#设定用户90天修改密码,提前7天提醒
UserList=$ (ls /home/| awk ‘{print $ NF} | grep -v 失去+发现)
for user 拷贝UserList美元
做
,,,,,,,chage -M 90年,-W 7 $ user
完成
#禁平
echo 1,在/proc/sys/net/ipv4/icmp_echo_ignore_all
#设定用户过期时间90默认密码长度8位
cp /etc/login.defs /etc/login.defs.bak
sed 小姐'/PASS_MIN_LEN/s/[0 - 9] \ {1,6 \}/90/,/etc/login.defs
sed 小姐'/PASS_MIN_LEN/s/[0 - 9] \ {1,3 \}/8/',/etc/login.defs
#设定用户登录,普通用户登录识别超过6次锁定300年代。
echo “account required pam_tally2.so 否认=100,no_magic_root 重置”,在在/etc/pam.d/system-auth
echo “auth required pam_tally2.so onerr=fail 否认=6,unlock_time=300”,在在/etc/pam.d/system-auth
#隐藏系统版本号
mv /etc/issue /etc/isseu
mv /etc/issue.net /etc/isseu.net
mv /etc/redhat-release /etc/rehdat-release
#优化配置参数。
echo ”
#,Kernel sysctl configuration file for Red Hat Linux
#
#,For binary 值,0,is 残疾,,1,is 只启用,阅读sysctl(8),和
#,sysctl.conf (5), for more 细节。
#,Controls IP packet 转发
net.ipv4.ip_forward =0
#,Controls source route 验证
net.ipv4.conf.default.rp_filter =1
#,Do not accept source 路由
net.ipv4.conf.default.accept_source_route =0
#,Controls 从而,System Request debugging functionality of 从而内核
kernel.sysrq =0
#,Controls whether core dumps will append 从而PID 用,core 文件名
#,Useful for debugging multi-threaded 应用程序
kernel.core_uses_pid =1
#,Controls 从而,use of TCP syncookies
net.ipv4.tcp_syncookies =1
#,Controls 从而,maximum size of a 消息,字节拷贝
kernel.msgmnb =65536
#,Controls 从而,default maxmimum size of a mesage 队列
kernel.msgmax =65536
#,Controls 从而,maximum shared segment 大小,字节拷贝
kernel.shmmax =68719476736
#,Controls 从而,maximum number of shared memory 部分,页面拷贝
kernel.shmall =4294967296
#,- - - - - - - - - - - -安康;Kernel Optimization - - - - - - - - - - - - -
net.ipv4.tcp_max_tw_buckets =60000
net.ipv4.tcp_sack =1
net.ipv4.tcp_window_scaling =1
net.ipv4.tcp_rmem =, 4096, 87380, 87380
net.ipv4.tcp_wmem =, 4096, 16384, 16384
net.core.wmem_default =8388608
net.core.rmem_default =8388608
net.core.rmem_max =16777216
net.core.wmem_max =16777216
net.core.netdev_max_backlog =262144
net.core.somaxconn =262144
net.ipv4.tcp_max_orphans =3276800
net.ipv4.tcp_max_syn_backlog =262144
net.ipv4.tcp_timestamps =0
net.ipv4.tcp_synack_retries =1
net.ipv4.tcp_syn_retries =1
net.ipv4.tcp_tw_recycle =1
net.ipv4.tcp_tw_reuse =1
net.ipv4.tcp_mem =, 94500000, 915000000, 927000000
net.ipv4.tcp_fin_timeout =1
net.ipv4.tcp_keepalive_time =30
时间=net.ipv4.ip_local_port_range 1024年,65000年
net.ipv4.ip_conntrack_max =655360
net.ipv4.netfilter.ip_conntrack_max =655360
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established =, 180,,在/etc/sysctl.conf
#生效
sysctl - p
#记录历史日志
echo ”
# history ,
export HISTTIMEFORMAT=" % F % T “whoami”,“
USER_IP=' who -u am 小姐:2在/dev/null |, awk “{print $ NF}”| sed -e ’s/(())//g ' '
HISTDIR=/usr/地方/bin/.history
if [, -z USER_IP 美元],,
then
USER_IP='主机',,
fi
if [!大敌;-d HISTDIR 美元),,
then
mkdir -p HISTDIR 美元,
chmod 777年,HISTDIR 美元,
fi
if [!大敌;-d HISTDIR美元/$ {LOGNAME},),,
then
mkdir -p HISTDIR美元/$ {LOGNAME},,
chmod 300,美元HISTDIR/$ {LOGNAME},,
fi
export HISTSIZE=4000,,
DT=' date Y + % % m % d_ % H % m % S的,,
export 记录=" $ HISTDIR/$ {LOGNAME}/{USER_IP} .history。DT美元”
chmod 600,美元HISTDIR/$ {LOGNAME}/* .history *, 2在/dev/null ”,祝辞的在/etc/profile
#安全登录/etc/hosts.allow
#
#,hosts.allow ,,却;能够file describes 从而names of 从而hosts which
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
null
