此脚本基于centos7和centos6编写:
仅供参考,切勿盲目复制执行
#!/bin/bash
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
export PATH
Centos7=$(uname -a | grep "el7" | wc -l)
Centos6=$(uname -a | grep "el6" | wc -l)
if [ $Centos7 == 1 ];
then
echo "System Centos 7 in reset kernel"
/bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "�33[31m Selinux�33[0m is already not running"
else
/bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0 2>&1 >/dev/null
echo -e "�33[31m Selinux �33[0m is already modify stop successful"
fi
################# <关闭多余用户> ##########################
userdel -r lp 2>&1 >/dev/null
userdel -r sync 2>&1 >/dev/null
userdel -r shutdown 2>&1 >/dev/null
userdel -r halt 2>&1 >/dev/null
userdel -r operator 2>&1 >/dev/null
userdel -r games 2>&1 >/dev/null
userdel -r gopher 2>&1 >/dev/null
chmod +s /bin/netstat
chmod 400 /etc/shadow
################# <系统内核安全> ##########################
ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l)
if [ $ipv4 -lt 2 ];
then
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
sysctl -p
else
echo "kernel already reset"
fi
hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l)
if [ $hosts -ne 1 ];
then
echo "insert sshd allow"
echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow
else
echo "sshd already reset"
fi
################## 《更改时区》###############################
TZ=`timedatectl |grep Time|awk {'print $3'}`
SH="Adsia/Shanghai"
if [ $TZ == $SH ];then
echo -e "�33[31m Timezone �33[0m is already "Asia/Shanghai""
else
rm -f /etc/localtime
cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "�33[31m Timezone �33[0m is already modify "Asia/Shanghai""
fi
################ <更改ssh端口和禁止root登录> #######################
Net=$(netstat -tulnp|grep 22502 | wc -l)
if [ $Net = 0 ];then
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i '/Port 22/aPort 22502' /etc/ssh/sshd_config
echo -e "�33[31m SSH's port 22 is already modify to 22502�33[0m"
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config
if [ $? -eq 0 ];then
systemctl restart sshd 2>&1 >/dev/null
echo -e "�33[31m SSH's service�33[0m has restart again"
fi
else
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
echo -e "�33[31m chage Use UseDns�33[0m"
PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
echo -e "ssh's port is �33[31m already modify $PORT�33[0m"
fi
############## <登录密码相关设置> #######################################
cp /etc/login.defs /etc/login.defs.bak
sed -i '/^PASS_MAX_DAYS/s/[0-9]{1,}/99999/g' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/s/[0-9]{1,}/7/g' /etc/login.defs
sed -i '/^PASS_MIN_LEN/s/[0-9]{1,}/12/g' /etc/login.defs
sed -i '/^PASS_WARN_AGE/s/[0-9]{1,}/30/g' /etc/login.defs
#########################################################################
username=$(id kyeroot | grep "uid=0" | wc -l)
if [ $username = 0 ];then
useradd kyeroot
echo "Aa+12345678" | passwd --stdin kyeroot
sed -i '/^kyeroot/s/[0-9]{1,}/0/g' /etc/passwd
sed -i '/^kyeroot/s/home/kyeroot/root/g' /etc/passwd
sed -i "/^root/s/bin/sbin/g" /etc/passwd
sed -i "/^root/s/bash/nologin/g" /etc/passwd
cp /etc/sudoers /etc/sudoers.bak
sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers
else
echo -e "�33[31m user kyeroot is exists�33[0m or �33[31m password is wrong�33[0m"
fi
useradd kyeadmin 2>&1 >/dev/null
d=$?
if [ $d -eq 0 ];then
echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
echo -e "�33[31m create user kyeadmin successful �33[0m"
echo -e "�33[31m create user passwd successful �33[0m"
else
echo -e "�33[31m user kyeadmin is exists�33[0m or �33[31m password is wrong�33[0m"
fi
############### <日志权限> #########################################
chattr +a /var/log/messages
if [ $? == "0" ];then
echo -e "�33[31m Already add "lsatrr +a"�33[0m for "/var/log/messages" "
else
echo -e "Add �33[31m "lsattr +a"�33[0m is failed,please check it!"
fi
find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} ;
echo -e "�33[31m modify "/var/log/*"�33[0m all files permission of "u-x,g-x,o-wx" successful"
chmod +x /etc/rc.local
null=$(grep "/dev/null" /etc/rc.local |wc -l)
if [ $null = 0 ];
then
echo "chmod 666 /dev/null" >> /etc/rc.local
else
echo "already reset /dev/null"
fi
############## <修改文件句柄数> ###################################
h=`ulimit -n`
if [ $h -ne 65535 ];then
ulimit -n 65535
grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
i=$? #判断“soft nofile 65536”是否存在
grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
j=$? #判断“hard nofile 65536”是否存在
k=$[i+j]
if [ $k -ne 0 ];then #同时判断“soft/hard nofile 65536”
cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
echo -e "�33[31m default ulimit is $h�33[0m,now ulimit is already modify 65535"
else
echo -e "�33[31m "soft nofile 65535 and hard nofile 65535"�33[0m is already configure,not to modify "
fi
else
echo -e "�33[31m default ulimit is 65535�33[0m,not modify"
fi
############# <防止暴力破解,提高系统安全性> ################################
grep "remember" /etc/pam.d/system-auth 2>&1 >/dev/null
o=$?
grep "unlock_time" /etc/pam.d/system-auth 2>&1 >/dev/null
p=$?
grep "pam_pwquality.so" /etc/pam.d/system-auth 2>&1 >/dev/null
w=$?
if [ $o -ne 0 ];then
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
sed -i "/sha512/s/use_authtok/use_authtok remember=4/g" /etc/pam.d/system-auth ###表示禁止使用最近用过的4个密码(己使用过的密码会被保存在 /etc/security/opasswd 下面)
echo -e "Configure "use_authtok remember=4" for /etc/pam.d/system-auth successful"
fi
if [ $w -ne 0 ];then
sed -i "/pam_pwquality.so/s/local_users_only/minclass=3/g" /etc/pam.d/system-auth
echo -e "Configure "use_authtok remember=4" for /etc/pam.d/system-auth successful"
fi
if [ $p -eq 0 ];then
echo "auth required pam_tally2.so even_deny_root deny=5 unlock_time=1800" >> /etc/pam.d/system-auth
echo -e "Configure "auth required pam_tally2.so even_deny_root deny=5 unlock_time=1800" for /etc/pam.d/system-auth successful"
fi
################# <设置shell会话超时退出> ##################################
n=`grep "TMOUT=" /etc/profile|cut -d "=" -f 2` #读取默认的超时的时间
l=`grep "TMOUT" /etc/profile`
if [ $? -ne 0 ];then ##判断TMOUT没有设置过超时配置
cp /etc/profile /etc/profile.bak
echo "TMOUT=300" >> /etc/profile
echo "export TMOUT" >> /etc/profile
# sed -i 's/^HISTSIZE=1000/HISTSIZE=30/g' /etc/profile
echo -e "�33[31m TMOUT �33[0m is already modify TMOUT=300"
else ##若是配置过超时命令,替换换默认超时时间
sed -i s/TMOUT=$n/TMOUT=300/g /etc/profile #替换默认超时时间为180
echo -e "�33[31m default TMOUT �33[0m is $n,TMOUT is already modify to 180s successful " #获取默认超时时间
# echo "export TMOUT" >> /etc/profile
fi
################# <禁止root ftp登录> #######################################
systemctl status vsftpd 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo "root" >> /etc/vsftpd/ftpusers
echo -e "�33[31m The ftp for root forbidden �33[0m successful"
else
echo -e "�33[31m The vsftpd �33[0m service not exists,not need to forbidden"
fi
############### <登录警告语> #############################################
grep "WARNING" /etc/motd 2>&1 >/dev/null
if [ $? -ne 0 ];then
echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
echo -e "�33[31m The motd �33[0m is add at /etc/motd successful"
else
echo -e "�33[31m The motd "WARNING" is exsits�33[0m,please check if need to modify again"
fi
################ <设置允许能su到root的用户> #################################
grep "SU_WHEEL_ONLY yes" /etc/login.defs && echo "Already set" || echo "SU_WHEEL_ONLY yes" >> /etc/login.defs
elif [ $Centos6 == 1 ]
then
echo "System Centos 6 in reset kernel"
################ 《关闭selinux》############################################
/bin/grep "SELINUX=disabled" /etc/selinux/config 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "�33[31m Selinux�33[0m is already not running"
else
/bin/sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
setenforce 0 2>&1 >/dev/null
echo -e "�33[31m Selinux �33[0m is already modify stop successful"
fi
################# <关闭多余用户> ##########################
userdel -r lp 2>&1 >/dev/null
userdel -r sync 2>&1 >/dev/null
userdel -r shutdown 2>&1 >/dev/null
userdel -r halt 2>&1 >/dev/null
userdel -r operator 2>&1 >/dev/null
userdel -r games 2>&1 >/dev/null
chmod +s /bin/netstat
chmod 400 /etc/shadow
################# <系统内核安全> ##########################
ipv4=$(grep "net.ipv4" /etc/sysctl.conf | wc -l)
if [ $ipv4 -lt 2 ];
then
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" >> /etc/sysctl.conf
echo "net.core.rmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.rmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.wmem_default = 256960" >> /etc/sysctl.conf
echo "net.core.wmem_max = 513920" >> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 2000" >> /etc/sysctl.conf
echo "net.core.somaxconn = 2048" >> /etc/sysctl.conf
echo "net.core.optmem_max = 81920" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 131072 262144 524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 8760 256960 4088000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 1800" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 30" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fack = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_window_scaling = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 2048" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_tw_buckets = 6000" >> /etc/sysctl.conf
sysctl -p
else
echo "kernel already reset"
fi
hosts=$(grep "sshd:10.80.80.100:allow" /etc/hosts.allow | wc -l)
if [ $hosts -ne 1 ];
then
echo "insert sshd allow"
echo 'sshd:10.80.80.100:allow' >> /etc/hosts.allow
else
echo "sshd already reset"
fi
################ 《更改时区》##############################################
/bin/grep "Asia/Shanghai" /etc/sysconfig/clock 2>&1 >/dev/null
if [ $? -eq 0 ];then
echo -e "�33[31m Timezone �33[0m is already "Asia/Shanghai""
else
rm -f /etc/localtime
cp -arp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo -e "�33[31m Timezone �33[0m is already modify "Asia/Shanghai""
fi
###############《更改ssh端口和禁止root登录》##############################
Net=$(netstat -tulnp|grep 22502 | wc -l)
if [ $Net = 0 ];then
cp -r /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -i '/port 22/aport 22502' /etc/ssh/sshd_config
echo -e "�33[31m SSH's port 22 is already modify to 22502�33[0m"
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
sed -i "s/^Subsystem/#Subsystem/g" /etc/ssh/sshd_config
sed -i "/^#Subsystem/aSubsystem sftp internal-sftp" /etc/ssh/sshd_config
if [ $? -eq 0 ];then
service sshd restart 2>&1 >/dev/null
echo -e "�33[31m SSH's service�33[0m has restart again"
fi
else
sed -i "s/#UseDNS/UseDNS/g" /etc/ssh/sshd_config
echo -e "�33[31m chage Use UseDns�33[0m"
PORT=`netstat -tulnp|grep 22 |awk {'print $4'}|head -n 1|cut -d : -f 2`
echo -e "ssh's port is �33[31m already modify $PORT�33[0m"
fi
############### 《禁止组合键关机》#######################################
/bin/grep ^exec /etc/init/control-alt-delete.conf 2>&1 >/dev/null
a=$? #判断是否关闭“exec /etc/init/control-alt-delete.conf”
/bin/grep ^start /etc/init/control-alt-delete.conf 2>&1 >/dev/null
b=$? #判断是否关闭"start on control-alt-delete"
c=$[a+b]
if [ $c -eq 2 ];then
echo -e "�33[31m "control-alt-delete" �33[0m modify is �33[31m failed �33[0m,or configure successful,please check it again"
else
cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.conf.bak
sed -i "/^start/s/start/#start/g" /etc/init/control-alt-delete.conf
sed -i "/^exec/s/exec/#exec/g" /etc/init/control-alt-delete.conf
echo -e "�33[31m “control-alt-delete”�33[0m is already modify stop successful"
fi
############# 《登录密码相关设置》##############################
cp /etc/login.defs /etc/login.defs.bak
sed -i '/^PASS_MAX_DAYS/s/[0-9]{1,}/90/g' /etc/login.defs
sed -i '/^PASS_MIN_DAYS/s/[0-9]{1,}/7/g' /etc/login.defs
sed -i '/^PASS_MIN_LEN/s/[0-9]{1,}/12/g' /etc/login.defs
sed -i '/^PASS_WARN_AGE/s/[0-9]{1,}/30/g' /etc/login.defs
############## 《新建用户》############################################
#u=`grep "^kyeroot" /etc/passwd | wc -l`
username=$(id kyeroot | grep "uid=0" | wc -l)
if [ $username = 0 ];then
useradd kyeroot
echo "Aa+12345678" | passwd --stdin kyeroot
sed -i '/^kyeroot/s/[0-9]{1,}/0/g' /etc/passwd
sed -i '/^kyeroot/s/home/kyeroot/root/g' /etc/passwd
sed -i "/^root/s/bin/sbin/g" /etc/passwd
sed -i "/^root/s/bash/nologin/g" /etc/passwd
cp /etc/sudoers /etc/sudoers.bak
sed -i '/^root/akyeroot ALL=(ALL) ALL' /etc/sudoers
else
echo -e "�33[31m user kyeroot is exists�33[0m or �33[31m password is wrong�33[0m"
fi
useradd kyeadmin 2>&1 >/dev/null
d=$?
if [ $d -eq 0 ];then
echo "Aa+12345678" |passwd --stdin kyeadmin 2>&1 >/dev/null
echo -e "�33[31m create user kyeadmin successful �33[0m"
echo -e "�33[31m create user passwd successful �33[0m"
else
echo -e "�33[31m user kyeadmin is exists�33[0m or �33[31m password is wrong�33[0m"
fi
############# 《日志权限》############################################
chattr +a /var/log/messages
if [ $? == "0" ];then
echo -e "�33[31m Already add "lsatrr +a"�33[0m for "/var/log/messages" "
else
echo -e "Add �33[31m "lsattr +a"�33[0m is failed,please check it!"
fi
find /var/log/ -type f -exec chmod u-x,g-x,o-wx {} ;
echo -e "�33[31m modify "/var/log/*"�33[0m all files permission of "u-x,g-x,o-wx" successful"
chmod +x /etc/rc.local
null=$(grep "/dev/null" /etc/rc.local |wc -l)
if [ $null = 0 ];
then
echo "chmod 666 /dev/null" >> /etc/rc.local
else
echo "already reset /dev/null"
fi
############# 《修改文件句柄数》######################################
h=`ulimit -n`
if [ $h -ne 65535 ];then
ulimit -n 65535
grep "* soft nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
i=$? #判断“soft nofile 65536”是否存在
grep "* hard nofile 65535" /etc/security/limits.conf 2>&1 >/dev/null
j=$? #判断“hard nofile 65536”是否存在
k=$[i+j]
if [ $k -ne 0 ];then #同时判断“soft/hard nofile 65536”
cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
echo -e "�33[31m default ulimit is $h�33[0m,now ulimit is already modify 65535"
else
echo -e "�33[31m "soft nofile 65535 and hard nofile 65535"�33[0m is already configure,not to modify "
fi
else
echo -e "�33[31m default ulimit is 65535�33[0m,not modify"
fi
############## 《防止暴力破解,提高系统安全性》######################
grep "remember" /etc/pam.d/system-auth 2>&1 >/dev/null
o=$?
p=`grep "unlock_time" /etc/pam.d/system-auth | wc -l`
if [ $o -ne 0 ];then
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
sed -i "/sha512/s/use_authtok/use_authtok remember=4/g" /etc/pam.d/system-auth ###表示禁止使用最近用过的4个密码(己使用过的密码会被保存在 /etc/security/opasswd 下面)
fi
if [ $p -lt 1 ];then
echo "auth required pam_tally2.so even_deny_root deny=5 unlock_time=1800" >> /etc/pam.d/system-auth
fi
############## 《设置shell会话超时退出》############################
n=`grep "TMOUT=" /etc/profile|cut -d "=" -f 2` #读取默认的超时的时间
l=`grep "TMOUT" /etc/profile`
if [ $? -ne 0 ];then ##判断TMOUT没有设置过超时配置
cp /etc/profile /etc/profile.bak
echo "TMOUT=300" >> /etc/profile
echo "export TMOUT" >> /etc/profile
# sed -i 's/^HISTSIZE=1000/HISTSIZE=30/g' /etc/profile
echo -e "�33[31m TMOUT �33[0m is already modify TMOUT=300"
else ##若是配置过超时命令,替换换默认超时时间
sed -i s/TMOUT=$n/TMOUT=300/g /etc/profile #替换默认超时时间为180
echo -e "�33[31m default TMOUT �33[0m is $n,TMOUT is already modify to 180s successful " #获取默认超时时间
# echo "export TMOUT" >> /etc/profile
fi
############## 《禁止root ftp登录》################################
if [ -f /etc/vsftpd/ftpusers ];then
p=`grep 'root' /etc/vsftpd/ftpusers | wc -l`
if [ $p -eq 0 ];then
cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers.bak
echo "root" >> /etc/vsftpd/ftpusers
echo -e "�33[31m The ftp for root forbidden �33[0m successful or�33[31m ftp's service not exsits �33[0m"
else
echo -e "�33[31m The vsftpd �33[0m service not exists or Have been modified"
fi
else
echo -e "�33[31m The vsftpd �33[0m service not exists or Have been modified"
fi
################ 《登录警告语》###################################
grep "WARNING" /etc/motd 2>&1 >/dev/null
if [ $? -ne 0 ];then
cp /etc/motd /etc/motd.bak
echo "WARNING: If you are not authorized to access this private computer system, disconnect now. All activities on this system will be monitored and recorded without prior notification or permission!" > /etc/motd
echo -e "�33[31m The motd �33[0m is add at /etc/motd successful"
else
echo -e "�33[31m The motd "WARNING" is exsits�33[0m,please check if need to modify again"
fi
############## 《关闭telnet》####################################
y=`chkconfig --list|grep telnet |awk '{print $2}'`
m=`chkconfig --list|grep telnet `
if [ $? -ne 0 ];then
echo -e "�33[31m The telnet �33[0m is not exsits"
else
if [ $y == "on" ];then
chkconfig telnet off
echo -e "�33[31m The telnet �33[0m is stop sucessful"
else
echo -e "�33[31m The telnet�33[0m is already stop "
fi
fi
else
echo "cache System version"
fi