cp -p /etc/group /etc/group_bak
groupadd groupname
usermod -g root luoshen
fdisk -l
Method 2: Modify the vi /etc/sudoers file, find the following line, and add a line under root, as shown below:
Allow root to run any commands anywhere
root ALL=(ALL) ALL
luoshen ALL=(ALL) ALL
vi /etc/issue vi /etc/issue.net vi /etc/motd
Authorized users only. All activity may be monitored and reported
vi /etc/hosts.allow
sshd:133.0.7.:allow #Allow the entire network segment of 192.168.0 to access the SSH service process
sshd:192.168.9.:allow #Allow the entire network segment of 192.168.0 to access the SSH service process
vsftpd:10.160.54.:allow
vsftpd:10.162.6.:allow
ftpd_banner=Welcome to luoshen FTP service.
vi /etc/hosts.deny
all:all #Reject all remote access, but use with the file hosts.allow. When the two conflicts, the hosts.allow setting takes precedence.
vi /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
sysctl -p
vi /etc/pam.d/system-auth
password requisite pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1
auth required pam_tally2.so deny=5 onerr=fail no_magic_root unlock_time=180 #unlock_time单位为秒
account required pam_tally2.so
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
chmod 644 /etc/passwd
chmod 400 /etc/shadow
chmod 644 /etc/group
chmod 644 /etc/services
chmod 600 /etc/xinetd.conf
chmod 600 /etc/security
systemctl start ntpd
systemctl restart sshd
systemctl status chronyd
systemctl start chronyd