This script is based on centos7 and centos6 write:
For reference only, do not blindly copy execution
#!/bin/bash
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
export PATH
Centos7=$(uname -a | grep "el7" | wc -l)
Centos6=$(uname -a | grep "el6" | wc -l)
if [ $Centos7 == 1 ];
then
echo "System Centos 7 in reset kernel"
/bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "\033[31m Selinux\033[0m is already not running"
else
/bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0 2>&1 >/dev/null
echo -e "\033[31m Selinux \033[0m is already modify stop successful"
be
################# <关闭多余用户> ##########################
userdel -r lp 2>&1 >/dev/null
userdel -r sync 2>&1 >/dev/null
userdel -r shutdown 2>&1 >/dev/null
userdel -r halt 2>&1 >/dev/null
userdel -r operator 2>&1 >/dev/null
userdel -r games 2>&1 >/dev/null
userdel -r gopher 2>&1 >/dev/null
chmod +s /bin/netstat
chmod 400 /etc/shadow
################# <系统内核安全> ##########################
ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l)
if [ $ipv4 -lt 2 ];
then
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
sysctl -p
else
echo "kernel already reset"
fi
hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l)
if [ $hosts -ne 1 ];
then
echo "insert sshd allow"
echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow
else
echo "sshd already reset"
fi
################## 《更改时区》###############################
TZ=`timedatectl |grep Time|awk {'print $3'}`
SH="Adsia/Shanghai"
if [ $TZ == $SH ];then
echo -e "\033[31m Timezone \033[0m is already "Asia/Shanghai""
else
rm -f /etc/localtime
cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai""
fi
################ <更改ssh端口和禁止root登录> #######################
Net=$(netstat -tulnp|grep 22502 | wc -l)
if [ $Net = 0 ];then
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i '/Port 22/aPort 22502' /etc/ssh/sshd_config
echo -e "\033[31m SSH's port 22 is already modify to 22502\033[0m"
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config
if [ $? -eq 0 ];then
systemctl restart sshd 2>&1 >/dev/null
echo -e "\033[31m SSH's service\033[0m has restart again"
fi
else
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
echo -e "\033[31m chage Use UseDns\033[0m"
PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
echo -e "ssh's port is \033[31m already modify $PORT\033[0m"
fi
############## <登录密码相关设置> #######################################
cp /etc/login.defs /etc/login.defs.bak
sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/99999/g' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs
sed -i '/ ^ PASS_MIN_LEN / s / [0-9] \ {1, \} / 12 / G '/etc/login.defs
sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs
#########################################################################
username=$(id kyeroot | grep "uid=0" | wc -l)
if [ $username = 0 ];then
useradd kyeroot
echo "Aa+12345678" | passwd --stdin kyeroot
sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd
sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd
sed -i "/^root/s/bin/sbin/g" /etc/passwd
sed -i "/^root/s/bash/nologin/g" /etc/passwd
cp /etc/sudoers /etc/sudoers.bak
sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers
else
echo -e "\033[31m user kyeroot is exists\033[0m or \033[31m password is wrong\033[0m"
fi
useradd kyeadmin 2>&1 >/dev/null
d=$?
if [ $d -eq 0 ];then
echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
echo -e "\033[31m create user kyeadmin successful \033[0m"
echo -e "\033[31m create user passwd successful \033[0m"
else
echo -e "\033[31m user kyeadmin is exists\033[0m or \033[31m password is wrong\033[0m"
fi
############### <日志权限> #########################################
chattr +a /var/log/messages
if [ $? == "0" ];then
echo -e "\033[31m Already add "lsatrr +a"\033[0m for "/var/log/messages" "
else
echo -e "Add \033[31m "lsattr +a"\033[0m is failed,please check it!"
fi
find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \;
echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful"
+ X /etc/rc.local the chmod
null = $ (grep "/ dev / null" /etc/rc.local | WC -l)
IF [$ null = 0];
the then
echo "the chmod 666 / dev / null"> > /etc/rc.local
the else
echo "already RESET / dev / null"
Fi
############## <modified file handles> ############ #######################
h=`ulimit -n`
if [ $h -ne 65535 ];then
the ulimit -n 65535
grep "Soft nofile * 65535" /etc/security/limits.conf 2>. 1 &> / dev / null
i = $? # Analyzing "soft nofile 65536" if there
grep "Hard nofile * 65535" /etc/security/limits.conf 2>. 1 &> / dev / null
J = $? # Analyzing "hard nofile 65536" if there are
k $ = [I + J]
IF [K $ -ne 0]; # simultaneously determines the then "Soft / Hard nofile 65536"
CP / etc / Security / Limits.conf /etc/security/limits.conf.bak
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
echo -e "\033[31m default ulimit is $h\033[0m,now ulimit is already modify 65535"
else
echo -e "\033[31m "soft nofile 65535 and hard nofile 65535"\033[0m is already configure,not to modify "
fi
else
echo -e "\033[31m default ulimit is 65535\033[0m,not modify"
fi
############# <prevent brute force, improve system security> ########################## ######
grep "Remember" /etc/pam.d/system-auth 2> & 1> / dev / null
O = $?
grep "unlock_time" /etc/pam.d/system-auth 2> & 1> / dev / null
the p-= $?
grep "pam_pwquality.so" /etc/pam.d/system-auth 2> & 1> / dev / null
w=$?
if [ $o -ne 0 ];then
cp /etc/pam.d/system-auth /etc/pam.d/ auth.bak-System
Sed -i "/ SHA512 / S / use_authtok / use_authtok Remember. 4 = / G" prohibited /etc/pam.d/system-auth ### indicates the four most recently used password (already used the password will be stored in / etc / security / opasswd below)
echo -e "the Configure" Remember = use_authtok. 4 "for successful /etc/pam.d/system-auth"
Fi
IF [$ W -ne 0]; the then
Sed -i "/pam_pwquality.so/s/local_users_only/minclass=3/g" /etc/pam.d/system-auth
-e echo "the Configure" Remember = use_authtok. 4 "for successful /etc/pam.d/system-auth"
Fi
IF [$ P -eq 0]; the then
echo "the auth required pam_tally2.so even_deny_root the deny. 5 = 1800 = unlock_time" /etc/pam.d/system-auth >>
echo -e "the Configure" auth required pam_tally2.so even_deny_root deny unlock_time = 1800 = 5 "for /etc/pam.d/system-auth successful" d/system-auth successful"
fi
###### ########### <set shell session timeout exit> ################################ ##
the n-= `grep" TMOUT = "/ etc / Profile | Cut -d" = "read -f 2` # default timeout
L =` grep "TMOUT" / etc / profile`
IF [$ -? ne 0]; then ## Analyzing TMOUT not been set out configuration
CP / etc / Profile /etc/profile.bak
echo "TMOUT = 300" >>/etc/profile
echo "export TMOUT" >> /etc/profile
Sed -i # 'S / ^ the HISTSIZE = 1000/30 = the HISTSIZE / G' / etc / Profile
echo -e "\ 033 [31M the TMOUT \ 033 [0m Modify the TMOUT already IS = 300"
the else-configured command timeout ## if replacement change the default timeout
sed -is / TMOUT = $ n / TMOUT = 300 / g / etc / profile # replace the default timeout is 180 [
echo -e "\ 033 [31M default the TMOUT \ 033 [0m $ n-iS, the TMOUT is already modify to 180s successful "# get the default timeout
# echo" Export TMOUT ">> / etc / Profile export TMOUT" >> /etc/profile
fi
################# <prohibit root ftp login> ### ####################################
systemctl the vsftpd Status 2>. 1 &> / dev / null
IF [$ ? -eq 0]; the then
echo "root" >> / etc / vsftpd / ftpusers
echo -e "\ 033 [31M for the FTP root at The Forbidden \ 033 [0m successful"
the else
echo -e "\033[31m The vsftpd \033[0m service not exists,not need to forbidden"
fi
############### <登录警告语> #############################################
grep "WARNING" /etc/motd 2>&1 >/dev/null
if [ $? -ne 0 ];then
echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
echo -e "\033[31m The motd \033[0m is add at /etc/motd successful"
else
echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again"
fi
################ <Allows the user to set the root can su> #################################
grep "SU_WHEEL_ONLY yes" /etc/login.defs && echo "Already set" || echo "SU_WHEEL_ONLY yes" >> /etc/login.defs
elif [ $Centos6 == 1 ]
then
echo "System Centos 6 in reset kernel"
################ 《关闭selinux》############################################
/bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "\033[31m Selinux\033[0m is already not running"
else
/bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0 2>&1 >/dev/null
echo -e "\033[31m Selinux \033[0m is already modify stop successful"
fi
################# <关闭多余用户> ##########################
userdel -r lp 2>&1 >/dev/null
userdel -r sync 2>&1 >/dev/null
userdel -r shutdown 2>&1 >/dev/null
userdel -r halt 2>&1 >/dev/null
userdel -r operator 2>&1 >/dev/null
userdel -r games 2>&1 >/dev/null
chmod +s /bin/netstat
chmod 400 /etc/shadow
################# <系统内核安全> ##########################
ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l)
if [ $ipv4 -lt 2 ];
then
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
sysctl -p
else
echo "kernel already reset"
fi
hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l)
if [ $hosts -ne 1 ];
then
echo "insert sshd allow"
echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow
else
echo "sshd already reset"
################ "Change the time zone" ############################# #################
fi
/bin/grep "Asia/Shanghai" /etc/sysconfig/clock 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "\033[31m Timezone \033[0m is already "Asia/Shanghai""
else
rm -f /etc/localtime
cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "\033[31m Timezone \033[0m is already modify "Asia/Shanghai""
fi
###############《更改ssh端口和禁止root登录》##############################
Net=$(netstat -tulnp|grep 22502 | wc -l)
if [ $Net = 0 ];then
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i '/port 22/aport 22502' /etc/ssh/sshd_config
echo -e "\033[31m SSH's port 22 is already modify to 22502\033[0m"
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config
if [ $? -eq 0 ];then
service sshd restart 2>&1 >/dev/null
echo -e "\033[31m SSH's service\033[0m has restart again"
fi
else
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
echo -e "\033[31m chage Use UseDns\033[0m"
PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
echo -e "ssh's port is \033[31m already modify $PORT\033[0m"
fi
############### 《禁止组合键关机》#######################################
/bin/grep ^exec /etc/init/control-alt-delete.conf 2>&1 >/dev/null
a=$? #判断是否关闭“exec /etc/init/control-alt-delete.conf”
/bin/grep ^start /etc/init/control-alt-delete.conf 2>&1 >/dev/null
b=$? #判断是否关闭"start on control-alt-delete"
c=$[a+b]
if [ $c -eq 2 ];then
echo -e "\033[31m "control-alt-delete" \033[0m modify is \033[31m failed \033[0m,or configure successful,please check it again"
else
cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak
sed -i "/^start/s/start/#start/g" /etc/init/control-alt-delete.conf
sed -i "/^exec/s/exec/#exec/g" /etc/init/control-alt-delete.conf
echo -e "\033[31m “control-alt-delete”\033[0m is already modify stop successful"
fi
############# 《登录密码相关设置》##############################
cp /etc/login.defs /etc/login.defs.bak
sed -i '/^PASS_MAX_DAYS/s/[0-9]\{1,\}/90/g' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/s/[0-9]\{1,\}/7/g' /etc/login.defs
sed -i '/^PASS_MIN_LEN/s/[0-9]\{1,\}/12/g' /etc/login.defs
sed -i '/^PASS_WARN_AGE/s/[0-9]\{1,\}/30/g' /etc/login.defs
# U = `grep" ^ kyeroot "/ etc / passwd | WC -l`
############## "New User" ############################### #############
username = $ (ID kyeroot | grep "UID = 0" | -l WC)
IF [$ username = 0];then
useradd kyeroot
echo "Aa+12345678" | passwd --stdin kyeroot
sed -i '/^kyeroot/s/[0-9]\{1,\}/0/g' /etc/passwd
sed -i '/^kyeroot/s/home\/kyeroot/root/g' /etc/passwd
sed -i "/^root/s/bin/sbin/g" /etc/passwd
sed -i "/^root/s/bash/nologin/g" /etc/passwd
cp /etc/sudoers /etc/sudoers.bak
sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers
else
echo -e "\033[31m user kyeroot is exists\033[0m or \033[31m password is wrong\033[0m"
fi
useradd kyeadmin 2>&1 >/dev/null
d=$?
if [ $d -eq 0 ];then
echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
echo -e "\033[31m create user kyeadmin successful \033[0m"
echo -e "\033[31m create user passwd successful \033[0m"
else
echo -e "\033[31m user kyeadmin is exists\033[0m or \033[31m password is wrong\033[0m"
fi
############# 《日志权限》############################################
chattr +a /var/log/messages
if [ $? == "0" ];then
echo -e "\033[31m Already add "lsatrr +a"\033[0m for "/var/log/messages" "
else
echo -e "Add \033[31m "lsattr +a"\033[0m is failed,please check it!"
fi
find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} \;
echo -e "\033[31m modify "/var/log/*"\033[0m all files permission of "u-x,g-x,o-wx" successful"
chmod +x /etc/rc.local
null=$(grep "/dev/null" /etc/rc.local |wc -l)
IF [$ null = 0];
the then
echo "the chmod 666 / dev / null" >> /etc/rc.local
the else
echo "already RESET / dev / null"
Fi
############# "modification of file handles" ######################################
H = `ulimit -n `
iF [H $ -ne 65535]; the thennow ulimit is already modify 65535"
else
ulimit -n 65535
grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
i=$? #判断“soft nofile 65536”是否存在
grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
? j = $ # Analyzing "hard nofile 65536" if there are
K = $ [I + J]
IF [K $ -ne 0]; # simultaneously determines the then "Soft / Hard nofile 65536"
CP /etc/security/limits.conf /etc/security/limits.conf.bak
echo "* Soft nofile 65535" >> /etc/security/limits.conf
echo "* Hard nofile 65535" >> /etc/security/limits.conf
echo -e "\ 033 [31M default ulimit IS $ H \ 033 [0m, now already the Modify ulimit IS 65535 "
echo -e" \ 033 [31M "Soft and Hard nofile 65535 65535 nofile" \ 033 [0m IS already the configure, not to the Modify "
fi
the else
-e echo "\ 033 [31M default ulimit IS 65535 \ 033 [0m, not the Modify"
fi
############## "to prevent brute force, improve system security" ##### #################
grep "Remember" /etc/pam.d/system-auth 2> & 1> / dev / null
? O = $
the p-= `grep" unlock_time "/etc/pam.d/system-auth | WC -l`
IF [ -ne 0 O $]; the then
CP /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
Sed -i "/ SHA512 / S / use_authtok / use_authtok Remember. 4 = / G" / etc / pam.d / system-auth ### indicates prohibited four recently used password (password already used will be stored in / etc / security / opasswd below)
Fi
IF [$ -LT-P. 1]; the then
echo "auth required pam_tally2.so even_deny_root deny unlock_time = 1800 = 5" >> /etc/pam.d/system-auth
fi
############## "set the shell session timeout exit" ############################
the n-= `grep" TMOUT = "/ etc / Profile | Cut -d" = "-f 2` # reads the default timeout time
l = `grep" TMOUT "/ etc / profile`
IF [$ 0 -ne?]; ## determines the then TMOUT not been set out configuration
cp / etc / /etc/profile.bak Profile
echo "the TMOUT = 300" >> / etc / Profile
echo "Export the TMOUT" >> / etc / Profile
# Sed -i 'S / ^ the HISTSIZE = 1000/30 = the HISTSIZE / G' / etc / Profile
echo -e "\ 033 [31M the TMOUT \ 033 [0m Modify the TMOUT already IS = 300"
the else-configured timeout ## if the command change replace the default timeout
sed -is / TMOUT = $ n / TMOUT = 300 / g / etc / profile # replace the default timeout is 180 [
echo -e "\ 033 [31M default the TMOUT \ 033 [0m $ n-iS,TMOUT is already modify to 180s successful "# Get the default time-out
# echo "export TMOUT" >> /etc/profile
fi
############## 《禁止root ftp登录》################################
if [ -f /etc/vsftpd/ftpusers ];then
p=`grep 'root' /etc/vsftpd/ftpusers | wc -l`
if [ $p -eq 0 ];then
cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers.bak
echo "root" >> /etc/vsftpd/ftpusers
echo -e "\033[31m The ftp for root forbidden \033[0m successful or\033[31m ftp's service not exsits \033[0m"
else
echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified"
fi
else
echo -e "\033[31m The vsftpd \033[0m service not exists or Have been modified"
################ "Login warning" ############################ #######
fi
grep "WARNING" /etc/motd 2>&1 >/dev/null
if [ $? -ne 0 ];then
cp /etc/motd /etc/motd.bak
echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
echo -e "\033[31m The motd \033[0m is add at /etc/motd successful"
else
echo -e "\033[31m The motd "WARNING" is exsits\033[0m,please check if need to modify again"
fi
############## 《关闭telnet》####################################
y=`chkconfig --list|grep telnet |awk '{print $2}'`
m=`chkconfig --list|grep telnet `
if [ $? -ne 0 ];then
echo -e "\033[31m The telnet \033[0m is not exsits"
else
if [ $y == "on" ];then
chkconfig telnet off
echo -e "\033[31m The telnet \033[0m is stop sucessful"
else
echo -e "\033[31m The telnet\033[0m is already stop "
fi
fi
else
echo "cache System version"
fi