15、Kingbasees人大金仓数据库加固

设置密码长度8位以上，由数字、字母、特殊符号组成，密码90天修改一次

ALTER USER system IDENTIFIED BY “new_password” PASSWORD EXPIRE;

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 90;

ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED;

ALTER USER system IDENTIFIED BY “new_password”;

ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 5 PASSWORD_LOCK_TIME 10/1440;

ALTER PROFILE DEFAULT LIMIT IDLE_TIME 30;

CREATE USER qwer IDENTIFIED BY “password”;

GRANT DBA TO qwer;

CREATE USER qazx IDENTIFIED BY “password”;

GRANT CONNECT, RESOURCE TO qazx;

CREATE USER wsxc IDENTIFIED BY “password”;

GRANT SELECT, INSERT, UPDATE, DELETE ON audit_table TO wsxc;

GRANT DBA TO qwer;

GRANT CONNECT, RESOURCE TO qazx;

GRANT SELECT, INSERT, UPDATE, DELETE ON audit_table TO wsxc;

DROP USER testuser;

ALTER USER sys IDENTIFIED BY “new_password”;

GRANT CREATE SESSION TO sys;

systemctl enable sshd

systemctl disable telnet

firewall-cmd –zone=public –remove-port=port_number/tcp

firewall-cmd –zone=public –remove-port=port_number/udp

firewall-cmd –permanent –zone=public –add-rich-rule=‘rule family=“ipv4” source address=“192.168.1.5” accept’

firewall-cmd –permanent –zone=public –remove-port=134/tcp

firewall-cmd –permanent –zone=public –remove-port=445/tcp

firewall-cmd –permanent –zone=public –remove-port=139/tcp

sed -i ’s/^#*.loghost.$/loghost 192.168.1.1/g’ /etc/syslog.conf

systemctl restart syslog

reboot