服务器安全网 - 轻松服务器维护从这里开始!
高级搜索|网站地图|TAG标签RSS订阅[设为首页] [加入收藏]

服务器安全|服务器维护|服务器防黑-服务器安全网

搜索

热门标签:

当前位置: 主页 > 攻击防范 >

一键设置服务器的安全性

时间:2011-05-15 13:23来源:互联风 作者:admin 点击:
懒人做服务器安全。一键设置安全!

@echo off

ECHO.

ECHO.

ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ECHo.

ECHo 你现在使用supko' blog整理的"一建做安全"脚本

ECHo.

ECHO. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ECHO.

ECHO.

ECHO. -------------------------------------------------------------------------

ECHo 请按提示操作备份好注册表,否则修改后无法还原,本人不负责.

ECHO.

ECHO YES=next set NO=exit (this time 30 Second default for n)

ECHO. -------------------------------------------------------------------------

CHOICE /T 30 /C yn /D n

if errorlevel 2 goto end

if errorlevel 1 goto next


:next

if EXIST backup (echo.)else md backup


if EXIST temp (rmdir /s/q temp|md temp) else md temp


if EXIST backup\backupkey.reg (move backup\backupkey.reg backup\backupkey_old.reg ) else goto run


:run

regedit /e temp\backup-reg1.key1 "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"

regedit /e temp\backup-reg2.key2 "HKEY_CLASSES_ROOT\"

copy /b /y /v temp\backup-reg1.key1+temp\backup-reg2.key2 backup\backupkey.reg


if exist backup\wshom.ocx (echo 备份已存在) else copy /v/y %SystemRoot%\System32\wshom.ocx backup\wshom.ocx


if exist backup\shell32.dll (echo 备份已存在) else copy /v/y %SystemRoot%\system32\shell32.dll backup\shell32.dll


ECHO 备份已经完成

ECHO.

goto next2


:next2

ECHO.

ECHO. -------------------------------------------------------------------

ECHo 修改权限system32目录中不安全的几个exe文件,改为只有Administrators才有权限运行

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next3

if errorlevel 1 goto next21


:next21

cacls.exe %SystemRoot%\system32\net.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\net1.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\cmd.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\tftp.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\netstat.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\regedit.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\at.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\attrib.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\cacls.exe /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\fortmat.com /t /c /e /g Administrators:F

cacls.exe %SystemRoot%\system32\secedit.exe /t /c /e /g Administrators:F


echo "虚拟主机C盘权限设定"


echo "删除C盘的everyone的权限"

cd/

cacls "%SystemDrive%" /r "everyone" /e

cacls "%SystemRoot%" /r "everyone" /e

cacls "%SystemRoot%/Registration" /r "everyone" /e

cacls "%SystemDrive%/Documents and Settings" /r "everyone" /e

 

echo "删除C盘的所有的users的访问权限"


cacls "%SystemDrive%" /r "users" /e

cacls "%SystemDrive%/Program Files" /r "users" /e

cacls "%SystemDrive%/Documents and Settings" /r "users" /e

cacls "%SystemRoot%/addins" /r "users" /e

cacls "%SystemRoot%/AppPatch" /r "users" /e

cacls "%SystemRoot%/Connection Wizard" /r "users" /e

cacls "%SystemRoot%/Debug" /r "users" /e

cacls "%SystemRoot%/Driver Cache" /r "users" /e

cacls "%SystemRoot%/Help" /r "users" /e

cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e

cacls "%SystemRoot%/java" /r "users" /e

cacls "%SystemRoot%/msagent" /r "users" /e

cacls "%SystemRoot%/mui" /r "users" /e

cacls "%SystemRoot%/repair" /r "users" /e

cacls "%SystemRoot%/Resources" /r "users" /e

cacls "%SystemRoot%/security" /r "users" /e

cacls "%SystemRoot%/system" /r "users" /e

cacls "%SystemRoot%/TAPI" /r "users" /e

cacls "%SystemRoot%/twain_32" /r "users" /e

cacls "%SystemRoot%/Web" /r "users" /e


cacls "%SystemRoot%/system32/3com_dmi" /r "users" /e

cacls "%SystemRoot%/system32/administration" /r "users" /e

cacls "%SystemRoot%/system32/Cache" /r "users" /e

cacls "%SystemRoot%/system32/CatRoot2" /r "users" /e

cacls "%SystemRoot%/system32/Com" /r "users" /e

cacls "%SystemRoot%/system32/config" /r "users" /e

cacls "%SystemRoot%/system32/dhcp" /r "users" /e

cacls "%SystemRoot%/system32/export" /r "users" /e

cacls "%SystemRoot%/system32/icsxml" /r "users" /e

cacls "%SystemRoot%/system32/lls" /r "users" /e

cacls "%SystemRoot%/system32/LogFiles" /r "users" /e

cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e

cacls "%SystemRoot%/system32/mui" /r "users" /e

cacls "%SystemRoot%/system32/oobe" /r "users" /e

cacls "%SystemRoot%/system32/ShellExt" /r "users" /e

cacls "%SystemRoot%/system32/wbem" /r "users" /e


echo "添加iis_wpg的访问权限"

cacls "%SystemRoot%" /g iis_wpg:r /e

cacls "%SystemDrive%/Program Files/Common Files" /g iis_wpg:r /e


cacls "%SystemRoot%/Downloaded Program Files" /g iis_wpg:c /e

cacls "%SystemRoot%/Help" /g iis_wpg:c /e

cacls "%SystemRoot%/IIS Temporary Compressed Files" /g iis_wpg:c /e

cacls "%SystemRoot%/Offline Web Pages" /g iis_wpg:c /e

cacls "%SystemRoot%/System32" /g iis_wpg:c /e

cacls "%SystemRoot%/WinSxS" /g iis_wpg:c /e

cacls "%SystemRoot%/WinSxS" /r "users" /e

cacls "%SystemRoot%/Tasks" /g iis_wpg:c /e

cacls "%SystemRoot%/Temp" /g iis_wpg:c /e

cacls "%SystemRoot%/Web" /g iis_wpg:c /e


echo "添加iis_wpg的访问权限[.net专用]"

cacls "%SystemRoot%/Assembly" /g iis_wpg:c /e

cacls "%SystemRoot%/Microsoft.NET" /g iis_wpg:c /e


echo "添加iis_wpg的访问权限[装了MACFEE的软件专用]"

cacls "%SystemDrive%/Program Files/Network Associates" /g iis_wpg:r /e

 

goto next3


:next3

ECHO.

ECHO.

ECHO. ------------------------------------------------------------------------

ECHo 禁止不必要的服务,如果要退出请按Ctrl+C

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. ------------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next4

if errorlevel 1 goto next31


:next31

echo Windows Registry Editor Version 5.00 >temp\Services.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser] >>temp\Services.reg


echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scheduler] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm] >>temp\Services.reg

echo "Start"=dword:00000004 >>temp\Services.reg


regedit /s temp\Services.reg


ECHO.

goto next4


:next4

ECHO.

ECHO. -------------------------------------------------------------------------

ECHo 防止人侵和攻击. 如果要退出请按Ctrl+C

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -------------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next5

if errorlevel 1 goto next41


:next41

echo Windows Registry Editor Version 5.00 >temp\skyddos.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >>temp\skyddos.reg

echo "EnableDeadGWDetect"=dword:00000000 >>temp\skyddos.reg

echo "EnableICMPRedirects"=dword:00000000 >>temp\skyddos.reg

echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg

echo "NoNameReleaseOnDemand"=dword:00000001 >>temp\skyddos.reg

echo "KeepAliveTime"=dword:000493e0 >>temp\skyddos.reg

echo "EnablePMTUDiscovery"=dword:00000000 >>temp\skyddos.reg

echo "SynAttackProtect"=dword:00000002 >>temp\skyddos.reg

echo "TcpMaxHalfOpen"=dword:00000064 >>temp\skyddos.reg

echo "TcpMaxHalfOpenRetried"=dword:00000050 >>temp\skyddos.reg

echo "TcpMaxConnectResponseRetransmissions"=dword:00000001 >>temp\skyddos.reg

echo "TcpMaxDataRetransmissions"=dword:00000003 >>temp\skyddos.reg

echo "TCPMaxPortsExhausted"=dword:00000005 >>temp\skyddos.reg

echo "DisableIPSourceRouting"=dword:0000002 >>temp\skyddos.reg

echo "TcpTimedWaitDelay"=dword:0000001e >>temp\skyddos.reg

echo "EnableSecurityFilters"=dword:00000001 >>temp\skyddos.reg

echo "TcpNumConnections"=dword:000007d0 >>temp\skyddos.reg

echo "TcpMaxSendFree"=dword:000007d0 >>temp\skyddos.reg

echo "IGMPLevel"=dword:00000000 >>temp\skyddos.reg

echo "DefaultTTL"=dword:00000016 >>temp\skyddos.reg


echo 删除IPC$(Internet Process Connection)是共享“命名管道”的资源

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >>temp\skyddos.reg

echo "restrictanonymous"=dword:00000001 >>temp\skyddos.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\interfaces] >>temp\skyddos.reg

echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >>temp\skyddos.reg

echo "BacklogIncrement"=dword:00000003 >>temp\skyddos.reg

echo "MaxConnBackLog"=dword:000003e8 >>temp\skyddos.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Afd\Parameters] >>temp\skyddos.reg

echo "EnableDynamicBacklog"=dword:00000001 >>temp\skyddos.reg

echo "MinimumDynamicBacklog"=dword:00000014 >>temp\skyddos.reg

echo "MaximumDynamicBacklog"=dword:00002e20 >>temp\skyddos.reg

echo "DynamicBacklogGrowthDelta"=dword:0000000a >>temp\skyddos.reg


echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >>temp\skyddos.reg

echo "autoshareserver"=dword:00000000 >>temp\skyddos.reg


regedit /s temp\skyddos.reg

ECHO.

ECHO.

goto next5


:next5

ECHO.

ECHO. ------------------------------------------------------------------------

ECHo 防止ASP木马运行 卸除WScript.Shell, Shell.application, WScript.Network

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -----------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next6

if errorlevel 1 goto next51


:next51

echo Windows Registry Editor Version 5.00 >temp\del.reg


echo [-HKEY_CLASSES_ROOT\Shell.Application] >>temp\del.reg


echo [-HKEY_CLASSES_ROOT\Shell.Application.1] >>temp\del.reg


echo [-HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540000}] >>temp\del.reg


echo [-HKEY_CLASSES_ROOT\ADODB.Command\CLSID] >>temp\del.reg


echo [-HKEY_CLASSES_ROOT\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}] >>temp\del.reg


regedit /s temp\del.reg


regsvr32 /u %SystemRoot%\system32\wshom.ocx

del /f/q %SystemRoot%\System32\wshom.ocx

regsvr32 /u %SystemRoot%\system32\shell32.dll

del /f/q %SystemRoot%\System32\shell32.dll

regsvr32 scrrun.dll

regsvr32 "C:\Program Files\Common Files\System\ado\msado15.dll"


rmdir /q/s temp

ECHO.

goto next6

:next6

ECHO.

ECHO. -------------------------------------------------------------------------

ECHo 卸除不安全sql server存储扩展. 如果要退出请按Ctrl+C

ECHO YES=next set NO=this set ignore (this time 30 Second default for y)

ECHO. -------------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto next7

if errorlevel 1 goto next61

:next61

cd C:\Program Files\Microsoft SQL Server\90\Tools\Binn\

sqlcmd /Q "use master"
sqlcmd /Q"exec sp_dropextendedproc 'xp_cmdshell' "
sqlcmd /Q"exec sp_dropextendedproc 'xp_dirtree' "
sqlcmd /Q"exec sp_dropextendedproc 'xp_enumgroups' "
sqlcmd /Q"exec sp_dropextendedproc 'xp_fixeddrives'"
sqlcmd /Q"exec sp_dropextendedproc 'xp_loginconfig' "
sqlcmd /Q"exec sp_dropextendedproc 'xp_enumerrorlogs' "
sqlcmd /Q"exec sp_dropextendedproc 'xp_getfiledetails'"
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OACreate' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OADestroy' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OAGetErrorInfo' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OAGetProperty' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OAMethod' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OASetProperty' "
sqlcmd /Q"exec sp_dropextendedproc 'Sp_OAStop' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regaddmultistring' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regdeletekey' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regdelete' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regenums' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regread' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regremovemultistring' "
sqlcmd /Q"exec sp_dropextendedproc 'Xp_regwrite' "
sqlcmd /Q"drop procedure sp_makewebtask "

cd C:\windows\system32

goto next7

:next7

ECHO.

ECHO.

ECHO. ---------------------------------------------------------------------

ECHo 设置已经完成重启后才能生效.

ECHO YES=reboot server NO=exit (this time 60 Second default for y)

ECHO. ----------------------------------------------------------------------

CHOICE /T 30 /C yn /D y

if errorlevel 2 goto end

if errorlevel 1 goto reboot


:reboot

shutdown /r /t 0


:end

if EXIST temp (rmdir /s/q temp|exit) else exit

以上保存为.bat格式的文件运行既可

(责任编辑:admin)
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:点击我更换图片
最新评论 进入详细评论页>>
栏目列表
推荐内容
热点内容
Copyright © 2002-2011 it314.cn. 野鹰工作室 版权所有 粤ICP备09016082号-1