宝塔提示安全风险修复脚本
sed -i 's/try_first_pass use_authtok/try_first_pass use_authtok remember=5/' /etc/pam.d/system-auth
chmod u-s /usr/bin/chage /usr/bin/gpasswd /usr/bin/wall /usr/bin/chfn /usr/bin/chsh /usr/bin/newgrp /usr/bin/write /usr/sbin/usernetctl /bin/mount /bin/umount /sbin/netreport
chmod g-s /usr/bin/wall /usr/bin/write /sbin/netreport
sed -i '/PASS_MIN_DAYS/s/0/7/' /etc/login.defs
chage --mindays 7 root
sed -i '/PASS_MAX_DAYS/s/99999/90/' /etc/login.defs
chage --maxdays 90 root
sed -i 's/# minclass = 0/minclass = 3/' /etc/security/pwquality.conf
sed -i 's/^#ClientAliveInterval 0/ClientAliveInterval 600/' /etc/ssh/sshd_config
chmod 600 /boot/grub2/grub.cfg&&chown root /boot/grub2/grub.cfg
chmod 600 /boot/grub/grub.cfg&&chown root /boot/grub/grub.cfg
echo "tmout=300">>/etc/profile
source /etc/profile
echo "net.ipv4.tcp_syncookies=1">>/etc/sysctl.conf
sysctl -p
echo "Protocol 2">>/etc/ssh/sshd_config
sed -i 's/133:022/177:077/' /www/server/pure-ftpd/etc/pure-ftpd.conf
sed -i "8a alias ls='ls -alh'" /root/.bashrc
sed -i "8a alias rm='rm -i'" /root/.bashrc
source /root/.bashrc
以上脚本用来修复宝塔上面提示的系统安全风险,仅在centos7上面做过测试,其它系统请自行测试