linux安全加固

echo \echo \chmod -R 750 /etc/rc.d/init.d/*

chmod 755 /bin/su改了之后只能root su，没有了s位别的用户无法成功su

chmod 664 /var/log/wtmp #chattr +a /var/log/messages

#9、--------------------------------------------------------------------- echo \查找系统中存在的SUID和SGID程序\echo \echo \

for PART in `grep -v ^# /etc/fstab | awk '($6 != \do

find $PART \\( -perm -04000 -o -perm -02000 \\) -type f -xdev -print |xargs ls -ld done

echo -n \read i case $i in y|yes) break ;;

n|no)

echo \

echo \continue ;; *)

echo \;; esac

#10、--------------------------------------------------------------------- echo \查找系统中任何人都有写权限的目录\echo \echo \

for PART in `awk '($3 == \{ print $2 }' /etc/fstab`; do

find $PART -xdev -type d \\( -perm -0002 -a ! -perm -1000 \\) -print |xargsls -ld done

echo -n \read i

case $i in y|yes) break ;; n|no)

echo \

echo \continue ;; *)

echo \;; esac

#11、--------------------------------------------------------------------- #echo \查找系统中任何人都有写权限的文件\echo \echo \

for PART in `grep -v ^# /etc/fstab | awk '($6 != \do

find $PART -xdev -type f \\( -perm -0002 -a ! -perm -1000 \\) -print |xargs ls -ld done

echo -n \read i case $i in y|yes) break ;; n|no)

echo \

echo \continue ;; *)

echo \;; esac

#12、--------------------------------------------------------------------- echo \查找系统中没有属主的文件\

echo \echo \

for PART in `grep -v ^# /etc/fstab |grep -v swap| awk '($6 != \{print $2 }'`; do

find $PART -nouser -o -nogroup |grep -v \-v