windows2003安全加固脚本
@echo off
title= Windwos/index.html' target='_blank'>Windows Security
echo.
echo *******************************************************************************
echo. Common Security Configuration For Windows Server 2003
echo *******************************************************************************
echo.
echo.
rem 删除不必要的文件
del /Q /F C:\WINDOWS\Web\printers\*.*
del /Q /F C:\WINDOWS\system32\inetsrv\iisadmpwd\*.*
rd C:\WINDOWS\Web\printers\ /S /Q
rd C:\WINDOWS\help\iishelp\ /S /Q
rem 设置脚本宿主
cscript //h:cscript
rem 安装windows install服务
msiexec /regserver
regsvr32 msxml3.dll /s
rem 设置每个磁盘分区的权限
cd\
echo y | cacls C: /C /E /G administrators:F system:F
rem cacls /C D: /G administrators:F system:F
rem cacls /C E: /G administrators:F system:F
rem 设置关键目录的权限
echo y | cacls %SYSTEMROOT% /G administrators:F system:F users:C
echo y | cacls %SYSTEMROOT%\Temp /G administrators:F system:F everyone:F
rem 清除关键目录everyone权限
echo y | cacls C:\Docume~1 /E /R everyone
echo y | cacls C:\Docume~1\alluse~1 /E /R everyone
echo y | cacls C:\Docume~1\alluse~1\applic~1 /E /R everyone
echo y | cacls C:\Docume~1\defaul~1 /E /R everyone
echo y | cacls %SYSTEMROOT%\Installer /E /R everyone
echo y | cacls %SYSTEMROOT%\PCHealth /E /R everyone
for %%i in (
%SYSTEMROOT%\regedit.exe
%SYSTEMROOT%\system32\net.exe
%SYSTEMROOT%\system32\telnet.exe
%SYSTEMROOT%\system32\cmd.exe
%SYSTEMROOT%\system32\tftp.exe
%SYSTEMROOT%\system32\netstat.exe
%SYSTEMROOT%\system32\attrib.exe
%SYSTEMROOT%\system32\cacls.exe
%SYSTEMROOT%\system32\format.com
%SYSTEMROOT%\system32\regsvr32.exe
%SYSTEMROOT%\system32\xcopy.exe
%SYSTEMROOT%\system32\wscript.exe
%SYSTEMROOT%\system32\cscript.exe
%SYSTEMROOT%\system32\ftp.exe
%SYSTEMROOT%\system32\arp.exe
%SYSTEMROOT%\system32\edlin.exe
%SYSTEMROOT%\system32\ping.exe
%SYSTEMROOT%\system32\route.exe
%SYSTEMROOT%\system32\finger.exe
%SYSTEMROOT%\system32\posix.exe
%SYSTEMROOT%\system32\atsvc.exe
%SYSTEMROOT%\system32\qbasic.exe
%SYSTEMROOT%\system32\runonce.exe
%SYSTEMROOT%\system32\syskey.exe
%SYSTEMROOT%\system32\command.com
%SYSTEMROOT%\system32\edit.com
%SYSTEMROOT%\system32\tree.com
%SYSTEMROOT%\system32\at.exe
%SYSTEMROOT%\system32\find.exe
%SYSTEMROOT%\system32\fc.exe
%SYSTEMROOT%\system32\nbtstat.exe
%SYSTEMROOT%\system32\netsh.exe
%SYSTEMROOT%\system32\notepad.exe
%SYSTEMROOT%\system32\tasklist.exe
%SYSTEMROOT%\system32\taskkill.exe
%SYSTEMROOT%\system32\dllcache\regedit.exe
%SYSTEMROOT%\system32\dllcache\net.exe
%SYSTEMROOT%\system32\dllcache\telnet.exe
%SYSTEMROOT%\system32\dllcache\cmd.exe
%SYSTEMROOT%\system32\dllcache\tftp.exe
%SYSTEMROOT%\system32\dllcache\netstat.exe
%SYSTEMROOT%\system32\dllcache\attrib.exe
%SYSTEMROOT%\system32\dllcache\cacls.exe
%SYSTEMROOT%\system32\dllcache\format.com
%SYSTEMROOT%\system32\dllcache\regsvr32.exe
%SYSTEMROOT%\system32\dllcache\xcopy.exe
%SYSTEMROOT%\system32\dllcache\wscript.exe
%SYSTEMROOT%\system32\dllcache\cscript.exe
%SYSTEMROOT%\system32\dllcache\ftp.exe
%SYSTEMROOT%\system32\dllcache\arp.exe
%SYSTEMROOT%\system32\dllcache\edlin.exe
%SYSTEMROOT%\system32\dllcache\ping.exe
%SYSTEMROOT%\system32\dllcache\route.exe
%SYSTEMROOT%\system32\dllcache\finger.exe
%SYSTEMROOT%\system32\dllcache\posix.exe
%SYSTEMROOT%\system32\dllcache\atsvc.exe
%SYSTEMROOT%\system32\dllcache\qbasic.exe
%SYSTEMROOT%\system32\dllcache\runonce.exe
%SYSTEMROOT%\system32\dllcache\syskey.exe
%SYSTEMROOT%\system32\dllcache\command.com
%SYSTEMROOT%\system32\dllcache\edit.com
%SYSTEMROOT%\system32\dllcache\tree.com
%SYSTEMROOT%\system32\dllcache\at.exe
%SYSTEMROOT%\system32\dllcache\find.exe
%SYSTEMROOT%\system32\dllcache\fc.exe
%SYSTEMROOT%\system32\dllcache\nbtstat.exe
%SYSTEMROOT%\system32\dllcache\netsh.exe
%SYSTEMROOT%\system32\dllcache\notepad.exe
%SYSTEMROOT%\system32\dllcache\tasklist.exe
%SYSTEMROOT%\system32\dllcache\taskkill.exe
) do (
if exist "%%i" (
echo y | cacls %%i /G administrators:F system:F
)
)
rem 保存当前服务启动状态
net start > %systemroot%\security\services.txt
rem 设置自动启动的服务
sc config wuauserv start= auto
sc config PolicyAgent start= auto
sc config schedule start= auto
sc config NSClientpp start= auto
net start PolicyAgent
net start wuauserv
net start schedule
net start NSClientpp
net start winmgmt
rem 设置手动启动的服务
sc config winmgmt start= demand
sc config msdtc start= demand
rem 设置禁止启动的服务,停止启动的服务
for %%i in (
sharedaccess
helpsvc
Spooler
audiosrv
wmdmpmsn
Alerter
alg
TrkWks
seclogon
ShellHWDetection
lanmanserver
dmserver
Dhcp
lanmanworkstation
LmHosts
WZCSVC
RemoteRegistry
AeLookupSrv
Dnscache
ERSvc
Nla
SCardSvr
W32Time
w3svc
IISADMIN
SMTPSVC
TapiSrv
WinRM
dfs
ntfrs
CiSvc
mnmsrvc
clipsrv
netdde
NetDDEdsdm
lmhosts
tlntsvr
ups
themes
HidServ
Tssdis
stisvc
WmiApSrv
awhost32
fax
Browser
) do (
sc config %%i start= disabled
net stop %%i
) rem 设置每天3点自动重启
rem schtasks /create /ru system /sc daily /tn "restart" /st 03:00:00 /tr "shutdown -r -f -t 30"
rem 设置环境变量
rem reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v JAVA_HOME /t REG_SZ /d C:\jdk /f
rem reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v Path /t REG_EXPAND_SZ /d "%JAVA_HOME%\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;" /f
echo 开启远程桌面
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t reg_dword /d 0 /f
rem 修改远程桌面端口为9999
rem reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t reg_dword /d 9999 /f
rem reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t reg_dword /d 9999 /f
echo 关闭CD-ROM自动运行
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t reg_dword /d 255 /f
echo 显示文件扩展名
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 0 /f
echo 修改windows update为自动更新
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t reg_dword /d 1 /f
echo 华生医生设置为转储线程上下文
reg add HKLM\SOFTWARE\Microsoft\DrWatson /v AppendToLogFile /t reg_dword /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\DrWatson /v CreateCrashDump /t reg_dword /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\DrWatson /v WaveFile /t REG_EXPAND_SZ /d "" /f
echo 设置自动重新启动不发送管理警报
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v AutoReboot /t reg_dword /d 1 /f
reg add HKLM\SYSTEM\ControlSet001\Control\CrashControl /v SendAlert /t reg_dword /d 0 /f
echo 设置写入调试信息为无
reg add HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /v CrashDumpEnabled /t reg_dword /d 0 /f
echo 禁用错误报告
reg add HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting /v DoReport /t reg_dword /d 0 /f
reg add HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting /v ShowUI /t reg_dword /d 0 /f
echo 关机清理虚拟内存
reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v ClearPageFileAtShutdown /t reg_dword /d 1 /f
echo 不显示上次登录用户名
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v dontdisplaylastusername /t reg_dword /d 1 /f
echo 关闭445端口
reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters /v SMBDeviceEnabled /t reg_dword /d 0 /f
echo 防止小规模ddos攻击
reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SynAttackProtect /t reg_dword /d 1 /f
echo 禁止建立空连接
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t reg_dword /d 1 /f
echo 禁止SAM 账户和共享的匿名枚举
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymoussam /t reg_dword /d 1 /f
echo 禁止系统自动管理共享
reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareWks /t reg_dword /d 0 /f
echo 禁止系统自动共享
reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t reg_dword /d 0 /f
rem 自动关闭无响应程序
rem reg add "HKCU\Control Panel\Desktop" /v AutoEndTasks /t reg_sz /d 1 /f
echo 设置无法关闭程序等待时间
reg add "HKCU\Control Panel\Desktop" /v WaitToKillAppTimeout /t reg_sz /d 100 /f
reg add "HKCU\Control Panel\Desktop" /v HungAppTimeout /t reg_sz /d 500 /f
reg add HKLM\System\CurrentControlSet\Control /v WaitToKillServiceTimeout /t reg_sz /d 100 /f
echo 不需要按ctrl+alt+del
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system /v DisableCAD /t reg_dword /d 1 /f
echo 把显示“关闭事件跟踪程序” 更改为已禁用
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t reg_dword /d 0 /f
echo 禁止自动更新后不断的提示重启
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\windowsUpdate /v RebootRelaunchTimeoutEnabled /t reg_DWORD /d 1 /f
echo 禁止屏保
reg add "hkcu\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 0 /f
echo 是否起用WSUS服务器
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v UseWUServer /t REG_DWORD /d 1 /f
echo WSUS服务器设置
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUServer /t REG_SZ /d http://61.135.177.110 /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUStatusServer /t REG_SZ /d http://61.135.177.110 /f
echo 重新计划自动更新计划后的等待时间
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v RescheduleWaitTime /t REG_DWORD /d 10 /f
echo 自动更新安装后是否重新启动
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 0 /f
echo 是否启用自动更新
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 0 /f
echo 配置自动更新
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t REG_DWORD /d 4 /f
echo 计划安装日期
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /t REG_DWORD /d 0 /f
echo 计划安装时间
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /t REG_DWORD /d 3 /f
rem 重命名管理员以及来宾帐户名称
rem wmic useraccount where name='Administrator' call Rename admin
echo 禁用帐户
net user SQLDebugger /active:no
net user TsInternetUser /active:no
echo 设置当前目录为桌面
if exist %USERPROFILE%\桌面\ (
cd/D %USERPROFILE%\桌面\
) else (
cd/D %USERPROFILE%\desktop\
)
echo 生成windows组策略安全设置
if exist secinit.inf del secinit.inf /f
echo [Unicode] >secinit.inf
echo. >>secinit.inf
echo [Event Audit] >>secinit.inf
echo AuditSystemEvents = 3 >>secinit.inf
echo AuditLogonEvents = 3 >>secinit.inf
echo AuditObjectAccess = 2 >>secinit.inf
echo AuditPrivilegeUse = 2 >>secinit.inf
echo AuditPolicyChange = 3 >>secinit.inf
echo AuditAccountManage = 3 >>secinit.inf
echo AuditProcessTracking = 0 >>secinit.inf
echo AuditDSAccess = 2 >>secinit.inf
echo AuditAccountLogon = 3 >>secinit.inf echo [System Access] >>secinit.inf
echo MinimumPasswordAge = 0 >>secinit.inf
echo MaximumPasswordAge = 42 >>secinit.inf
echo MinimumPasswordLength = 12 >>secinit.inf
echo PasswordComplexity = 1 >>secinit.inf
echo PasswordHistorySize = 0 >>secinit.inf
echo LockoutBadCount = 5 >>secinit.inf
echo ResetLockoutCount = 20 >>secinit.inf
echo LockoutDuration = 20 >>secinit.inf
echo RequireLogonToChangePassword = 0 >>secinit.inf
echo ForceLogoffWhenHourExpire = 0 >>secinit.inf
echo ClearTextPassword = 0 >>secinit.inf
echo LSAAnonymousNameLookup = 0 >>secinit.inf
echo EnableAdminAccount = 1 >>secinit.inf
echo EnableGuestAccount = 0 >>secinit.inf echo [System Log] >> secinit.inf
echo MaximumLogSize = 16384 >> secinit.inf
echo AuditLogRetentionPeriod = 1 >> secinit.inf
echo RetentionDays = 30 >> secinit.inf echo [Security Log] >> secinit.inf
echo MaximumLogSize = 16384 >> secinit.inf
echo AuditLogRetentionPeriod = 1 >> secinit.inf
echo RetentionDays = 30 >> secinit.inf echo [Application Log] >> secinit.inf
echo MaximumLogSize = 16384 >> secinit.inf
echo AuditLogRetentionPeriod = 1 >> secinit.inf
echo RetentionDays = 30 >> secinit.inf echo [File Security] >> secinit.inf
echo "c:\boot.ini",2,"D:P(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "c:\ntdetect.com",2,"D:P(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "c:\ntldr",2,"D:P(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "c:\ntbootdd.sys",2,"D:P(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "c:\autoexec.bat",2,"D:P(A;;GXGR;;;BU)(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "c:\config.sys",2,"D:P(A;;GXGR;;;BU)(A;;GXGR;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)" >> secinit.inf
echo "%ProgramFiles%",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)(A;;GXGR;;;WD)" >> secinit.inf
echo "%SystemRoot%\explorer.exe",2,"D:(A;;GXGR;;;WD)" >> secinit.inf
echo "%SystemRoot%\CSC",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\debug",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\Offline Pages",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\Profiles",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\Registration",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\repair",2,"D:P(A;CI;GXGR;;;BU)(A;CI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\Tasks",1,"D:AR" >> secinit.inf
echo "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;BU)(A;CI;0x100026;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\addins",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\Connection Wizard",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\Driver Cache",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\java",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\msagent",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\security",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\speech",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\twain_32",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf
echo "%SystemRoot%\Web",2,"D:P(A;OICI;GXGR;;;BU)(A;OICI;GXGR;;;PU)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)(A;OICI;GA;;;CO)" >> secinit.inf echo [Registry Values] >>secinit.inf
echo MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1 >> secinit.inf
echo MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1 >> secinit.inf echo [Privilege Rights] >>secinit.inf
echo SeNetworkLogonRight = Administrators >> secinit.inf
echo SeShutdownPrivilege = Administrators >> secinit.inf
echo SeRemoteShutdownPrivilege = Administrators >> secinit.inf
echo SeRemoteInteractiveLogonRight = Administrators >> secinit.inf
echo Seinteractivelogonright = Administrators >> secinit.inf echo [Version] >>secinit.inf
echo signature="$CHICAGO$" >>secinit.inf
echo Revision=1 >>secinit.inf
cls
echo 运行安全设置
move /y secinit.inf %systemroot%\security\templates\secinit.inf
echo y|secedit /configure /cfg %systemroot%\security\templates\secinit.inf /db %systemroot%\security\database\secinit.db /overwrite /log %systemroot%\security\logs\secinit.log
regsvr32 /s scecli.dll
echo 关闭默认共享
net share c$ /del
net share d$ /del
net share e$ /del
net share ipc$ /del
net share admin$ /del
del secinit.inf /f
windows2003安全加固脚本的更多相关文章
- linux--安全加固脚本
Linux安全加固配置 #! /bin/bash# copyright by hwb# Function:对账户的密码的一些加固read -p "设置密码最多可多少天不修改:" A ...
- windows2003安全加固
因为IIS的方便性和易用性,使它成为最受欢迎的Web服务器软件之一.但是,IIS的安全性却一直令人担忧.如何利用IIS建立一个安全的Web服务器,是很多人关心的话题.要创建一个安全可靠的Web服务器, ...
- 网安等保-Linux服务器之最新Ubuntu-22.04-LTS系统内核优化与安全加固配置脚本使用分享
关注「WeiyiGeek」公众号 设为「特别关注」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 本章目录 目录 0x00 前言 ...
- 完整的WindowsServer服务器系统初始化配置、安全策略加固和基线检查脚本等保2.0适用
转载自:https://www.bilibili.com/read/cv14326780?spm_id_from=333.999.0.0 0x00 前言简述 最近单位在做等保测评,由于本人从事安全运维 ...
- Ubuntu 系统服务器初始化配置、安全加固、内核优化和常用软件安装的Shell脚本分享
转载自:https://www.bilibili.com/read/cv13875402?spm_id_from=333.999.0.0 描述: 适用于企业内部 Ubuntu 操作服务器初始化.系统安 ...
- CentOS7 系统服务器初始化配置、安全加固、内核升级优化常用软件安装的Shell脚本分享
转载自:https://www.bilibili.com/read/cv13875630?spm_id_from=333.999.0.0 描述: 适用于企业内部 CentOS7 系列操作服务器初始化. ...
- 7.linux安全基线加固
本文大多截图出自于:http://c.biancheng.net/cpp/shell/ 现在大多数企业都是使用linux作为服务器,不仅是linux是开源系统,更是因为linux比windows更安全 ...
- linux安全加固项目
分享一个Linux加固脚本项目,可快速对服务器进行安全加固,顺便做下备忘,安全人员必须熟悉运维相关的知识! 支持的操作系统平台: Amazon 2013.03 Amazon 2013.09 Amazo ...
- shell脚本 阿里云基线检查一键配置
一.简介 源码地址 日期:2017/9/1 介绍:安全加固脚本,会符合阿里云基线检查.有幂等性,可重复执行 效果图: 二.使用 适用:centos6/7 语言:中文 注意:脚本是符合阿里云基线检查的配 ...
随机推荐
- opencv2学习:计算协方差矩阵
图像的高级处理中,协方差矩阵计算是必不可少的,但opencv关于这方面的资料却相当少. 首先,利用matlab计算一下,便于比较: >> data=[1,2,3;10,20,30] dat ...
- [CareerCup] 13.6 Virtual Destructor 虚析构函数
13.6 Why does a destructor in base class need to be declared virtual? 这道题问我们为啥基类中的析构函数要定义为虚函数.首先来看下面 ...
- DLL中调用约定和名称修饰(一)
DLL中调用约定和名称修饰(一) 调用约定(Calling Convention)是指在程序设计语言中为了实现函数调用而建立的一种协议.这种协议规定了该语言的函数中的参数传送方式.参数是否可变和由谁来 ...
- html5新增选择器
分享点html5的学习笔记,比较基础,突然发现通过写博客来记笔记有很多优点呢,平常记得笔记比较简单,复习起来比较吃力,看自己的博客理解起来还比较轻松,而且只有真正理解了才能表达清楚让别人看懂,还锻炼语 ...
- Mac无法找到摄像头问题解决
facetime显示“未检测到摄像头”之类的,重启后可能摄像头有工作正常了,摄像头不稳定 重置 NVRAM后恢复正常,据说机器卡的时候,此法也可以使用. https://support.apple.c ...
- 好玩的Prim算法
这段时间学算法,用JS实现了一个Prim,用于在连通图中找出最小树,具体内容.代码解析周末会不上,现在先把源码献上: <!DOCTYPE html> <html charset='G ...
- 自己写了个H5版本的俄罗斯方块
在实习公司做完项目后,实在无聊.就用H5写了几个游戏出来玩一下.从简单的做起,就搞了个经典的俄罗斯方块游戏. 先上效果: 上面的数字是得分,游戏没有考虑兼容性,只在chrome上测试过,不过大部分现代 ...
- SQL温故系列两篇(二)
.Sql 插入语句得到自动生成的递增的ID值 Insert into Table(name,des,num) values(’ltp’,’thisisbest’,10); Select @@ident ...
- [c#基础]集合foreach的必要条件和自定义集合
引言 最近翻看了之前的学习笔记,看到foreach,记得当时老师讲的时候,有点犯浑,不是很明白,这好比,上小学时,你不会乘法口诀,但是随着时间的增长,你不自觉的都会了,也悟出个小道理,有些东西,你当时 ...
- WCF入门 (14)
前言 上周去面试,跪了,这一年没什么长进,还是挺惭愧的. 得到的评语是:想的太多,做的太少. 做了一份面试题,最后一题是数据库的,写个查询.要查出Score有两次及两次以上超过79的Name和他的最高 ...