linux基本安全配置设置脚本

 方便设置一些基本的linux安全设置

#vi autosafe.sh
#!/bin/bash ######################################################################### # # File:         autosafe.sh # Description:  # Language:     GNU Bourne-Again SHell # Version: 1.1 # Date: 2010-6-23 # Corp.: c1gstudio.com # Author: c1g # WWW: http://blog.c1gstudio.com ### END INIT INFO ###############################################################################
V_DELUSER="adm lp sync shutdown halt mail news uucp operator games gopher ftp" V_DELGROUP="adm lp mail news uucp games gopher mailnull floppy dip pppusers popusers slipusers daemon" V_PASSMINLEN=8 V_HISTSIZE=30 V_TMOUT=300 V_GROUPNAME=suadmin V_SERVICE="acpid anacron apmd atd auditd autofs avahi-daemon avahi-dnsconfd bluetooth cpuspeed cups dhcpd firstboot gpm haldaemon hidd ip6tables ipsec isdn kudzu lpd mcstrans messagebus microcode_ctl netfs nfs nfslock nscd pcscd portmap readahead_early restorecond rpcgssd rpcidmapd rstatd sendmail setroubleshoot snmpd sysstat xfs xinetd yppasswdd ypserv yum-updatesd" V_TTY="3|4|5|6" V_SUID=( '/usr/bin/chage' '/usr/bin/gpasswd' '/usr/bin/wall' '/usr/bin/chfn' '/usr/bin/chsh' '/usr/bin/newgrp' '/usr/bin/write' '/usr/sbin/usernetctl' '/bin/traceroute' '/bin/mount' '/bin/umount' '/sbin/netreport' ) version=1.0

# we need root to run if test "`id -u`" -ne 0 then echo "You need to start as root!" exit fi
case $1 in "deluser") echo "delete user ..." for i in $V_DELUSER ;do echo "deleting $i"; userdel $i ; done ;;
"delgroup") echo "delete group ..." for i in $V_DELGROUP ;do echo "deleting $i"; groupdel $i; done ;;
"password") echo "change password limit ..." echo "/etc/login.defs" echo "PASS_MIN_LEN $V_PASSMINLEN" sed -i "/^PASS_MIN_LEN/s/5/$V_PASSMINLEN/" /etc/login.defs ;;
"history") echo "change history limit ..." echo "/etc/profile" echo "HISTSIZE $V_HISTSIZE" sed -i "/^HISTSIZE/s/1000/$V_HISTSIZE/" /etc/profile ;;
"logintimeout") echo "change login timeout ..." echo "/etc/profile" echo "TMOUT=$V_TMOUT" sed -i "/^HISTSIZE/a\TMOUT=$V_TMOUT" /etc/profile ;;
"bashhistory") echo "denied bashhistory ..." echo "/etc/skel/.bash_logout" echo 'rm -f $HOME/.bash_history' if egrep "bash_history" /etc/skel/.bash_logout > /dev/null then echo 'warning:existed' else echo 'rm -f $HOME/.bash_history' >> /etc/skel/.bash_logout fi
;; "addgroup") echo "groupadd $V_GROUPNAME ..." groupadd $V_GROUPNAME ;;
"sugroup") echo "permit $V_GROUPNAME use su ..." echo "/etc/pam.d/su" echo "auth sufficient /lib/security/pam_rootok.so debug" echo "auth required /lib/security/pam_wheel.so group=$V_GROUPNAME" if egrep "auth sufficient /lib/security/pam_rootok.so debug" /etc/pam.d/su > /dev/null then echo 'warning:existed' else echo 'auth sufficient /lib/security/pam_rootok.so debug' >> /etc/pam.d/su echo "auth required /lib/security/pam_wheel.so group=${V_GROUPNAME}" >> /etc/pam.d/su fi ;;
"denyrootssh") echo "denied root login ..." echo "/etc/ssh/sshd_config" echo "PermitRootLogin no" sed -i '/^#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config ;;
"stopservice") echo "stop services ..."