1、检查shadow是否存在空口令用户和其他超级管理员用户:
awk -F: ‘($2 == "") { print $1 }‘ /etc/shadow
awk -F: ‘($3==0)‘ /etc/passwd
2、锁定系统中多余的自建(测试)帐号并备份
cat /etc/passwd && cp /etc/passwd /etc/passwd.bak cat /etc/shadow && cp /etc/shadow /etc/shadow.bak cp /etc/profile /etc/profile.bak
3、检查系统口令策略
cat /etc/login.defs|grep PASS #PASS_MAX_DAYSMaximum number of days a password may be used. #PASS_MIN_DAYSMinimum number of days allowed between password changes. #PASS_MIN_LENMinimum acceptable password length. #PASS_WARN_AGENumber of days warning given before a password expires. PASS_MAX_DAYS99999 PASS_MIN_DAYS0 PASS_MIN_LEN5 PASS_WARN_AGE7
4、停用或禁用无关的服务
who -r //查看当前的运行级别 chkconfig --list
5、设置访问控制策略
拒绝某些用户登录,允许某些用户登录,拒绝某些组登录,允许某些组登录
DenyUsers,AllowUsers,DenyGroups,AllowGroups eg:DenyUsers aaa bbb //禁用多个账户用空格隔开
如果只写AllowUsers表示如果这里不匹配就拒绝所用用户
PermitRootLogin no //拒绝root用户登录
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak grep Banner /etc/ssh/sshd_config Banner /etc/ssh/ssh_login_banner
# Banner none //取消banner消息 cat /etc/ssh/ssh_login_banner welcome to CentOS 6.5
看/etc/inittab里面有没有
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now //禁用ctrl+alt+del vi /etc/pam.d/system-auth auth required pam_tally.so onerr=fail deny=6 unlock_time=300 //密码连续输错6次,账户锁定300秒
vi /etc/profile
TMOUT=600 //无操作600秒自动退出 source /etc/profile
cat /etc/grub.conf|grep password //查看grub是否设置密码
审计策略:
ps -aef | grep syslog |grep -v grep //确认syslog是否启用 grep weekly /etc/logrotate.conf # rotate log files weekly weekly grep 4 /etc/logrotate.conf # keep 4 weeks worth of backlogs rotate 4 cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler
时间: 2024-08-28 15:31:34