linux专用安全脚本,个人专用. 记录一下,开源共享了
#!/bin/bash #禁用SElinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #修改SSH端口 sed -i 's@#Port 22@Port 4131@' /etc/ssh/sshd_config service sshd restart #修改iptables规则 echo " # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT " > /etc/sysconfig/iptables iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT /sbin/iptables -F iptables-save service iptables restart #修改ulimit echo -ne " * soft nofile 65535 * hard nofile 65535 " >> /etc/security/limits.conf #修改I/O调度,禁用numa sed -i 's/quiet/quiet elevator=deadline numa=off/' /boot/etc/grub.conf #减少SWAP调用 echo "vm.swappiness = 1" >> /etc/sysctl.conf #添加ntpdate yum install -y ntpdate echo '* 12 * * * ntpdate time1.google.com' >> /etc/crontab
此处评论已关闭