1.設置主機名2.添加用戶3.防火牆設置4.網絡設置5.配置服務6.升級系統7.添加外部軟件源8.配置vim9.配置sudo10.設置時區11.設置鍵盤佈局12.設置系統語言13.設置密碼node
1.設置主機名python
1)更改主機名linux
#顯示當前主機名ios [root@localhost ~]# hostnamegit |
| localhost.localdomain |
#改變主機名算法 [root@localhost ~]# hostname zbyshell [root@localhost ~]# hostnamevim |
| zby #只是改變 |
2)永久改變主機名centos
[root@localhost ~]# hostnamectl set-hostname zby安全 #顯示狀態 [root@localhost ~]# hostnamectl |
Static hostname: zby Icon name: computer-vm Chassis: vm Machine ID: 1f96150fe7c04420b9e71c154be8c01b Boot ID: 35495cc567584fd19646472d8e853fcc Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-327.el7.x86_64 Architecture: x86-64 |
#顯示計算機名 [root@localhost ~]# su - root |
| Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0 |
| [root@zby ~]# |
2.添加用戶
1)添加一個用戶「zhang」做爲下面的示例。
[root@zby ~]# useradd zhang [root@zby ~]# passwd zhang |
New password: #設置密碼 BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: #確認 passwd: all authentication tokens updated successfully. |
| [root@zby ~]# exit #註銷當前用戶 |
2)嘗試切換新添加用戶
| zby login: zhang #輸入用戶名password: #輸入密碼 |
#查看當前用戶 [zhang@zby ~]$ whoami |
| zhang |
| [zhang@zby ~]$ su - root #切換到root用戶 |
| Password: #輸入root用戶密碼 |
| [root@zby ~]# #已切換到root用戶 |
3)使用戶只可以做爲管理用戶切換到root用戶。
[root@zby ~]# usermod -G wheel zhang [root@zby ~]# vi /etc/pam.d/su |
#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so |
4)轉發到根用戶的電子郵件到另外一個用戶,設置以下。
| [root@zby ~]# vi /etc/aliases |
# Person who should get root's mail #最後一行:取消和更改用戶 root: zhang |
| [root@zby ~]# newaliases #加載 |
3.防火牆設置
1)能夠顯示防火牆的服務狀態,以下所示。(默認啓用)
| [root@zby ~]# systemctl status firewalld |
● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s ago Main PID: 13164 (firewalld) CGroup: /system.slice/firewalld.service └─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon... Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon. |
2)若是您使用防火牆服務,它須要修改它的設置,由於默認狀況下不容許對服務的傳入請求。在這裏是指基本的操做和設置配置firewalld服務。
3)若是你由於一些緣由不須要防火牆服務,須要中止並禁用它以下。
#中止服務 [root@zby ~]# systemctl stop firewalld |
#關閉服務 [root@zby ~]# systemctl disable firewalld |
4)顯示SELinux的狀態(安全加強的Linux)以下。(默認啓用)
| [root@zby ~]# getenforce |
| Enforcing #selinux是開啓的 |
#關閉selinux [root@zby ~]# vi /etc/selinux/config |
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted |
#從新啓動應用新設置 [root@zby ~]# reboot |
4.網絡設置
1)設置靜態IP,替換接口名稱爲"eth0"
#設置主機名 [root@zby ~]# hostnamectl set-hostname zby #顯示網絡設備 [root@zby ~]# nmcli d |
| DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0 lo loopback unmanaged -- |
#設置IPV4地址 [root@zby ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24 #設置默認網關 [root@zby ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1 #設置域名解析 [root@zby ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66 #爲靜態設置設置手動(DHCP爲「自動」) [root@zby ~]# nmcli c modify eth0 ipv4.method manual #從新啓動界面並從新加載設置 [root@zby ~]# nmcli c down eth0; nmcli c up eth0 |
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) |
#顯示網卡配置信息 [root@zby ~]# nmcli d show eth0 |
GENERAL.DEVICE: eth0 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:50:56:8F:56:A5 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: eth0 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 172.31.253.63/24 IP4.GATEWAY: 172.31.253.1 IP4.DNS[1]: 211.138.24.66 IP4.DNS[2]: 211.138.30.66 IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64 IP6.GATEWAY: |
#顯示網卡狀態 [root@zby ~]# ip addr show |
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.253.63/24 brd 172.31.253.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe8f:56a5/64 scope link valid_lft forever preferred_lft forever |
2)關閉IPV6
| [root@zby ~]# vi /etc/default/grub |
#在第6行,添加 GRUB_CMDLINE_LINUX="crashkernel=auto ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
#使更改生效 [root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [root@zby ~]# reboot |
3)上面的接口名稱的例子是「eth0」,可是若是您的系統安裝在物理機器上,默認狀況下該名稱不是「ethX」。 而後若是你想使用網絡接口名稱「ethX」,配置以下。
| [root@zby ~]# vi /etc/default/grub |
#在第6行添加 GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
| [root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
| Generating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [root@zby ~]# reboot |
5.配置服務
1)查看服務狀態
#顯示正在運行的服務列表 [root@zby ~]# systemctl -t service |
| UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Busgetty@tty1.service loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etclvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to run wpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'. |
#顯示全部服務 [root@zby ~]# systemctl list-unit-files -t service |
| UNIT FILE STATE auditd.service enabled autovt@.service disabledblk-availability.service disabledbrandbot.service static console-getty.service disabledconsole-shell.service disabledcontainer-getty@.service static cpupower.service disabledcrond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static 。。。。。。systemd-vconsole-setup.service static tcsd.service disabledteamd@.service static tuned.service enabled wpa_supplicant.service disabled139 unit files listed. |
2)中止並關閉服務的自動啓動設置。
[root@zby ~]# systemctl stop postfix [root@zby ~]# systemctl disable postfix |
| Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service. |
3)經過chkconfig控制一些服務是否自動啓動。
| [root@zby ~]# chkconfig --list |
Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'. netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
#例如,關閉netconsole的自動啓動設置 [root@zby ~]# chkconfig netconsole off |
6.升級系統
1)安裝CentOS後,若有可能,請先更新系統。
| [root@zby ~]# yum -y update |
| 。。。。。yum.noarch 0:3.4.3-154.el7.centos.1 yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 zlib.x86_64 0:1.2.7-17.el7 Replaced: NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centos grub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7 rdma.noarch 0:7.2_4.1_rc6-1.el7 Complete! |
7.添加外部軟件源
添加一些有用的外部存儲庫來安裝有用的軟件。
1)安裝一個插件爲每一個已安裝的存儲庫添加優先級。
| [root@zby ~]# yum -y install yum-plugin-priorities |
| Downloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Installed: yum-plugin-priorities.noarch 0:1.1.31-42.el7 Complete! |
#將[priority = 1]設置爲官方存儲庫 [root@zby ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo |
2)添加從Fedora項目提供的EPEL存儲庫。
| [root@zby ~]# yum -y install epel-release |
| Running transaction Installing : epel-release-7-9.noarch 1/1 Verifying : epel-release-7-9.noarch 1/1 Installed: epel-release.noarch 0:7-9 Complete! |
# 設置[priority=5] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo #換另外一種方式,更改成[enabled = 0]並僅在須要時使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo #若是[enabled = 0],輸入命令以使用存儲庫 [root@zby ~]# yum --enablerepo=epel install [Package] |
3)添加CentOS SCLo軟件集合存儲庫。
[root@zby ~]# yum -y install centos-release-scl-rh centos-release-scl #設置[priority=10] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #換另外一種方式,更改成[enabled = 0]並僅在須要時使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #若是[enabled = 0],輸入命令以使用存儲庫 [root@zby ~]# yum --enablerepo=centos-sclo-rh install [Package] [root@zby ~]# yum --enablerepo=centos-sclo-sclo install [Package] |
4)添加Remi的RPM存儲庫,它提供了許多有用的軟件包。
[root@zby ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm # 設置 [priority=10] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo #換另外一種方式,更改成[enabled = 0]並僅在須要時使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo #if [enabled = 0],輸入命令以使用存儲庫 [root@zby ~]# yum --enablerepo=remi-safe install [Package] |
8.配置vim安裝和配置比vi更方便的vim。1)安裝vim
| [root@zby ~]# yum -y install vim-enhanced |
Installed: vim-enhanced.x86_64 2:7.4.160-2.el7 Dependency Installed: gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7 vim-filesystem.x86_64 2:7.4.160-2.el7 Complete! |
2)設置命令別名。 (適用於下面的全部用戶,若是你申請了一個用戶,在'〜/ .bashrc'中寫入相同的設置)
| [root@zby ~]# vi /etc/profile |
#在最後一行添加 alias vi='vim' |
| [root@zby ~]# source /etc/profile #從新加載環境變量 |
3)配置vim。 (適用於下面的用戶,若是適用於全部用戶,在'/ etc / vimrc'中寫入相同的設置,但默認狀況下會應用一些設置。)
| [root@zby ~]# vi ~/.vimrc |
#使用vim的擴展功能(不兼容vi) set nocompatible #指定編碼 set encoding=utf-8 #指定文件編碼 set fileencodings=ucs-bom,utf-8,cp936 #指定文件格式 set fileformats=unix,dos #採起備份,若是沒有,請指定[set nobackup] set backup #指定備份目錄 set backupdir=~/backup #採起50個搜索歷史 set history=50 #忽略Case set ignorecase #不一樣的資本,若是你混合搜索詞 set smartcase #突出顯示匹配的詞,若是不是,請指定[set nohlsearch] set hlsearch #使用增量搜索,若是沒有,請指定[set noincsearch] set incsearch #顯示行號,若是不是,請指定[set nonumber] set number #可視化中斷($)或標籤(^ I) set list #突出顯示括號 set showmatch #顯示彩色顯示,若是沒有,請指定[語法關閉] syntax on #若是已設置,則更改註釋的顏色[語法] highlight comment ctermfg=LightCyan #包裝線,若是沒有,請指定[set nowrap] set wrap |
9.配置sudo
配置sudo以分離用戶的責任,若是一些人共享特權。沒必要手動安裝sudo,由於即便「最小安裝」,它也是默認安裝的。
1)將root權限轉移給用戶all。
| [root@zby ~]# visudo |
| #在最後一行添加:用戶'cent'可使用全部root權限zhang ALL=(ALL) ALL#如何寫⇒目的地主機=(全部者)命令 |
#確保用戶‘zhang’ [root@zby ~]# su - zhang [zhang@zby ~]$ /usr/bin/cat /etc/shadow |
| sr/bin/cat: /etc/shadow: Permission denied |
| [zhang@zby ~]$ sudo /usr/bin/cat /etc/shadow |
。。。。。。 tss:!!:17586:::::: postfix:!!:17586:::::: sshd:!!:17586:::::: zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7::: |
10.設置時區在下面的示例中替換爲您本身的時區。
| #顯示時區[root@zby ~]# timedatectl list-timezones |
。。。。。。 Asia/Qyzylorda Asia/Riyadh Asia/Sakhalin Asia/Samarkand Asia/Seoul Asia/Shanghai Asia/Singapore Asia/Srednekolymsk Asia/Taipei Asia/Tashkent Asia/Tbilisi |
#設置時區 [root@zby ~]# timedatectl set-timezone Asia/Shanghai #顯示狀態 [root@zby ~]# timedatectl |
Local time: Mon 2018-03-19 22:18:49 CST Universal time: Mon 2018-03-19 14:18:49 UTC RTC time: Mon 2018-03-19 14:18:48 Time zone: Asia/Shanghai (CST, +0800) NTP enabled: n/aNTP synchronized: no RTC in local TZ: no DST active: n/a |
11.設置鍵盤佈局
#顯示當前鍵盤佈局狀態 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#顯示鍵盤映射列表 [root@zby ~]# localectl list-keymaps |
。。。。。。 ukunicode us us-acentos us-alt-intl us-altgr-intl us-colemak us-dvorak us-dvorak-alt-intl us-dvorak-classic us-dvorak-intl us-dvorak-l us-dvorak-r us-dvp |
#設置鍵盤佈局 [root@zby ~]# localectl set-keymap us #顯示鍵盤佈局狀態 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
12.設置系統語言
在下面的示例中替換爲您本身的語言。
#顯示當前狀態 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#顯示語言環境列表 [root@zby ~]# localectl list-locales |
。。。。。。 en_US en_US.iso88591 en_US.iso885915 en_US.utf8 |
#設置區域語言 [root@zby ~]# localectl set-locale.utf8 #顯示語言狀態 [root@zby ~]# localectl |
System Locale:.utf8 VC Keymap: us X11 Layout: us |
13.設置密碼
出於安全緣由設置密碼規則。
1)設置密碼過時的天數。用戶必須在幾天內更改密碼。此設置僅在建立用戶時纔會產生影響,而不會影響到現有用戶。若是設置爲現有用戶,請運行命令「chage -M(days)(user)」。
| [root@zby ~]# vi /etc/login.defs |
#第25行:爲密碼過時設置60 PASS_MAX_DAYS 60 |
2)設置可用密碼的最短天數。至少在改變它以後,用戶必須至少使用他們的密碼。此設置僅在建立用戶時纔會產生影響,而不會影響到現有用戶。若是設置爲現有用戶,請運行命令「chage -m(days)(user)」
| [root@zby ~]# vi /etc/login.defs |
#第26行:設置2爲可用天數 PASS_MIN_DAYS 2 |
3)在到期前設置警告的天數。此設置僅在建立用戶時纔會產生影響,而不會影響到現有用戶。若是設置爲現有用戶,請運行命令「chage -W(days)(user)」。
| [root@zby ~]# vi /etc/login.defs |
#第28行:爲警告天數設置7 PASS_WARN_AGE 7 |
4)使用過去使用的密碼進行限制。在這一代中,用戶不能設置相同的密碼。
| [root@zby ~]# vi /etc/pam.d/system-auth |
#第15行附近:禁止在過去的5代中使用相同的密碼 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5 |
5)設置最小密碼長度。用戶不能將其密碼長度設置爲小於此參數。
#爲最小密碼長度設置8 [root@zby ~]# authconfig --passminlen=8 --update |
#該參數在下面的配置中設置 [root@zby ~]# grep "^minlen" /etc/security/pwquality.conf |
| minlen = 8 |
6)爲新密碼設置所需的最少字符類數。 (種類⇒UpperCase / LowerCase / Digits / Others)
#設置2以獲取所需字符類別的最小數量 [root@zby ~]# authconfig --passminclass=2 --update |
#該參數在下面的配置中設置 [root@zby ~]# grep "^minclass" /etc/security/pwquality.conf |
| minclass = 2 |
7)在新密碼中設置容許的連續相同字符的最大數量。
#爲容許的連續相同字符的最大數量設置2 [root@zby ~]# authconfig --passmaxrepeat=2 --update |
#該參數在下面的配置中設置 [root@zby ~]# grep "^maxrepeat" /etc/security/pwquality.conf |
| maxrepeat = 2 |
8)在新密碼中設置同一類的最大容許連續字符數。
#設置4爲同一類的最大容許連續字符數 [root@zby ~]# authconfig --passmaxcla***epeat=4 --update |
#該參數在下面的配置中設置 [root@zby ~]# grep "^maxcla***epeat" /etc/security/pwquality.conf |
| maxcla***epeat = 4 |
9)新密碼中至少須要一個小寫字符。
| [root@zby ~]# authconfig --enablereqlower --update |
#該參數在下面的配置中設置#(若是你想編輯值,用vi和其餘編輯) [root@zby ~]# grep "^lcredit" /etc/security/pwquality.conf |
| lcredit = -1 |
10)新密碼中至少須要一個大寫字符。
| [root@zby ~]# authconfig --enablerequpper --update |
#該參數在下面的配置中設置#(若是你想編輯值,用vi和其餘編輯) [root@zby ~]# grep "^ucredit" /etc/security/pwquality.conf |
| ucredit = -1 |
11)新密碼中至少須要一位數字。
| [root@zby ~]# authconfig --enablereqdigit --update |
#該參數在下面的配置中設置#(若是你想編輯值,用vi和其餘編輯) [root@zby ~]# grep "^dcredit" /etc/security/pwquality.conf |
| dcredit = -1 |
12)新密碼中至少須要一個其餘字符。
| [root@zby ~]# authconfig --enablereqother --update |
#該參數在下面的配置中設置#(若是你想編輯值,用vi和其餘編輯) [root@zby ~]# grep "^ocredit" /etc/security/pwquality.conf |
| ocredit = -1 |
13)在新密碼中設置單調字符序列的最大長度。 (ex⇒'12345','fedcb')
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最後一行添加 maxsequence = 3 |
14)設置舊密碼中不能出現的新密碼中的字符數。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最後一行添加 difok = 5 |
15)檢查新密碼中是否包含用戶passwd項的GECOS字段中長度超過3個字符的單詞。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最後一行添加 gecoscheck = 1 |
16)設置不能包含在密碼中的Ssace分隔列表。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最後一行添加 badwords = denywords1 denywords2 denywords3 |
17)爲新密碼設置散列/密碼算法。 (默認是sha512)
#顯示當前算法 [root@zby ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |
#將算法更改成sha512 [root@zby ~]# authconfig --passalgo=sha512 --update [root@zby ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |