系统-等保三级-CentOS Linux 7合规基线检查 shell脚本

系统-等保三级-CentOS Linux 7合规基线检查 shell脚本

#!/bin/bash
# 基于阿里云最佳实践安全实践的CentOS Linux 7基线标准
# 系统-等保三级-CentOS Linux 7合规基线检查

# 修改密码最大有效期为180天
sed -i.bak -e 's/^\(PASS_MAX_DAYS\).*/\1   180/' /etc/login.defs
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi
chage --maxdays 180 root
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi

# 修改两次修改密码的最小间隔时间为7天
sed -i.bak -e 's/^\(PASS_MIN_DAYS\).*/\1   7/' /etc/login.defs
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi
chage --mindays 7 root
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi



# 修改密码必须包含四种字符
sed -i 's/# minclass = 0/minclass = 3/g' /etc/security/pwquality.conf
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi


# 修改密码最短为9位
sed -i 's/# minlen = 9/minlen = 9/g' /etc/security/pwquality.conf
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi


# 密码设置及登陆控制文件/etc/pam.d/password-auth 禁止使用最近用过的5个密码 remember=5
sed -i 's/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5/g' /etc/pam.d/password-auth
if [ "$?" == 0 ]
then
   echo -e "\033[32m True \033[0m"
else
   echo -e "\033[31m False \033[0m"
fi

# 密码设置及登陆控制文件/etc/pam.d/system-auth 禁止使用最近用过的5个密码 remember=5
sed -i 's/password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password    sufficient