标签:firefox .so 常用命令 restart cup dig tables stop security
http://www.wallcopper.com/linux/1650.html
安装了CentOS7后,发现和CentOS5变化很大,启动服务都找不到地方了。
1、服务操作:
systemctl start foo.service
systemctl stop foo.service
systemctl restart foo.service
systemctl status foo.service
在开机时启用一个服务:
systemctl enable foo.service
在开机时禁用一个服务:
systemctl disable foo.service
查看服务是否开机启动:
systemctl is-enabled iptables.service;echo $?
2、iptables实例:
cat > /etc/sysconfig/iptables < !
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 322 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
!
systemctl enable iptables.service
systemctl disable firewalld.service
systemctl stop firewalld
systemctl start iptables
iptables -nvL
3、firwalld实例
firewalld默认配置文件有两个:
/usr/lib/firewalld/ (系统配置,尽量不要修改)和 /etc/firewalld/ (用户配置地址)
firewall-cmd –get-default-zone
firewall-cmd –set-default-zone=public
firewall-cmd –zone=public –add-service=http
firewall-cmd –zone=public –query-service=http
firewall-cmd –add-port=80/tcp –permanent //永久添加80端口
firewall-cmd –query-port=80/tcp //查询80端口是yes还是no
firewall-cmd –zone=public –list-all
常用命令介绍
firewall-cmd –permanent –zone=public –add-port=80/tcp //public区域
firewall-cmd –permanent –zone=public –remove-port=80/tcp //移除80端口号
firewall-cmd –state ##查看防火墙状态,是否是running
firewall-cmd –reload ##重新载入配置,比如添加规则之后,需要执行此命令
firewall-cmd –get-zones ##列出支持的zone
firewall-cmd –get-services ##列出支持的服务,在列表中的服务是放行的
firewall-cmd –query-service ftp ##查看ftp服务是否支持,返回yes或者no
firewall-cmd –add-service=ftp ##临时开放ftp服务
firewall-cmd –add-service=ftp –permanent ##永久开放ftp服务
firewall-cmd –remove-service=ftp –permanent ##永久移除ftp服务
firewall-cmd –add-port=80/tcp
iptables nvL ##查看规则,这个命令是和iptables的相同的
man firewall-cmd ##查看帮助
firewall-cmd –list-all
firewall-cmd –list-ports
5666/tcp 322/tcp 80/tcp
例如修改sshd登陆端口为822后:
firewall-cmd –add-port=822/tcp
firewall-cmd –add-port=522/tcp –permanent //永久添加
systemctl restart firewalld.service
iptables -nvL
参考:
http://lduan.blog.51cto.com/5428084/1547139
http://fedorahosted.org/firewalld/
3、切换到“runlevel 3”:
systemctl isolate multi-user.target (or)
systemctl isolate runlevel3.target
切换到“runlevel 5 ”:
systemctl isolate graphical.target (or)
systemctl isolate runlevel5.target
配置开机默认切换到runlevel 3 :
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
默认切换到runlevel 5 :
ln -sf /lib/systemd/system/graphical.target/etc/systemd/system/default.target
4、关闭SELINUX
vi /etc/selinux/config或者/etc/sysconfig/selinux
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
#setenforce 0 #使配置立即生效
否则sshd端口无法修改:systemctl status sshd
Sep 11 21:11:54 server28 sshd[46046]: error: Bind to port 322 on :: failed: Permission denied.
Sep 11 21:11:56 server28 python[46049]: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket .
5、修改sshd_config端口配置
Port=22
6、安装ifconfig,dig,wget等软件
yum -y install net-tools bind-utils wget
7、配置sysctl.conf
vi /usr/lib/sysctl.d/00-system.conf
8、more
/etc/security/limits.conf
9、修改时钟
vi /etc/adjtime
UTC改为LOCAL
0 0 * * * /usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w
rpm -qf /usr/sbin/ntpdate
ntp-4.2.2p1-15.el5.centos.1
yum -y install ntp
执行
/usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w
10、停止不必要的服务及端口
systemctl disable cupsd
systemctl disable avahi-daemon
systemctl disable nfs-lock
systemctl disable rpcbind.service
systemctl disable rpcbind.socket
systemctl disable chronyd
systemctl disable postfix
systemctl disable firewalld
systemctl disable libvirtd
systemctl enable iptables
systemctl stop cupsd
systemctl stop avahi-daemon
systemctl stop nfs-lock
systemctl stop rpcbind.service
systemctl stop rpcbind.socket
systemctl stop chronyd
systemctl stop postfix
systemctl stop firewalld
systemctl stop libvirtd
systemctl start iptables
11、卸载firefox和evolution
rpm -e firefox
yum remove evolution-data-server evolution evolution-help
yum remove gnome-session gnome-shell
标签:firefox .so 常用命令 restart cup dig tables stop security
原文地址:http://www.cnblogs.com/liuzhenwei/p/7465357.html