码迷,mamicode.com
首页 > 其他好文 > 详细

Centos7 入门几个操作

时间:2017-09-02 00:05:14      阅读:194      评论:0      收藏:0      [点我收藏+]

标签:firefox   .so   常用命令   restart   cup   dig   tables   stop   security   

http://www.wallcopper.com/linux/1650.html

 

安装了CentOS7后,发现和CentOS5变化很大,启动服务都找不到地方了。

1、服务操作:
systemctl start foo.service
systemctl stop foo.service
systemctl restart foo.service
systemctl status foo.service
在开机时启用一个服务:
systemctl enable foo.service
在开机时禁用一个服务:
systemctl disable foo.service
查看服务是否开机启动:
systemctl is-enabled iptables.service;echo $?

2、iptables实例:
cat > /etc/sysconfig/iptables < !
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 322 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
!

systemctl enable iptables.service
systemctl disable firewalld.service

systemctl stop firewalld
systemctl start iptables
iptables -nvL

3、firwalld实例

firewalld默认配置文件有两个:

/usr/lib/firewalld/ (系统配置,尽量不要修改)和 /etc/firewalld/ (用户配置地址)

firewall-cmd –get-default-zone
firewall-cmd –set-default-zone=public
firewall-cmd –zone=public –add-service=http
firewall-cmd –zone=public –query-service=http
firewall-cmd –add-port=80/tcp –permanent //永久添加80端口
firewall-cmd –query-port=80/tcp //查询80端口是yes还是no
firewall-cmd –zone=public –list-all
常用命令介绍

firewall-cmd –permanent –zone=public –add-port=80/tcp  //public区域

firewall-cmd –permanent –zone=public –remove-port=80/tcp  //移除80端口号

firewall-cmd –state ##查看防火墙状态,是否是running
firewall-cmd –reload ##重新载入配置,比如添加规则之后,需要执行此命令
firewall-cmd –get-zones ##列出支持的zone
firewall-cmd –get-services ##列出支持的服务,在列表中的服务是放行的
firewall-cmd –query-service ftp ##查看ftp服务是否支持,返回yes或者no
firewall-cmd –add-service=ftp ##临时开放ftp服务
firewall-cmd –add-service=ftp –permanent ##永久开放ftp服务
firewall-cmd –remove-service=ftp –permanent ##永久移除ftp服务
firewall-cmd –add-port=80/tcp
iptables nvL ##查看规则,这个命令是和iptables的相同的
man firewall-cmd ##查看帮助

firewall-cmd –list-all

firewall-cmd –list-ports
5666/tcp 322/tcp 80/tcp

例如修改sshd登陆端口为822后:
firewall-cmd –add-port=822/tcp
firewall-cmd –add-port=522/tcp –permanent //永久添加

systemctl restart firewalld.service
iptables -nvL
参考:
http://lduan.blog.51cto.com/5428084/1547139
http://fedorahosted.org/firewalld/

3、切换到“runlevel 3”:

systemctl isolate multi-user.target (or)
systemctl isolate runlevel3.target

切换到“runlevel 5 ”:

systemctl isolate graphical.target (or)
systemctl isolate runlevel5.target

配置开机默认切换到runlevel 3 :

ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

默认切换到runlevel 5 :

ln -sf /lib/systemd/system/graphical.target/etc/systemd/system/default.target

4、关闭SELINUX

vi /etc/selinux/config或者/etc/sysconfig/selinux
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出

#setenforce 0 #使配置立即生效
否则sshd端口无法修改:systemctl status sshd
Sep 11 21:11:54 server28 sshd[46046]: error: Bind to port 322 on :: failed: Permission denied.
Sep 11 21:11:56 server28 python[46049]: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket .

5、修改sshd_config端口配置
Port=22

6、安装ifconfig,dig,wget等软件
yum -y install net-tools bind-utils wget

7、配置sysctl.conf
vi /usr/lib/sysctl.d/00-system.conf

8、more
/etc/security/limits.conf

9、修改时钟
vi /etc/adjtime
UTC改为LOCAL
0 0 * * * /usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w
rpm -qf /usr/sbin/ntpdate
ntp-4.2.2p1-15.el5.centos.1
yum -y install ntp
执行
/usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w

10、停止不必要的服务及端口
systemctl disable cupsd
systemctl disable avahi-daemon
systemctl disable nfs-lock
systemctl disable rpcbind.service
systemctl disable rpcbind.socket
systemctl disable chronyd
systemctl disable postfix
systemctl disable firewalld
systemctl disable libvirtd
systemctl enable iptables
systemctl stop cupsd
systemctl stop avahi-daemon
systemctl stop nfs-lock
systemctl stop rpcbind.service
systemctl stop rpcbind.socket
systemctl stop chronyd
systemctl stop postfix
systemctl stop firewalld
systemctl stop libvirtd
systemctl start iptables

11、卸载firefox和evolution
rpm -e firefox
yum remove evolution-data-server evolution evolution-help
yum remove gnome-session gnome-shell

Centos7 入门几个操作

标签:firefox   .so   常用命令   restart   cup   dig   tables   stop   security   

原文地址:http://www.cnblogs.com/liuzhenwei/p/7465357.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!