Linux基线扫描常用修复建议
cp /etc/login.defs /etc/login.defs.back
sed -i "/^PASS_MIN_LEN/c PASS_MIN_LEN 8" /etc/login.defs
sed -i "/^PASS_MAX_DAYS/c PASS_MAX_DAYS 90" /etc/login.defs
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
sed -i "/^password/i password requisite pam_cracklib.so ucredit=-1 lcredit=-1 dcredit=-1" /etc/pam.d/system-auth
sed -i "/^auth/i auth sufficient pam_rootok.so" /etc/pam.d/su
sed -i "/^auth/i auth required pam_wheel.so group=wheel" /etc/pam.d/su
cp /etc/profile /etc/profile.bak
sed -i "/umask 002/c umask 027" /etc/profile
sed -i "/^TMOUT=1800/c TMOUT=300" /etc/profile
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i "/^PermitRootLogin/c PermitRootLogin no" /etc/ssh/sshd_config
mv /etc/issue /etc/issue.bak
mv /etc/issue.net /etc/issue.net.bak
useradd username
passwd username
chmod 750 directory