#! /bin/bash
#检查系统版本
function CheckSystem() {
system_version=‘’
if [[ -e /etc/os-release ]]; then
source /etc/os-release
system_version=${system_version}"PRETTY_NAME:
P
R
E
T
T
Y
_
N
A
M
E
,
"
e
l
s
e
s
y
s
t
e
m
_
v
e
r
s
i
o
n
=
PRETTY\_NAME, " else system\_version=
PRETTY_NAME,"elsesystem_version={system_version}“PRETTY_NAME: cat /etc/issue|head -n 1
, "
fi
var=KaTeX parse error: Expected '}', got 'EOF' at end of input: …?} echo "......{var}…”
}
#检查密码有效期
function CheckPassMaxDays() {
PASS_MAX_DAYS=cat /etc/login.defs | grep PASS\_MAX\_DAYS | grep -v ^# | awk '{print $2}'
if [ -z $PASS_MAX_DAYS ];then
sed -i ‘s/#PASS_MAX_DAYS/PASS_MAX_DAYS/’ /etc/login.defs
PASS_MAX_DAYS=cat /etc/login.defs | grep PASS\_MAX\_DAYS | grep -v ^# | awk '{print $2}'
fi
if [ -z $PASS_MAX_DAYS ];then
echo “…[N] Password Validity Period: Reset failed”
elif [ $PASS_MAX_DAYS -le 90 -a $PASS_MAX_DAYS -ge 30 ];then
echo “…[Y] Password Validity Period:
P
A
S
S
_
M
A
X
_
D
A
Y
S
d
a
y
s
"
e
l
s
e
s
e
d
−
i
′
/
P
A
S
S
_
M
A
X
_
D
A
Y
S
/
s
/
′
"
PASS\_MAX\_DAYS days" else sed -i '/PASS\_MAX\_DAYS/s/'"
PASS_MAX_DAYSdays"elsesed−i′/PASS_MAX_DAYS/s/′"{PASS_MAX_DAYS}”‘/90/g’ /etc/login.defs
PASS_MAX_DAYS=cat /etc/login.defs | grep PASS\_MAX\_DAYS | grep -v ^# | awk '{print $2}'
if [ $PASS_MAX_DAYS -le 90 -a $PASS_MAX_DAYS -ge 30 ];then
echo “…[Y] Password Validity Period: $PASS_MAX_DAYS days”
else
echo “…[N] Password Validity Period: Reset failed”
fi
fi
}
#检查日志保留时间
function CheckLogBackupTime() {
Log_Backup_Time=cat /etc/logrotate.conf |head -n 10|grep "rotate "| grep -v ^# | head -n 1|awk '{print $2}'
if [ -z $Log_Backup_Time ];then
sed -i ‘s/#rotate/rotate/’ /etc/logrotate.conf
Log_Backup_Time=cat /etc/logrotate.conf |head -n 10|grep "rotate "| grep -v ^# | head -n 1|awk '{print $2}'
fi
if [ -z $Log_Backup_Time ];then
echo “…[N] Log backup Time,Configuration does not exist”
elif [ $Log_Backup_Time -ge 26 ];then
echo “…[Y] Log backup Time:
L
o
g
_
B
a
c
k
u
p
_
T
i
m
e
w
e
e
k
s
"
e
l
s
e
s
e
d
−
i
′
/
r
o
t
a
t
e
/
s
/
′
"
Log\_Backup\_Time weeks" else sed -i '/rotate/s/'"
Log_Backup_Timeweeks"elsesed−i′/rotate/s/′"{Log_Backup_Time}”‘/26/g’ /etc/logrotate.conf
Log_Backup_Time=cat /etc/logrotate.conf |head -n 10|grep "rotate "| grep -v ^# | head -n 1|awk '{print $2}'
if [ $Log_Backup_Time -ge 26 ];then
echo “…[Y] Log backup Time: $Log_Backup_Time weeks”
else
echo “…[N] Log backup Time,Reset failed”
fi
fi
}
#检查会话超时时间
function CheckConnectionTimeout() {
Connection_Timeout=cat /etc/profile | grep 'export TMOUT' | grep -v ^# | cut -d= -f2
if [ -z
C
o
n
n
e
c
t
i
o
n
_
T
i
m
e
o
u
t
]
;
t
h
e
n
s
e
d
−
i
′
Connection\_Timeout ];then sed -i '
Connection_Timeout];thensed−i′a export TMOUT=1800’ /etc/profile
elif [ $Connection_Timeout -gt 1800 -o
C
o
n
n
e
c
t
i
o
n
_
T
i
m
e
o
u
t
−
l
t
600
]
;
t
h
e
n
s
e
d
−
i
′
/
T
M
O
U
T
/
s
/
′
"
Connection\_Timeout -lt 600 ];then sed -i '/TMOUT/s/'"
Connection_Timeout−lt600];thensed−i′/TMOUT/s/′"{Connection_Timeout}"‘/1800/g’ /etc/profile
fi
source /etc/profile
Connection_Timeout=cat /etc/profile | grep 'export TMOUT' | grep -v ^# | cut -d= -f2
if [ $Connection_Timeout -le 1800 -a $Connection_Timeout -ge 600 ];then
echo “…[Y] Connection timeout: $Connection_Timeout seconds”
else
echo “…[N] Connection timeout: Reset failed”
fi
}
#检查共享账户
function CheckSharedUser() {
usermod -L shutdown 2>/dev/null
usermod -L halt 2>/dev/null
echo “…[Y] Shared user: Locked”
}
#检查审计策略
function CheckAuditLogs() {
Audit_Logs=auditctl -s | grep enabled | awk '{print $2}'
if [ $Audit_Logs -ne 1 ];then
systemctl start auditd
systemctl enable auditd
fi
Audit_Logs=auditctl -s | grep enabled | awk '{print $2}'
if [ $Audit_Logs -eq 1 ];then
echo “…[Y] Audit Policy: $Audit_Logs Enable”
else
echo “…[N] Audit Policy: $Audit_Logs Disabled”
fi
}
#检查分权账户
function CheckAuthorizedUser() {
shenji=cat /etc/passwd |grep shenji | grep -v ^# | cut -d: -f 1
anquan=cat /etc/passwd |grep anquan | grep -v ^# | cut -d: -f 1
sysadmin=cat /etc/passwd |grep sysadmin | grep -v ^# | cut -d: -f 1
if [ -z KaTeX parse error: Expected 'EOF', got '#' at position 49: … shenji:In123!@#̲123|chpasswd se…a shenji ALL = (root) NOPASSWD: /usr/bin/cat , /usr/bin/less , /usr/bin/more , /usr/bin/tail , /usr/bin/head’ /etc/sudoers
fi
if [ -z $anquan ];then
useradd anquan
echo anquan:In123!@#123|chpasswd
fi
if [ -z $sysadmin ];then
useradd sysadmin
echo sysadmin:In123!@#123|chpasswd
fi
shenji=cat /etc/passwd |grep shenji | grep -v ^# | cut -d: -f 1
anquan=cat /etc/passwd |grep anquan | grep -v ^# | cut -d: -f 1
sysadmin=cat /etc/passwd |grep sysadmin | grep -v ^# | cut -d: -f 1
if [ -z $shenji -o -z $anquan -o -z $sysadmin ];then
echo “…[N] Authorized user: $shenji, $anquan, $sysadmin”
else
echo “…[Y] Authorized user: $shenji, $anquan, $sysadmin”
fi
}
#检查登录失败锁定配置CentOS
function CheckLoginFailureLock_CentOS() {
Login_Failure_Lock=grep "pam\_tally2.so" /etc/pam.d/system-auth| grep -v ^#|head -n 1|awk '{print $7}'
if [ -z $Login_Failure_Lock ];then
sed -i ‘/pam_tally2.so/s/#auth/auth/g’ /etc/pam.d/system-auth
Login_Failure_Lock=grep "pam\_tally2.so" /etc/pam.d/system-auth| grep -v ^#|head -n 1|awk '{print $7}'
fi
if [ -z
L
o
g
i
n
_
F
a
i
l
u
r
e
_
L
o
c
k
]
;
t
h
e
n
s
e
d
−
i
′
Login\_Failure\_Lock ];then sed -i '
Login_Failure_Lock];thensed−i′a auth required pam_tally2.so onerr=fail audit silent dent=5 unlock_time=600 even_deny_root root_unlock_time=600’ /etc/pam.d/system-auth
else
Login_Failure_Lock=grep "pam\_tally2.so onerr=fail audit silent dent=5 unlock\_time=600" /etc/pam.d/system-auth| grep -v ^#|awk '{print $7}'
if [ -z KaTeX parse error: Expected 'EOF', got '#' at position 60: …lly2.so/s/auth/#̲auth/g' /etc/pa…a auth required pam_tally2.so onerr=fail audit silent dent=5 unlock_time=600 even_deny_root root_unlock_time=600’ /etc/pam.d/system-auth
fi
fi
Login_Failure_Lock=grep "pam\_tally2.so onerr=fail audit silent dent=5 unlock\_time=600" /etc/pam.d/system-auth| grep -v ^#|awk '{print $7","$8","$10}'
if [ -z $Login_Failure_Lock ];then
echo “…[N] Login Failure Lock: Reset failed”
else
echo “…[Y] Login Failure Lock: $Login_Failure_Lock”
fi
}
#检查登录失败锁定配置SUSE
function CheckLoginFailureLock_SUSE() {
Login_Failure_Number=cat /etc/login.defs | grep LOGIN\_RETRIES | grep -v ^# | awk '{print $2}'
if [ -z $Login_Failure_Number ];then
sed -i ‘s/#LOGIN_RETRIES/LOGIN_RETRIES/’ /etc/login.defs
Login_Failure_Number=cat /etc/login.defs | grep LOGIN\_RETRIES | grep -v ^# | awk '{print $2}'
fi
if [ -z $Login_Failure_Number ];then
echo “…[N] Number of login failures: No configuration”
elif [ $Login_Failure_Number -le 8 -a $Login_Failure_Number -ge 3 ];then
echo “…[Y] Number of login failures:
L
o
g
i
n
_
F
a
i
l
u
r
e
_
N
u
m
b
e
r
"
e
l
s
e
s
e
d
−
i
′
/
L
O
G
I
N
_
R
E
T
R
I
E
S
/
s
/
′
"
Login\_Failure\_Number" else sed -i '/LOGIN\_RETRIES/s/'"
Login_Failure_Number"elsesed−i′/LOGIN_RETRIES/s/′"{Login_Failure_Number}”‘/5/g’ /etc/login.defs
Login_Failure_Number=cat /etc/login.defs | grep LOGIN\_RETRIES | grep -v ^# | awk '{print $2}'
if [ $Login_Failure_Number -le 8 -a $Login_Failure_Number -ge 3 ];then
echo “…[Y] Number of login failures: $Login_Failure_Number”
else
echo “…[N] Number of login failures: No configuration”
fi
fi
Login_Failure_Time=cat /etc/login.defs | grep LOGIN\_TIMEOUT | grep -v ^# | awk '{print $2}'
if [ -z $Login_Failure_Time ];then
sed -i ‘s/#LOGIN_TIMEOUT/LOGIN_TIMEOUT/’ /etc/login.defs
Login_Failure_Time=cat /etc/login.defs | grep LOGIN\_TIMEOUT | grep -v ^# | awk '{print $2}'
fi
if [ -z $Login_Failure_Time ];then
echo “…[N] Login failure lock time: Reset failed”
elif [ $Login_Failure_Time -le 1800 -a $Login_Failure_Time -ge 300 ];then
echo “…[Y] Login failure lock time:
L
o
g
i
n
_
F
a
i
l
u
r
e
_
T
i
m
e
s
e
c
o
n
d
s
"
e
l
s
e
s
e
d
−
i
′
/
L
O
G
I
N
_
T
I
M
E
O
U
T
/
s
/
′
"
Login\_Failure\_Time seconds" else sed -i '/LOGIN\_TIMEOUT/s/'"
Login_Failure_Timeseconds"elsesed−i′/LOGIN_TIMEOUT/s/′"{Login_Failure_Time}”‘/300/g’ /etc/login.defs
Login_Failure_Time=cat /etc/login.defs | grep LOGIN\_TIMEOUT | grep -v ^# | awk '{print $2}'
if [ $Login_Failure_Time -le 1800 -a $Login_Failure_Time -ge 300 ];then
echo “…[Y] Login failure lock time: $Login_Failure_Time seconds”
else
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。
深知大多数网络安全工程师,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点,真正体系化!
由于文件比较大,这里只是将部分目录大纲截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且后续会持续更新
如果你觉得这些内容对你有帮助,可以添加VX:vip204888 (备注网络安全获取)
一、网安学习成长路线图
网安所有方向的技术点做的整理,形成各个领域的知识点汇总,它的用处就在于,你可以按照上面的知识点去找对应的学习资源,保证自己学得较为全面。
二、网安视频合集
观看零基础学习视频,看视频学习是最快捷也是最有效果的方式,跟着视频中老师的思路,从基础到深入,还是很容易入门的。
三、精品网安学习书籍
当我学到一定基础,有自己的理解能力的时候,会去阅读一些前辈整理的书籍或者手写的笔记资料,这些笔记详细记载了他们对一些技术点的理解,这些理解是比较独到,可以学到不一样的思路。
四、网络安全源码合集+工具包
光学理论是没用的,要学会跟着一起敲,要动手实操,才能将自己的所学运用到实际当中去,这时候可以搞点实战案例来学习。
五、网络安全面试题
最后就是大家最关心的网络安全面试题板块
一个人可以走的很快,但一群人才能走的更远。如果你从事以下工作或对以下感兴趣,欢迎戳这里加入程序员的圈子,让我们一起学习成长!
AI人工智能、Android移动开发、AIGC大模型、C C#、Go语言、Java、Linux运维、云计算、MySQL、PMP、网络安全、Python爬虫、UE5、UI设计、Unity3D、Web前端开发、产品经理、车载开发、大数据、鸿蒙、计算机网络、嵌入式物联网、软件测试、数据结构与算法、音视频开发、Flutter、IOS开发、PHP开发、.NET、安卓逆向、云计算
tps://bbs.csdn.net/forums/4304bb5a486d4c3ab8389e65ecb71ac0)
AI人工智能、Android移动开发、AIGC大模型、C C#、Go语言、Java、Linux运维、云计算、MySQL、PMP、网络安全、Python爬虫、UE5、UI设计、Unity3D、Web前端开发、产品经理、车载开发、大数据、鸿蒙、计算机网络、嵌入式物联网、软件测试、数据结构与算法、音视频开发、Flutter、IOS开发、PHP开发、.NET、安卓逆向、云计算