cp -p /etc/group /etc/group_bak
groupadd groupname
usermod -g root luoshen
fdisk -l
方法二:修改 vi /etc/sudoers 文件,找到下面一行,在root下面添加一行,如下所示:
Allow root to run any commands anywhere
root ALL=(ALL) ALL
luoshen ALL=(ALL) ALL
vi /etc/issue vi /etc/issue.net vi /etc/motd
Authorized users only. All activity may be monitored and reported
vi /etc/hosts.allow
sshd:133.0.7.:allow #允许192.168.0的整个网段访问SSH服务进程
sshd:192.168.9.:allow #允许192.168.0的整个网段访问SSH服务进程
vsftpd:10.160.54.:allow
vsftpd:10.162.6.:allow
ftpd_banner=Welcome to luoshen FTP service.
vi /etc/hosts.deny
all:all #拒绝一切远程访问,但是配合文件hosts.allow一起使用.当两者有冲突时,以hosts.allow设置优先。
vi /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
sysctl -p
vi /etc/pam.d/system-auth
password requisite pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1
auth required pam_tally2.so deny=5 onerr=fail no_magic_root unlock_time=180 #unlock_time单位为秒
account required pam_tally2.so
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
chmod 644 /etc/passwd
chmod 400 /etc/shadow
chmod 644 /etc/group
chmod 644 /etc/services
chmod 600 /etc/xinetd.conf
chmod 600 /etc/security
systemctl start ntpd
systemctl restart sshd
systemctl status chronyd
systemctl start chronyd