echo ---------------开始--------------------
echo ---------------aboutkey----------------
cd /etc
if [ -f ];then
cp /etc/ /home/test1
MINDAY=`cat -n /home/test1/ | grep -v ".*#.*"| grep PASS_MIN_DAYS|awk '{print $1}'`
sed -i ''$MINDAY's/.*PASS_MIN_DAYS.*/PASS_MIN_DAYS 6/' /home/test1/
WARNAGE=`cat -n /home/test1/ | grep -v ".*#.*"| grep PASS_WARN_AGE|awk '{print $1}'`
sed -i ''$WARNAGE's/.*PASS_WARN.*/PASS_WARN_AGE 30/' /home/test1/
MAXDAY=`cat -n /home/test1/ | grep -v ".*#.*"| grep PASS_MAX_DAYS|awk '{print $1}'`
sed -i ''$MAXDAY's/.*PASS_MAX.*/PASS_MAX_DAYS 90/' /home/test1/
MINLEN=`cat -n /home/test1/ | grep -v ".*#.*"| grep PASS_MIN_LEN|awk '{print $1}'`
sed -i ''$MINDAY's/.*PASS_MIN_LEN.*/PASS_MIN_ LEN 6/' /home/test1/
fi
echo --------------------ok---------------------------
echo -------------------stop the del------------------------
cd /etc/init
if [ -f ];then
cp /etc/init/ /home/test1
#delete=`grep -n "/sbin/shutdown -r now" /home/test1/ | cut -d ":" -f 1`
#sed -i ''$delete' r s/^/#/' /home/test1/
#cp /etc/init/ /home/test1
#num1=`grep -n "/sbin/shutdown" /home/test1/ | cut -d "" -f 1`
#sed -i ''$num' r s/^/#/' /home/test1/
#a=`cat -n /home/test1/|grep -v "#" | grep "/sbin/shutdown" | awk '{print $1}'`
#text=`sed -n "$a"p /home/test1/`
#sed -i ''$a'c # '$text'' /home/test1/
a=`cat -n /home/test1/|grep -v "#" | grep /sbin/shutdown | awk '{print $1}'`
if [ -z $a ];then
echo ok
else
sed -i ''$a' s/^/#/' /home/test1/
fi
fi
echo ---------------------ok---------------------------------------
echo ------------------------grub and lilo key------------------------
grub="/home/test1/"
if [ ! -x "$grub" ];then
touch "$grub"
echo password=123456 >> "$grub"
else
echo password=123456 >> "$grub"
fi
lilo="/home/test1/"
if [ ! -x "$lilo" ];then
touch "$lilo"
echo password=123456 >> "$lilo"
else
echo password=123456 >> "$lilo"
fi
echo ---------------------ok--------------------------------------
echo ----------------------the history of mouthpasswd------------------
cd /etc
if [ -f profile ];then
cp /etc/profile /home/test1
#num=`sed -n /home/test1/profile | grep HISTFILESIZE | awk '{print $1}'`
#/home/test1/profile | sed $num'c HISTFILESIZE=5'
echo "HISTFILESIZE=5" >> /home/test1/profile
echo "ulimit -S -c unlimited" >> /home/test1/profile
fi
echo -------------------------ok---------------------
echo ------------------------issue-----------------
#issu="/etc/"
cd /etc
if [ -f ];then
cp /home/test1/
echo ok
fi
echo ok
if [ -f issue ];then
cp issue /home/test1/
echo ok
fi
echo -----------------------allow/deny ip-------------------
cd /etc
if [ -f ];then
cp /etc/ /home/test1
echo "all:172.18.12.:all" >> /home/test1/
echo "sshd:172.18.12.:all" >> /home/test1/
fi
cd /etc
if [ -f ];then
cp /etc/ /home/test1
echo "all:all" >> /home/test1/
fi
echo -----------------ok------------------------
#/etc//xinetd restart
echo -----------------------------core dump-------------------
cd /etc/security
if [ -f ];then
cp /etc/security/ /home/test1
echo "*soft core 0" >> /home/test1/
echo "*hard core 0" >> /home/test1/
fi
echo --------------ok-------------------------
echo ----------------------------passwdrepeat---------------------
cd /etc/
if [ -f system-auth ];then
cp /etc//system-auth /home/test1
#num=`grep -n "md5" /home/test1/system-auth | cut -d ":" -f 1`
#sed -i ''$num' r s/$/ remember=5' /home/test1/system-auth
kk=`cat -n /home/test1/system-auth | grep -v ".*#.*"| grep md5|awk '{print $1}'`
echo $kk
version="password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=500"
sed -i ""$kk"c $version" /home/test1/system-auth
letter=`cat -n /home/test1/system-auth |grep password | grep requisite | awk '{print $1}'`
sed -i ''$letter's/pam_cracklib.so/& ucredit=-1 lcredit=-1 dcredit=-1 /' /etc//system-auth
fi
echo -----------------ok--------------------
echo --------------------超出退出--------------
cd /etc
if [ -f profile ];then
cp /etc/profile /home/test1
echo "export TMOUT=600" >> /home/test1/profile
fi
echo ------------------ok-------------------
echo ------------------权限-------------------
chmod 644 /etc/passwd
chmod 644 /etc/group
chmod 400 /etc/shadow
#chmod 600 /etc/
chmod 644 /etc/services
chmod 600 /etc/security
chmod 600 /etc/
chmod 600 /boot/grub/
chmod 600 /etc/
echo ------------------unmask--------------------
cp /etc/ /home/test1
cp /etc/ /home/test1
cp /etc/bashrc /home/test1
cp /etc/profile /home/test1
sed -i '11 s/.*umask.*/umask 077/' /home/test1/
sed -i '58 s/.*umask.*/umask 077/' /home/test1/
sed -i '66 s/.*UMASK.*/UMASK 077/' /home/test1/bashrc
sed -i '62s/.*umask.*/umask 077/' /home/test1/profile
echo --------------------before login banner-------------------
cd /etc
if [ -f ssh_banner ];then
touch /etc/ssh_banner
chown bin:bin /etc/ssh_banner
chmod 644 /etc/ssh_banner
echo "Authorized activity will be monitored and reported" > /etc/ssh_banner
fi
echo -----------------------ok----------------------------
echo -------------------stop root ssh login------------------
cp /etc//login /home/test1
echo "auth required pam_securetty.so" >> /home/test1/login
cp /etc/ssh/sshd_config /home/test1
echo "Banner /etc/ssh_banner" >> /home/test1/sshd_config
echo "PermitRootLogin no" >> /home/test1/sshd_config
service sshd restart
echo -------------------------ok-------------------
echo --------------------openssh----------------------------
openssh=`cat -n /home/test1/sshd_config | grep -v ".*#.*"| grep Protocol |awk '{print $1}'`
sed -i ''$openssh's/.*Protocol.*/Protocol 2/' /home/test1/sshd_config
echo -------------ok---------------------------