08 May 2011

Code for Test-LockdownPart3.sh

[This was originally posted as a Facebook Note on 8 March 2011. Further, the entirety of the note is a *nix script meant to be applied on CentOS 5.5] 

#!/bin/bash -x

# This I got mostly out of the wiki.centos.org hardening how-to. This just puts part of what works into a shell script.

echo "Require the root pw when booting into single user mode" >> /etc/inittab
echo "~~:S:wait:/sbin/sulogin" >> /etc/inittab
echo "Don't allow any nut to kill the server"
perl -npe 's/ca::ctrlaltdel:\/sbin\/shutdown/#ca::ctrlaltdel:\/sbin\/shutdown/' -i /etc/inittab
echo "Disabling USB Mass Storage"
echo "blacklist usb-storage" > /etc/modprobe.d/blacklist-usbstorage
echo "tty1" > /etc/securetty
chmod 700 /root
echo "Passwords expire every 45 days"
perl -npe 's/PASS_MAX_DAYS\s+99999/PASS_MAX_DAYS 45/' -i /etc/login.defs
echo "Passwords may only be changed once a day"
perl -npe 's/PASS_MIN_DAYS\s+0/PASS_MIN_DAYS 1/g' -i /etc/login.defs
echo "Changing Password Algorithm"
authconfig --passalgo=sha512 --update

No comments:

Post a Comment