1) 禁用root 登陆
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改启动模式 3
vi /etc/inittab
3) 关服务
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 审计
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改启动模式 3
vi /etc/inittab
3) 关服务
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 审计
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/22661144/viewspace-1413188/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/22661144/viewspace-1413188/
扫一扫
1944
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
