搭建 CentOS 6 服务器(3) - 初始环境设置
程序员文章站
2022-06-12 17:46:28
...
(1)系统架构
查看内核
查看发布版本
查看CPU架构
(2)用户设置
添加用户
确认用户
删除用户
赋予root权限
用户一览
(3)网络设置
设置IP
卸载NestworkManager服务
关闭IPv6
(4)包管理设置
yum清理
yum更新
自动更新
自动查找最快镜像
添加repository
(5)设置vim
(6)安全设置
关闭SELinux
停止iptables
(7)系统运行情况
磁盘使用情况
内存使用情况
CPU和内存
(8)其他
修改hostname
本地语言化
停止不必要的服务
编码转换nkf(Network Kanji Filter)
安装gcc
安装PCRE
安装OpenSSL
NTP同步时间
GHOST: glibc vulnerability (CVE-2015-0235)
查看内核
# uname -s -r Linux 2.6.32-358.el6.x86_64
查看发布版本
# cat /etc/redhat-release CentOS release 6.4 (Final)
查看CPU架构
# arch x86_64(x86_64表示64位机器/i686表示32位机器) # getconf LONG_BIT 64
(2)用户设置
添加用户
# /usr/sbin/useradd user1 -d /home/user1 -G nobody # passwd user1 New password: 123456 Retype new password: 123456 passwd: all authentication tokens updated successfully.
确认用户
# id user1
删除用户
# userdel -r user1
赋予root权限
# usermod -G wheel hoge # vi /etc/pam.d/su auth required pam_wheel.so use_uid # <= 取消注释
用户一览
# cat /etc/passwd
(3)网络设置
设置IP
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
OTPROTO="static" # <=
HWADDR="00:0C:29:53:A5:AE"
IPV6INIT="no" # <=
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="1ca6acf4-ebce-415a-a89b-bf89a67819ff"
IPADDR="xxx.xxx.xx.xx" # <=
NETMASK="255.255.255.0" # <=
GATEWAY="xxx.xxx.xx.xx" # <=
DNS1="xxx.xxx.xx.xx" # <=
# service network restart
Shutting down interface eth0:
......
Connection activated [ OK ]
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:2F:D5:58
inet addr:xxx.xxx.xx.xx Bcast:xxx.xxx.xx.xx Mask:255.255.255.0
......
卸载NestworkManager服务
# chkconfig NetworkManager off # yum -y remove NetworkManager
关闭IPv6
# service ip6tables stop # chkconfig ip6tables off # echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf # vi /etc/sysconfig/network NETWORKING_IPV6=no IPV6INIT=no # vi /etc/sysconfig/network-scripts/ifcfg-eth0 # shutdown -r now # lsmod | grep ipv6 没有ipv6模块 # netstat -an | grep ffff 没有:ffff:开始的IP # ifconfig 没有inet6 addr开始的文字
(4)包管理设置
yum清理
# yum clean all Loaded plugins: fastestmirror, security Cleaning repos: base extras updates Cleaning up Everything # yum makecache Loaded plugins: fastestmirror, security Determining fastest mirrors …………. Metadata Cache Created
yum更新
# yum -y update
自动更新
# yum -y install yum-cron # vi /etc/sysconfig/yum-cron CHECK_ONLY=yes DOWNLOAD_ONLY=yes # /etc/rc.d/init.d/yum-cron start # chkconfig yum-cron on # chkconfig --list yum-cron
自动查找最快镜像
# yum -y install yum-plugin-fastestmirror # vi /etc/yum/pluginconf.d/fastestmirror.conf enabled=0 ←0:无效 1:有效
添加repository
# vi /etc/yum.repos.d/CentOS-Base.repo # rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm # vi /etc/yum.repos.d/rpmforge.repo enabled=0 # yum --enablerepo=rpmforge install xxxx # rpm -Uvh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm # vi /etc/yum.repos.d/epel.repo enabled=0 # yum --enablerepo=epel install xxxx
(5)设置vim
# yum -y install vim-enhanced # vi /etc/profile alias vi='vim' # source /etc/profile # vi /etc/vimrc
(6)安全设置
关闭SELinux
# getenforce # setenforce 0 ←临时关闭 # vi /etc/sysconfig/selinux SELINUX=enforcing ↓ SELINUX=disabled
停止iptables
# /etc/rc.d/init.d/iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] # chkconfig iptables off # chkconfig --list iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
(7)系统运行情况
磁盘使用情况
# df -h # yum -y install sysstat # iostat
内存使用情况
# free -m
CPU和内存
# cat /proc/cpuinfo # cat /proc/meminfo
(8)其他
修改hostname
# hostname localhost.localdomain # vi /etc/sysconfig/network NETWORKING=yes #HOSTNAME=localhost.localdomain HOSTNAME=MyNewHostName NETWORKING_IPV6=no # vi /etc/hosts 127.0.0.1 MyNewHostName 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #hosts文件每行格式:IP地址 hostname aliases #保留localhost的定义,因为Apache、Postfix、sendmail等服务会用到 # shutdown -r now # uname -a Linux MyNewHostName 2.6.32-358.el6.x86_64 ...... 临时修改 # hostname MyTmpHostName # /etc/init.d/network restart
本地语言化
# yum -y groupinstall "Japanese Support" # vi /etc/sysconfig/i18n LANG="en_US.UTF-8" ↓ LANG="ja_JP.UTF-8" # source /etc/sysconfig/i18n # echo $LANG ja_JP.UTF-8 # shutdown -r now
停止不必要的服务
# chkconfig --list | grep 3:on # service ip6tables stop # chkconfig ip6tables off
编码转换nkf(Network Kanji Filter)
# yum -y install nkf # vi readme.txt test 漢字 # nkf -g readme.txt UTF-8 (LF) # nkf -s --overwrite readme.txt # nkf -g readme.txt Shift_JIS (LF) # nkf -j --overwrite readme.txt # nkf -g readme.txt ISO-2022-JP (LF)
安装gcc
# rpm -qa gcc # yum -y install gcc gcc-c++ # gcc -v Using built-in specs. Target: i686-redhat-linux ………… gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
安装PCRE
# cd /usr/local/src # wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz # tar zxvf pcre-8.35.tar.gz # cd /usr/local/src/pcre-8.35 # ./configure --prefix=/usr/local/pcre/8.35 # make clean # make && make install # PATH=/usr/local/pcre/8.35/bin:$PATH # vi /etc/ld.so.conf /usr/local/pcre/8.35/lib ←末尾追加 # ldconfig # rpm -qa pcre pcre-7.8-6.el6.x86_64 # pcretest -C PCRE version 7.8 2008-09-05
安装OpenSSL
# cd /usr/local/src # wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz # tar xzvf openssl-1.0.1h.tar.gz # cd openssl-1.0.1h # ./config shared -fPIC # make && make install # vi /etc/ld.so.conf /usr/local/ssl/lib ←末尾追加 # ldconfig # ldconfig -f /etc/ld.so.conf -vp|grep ssl/lib libssl.so.1.0.0 (libc6) => /usr/local/ssl/lib/libssl.so.1.0.0 libssl.so (libc6) => /usr/local/ssl/lib/libssl.so libcrypto.so.1.0.0 (libc6) => /usr/local/ssl/lib/libcrypto.so.1.0.0 libcrypto.so (libc6) => /usr/local/ssl/lib/libcrypto.so # /usr/local/ssl/bin/openssl version OpenSSL 1.0.1h 5 Jun 2014
NTP同步时间
引用
# yum -y install ntp
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
server 0.jp.pool.ntp.org
server 1.jp.pool.ntp.org
server 2.jp.pool.ntp.org
server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
server 0.jp.pool.ntp.org
server 1.jp.pool.ntp.org
server 2.jp.pool.ntp.org
server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat
引用
CentOS默认安装NTP服务、NTP服务采用的是Server/Client的模式、一台机器同时是ntp服务器和ntp客户端。
同步方法:ntpdate、ntpd
ntpdate:强制修改系统时间(需要定期同步修正cpu tick)
[root@linux ~]# ntpdate time.ntp.org
[root@linux ~]# crontab -e
0 12 * * * * /usr/sbin/ntpdate time.ntp.org
每天12点强制同步一下时间
ntpd服务:修正系统时间并修正cpu tick
[root@linux ~]# vi /etc/ntp.conf
#restrict 127.0.0.1
restrict 192.168.21.0 mask 255.255.255.0 nomodify notrap
server -4 192.168.21.1 *** -4代表通过IPv4连接服务器
[root@linux ~]# /etc/init.d/ntpd start
[root@linux ~] # netstat -ln|grep 123
[root@linux ~] # ntpstat
每64秒与上源服务器同步一次,随着误差减小,逐步增加同步的间隔
需要确保是否有权限连接到服务器端。
先使用ntpdate强制同步时间,之后使用ntpd服务同步时间
安装
# yum -y install ntp
# ntpd --version
设置
# cp /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
手动同步
# ntpdate pool.ntp.org
启动ntpd
# service ntpd start
# chkconfig ntpd on
确认
# ntpq -p
# ntpstat
# ntpd -gq 强制更新
同步方法:ntpdate、ntpd
ntpdate:强制修改系统时间(需要定期同步修正cpu tick)
[root@linux ~]# ntpdate time.ntp.org
[root@linux ~]# crontab -e
0 12 * * * * /usr/sbin/ntpdate time.ntp.org
每天12点强制同步一下时间
ntpd服务:修正系统时间并修正cpu tick
[root@linux ~]# vi /etc/ntp.conf
#restrict 127.0.0.1
restrict 192.168.21.0 mask 255.255.255.0 nomodify notrap
server -4 192.168.21.1 *** -4代表通过IPv4连接服务器
[root@linux ~]# /etc/init.d/ntpd start
[root@linux ~] # netstat -ln|grep 123
[root@linux ~] # ntpstat
每64秒与上源服务器同步一次,随着误差减小,逐步增加同步的间隔
需要确保是否有权限连接到服务器端。
先使用ntpdate强制同步时间,之后使用ntpd服务同步时间
安装
# yum -y install ntp
# ntpd --version
设置
# cp /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
手动同步
# ntpdate pool.ntp.org
启动ntpd
# service ntpd start
# chkconfig ntpd on
确认
# ntpq -p
# ntpstat
# ntpd -gq 强制更新
GHOST: glibc vulnerability (CVE-2015-0235)
# yum update glibc # rpm -qa | grep glibc 2.12-1.149.el6_6.5