1.检查selinux是否关闭
selinux_check()
{
selinux_status=$(getenforce)
if [ "$selinux_status" != "Disabled" ]; then
echo "SELinux is currently enabled. Disabling it now..."
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
echo "SELinux configuration has been updated to remain disabled after reboot."
else
echo "SELinux is already disabled."
fi
}
2.创建普通用户,并添加sudo权限
common_user_add()
{
read -p "请输入想要创建的普通用户名称:" username
if id "$username" &>/dev/null; then
echo "用户已存在"
else
useradd "$username"
echo "$username:123456" | chpasswd
echo "$username ALL=(ALL) NOPASSWD: ALL" | sudo EDITOR='tee -a' visudo
echo "用户已创建,密码已设置"
fi
}
3.关闭防火墙
firewalld_check()
{
firewall_status=$(systemctl is-active firewalld)
# 判断防火墙是否正在运行
if [ "$firewall_status" == "active" ]; then
echo "防火墙正在运行,将关闭并设置为开机不启动。"
# 关闭防火墙
systemctl stop firewalld
# 设置防火墙开机不启动
systemctl disable firewalld
echo "防火墙已关闭并设置为开机不启动。"
else
echo "防火墙已关闭。"
fi
}
4.禁止root用户登录,以及修改ssh端口
disable_root_login_and_change_ssh_port()
{
SSH_CONFIG="/etc/ssh/sshd_config"
cp ${SSH_CONFIG} ${SSH_CONFIG}.bak
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' ${SSH_CONFIG}
sed -i 's/^Port 22/Port 10822/' ${SSH_CONFIG}
echo -e `date +%Y-%m-%d_%H:%M:%S` $color_Y"INFO"$color_0 $color_C"脚本结束后会重启sshd服务,到时候root会无法连接,请用普通用户登录..."$color_0
}
666
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
