linux系統安裝初始配置命令6.8
經過關閉 UseDNS和GSSAPIAuthentication選項加速 SSH登陸
一般狀況下咱們在鏈接 OpenSSH服務器的時候假如 UseDNS選項是打開的話,服務器會先根據客戶端的 IP地址進行 DNS PTR反向查詢出客戶端的主機名,而後根據查詢出的客戶端主機名進行DNS正向A記錄查詢,並驗證是否與原始 IP地址一致,經過此種措施來防止客戶端欺騙。平時咱們都是動態 IP不會有PTR記錄,因此打開此選項也沒有太多做用。咱們能夠經過關閉此功能來提升鏈接 OpenSSH 服務器的速度。html
服務端步驟以下:
編輯配置文件 /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
找到 UseDNS選項,若是沒有註釋,將其註釋
#UseDNS yes
添加
UseDNS nonode
找到 GSSAPIAuthentication選項,若是沒有註釋,將其註釋
#GSSAPIAuthentication yes
添加
GSSAPIAuthentication nomysql
保存配置文件linux
重啓 OpenSSH服務器
/etc/init.d/sshd restartredis
rpm -e dnsmasq --nodepssql
如下是禁掉該rpcbind服務的命令:docker
# 中止進程 $ systemctl stop rpcbind.socket $ systemctl stop rpcbind # 禁止隨開機啓動 $ systemctl disable rpcbind.socket $ systemctl disable rpcbind
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config vim
cat /etc/selinux/config安全
******************配置本地YUM源**************************bash
安裝擴展yum源,yum ×××tall -y epel-release (才能夠yum ×××tall -y redis)
掛載yum
rm -rf Centos-*//(CentOS執行)
vi /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
enabled=1
***********************************************
chkconfig postfix off 對應netstat -lntup下的master服務
chkconfig --del postfix
chkconfig --del nfs-rdma
rm -rf /etc/yum.repos.d/*
echo "[rhel6.8]">>/etc/yum.repos.d/ftp.repo
echo "name=rhel6.8">>/etc/yum.repos.d/ftp.repo
echo "baseurl=ftp://134.96.177.250/rhel6.8">>/etc/yum.repos.d/ftp.repo
echo "gpgcheck=0">>/etc/yum.repos.d/ftp.repo
mount /dev/sr0 /mnt (光盤掛載)
yum ×××tall -y lrzsz
yum ×××tall -y yum-utils
yum ×××tall -y iotop
yum ×××tall -y htop
yum ×××tall -y sysstat
yum ×××tall -y ftp
yum ×××tall -y telnet
yum ×××tall -y traceroute
yum ×××tall -y ntp
yum ×××tall -y man
yum ×××tall -y openssl-devel
yum ×××tall -y lsof
yum ×××tall -y ksh
yum ×××tall -y tcsh
yum ×××tall -y ncompress
yum ×××tall -y gdb
yum ×××tall -y sos
yum ×××tall -y parted
yum ×××tall *gcc*
yum group×××tall "X Window System"
useradd -u 800 -d /itsm itsm
echo itsm123 |passwd --stdin itsm
cp /etc/skel/.* /itsm/
chown -R itsm:itsm /itsm
useradd -g 3 acc
chown -R acc:sys /home/acc
chage -M 99999 acc
passwd acc
vi /etc/passwd accd的uid改成0
groupadd -g 2000 sawh
useradd -G wheel -g 2000 -u 2000 sawh
chage -M 99999 sawh
passwd sawh
echo "Tasa!123_asaT"|passwd --stdin sawh
passwd root(修改 root密碼)
root
經常使用密碼To0那個
sed -i 's/1024/65535/g' /etc/security/limits.d/90-nproc.conf
echo "* soft nofile 65535">>/etc/security/limits.conf
echo "* hard nofile 65535">>/etc/security/limits.conf
echo "* soft nproc 65535">>/etc/security/limits.conf
echo "* hard nproc 65535">>/etc/security/limits.conf
echo "* soft core 65535">>/etc/security/limits.conf
echo "* hard core 65535">>/etc/security/limits.conf
crontab -l
*/30 * * * * /usr/sbin/ntpdate 80.12.64.89 &> /var/log/ntplog >> /dev/null 2>&1
cat /etc/security/limits.d/90-nproc.conf
cat /etc/security/limits.conf
ntpdate 134.96.40.141
sed -i '/^server.*/d' /etc/ntp.conf
echo "server 134.96.40.141">>/etc/ntp.conf
sed -i 's/-u/-x -u/g' /etc/sysconfig/ntpd
service ntpd restart
chkconfig ntpd on
cat /etc/sysconfig/ntpd
ntpq -p
ftp 134.96.177.250
>
bin
cd /ftpdata/SA/software/linux/
lcd /home/acc/
get script.tar
get jx_script6.8.tar
>
#############安全補丁更新################
rm -rf /etc/yum.repos.d/*
echo "[rhel6rpms]">>/etc/yum.repos.d/rhel6rpms.repo
echo "name=rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "baseurl=ftp://134.96.177.250/rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "gpgcheck=0">>/etc/yum.repos.d/rhel6rpms.repo
echo "enabled=1">>/etc/yum.repos.d/rhel6rpms.repo
################################時間服務器#############################
crontab -l
0-59/30 * * * * /usr/sbin/ntpdate 80.16.16.3 &> /var/log/ntplog >> /dev/null 2>&1
yum update -y bash
yum update -y openssl
yum update -y openssh
yum update -y sudo
yum update -y ntp
yum update -y kernel
yum update -y glibc
yum update -y freetype
cd /home/acc
mkdir /home/acc/script/
tar -xvf script.tar -C /home/acc/script/
chmod 740 /home/acc/script/*
mkdir -p mkdir /home/kaiguo/script/UserAndOpenPort/
mkdir /salog/routine
mkdir /salog/routine/nmonlog
mv /home/acc/script/cpu_mem.sh /home/kaiguo/script/
mv /home/acc/script/Check_Port_User.sh /home/kaiguo/script/UserAndOpenPort/
echo "10,20,30,40,50 * * * * sh /home/acc/script/clear_fs.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system info script" >>/var/spool/cron/root
echo "30 7 15 * * sh /home/acc/script/check.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system user and port info script" >>/var/spool/cron/root
echo "0 1 * * * sh /home/kaiguo/script/UserAndOpenPort/Check_Port_User.sh> /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect performance-nmon script" >>/var/spool/cron/root
echo "0 0 * * * /home/acc/script/nmon_linux_x86_64 -f -x -m /salog/routine/nmonlog> /dev/null 2>&1 #nmon" >>/var/spool/cron/root
echo "#SA auto collect system performance and system info script" >>/var/spool/cron/root
echo "*/5 * * * * sh /home/acc/script/mon.sh > /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect cpu script" >>/var/spool/cron/root
echo "#0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /home/kaiguo/script/cpu_mem.sh" >>/var/spool/cron/root
cd /home/acc
tar -xvf jx_script6.8.tar
cd jx_script6.8
sh ftp.sh
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
(有心跳IP記得添加)(iptables -A INPUT -s 172.17.0.0/20 -j ACCEPT)
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 134.96.111.84/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.85/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.86/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.73/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.74/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.75/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.61/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.62/32 -j ACCEPT
iptables -A INPUT -s 134.96.73.128/25 -j ACCEPT
iptables -A INPUT -s 134.98.105.0/24 -j ACCEPT
iptables -A INPUT -s 134.98.83.0/26 -j ACCEPT
iptables -A INPUT -s 134.98.104.240/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.220/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.221/32 -j ACCEPT
iptables -A INPUT -s 134.96.188.100/32 -j ACCEPT
iptables -A INPUT -s 134.96.177.250/32 -j ACCEPT
iptables -A INPUT -s 134.96.246.46/31 -j ACCEPT
iptables -A INPUT -s 134.96.246.48/31 -j ACCEPT
iptables -A INPUT -s 134.96.246.50/32 -j ACCEPT
iptables -A INPUT -s 134.96.64.0/26 -j ACCEPT
iptables -P INPUT DROP
service iptables save
groupadd -g 1000 dba
groupadd -g 1002 o×××tall
groupadd -g 1004 asmadmin
groupadd -g 1005 asmdba
groupadd -g 1006 asmoper
/usr/sbin/useradd -u 1001 -g o×××tall -G asmadmin,asmdba,asmoper -d /home/grid grid
/usr/sbin/useradd -u 1000 -g o×××tall -G dba,asmdba -d /home/oracle oracle
/usr/sbin/useradd -u 751 -g kafaka -G yxgroup -d /app/kafaka kafaka
/usr/sbin/useradd -u 752 -g storm -G yxgroup -d /app/storm storm
對app有讀寫權限
chomd 775 /app
chown root:o×××tall /app
*****************************配置網絡--作BOND******************************
進入網絡配置目錄
cd /etc/sysconfig/network-scripts
作網卡綁定
vim ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=
NETMASK=
GATEWAY=
USERCTL=no
BONDING_OPTS="mode=1 miimon=50"
HOTPLUG=no
更改eth5(根據具體綁定網卡決定)
vim ifcfg-eth5
DEVICE=eth5
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
SLAVE=yes
USERCTL=no
MASTER=bond1
預加載
vi /etc/modprobe.d/bonding.conf
alias bond0 bonding
alias bond1 bonding
vi /etc/rc.d/rc.local
ifenslave bond0 eth2 eth4
ifenslave bond1 eth3 eth5
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cat /etc/selinux/config
chkconfig postfix off
chkconfig --del postfix
chkconfig --del nfs-rdma
rm -rf /etc/yum.repos.d/*
echo "[rhel6.5]">>/etc/yum.repos.d/ftp.repo
echo "name=rhel6.5">>/etc/yum.repos.d/ftp.repo
echo "baseurl=ftp://134.96.177.250/rhel6.5">>/etc/yum.repos.d/ftp.repo
echo "gpgcheck=0">>/etc/yum.repos.d/ftp.repo
echo "[rhel6rpms]">>/etc/yum.repos.d/rhel6rpms.repo
echo "name=rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "baseurl=ftp://134.96.177.250/rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "gpgcheck=0">>/etc/yum.repos.d/rhel6rpms.repo
echo "enabled=1">>/etc/yum.repos.d/rhel6rpms.repo
yum ×××tall -y lrzsz
yum ×××tall -y yum-utils
yum ×××tall -y iotop
yum ×××tall -y htop
yum ×××tall -y sysstat
yum ×××tall -y ftp
yum ×××tall -y telnet
yum ×××tall -y traceroute
yum ×××tall -y ntp
yum ×××tall -y man
yum ×××tall -y openssl-devel
yum ×××tall -y lsof
yum ×××tall -y ksh
yum ×××tall -y tcsh
yum ×××tall -y ncompress
yum ×××tall -y gdb
yum ×××tall -y sos
yum ×××tall *gcc*
yum group×××tall "X Window System"
useradd -u 800 -d /itsm itsm
echo itsm123 |passwd --stdin itsm
cp /etc/skel/.* /itsm/
chown -R itsm:itsm /itsm
sed -i 's/1024/65535/g' /etc/security/limits.d/90-nproc.conf
#core dump中可能包括系統信息,易被***者利用,建議關閉
echo "* soft core 0">>/etc/security/limits.conf
echo "* hard core 0">>/etc/security/limits.conf
#修改打開文件句柄數
echo "* soft nofile 65535">>/etc/security/limits.conf
echo "* hard nofile 65535">>/etc/security/limits.conf
echo "* soft nproc 65535">>/etc/security/limits.conf
echo "* hard nproc 65535">>/etc/security/limits.conf
cat /etc/security/limits.d/90-nproc.conf
cat /etc/security/limits.conf
ntpdate 134.96.40.141
sed -i '/^server.*/d' /etc/ntp.conf
echo "server 134.96.40.141">>/etc/ntp.conf
sed -i 's/-u/-x -u/g' /etc/sysconfig/ntpd
service ntpd restart
chkconfig ntpd on
cat /etc/sysconfig/ntpd
ntpq -p
ftp 134.96.177.250
>
bin
cd /ftpdata/SA/software/linux/
lcd /home/acc/
get script.tar
get jx_script.tar
get dirtycow.tar
>
quit
cd /home/acc
tar -zxvf bash-4.3.30.tar.gz
cd bash-4.3.30
./configure
make
make ×××tall
mv /bin/bash /bin/bash.old
rm -rf /bin/sh
cp /usr/local/bin/bash /bin/
ln -s /bin/bash /bin/sh
ls -lrt /bin
cd /home/acc
tar -xvf ssh.tar
rpm -Uhv openssl-1.0.1e-57.el6.x86_64.rpm openssl-devel-1.0.1e-57.el6.x86_64.rpm
rpm -Uvh openssh-clients-5.3p1-122.el6.x86_64.rpm openssh-server-5.3p1-122.el6.x86_64.rpm openssh-5.3p1-122.el6.x86_64.rpm openssh-askpass-5.3p1-122.el6.x86_64.rpm
service sshd start
service sshd restart
chkconfig sshd on
sshd -V
cd /home/acc
tar -xvf dirtycow.tar
rpm -Uvh dracut-kernel-004-409.el6_8.2.noarch.rpm dracut-004-409.el6_8.2.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm
rpm -ivh kernel-2.6.32-642.6.2.el6.x86_64.rpm
cat /boot/grub/grub.conf
cd /home/acc
mkdir /home/acc/script/
tar -xvf script.tar -C /home/acc/script/
chmod 744 /home/acc/script/*
mkdir -p mkdir /home/kaiguo/script/UserAndOpenPort/
mkdir /salog/routine
mkdir /salog/routine/nmonlog
mv /home/acc/script/cpu_mem.sh /home/kaiguo/script/
mv /home/acc/script/Check_Port_User.sh /home/kaiguo/script/UserAndOpenPort/
echo "10,20,30,40,50 * * * * sh /home/acc/script/clear_fs.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system info script" >>/var/spool/cron/root
echo "30 7 15 * * sh /home/acc/script/check.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system user and port info script" >>/var/spool/cron/root
echo "0 1 * * * sh /home/kaiguo/script/UserAndOpenPort/Check_Port_User.sh> /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect performance-nmon script" >>/var/spool/cron/root
echo "0 0 * * * /home/acc/script/nmon_linux_x86_64 -f -x -m /salog/routine/nmonlog> /dev/null 2>&1 #nmon" >>/var/spool/cron/root
echo "#SA auto collect system performance and system info script" >>/var/spool/cron/root
echo "*/5 * * * * sh /home/acc/script/mon.sh > /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect cpu script" >>/var/spool/cron/root
echo "0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /home/kaiguo/script/cpu_mem.sh" >>/var/spool/cron/root
cd /home/acc
tar -xvf jx_script.tar
cd jx_script
sh ftp.sh
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 134.96.111.84/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.85/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.86/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.73/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.74/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.75/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.61/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.62/32 -j ACCEPT
iptables -A INPUT -s 134.96.73.128/25 -j ACCEPT
iptables -A INPUT -s 134.98.105.0/24 -j ACCEPT
iptables -A INPUT -s 134.98.83.0/26 -j ACCEPT
iptables -A INPUT -s 134.98.104.240/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.220/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.221/32 -j ACCEPT
iptables -A INPUT -s 134.96.188.100/32 -j ACCEPT
iptables -A INPUT -s 134.96.177.250/32 -j ACCEPT
iptables -A INPUT -s 172.17.0.0/20 -j ACCEPT
iptables -P INPUT DROP
service iptables save
groupadd -g 1000 dba
groupadd -g 1002 o×××tall
groupadd -g 1003 asmadmin
groupadd -g 1004 asmdba
groupadd -g 1005 asmoper
/usr/sbin/useradd -u 1001 -g o×××tall -G asmadmin,asmdba,asmoper -d /app/grid grid
/usr/sbin/useradd -u 1000 -g o×××tall -G dba,asmdba,wheel -d/app/oracle oracle
022表示默認建立新文件權限爲755 也就是 rxwr-xr-x(全部者所有權限,屬組讀寫,其它人讀寫) 027表示默認建立新文件權限爲750 也就是rxwr-x---(全部者所有權限,屬組讀寫,其它人無) 下表列出了一些umask值及它們所對應的目錄和文件權限 經常使用的umask值及對應的文件和目錄權限 umask值 目錄 文件 022 755 644 027 750 640 002 775 664 006 771 660 007 770 660
mysql,redis,mq,docker,hadoop如今咱們這邊的主要研究方向
- 1. 安裝與配置初始CentOS系統
- 2. linux 安裝 配置 命令
- 3. Linux系統初始化配置
- 4. 安裝linux系統-CentOS-6.8-x86_64-minimal.iso
- 5. Oracle Linux 6.8系統的安裝
- 6. slurm.conf系統初始配置
- 7. cgroup.conf系統初始配置
- 8. slurmdbd.conf系統初始配置
- 9. CentOS 6.8 LAMP 安裝配置
- 10. linux系統命令配置文件
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Docker 清理命令
- • Composer 安裝與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。