搭建 CentOS 6 服务器(3) - 初始环境设置

[b](1)系统架构[/b]

[color=blue]查看内核[/color]
# uname -s -r 
Linux 2.6.32-358.el6.x86_64


[color=blue]查看发布版本[/color]
# cat /etc/redhat-release
CentOS release 6.4 (Final)


[color=blue]查看CPU架构[/color]
# arch
x86_64(x86_64表示64位机器/i686表示32位机器)
# getconf LONG_BIT
64


[b](2)用户设置[/b]

[color=blue]添加用户[/color]
# /usr/sbin/useradd user1 -d /home/user1 -G nobody
# passwd user1
New password: 123456
Retype new password: 123456
passwd: all authentication tokens updated successfully.


[color=blue]确认用户[/color]
# id user1


[color=blue]删除用户[/color]
# userdel -r user1


[color=blue]赋予root权限[/color]
# usermod -G wheel hoge
# vi /etc/pam.d/su
auth required pam_wheel.so use_uid # <= 取消注释


[color=blue]用户一览[/color]
# cat /etc/passwd


[b](3)网络设置[/b]

[color=blue]设置IP[/color]
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
OTPROTO="static" # <=
HWADDR="00:0C:29:53:A5:AE"
IPV6INIT="no" # <=
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="1ca6acf4-ebce-415a-a89b-bf89a67819ff"
IPADDR="xxx.xxx.xx.xx" # <=
NETMASK="255.255.255.0" # <=
GATEWAY="xxx.xxx.xx.xx" # <=
DNS1="xxx.xxx.xx.xx" # <=

# service network restart
Shutting down interface eth0:
......
Connection activated [ OK ]

# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:2F:D5:58
inet addr:xxx.xxx.xx.xx Bcast:xxx.xxx.xx.xx Mask:255.255.255.0
......


[color=blue]卸载NestworkManager服务[/color]
# chkconfig NetworkManager off
# yum -y remove NetworkManager


[color=blue]关闭IPv6[/color]
# service ip6tables stop
# chkconfig ip6tables off
# echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
# vi /etc/sysconfig/network
NETWORKING_IPV6=no
IPV6INIT=no
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# shutdown -r now
# lsmod | grep ipv6
没有ipv6模块
# netstat -an | grep ffff
没有:ffff:开始的IP
# ifconfig
没有inet6 addr开始的文字


[b](4)包管理设置[/b]

[color=blue]yum清理[/color]
# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base extras updates
Cleaning up Everything
# yum makecache
Loaded plugins: fastestmirror, security
Determining fastest mirrors
………….
Metadata Cache Created


[color=blue]yum更新[/color]
# yum -y update


[color=blue]自动更新[/color]
# yum -y install yum-cron
# vi /etc/sysconfig/yum-cron
CHECK_ONLY=yes
DOWNLOAD_ONLY=yes
# /etc/rc.d/init.d/yum-cron start
# chkconfig yum-cron on
# chkconfig --list yum-cron


[color=blue]自动查找最快镜像[/color]
# yum -y install yum-plugin-fastestmirror
# vi /etc/yum/pluginconf.d/fastestmirror.conf
enabled=0 ←0:无效 1:有效


[color=blue]添加repository[/color]
# vi /etc/yum.repos.d/CentOS-Base.repo

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# vi /etc/yum.repos.d/rpmforge.repo
enabled=0
# yum --enablerepo=rpmforge install xxxx

# rpm -Uvh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# vi /etc/yum.repos.d/epel.repo
enabled=0
# yum --enablerepo=epel install xxxx


[b](5)设置vim[/b]
# yum -y install vim-enhanced
# vi /etc/profile
alias vi='vim'
# source /etc/profile
# vi /etc/vimrc


[b](6)安全设置[/b]

[color=blue]关闭SELinux[/color]
# getenforce
# setenforce 0 ←临时关闭
# vi /etc/sysconfig/selinux
SELINUX=enforcing
   ↓
SELINUX=disabled


[color=blue]停止iptables[/color]
# /etc/rc.d/init.d/iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
# chkconfig iptables off
# chkconfig --list iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off


[b](7)系统运行情况[/b]

[color=blue]磁盘使用情况[/color]
# df -h

# yum -y install sysstat
# iostat


[color=blue]内存使用情况[/color]
# free -m


[color=blue]CPU和内存[/color]
# cat /proc/cpuinfo
# cat /proc/meminfo


[b](8)其他[/b]

[color=blue]修改hostname[/color]
# hostname
localhost.localdomain
# vi /etc/sysconfig/network
NETWORKING=yes
#HOSTNAME=localhost.localdomain
HOSTNAME=MyNewHostName
NETWORKING_IPV6=no
# vi /etc/hosts
127.0.0.1 MyNewHostName
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#hosts文件每行格式:IP地址 hostname aliases
#保留localhost的定义,因为Apache、Postfix、sendmail等服务会用到
# shutdown -r now
# uname -a
Linux MyNewHostName 2.6.32-358.el6.x86_64 ......

临时修改
# hostname MyTmpHostName
# /etc/init.d/network restart


[color=blue]本地语言化[/color]
# yum -y groupinstall "Japanese Support"
# vi /etc/sysconfig/i18n
LANG="en_US.UTF-8"
   ↓
LANG="ja_JP.UTF-8"
# source /etc/sysconfig/i18n
# echo $LANG
ja_JP.UTF-8
# shutdown -r now


[color=blue]停止不必要的服务[/color]
# chkconfig --list | grep 3:on
# service ip6tables stop
# chkconfig ip6tables off


[color=blue]编码转换nkf(Network Kanji Filter)[/color]
# yum -y install nkf
# vi readme.txt
test
漢字
# nkf -g readme.txt
UTF-8 (LF)
# nkf -s --overwrite readme.txt
# nkf -g readme.txt
Shift_JIS (LF)
# nkf -j --overwrite readme.txt
# nkf -g readme.txt
ISO-2022-JP (LF)


[color=blue]安装gcc[/color]
# rpm -qa gcc
# yum -y install gcc gcc-c++
# gcc -v
Using built-in specs.
Target: i686-redhat-linux
…………
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)


[color=blue]安装PCRE[/color]
# cd /usr/local/src
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz
# tar zxvf pcre-8.35.tar.gz
# cd /usr/local/src/pcre-8.35
# ./configure --prefix=/usr/local/pcre/8.35
# make clean
# make && make install
# PATH=/usr/local/pcre/8.35/bin:$PATH
# vi /etc/ld.so.conf
/usr/local/pcre/8.35/lib ←末尾追加
# ldconfig
# rpm -qa pcre
pcre-7.8-6.el6.x86_64
# pcretest -C
PCRE version 7.8 2008-09-05


[color=blue]安装OpenSSL[/color]
# cd /usr/local/src
# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz
# tar xzvf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config shared -fPIC
# make && make install
# vi /etc/ld.so.conf
/usr/local/ssl/lib ←末尾追加
# ldconfig
# ldconfig -f /etc/ld.so.conf -vp|grep ssl/lib
libssl.so.1.0.0 (libc6) => /usr/local/ssl/lib/libssl.so.1.0.0
libssl.so (libc6) => /usr/local/ssl/lib/libssl.so
libcrypto.so.1.0.0 (libc6) => /usr/local/ssl/lib/libcrypto.so.1.0.0
libcrypto.so (libc6) => /usr/local/ssl/lib/libcrypto.so
# /usr/local/ssl/bin/openssl version
OpenSSL 1.0.1h 5 Jun 2014


[color=blue]NTP同步时间[/color]
[quote]# yum -y install ntp
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
server 0.jp.pool.ntp.org
server 1.jp.pool.ntp.org
server 2.jp.pool.ntp.org
server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat [/quote]

[quote]CentOS默认安装NTP服务、NTP服务采用的是Server/Client的模式、一台机器同时是ntp服务器和ntp客户端。

同步方法:ntpdate、ntpd

ntpdate:强制修改系统时间(需要定期同步修正cpu tick)
# ntpdate time.ntp.org
# crontab -e
0 12 * * * * /usr/sbin/ntpdate time.ntp.org
每天12点强制同步一下时间

ntpd服务:修正系统时间并修正cpu tick
# vi /etc/ntp.conf
#restrict 127.0.0.1
restrict 192.168.21.0 mask 255.255.255.0 nomodify notrap
server -4 192.168.21.1 *** -4代表通过IPv4连接服务器
# /etc/init.d/ntpd start
# netstat -ln|grep 123
# ntpstat
每64秒与上源服务器同步一次,随着误差减小,逐步增加同步的间隔

需要确保是否有权限连接到服务器端。

先使用ntpdate强制同步时间,之后使用ntpd服务同步时间
安装
# yum -y install ntp
# ntpd --version
设置
# cp /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
手动同步
# ntpdate pool.ntp.org
启动ntpd
# service ntpd start
# chkconfig ntpd on
确认
# ntpq -p
# ntpstat

# ntpd -gq 强制更新[/quote]

[color=red][b]GHOST: glibc vulnerability (CVE-2015-0235)[/b][/color]
# yum update glibc
# rpm -qa | grep glibc
2.12-1.149.el6_6.5
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值