1. 基于CentOS版本整改修复,其他Linux也可参考
2. 运行完成脚本后,先不关闭原有登录界面,需要重新登录一次,看是否能成功,如不成功,可能在/etc/pam.d/system-auth、/etc/pam.d/sshd、/etc/pam.d/login出现错误
cp /etc/login.defs /etc/login.defs.bak
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
cp /etc/pam.d/login /etc/pam.d/login.bak
cp /etc/profile /etc/profile.bak
cp /etc/audit/rules.d/audit.rules /etc/audit/rules.d/audit.rules.bak
sed -i '14a password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=5 enforce_for_root' /etc/pam.d/system-auth
sed -i '1a auth required pam_tally2.so deny=5 unlock_time=1800 even_deny_root root_unlock_time=1800' /etc/pam.d/sshd
sed -i '3a auth required pam_tally2.so deny=5 unlock_time=1800 even_deny_root root_unlock_time=1800' /etc/pam.d/system-auth
echo "export TMOUT=600" >> /etc/profile
sed -i 's/HISTSIZE=.*$/HISTSIZE=0/g' /etc/profile
sed -i 's/PASS_MAX_DAYS.*$/PASS_MAX_DAYS 90/g' /etc/login.defs
sed -i 's/PASS_MIN_LEN.*$/PASS_MIN_LEN 8/g' /etc/login.defs
sed -i 's/rotate.*$/rotate 30/g' /etc/logrotate.conf
chage -M 90 root
useradd audit
useradd operater
echo "Aa1@#34567890@mushu"|passwd --stdin audit
echo "Aa1@#78903456@mushu"|passwd --stdin operater
source /etc/profile
service rsyslog start
service rsyslog restart
service auditd start
service auditd restart
#修改审计规则(选改)
cp /etc/audit/rules.d/audit.rules /etc/audit/rules.d/audit.rules.bak
sed -i '10a -w /etc/passwd -p rwa' /etc/audit/rules.d/audit.rules
sed -i '11a -w /etc/shadow -p rwa' /etc/audit/rules.d/audit.rules
sed -i '12a -w /etc/crontab -p wa' /etc/audit/rules.d/audit.rules
sed -i '13a -w /etc/group -p wa' /etc/audit/rules.d/audit.rules
sed -i '14a -w /etc/sudoers -p wa' /etc/audit/rules.d/audit.rules
sed -i '15a -w /etc/hosts -p wa' /etc/audit/rules.d/audit.rules
sed -i '16a -w /etc/sysctl.conf -p wa' /etc/audit/rules.d/audit.rules
sed -i '17a -w /etc/aliases -p wa' /etc/audit/rules.d/audit.rules
sed -i '18a -w /etc/bashrc -p wa' /etc/audit/rules.d/audit.rules
sed -i '19a -w /etc/profile -p wa' /etc/audit/rules.d/audit.rules
sed -i '20a -w /var/log/lastlog' /etc/audit/rules.d/audit.rules
sed -i '21a -w /var/log/yum.log' /etc/audit/rules.d/audit.rules
sed -i '22a -w /etc/issue -p wa' /etc/audit/rules.d/audit.rules
sed -i '23a -w var/log/yum.log' /etc/audit/rules.d/audit.rules
sed -i '24a -w /usr/bin/ -p wa' /etc/audit/rules.d/audit.rules
sed -i '25a -w /etc/ssh/sshd_config' /etc/audit/rules.d/audit.rules
service auditd restart
auditctl -l
博主微信(微信号:CSmile_H):
从事该等保测评行业、密码测评、信息安全、网络安全、数据安全、系统开发、程序员(包括大学生课设资源,本人毕业时保留了大量的资源)工作的,本人有很多各类的资源体系、运维工具,核查工具等,并可资源帮助(私我可免费领取),主打就是给你们省钱、避坑。可以加我微信,然后我拉进群(工会群,主要给大家避坑)。
384
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
