centos7最小化安装安全脚本

#!/bin/bash
#Author:Benson
#Blog:http://www.itzui.top
#Time:2017-12-15 11:24:56
#Name:safe.sh
#Version:V1.0
#Description:用于调整服务器中的安全设置项如下：
#1.变更root密码为复杂性密码
#2.建立对应的普通账户并设定密码并加入sudoers文件中
#3.禁止root账户从ssh登陆
#4.变更22端口为2222端口
#5.防火墙策略调整
#6.设定系统自动更新

#变更root的密码为自定义复杂性密码
echo "xxxxxxxxxxxx" | passwd --stdin root

#创建管理组
groupadd admin

#使用循环建立对应的普通账户设定密码，并把普通账户加入sudoers文件中
while true
do
    read -p "pleases input the account you want to create: " ACCOUNT
    useradd -g ycwb_admin $ACCOUNT
    echo "123456" | passwd --stdin $ACCOUNT
	echo "$ACCOUNT ALL=(ALL) ALL" >> /etc/sudoers
    echo "account '$ACCOUNT' is created, the default password is '123456'."
    sleep 2
    read -p "Do you want to create another user?(y/n)" ANSWER
    if [ $ANSWER == "y" ];
    then
        continue
    else
        break
    fi
done

#禁止root账户从ssh端登录，第一条针对阿里云初装系统，第二条针对普通初装系统
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config

#变更ssh默认端口为2222端口
sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config

#调整防火墙策略，根据用户输入开放对应的端口
systemctl start firewalld
while true
do
    read -p "pleases input the number you want to open: " PORT
    firewall-cmd --zone=public --add-port=$PORT/tcp --permanent
    firewall-cmd --reload
	read -p "Do you want to add another port?(y/n)" ANSWER
    if [ $ANSWER == "y" ];
    then
        continue
    else
        break
    fi
done

#在屏幕打印出已开放的端口
echo "以下是系统已开放的端口：↓↓↓↓↓↓↓↓↓↓"
firewall-cmd --zone=public --list-all | grep "ports" | sed -n 1p
sleep 2

#启用系统自动更新
yum install -y yum-cron
sed -i 's/apply_updates = no/apply_updates = yes/g' /etc/yum/yum-cron.conf
systemctl start crond
systemctl start yum-cron
systemctl restart sshd
echo "系统自动更新已开启！"

---

如文章对您有帮助，请打开支付宝扫码领取红包，就当做对作者的支持，谢谢