版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/s295580857/article/details/78842699
#!/bin/bash
#Author:Benson
#Blog:http://www.itzui.top
#Time:2017-12-15 11:24:56
#Name:safe.sh
#Version:V1.0
#Description:用于调整服务器中的安全设置项如下:
#1.变更root密码为复杂性密码
#2.建立对应的普通账户并设定密码并加入sudoers文件中
#3.禁止root账户从ssh登陆
#4.变更22端口为2222端口
#5.防火墙策略调整
#6.设定系统自动更新
#变更root的密码为自定义复杂性密码
echo "xxxxxxxxxxxx" | passwd --stdin root
#创建管理组
groupadd admin
#使用循环建立对应的普通账户设定密码,并把普通账户加入sudoers文件中
while true
do
read -p "pleases input the account you want to create: " ACCOUNT
useradd -g ycwb_admin $ACCOUNT
echo "123456" | passwd --stdin $ACCOUNT
echo "$ACCOUNT ALL=(ALL) ALL" >> /etc/sudoers
echo "account '$ACCOUNT' is created, the default password is '123456'."
sleep 2
read -p "Do you want to create another user?(y/n)" ANSWER
if [ $ANSWER == "y" ];
then
continue
else
break
fi
done
#禁止root账户从ssh端登录,第一条针对阿里云初装系统,第二条针对普通初装系统
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config
#变更ssh默认端口为2222端口
sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
#调整防火墙策略,根据用户输入开放对应的端口
systemctl start firewalld
while true
do
read -p "pleases input the number you want to open: " PORT
firewall-cmd --zone=public --add-port=$PORT/tcp --permanent
firewall-cmd --reload
read -p "Do you want to add another port?(y/n)" ANSWER
if [ $ANSWER == "y" ];
then
continue
else
break
fi
done
#在屏幕打印出已开放的端口
echo "以下是系统已开放的端口:↓↓↓↓↓↓↓↓↓↓"
firewall-cmd --zone=public --list-all | grep "ports" | sed -n 1p
sleep 2
#启用系统自动更新
yum install -y yum-cron
sed -i 's/apply_updates = no/apply_updates = yes/g' /etc/yum/yum-cron.conf
systemctl start crond
systemctl start yum-cron
systemctl restart sshd
echo "系统自动更新已开启!"