Server2003防木马权限设置IIS服务器安全配置整理（3）

2010-1-31 08:02| 发布者: admin| 查看: 62| 评论: 0|原作者: 云天青

ECHo 禁止不必要的服务,如果要退出请按Ctrl+C
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. ------------------------------------------------------------------------
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next4
if errorlevel 1 goto next31
:next31
echo Windows Registry Editor Version 5.00 >temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scheduler] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm] >>temp\Services.reg
echo "Start"=dword:00000004 >>temp\Services.reg
regedit /s temp\Services.reg
ECHO.
goto next4
:next4
ECHO.
ECHO. -------------------------------------------------------------------------
ECHo 防止人侵和攻击. 如果要退出请按Ctrl+C
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. -------------------------------------------------------------------------
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next5
if errorlevel 1 goto next41
:next41
echo Windows Registry Editor Version 5.00 >temp\skyddos.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] >>temp\skyddos.reg
echo "EnableDeadGWDetect"=dword:00000000 >>temp\skyddos.reg
echo "EnableICMPRedirects"=dword:00000000 >>temp\skyddos.reg
echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg
echo "NoNameReleaseOnDemand"=dword:00000001 >>temp\skyddos.reg
echo "KeepAliveTime"=dword:000493e0 >>temp\skyddos.reg
echo "EnablePMTUDiscovery"=dword:00000000 >>temp\skyddos.reg
echo "SynAttackProtect"=dword:00000002 >>temp\skyddos.reg
echo "TcpMaxHalfOpen"=dword:00000064 >>temp\skyddos.reg
echo "TcpMaxHalfOpenRetried"=dword:00000050 >>temp\skyddos.reg
echo "TcpMaxConnectResponseRetransmissions"=dword:00000001 >>temp\skyddos.reg
echo "TcpMaxDataRetransmissions"=dword:00000003 >>temp\skyddos.reg
echo "TCPMaxPortsExhausted"=dword:00000005 >>temp\skyddos.reg
echo "DisableIPSourceRouting"=dword:0000002 >>temp\skyddos.reg
echo "TcpTimedWaitDelay"=dword:0000001e >>temp\skyddos.reg
echo "EnableSecurityFilters"=dword:00000001 >>temp\skyddos.reg
echo "TcpNumConnections"=dword:000007d0 >>temp\skyddos.reg
echo "TcpMaxSendFree"=dword:000007d0 >>temp\skyddos.reg
echo "IGMPLevel"=dword:00000000 >>temp\skyddos.reg
echo "DefaultTTL"=dword:00000016 >>temp\skyddos.reg
echo 删除IPC$(Internet Process Connection)是共享“命名管道”的资源
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >>temp\skyddos.reg
echo "restrictanonymous"=dword:00000001 >>temp\skyddos.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\interfaces] >>temp\skyddos.reg
echo "PerformRouterDiscovery"=dword:00000000 >>temp\skyddos.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >>temp\skyddos.reg
echo "BacklogIncrement"=dword:00000003 >>temp\skyddos.reg
echo "MaxConnBackLog"=dword:000003e8 >>temp\skyddos.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Afd\Parameters] >>temp\skyddos.reg
echo "EnableDynamicBacklog"=dword:00000001 >>temp\skyddos.reg
echo "MinimumDynamicBacklog"=dword:00000014 >>temp\skyddos.reg
echo "MaximumDynamicBacklog"=dword:00002e20 >>temp\skyddos.reg
echo "DynamicBacklogGrowthDelta"=dword:0000000a >>temp\skyddos.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] >>temp\skyddos.reg
echo "autoshareserver"=dword:00000000 >>temp\skyddos.reg
regedit /s temp\skyddos.reg
ECHO.
ECHO.
goto next5
:next5
ECHO.
ECHO. ------------------------------------------------------------------------
ECHo 防止ASP木马运行卸除WScript.Shell, Shell.application, WScript.Network
ECHO YES=next set NO=this set ignore (this time 30 Second default for y)
ECHO. -----------------------------------------------------------------------
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto next6
if errorlevel 1 goto next51
:next51
echo Windows Registry Editor Version 5.00 >temp\del.reg
echo [-HKEY_CLASSES_ROOT\Shell.Application] >>temp\del.reg
echo [-HKEY_CLASSES_ROOT\Shell.Application.1] >>temp\del.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{13709620-C279-11CE-A49E-444553540000}] >>temp\del.reg
echo [-HKEY_CLASSES_ROOT\ADODB.Command\CLSID] >>temp\del.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}] >>temp\del.reg
regedit /s temp\del.reg
regsvr32 /u %SystemRoot%\system32\wshom.ocx
del /f/q %SystemRoot%\System32\wshom.ocx
regsvr32 /u %SystemRoot%\system32\shell32.dll
del /f/q %SystemRoot%\System32\shell32.dll
rmdir /q/s temp
ECHO.
goto next6
:next6
ECHO.
ECHO.
ECHO. ---------------------------------------------------------------------
ECHo 设置已经完成重启后才能生效.
ECHO YES=reboot server NO=exit (this time 60 Second default for y)
ECHO. ----------------------------------------------------------------------
CHOICE /T 30 /C yn /D y
if errorlevel 2 goto end
if errorlevel 1 goto reboot
:reboot
shutdown /r /t 0
:end
if EXIST temp (rmdir /s/q temp|exit) else exit

收藏分享邀请

		自动登录	找回密码
密码			注册

Server2003防木马权限设置IIS服务器安全配置整理（3）

最新评论

相关分类