1.禁止ROOT远程登录
修改/etc/ssh/sshd_config文件,配置PermitRootLogin no。
重启服务,/etc/init.d/sshd restart。
2.检查是否关闭不必要的服务和端口
chkconfig --level 345 nfslock off
3.检查别名文件/etc/aliase配置
编辑别名文件vi /etc/aliases,删除或注释掉下面的行
4.检查系统core dump设置
echo "* hard core 0" >>/etc/security/limits.conf
echo "* soft core 0" >>/etc/security/limits.conf
5.检查历史命令设置
#games: root
#ingres: root
#system: root
#toor: root
#uucp: root
#manager: root
#dumper: root
#operator: root
#decode: root
#root: marc
更新后运行/usr/bin/newaliases,使改变生效
6.检查历史命令设置
echo "HISTFILESIZE=5" >>/etc/profile
7.检查拥有suid和sgid权限的文件
for file in find /usr/bin/chage /usr/bin/gpasswd /usr/bin/wall /usr/bin/chfn /usr/bin/chsh /usr/bin/newgrp /usr/bin/write /usr/sbin/usernetctl /usr/sbin/traceroute /bin/mount /bin/umount /bin/ping /sbin/netreport -type f -perm +6000 2>/dev/null `
do
chmod a-s $file
done
8.检查重要目录或文件权限设置
chmod 600 /etc/security
chmod 750 /etc/rc6.d
chmod 750 /etc/rc0.d/
chmod 750 /etc/rc1.d/
chmod 750 /etc/rc4.d
chmod 750 /etc/rc5.d/
chmod 750 /etc/rc3.d
chmod 750 /etc/rc.d/init.d/
来源:oschina
链接:https://my.oschina.net/u/1866459/blog/703779