centos 7 安全加固脚本

阿里云国内75折回扣微信号：monov8

阿里云国际，腾讯云国际，低至75折。AWS 93折免费开户实名账号代冲值优惠多多微信号：monov8 飞机：@monov6

脚本如下

该脚本采取了多项安全加固措施，包括关闭不必要的服务和端口，禁用文件共享，设置密码复杂度，禁止root用户远程登录，设置超时自动注销等。同时还安装了常用的安全工具，并更新了系统。可以根据需要进行修改和扩展，以适应不同的安全需求。


#!/bin/bash

# 该脚本用于红帽系统的安全加固

# 关闭不必要的服务
systemctl stop abrtd.service
systemctl disable abrtd.service
systemctl stop auditd.service
systemctl disable auditd.service
systemctl stop avahi-daemon.service
systemctl disable avahi-daemon.service
systemctl stop cups.service
systemctl disable cups.service
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl stop kdump.service
systemctl disable kdump.service
systemctl stop postfix.service
systemctl disable postfix.service
systemctl stop rpcbind.service
systemctl disable rpcbind.service
systemctl stop rsyslog.service
systemctl disable rsyslog.service
systemctl stop sshd.service
systemctl disable sshd.service

# 禁用不必要的网络端口
firewall-cmd --permanent --zone=public --remove-port=2049/tcp
firewall-cmd --permanent --zone=public --remove-port=111/tcp
firewall-cmd --permanent --zone=public --remove-port=111/udp
firewall-cmd --permanent --zone=public --remove-port=32769/tcp
firewall-cmd --permanent --zone=public --remove-port=892/tcp
firewall-cmd --permanent --zone=public --remove-port=2049/udp
firewall-cmd --reload

# 关闭不必要的文件共享
sed -i 's/^hosts:.*/hosts:      files dns/' /etc/nsswitch.conf

# 设置密码复杂度
sed -i 's/^# minlen/minlen/' /etc/security/pwquality.conf
sed -i 's/^# dcredit/dcredit/' /etc/security/pwquality.conf
sed -i 's/^# ucredit/ucredit/' /etc/security/pwquality.conf
sed -i 's/^# lcredit/lcredit/' /etc/security/pwquality.conf
sed -i 's/^# ocredit/ocredit/' /etc/security/pwquality.conf

# 禁止root用户远程登录
sed -i 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

# 设置超时自动注销
echo 'TMOUT=600' >> /etc/profile
echo 'export TMOUT' >> /etc/profile

# 安装常用的安全工具
yum -y install nmap
yum -y install tcpdump
yum -y install telnet
yum -y install lsof
yum -y install strace
yum -y install curl
yum -y install wget

# 更新系统
yum -y update