#检查口令最小长度
cp /etc/login.defs /etc/login.defs.back
sed -i "/^PASS_MIN_LEN/c PASS_MIN_LEN 8" /etc/login.defs
#检查口令生存周期
sed -i "/^PASS_MAX_DAYS/c PASS_MAX_DAYS 90" /etc/login.defs
#检查设备密码复杂度策略
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
sed -i "/^password/i password requisite pam_cracklib.so ucredit=-1 lcredit=-1 dcredit=-1" /etc/pam.d/system-auth
#检查是否限制用户su到root
sed -i "/^auth/i auth sufficient pam_rootok.so" /etc/pam.d/su
sed -i "/^auth/i auth required pam_wheel.so group=wheel" /etc/pam.d/su
#检查是否设置文件与目录缺省权限
cp /etc/profile /etc/profile.bak
sed -i "/umask 002/c umask 027" /etc/profile
#检查是否设置命令行界面超时退出
sed -i "/^TMOUT=1800/c TMOUT=300" /etc/profile
#检查是否限制root用户远程登录
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i "/^PermitRootLogin/c PermitRootLogin no" /etc/ssh/sshd_config
#检查是否修改系统banner
mv /etc/issue /etc/issue.bak
mv /etc/issue.net /etc/issue.net.bak
————————————————
版权声明:本文为CSDN博主「qq_40766246」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_40766246/article/details/132082446