1¡¢Îı¾·½Ê½Æô¶¯
vi /etc/inittab
ÕÒµ½"id:5:initdefault"
¸ÄΪ"id:3:initdefault"
2¡¢ÉèÖÃÓïÑÔ²ÎÊý£¨½â¾öÎı¾·½Ê½ÏÂÖÕ¶ËÂÒÂëµÄÎÊÌ⣩
vi /etc/sysconfig/i18n
ÕÒµ½"LANG = "en_US.UTF-8""
¸ÄΪ"LANG = "zh_CN.GB18030""
3¡¢LinuxÖбز»¿ÉÉٵķþÎñ£¨¿Éͨ¹ýntsysvÐ޸ģ©
atd # ÔÚÀýÐÐÐÔÃüÁîÀïÌáµ½µÄ¡¢Ö»Ö´ÐÐÒ»´ÎµÄÔ¤Ô¼Ö´ÐзþÎñ£¬Îñ±ØÆô¶¯
crond # ÔÚÀýÐÐÐÔÃüÁîÀïÌáµ½µÄ¡¢Ñ»·Ö´ÐеÄÃüÁÎñ±ØÆô¶¯£¨ÓÐЩLinux°æ±¾Îªcron£©
iptables # ·À»ðǽÈí¼þ£¬ÎªÁË°²È«£¬ÏÈÆôÓÃËü
keytables # ÉèÖüüÅÌÉÏ×ÖĸµÄ¸ñʽ£¨ÓÐЩLinux°æ±¾Ã»ÓÐÕâ¸öÑ¡Ï
network # ÍøÂ繦ÄÜ
random # ¿ìËÙ½«ÏµÍ³×´Ì¬ÔÚËæ»úʱ¼äÄÚ±£´æµ½Ó³ÏñÎļþÖУ¬Ëü¶ÔϵͳÏ൱ÖØÒª£¡ÒòΪ¿ª»úÖ®ºó£¬
# ϵͳ»áѸËٻظ´µ½¹Ø»úÇ°µÄ״̬£¨ÓÐЩLinux°æ±¾Ã»ÓÐÕâ¸öÑ¡Ï
syslog # ϵͳÈÕÖ¾
xined # ÁíÒ»¸ö·þÎñ¹ÜÀíÆ÷super daemon!
xfs # ´Ë·þÎñΪrun-level=5µÄͼÐνçÃæËù±ØÐëµÄ£¬Èç¹ûֻͨ¹ýÎı¾·½Ê½µÇ¼¿ÉÒÔ²»Æô¶¯
# ¿ÉÒÔ¸ù¾Ý¾ßÌåÇé¿öÆôÓÃÊʵ±µÄ·þÎñ£¬È磺sshd£¬vsftp£¬httpd£¬mysqld£¬spamssionµÈ
4¡¢·À»ðǽÅäÖÃ(¿É¸ù¾Ý¾ßÌåÇé¿ö¿ªÆô¶Ë¿Ú£¬ÏÂÃæ½Å±¾ÎªSamba·þÎñÆ÷µÄ)
touch /etc/rc.d/firewall
chmod u+x /etc/rc.d/firewall
vi /etc/rc.d/rc.local
/etc/rc.d/firewall
vi /etc/rc.d/firewall
# !/bin/bash
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 >/proc/sys/net/ipv4/conf/all/log_martians
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
## Enable local interface pass
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
##Allow State
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
## Anything else not allowed
iptables -A INPUT -j DROP
5¡¢½ûÖ¹Ctrl+Alt+DeleteÖØÆô
vi /etc/inittab
½«"ca::ctrlaltdel:/sbin/shutdown -t3 -r now"Ò»ÐÐ×¢Ê͵ô
6¡¢ÐÞ¸ÄÖØÒªÎļþȨÏÞ
chmod -R 700 /etc/rc.d/init.d/*
7¡¢½ûÖ¹sshÏÂÖ±½ÓÒÔrootµÇ¼
vi /etc/ssh/sshd_config
°ÑPermitRootLogin yesÇ°µÄ"#"È¥µô£¬½«yes¸ÄΪno.
8¡¢ÏÞÖÆsuÃûµ¥
vi /etc/pam.d/su
¼ÓÈëauth required /lib/security/$ISA/pam_wheel.so use_uid
˳±ãÌí¼Ówheel×éÓû§£¬²¢ÉèÖÃÃÜÂë
useradd -g wheel leo4364088
passwd leo4364088
9¡¢ÏÞÖÆsshʹÓÃÕßÃûµ¥
vi /etc/pam.d/sshd
auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users onerr=fail
È»ºó½¨Á¢/etc/ssh_usersÎļþ
echo leo4364088 >> /etc/ssh_users
10¡¢·ÀÖ¹IPÆÛÆ
vi /etc/host.conf
order bind,hosts
multi off
nospoof on
11¡¢¿ÚÁîÎļþËø¶¨£¨½¨ÒéÅäÖú÷þÎñÆ÷ÔÙËø¶¨£¬½âËøÃüÁîΪchattr -i /etc/passwd£©
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow
12¡¢Öƶ¨ÈÎÎñ£¨È磺ÿÌì3µãÖØÆô»úÆ÷£©
crontab -e
00 03 * * * reboot
