# -*- coding: UTF-8 -*-
# #!/usr/bin/python
import commands
import os
import utility_function
#系统安全加固模块
#检查系统账号是否为空密码
def account_check():
#检查空密码的命令
_name_null = []
_cmd_check_name = r'''awk -F: '($2==""){print $1}' /etc/shadow'''
_cmd_freeze = 'passwd -l '
status, result = commands.getstatusoutput(_cmd_check_name)
if status == 0:
if len(result) == 0:
_name_null.append("无空密码账号")
return _name_null
else:
#冻结空密码装好
_cmd_temp = result.split()
for i in _cmd_temp:
status, result = commands.getstatusoutput(_cmd_freeze + i)
if status == 0:
_name_null.append("冻结空密码"+i+"用户")
else:
_name_null.append("冻结空密码"+i+"用户失败"+result)
else:
return _name_null.append('运行检查空密码账号命令失败')
return _name_null
#查看UID为零的账号除了root用户外有就锁定
def uuid_check():
_cmd_uuid_check = 'awk -F: \'($3==0){print $1}\' /etc/passwd'
_cmd_freeze = 'passwd -l '
_uuid_null = []
status, result = commands.getstatusoutput(_cmd_uuid_check)
if status == 0:
_result_temp = result.split()
if len(_result_temp) > 1:
for i in _result_temp:
_uuid_null.append("UUID为零的账户"+i+"请检查是否正常")
else:
_uuid_null.append(('UID为零的账号只有'+result+'账号'))
else:
_uuid_null.append('检测UID为零的账号失败了')
return _uuid_null
#添加口令策略,加强口令的复杂度等,降低被猜解的可能性。
def passwd_set_config():
_passwd_set_cmd = r'''sed -i 's/^\(PASS_MAX_DAYS\).*/\1 90/' /etc/login.defs'''
_passwd_set_temp = []
status, result = commands.getstatusoutput(_passwd_set_cmd)
if status == 0:
_passwd_set_temp.append('口令最大天数已经更改为90天')
else:
_passwd_set_temp.append('口令最大天数修改失败')
return _passwd_set_temp
#对SSH服务进行安全加固,防止暴力破解成功。
def ssh_set():
_ssh_set_temp = []
_ssh_get_Protocol = r'''grep '^Protocol' /etc/ssh/sshd_config'''
_ssh_get_MaxAuthTries = r'''grep '^MaxAuthTries' /etc/ssh/sshd_config'''
_ssh_set_Protocol = r'''sed -i 's/^\(Protocol\).*/\1 2/' /etc/ssh/sshd_config'''
_ssh_set_MaxAuthTries = r'''sed -i 's/^\(MaxAuthTries\).*/\1 3/' /etc/ssh/sshd_config'''
_Protocol_add = r'''echo 'Protocol 2' >>/etc/ssh/sshd_config'''
_MaxAuthTries_add = r'''echo 'MaxAuthTries 3' >>/etc/ssh/sshd_config'''
_Protocol_name = 'Protocol'
_MaxAuthTries_name = 'MaxAuthTries'
_Protocol_set_temp = utility_function.data_set(_ssh_get_Protocol, _ssh_set_Protocol, _Protocol_add, _Protocol_name)
_ssh_set_temp.append(_Protocol_set_temp)
_MaxAuthTries_set_temp = utility_function.data_set(_ssh_get_MaxAuthTries, _ssh_set_MaxAuthTries, _MaxAuthTries_add, _MaxAuthTries_name)
_ssh_set_temp.append(_MaxAuthTries_set_temp)
return _ssh_set_temp
#设置默认的umask值,增强安全性。
def umask_set():
_umask_get_umask = r'''grep '^umask' /etc/profile'''
_umask_set_umask = r'''sed -i 's/^\(umask\).*/\1 027/' /etc/profile'''
_umask_add = r'''echo 'umask 027' >>/etc/profile'''
_umask_name = 'umask'
_umask_set_temp = utility_function.data_set(_umask_get_umask, _umask_set_umask, _umask_add, _umask_name)
return [_umask_set_temp]
#设置系统登录后,连接超时时间,增强安全性。
def tmout_time():
_TMOUT_get_TMOUT = r'''grep '^TMOUT' /etc/profile'''
_TMOUT_set_TMOUT = r'''sed -i 's/^\(TMOUT=\).*/\1180/' /etc/profile'''
_TMOUT_add = r'''echo 'TMOUT=180' >>/etc/profile'''
_TMOUT_name = 'TMOUT'
_TMOUT_set_temp = utility_function.data_set(_TMOUT_get_TMOUT, _TMOUT_set_TMOUT, _TMOUT_add, _TMOUT_name)
return [_TMOUT_set_temp]
#通过脚本代码实现记录所有用户的登录操作日志,防止出现安全事件后无据可查。
def logs_all_set():
_logs_set_temp = []
_logs_get_logs = r'''grep '^history' /etc/profile'''
_logs_set_logs = r'''echo -e "history \n\
USER=`whoami` \n\
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` \n\
if [ "$USER_IP" = "" ]; then \n\
USER_IP=`hostname` \n\
fi \n\
if [ ! -d /var/log/history ]; then \n\
mkdir /var/log/history \n\
chmod 777 /var/log/history \n\
fi \n\
if [ ! -d /var/log/history/${LOGNAME} ]; then \n\
mkdir /var/log/history/${LOGNAME} \n\
chmod 300 /var/log/history/${LOGNAME} \n\
fi \n\
export HISTSIZE=4096 \n\
DT=`date +"%Y%m%d_%H:%M:%S"` \n\
export HISTFILE="/var/log/history/${LOGNAME}/${USER}@${USER_IP}_$DT" \n\
chmod 600 /var/log/history/${LOGNAME}/*history* 2>/dev/null" >>/etc/profile'''
_logs_name = '全部日志记录配置'
logs_status, logs_value = commands.getstatusoutput(_logs_get_logs)
if logs_status == 0 or logs_status == 256:
if len(logs_value) > 0:
_logs_set_temp.append("记录日志配置已存在,请自行查看")
else:
status_set_logs, data_set_logs = commands.getstatusoutput(_logs_set_logs)
if status_set_logs == 0:
_logs_set_temp.append("添加" + _logs_name + "成功")
else:
_logs_set_temp.append("添加" + _logs_name + "失败")
else:
_logs_set_temp.append("修改" + _logs_name + "失败")
return _logs_set_temp
#关闭防火墙和selinux
def selinux_firewalld():
selinux_firewalld_temp = []
selinux_cmd = r'''sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux'''
selinux_data = os.system(selinux_cmd)
selinux_temp = os.system('setenforce 0')
if selinux_data != 0 and selinux_temp != 0:
selinux_firewalld_temp.append('关闭selinux失败')
else:
selinux_firewalld_temp.append('关闭selinux成功')
firewalld_cmd = os.system('systemctl stop firewalld.service')
firewalld_disable = os.system('systemctl disable firewalld.service')
if firewalld_cmd != 0 and firewalld_disable != 0:
selinux_firewalld_temp.append('关闭firewalld失败')
else:
selinux_firewalld_temp.append('关闭firewalld成功')
return selinux_firewalld_temp
#加速yum和配置打开最大文件数
if __name__=='__main__':
a = account_check()
b = uuid_check()
c = passwd_set_config()
d = ssh_set()
e = umask_set()
f = tmout_time()
g = logs_all_set()
for i in g:
print(i)
没有合适的资源?快使用搜索试试~ 我知道了~
script_标准化_源码
![preview](https://csdnimg.cn/release/downloadcmsfe/public/img/white-bg.ca8570fa.png)
共3个文件
py:3个
![preview-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/scale.ab9e0183.png)
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 185 浏览量
2021-10-04
01:59:42
上传
评论
收藏 4KB ZIP 举报
温馨提示
标准化系统初始化系统的参数,完成自动化标准化系统
资源推荐
资源详情
资源评论
![txt](https://img-home.csdnimg.cn/images/20210720083642.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![txt](https://img-home.csdnimg.cn/images/20210720083642.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![application/x-zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![doc](https://img-home.csdnimg.cn/images/20210720083327.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![application/x-rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
收起资源包目录
![package](https://csdnimg.cn/release/downloadcmsfe/public/img/package.f3fc750b.png)
![folder](https://csdnimg.cn/release/downloadcmsfe/public/img/folder.005fa2e5.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
共 3 条
- 1
资源评论
![avatar-default](https://csdnimg.cn/release/downloadcmsfe/public/img/lazyLogo2.1882d7f4.png)
![avatar](https://profile-avatar.csdnimg.cn/e6e0941d327e4e3b957168e61141d8c5_weixin_42676824.jpg!1)
周玉坤举重
- 粉丝: 63
- 资源: 4779
上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助
![voice](https://csdnimg.cn/release/downloadcmsfe/public/img/voice.245cc511.png)
![center-task](https://csdnimg.cn/release/downloadcmsfe/public/img/center-task.c2eda91a.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![dialog-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/green-success.6a4acb44.png)