1.设置主机名2.添加用户3.防火墙设置4.网络设置5.配置服务6.升级系统7.添加外部软件源8.配置vim9.配置sudo10.设置时区11.设置键盘布局12.设置系统语言13.设置密码node
1.设置主机名python
1)更改主机名linux
#显示当前主机名ios [root@localhost ~]# hostnamegit |
| localhost.localdomain |
#改变主机名算法 [root@localhost ~]# hostname zbyshell [root@localhost ~]# hostnamevim |
| zby #只是改变 |
2)永久改变主机名centos
[root@localhost ~]# hostnamectl set-hostname zby安全 #显示状态 [root@localhost ~]# hostnamectl |
Static hostname: zby Icon name: computer-vm Chassis: vm Machine ID: 1f96150fe7c04420b9e71c154be8c01b Boot ID: 35495cc567584fd19646472d8e853fcc Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-327.el7.x86_64 Architecture: x86-64 |
#显示计算机名 [root@localhost ~]# su - root |
| Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0 |
| [root@zby ~]# |
2.添加用户
1)添加一个用户“zhang”做为下面的示例。
[root@zby ~]# useradd zhang [root@zby ~]# passwd zhang |
New password: #设置密码 BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: #确认 passwd: all authentication tokens updated successfully. |
| [root@zby ~]# exit #注销当前用户 |
2)尝试切换新添加用户
| zby login: zhang #输入用户名password: #输入密码 |
#查看当前用户 [zhang@zby ~]$ whoami |
| zhang |
| [zhang@zby ~]$ su - root #切换到root用户 |
| Password: #输入root用户密码 |
| [root@zby ~]# #已切换到root用户 |
3)使用户只可以做为管理用户切换到root用户。
[root@zby ~]# usermod -G wheel zhang [root@zby ~]# vi /etc/pam.d/su |
#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so |
4)转发到根用户的电子邮件到另外一个用户,设置以下。
| [root@zby ~]# vi /etc/aliases |
# Person who should get root's mail #最后一行:取消和更改用户 root: zhang |
| [root@zby ~]# newaliases #加载 |
3.防火墙设置
1)能够显示防火墙的服务状态,以下所示。(默认启用)
| [root@zby ~]# systemctl status firewalld |
● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s ago Main PID: 13164 (firewalld) CGroup: /system.slice/firewalld.service └─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon... Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon. |
2)若是您使用防火墙服务,它须要修改它的设置,由于默认状况下不容许对服务的传入请求。在这里是指基本的操做和设置配置firewalld服务。
3)若是你由于一些缘由不须要防火墙服务,须要中止并禁用它以下。
#中止服务 [root@zby ~]# systemctl stop firewalld |
#关闭服务 [root@zby ~]# systemctl disable firewalld |
4)显示SELinux的状态(安全加强的Linux)以下。(默认启用)
| [root@zby ~]# getenforce |
| Enforcing #selinux是开启的 |
#关闭selinux [root@zby ~]# vi /etc/selinux/config |
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted |
#从新启动应用新设置 [root@zby ~]# reboot |
4.网络设置
1)设置静态IP,替换接口名称为"eth0"
#设置主机名 [root@zby ~]# hostnamectl set-hostname zby #显示网络设备 [root@zby ~]# nmcli d |
| DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0 lo loopback unmanaged -- |
#设置IPV4地址 [root@zby ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24 #设置默认网关 [root@zby ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1 #设置域名解析 [root@zby ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66 #为静态设置设置手动(DHCP为“自动”) [root@zby ~]# nmcli c modify eth0 ipv4.method manual #从新启动界面并从新加载设置 [root@zby ~]# nmcli c down eth0; nmcli c up eth0 |
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) |
#显示网卡配置信息 [root@zby ~]# nmcli d show eth0 |
GENERAL.DEVICE: eth0 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:50:56:8F:56:A5 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: eth0 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 172.31.253.63/24 IP4.GATEWAY: 172.31.253.1 IP4.DNS[1]: 211.138.24.66 IP4.DNS[2]: 211.138.30.66 IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64 IP6.GATEWAY: |
#显示网卡状态 [root@zby ~]# ip addr show |
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.253.63/24 brd 172.31.253.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe8f:56a5/64 scope link valid_lft forever preferred_lft forever |
2)关闭IPV6
| [root@zby ~]# vi /etc/default/grub |
#在第6行,添加 GRUB_CMDLINE_LINUX="crashkernel=auto ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
#使更改生效 [root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [root@zby ~]# reboot |
3)上面的接口名称的例子是“eth0”,可是若是您的系统安装在物理机器上,默认状况下该名称不是“ethX”。 而后若是你想使用网络接口名称“ethX”,配置以下。
| [root@zby ~]# vi /etc/default/grub |
#在第6行添加 GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
| [root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
| Generating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [root@zby ~]# reboot |
5.配置服务
1)查看服务状态
#显示正在运行的服务列表 [root@zby ~]# systemctl -t service |
| UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Busgetty@tty1.service loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etclvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to run wpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'. |
#显示全部服务 [root@zby ~]# systemctl list-unit-files -t service |
| UNIT FILE STATE auditd.service enabled autovt@.service disabledblk-availability.service disabledbrandbot.service static console-getty.service disabledconsole-shell.service disabledcontainer-getty@.service static cpupower.service disabledcrond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static 。。。。。。systemd-vconsole-setup.service static tcsd.service disabledteamd@.service static tuned.service enabled wpa_supplicant.service disabled139 unit files listed. |
2)中止并关闭服务的自动启动设置。
[root@zby ~]# systemctl stop postfix [root@zby ~]# systemctl disable postfix |
| Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service. |
3)经过chkconfig控制一些服务是否自动启动。
| [root@zby ~]# chkconfig --list |
Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'. netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
#例如,关闭netconsole的自动启动设置 [root@zby ~]# chkconfig netconsole off |
6.升级系统
1)安装CentOS后,若有可能,请先更新系统。
| [root@zby ~]# yum -y update |
| 。。。。。yum.noarch 0:3.4.3-154.el7.centos.1 yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 zlib.x86_64 0:1.2.7-17.el7 Replaced: NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centos grub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7 rdma.noarch 0:7.2_4.1_rc6-1.el7 Complete! |
7.添加外部软件源
添加一些有用的外部存储库来安装有用的软件。
1)安装一个插件为每一个已安装的存储库添加优先级。
| [root@zby ~]# yum -y install yum-plugin-priorities |
| Downloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Installed: yum-plugin-priorities.noarch 0:1.1.31-42.el7 Complete! |
#将[priority = 1]设置为官方存储库 [root@zby ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo |
2)添加从Fedora项目提供的EPEL存储库。
| [root@zby ~]# yum -y install epel-release |
| Running transaction Installing : epel-release-7-9.noarch 1/1 Verifying : epel-release-7-9.noarch 1/1 Installed: epel-release.noarch 0:7-9 Complete! |
# 设置[priority=5] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo #换另外一种方式,更改成[enabled = 0]并仅在须要时使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo #若是[enabled = 0],输入命令以使用存储库 [root@zby ~]# yum --enablerepo=epel install [Package] |
3)添加CentOS SCLo软件集合存储库。
[root@zby ~]# yum -y install centos-release-scl-rh centos-release-scl #设置[priority=10] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #换另外一种方式,更改成[enabled = 0]并仅在须要时使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #若是[enabled = 0],输入命令以使用存储库 [root@zby ~]# yum --enablerepo=centos-sclo-rh install [Package] [root@zby ~]# yum --enablerepo=centos-sclo-sclo install [Package] |
4)添加Remi的RPM存储库,它提供了许多有用的软件包。
[root@zby ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm # 设置 [priority=10] [root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo #换另外一种方式,更改成[enabled = 0]并仅在须要时使用它 [root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo #if [enabled = 0],输入命令以使用存储库 [root@zby ~]# yum --enablerepo=remi-safe install [Package] |
8.配置vim安装和配置比vi更方便的vim。1)安装vim
| [root@zby ~]# yum -y install vim-enhanced |
Installed: vim-enhanced.x86_64 2:7.4.160-2.el7 Dependency Installed: gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7 vim-filesystem.x86_64 2:7.4.160-2.el7 Complete! |
2)设置命令别名。 (适用于下面的全部用户,若是你申请了一个用户,在'〜/ .bashrc'中写入相同的设置)
| [root@zby ~]# vi /etc/profile |
#在最后一行添加 alias vi='vim' |
| [root@zby ~]# source /etc/profile #从新加载环境变量 |
3)配置vim。 (适用于下面的用户,若是适用于全部用户,在'/ etc / vimrc'中写入相同的设置,但默认状况下会应用一些设置。)
| [root@zby ~]# vi ~/.vimrc |
#使用vim的扩展功能(不兼容vi) set nocompatible #指定编码 set encoding=utf-8 #指定文件编码 set fileencodings=ucs-bom,utf-8,cp936 #指定文件格式 set fileformats=unix,dos #采起备份,若是没有,请指定[set nobackup] set backup #指定备份目录 set backupdir=~/backup #采起50个搜索历史 set history=50 #忽略Case set ignorecase #不一样的资本,若是你混合搜索词 set smartcase #突出显示匹配的词,若是不是,请指定[set nohlsearch] set hlsearch #使用增量搜索,若是没有,请指定[set noincsearch] set incsearch #显示行号,若是不是,请指定[set nonumber] set number #可视化中断($)或标签(^ I) set list #突出显示括号 set showmatch #显示彩色显示,若是没有,请指定[语法关闭] syntax on #若是已设置,则更改注释的颜色[语法] highlight comment ctermfg=LightCyan #包装线,若是没有,请指定[set nowrap] set wrap |
9.配置sudo
配置sudo以分离用户的责任,若是一些人共享特权。没必要手动安装sudo,由于即便“最小安装”,它也是默认安装的。
1)将root权限转移给用户all。
| [root@zby ~]# visudo |
| #在最后一行添加:用户'cent'可使用全部root权限zhang ALL=(ALL) ALL#如何写⇒目的地主机=(全部者)命令 |
#确保用户‘zhang’ [root@zby ~]# su - zhang [zhang@zby ~]$ /usr/bin/cat /etc/shadow |
| sr/bin/cat: /etc/shadow: Permission denied |
| [zhang@zby ~]$ sudo /usr/bin/cat /etc/shadow |
。。。。。。 tss:!!:17586:::::: postfix:!!:17586:::::: sshd:!!:17586:::::: zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7::: |
10.设置时区在下面的示例中替换为您本身的时区。
| #显示时区[root@zby ~]# timedatectl list-timezones |
。。。。。。 Asia/Qyzylorda Asia/Riyadh Asia/Sakhalin Asia/Samarkand Asia/Seoul Asia/Shanghai Asia/Singapore Asia/Srednekolymsk Asia/Taipei Asia/Tashkent Asia/Tbilisi |
#设置时区 [root@zby ~]# timedatectl set-timezone Asia/Shanghai #显示状态 [root@zby ~]# timedatectl |
Local time: Mon 2018-03-19 22:18:49 CST Universal time: Mon 2018-03-19 14:18:49 UTC RTC time: Mon 2018-03-19 14:18:48 Time zone: Asia/Shanghai (CST, +0800) NTP enabled: n/aNTP synchronized: no RTC in local TZ: no DST active: n/a |
11.设置键盘布局
#显示当前键盘布局状态 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#显示键盘映射列表 [root@zby ~]# localectl list-keymaps |
。。。。。。 ukunicode us us-acentos us-alt-intl us-altgr-intl us-colemak us-dvorak us-dvorak-alt-intl us-dvorak-classic us-dvorak-intl us-dvorak-l us-dvorak-r us-dvp |
#设置键盘布局 [root@zby ~]# localectl set-keymap us #显示键盘布局状态 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
12.设置系统语言
在下面的示例中替换为您本身的语言。
#显示当前状态 [root@zby ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#显示语言环境列表 [root@zby ~]# localectl list-locales |
。。。。。。 en_US en_US.iso88591 en_US.iso885915 en_US.utf8 |
#设置区域语言 [root@zby ~]# localectl set-locale.utf8 #显示语言状态 [root@zby ~]# localectl |
System Locale:.utf8 VC Keymap: us X11 Layout: us |
13.设置密码
出于安全缘由设置密码规则。
1)设置密码过时的天数。用户必须在几天内更改密码。此设置仅在建立用户时才会产生影响,而不会影响到现有用户。若是设置为现有用户,请运行命令“chage -M(days)(user)”。
| [root@zby ~]# vi /etc/login.defs |
#第25行:为密码过时设置60 PASS_MAX_DAYS 60 |
2)设置可用密码的最短天数。至少在改变它以后,用户必须至少使用他们的密码。此设置仅在建立用户时才会产生影响,而不会影响到现有用户。若是设置为现有用户,请运行命令“chage -m(days)(user)”
| [root@zby ~]# vi /etc/login.defs |
#第26行:设置2为可用天数 PASS_MIN_DAYS 2 |
3)在到期前设置警告的天数。此设置仅在建立用户时才会产生影响,而不会影响到现有用户。若是设置为现有用户,请运行命令“chage -W(days)(user)”。
| [root@zby ~]# vi /etc/login.defs |
#第28行:为警告天数设置7 PASS_WARN_AGE 7 |
4)使用过去使用的密码进行限制。在这一代中,用户不能设置相同的密码。
| [root@zby ~]# vi /etc/pam.d/system-auth |
#第15行附近:禁止在过去的5代中使用相同的密码 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5 |
5)设置最小密码长度。用户不能将其密码长度设置为小于此参数。
#为最小密码长度设置8 [root@zby ~]# authconfig --passminlen=8 --update |
#该参数在下面的配置中设置 [root@zby ~]# grep "^minlen" /etc/security/pwquality.conf |
| minlen = 8 |
6)为新密码设置所需的最少字符类数。 (种类⇒UpperCase / LowerCase / Digits / Others)
#设置2以获取所需字符类别的最小数量 [root@zby ~]# authconfig --passminclass=2 --update |
#该参数在下面的配置中设置 [root@zby ~]# grep "^minclass" /etc/security/pwquality.conf |
| minclass = 2 |
7)在新密码中设置容许的连续相同字符的最大数量。
#为容许的连续相同字符的最大数量设置2 [root@zby ~]# authconfig --passmaxrepeat=2 --update |
#该参数在下面的配置中设置 [root@zby ~]# grep "^maxrepeat" /etc/security/pwquality.conf |
| maxrepeat = 2 |
8)在新密码中设置同一类的最大容许连续字符数。
#设置4为同一类的最大容许连续字符数 [root@zby ~]# authconfig --passmaxcla***epeat=4 --update |
#该参数在下面的配置中设置 [root@zby ~]# grep "^maxcla***epeat" /etc/security/pwquality.conf |
| maxcla***epeat = 4 |
9)新密码中至少须要一个小写字符。
| [root@zby ~]# authconfig --enablereqlower --update |
#该参数在下面的配置中设置#(若是你想编辑值,用vi和其余编辑) [root@zby ~]# grep "^lcredit" /etc/security/pwquality.conf |
| lcredit = -1 |
10)新密码中至少须要一个大写字符。
| [root@zby ~]# authconfig --enablerequpper --update |
#该参数在下面的配置中设置#(若是你想编辑值,用vi和其余编辑) [root@zby ~]# grep "^ucredit" /etc/security/pwquality.conf |
| ucredit = -1 |
11)新密码中至少须要一位数字。
| [root@zby ~]# authconfig --enablereqdigit --update |
#该参数在下面的配置中设置#(若是你想编辑值,用vi和其余编辑) [root@zby ~]# grep "^dcredit" /etc/security/pwquality.conf |
| dcredit = -1 |
12)新密码中至少须要一个其余字符。
| [root@zby ~]# authconfig --enablereqother --update |
#该参数在下面的配置中设置#(若是你想编辑值,用vi和其余编辑) [root@zby ~]# grep "^ocredit" /etc/security/pwquality.conf |
| ocredit = -1 |
13)在新密码中设置单调字符序列的最大长度。 (ex⇒'12345','fedcb')
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 maxsequence = 3 |
14)设置旧密码中不能出现的新密码中的字符数。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 difok = 5 |
15)检查新密码中是否包含用户passwd项的GECOS字段中长度超过3个字符的单词。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 gecoscheck = 1 |
16)设置不能包含在密码中的Ssace分隔列表。
| [root@zby ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 badwords = denywords1 denywords2 denywords3 |
17)为新密码设置散列/密码算法。 (默认是sha512)
#显示当前算法 [root@zby ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |
#将算法更改成sha512 [root@zby ~]# authconfig --passalgo=sha512 --update [root@zby ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |