RHEL7 基线检查修复脚本

服务器在做基线安全检查的时候,检测出无用账户和限制ip登录ssh,还有日志审计。下面有个偷懒的脚本 = =

#!/bin/bash
echo "Lock user sync and halt"
passwd -l sync
passwd -l halt
echo "Check account status"

check_halt_result=`passwd -S halt`
if [[ $check_halt_result =~ "LK" ]]
then
    echo "[INFO]: halt has been locked"
else
    echo "[ERR]: halt has not been locked!"
fi

check_sync_result=`passwd -S sync`
if [[ $check_sync_result =~ "LK" ]]
then
    echo "[INFO]: sync has been locked"
else
    echo "[ERR]: sync has not been locked!"
fi

echo "setup iptables to limit ssh connection!"
iptables -I INPUT -s 1.1.1.0/24 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -s 2.2.2.2 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

echo "Start audit service"
systemctl start auditd
systemctl enable auditd
systemctl status auditd

以上脚本只是做一个记录,应付检查使用, -_-||