rhle,centos,ubuntu相關工做筆記

rhel配置 本地yum

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 yum命令是如今最經常使用的軟件管理，但該命令默認從網站上查找新的軟件包進行更新。我很想從本地的光盤或ISO文件更新軟件.下面介紹一個最簡單的方法

 

 

一、把光盤或ISO文件mount到指定目錄，這裏咱們讓它實現自動掛載

mkdir /media/dvd

vi /etc/fstab

#最後一行添加

/dev/cdrom /media/dvd iso9660 default 0 0

mount -a

 

 

二、修改yum.conf文件

用文本編輯器建立/etc/yum.repos.d/rhel5-dvd.repo文件

vi /etc/yum.repos.d/rhel5-dvd.repo

[rhel5-dvd]

name=rhel5-dvd

baseurl=file:///media/dvd/Server/

gpgcheck=0

 

保存退出

 

 

三、測試

在命令行輸入

#yum check-update

#yum install ****.rpm

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Ubuntu下相關配置

http://knowledge-republic.com/CRM/2011/05/ubuntu-account-password-policy/

https://wiki.archlinux.org/index.php/Sudo_%28%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87%29

 

添加環境變量，指定visudo編輯器爲vim

export EDITOR="/usr/bin/vim -p -X"

 

Summaries

 

(/etc/login.defs)

PASS_MAX_DAYS   90

 

PAM相關函數庫路徑

ls /lib/security/pam*

 

 

 

 

密碼複雜度要求，記住5個歷史密碼

(/etc/pam.d/common-password)

apt-get install libpam-cracklib

root@ubuntu:/etc/pam.d# grep -v ^# common-password | grep -v ^$

password    requisite           pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1

password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512 remember=5

password requisite pam_deny.so

password required pam_permit.so

root@ubuntu:/etc/pam.d# 

 

 

 

密碼5次錯誤鎖定30分鐘

(/etc/pam.d/common-auth)

root@ubuntu:/etc/pam.d# grep -v ^# common-auth | grep -v ^$

auth    required            pam_tally.so onerr=fail deny=5 unlock_time=1800

auth [success=1 default=ignore] pam_unix.so nullok_secure

auth requisite pam_deny.so

auth required pam_permit.so

root@ubuntu:/etc/pam.d# 

 

 

 

 

http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

 

 

 

sudo相關

admin組能夠 sudo執行任何命令

 

禁止普通用戶su切換用戶

(/etc/pam.d/su)

root@ubuntu:/etc/pam.d# grep -v ^# su | grep -v ^$

auth       sufficient pam_rootok.so

auth       required   pam_wheel.so

auth       sufficient pam_wheel.so trust

session       required   pam_env.so readenv=1

session       required   pam_env.so readenv=1 envfile=/etc/default/locale

session    optional   pam_mail.so nopen

@include common-auth

@include common-account

@include common-session

 

sudo用戶權限相關配置

useradd admin -g admin -m -s /bin/bash

 

useradd user1 -G admin -m -s /bin/bash

 

usermod -G lgl,admin lgl

 

#使用加密密碼更改admin用戶密碼,此處密碼爲123456

usermod -p '$1$SpLt3glw$8rv9NuZzQx/TmXkJ6oK2V.' admin

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ubuntu 10.04 

#!/bin/bash

 

lsb_release -a | grep lucid

if [ $? -ne 0 ]; then

echo "Your current system version not Ubuntu 10.04!"

exit

else

curl mirrors.sh.ctriptravel.com

if [ $? -ne 0 ]; then

echo "Your current host to mirrors.sh.ctriptravel.com unreachable!"

exit

fi

mkdir /var/backup

for I in /etc/sysctl.conf /etc/security/limits.conf /etc/bash.bashrc /etc/login.defs /etc/pam.d/common-password /etc/pam.d/common-auth /etc/pam.d/su /etc/sudoers /etc/ssh/sshd_config /etc/init/control-alt-delete.conf /etc/ntp.conf /etc/profile /etc/default/grub /etc/default/rcS; do

cp $I /var/backup;

done

 

#指定update服務器

cat > /etc/apt/sources.list << "EOF"

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-security main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-updates main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-proposed main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-backports main restricted universe multiverse

EOF

apt-get clean all

apt-get update

 

 

#開啓limits限制

cat >> /etc/security/limits.conf << "EOF"

* - nofile 65536

* - nproc 65536

* - sigpending 65536

EOF

 

#禁用ipv6

sed -i 's/quiet/quiet ipv6.disable=1/' /etc/default/grub

update-grub

 

#設置用戶密碼有效期

sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs

 

#強制密碼複雜***

apt-get -y install libpam-cracklib

sed -i 's/pam_cracklib.so retry=3 minlen=8 difok=3/pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/' /etc/pam.d/common-password

 

#設置屢次錯誤密碼賬號鎖定時間

sed -i '/Primary/a\auth    required            pam_tally.so onerr=fail deny=5 unlock_time=1800' /etc/pam.d/common-auth

 

#禁止普通用戶su切換用戶身份

sed -i 's/# auth       required   pam_wheel.so/auth       required   pam_wheel.so/' /etc/pam.d/su

sed -i 's/# auth       sufficient pam_wheel.so trust/auth       sufficient pam_wheel.so trust/' /etc/pam.d/su

 

#記錄用戶歷史命令

cat >> /etc/bash.bashrc << "EOF"

HISTORY_DIR=/tmp/.`date +%Y-%m-%d`

export PROMPT_COMMAND_FILE=${HISTORY_DIR}/`whoami`_`hostname`_history

export PROMPT_COMMAND='{ z=$(history 1 | { read x y; echo $y; }); echo -e "`who am i`: `pwd` :: $z"; } >> $PROMPT_COMMAND_FILE'

EOF

 

#添加root任務計劃建立history目錄

echo "01 * * * * root /bin/bash /bin/history.sh" > /etc/cron.d/history

 

cat > /bin/history.sh << "EOF"

#!/bin/bash

DIR=/tmp/.`date +%Y-%m-%d`

mkdir -p $DIR

chmod 777 $DIR

EOF

chmod 755 /bin/history.sh

 

#預建立/tmp下目錄

mkdir -p /tmp/.`date +%Y-%m-%d`

chmod 777 /tmp/.`date +%Y-%m-%d`

 

#/tmp目錄下內容保留最近10天

sed -i 's/TMPTIME=0/TMPTIME=10/' /etc/default/rcS

 

#設置用戶終端超時間

sed -i '$a\TMOUT=600' /etc/profile

 

#ssh服務安全

sed -i 's/Port 22/Port 1022/' /etc/ssh/sshd_config

sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.96.36' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.96.37' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.93.41' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.30.251.85' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.30.251.86' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.28.93.31' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.28.126.6' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@10.168.21.3' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@10.168.149.10' /etc/ssh/sshd_config

sed -i '$a\AllowUsers *@192.168.93.78' /etc/ssh/sshd_config

 

#禁用ctrl+alt+delete重啓系統

sed -i 's$^exec shutdown$#exec shutdown$' /etc/init/control-alt-delete.conf

 

#配置ntp服務指向公司內部時間服務器

apt-get -y install ntp

sed -i 's/^server ntp.ubuntu.com/#server ntp.ubuntu.com/' /etc/ntp.conf

sed -i '/#server ntp.ubuntu.com/a\server time.sh.ctriptravel.com' /etc/ntp.conf

 

#添加admin用戶

useradd admin -g admin -m -s /bin/bash

echo admin:GpV^fJ5#}xhdsad3fw4x | chpasswd

mkdir /home/admin/.ssh

cat > /home/admin/.ssh/authorized_keys << "EOF"

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzxp1XrHOXuE6jne/MrsdzRN/50UtDZHOinnpYkZzKS2u3bfhrBqVBPrDzfjJwdHQJsfnqjJsrrbIowyTJGR0Xn/G2z4zB2ng72jdju7DamM2UrBzHl6V/VJXfhwrfcIm76m1MWRY++9TZfRD6mOdL+sWhLEOkLYc5JAL66yduzY3PVFpxqtYQptC+FUHFwB4Jkt7g+st/1cSWD9GhwFDQ8PgoYoG2UGRm+8ORNf3xF9B71tBvOivTlqXWqIOrpMv4dRrZlddmNTYWCbQ/EjBHSB2ZzQCq7upbK/Q13mC9iQmNvKo7rVVYGHhRkXP/NFvNw0eCTEhGpzCWJGIzPpizQ== admin@vms00232

EOF

chmod 700 /home/admin/.ssh

chmod 600 /home/admin/.ssh/authorized_keys

chown -R admin.admin /home/admin/.ssh

 

#配置sudo相關權限

sed -i 's/%admin ALL=(ALL) ALL/%admin ALL=(ALL) NOPASSWD:ALL/' /etc/sudoers

fi

 

 

回退

192.168.49.33

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

軟件包管理

 

 

aptitude命令使用

命令 做用

aptitude update 更新可用的包列表

aptitude upgrade 升級可用的包

aptitude dist-upgrade 將系統升級到新的發行版

aptitude install pkgname 安裝包

aptitude remove pkgname 刪除包

aptitude purge pkgname 刪除包及其配置文件

aptitude search string 搜索包

aptitude show pkgname 顯示包的詳細信息

aptitude clean 刪除下載的包文件

aptitude autoclean 僅刪除過時的包文件

 

 

dpkg命令使用

命令 做用

dpkg -i package.deb 安裝包

dpkg -r package 刪除包

dpkg -P package 刪除包（包括配置文件）

dpkg -L package 列出與該包關聯的文件

dpkg -l package 顯示該包的版本

dpkg --unpack package.deb 解開 deb 包的內容

dpkg -S keyword 搜索所屬的包內容

dpkg -l 列出當前已安裝的包

dpkg -c package.deb 列出 deb 包的內容

dpkg --configure package 配置包

 

 

APT命令使用

命令 做用

apt-cache search package 搜索包

apt-cache show package 獲取包的相關信息，如說明、大小、版本等

apt-get install package 安裝包

apt-get install package --reinstall 從新安裝包

apt-get -f install 修復安裝"-f = &mdash;&mdash;fix-missing"

apt-get remove package 刪除包

apt-get remove package --purge 刪除包，包括刪除配置文件等

apt-get update 更新源

apt-get upgrade 更新已安裝的包

apt-get dist-upgrade 升級系統

apt-get dselect-upgrade 使用 dselect 升級

apt-cache depends package 瞭解使用依賴

apt-cache rdepends package 是查看該包被哪些包依賴

apt-get build-dep package 安裝相關的編譯環境

apt-get source package 下載該包的源代碼

apt-get clean 

apt-get autoclean 清理無用的包

apt-get check 檢查是否有損壞的依賴

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Debian的crontab默認的編輯器是nano 設置默認VI 命令

 

Debian的crontab默認的編輯器是nano，用起來很不習慣,怎麼才能轉回VI呢?
用以下命令便可：
#update-alternatives --config editor

出現以下所示的界面：

There are 3 alternatives which provide `editor'.

Selection    Alternative
-----------------------------------------------
          1    /bin/ed
+        2    /bin/nano
*         3    /usr/bin/vim.tiny

Press enter to keep the default[*], or type selection number:

而後選擇3使用/usr/bin/vim就能夠了。

PS：若是你發現你的定時沒有生效，能夠/etc/init.d/cron restart命令強制生效一下。 

#########################################

rsync結合了delete功能

rsync -vzrtopg --delete --progress /data/mfs/ '-e ssh -p58422' application@10.32.60.32:/data/mfs/