一:
(http://blog.51cto.com/haoyonghui/2071343)
搭建简易的堡垒机:
yum install -y bzip2
yum install gcc* cc* cl*
wget https://olivier.sessink.nl/jailkit/jailkit-2.19.tar.bz2
tar jxvf jailkit-2.19.tar.bz2
cd jailkit-2.19
./configure && make && make install
mkdir /home/jail
jk_init -v -j /home/jail/ basicshell
jk_init -v -j /home/jail/ editors
jk_init -v -j /home/jail/ netutils
jk_init -v -j /home/jail/ ssh
mkdir /home/jail/usr/sbin
cp /usr/sbin/jk_lsh /home/jail/usr/sbin/jk_lsh
useradd zhangsan
passwd zhangsan
jk_jailuser -m -j /home/jail zhangsan
vim /home/jail/etc/passwd
//把zhangsan那一行的/usr/sbin/jk_lsh改为/bin/bash
跳板机安装完成。
然后设置再在跳板机设置:
[root@192 ~]# vim /etc/hosts.allow
[root@192 ~]# vim /etc/hosts.deny
二:
日志审计:
以下操作是需要在所有被登录机器上做的:
mkdir /usr/local/records
chmod 777 !$
chmod +t !$
vi /etc/profile //添加:
if [ ! -d /usr/local/records/${LOGNAME} ]
then
mkdir -p /usr/local/records/${LOGNAME}
chmod 300 /usr/local/records/${LOGNAME}
fi
export HISTORY_FILE="/usr/local/records/${LOGNAME}/bash_history"
export PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE'