linux系统安装初始配置命令6.8
经过关闭 UseDNS和GSSAPIAuthentication选项加速 SSH登陆
一般状况下咱们在链接 OpenSSH服务器的时候假如 UseDNS选项是打开的话,服务器会先根据客户端的 IP地址进行 DNS PTR反向查询出客户端的主机名,而后根据查询出的客户端主机名进行DNS正向A记录查询,并验证是否与原始 IP地址一致,经过此种措施来防止客户端欺骗。平时咱们都是动态 IP不会有PTR记录,因此打开此选项也没有太多做用。咱们能够经过关闭此功能来提升链接 OpenSSH 服务器的速度。html
服务端步骤以下:
编辑配置文件 /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
找到 UseDNS选项,若是没有注释,将其注释
#UseDNS yes
添加
UseDNS nonode
找到 GSSAPIAuthentication选项,若是没有注释,将其注释
#GSSAPIAuthentication yes
添加
GSSAPIAuthentication nomysql
保存配置文件linux
重启 OpenSSH服务器
/etc/init.d/sshd restartredis
rpm -e dnsmasq --nodepssql
如下是禁掉该rpcbind服务的命令:docker
# 中止进程 $ systemctl stop rpcbind.socket $ systemctl stop rpcbind # 禁止随开机启动 $ systemctl disable rpcbind.socket $ systemctl disable rpcbind
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config vim
cat /etc/selinux/config安全
******************配置本地YUM源**************************bash
安装扩展yum源,yum ×××tall -y epel-release (才能够yum ×××tall -y redis)
挂载yum
rm -rf Centos-*//(CentOS执行)
vi /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
enabled=1
***********************************************
chkconfig postfix off 对应netstat -lntup下的master服务
chkconfig --del postfix
chkconfig --del nfs-rdma
rm -rf /etc/yum.repos.d/*
echo "[rhel6.8]">>/etc/yum.repos.d/ftp.repo
echo "name=rhel6.8">>/etc/yum.repos.d/ftp.repo
echo "baseurl=ftp://134.96.177.250/rhel6.8">>/etc/yum.repos.d/ftp.repo
echo "gpgcheck=0">>/etc/yum.repos.d/ftp.repo
mount /dev/sr0 /mnt (光盘挂载)
yum ×××tall -y lrzsz
yum ×××tall -y yum-utils
yum ×××tall -y iotop
yum ×××tall -y htop
yum ×××tall -y sysstat
yum ×××tall -y ftp
yum ×××tall -y telnet
yum ×××tall -y traceroute
yum ×××tall -y ntp
yum ×××tall -y man
yum ×××tall -y openssl-devel
yum ×××tall -y lsof
yum ×××tall -y ksh
yum ×××tall -y tcsh
yum ×××tall -y ncompress
yum ×××tall -y gdb
yum ×××tall -y sos
yum ×××tall -y parted
yum ×××tall *gcc*
yum group×××tall "X Window System"
useradd -u 800 -d /itsm itsm
echo itsm123 |passwd --stdin itsm
cp /etc/skel/.* /itsm/
chown -R itsm:itsm /itsm
useradd -g 3 acc
chown -R acc:sys /home/acc
chage -M 99999 acc
passwd acc
vi /etc/passwd accd的uid改成0
groupadd -g 2000 sawh
useradd -G wheel -g 2000 -u 2000 sawh
chage -M 99999 sawh
passwd sawh
echo "Tasa!123_asaT"|passwd --stdin sawh
passwd root(修改 root密码)
root
经常使用密码To0那个
sed -i 's/1024/65535/g' /etc/security/limits.d/90-nproc.conf
echo "* soft nofile 65535">>/etc/security/limits.conf
echo "* hard nofile 65535">>/etc/security/limits.conf
echo "* soft nproc 65535">>/etc/security/limits.conf
echo "* hard nproc 65535">>/etc/security/limits.conf
echo "* soft core 65535">>/etc/security/limits.conf
echo "* hard core 65535">>/etc/security/limits.conf
crontab -l
*/30 * * * * /usr/sbin/ntpdate 80.12.64.89 &> /var/log/ntplog >> /dev/null 2>&1
cat /etc/security/limits.d/90-nproc.conf
cat /etc/security/limits.conf
ntpdate 134.96.40.141
sed -i '/^server.*/d' /etc/ntp.conf
echo "server 134.96.40.141">>/etc/ntp.conf
sed -i 's/-u/-x -u/g' /etc/sysconfig/ntpd
service ntpd restart
chkconfig ntpd on
cat /etc/sysconfig/ntpd
ntpq -p
ftp 134.96.177.250
>
bin
cd /ftpdata/SA/software/linux/
lcd /home/acc/
get script.tar
get jx_script6.8.tar
>
#############安全补丁更新################
rm -rf /etc/yum.repos.d/*
echo "[rhel6rpms]">>/etc/yum.repos.d/rhel6rpms.repo
echo "name=rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "baseurl=ftp://134.96.177.250/rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "gpgcheck=0">>/etc/yum.repos.d/rhel6rpms.repo
echo "enabled=1">>/etc/yum.repos.d/rhel6rpms.repo
################################时间服务器#############################
crontab -l
0-59/30 * * * * /usr/sbin/ntpdate 80.16.16.3 &> /var/log/ntplog >> /dev/null 2>&1
yum update -y bash
yum update -y openssl
yum update -y openssh
yum update -y sudo
yum update -y ntp
yum update -y kernel
yum update -y glibc
yum update -y freetype
cd /home/acc
mkdir /home/acc/script/
tar -xvf script.tar -C /home/acc/script/
chmod 740 /home/acc/script/*
mkdir -p mkdir /home/kaiguo/script/UserAndOpenPort/
mkdir /salog/routine
mkdir /salog/routine/nmonlog
mv /home/acc/script/cpu_mem.sh /home/kaiguo/script/
mv /home/acc/script/Check_Port_User.sh /home/kaiguo/script/UserAndOpenPort/
echo "10,20,30,40,50 * * * * sh /home/acc/script/clear_fs.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system info script" >>/var/spool/cron/root
echo "30 7 15 * * sh /home/acc/script/check.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system user and port info script" >>/var/spool/cron/root
echo "0 1 * * * sh /home/kaiguo/script/UserAndOpenPort/Check_Port_User.sh> /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect performance-nmon script" >>/var/spool/cron/root
echo "0 0 * * * /home/acc/script/nmon_linux_x86_64 -f -x -m /salog/routine/nmonlog> /dev/null 2>&1 #nmon" >>/var/spool/cron/root
echo "#SA auto collect system performance and system info script" >>/var/spool/cron/root
echo "*/5 * * * * sh /home/acc/script/mon.sh > /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect cpu script" >>/var/spool/cron/root
echo "#0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /home/kaiguo/script/cpu_mem.sh" >>/var/spool/cron/root
cd /home/acc
tar -xvf jx_script6.8.tar
cd jx_script6.8
sh ftp.sh
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
(有心跳IP记得添加)(iptables -A INPUT -s 172.17.0.0/20 -j ACCEPT)
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 134.96.111.84/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.85/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.86/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.73/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.74/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.75/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.61/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.62/32 -j ACCEPT
iptables -A INPUT -s 134.96.73.128/25 -j ACCEPT
iptables -A INPUT -s 134.98.105.0/24 -j ACCEPT
iptables -A INPUT -s 134.98.83.0/26 -j ACCEPT
iptables -A INPUT -s 134.98.104.240/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.220/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.221/32 -j ACCEPT
iptables -A INPUT -s 134.96.188.100/32 -j ACCEPT
iptables -A INPUT -s 134.96.177.250/32 -j ACCEPT
iptables -A INPUT -s 134.96.246.46/31 -j ACCEPT
iptables -A INPUT -s 134.96.246.48/31 -j ACCEPT
iptables -A INPUT -s 134.96.246.50/32 -j ACCEPT
iptables -A INPUT -s 134.96.64.0/26 -j ACCEPT
iptables -P INPUT DROP
service iptables save
groupadd -g 1000 dba
groupadd -g 1002 o×××tall
groupadd -g 1004 asmadmin
groupadd -g 1005 asmdba
groupadd -g 1006 asmoper
/usr/sbin/useradd -u 1001 -g o×××tall -G asmadmin,asmdba,asmoper -d /home/grid grid
/usr/sbin/useradd -u 1000 -g o×××tall -G dba,asmdba -d /home/oracle oracle
/usr/sbin/useradd -u 751 -g kafaka -G yxgroup -d /app/kafaka kafaka
/usr/sbin/useradd -u 752 -g storm -G yxgroup -d /app/storm storm
对app有读写权限
chomd 775 /app
chown root:o×××tall /app
*****************************配置网络--作BOND******************************
进入网络配置目录
cd /etc/sysconfig/network-scripts
作网卡绑定
vim ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=
NETMASK=
GATEWAY=
USERCTL=no
BONDING_OPTS="mode=1 miimon=50"
HOTPLUG=no
更改eth5(根据具体绑定网卡决定)
vim ifcfg-eth5
DEVICE=eth5
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
SLAVE=yes
USERCTL=no
MASTER=bond1
预加载
vi /etc/modprobe.d/bonding.conf
alias bond0 bonding
alias bond1 bonding
vi /etc/rc.d/rc.local
ifenslave bond0 eth2 eth4
ifenslave bond1 eth3 eth5
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cat /etc/selinux/config
chkconfig postfix off
chkconfig --del postfix
chkconfig --del nfs-rdma
rm -rf /etc/yum.repos.d/*
echo "[rhel6.5]">>/etc/yum.repos.d/ftp.repo
echo "name=rhel6.5">>/etc/yum.repos.d/ftp.repo
echo "baseurl=ftp://134.96.177.250/rhel6.5">>/etc/yum.repos.d/ftp.repo
echo "gpgcheck=0">>/etc/yum.repos.d/ftp.repo
echo "[rhel6rpms]">>/etc/yum.repos.d/rhel6rpms.repo
echo "name=rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "baseurl=ftp://134.96.177.250/rhel6rpms">>/etc/yum.repos.d/rhel6rpms.repo
echo "gpgcheck=0">>/etc/yum.repos.d/rhel6rpms.repo
echo "enabled=1">>/etc/yum.repos.d/rhel6rpms.repo
yum ×××tall -y lrzsz
yum ×××tall -y yum-utils
yum ×××tall -y iotop
yum ×××tall -y htop
yum ×××tall -y sysstat
yum ×××tall -y ftp
yum ×××tall -y telnet
yum ×××tall -y traceroute
yum ×××tall -y ntp
yum ×××tall -y man
yum ×××tall -y openssl-devel
yum ×××tall -y lsof
yum ×××tall -y ksh
yum ×××tall -y tcsh
yum ×××tall -y ncompress
yum ×××tall -y gdb
yum ×××tall -y sos
yum ×××tall *gcc*
yum group×××tall "X Window System"
useradd -u 800 -d /itsm itsm
echo itsm123 |passwd --stdin itsm
cp /etc/skel/.* /itsm/
chown -R itsm:itsm /itsm
sed -i 's/1024/65535/g' /etc/security/limits.d/90-nproc.conf
#core dump中可能包括系统信息,易被***者利用,建议关闭
echo "* soft core 0">>/etc/security/limits.conf
echo "* hard core 0">>/etc/security/limits.conf
#修改打开文件句柄数
echo "* soft nofile 65535">>/etc/security/limits.conf
echo "* hard nofile 65535">>/etc/security/limits.conf
echo "* soft nproc 65535">>/etc/security/limits.conf
echo "* hard nproc 65535">>/etc/security/limits.conf
cat /etc/security/limits.d/90-nproc.conf
cat /etc/security/limits.conf
ntpdate 134.96.40.141
sed -i '/^server.*/d' /etc/ntp.conf
echo "server 134.96.40.141">>/etc/ntp.conf
sed -i 's/-u/-x -u/g' /etc/sysconfig/ntpd
service ntpd restart
chkconfig ntpd on
cat /etc/sysconfig/ntpd
ntpq -p
ftp 134.96.177.250
>
bin
cd /ftpdata/SA/software/linux/
lcd /home/acc/
get script.tar
get jx_script.tar
get dirtycow.tar
>
quit
cd /home/acc
tar -zxvf bash-4.3.30.tar.gz
cd bash-4.3.30
./configure
make
make ×××tall
mv /bin/bash /bin/bash.old
rm -rf /bin/sh
cp /usr/local/bin/bash /bin/
ln -s /bin/bash /bin/sh
ls -lrt /bin
cd /home/acc
tar -xvf ssh.tar
rpm -Uhv openssl-1.0.1e-57.el6.x86_64.rpm openssl-devel-1.0.1e-57.el6.x86_64.rpm
rpm -Uvh openssh-clients-5.3p1-122.el6.x86_64.rpm openssh-server-5.3p1-122.el6.x86_64.rpm openssh-5.3p1-122.el6.x86_64.rpm openssh-askpass-5.3p1-122.el6.x86_64.rpm
service sshd start
service sshd restart
chkconfig sshd on
sshd -V
cd /home/acc
tar -xvf dirtycow.tar
rpm -Uvh dracut-kernel-004-409.el6_8.2.noarch.rpm dracut-004-409.el6_8.2.noarch.rpm kernel-firmware-2.6.32-642.6.2.el6.noarch.rpm
rpm -ivh kernel-2.6.32-642.6.2.el6.x86_64.rpm
cat /boot/grub/grub.conf
cd /home/acc
mkdir /home/acc/script/
tar -xvf script.tar -C /home/acc/script/
chmod 744 /home/acc/script/*
mkdir -p mkdir /home/kaiguo/script/UserAndOpenPort/
mkdir /salog/routine
mkdir /salog/routine/nmonlog
mv /home/acc/script/cpu_mem.sh /home/kaiguo/script/
mv /home/acc/script/Check_Port_User.sh /home/kaiguo/script/UserAndOpenPort/
echo "10,20,30,40,50 * * * * sh /home/acc/script/clear_fs.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system info script" >>/var/spool/cron/root
echo "30 7 15 * * sh /home/acc/script/check.sh >/home/acc/script/clear_errlog 2>&1" >>/var/spool/cron/root
echo "#SA auto collect system user and port info script" >>/var/spool/cron/root
echo "0 1 * * * sh /home/kaiguo/script/UserAndOpenPort/Check_Port_User.sh> /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect performance-nmon script" >>/var/spool/cron/root
echo "0 0 * * * /home/acc/script/nmon_linux_x86_64 -f -x -m /salog/routine/nmonlog> /dev/null 2>&1 #nmon" >>/var/spool/cron/root
echo "#SA auto collect system performance and system info script" >>/var/spool/cron/root
echo "*/5 * * * * sh /home/acc/script/mon.sh > /dev/null 2>&1" >>/var/spool/cron/root
echo "#SA auto collect cpu script" >>/var/spool/cron/root
echo "0,5,10,15,20,25,30,35,40,45,50,55 * * * * sh /home/kaiguo/script/cpu_mem.sh" >>/var/spool/cron/root
cd /home/acc
tar -xvf jx_script.tar
cd jx_script
sh ftp.sh
touch /etc/sysconfig/iptables
chmod 600 /etc/sysconfig/iptables
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 134.96.111.84/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.85/32 -j ACCEPT
iptables -A INPUT -s 134.96.111.86/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.73/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.74/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.75/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.61/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.62/32 -j ACCEPT
iptables -A INPUT -s 134.96.73.128/25 -j ACCEPT
iptables -A INPUT -s 134.98.105.0/24 -j ACCEPT
iptables -A INPUT -s 134.98.83.0/26 -j ACCEPT
iptables -A INPUT -s 134.98.104.240/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.220/32 -j ACCEPT
iptables -A INPUT -s 134.96.247.221/32 -j ACCEPT
iptables -A INPUT -s 134.96.188.100/32 -j ACCEPT
iptables -A INPUT -s 134.96.177.250/32 -j ACCEPT
iptables -A INPUT -s 172.17.0.0/20 -j ACCEPT
iptables -P INPUT DROP
service iptables save
groupadd -g 1000 dba
groupadd -g 1002 o×××tall
groupadd -g 1003 asmadmin
groupadd -g 1004 asmdba
groupadd -g 1005 asmoper
/usr/sbin/useradd -u 1001 -g o×××tall -G asmadmin,asmdba,asmoper -d /app/grid grid
/usr/sbin/useradd -u 1000 -g o×××tall -G dba,asmdba,wheel -d/app/oracle oracle
022表示默认建立新文件权限为755 也就是 rxwr-xr-x(全部者所有权限,属组读写,其它人读写) 027表示默认建立新文件权限为750 也就是rxwr-x---(全部者所有权限,属组读写,其它人无) 下表列出了一些umask值及它们所对应的目录和文件权限 经常使用的umask值及对应的文件和目录权限 umask值 目录 文件 022 755 644 027 750 640 002 775 664 006 771 660 007 770 660
mysql,redis,mq,docker,hadoop如今咱们这边的主要研究方向
- 1. 安装与配置初始CentOS系统
- 2. linux 安装 配置 命令
- 3. Linux系统初始化配置
- 4. 安装linux系统-CentOS-6.8-x86_64-minimal.iso
- 5. Oracle Linux 6.8系统的安装
- 6. slurm.conf系统初始配置
- 7. cgroup.conf系统初始配置
- 8. slurmdbd.conf系统初始配置
- 9. CentOS 6.8 LAMP 安装配置
- 10. linux系统命令配置文件
- 更多相关文章...
- • Git 安装配置 - Git 教程
- • MySQL免安装版配置教程 - MySQL教程
- • Docker 清理命令
- • Composer 安装与使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。