authconfig --passminlen=8 --update authconfig --enablereqdigit --update authconfig --enablereqlower --update authconfig --enablerequpper --update authconfig --enablereqother --update sed -i 's/password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok/password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5/' /etc/pam.d/system-auth sed -i 's/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=/password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= enforce_for_root/' /etc/pam.d/system-auth sed -i '/PASS_MAX_DAYS/ s/99999/90/' /etc/login.defs sed -i '/PASS_MIN_DAYS/ s/0/14/' /etc/login.defs sed -i '/PASS_WARN_AGE/ s/7/14/' /etc/login.defs echo " Authorized users only! All activity may be monitored and reported! " > /etc/motd echo " Be sure you are authorized to access this system! " > /etc/issue echo " Be sure you are authorized to access this system! " > /etc/issue.net echo "UseDNS no" >> /etc/ssh/sshd_config echo "Banner /etc/issue.net" >> /etc/ssh/sshd_config echo "Protocol 2" >> /etc/ssh/sshd_config sed -i '/#PermitRootLogin yes/aPermitRootLogin no' /etc/ssh/sshd_config systemctl restart sshd.service sed -i 's/umask 022/umask 027/' /etc/profile echo "export TMOUT=300" >> /etc/profile systemctl stop kdump.service systemctl disable kdump.service systemctl stop firewalld.service systemctl disable firewalld.service systemctl disable avahi-daemon systemctl disable cups systemctl disable nfs systemctl disable nfs-server systemctl disable rpcbind systemctl disable vsftpd systemctl disable snmpd systemctl disable rsyncd systemctl disable dhcpd systemctl disable slapd systemctl disable named systemctl disable httpd systemctl disable doveco systemctl disable smb systemctl disable squid systemctl disable ypserv systemctl disable rsh.socket systemctl disable rlogin.socket systemctl disable rexec.socket systemctl disable ntalk systemctl disable telnet.socket systemctl disable tftp.socket systemctl list-unit-files |egrep "^firewalld|^post|^NetworkManager" |awk '{print $1}'|sed -r 's#(.*)#systemctl disable &#g'|bash sed -i 's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config rm -f /usr/lib/systemd/system/ctrl-alt-del.target echo 'HISTTIMEFORMAT="<%F %T>: " ' >> /etc/profile echo 'HISTFILESIZE=2000' >> /etc/profile echo 'HISTSIZE=2000' >> /etc/profile echo '*.err;auth.info /var/adm/messages' >> /etc/rsyslog.conf echo '* soft nofile 409600' >> /etc/security/limits.conf echo '* hard nofile 409600' >> /etc/security/limits.conf sed -i 's/* soft nproc 4096/#* soft nproc 4096/' /etc/security/limits.d/20-nproc.conf