日期:2014-05-16  浏览次数:20639 次

Linux 安全配置杂文


SSH 配置

vim /etc/ssh/sshd_config <<VIM > /dev/null 2>&1

:s/#LoginGraceTime 2m/LoginGraceTime 2m/

:s/#PermitRootLogin yes/PermitRootLogin no/

:s/#MaxAuthTries 6/MaxAuthTries 3/

:%s$#AuthorizedKeysFile$AuthorizedKeysFile?/dev/null$

:%s/GSSAPIAuthentication yes/GSSAPIAuthentication no/

:%s/GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/

:wq

?

VIM


禁止证书登陆 AuthorizedKeysFile /dev/null

http://netkiller.github.com/

锁定用户禁止登陆

?

passwd -l bin

passwd -l daemon

passwd -l adm

passwd -l lp

passwd -l sync

passwd -l shutdown

passwd -l halt

passwd -l mail

passwd -l uucp

passwd -l operator

passwd -l games

passwd -l gopher

passwd -l ftp

passwd -l nobody

passwd -l vcsa

passwd -l saslauth

?

passwd -l postfix

?

检查可以登陆的用户与有密码的用户

?

#!/bin/bash

function section(){
	local title=$1
	echo "=================================================="
	echo " $title "
	echo "=================================================="
}

section "Check login user"
grep -v nologin /etc/passwd

section "Check login password"
grep '\$' /etc/shadow

section "Check SSH authorized_keys file"
for key in $(ls -1 /home) 
do 
	if [ -e $key/.ssh/authorized_keys ]; then 
		echo "$key : $key/.ssh/authorized_keys"
	else
		echo "$key : "
	fi
done

?http://netkiller.github.com/

?

55.2.1.?pam_tally2.so

此模块的功能是,登陆错误输入密码3次,5分钟后自动解禁,在未解禁期间输入正确密码也无法登陆。

在配置文件 /etc/p