def secure_user(user):
home = pwd.getpwnam(user).pw_dir
# Append only bash history
subprocess.check_output(['touch', os.path.join(home, '.bash_history')])
subprocess.check_output(['chown', 'root:' + user, os.path.join(home, '.bash_history')])
subprocess.check_output(['chmod', '660', os.path.join(home, '.bash_history')])
subprocess.check_output(['chattr', '+a', os.path.join(home, '.bash_history')])
# Secure bashrc
subprocess.check_output(['cp', '/opt/hacksports/config/securebashrc', os.path.join(home, '.bashrc')])
subprocess.check_output(['chown', 'root:' + user, os.path.join(home, '.bashrc')])
subprocess.check_output(['chmod', '755', os.path.join(home, '.bashrc')])
subprocess.check_output(['chattr', '+a', os.path.join(home, '.bashrc')])
# Secure profile
subprocess.check_output(['chown', 'root:' + user, os.path.join(home, '.profile')])
subprocess.check_output(['chmod', '755', os.path.join(home, '.profile')])
subprocess.check_output(['chattr', '+a', os.path.join(home, '.profile')])
# User should not own their home directory
subprocess.check_output(["chown", "root:" + user, home])
subprocess.check_output(["chmod", "1770", home])
评论列表
文章目录
