CentOS minimal设置

1

2

$ vim /etc/sysconfig/network-scripts/ifcfg-eth0

  ONBOOT=yes

1

2

3

4

5

$ /usr/sbin/sestatus -v

$ setenforce 0   (临时关闭)

$ vim /etc/selinux/config

  将 SELINUX=enforcing 改为 SELINUX=disabled   (永久关闭)

  sync reboot

1

2

3

$ chkconfig iptables --list     (查看)

$ chkconfig iptables on/off     (永久)

$ service iptables start/stop   (临时)

1

2

3

4

5

6

7

8

9

10

$ iptables -P INPUT DROP

$ iptables -P OUTPUT ACCEPT

$ iptables -P FORWARD DROP

eg:开启ssh 22端口

$ iptables -A INPUT -p tcp -s 192.168.2.58 --dport 22 -j ACCEPT  (除了192.168.2.58其它IP禁止ssh)

$ iptables -A OUTPUT -p tcp -s 192.168.2.58 --sport 22 -j ACCEPT (如果OUTPUT设置成DROP则需添加该条)

$ service iptables save (手动每条去添加,需要手动保存,不然重启后失效)

或者直接在 iptables 编辑添加删除

$ vim /etc/sysconfig/iptables   (编辑iptables规则)

$ /etc/init.d/iptables restart

1

2

3

4

5

6

7

先备份系统源

$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

$ cd /etc/yum.repos.d/

$ wget -c http://mirrors.163.com/.help/CentOS6-Base-163.repo

$ vim CentOS-Media.repo

  关闭cdrom源

$ yum install epel   (安装第三方软件源)

1

2

3

4

5

6

7

8

9

$ yum grouplist

$ yum groupinstall "Development tools"

$ yum groupinstall "System Administration Tools"

(cent7用 yum group mark install)根据需求去选择软件包

$ yum install setuptool.x86_64

$ yum install ntsysv

$ yum install system-config-network-tui

$ yum install system-config-firewall-tui

$ yum install system-config-securitylevel-tui

1

2

$vim /etc/yum.conf

 exclude=php* apache* kernel* mysql* nginx* (根据实际情况进行指定不参与yum update的程序)