linux redhat6.4-shell安装配置手册

合集下载
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

#/bin/bash
#1.修改主机名(执行前修改如下行xxxxx为所要修改的主机名!)
sed -i 's/HOSTNAME=localhost.localdomain/HOSTNAME=xxxxx/' /etc/sysconfig/network
hostname xxxxx

#2.配置hosts文件(此处变量需要第一个脚本设置生效,取值,否则取不到变量值!)
IP=$(ifconfig eth0 | grep 'inet addr:' |awk -F ":" '{print $2}' |awk '{print $1}')
sed -i '1i'$IP'' /etc/hosts
sed -i '/^'$IP'.*$/s//& '$HOSTNAME'/g' /etc/hosts
sed -i '3{s/^/#/}' /etc/hosts

#3.添加管理员账户
echo ===添加osmaster账户===
#!/bin/bash
name=osmaster
useradd $name
echo P@ssw0rd | passwd --stdin $name

#4.配置sudo
echo ===sudo配置===
chmod u+w /etc/sudoers
sed -i '/root\tALL=(ALL)/ a\osmaster ALL=(ALL) ALL' /etc/sudoers
chmod u-w /etc/sudoers

#5.添加staff组,将osmaster添加到staff组
groupadd -g 200 staff
usermod -G staff osmaster

#6.编辑selinux(重启生效)
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux

#7.关闭防火墙
service iptables stop
chkconfig iptables off

#8.编辑无响应注销
sed -i '$ a\export TMOUT=600' /etc/profile

#9.编辑history时间戳;
sed -i '$ a\export HISTTIMEFORMAT="%F %T"' /etc/bashrc

#10.编辑同步时间(注意修改所在区域的ntpserver服务地址!)
service ntpd stop
sed -i "s/server /#server /" /etc/ntp.conf
sed -i "s/server /#server /" /etc/ntp.conf
sed -i "s/server /#server /" /etc/ntp.conf
sed -i '/server / a server 10.10.10.10' /etc/ntp.conf
ntpdate -s 10.10.10.10
hwclock -w
chkconfig ntpd on
service ntpd start
#echo "* 23 * * * /usr/sbin/ntpdate -s 10.10.10.10;/sbin/hwclock -w" >> /var/spool/cron/root

#11.编辑访问控制
sed -i '$ a\umask 027' /etc/bashrc

#12.编辑登录失败用户锁定策略
sed -i '$ a\auth required pam_tally2.so onerr=fail deny=10 unlock_time=180 root_unlock_time=1' /etc/pam.d/system-auth

#13.编辑口令策略
#sed -i -e '/password requisite pam_cracklib.so try_first_pass retry=3 type=/ s/^/#/' /etc/pam.d/system-auth
#sed -i -e '/pam_cracklib.so try_first_pass retry=3 type=/ s/^/#/' /etc/pam.d/system-auth
sed -i -e '/password requisite/ s/^/#/' /etc/pam.d/system-auth
sed -i '/password requisite/ a password requisite pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 retry=3' /etc/pam.d/system-auth

#14.编辑口令规则
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t2/' /etc/login.defs

#15.编辑root用户远程登录:
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

#16.编辑SSH登录
sed -i 's/#IgnoreRhosts yes/IgnoreRhosts yes/' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPass

words no/' /etc/ssh/sshd_config
sed -i 's/#RhostsRSAAuthentication no/RhostsRSAAuthentication no/' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication no/ a HostbasedAuthentication no' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i '/#Banner none/ a Banner \/etc\/motd' /etc/ssh/sshd_config

#17.配置关键目录权限控制
chmod 644 /etc/passwd
chmod 600 /etc/shadow
chmod 644 /etc/group

#18.关闭ctrl+alt+del
sed -i -e '/start on control-alt-delete/ s/^/#/' /etc/init/control-alt-delete.conf
sed -i -e '/exec \/sbin\/shutdown -r now "Control-Alt-Delete pressed"/ s/^/#/' /etc/init/control-alt-delete.conf

echo ======配置完成!=====

相关文档
最新文档