Documentation ¶
Index ¶
Constants ¶
View Source
const ( SetTMOUTShell = `` /* 161-byte string literal not displayed */ SetPasswdPolicyShell = `` /* 1080-byte string literal not displayed */ DenySSHRootLoginShell = ` sed -i "/PermitRootLogin/d" /etc/ssh/sshd_config echo "PermitRootLogin no" >> /etc/ssh/sshd_config service sshd restart ` HardenSystemLogShell = ` touch /var/log/secure chown root:root /var/log/secure chmod 600 /var/log/secure ` DenySSHUseDnsShell = ` sed -i "/UseDNS/d" /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config service sshd restart ` DenySSHdAgentForwardingShell = `` /* 226-byte string literal not displayed */ DeleteCommonUserCronShell = ` rm -f /etc/cron.deny ` DeleteZombieProcessCronShell = `` /* 231-byte string literal not displayed */ HideOSVersionShell = ` mv /etc/issue /etc/issue.bak || true mv /etc/issue.net /etc/issue.net.bak || true ` UnsetRebootByKeyBoardShell = ` rm -rf /usr/lib/systemd/system/ctrl-alt-del.target || true ` UnsetICMPTimeStampShell = `` /* 229-byte string literal not displayed */ LockKeyFileShell = `` /* 160-byte string literal not displayed */ )
Variables ¶
Functions ¶
Types ¶
type ExternalItem ¶
type ExternalItem struct { Harden struct { Common struct { DenyPing bool `yaml:"denyPing"` DenyICMPTimeStamp bool `yaml:"denyICMPTimeStamp"` DenyRebootByKeyBoard bool `yaml:"denyRebootByKeyBoard"` DelUnusedUser bool `yaml:"delUnusedUser"` HideOSVersion bool `yaml:"hideOSVersion"` LockKeyFile bool `yaml:"lockKeyFile"` SetTMOUT bool `yaml:"setTMOUT"` SetPasswdPolicy bool `yaml:"setPasswdPolicy"` SetSysLog bool `yaml:"setSysLog"` PasswdErrRetryCount int `yaml:"passwdErrRetryCount"` SudoUser SudoUser `yaml:"sudoUser"` UnuseUsers []string `yaml:"unuseUsers"` } `yaml:"common"` Ssh SSHItem `yaml:"ssh"` Cron struct { DelCommonUserCron bool `yaml:"delCommonUserCron"` SetDelZombieProcessCron bool `yaml:"setDelZombieProcessCron"` } `yaml:"cron"` } `yaml:"harden"` }
type InternalItem ¶
type InternalItem struct { DenyPing bool DenyICMPTimeStamp bool DenyRebootByKeyBoard bool DelUnusedUser bool HideOSVersion bool LockKeyFile bool SetTMOUT bool SetPasswdPolicy bool SetSysLog bool PasswdErrRetryCount int UnUseUsers []string // ssh DenySSHUseDns bool DenySSHAgentForwarding bool DenyRootLogin bool ModifyServePort int // sudo user SetSudoUser bool SudoUser string SudoPasswd string // cron DelCommonUserCron bool SetDelZombieProcessCron bool }
type Object ¶
type Object struct { Servers []runner.ServerInternal B []byte LocalRun bool SkipConfirm bool Logger *logrus.Logger HardenItem ExternalItem InternalItem // contains filtered or unexported fields }
Object 加固对象
Click to show internal directories.
Click to hide internal directories.