognbysshcheckresultfalse"'>>/tmp/uncomtestshecho'f'>> testshecho'fegrepv"^[[space]]*#"/etc/ssh/sshd_confgegrep"^[[space]]*protocol[[space]]*2^[[

echo'thenecho"SSH2checkresulttrue"'>>/tmp/uncomtestshecho'else'>> testshecho'echo"notSSH2checkresultfalse"'>>/tmp/uncomtestshecho'f'>> testshProtocol2rmrf/tmp/uncomtest加固建

： 編輯文件/etc/ssh/sshd_confg，修改PermtRootLogn值為noPermtRootLognno編輯文件/etc/ssh/sshd_confg修改Protocol的值為2Protocol2結(jié)果描 0off1off2on3on4on5on6

auap855808557801042 000000sshda 88969101046 917568896901049 000000sshdauap[prauap917589175601049 000000sshda1編輯net配置文件/etc/xnetdd/net(v/etc/xnetdd/ne將dsable項改為yes即dsable結(jié)果描 CU_OS_Lnux_B_5327檢查SNMP配置修 的默 自 snmp_status=`psefegrepsnmpdegrepv"grep"wcl`>

f f}f["$snmp_status"ge1f加固建

1修改snmp配置文件/etc/snmp/snmpd munty開頭的行如 muntypublc127001其中的第二個 結(jié)果描 修 的默 munCU_OS_Lnux_B_5319安 補(bǔ) 手 其 f[f/etc/SuSErelease]ff無 /sbn/chkconfglNetworkManager0off1off2on3on4on5on6abrt 0off1off2off3on4off5on6 0off1off2off3on4off5on6 0off1off2on3on4on5on6 0off1off2off3on4on5on6 0off1off2on3on4on5on6 0off1off2off3on4on5on6blkavalablty0off1on2on3on4on5on6 0off1off2off3on4on5on6 0off1off2off3on4on5on6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1on2on3on4on5on6 0off1off2on3on4on5on6 0off1off2on3on4on5on6 0off1off2off3off4off5off6f 0off1off2off3off4off5off6 0off1off2off3on4on5on6htcacheclean0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2on3on4on5on6 0off1off2off3off4off5off6 0off1off2off3on4on5on6 0off1on2on3on4on5on6 0off1off2on3on4on5on6 0off1on2on3on4on5on6 0off1off2on3on4on5on6messagebus0off1off2on3on4on5on6 0off1off2off3off4off5off6 0off1off2off3on4on5on6 0off1off2on3on4on5on6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6portreserve0off1off2on3on4on5on6 0off1off2on3on4on5on6pppoeserver0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6 0off1off2off3off4off5off6restorecond0off1off2off3off4off5off6 0off1off2on3on4on5on6 0off1off2off3on4on5on6 0off1off2off3off4off5off6 0off1off2on3on4on5on6 0off1off2off3on4on5on6 0off1off2off3off4off5off6 0off1off2on3on4on5on6 0off1off2off3off4off5off6 0off1off2off3off4off5off6spcevdagentd0off1off2off3off4off5on6 0off1off2on3on4on5on6 0off1off2off3off4off5off6 0off1on2on3on4on5on6 0off1on2on3on4on5on6 0off1off2off3off4off5off6 0off1off2off3off4off5off6wnb 0off1off2off3off4off5off6_supplcant0off1off2off3off4off5off6x 0off1off2on3on4on5on6 0off1off2off3off4off5off6dscarddgramoffechodgramoffechostreamoff 00000 0000 L 00000 0000 L 00000 0000 L 00000 0000 L 0000 L 0000 L 066010160 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 0 L 01 L 0 L 01 L 0 L 0 L 0 L 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0ffff101605518 0000000000000000000000000000000000000000000000000ffff1016055180000 00 00 00 00 00 00 0000 00 00 00 00 10 00 00 00 11 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 000000000000000000000000000000000000000000100000000000000000000000000000 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 0 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 000000000000000000000000000000000000000ffff10160551800 00 00 00 00 00 00 00 00 00 00 00 0 00 00 00 00 00 0000 0000 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000 00000 0000 00000 0000 00000 0000 0000 00000 0000 00000 0000 0 000 0000 00000 0000 0 0 0 0fe80821844fffee8ae2123 0fe80821844fffee8ae2123 01 0 t unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG22799/tmp/X11unx/X0unx2 [ACC] STREAMLSTENNG unx2 [ACC] STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG /tmp/keyrngfQdjzg/socketsshunx2[ACC]STREAML unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG /tmp/orbtauap/lnc2125802ee253c56d4fdunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG /tmp/esd500/socketunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG /tmp/orbtauap/lnc unx2[ACC]STREAMLSTENNG22798@/tmp/X11unx/X0unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21932publc/cleanupunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21939prvate/tlsmgrunx2[ACC]STREAMLSTENNG21943prvate/rewrteunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21947prvate/bounceunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21951prvate/deferunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG23024@/tmp/gdmsessonyJxShTeNunx2[ACC]STREAMLSTENNG21955prunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21959prvate/verfyunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21963publc/flushunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21967prvate/mapunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21971prvate/wrteunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21975prvate/smtpunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21979prvate/relayunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21983publc/showqunx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG21987prvate/errorunx2[ACC]STREAMLSTENNG21991prvate/retryunx2[ACC]STREAMLSTENNG21999prunx2[ACC]STREAMLSTENNG22007prunx2 [ACC] unx2 [ACC]

unx STREAMLSTENNG22017prunx unx2[ACC]STREAMLSTENNG unx2[ACC]STREAMLSTENNG unx2[] 21153@/org/ unx21[] 19606/dev/logunx [ unx2[ACC]STREAMLSTENNG22870@/tmp/gdmgreeterbOunFmRunx2[]DGRAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[]STREAMCONNECTED unx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]DGRAMunx2[]DGRAMunx2[]unx3[]STREAMCONNECTED unx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx3[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]DGRAMunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[]STREAMCONNECTEDunx2[] STREAMCONNECTEDunx3[]STREAMCONNECTED @/tmp/dbusBW9K7hJrKBunx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] unx [ STREAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3 [] STREAMCONNECTED unx3 [] STREAMCONNECTEDunx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3 [] STREAMCONNECTED unx3 [] STREAMCONNECTED3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[3[unx3[ STREAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ STREAM unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx3[ STREAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ STREAM unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ STREAM unx [ STREAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ STREAM unx3[] unx2[] unx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] unx [ STREAMunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ unx3[] STREAMCONNECTED unx3[] STREAMCONNECTEDunx [ unx3[] STREAMCONNECTED23882@/tmp/gdmsessonyJxShTeNunx3[] STREAMCONNECTED23881unx3[] unx3[] STREAMCONNECTED23877unx [ unx [ STREAMCONNECTED23811/var/run/dbus/systembusunx [ STREAMunx3[] unx3[] STREAMCONNECTED23800unx [ unx3[] unx3[] STREAMCONNECTED23074unx3[] unx3[] STREAMCONNECTED23069unx3[] STREAMCONNECTED23000@/tmp/X11unx/X0unx3[] STREAMCONNECTED22999unx3[] STREAMCONNECTED22985@/tmp/X11unx/X0unx3[] STREAMCONNECTED22984unx3[] unx3[] STREAMCONNECTED22907unx3[] unx3[] STREAMCONNECTED22883unx3[] unx3[] STREAMCONNECTED22808unx3[] STREAMCONNECTED22814@/tmp/X11unx/X0unx3[] STREAMCONNECTED22807unx3[] unx3[] STREAMCONNECTED22761unx3[] unx3[] STREAMCONNECTED22695unx3[] unx3[] STREAMCONNECTED22403unx [ unx [ unx [ unx3[]STREAMCONNECTED22020unx3[]STREAMCONNECTED22019unx3[]STREAMCONNECTED22015unx3[]STREAMCONNECTED22014unx3[]STREAMCONNECTED22010unx3[]STREAMCONNECTED22009unx3[]STREAMCONNECTED22006unx3[]STREAMCONNECTED22005unx3[]STREAMCONNECTED22002unx3[]STREAMCONNECTED22001unx3[]STREAMCONNECTED21998unx3[]STREAMCONNECTED21997unx3[]STREAMCONNECTED21994unx3[]STREAMCONNECTED21993unx3[]STREAMCONNECTED21990unx3[]STREAMCONNECTED21989unx3[]STREAMCONNECTED21986unx3[]STREAMCONNECTED21985unx3[]STREAMCONNECTED21982unx3[]STREAMCONNECTED21981unx3[]STREAMCONNECTED21978unx3[]STREAMCONNECTED21977unx3[]STREAMCONNECTED21974unx3[]STREAMCONNECTED21973unx3[]STREAMCONNECTED21970unx3[]STREAMCONNECTED21969unx3[]STREAMCONNECTED21966unx3[]STREAMCONNECTED21965unx3[]STREAMCONNECTED21962unx3[]STREAMCONNECTED21961unx3[]STREAMCONNECTED21958unx3[]STREAMCONNECTED21957unx3[]STREAMCONNECTED21954unx3[]STREAMCONNECTED21953unx3[]STREAMCONNECTED21950unx3[]STREAMCONNECTED21949unx3[]STREAMCONNECTED21946unx3[]STREAMCONNECTED21945unx3[]STREAMCONNECTED21942unx3[]STREAMCONNECTED21941unx3[]STREAMCONNECTED21938unx3[]STREAMCONNECTED21937unx3[]STREAMCONNECTED21935unx3[]STREAMCONNECTED21934unx3[]STREAMCONNECTEDunx3[]STREAMCONNECTED21930unx3[]STREAMCONNECTED21928unx3[]STREAMCONNECTEDunx[unxunx[[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unx[unxunx[[unxunxunx[[[unx[unx[unx[unxunx[[unx[unx[unx[unx[unx[加固建

若chkconfg命令無法執(zhí)行，嘗試使用/sbn/chkconfg[servcename]off2編輯文件/etc/servces結(jié)果描述

>>

f[s/etc/ssueredhat_count=`cat/etc/ssueegrep"RedHat"wccentos_count=`cat/etc/ssueegrep"CentOS"wcff([$redhat_countge1][$suse_countge1][$centos_countge1ff[s/etc/ssuenetredhat_count=`cat/etc/ssuenetegrep"RedHat"wcsuse_count=`cat/etc/ssuenetegrep"suse"wccentos_count=`cat/etc/ssueegrep"CentOS"wcf

>thenf

f([$redhat_countge1][$suse_countge1][$centos_countge1f[$ssh_statusne0>f([s/etc/motd]&&[f$ssh_bannerflefffnet_status=`netstatanegrep"23\>"egreplstenwc>f[$netresulteq1f[$net_statuseq1fff加固建如果此項掃描不合規(guī)請執(zhí)行下步驟進(jìn)行修復(fù)#vetc/motd#echoAuthorzedusersonlyAllactvtymaybemontoredandreported">/etcssue可根據(jù)實(shí)際需要修改該文件的內(nèi)容但是不要出現(xiàn)系統(tǒng)敏感信息如redhatsuse等。1)修改/etc/ssh/sshd_confg文件修改/etc/ssue文件或/etc/ssh/ssh_banner結(jié)果描1cat/etc/profleegrepv"^[[space]]*#"egrepv"^$"egrep"TMOUT="tal1TMOUT小于等于加固建#v/etc/profle exportTMOUT結(jié)果描 CU_OS_Lnux_B_5323刪除潛在文fnd/maxdepth3namenetrcfnd/maxdepth3namerhostsfnd/maxdepth3namehostsequv

加固建

12#cpnetrcnetr2如無應(yīng)用刪除以上文件#rmrfrhosts結(jié)果描 CU_OS_Lnux_B_5324root登陸FTP#!/bn/bash

>{>ff}{f[$userlst_enable=1a$userlst_deny=1

f f f}>{>f[f/etc/pamd/vsftpd fff}>f加固建1userlst_deny=NO結(jié)果描1f[`psefegrepftpdegrepv"grep"wcl`ge1fff加固建如果不存在anonymous_enable結(jié)果描1ftp_check_func(){fff[`egrepv"^[[space]]*#"$FTPCONFegrep"banner_fle"wcl`ne0 felsef[`egrepv"^[[space]]*#"$FTPCONFegrep"ftpd_banner"wcl`ne0 fff}f 2vsftp服務(wù)器查看/etc/vsftpdconf(/etc/vsftpd/vsftpdconf) etoFTP”或者查看是否配置了banner_fle，并查看banner_fle內(nèi)容加固建方法： 結(jié)果描CU_OS_Lnux_B_5328修改系統(tǒng)Banner是否設(shè)置ssh成功登錄后 自 ssh_banners=`cat/etc/ssh/sshd_confgegrepv'^[[space]]*#'egrepBannerawk'{prnt$2}'`ssh_status=`netstatantpegreplstenegrepsshdwccl`>實(shí)際 >f["$ssh_status"!=0ff加固建1修改/etc/ssh/sshd_confg文件3重啟sshd結(jié)果描CU_OS_Lnux_B_5329P源路10000000end加固建結(jié)果描CU_OS_Lnux_B_5330控制_P1cat/etc/hostsallowsed'/^#/d'sed'/^$/d'egrep"allsshdcat/etc/hostsdenysed'/^#/d'sed'/^$/d'egrep"all"egrep"allsshdecho"denyno="`egrep"sshdnetall"/etc/hostsdenyegrep"all"sed'/^#/d'sed'/^$/d'wc#cpp/etc/hostsdeny/etc/hosts加固建 #編輯文件/etc/hostsdeny增加行allall 3設(shè)置好后，要重新啟動結(jié)果描1加固建加固建#cppetc/sysctlconfetc/sysctlconf_bak2編輯文件sysctlconf，設(shè)置如下33#sysctlCU_OS_LCU_OS_Lux_B_5332檢查是 cmp重定 自 accept_redrects=0netpv4confallaccept_redrects的值為01備份文件#cpp/etc/sysctlconf/etc/sysctl編輯文件/etc/sysctlconf將netpv4confallaccept_redrects的值改為x_B_5333檢查是否配置 自 ntpstatus=`psefegrep"ntpntpd"egrepvgrepwcl``f[$ntpstatus!=0]fserver101626418mnpoll9maxpoll9 加固建結(jié)果描CU_OS_L加固建結(jié)果描>{ f[z$DCREDT]thenDCREDT=0elsef[$DCREDTlt0]thenDCREDT=1ff[z$LCREDT]thenLCREDT=0elsef[$LCREDTlt0]thenLCREDT=1ff[z$UCREDT]thenUCREDT=0elsef[$UCREDTlt0]thenUCREDT=1ff[z$OCREDT]thenOCREDT=0elsef[$OCREDTlt0]thenOCREDT=1f}f([d/etc/pamd]&&[f F ff([f/etc/redhatrelease]&&[f/etc/pamd/systemauthOCREDT=1MNLEN=8MNCLASS=4F f[f/etc/SuSEreleaseff加固建passwordrequstepam_cracklbsoretry=3mnlen=8dcredt1ucredt1lcredt1ocredt1#至少包含個數(shù)字、個小寫字母、個大寫字母、個特殊字符、且長度>=8根據(jù)系統(tǒng)版本，suse9編輯/etc/pamd/passwd、suse10以上編輯 monpassword在文件中加入如下內(nèi)passwordrequstepam_cracklbsomnlen=8dcredt=1lcredt=1ucredt=1ocredt=1use_authtok passwordrequstepam_cracklbso將其修改為結(jié)果描CU_OS_Lnux_B_536查看靜態(tài)口令最長生存 自 PASS_WARN_AGE7PASS_MN_DAYSPASS_WARN_AGEPASS_MN_DAYS#cpp/etc/logndefs/etc/lognPASS_WARN_AGE7(數(shù)值大于等于加固建結(jié)果描 自 f([d/etc/pamd]&&[f > monpam_tally2soaccount[[space]]*requred[[space]]*pam_tallysoaccount[[space]]*requred[[space]]*pam_tally2so"ff([f/etc/redhatrelease]&&[f/etc/pamd/systemautham_tally2soaccount[[space]]*requred[[space]]*pam_tallysoaccount[[space]]*requred[[space]]*pam_tally2so""f requred accountrequredpam_tally2so實(shí)際 F soaccount[[space]]*requred[[space]]*pamtallysoaccount[[space]]*requred[[space]]*pamtally2so">f[f/etc/SuSEreleaseoaccount[[space]]*requred[[space]]*pam_tallysoaccount[[space]]*requred[[space]]*pam_tally2so"ff1redhat#cpp/etc/pamd/systemauth/etc/pamd/systemauth_bak#cp #cpp monpassword 2編輯1中備份的文件添加以下內(nèi)容

結(jié)果描加固建f([d/etc/pamd]&&[f 結(jié)果描加固建 monff([f/etc/redhatrelease]&&[f/etc/pamd/systemauthfpasswordrequste passwordrequred pam_denysoF f[f/etc/SuSEreleaseff1執(zhí)行備份#cpp/etc/pamd/systemauth/etc/pamd/systemauthbak#cp #cpp monpassword 2創(chuàng)建文件/etc/securty/opasswd用于舊并設(shè)置權(quán)限cat/etc/logndefsegrepv"^[[space]]*#"egrepumasktaln1awk'{prntt$1""$2}'UMASK077/etc/logndefs文件存在umask大于等于

11加固建結(jié)果描加固建結(jié)果描加固建結(jié)果描加固建結(jié)果描{ff_local_user=YES"wcl`eq0f[s"`egrepv"^#"$ftp_confgegrep"chroot_lst_fle"cutd\==f2`"fff}

f[$ftp_statuseq0f2存在result1chroot_lst_enable=YES(2)創(chuàng)建chroot_lst_fle對應(yīng)的文件 每個用戶占行例1

加固建結(jié)果描加固建結(jié)果描加固建結(jié)果描加固建結(jié)果描rwrr1rootroot1676Aug271949echo"passwd_count="`lslL/etc/passwd2>/dev/nullgrepv"[r][w][r][r]"wclslL/etc/groupecho"group_count="`lslL/etc/group2>/dev/nullgrepv"[r][w][r][r]"wclslL/etc/servcesrwrr1rootroot641020Aug202013echo"servces_count="`lslL/etc/servces2>/dev/nullgrepv"[r][w][r][r]"wclslL/etc/shadow "wclslL/etc/xnetdconf "wcxlslLd/etc/securty "wc #od644/etc/passwd#od644#od644/etc/servces#od600/etc/secur lastwcl

#!/bn/bash

>>

f[f/etc/syslogconfcat/etc/syslogconfegrepv"^[[space]]*#"egrep"authprv"ff[f/etc/rsyslogconfthencat/etc/rsyslogconfegrepv"^[[space]]*#"egrep"authprv""egrepf f[s/etc/syslogng/syslogngconflog_count=`cat/etc/syslogng/syslogngconfegrepv"^[[space]]*#"egrep"^[[space]]*log"egrep$fauthprvwcf[$log_countge1fff存在result修改權(quán)限為775命令為SUSE系統(tǒng)編輯文件/etc/syslogng/syslogngconf(v/etc/syslogng/syslogngconf)在文件增加如下內(nèi)容(如果存在則無需新增)加固建容#touchvar/log/secure修改權(quán)限為775命令為

SYSLOGNG_FLAG=`psefegrep"syslogng"egrepv"greppsyslogng"wcl`

LOGDR=`f[f/etc/syslogconf]thencat/etc/syslogconfegrepv"^[[space]]*[#$]"awk'{prnt$2}'sed's/^//g'egrep'^\s*\/'f` AGNUMlsl$GDR2/dev/nullerepv"r]w]x]r]x]r]x]"aw'{prnt$1"""$7""$8""$9}'wclOTHER_NUM=`lsl$LOGDR2>/dev/nullegrepv"[r][w][x][r][w][x][r][x]"awk'{prnt$1""$7""$8""$9}'wcMESSAGE_NUM=`lsl$LOGDR2>/dev/nullegrepv"[r][w][x][r][x][r][x]"awk'{prnt$1""$7""$8""$9}'wccOTHER_NUM=`lsl$LOGDR2>/dev/nullegrepv"[r][w][x][r][w][x][r][x]"awk'{prntt$1""$7""$8""$9}'wcMESSAGE_NUM=`lsl$LOGDR2>/dev/nullegre