标签:联网 meta pcr routes less 组件 系统安全 类别 oca
管理员用户:root 普通用户:自定义一个
nmtui # 类似 CentOS6 下的 setup 命令,可以用图形界面配置IP,主机名,DNS等信息
vi /etc/sysconfig/network-scripts/ifcfg-eth0 ------------------------------------ [root@demohost tools]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 NAME=ens33 DEVICE=ens33 TYPE=Ethernet ONBOOT=yes BOOTPROTO=none DEFROUTE=yes IPADDR=192.168.1.200 PREFIX=24 GATEWAY=192.168.1.1 IPV4_FAILURE_FATAL=no DNS1=202.106.0.20 DNS2=8.8.8.8 IPV6INIT=no IPV6_AUTOCONF=no IPV6_DEFROUTE=no IPV6_PEERDNS=no IPV6_PEERROUTES=no IPV6_PRIVACY=no IPV6_FAILURE_FATAL=no ARPCHECK=no # 禁用ARP检查 --------------------------------------
systemctl restart network ip add ping www.baidu.com
mkdir -p /opt/{tools,scripts} mkdir -p /data/backup cd /opt/tools/
vi /etc/hostname -------------------------------- demohost -------------------------------
vi /etc/hosts -------------------------------- 192.168.1.200 demohost --------------------------------
vi /etc/resolv.conf -------------------------------- nameserver 223.5.5.5 # alidns 出问题还是较少的 nameserver 223.6.6.6 nameserver 8.8.8.8 # Google dns --------------------------------
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo cat /etc/yum.repos.d/CentOS-Base.repo
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo cat /etc/yum.repos.d/epel.repo
yum clean all yum makecache fast
yum install gcc gcc-c++ cmake pcre pcre-devel zlib zlib-devel openssl openssl-devel vim wget telnet setuptool lrzsz dos2unix net-tools bind-utils tree screen iftop ntpdate tree lsof iftop iotop -y yum groupinstall "Development tools" -y
sed -i s#HISTSIZE=1000#HISTSIZE=10000#g /etc/profile cat /etc/profile|grep HISTSIZE=10000
# 8h=28800s echo " " >> /etc/profile echo "# Auto-Logout for 4 hours by zhaoshuai on $(date +%F)." >> /etc/profile echo "export TMOUT=28800" >> /etc/profile tail -4 /etc/profile source /etc/profile echo $TMOUT
vim /etc/security/limits.conf ----------------------------------- # 系统最大连接数 * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 -----------------------------------
netstat -anptl|grep TIME_WAIT|wc -l echo " " >> /etc/sysctl.conf echo "# made by zhaoshuai for kill time_wait on $(date +%F)." >> /etc/sysctl.conf echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf echo "net.ipv4.tcp_orphan_retries = 2" >> /etc/sysctl.conf echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf tail -8 /etc/sysctl.conf sysctl -p netstat -anptl|grep TIME_WAIT|wc -l
echo " ">>/etc/sysctl.conf echo "# Automatic recovery memory on $(date +%F)">>/etc/sysctl.conf echo "vm.extra_free_kbytes=209196">>/etc/sysctl.conf sysctl -p
# vim /etc/ssh/sshd_config ------------------------------------ sed -i s/‘#ListenAddress 0.0.0.0‘/‘ListenAddress 0.0.0.0‘/g /etc/ssh/sshd_config sed -i s/‘GSSAPIAuthentication yes‘/‘GSSAPIAuthentication no‘/g /etc/ssh/sshd_config sed -i s/‘#UseDNS yes‘/‘UseDNS no‘/g /etc/ssh/sshd_config grep ListenAddress /etc/ssh/sshd_config grep GSSAPIAuthentication /etc/ssh/sshd_config grep UseDNS /etc/ssh/sshd_config ------------------------------------
/bin/systemctl restart sshd.service /bin/systemctl status sshd.service
getenforce setenforce 0 getenforce
sed -i s#SELINUX=enforcing#SELINUX=disabled#g /etc/selinux/config cat /etc/selinux/config |grep SELINUX=disabled
# Enforcing/enabled # 执行,强制执行,开启状态1 # Permissive/disabled # 许可的,自由的,关闭状态0
systemctl status firewalld systemctl stop firewalld systemctl disable firewalld systemctl status firewalld
netstat -anptl systemctl stop postfix systemctl disable postfix systemctl status postfix netstat -anptl
yum -y install ntp systemctl enable ntpd systemctl start ntpd systemctl status ntpd
date /usr/sbin/ntpdate ntp1.aliyun.com
echo "# made by zhaoshuai for sync time on $(date +%F)">> /var/spool/cron/root echo ‘*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1‘ >>/var/spool/cron/root crontab -l
1)时区应该为CST为中部时区,如果是EST则为东部时区 2)安装CentOS系统时要去掉夏令时的选项,否则在夏令时的那一天会有时间的自动变换, 3)如果某个服务在时间上有要求就会导致该服务承载的业务出现问题,所以要关闭夏令时
1)一般来说建议更新到最新的内核版本,防止已知的系统漏洞问题 2)如果要安装指定版本的软件则不能随意升级内核版本 3)如果是集群中的一台新增节点,需要保持集群的统一性,也不能进行升级
cat /etc/redhat-release ---------------------------- [root@demohost tools]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) ----------------------------
yum update
reboot
1)内核升级期间一定不可以中断操作,否则重启后会无法进入系统 2)内核升级期间出错的处理方法: 需要连到 tty 终端手动调整开机启动的内核,登陆系统后手动修改内核启动顺序,然后再次进行内核升级尝试修复
1)update会查询互联网上最新的内核软件包进行升级 2)upgrade只查询当前yum源中比目前已安装软件版本高的那些 3)总体来说update升级更加彻底,我一般使用这个
RHEL/CentOS 7最小化安装后需做的30件事情
原文地址:https://www.cnblogs.com/skyhu365/p/12835605.html