API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 5th, 2015
239
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.30 KB | None | 0 0
raw download clone embed print report
  1. 1. Checking SElinux settings:
  2. SElinux is already in enforcing mode
  3.  
  4. 2. Changing different parameters of password aging
  5. Changes in /etc/login.defs file are done
  6.  
  7. 3. Linux kernel hardening:
  8. Changes in /etc/sysctl.conf file are done.
  9.  
  10. 4. Setting permissions to restrictive for commonly used commands
  11. commands permissions changed
  12.  
  13. 5. Disabling 'lp' and 'game' users in passwd file:
  14. Users are disabled
  15.  
  16. 6. Setting 'Banner' and 'Motd'
  17. Banner is set.
  18.  
  19. 7. Configuring SSH
  20. hardening_script.sh: line 98: unexpected EOF while looking for matching `"'
  21. hardening_script.sh: line 99: syntax error: unexpected end of file
  22. [root@a0110testing01 shell]# vi hardening_script.sh
  23. [root@a0110testing01 shell]# vi hardening_script.sh
  24. [root@a0110testing01 shell]# cat hardening_script.sh
  25. echo "1. Checking SElinux settings:"
  26. x=`cat /etc/sysconfig/selinux | grep ^SELINUX | head -n 1 | awk -F= '{print $2}'`
  27. if [ $x == disabled ]
  28. then
  29. echo "SElinux is disabled"
  30. echo "Changing it to enforcing"
  31. sed -i 's/^SELINUX=disabled/SELINUX=enforcing/' /etc/sysconfig/selinux
  32. else
  33. echo "SElinux is already in enforcing mode"
  34. fi
  35. sleep 2
  36. echo " "
  37.  
  38. echo "2. Changing different parameters of password aging"
  39. sed -i '/^PASS_MAX_DAYS/c\PASS_MAX_DAYS 60' /etc/login.defs
  40. sed -i '/^PASS_MIN_DAYS/c\PASS_MIN_DAYS 1' /etc/login.defs
  41. sed -i '/^PASS_MIN_LEN/c\PASS_MIN_LEN 8' /etc/login.defs
  42. sed -i '/^PASS_WARN_AGE/c\PASS_WARN_AGE 15' /etc/login.defs
  43. echo "Changes in /etc/login.defs file are done"
  44. sleep 2
  45. echo " "
  46.  
  47. echo "3. Linux kernel hardening:"
  48. cp /etc/sysctl.conf /etc/sysctl.conf.backup
  49. echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
  50. echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
  51. echo "net.ipv4.conf.all.forwarding = 0" >> /etc/sysctl.conf
  52. echo "net.ipv4.conf.all.mc_forwarding = 0" >> /etc/sysctl.conf
  53. echo "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.conf
  54. echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.conf
  55. echo "net.ipv4.tcp_max_syn_backlog = 4096" >> /etc/sysctl.conf
  56. echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
  57. sleep 2
  58. echo "Changes in /etc/sysctl.conf file are done."
  59. sleep 1
  60. echo " "
  61.  
  62. echo "4. Setting permissions to restrictive for commonly used commands"
  63. chmod 100 /bin/rpm
  64. chmod 100 /bin/ping
  65. chmod 100 /bin/mount
  66. chmod 100 /bin/umount
  67. chmod 100 /sbin/arping
  68. chmod 400 /etc/hosts.allow
  69. chmod 400 /etc/hosts.deny
  70. chmod 644 /var/log/wtmp
  71. echo "commands permissions changed"
  72. sleep 1
  73. echo " "
  74.  
  75. echo "5. Disabling 'lp' and 'game' users in passwd file:"
  76. sed -i 's/^lp/#lp/' /etc/passwd
  77. sed -i 's/^games/#games/' /etc/passwd
  78. sed -i 's/^lp/#lp/' /etc/group
  79. sed -i 's/^games/#games/' /etc/group
  80. echo "Users are disabled"
  81. sleep 1
  82. echo " "
  83.  
  84. echo "6. Setting 'Banner' and 'Motd'"
  85. echo "*****************************************************************************" >> /etc/motd
  86. echo -e "!!!WARNING!!!\n" >> /etc/motd
  87.  
  88. echo -e "\nYou are logging into GSS Telenor\n\n" >> /etc/motd
  89.  
  90. echo "This system is for the use of authorized company personnel only and by accessing this system you are here by consent to the system being monitored by the company. Any unauthorized use will be considered as a breach of company's Information Security Policies and may be unlawful under law. " >> /etc/motd
  91. echo "*****************************************************************************" >> /etc/motd
  92. cp /etc/issue /etc/issue.net
  93. echo "Banner is set."
  94. sleep 1
  95. echo " "
  96.  
  97.  
  98. echo "7. Configuring SSH"
  99. echo "Host *" >> /etc/ssh/ssh_config
  100. /usr/bin/awk '/^Protocol/ { $2 = "2"};
  101. /^X11Forwarding/ { $2 = "no"};
  102. /^#MaxAuthTries/ { $1 = "MaxAuthTries" ; $2 = "3"};
  103. /^#IgnoreRhosts/ { $1 = "IgnoreRhosts" ; $2 = "yes"};
  104. /^#RhostsRSAAuthentication/ { $1 = "RhostsRSAAuthentication" ; $2 = "no"};
  105. /^#LoginGraceTime/ { $1 = "LoginGraceTime" ; $2 = "0m"};
  106. /^#PermitRootLogin/ { $1 = "PermitRootLogin" ; $2 = "yes"};
  107. /^#PermitEmptyPasswords/ { $1 = "PermitEmptyPasswords" ; $2 = "no"};
  108. /^#Banner/ { $1 = "Banner" ; $2 = "yes"};
  109. {print}' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new
  110.  
  111. cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
  112. mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
  113.  
  114. echo "/etc/init.d/sshd restart
  115.  
  116. echo "SSH is configurated"
  117. sleep 1
  118. echo " "
  119.  
  120. echo "***********************"
  121. echo "Hardening is completed!"
  122. echo "***********************"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!