Archive for 2007年11月20日


服务器安全脚本

@echo off
ECHO.
ECHO. ————————————————————————-
ECHo 请按提示操作备份好注册表,否则修改后无法还原.
ECHO.
ECHO YES=next set NO=exit (this time 30 Second default for n)
ECHO. ————————————————————————-
CHOICE /T 30 /C yn /D n
if errorlevel 2 goto end
if errorlevel 1 goto next
:next
if EXIST backup (echo.)else md backup
if EXIST temp (rmdir /s/q temp|md temp) else md temp
if EXIST backupbackupkey.reg (move backupbackupkey.reg backupbackupkey_old.reg ) else goto run
:run
regedit /e tempbackup-reg1.key1 "HKEY_LOCAL_MACHINESYSTEMCurrentControlSet"
regedit /e tempbackup-reg2.key2 "HKEY_CLASSES_ROOT"
copy /b /y /v tempbackup-reg1.key1+tempbackup-reg2.key2 backupbackupkey.reg
if exist backupwshom.ocx (echo 备份已存在) else copy /v/y %SystemRoot%System32wshom.ocx backupwshom.ocx
if exist backupshell32.dll (echo 备份已存在) else copy /v/y %SystemRoot%system32shell32.dll backupshell32.dll
ECHO 备份已经完成
ECHO.
goto next2
:next2
ECHO.
ECHO. ——————————————————————-
ECHo 修改权限system32目录中不安全的几个exe文件,改为只有Administrators才有权限运行
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. ——————————————————————-
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next3
if errorlevel 1 goto next21
:next21
xcacls.exe %SystemRoot%system32net.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32net1.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32cmd.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32tftp.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32netstat.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32regedit.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32at.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32attrib.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32cacls.exe /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32fortmat.com /t /g Administrators:F /y /C
xcacls.exe %SystemRoot%system32secedit.exe /t /g Administrators:F /y /C
echo "虚拟主机C盘权限设定"
echo "删除C盘的everyone的权限"
cd/
cacls "%SystemDrive%" /r "everyone" /e
cacls "%SystemRoot%" /r "everyone" /e
cacls "%SystemRoot%/Registration" /r "everyone" /e
cacls "%SystemDrive%/Documents and Settings" /r "everyone" /e

echo "删除C盘的所有的users的访问权限"
cacls "%SystemDrive%" /r "users" /e
cacls "%SystemDrive%/Program Files" /r "users" /e
cacls "%SystemDrive%/Documents and Settings" /r "users" /e
cacls "%SystemRoot%" /r "users" /e
cacls "%SystemRoot%/addins" /r "users" /e
cacls "%SystemRoot%/AppPatch" /r "users" /e
cacls "%SystemRoot%/Connection Wizard" /r "users" /e
cacls "%SystemRoot%/Debug" /r "users" /e
cacls "%SystemRoot%/Driver Cache" /r "users" /e
cacls "%SystemRoot%/Help" /r "users" /e
cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e
cacls "%SystemRoot%/java" /r "users" /e
cacls "%SystemRoot%/msagent" /r "users" /e
cacls "%SystemRoot%/mui" /r "users" /e
cacls "%SystemRoot%/repair" /r "users" /e
cacls "%SystemRoot%/Resources" /r "users" /e
cacls "%SystemRoot%/security" /r "users" /e
cacls "%SystemRoot%/system" /r "users" /e
cacls "%SystemRoot%/TAPI" /r "users" /e
cacls "%SystemRoot%/Temp" /r "users" /e
cacls "%SystemRoot%/twain_32" /r "users" /e
cacls "%SystemRoot%/Web" /r "users" /e
cacls "%SystemRoot%/system32/3com_dmi" /r "users" /e
cacls "%SystemRoot%/system32/administration" /r "users" /e
cacls "%SystemRoot%/system32/Cache" /r "users" /e
cacls "%SystemRoot%/system32/CatRoot2" /r "users" /e
cacls "%SystemRoot%/system32/Com" /r "users" /e
cacls "%SystemRoot%/system32/config" /r "users" /e
cacls "%SystemRoot%/system32/dhcp" /r "users" /e
cacls "%SystemRoot%/system32/drivers" /r "users" /e
cacls "%SystemRoot%/system32/export" /r "users" /e
cacls "%SystemRoot%/system32/icsxml" /r "users" /e
cacls "%SystemRoot%/system32/lls" /r "users" /e
cacls "%SystemRoot%/system32/LogFiles" /r "users" /e
cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e
cacls "%SystemRoot%/system32/mui" /r "users" /e
cacls "%SystemRoot%/system32/oobe" /r "users" /e
cacls "%SystemRoot%/system32/ShellExt" /r "users" /e
cacls "%SystemRoot%/system32/wbem" /r "users" /e
echo "添加iis_wpg的访问权限"
cacls "%SystemRoot%" /g iis_wpg:r /e
cacls "%SystemDrive%/Program Files/Common Files" /g iis_wpg:r /e
cacls "%SystemRoot%/Downloaded Program Files" /g iis_wpg:c /e
cacls "%SystemRoot%/Help" /g iis_wpg:c /e
cacls "%SystemRoot%/IIS Temporary Compressed Files" /g iis_wpg:c /e
cacls "%SystemRoot%/Offline Web Pages" /g iis_wpg:c /e
cacls "%SystemRoot%/System32" /g iis_wpg:c /e
cacls "%SystemRoot%/WinSxS" /g iis_wpg:c /e
cacls "%SystemRoot%/WinSxS" /r "users" /e
cacls "%SystemRoot%/Tasks" /g iis_wpg:c /e
cacls "%SystemRoot%/Temp" /g iis_wpg:c /e
cacls "%SystemRoot%/Web" /g iis_wpg:c /e
echo "添加iis_wpg的访问权限[.net专用]"
cacls "%SystemRoot%/Assembly" /g iis_wpg:c /e
cacls "%SystemRoot%/Microsoft.NET" /g iis_wpg:c /e
echo "添加iis_wpg的访问权限[装了MACFEE的软件专用]"
cacls "%SystemDrive%/Program Files/Network Associates" /g iis_wpg:r /e
echo "添加users的访问权限"
cacls "%SystemRoot%/temp" /g users:c /e
goto next3
:next3
ECHO.
ECHO.
ECHO. ————————————————————————
ECHo 禁止不必要的服务,如果要退出请按Ctrl+C
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. ————————————————————————
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next4
if errorlevel 1 goto next31
:next31
echo Windows Registry Editor Version 5.00 >tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanworkstation] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAlerter] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowser] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDfs] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesScheduler] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLmHosts] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTlntSvr] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteAccess] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNtmsSvc] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteRegistry] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTrkWks] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesERSvc] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessenger] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetLogon] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetLogon] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDE] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDEdsdm] >>tempServices.reg
echo "Start"=dword:00000004 >>tempServices.reg
regedit /s tempServices.reg
ECHO.
goto next4
:next4
ECHO.
ECHO. ————————————————————————-
ECHo 防止人侵和攻击. 如果要退出请按Ctrl+C
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. ————————————————————————-
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next5
if errorlevel 1 goto next41
:next41
echo Windows Registry Editor Version 5.00 >tempskyddos.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters] >>tempskyddos.reg
echo "EnableDeadGWDetect"=dword:00000000 >>tempskyddos.reg
echo "EnableICMPRedirects"=dword:00000000 >>tempskyddos.reg
echo "PerformRouterDiscovery"=dword:00000000 >>tempskyddos.reg
echo "NoNameReleaseOnDemand"=dword:00000001 >>tempskyddos.reg
echo "KeepAliveTime"=dword:000493e0 >>tempskyddos.reg
echo "EnablePMTUDiscovery"=dword:00000000 >>tempskyddos.reg
echo "SynAttackProtect"=dword:00000002 >>tempskyddos.reg
echo "TcpMaxHalfOpen"=dword:00000064 >>tempskyddos.reg
echo "TcpMaxHalfOpenRetried"=dword:00000050 >>tempskyddos.reg
echo "TcpMaxConnectResponseRetransmissions"=dword:00000001 >>tempskyddos.reg
echo "TcpMaxDataRetransmissions"=dword:00000003 >>tempskyddos.reg
echo "TCPMaxPortsExhausted"=dword:00000005 >>tempskyddos.reg
echo "DisableIPSourceRouting"=dword:0000002 >>tempskyddos.reg
echo "TcpTimedWaitDelay"=dword:0000001e >>tempskyddos.reg
echo "EnableSecurityFilters"=dword:00000001 >>tempskyddos.reg
echo "TcpNumConnections"=dword:000007d0 >>tempskyddos.reg
echo "TcpMaxSendFree"=dword:000007d0 >>tempskyddos.reg
echo "IGMPLevel"=dword:00000000 >>tempskyddos.reg
echo "DefaultTTL"=dword:00000016 >>tempskyddos.reg
echo 删除IPC$(Internet Process Connection)是共享“命名管道”的资源
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa] >>tempskyddos.reg
echo "restrictanonymous"=dword:00000001 >>tempskyddos.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfacesinterfaces] >>tempskyddos.reg
echo "PerformRouterDiscovery"=dword:00000000 >>tempskyddos.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters] >>tempskyddos.reg
echo "BacklogIncrement"=dword:00000003 >>tempskyddos.reg
echo "MaxConnBackLog"=dword:000003e8 >>tempskyddos.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAfdParameters] >>tempskyddos.reg
echo "EnableDynamicBacklog"=dword:00000001 >>tempskyddos.reg
echo "MinimumDynamicBacklog"=dword:00000014 >>tempskyddos.reg
echo "MaximumDynamicBacklog"=dword:00002e20 >>tempskyddos.reg
echo "DynamicBacklogGrowthDelta"=dword:0000000a >>tempskyddos.reg
echo [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters] >>tempskyddos.reg
echo "autoshareserver"=dword:00000000 >>tempskyddos.reg
regedit /s tempskyddos.reg
ECHO.
ECHO.
goto next5
:next5
ECHO.
ECHO. ————————————————————————
ECHo 防止ASP木马运行 卸除WScript.Shell, Shell.application, WScript.Network
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. ———————————————————————–
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next6
if errorlevel 1 goto next51
:next51
echo Windows Registry Editor Version 5.00 >tempdel.reg
echo [-HKEY_CLASSES_ROOTShell.Application] >>tempdel.reg
echo [-HKEY_CLASSES_ROOTShell.Application.1] >>tempdel.reg
echo [-HKEY_CLASSES_ROOTCLSID{13709620-C279-11CE-A49E-444553540000}] >>tempdel.reg
echo [-HKEY_CLASSES_ROOTADODB.CommandCLSID] >>tempdel.reg
echo [-HKEY_CLASSES_ROOTCLSID{00000566-0000-0010-8000-00AA006D2EA4}] >>tempdel.reg
regedit /s tempdel.reg
regsvr32 /u %SystemRoot%system32wshom.ocx
del /f/q %SystemRoot%System32wshom.ocx
regsvr32 /u %SystemRoot%system32shell32.dll
del /f/q %SystemRoot%System32shell32.dll
rmdir /q/s temp
ECHO.
goto next6
:next6
ECHO.
ECHO.
ECHO. ———————————————————————
ECHo 设置已经完成重启后才能生效.
ECHO YES=reboot server NO=exit (this time 60 Second default for y)
ECHO. ———————————————————————-
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto end
if errorlevel 1 goto reboot
:reboot
shutdown /r /t 0
:end
if EXIST temp (rmdir /s/q temp|exit) else exit

廣告
1、Dell Latitude D430/D630/D830外箱侧面有两个大的热敏贴纸,左侧的上面有服务编号、UUID等信息,右侧的上面有出厂日期、收货单位及其地址等信息

2、电话咨询Dell一些售后支持方面的问题,需要提供服务编号。如果该服务编号是第一次提供给Dell售后支持,那么需要提供基本的个人信息,然后该服务编号和这些个人信息就“捆绑”了,当然这个也可以改。和Dell直销不同,非直销渠道的Dell机器在到最终消费者手中之前通常还至少经过两手(两个环节)。如果一台Dell机器在没有最终售出的时候,就有人用它的服务编号电话Dell售后支持了,等这台机器的真正的最终用户电话Dell售后支持的话,会发现这台机器已经和另外一个人的信息捆绑了。虽然可以改,但是这台机器的最终用户也会感到疑虑。为了避免出现这样的问题,所以要么左侧热敏贴纸上的服务编号被熏黑,要么左侧热敏贴纸干脆就被揭掉了

3、Dell不允许以大客户的名义订购大量Dell机器然后转售,应对措施之一就是一旦发现某个公司有这样行为,就采取取消其订购Dell机器资格等措施。为了避免出现这样的问题,中间环节要么把右侧贴纸上的收货单位及其地址熏黑,要么干脆就把右侧的热敏贴纸揭掉

4、偶尔某批货刚到,还没来得及做以上处理,机器就放到零售商了,所以会有两张贴纸都完好、都没熏过的机器,属于少数。也有部分机器,只是右侧的贴纸被熏或者揭掉