linux安全加固

PASS_WARN_AGE do

cat /etc/login.defs |grep $i|grep -v \\# done

#set password min length 8 echo \echo \sed -i '/PASS_MIN_LEN/s/5/8/g' /etc/login.defs echo \#set password max day 90

#echo \

#sed -i '/PASS_MAX_DAYS/s/99999/90/g' /etc/login.defs #3、--------------------------------------------------------------------- echo \检查是否存在空口令\

echo \echo \awk -F: '($2 == \#4、-----------------------------------------------

#section2 限制root用户直接telnet或rlogin，ssh无效 ######建议在/etc/securetty文件中配置：CONSOLE /dev/tty01

#---------------------------------------------------------------------

= #帐号与口令-检查是否存在除root之外UID为0的用户 #echo \检查系统中是否存在其它id为0的用户\echo \echo \

mesg=`awk -F: '($3 == 0) { print $1 }' /etc/passwd|grep -v root` if [ -z $mesg ] then

echo \else echo

echo \echo \

echo \fi

#5、--------------------------------------------------------------------- echo \确保root用户的系统路径中不包含父目录，在非必要的情况下，不应包含组权限为777的目录\

echo \dont have father directory and 777 rights\echo \

echo $PATH | egrep '(^|:)(\\.|:|$)'

find `echo $PATH | tr ':' ' '` -type d \\( -perm -002 -o -perm -020 \\) -ls

#6、--------------------------------------------------------------------- echo \检查操作系统Linux远程连接\

echo \echo \find / -name .netrc find / -name .rhosts

echo \检查操作系统Linux用户umask设置\echo \echo \

for i in /etc/profile /etc/csh.login /etc/csh.cshrc /etc/bashrc do

grep -H umask $i|grep -v \done

###################设置umask为027

#7、--------------------------------------------------------------------- #echo \检查重要目录和文件的权限\

##echo \echo \for

i

in

/etc

/etc/rc.d/init.d

/tmp

/etc/inetd.conf

/etc/passwd/etc/shadow /etc/group /etc/security /etc/services /etc/rc*.d do ls -ld $i done

echo -n \read i case $i in y|yes) break ;; n|no)

echo \

echo \continue ;; *)

echo \;; esac

#8、--------------------------------------------------------------------- #echo \配置rc.d下脚本的权限\