linux系統(tǒng)優(yōu)化安全升級_第1頁
linux系統(tǒng)優(yōu)化安全升級_第2頁
linux系統(tǒng)優(yōu)化安全升級_第3頁
linux系統(tǒng)優(yōu)化安全升級_第4頁
linux系統(tǒng)優(yōu)化安全升級_第5頁
已閱讀5頁,還剩6頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

電信RHEL6.6-4.Hostnamesed-i"2cHOSTNAME=abm25"/etc/sysconfig/network>/etc/resolv.confecho'secure@1W'|passwdroot--stdiniptables-Fserviceiptablessave-3.vmtoolslftp-uweihu,pi=3yuaNs62<<EOFgetVMwareTools-8.6.11-1310128.tar.gzbyeEOFtarzxvfVMwareTools-8.6.11-1310128.tar.gzcdvmware-tools*./vmware-install.pl--default-2.Yummv/etc/yum.repos.d/rhel-source.repo/tmpvi/etc/yum.repos.d/rhel-source.repo[rhel-source]name=RedHatEnterpriseLinux$releasever-$basearch-Sourcebaseurl=62/iso/redhat6.6/enabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-releasesed-i"3cbaseurl=62/iso/redhat6.4/"/etc/yum.repos.d/rhel-source.repoyumcleanallyummakecacheyuminstall-y

ftplftpzlib*openssl*pam*gdmrubytelnet*vsftpd*\gccdstatmcelogiotoplsscsilibstdc++*libcap*yumgroupinstall-y

basic-desktop

x11

development

eclipse\

compat-libraries

storage-client-multipath

nfs-file-server\-1.雙網(wǎng)卡cd/etc/sysconfig/network-scripts/mvifcfg-enp1s0f0bakifcfg-enp1s0f0mvifcfg-enp130s0f1bakifcfg-enp130s0f1

echo"ifenslavebond0eth1eth5">>/etc/rc.d/rc.localcatifcfg-bond0viifcfg-bond0DEVICE=bond0BOOTPROTO=yesIPADDR=00GATEWAY=7NETMASK=24ONBOOT=yesBONDING_OPTS="mode=1miimon=200"--------------catifcfg-enp130s0f1

viifcfg-eth1DEVICE=eth1ONBOOT=yesBOOTPROTO=noneMASTER=bond0SLAVE=yeschmod644/etc/groupchmod644/etc/serviceschmod600/etc/xinetd.confchmod600/etc/security#6.bannermv/etc/issue/etc/issue.bakmv/etc//etc/.bakecho"Authorizedonly.Allactivitywillbemonitoredandreported">/etc/ssh_banner

#9.內(nèi)核(old)echo"*softnproc65535">>/etc/security/limits.confecho"*hardnproc65535">>/etc/security/limits.confecho"*softnofile65535">>/etc/security/limits.confecho"*hardnofile65535">>/etc/security/limits.confecho"*-maxlogins65535">>/etc/security/limits.confsed-i's/1024/65535/g'/etc/security/limits.d/90-nproc.conf#10.權(quán)限#11.time(old)echo"server3">>/etc/ntp.confchkconfigntpdonservicentpdrestart#12.服務(wù)chkconfigapmdoffchkconfignetfsoffchkconfigyppasswddoffchkconfigypservoffchkconfigdhcpdoffchkconfigportmapoffchkconfiglpdoffchkconfignfsoffchkconfigsendmailoffchkconfigsnmpdoffchkconfigsnmptrapdoffchkconfigrstatdoffchkconfigatdoffchkconfigcupsoffchkconfigbluetoothoffchkconfighiddoffchkconfigip6tablesoffchkconfigipsecoffchkconfigautofsoffchkconfigavahi-daemonoff#5353mdnschkconfigavahi-dnsconfdoffchkconfigcpuspeedoffchkconfigisdnoffchkconfignfslockoffchkconfignscdoffchkconfigpcscdoffchkconfigacpidoffchkconfigfirstbootoffchkconfigmcstransoffchkconfigmicrocode_ctloffchkconfigrpcgssdoffchkconfigrpcidmapdoffchkconfigrpcbindoffchkconfigportreserveonchkconfigpostfixoff#smtp25chkconfigsetroubleshootoffchkconfigxfsoffchkconfigxinetdoffchkconfigrestorecondoffchkconfiganacronoffchkconfigypbindoffchkconfigtftpoffchkconfigpoxoffchkconfigprinteroffchkconfigtelnetoffchkconfigNetworkManageroffchkconfigtog-pegasusoff#https5989chkconfigportreserveoff#udp631chkconfigrawdevicesonchkconfigmcelogdonchkconfigcrondonchkconfigkudzuonchkconfignetworkonchkconfigreadahead_earlyon

chkconfigsshdonchkconfigsyslogonchkconfigauditdonserviceNetworkManagerstop&&servicenetworkrestartservicesnmptrapdstop#14.hostssed-i's/#UseDNSyes/UseDNSno/g'/etc/ssh/sshd_configsed-i's/SELINUX=enforcing/SELINUX=disabled/g'/etc/selinux/config#15.iptables(old)serviceiptablesstop#7.登錄提示(old)exportnetbond=`ifconfig|grepbond|wc-l`if[$netbondge1];thenexportwoip=`ifconfigbond0|awk-F'[:]+''NR==2{print$4}'`echo-e"\n${HOSTNAME}@${woip}\n">/etc/motdelseexportwoip=`ifconfigeth1|awk-F'[:]+''NR==2{print$4}'`echo-e"\n${HOSTNAME}@${woip}\n">/etc/motdfi##cpmv/etc/yum.repos.d/rhel-source.repo/etc/yum.repos.d/rhel-source.repo.bakcprhel-source.repo/etc/yum.repos.d/rhel-source.repocpnmon/usr/binchmod775/usr/bin/nmon#13.ftp(old)sed-i's/anonymous_enable=YES/anonymous_enable=NO/g'/etc/vsftpd/vsftpd.conf#sed-i's/#chroot_local_user=YES/chroot_local_user=YES/g'/etc/vsftpd/vsftpd.confsed-i's/#ftpd_banner/ftpd_banner/g'/etc/vsftpd/vsftpd.confecho'dual_log_enable=YES'>>/etc/vsftpd/vsftpd.confecho'vsftpd_log_file=/var/log/vsftpd.log'>>/etc/vsftpd/vsftpd.confsed-i'/#nopriv_user=/cnopriv_user=weihu'/etc/vsftpd/vsftpd.confchkconfigvsftpdonservicevsftpdstartuser_list允許ftpusers禁止#15.glibcmkdirglibccdglibclftp-uweihu,pi=3yuaNs62<<EOFcdglibcmget*byeEOFyum-ylocalupdate*cd#16.opensshlftp-uweihu,pi=3yuaNs62<<EOFgetopenssh-7.6p1.tar.gzbyeEOFtarzxvfopenssh-7.6p1.tar.gzcdopenssh-7.6p1tarzxvfopenssh*cdopenssh*

./configure--prefix=/usr\--sysconfdir=/etc/ssh\--with-ssl-dir=/usr/share/ssl\--with-zlib\--with-pam\--with-md5-passwords\--with-kerberos5\sleep3make&&makeinstallmv/etc/init.d/sshd/tmp/sshdcpcontrib/redhat/sshd.init/etc/init.d/sshdservicesshdrestartssh-Vcd17.nmonlftp-uweihu,pi=3yuaNs62<<EOFgetnmonbyeEOFcpnmon/usr/binchmod+x/usr/bin/nmonmkdir/home/weihu/nmon/crontab-l****1find/home/weihu/nmon/-typef-mtime+7-execrm-rf{}\;11***nmon-s60-c1430-f-m

/home/weihu/nmon/18.kdumpservicekdumpstatus19.Xmanager不做了yuminstall-y

gdmvi/etc/gdm/custom.conf[security]AllowRoot=trueAllowRemoteRoot=true[xdmcp]Port=177Enable=true20.itsm不做了su-ibnmslftp-uweihu,pi=3yuaNs62<<EOFgetjdk1.6.0_21.tar.gzbyeEOFtarzxvfjdk1.6.0_21.tar.gz21.必做rpm-ehttpd--nodepsrpm-emysql--nodepsrpm-enet-snmp--nodepsrpm-ewget--nodepsrpm-esquid--nodeps22.ntpdlftp-uweihu,pi=3yuaNs62<<EOFgetntp-4.2.8p10.tar.gzbyeEOFrpm-entp--nodepsrpm-entpdate--nodeps./configure--prefix=/usr\--bindir

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論