#!/bin/bash
#阿里云linux系统基线加固
#敏感文件权限
chown root:root /etc/passwd /etc/shadow /etc/group /etc/gshadow
chmod 0644 /etc/group
chmod 0644 /etc/passwd
chmod 0400 /etc/shadow
chmod 0400 /etc/gshadow
#设置SSH LogLevel设置为INFO
sed -i "s/#LogLevel INFO/LogLevel INFO/g" /etc/ssh/sshd_config
#设置SSH空闲超时退出时间
sed -i "s/^#ClientAliveInterval.*$/ClientAliveInterval 900/g" /etc/ssh/sshd_config
sed -i "s/^#ClientAliveCountMax.*$/ClientAliveCountMax 0/g" /etc/ssh/sshd_config
#SSHD强制使用V2安全协议
if [[ `grep "Protocol 2" /etc/ssh/sshd_config |wc -l` == "0" ]];then
echo "Protocol 2" >>/etc/ssh/sshd_config
fi
#确保SSH MaxAuthTries设置为3到6之间
sed -i "s/#MaxAuthTries/MaxAuthTries/g" /etc/ssh/sshd_config
sed -i "s/^MaxAuthTries.*$/MaxAuthTries 4/g" /etc/ssh/sshd_config
#设置密码修改最小间隔时间
sed -i "s/^PASS_MIN_DAYS.*$/PASS_MIN_DAYS 7/g" /etc/login.defs
chage --mindays 7 root
#设置密码失效时间
sed -i "s/^PASS_MAX_DAYS.*$/PASS_MAX_DAYS 90/g" /etc/login.defs
chage --maxdays 90 root
#禁止SSH空密码用户登录
sed -i "s/#PermitEmptyPasswords no/PermitEmptyPasswords no/g" /etc/ssh/sshd_config
service sshd restart
版权归属:
Z先森
许可协议:
本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权
评论区