centos6下面一键安全设置脚本

linux专用安全脚本,个人专用. 记录一下,开源共享了



#!/bin/bash

#禁用SElinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#修改SSH端口
sed -i 's@#Port 22@Port 4131@' /etc/ssh/sshd_config
service sshd restart
#修改iptables规则
echo "
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
" > /etc/sysconfig/iptables

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
/sbin/iptables -F
service iptables restart
#修改ulimit
echo -ne "
* soft nofile 65535
* hard nofile 65535
" >> /etc/security/limits.conf
#修改I/O调度,禁用numa
sed -i 's/quiet/quiet elevator=deadline numa=off/' /boot/etc/grub.conf
#减少SWAP调用
echo "vm.swappiness = 1" >> /etc/sysctl.conf
#添加ntpdate
yum install -y ntpdate
echo '* 12 * * * ntpdate time1.google.com' >> /etc/crontab




发表评论