-
CentOS 7服务器部署加固(centos7iso 服务器安装)
- 网站名称:CentOS 7服务器部署加固(centos7iso 服务器安装)
- 网站分类:技术文章
- 收录时间:2025-07-13 17:06
- 网站地址:
“CentOS 7服务器部署加固(centos7iso 服务器安装)” 网站介绍
部署加固
一、相关脚本
1、环境基本工具脚本
base.sh
#!/bin/bash
#有时下载不下来,添加一个国内ip就好
echo "nameserver 114.114.114.114" >> /etc/resolv.conf
source /etc/resolv.conf
#工具包
yum install -y gcc gcc-c++ tar ncurses-devel bison autoconf cmake vim pcre-devel zlib-devel
echo "基础环境安装完毕"2、jdk安装脚本
install_jdk.sh
#!/bin/bash
cd /usr/local/java
tar -zxvf jdk-8u191-linux-x64.tar.gz
cd jdk1.8.0_191
home=`pwd`
echo $home
echo "JAVA_HOME=${home}" >> /etc/profile
echo "CLASSPATH=\$JAVA_HOME/lib" >> /etc/profile
echo "PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile
echo "export JAVA_HOME CLASSPATH PATH" >> /etc/profile#配置完成,下面的是测试
source /etc/profile
echo "java版本为:"
java -version
echo "jdk安装完毕"所有红色部分根据实际情况修改
3、nginx安装脚本
install_nginx.sh
#!/bin/bash
cd /usr/local
tar -zxvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure --prefix=/usr/local/nginx --with-http_stub_status_module
make
make installecho "nginx安装完毕"
4、服务器加固脚本
fasten.sh
#!/bin/bash
#密钥,根据实际情况更改
cat /root/.ssh/172.20.134.181.pub >> /root/.ssh/authorized_keys
sed -i "s/^#RSAAuthentication.*/RSAAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
echo "密钥配置完成"
#定时断开
sed -i "s/^#ClientAliveInterval.*/ClientAliveInterval 180/g" /etc/ssh/sshd_config
systemctl restart sshd
echo "定时断开"
#防火墙
systemctl status firewalld
systemctl enable firewalld
echo "防火墙开启"
timedatectl
echo "加固完毕"此处没有禁用密码登录,所有操作完成后再禁用
5、远程文件拷贝脚本(根据需要拷贝文件)
scp.sh
#!/bin/bash
#将机器的ip与密码分别存于下面两个文件中,每个一行
exec 3<"hosts.txt"
exec 4<"mima.txt"
while read line1<&3 && read line2<&4
do
/usr/bin/expect<<EOF
set timeout 2
spawn ssh root@${line1} "mkdir /usr/local/java;echo java目录创建完成"
expect " (yes/no)?" { exp_send "yes\r"; exp_continue }
expect "password:"
send "${line2}\r"
expect "java目录创建完成"
#拷贝密钥
set timeout -1
spawn scp -r /root/.ssh/172.20.134.181.pub root@${line1}:/root/.ssh
expect "password:"
send "${line2}\r"
expect "100%"
spawn scp -r /root/.ssh/172.20.134.181 root@${line1}:/root/.ssh
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝jdk
spawn scp -r /usr/local/java/jdk-8u191-linux-x64.tar.gz root@${line1}:/usr/local/java
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝nginx
spawn scp -r /usr/local/nginx-1.16.0.tar.gz root@${line1}:/usr/local
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝基础环境安装脚本
spawn scp -r /usr/local/java/base.sh root@${line1}:/usr/local
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝jdk安装脚本
spawn scp -r /usr/local/java/install_jdk.sh root@${line1}:/usr/local/java
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝nginx安装脚本
spawn scp -r /usr/local/java/install_nginx.sh root@${line1}:/usr/local
expect "password:"
send "${line2}\r"
expect "100%"
#拷贝部署加固脚本
spawn scp -r /usr/local/fasten.sh root@${line1}:/usr/local
expect "password:"
send "${line2}\r"
expect "100%"
EOF
done
6、远程执行脚本(根据需要执行)
start.sh
#!/bin/bash
#将机器的ip与密码分别存于下面两个文件中,每个一行
exec 3<"hosts.txt"
exec 4<"mima.txt"
while read line1<&3 && read line2<&4
do
/usr/bin/expect<<EOF
#基础环境
set timeout -1
spawn ssh root@${line1} "cd /usr/local;chmod 744 base.sh;sh base.sh"
expect "password:"
send "${line2}\r"
expect "基础环境安装完毕"
#安装jdk
set timeout -1
spawn ssh root@${line1} "cd /usr/local/java;chmod 744 install_jdk.sh;sh install_jdk.sh"
expect "password:"
send "${line2}\r"
expect "jdk安装完毕"
#安装nginx
set timeout -1
spawn ssh root@${line1} "cd /usr/local;chmod 744 install_nginx.sh;sh install_nginx.sh"
expect "password:"
send "${line2}\r"
expect "nginx安装完毕"
#部署加固
set timeout -1
spawn ssh root@${line1} "cd /usr/local;chmod 744 fasten.sh;sh fasten.sh"
expect "password:"
send "${line2}\r"
expect "加固完毕"
EOF
done
二、具体操作
1、准备文件
选择一台能用ssh命令连接至其他机器的服务器,安装expect
yum install expect
将需要的密钥、安装包、脚本、存储ip与密码的文本准备好,密钥置于/root/.ssh目录下,jdk安装包和install_jdk.sh置于/usr/local/java下,其他的置于/usr/local目录下。
hosts.txt示例
mima.txt示例
2、将文件拷贝至远程服务器
chmod 744 scp.sh
sh scp.sh
拷贝哪些文件及拷贝至哪些服务器根据需要更改
3、执行远程服务器上的安装脚本
chmod 744 start.sh
sh start.sh
4、执行禁用密码登录脚本
确认所有操作完成后,禁用密码登录
refuse_password.sh
#!/bin/bash
exec 3<"hosts.txt"
exec 4<"mima.txt"
while read line1<&3 && read line2<&4
do
/usr/bin/expect<<EOF
spawn ssh root@${line1} " sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config;systemctl restart sshd;echo 禁用完毕"
expect "password:"
send "${line2}\r"
expect "禁用完毕"
EOF
done
执行如下命令:
chmod 744 refuse_password.sh
sh refuse_password.sh
补充说明
如果在禁用密码登录后仍然需要使用脚本统一安装软件,可以将
ssh root@${line1}
命令换成
ssh -i /root/.ssh/172.20.134.181 root@${line1}
去掉如下两行
expect "password:"
send "${line2}\r"
执行前更改密钥权限
chmod 600 /root/.ssh/172.20.134.181
更多相关网站
- 初探GraalVM(初探和攻坚罗特斯的区别)
- 2020最新整理JAVA面试题附答案,包含19个模块共208道面试题
- JVM crash了,怎么办(jvm exited while loading the application)
- Es如何落地(全新es预售配置)
- Java容器化参数配置最佳实践(java容器化部署)
- 你的环境有问题吧?--byte数组转字符串的疑惑
- 解密阿里线上问题诊断工具Arthas和jvm-sandbox
- Flink on Yarn三部曲之一:准备工作
- 大数据开发学习最全汇总(大数据开发学什么内容)
- 2023年200多道Java基础面试题(java基础面试题目)
- 完全零基础入门Fastjson系列漏洞(fastjson反序列化漏洞 工具)
- log4j2 JNDI注入分析笔记(log4j.additivity)
- 谈JVM xmx, xms等内存相关参数合理性设置
- 大促系统优化之应用启动速度优化实践
- Linux-常用操作命令介绍(linux常用命令详解)
- 用于处理 PDF 文档的开放源码 Java 工具
- 干货:MAC上轻松搞定查看Java汇编代码
- YARN 资源调度器 CapacityScheduler 原理
- 最近发表
- 标签列表
-
- mydisktest_v298 (35)
- sql 日期比较 (33)
- document.appendchild (35)
- 头像打包下载 (35)
- 二调符号库 (23)
- acmecadconverter_8.52绿色版 (25)
- 流星蝴蝶剑修改器 (18)
- np++ (17)
- 梦幻诛仙表情包 (36)
- 魔兽模型 (23)
- java面试宝典2019pdf (26)
- disk++ (30)
- vncviewer破解版 (20)
- word文档批量处理大师破解版 (19)
- pk10牛牛 (20)
- 加密与解密第四版pdf (29)
- iteye (26)
- parsevideo (22)
- ckeditor4中文文档 (20)
- centos7.4下载 (32)
- cuda10.1下载 (22)
- intouch2014r2sp1永久授权 (33)
- usb2.0-serial驱动下载 (24)
- 魔兽争霸全图 (21)
- jdk1.8.0_191下载 (27)