Linux審計部署
1) 禁用root 登陸
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改啟動模式 3
vi /etc/inittab
3) 關服務
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 審計
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
vi /etc/ssh/sshd_config
PermitRootLogin no
2) 修改啟動模式 3
vi /etc/inittab
3) 關服務
export LANG=en
chkconfig --level 2345 bluetooth off
chkconfig --level 2345 ip6tables off
chkconfig --level 2345 nfslock off
chkconfig --level 2345 nfs off
chkconfig --level 2345 sendmail off
chkconfig --list bluetooth
chkconfig --list ip6tables
chkconfig --list nfslock
chkconfig --list nfs
chkconfig --list sendmail
/etc/init.d/sendmail stop
/etc/init.d/bluetooth stop
/etc/init.d/ip6tables stop
/etc/init.d/nfslock stop
/etc/init.d/nfs stop
/etc/init.d/sendmail status
/etc/init.d/bluetooth status
/etc/init.d/ip6tables status
/etc/init.d/nfslock status
/etc/init.d/nfs status
/etc/init.d/portmap stop
chkconfig --level 2345 portmap off
chkconfig --list portmap
/etc/init.d/portmap status
/etc/init.d/cups stop
chkconfig --level 2345 cups off
chkconfig --list cups
/etc/init.d/cups status
4) 審計
chkconfig --list | grep auditd
service auditd status
service auditd restart
vi /etc/audit/audit.rules
# Enable auditing
-e 1
## login configuration and information
-w /etc/login.defs -p wa -k CFG_login.defs
-w /etc/securetty -p wa -k CFG_securetty
-w /var/log/faillog -p wa -k LOG_faillog
-w /var/log/lastlog -p wa -k LOG_lastlog
-w /var/log/tallylog -p wa -k LOG_tallylog
## directory operations
#-a entry,always -S mkdir -S mkdirat -S rmdir
-a entry,always -F arch=b64 -S mkdir -S rmdir
## cron configuration & scheduled jobs
-w /etc/cron.allow -p wa -k CFG_cron.allow
-w /etc/cron.deny -p wa -k CFG_cron.deny
#-w /etc/cron.d/ -p wa -k CFG_cron.d -w /etc/cron.daily/ -p wa -k CFG_cron.daily
-w /etc/cron.hourly/ -p wa -k CFG_cron.hourly
-w /etc/cron.monthly/ -p wa -k CFG_cron.monthly
-w /etc/cron.weekly/ -p wa -k CFG_cron.weekly
-w /etc/crontab -p wa -k CFG_crontab
-w /var/spool/cron/root -k CFG_crontab_root
## user, group, password databases
-w /etc/group -p wa -k CFG_group
-w /etc/passwd -p wa -k CFG_passwd
-w /etc/gshadow -k CFG_gshadow
-w /etc/shadow -k CFG_shadow
-w /etc/security/opasswd -k CFG_opasswd
# ----- File System audit rules -----
# Add a watch on "passwd" with the arbitrary filterkey "fk_passwd" that
# generates records for "reads, writes, executes, and appends" on "passwd"
-w /etc/passwd -k fk_passwd -p rwxa
# Add a watch "shadow" with a NULL filterkey that has permissions
# filtering turned off
-w /etc/shadow
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/22661144/viewspace-1413188/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Linux下NiFi 1.9.2部署(單節點)LinuxNifi
- 首 次 部 署Linux系統的經歷Linux
- linux centos7部署anaconda3LinuxCentOS
- LPI與北京尚觀Linux研究室正式簽署合作備忘錄(轉)Linux
- centos7部署djangoCentOSDjango
- mongo3.2.7部署文件Go
- Kettle8在Linux Centos7部署並定時任務排程LinuxCentOS
- 聯合國開發計劃署:2023年聯合國開發計劃署年度報告
- 德國慕尼黑叫停Linux開源計劃:將拿4個億部署Win10LinuxWin10
- 中國的IPv6部署
- CentOS7部署geoserver和postgisCentOSServer
- Sonata簽署業務轉型CRM專案
- PostgreSQL11.2+PostGIS2.5部署SQL
- Centos7部署Redis叢集CentOSRedis
- Redis3.2.5部署(單節點)RedisS3
- Android 命令列構建和簽署APKAndroid命令列APK
- CentOS7部署Docker(聯網)CentOSDocker
- CentOS7.9部署.NET Core 6.0CentOS
- CentOS7.9部署.NET Core 8.0CentOS
- Centos7部署nmon監控工具CentOS
- Sonata Software與Quant簽署最終協議協議
- 簽署Java檔案的要求及過程Java
- zabbix agent 3.0部署文件 安裝部署
- 亞太與奇瑞簽署智慧汽車合作協議協議
- mongodb副本叢集和分片叢集佈署MongoDB
- 聯合國人居署:氣候智慧城市規劃法
- 全球IPv6部署發展情況
- centos8部署MySQL5.7故障集CentOSMySql
- Macw小技巧:如何在Mac上快速簽署PDFMac
- centos7.2部署vnc服務記錄CentOSVNC
- Ansible安裝與佈署相關網站網站
- CentOS8部署zerotier異地組網CentOS
- Shell指令碼實現生成SSL自簽署證書指令碼
- 阿里雲centos7部署Django專案阿里CentOSDjango
- 從資料看中國的IPv6部署
- CentOS 7部署Javaweb專案(一)——環境搭建CentOSJavaWeb
- 中國IPv6部署與應用進展
- Truffle 3.0部署智慧合約至Ethereum節點