#!/bash/bash
#关闭SElinux
echo ‘set SElinux disabled’
sed -i ‘s#^SELINUX=.#SELINUX=disabled#’ /etc/selinux/config
setenforce 0
#关闭防火墙
echo ‘关闭防火墙’
systemctl stop firewalld >>/dev/null
systemctl disabled firewalld >>/dev/null
#修改文件句柄数65535
echo ‘修改文件句柄数65535’
sed -i '
a
∗
s
o
f
t
n
o
f
i
l
e
6553
5
′
/
e
t
c
/
s
e
c
u
r
i
t
y
/
l
i
m
i
t
s
.
c
o
n
f
s
e
d
−
i
′
a* soft nofile 65535' /etc/security/limits.conf sed -i '
a∗softnofile65535′/etc/security/limits.confsed−i′a hard nofile 65535’ /etc/security/limits.conf
#禁止root远程登陆,修改sshd默认端口为2222
sed -i ‘aPermitRootLogin yes’ /etc/ssh/sshd_config
sed -i ‘s
.
∗
P
o
r
t
22.
∗
.*Port 22.*
.∗Port22.∗Port 2222
′
/
e
t
c
/
s
s
h
/
s
s
h
d
c
o
n
f
i
g
s
e
d
−
i
′
s
' /etc/ssh/sshd_config sed -i 's
′/etc/ssh/sshdconfigsed−i′s.ClientAliveInterval.
P
o
r
t
2222
Port 2222
Port2222’ /etc/ssh/sshd_config
sed -i ‘s
.
∗
T
C
P
K
e
e
p
A
l
i
v
e
y
e
s
.
∗
.*TCPKeepAlive yes.*
.∗TCPKeepAliveyes.∗TCPKeepAlive yes$’ /etc/ssh/sshd_config
systemctl restart sshd >>/dev/null
#创建普通用户devolps 密码:devolps
echo ‘创建devolps用户,密码为devolps’
useradd devolps
echo devolps |passwd --stdin devolps >>/dev/null
#设置用户登陆错误次数限制
echo ‘设置用户登陆错误次数为3次,超过次数后账户被锁定1200秒’
sed -i ‘1aauth required pam_tally2.so deny=3 unlock_time=600 even_deny_root root_unlock_time=1200’ /etcpam.d/sshd
sed -i ‘1aauth required pam_tally2.so deny=3 unlock_time=600 even_deny_root root_unlock_time=1200’ /etc/pam.d/login