Update README.md and README-CN.md

2019-09-10 04:59:08 +08:00 · 2019-09-10 04:59:08 +08:00 · 660496551b
parent 59d481fd1d
commit 660496551b
2 changed files with 32 additions and 23 deletions
--- a/README-CN.md
+++ b/README-CN.md
@ -151,7 +151,8 @@ EXCEPTIONS=""
 4) 设置基本的iptables防火墙规则 
 根据实现场景进行防火墙规则的配置，可参考HardenedLinux社区归纳的基于Debian GNU/Linux的防火墙规则的基本规则：
 [etc.iptables.rules.v4.sh](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/etc.iptables.rules.v4.sh)
-执行如下的命令进行部署:
+
+基于iptables的部署:
 ```
 $ INTERFACENAME="your network interfacename(Example eth0)"
 $ sudo bash docs/configurations/etc.iptables.rules.v4.sh $INTERFACENAME
@ -159,25 +160,36 @@ $ sudo -s
 # iptables-save > /etc/iptables/rules.v4 
 # ip6tables-save > /etc/iptables/rules.v6 
 ```
+基于nft的部署：
+按照以下命令修改nftables.conf(你的对外网口的名称，例如：eth0):
+```
+$ sed -i 's/^define int_if = ens33/define int_if = eth0/g' etc.nftables.conf 
+$ sudo nft -f ./etc.nftables.conf 
+```
 5) 使用passwd命令改变所有用户的密码，以满足pam_cracklib模块配置的密码复杂度及健壮性。

-6) 必须在第一次修复应用后进行修复的项
+## 特别注意 
+
+### 必须在第一次修复应用后进行修复的项  
 ```
 8.1.32  因为此项一旦设置，审计规则将不能够再进行添加。
 ```
-7） 必须在所有项都修复应用后进行修复的项
+### 必须在所有项都修复应用后进行修复的项  
 ```
 8.4.1  8.4.2 这都是与aide检测文件完整性相关的项，最好是在所有项都修复好后再进行修复，以修复好的系统中的文件进行完整性的数据库的初始化。
 ```
-
-## 特别注意 
-一些检查项需要依赖多次修复，且操作系统需要多次重启。需要进行两次修复的项有： 
+### 一些检查项需要依赖多次修复，且操作系统需要多次重启 
+#### 需要进行两次修复的项  
+```
 8.1.1.2  
 8.1.1.3  
 8.1.12  
+```

-需要修复3次的项： 
+#### 需要修复3次的项
+``` 
 4.5  
+```

 ## 玩（如何添加检查项）

--- a/README.md
+++ b/README.md
@ -175,18 +175,6 @@ $ sudo -s
 # ip6tables-save > /etc/iptables/rules.v6 
 ```

-5) Use the passwd command to change the passwords of all users to apply the password complexity and robustness of the pam_cracklib module configuration.
-
-6) Items that must be applied after the first application(reboot after is better)
-```
-8.1.32  Because this item is set, the audit rules will not be added. 
-```
-
-7) Items that must be applied after all application is ok
-```
-8.4.1  8.4.2  These are all related to the aide. It is best to fix all the items after they have been fixed to fix the integrity of the database in the system.
-``` 
-
 ### nft format rules:
 [nftables.conf](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/etc.nftables.conf)
 to do the following(your network interfacename(Example eth0)):
@ -194,18 +182,27 @@ to do the following(your network interfacename(Example eth0)):
 $ sed -i 's/^define int_if = ens33/define int_if = eth0/g' etc.nftables.conf 
 $ sudo nft -f ./etc.nftables.conf 
 ```
-
-5) Use the passwd command to change the passwords of all users, and change the password to a secure and reliable password entry with the same password complexity set by the pam_cracklib module.
+5) Use the passwd command to change the passwords of all users to apply the password complexity and robustness of the pam_cracklib module configuration.

 ## Special Note 
 Some check items check a variety of situations and are interdependent, they must be applied (fix) multiple times, and the OS must be a reboot after each applies (fix). 

-Items that need to be fix twice:  
+### Items that must be applied after the first application(reboot after is better)
+```
+8.1.32  Because this item is set, the audit rules will not be added. 
+```
+
+### Items that must be applied after all application is ok
+```
+8.4.1  8.4.2  These are all related to the aide. It is best to fix all the items after they have been fixed to fix the integrity of the database in the system.
+``` 
+
+### Items that need to be fix twice  
 8.1.1.2  
 8.1.1.3  
 8.1.12  

-Items that need to be fix three times:   
+### Items that need to be fix three times:   
 4.5  

 ## Hacking