欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

搭建 CentOS 6 服务器(3) - 初始环境设置

程序员文章站 2022-06-12 17:46:28
...
(1)系统架构

查看内核
# uname -s -r 
  Linux 2.6.32-358.el6.x86_64


查看发布版本
# cat /etc/redhat-release
  CentOS release 6.4 (Final)


查看CPU架构
# arch
  x86_64(x86_64表示64位机器/i686表示32位机器)
# getconf LONG_BIT
  64


(2)用户设置

添加用户
# /usr/sbin/useradd user1 -d /home/user1 -G nobody
# passwd user1
  New password: 123456
  Retype new password: 123456
  passwd: all authentication tokens updated successfully.


确认用户
# id user1


删除用户
# userdel -r user1


赋予root权限
# usermod -G wheel hoge
# vi /etc/pam.d/su
  auth       required     pam_wheel.so use_uid  # <= 取消注释


用户一览
# cat /etc/passwd


(3)网络设置

设置IP
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
  DEVICE="eth0"
  OTPROTO="static" # <=
  HWADDR="00:0C:29:53:A5:AE"
  IPV6INIT="no" # <=
  NM_CONTROLLED="yes"
  ONBOOT="yes"
  TYPE="Ethernet"
  UUID="1ca6acf4-ebce-415a-a89b-bf89a67819ff"
  IPADDR="xxx.xxx.xx.xx" # <=
  NETMASK="255.255.255.0" # <=
  GATEWAY="xxx.xxx.xx.xx" # <=
  DNS1="xxx.xxx.xx.xx" # <=

# service network restart
  Shutting down interface eth0:  
  ......
  Connection activated      [  OK  ]

# ifconfig
  eth0      Link encap:Ethernet  HWaddr 00:0C:29:2F:D5:58 
              inet addr:xxx.xxx.xx.xx  Bcast:xxx.xxx.xx.xx Mask:255.255.255.0
  ......


卸载NestworkManager服务
# chkconfig NetworkManager off
# yum -y remove NetworkManager


关闭IPv6
# service ip6tables stop
# chkconfig ip6tables off
# echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
# vi /etc/sysconfig/network
  NETWORKING_IPV6=no
  IPV6INIT=no
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# shutdown -r now
# lsmod | grep ipv6 
  没有ipv6模块
# netstat -an | grep ffff
  没有:ffff:开始的IP
# ifconfig
  没有inet6 addr开始的文字


(4)包管理设置

yum清理
# yum clean all
  Loaded plugins: fastestmirror, security
  Cleaning repos: base extras updates
  Cleaning up Everything
# yum makecache
  Loaded plugins: fastestmirror, security
  Determining fastest mirrors
  ………….
  Metadata Cache Created


yum更新
# yum -y update


自动更新
# yum -y install yum-cron
# vi /etc/sysconfig/yum-cron
  CHECK_ONLY=yes
  DOWNLOAD_ONLY=yes
# /etc/rc.d/init.d/yum-cron start
# chkconfig yum-cron on
# chkconfig --list yum-cron


自动查找最快镜像
# yum -y install yum-plugin-fastestmirror
# vi /etc/yum/pluginconf.d/fastestmirror.conf
  enabled=0   ←0:无效 1:有效


添加repository
# vi /etc/yum.repos.d/CentOS-Base.repo

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# vi /etc/yum.repos.d/rpmforge.repo
  enabled=0
# yum --enablerepo=rpmforge install xxxx

# rpm -Uvh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# vi /etc/yum.repos.d/epel.repo
  enabled=0
# yum --enablerepo=epel install xxxx


(5)设置vim
# yum -y install vim-enhanced
# vi /etc/profile
  alias vi='vim'
# source /etc/profile
# vi /etc/vimrc


(6)安全设置

关闭SELinux
# getenforce
# setenforce 0 ←临时关闭
# vi /etc/sysconfig/selinux
  SELINUX=enforcing
   ↓
  SELINUX=disabled


停止iptables
# /etc/rc.d/init.d/iptables stop
  iptables: Flushing firewall rules:                         [  OK  ]
  iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
  iptables: Unloading modules:                               [  OK  ]
# chkconfig iptables off
# chkconfig --list iptables 
  iptables        0:off 1:off 2:off 3:off 4:off 5:off 6:off


(7)系统运行情况

磁盘使用情况
# df -h

# yum -y install sysstat
# iostat


内存使用情况
# free -m


CPU和内存
# cat /proc/cpuinfo
# cat /proc/meminfo


(8)其他

修改hostname
# hostname
  localhost.localdomain
# vi /etc/sysconfig/network
  NETWORKING=yes
  #HOSTNAME=localhost.localdomain
  HOSTNAME=MyNewHostName
  NETWORKING_IPV6=no
# vi /etc/hosts
  127.0.0.1 MyNewHostName
  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  #hosts文件每行格式:IP地址 hostname aliases
  #保留localhost的定义,因为Apache、Postfix、sendmail等服务会用到
# shutdown -r now
# uname -a
  Linux MyNewHostName 2.6.32-358.el6.x86_64 ......

临时修改
# hostname MyTmpHostName
# /etc/init.d/network restart


本地语言化
# yum -y groupinstall "Japanese Support"
# vi /etc/sysconfig/i18n
  LANG="en_US.UTF-8"
   ↓
  LANG="ja_JP.UTF-8"
# source /etc/sysconfig/i18n 
# echo $LANG
  ja_JP.UTF-8
# shutdown -r now


停止不必要的服务
# chkconfig --list | grep 3:on
# service ip6tables stop
# chkconfig ip6tables off


编码转换nkf(Network Kanji Filter)
# yum -y install nkf
# vi readme.txt
  test
  漢字
# nkf -g readme.txt
  UTF-8 (LF)
# nkf -s --overwrite readme.txt
# nkf -g readme.txt
  Shift_JIS (LF)
# nkf -j --overwrite readme.txt
# nkf -g readme.txt
  ISO-2022-JP (LF)


安装gcc
# rpm -qa gcc
# yum -y install gcc gcc-c++
# gcc -v
  Using built-in specs.
  Target: i686-redhat-linux
  …………
  gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 


安装PCRE
# cd /usr/local/src
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz
# tar zxvf pcre-8.35.tar.gz
# cd /usr/local/src/pcre-8.35
# ./configure --prefix=/usr/local/pcre/8.35
# make clean
# make && make install
# PATH=/usr/local/pcre/8.35/bin:$PATH 
# vi /etc/ld.so.conf
  /usr/local/pcre/8.35/lib ←末尾追加
# ldconfig
# rpm -qa pcre
  pcre-7.8-6.el6.x86_64
# pcretest -C
  PCRE version 7.8 2008-09-05


安装OpenSSL
# cd /usr/local/src
# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz
# tar xzvf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config shared -fPIC
# make && make install
# vi /etc/ld.so.conf
  /usr/local/ssl/lib ←末尾追加
# ldconfig
# ldconfig -f /etc/ld.so.conf -vp|grep ssl/lib
  libssl.so.1.0.0 (libc6) => /usr/local/ssl/lib/libssl.so.1.0.0
  libssl.so (libc6) => /usr/local/ssl/lib/libssl.so
  libcrypto.so.1.0.0 (libc6) => /usr/local/ssl/lib/libcrypto.so.1.0.0
  libcrypto.so (libc6) => /usr/local/ssl/lib/libcrypto.so
# /usr/local/ssl/bin/openssl version
  OpenSSL 1.0.1h 5 Jun 2014


NTP同步时间
引用
# yum -y install ntp
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
  driftfile /var/lib/ntp/drift
  server 0.jp.pool.ntp.org
  server 1.jp.pool.ntp.org
  server 2.jp.pool.ntp.org
  server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat


引用
CentOS默认安装NTP服务、NTP服务采用的是Server/Client的模式、一台机器同时是ntp服务器和ntp客户端。

同步方法:ntpdate、ntpd

ntpdate:强制修改系统时间(需要定期同步修正cpu tick)
[root@linux ~]# ntpdate time.ntp.org
[root@linux ~]# crontab -e
0 12 * * * * /usr/sbin/ntpdate time.ntp.org
每天12点强制同步一下时间

ntpd服务:修正系统时间并修正cpu tick
[root@linux ~]# vi /etc/ntp.conf
#restrict 127.0.0.1
restrict 192.168.21.0 mask 255.255.255.0 nomodify notrap
server -4 192.168.21.1 *** -4代表通过IPv4连接服务器
[root@linux ~]# /etc/init.d/ntpd start
[root@linux ~] # netstat -ln|grep 123
[root@linux ~] # ntpstat
每64秒与上源服务器同步一次,随着误差减小,逐步增加同步的间隔

需要确保是否有权限连接到服务器端。

先使用ntpdate强制同步时间,之后使用ntpd服务同步时间
安装
# yum -y install ntp
# ntpd --version
设置
# cp /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
手动同步
# ntpdate pool.ntp.org
启动ntpd
# service ntpd start
# chkconfig ntpd on
确认
# ntpq -p
# ntpstat

# ntpd -gq 强制更新


GHOST: glibc vulnerability (CVE-2015-0235)
# yum update glibc
# rpm -qa | grep glibc
  2.12-1.149.el6_6.5