#!/bin/bash
echo "#########check UID=0#########"
cat /etc/passwd|awk -F ':' '{if(3==0)print(1)}'
echo "#########check shadow null#########"
cat /etc/shadow|awk -F ':' '{if(2="")print(1)}'
echo "#########check Root ssh#########"|tee -a /tmp/wqout
cat /etc/ssh/sshd_config|grep PermitRootLogin|awk '{if(2=="yes")print1,$2}'
echo "#########check Protocol version#########"
cat /etc/ssh/sshd_config|grep Protocol
echo "#########check X11 #########"
cat /etc/ssh/sshd_config|grep X11Forwarding|awk '{if(2=="yes")print(1,$2)}'
echo "#########check TMOUT #########"
cat /etc/profile|grep -i tmout
echo "#########check PASS_LEN #########"
cat /etc/login.defs|grep PASS_MIN_LEN|awk '{if(2<8)print(1,$2)}'
echo "#########check PASSWORD #########"
cat /etc/pam.d/system-auth|grep password|grep requisite|grep pam_cracklib.so
echo "#########check PASS History #########"
cat /etc/pam.d/system-auth|grep password|grep sufficient|grep pam_unix.so
echo "#########check inittab #########"
cat /etc/inittab
echo "#########check umask #########"
cat /etc/profile|grep umask |grep -v By|awk '{print $2}'
echo "#########check secure log #########"
cat /etc/rsyslog.conf|grep -i authpriv|awk '{if(2=="/var/log/secure")print(1,$2)}'
chown root /etc/passwd
chgrp root /etc/passwd
chmod 644 /etc/passwd
chmod 400 /etc/shadow
chmod 664 /var/log/messages
chmod 664 /var/log/secure
chmod 664 /var/log/cron
chmod 664 /var/log/wtmp
chmod 664 /var/log/utmp
chmod 664 /var/log/lastlog
本文转自flayber 51CTO博客,原文链接:http://blog.51cto.com/406647516/1967537,如需转载请自行联系原作者
