搭建 CentOS 6 服务器(3) - 初始环境设置

于 2014-12-30 11:56:01 发布
阅读量165 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: Linux 文章标签: 系统架构 开发工具 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/wayne_ren/article/details/84693549
[b](1)系统架构[/b]

[color=blue]查看内核[/color]
# uname -s -r 
  Linux 2.6.32-358.el6.x86_64


[color=blue]查看发布版本[/color]
# cat /etc/redhat-release
  CentOS release 6.4 (Final)


[color=blue]查看CPU架构[/color]
# arch
  x86_64(x86_64表示64位机器/i686表示32位机器)
# getconf LONG_BIT
  64


[b](2)用户设置[/b]

[color=blue]添加用户[/color]
# /usr/sbin/useradd user1 -d /home/user1 -G nobody
# passwd user1
  New password: 123456
  Retype new password: 123456
  passwd: all authentication tokens updated successfully.


[color=blue]确认用户[/color]
# id user1


[color=blue]删除用户[/color]
# userdel -r user1


[color=blue]赋予root权限[/color]
# usermod -G wheel hoge
# vi /etc/pam.d/su
  auth       required     pam_wheel.so use_uid  # <= 取消注释


[color=blue]用户一览[/color]
# cat /etc/passwd


[b](3)网络设置[/b]

[color=blue]设置IP[/color]
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
  DEVICE="eth0"
  OTPROTO="static" # <=
  HWADDR="00:0C:29:53:A5:AE"
  IPV6INIT="no" # <=
  NM_CONTROLLED="yes"
  ONBOOT="yes"
  TYPE="Ethernet"
  UUID="1ca6acf4-ebce-415a-a89b-bf89a67819ff"
  IPADDR="xxx.xxx.xx.xx" # <=
  NETMASK="255.255.255.0" # <=
  GATEWAY="xxx.xxx.xx.xx" # <=
  DNS1="xxx.xxx.xx.xx" # <=

# service network restart
  Shutting down interface eth0:  
  ......
  Connection activated      [  OK  ]

# ifconfig
  eth0      Link encap:Ethernet  HWaddr 00:0C:29:2F:D5:58 
              inet addr:xxx.xxx.xx.xx  Bcast:xxx.xxx.xx.xx Mask:255.255.255.0
  ......


[color=blue]卸载NestworkManager服务[/color]
# chkconfig NetworkManager off
# yum -y remove NetworkManager


[color=blue]关闭IPv6[/color]
# service ip6tables stop
# chkconfig ip6tables off
# echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
# vi /etc/sysconfig/network
  NETWORKING_IPV6=no
  IPV6INIT=no
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# shutdown -r now
# lsmod | grep ipv6 
  没有ipv6模块
# netstat -an | grep ffff
  没有:ffff:开始的IP
# ifconfig
  没有inet6 addr开始的文字


[b](4)包管理设置[/b]

[color=blue]yum清理[/color]
# yum clean all
  Loaded plugins: fastestmirror, security
  Cleaning repos: base extras updates
  Cleaning up Everything
# yum makecache
  Loaded plugins: fastestmirror, security
  Determining fastest mirrors
  ………….
  Metadata Cache Created


[color=blue]yum更新[/color]
# yum -y update


[color=blue]自动更新[/color]
# yum -y install yum-cron
# vi /etc/sysconfig/yum-cron
  CHECK_ONLY=yes
  DOWNLOAD_ONLY=yes
# /etc/rc.d/init.d/yum-cron start
# chkconfig yum-cron on
# chkconfig --list yum-cron


[color=blue]自动查找最快镜像[/color]
# yum -y install yum-plugin-fastestmirror
# vi /etc/yum/pluginconf.d/fastestmirror.conf
  enabled=0   ←0:无效 1:有效


[color=blue]添加repository[/color]
# vi /etc/yum.repos.d/CentOS-Base.repo

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# vi /etc/yum.repos.d/rpmforge.repo
  enabled=0
# yum --enablerepo=rpmforge install xxxx

# rpm -Uvh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# vi /etc/yum.repos.d/epel.repo
  enabled=0
# yum --enablerepo=epel install xxxx


[b](5)设置vim[/b]
# yum -y install vim-enhanced
# vi /etc/profile
  alias vi='vim'
# source /etc/profile
# vi /etc/vimrc


[b](6)安全设置[/b]

[color=blue]关闭SELinux[/color]
# getenforce
# setenforce 0 ←临时关闭
# vi /etc/sysconfig/selinux
  SELINUX=enforcing
   ↓
  SELINUX=disabled


[color=blue]停止iptables[/color]
# /etc/rc.d/init.d/iptables stop
  iptables: Flushing firewall rules:                         [  OK  ]
  iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
  iptables: Unloading modules:                               [  OK  ]
# chkconfig iptables off
# chkconfig --list iptables 
  iptables        0:off 1:off 2:off 3:off 4:off 5:off 6:off


[b](7)系统运行情况[/b]

[color=blue]磁盘使用情况[/color]
# df -h

# yum -y install sysstat
# iostat


[color=blue]内存使用情况[/color]
# free -m


[color=blue]CPU和内存[/color]
# cat /proc/cpuinfo
# cat /proc/meminfo


[b](8)其他[/b]

[color=blue]修改hostname[/color]
# hostname
  localhost.localdomain
# vi /etc/sysconfig/network
  NETWORKING=yes
  #HOSTNAME=localhost.localdomain
  HOSTNAME=MyNewHostName
  NETWORKING_IPV6=no
# vi /etc/hosts
  127.0.0.1 MyNewHostName
  127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  #hosts文件每行格式:IP地址 hostname aliases
  #保留localhost的定义,因为Apache、Postfix、sendmail等服务会用到
# shutdown -r now
# uname -a
  Linux MyNewHostName 2.6.32-358.el6.x86_64 ......

临时修改
# hostname MyTmpHostName
# /etc/init.d/network restart


[color=blue]本地语言化[/color]
# yum -y groupinstall "Japanese Support"
# vi /etc/sysconfig/i18n
  LANG="en_US.UTF-8"
   ↓
  LANG="ja_JP.UTF-8"
# source /etc/sysconfig/i18n 
# echo $LANG
  ja_JP.UTF-8
# shutdown -r now


[color=blue]停止不必要的服务[/color]
# chkconfig --list | grep 3:on
# service ip6tables stop
# chkconfig ip6tables off


[color=blue]编码转换nkf(Network Kanji Filter)[/color]
# yum -y install nkf
# vi readme.txt
  test
  漢字
# nkf -g readme.txt
  UTF-8 (LF)
# nkf -s --overwrite readme.txt
# nkf -g readme.txt
  Shift_JIS (LF)
# nkf -j --overwrite readme.txt
# nkf -g readme.txt
  ISO-2022-JP (LF)


[color=blue]安装gcc[/color]
# rpm -qa gcc
# yum -y install gcc gcc-c++
# gcc -v
  Using built-in specs.
  Target: i686-redhat-linux
  …………
  gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)


[color=blue]安装PCRE[/color]
# cd /usr/local/src
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz
# tar zxvf pcre-8.35.tar.gz
# cd /usr/local/src/pcre-8.35
# ./configure --prefix=/usr/local/pcre/8.35
# make clean
# make && make install
# PATH=/usr/local/pcre/8.35/bin:$PATH 
# vi /etc/ld.so.conf
  /usr/local/pcre/8.35/lib ←末尾追加
# ldconfig
# rpm -qa pcre
  pcre-7.8-6.el6.x86_64
# pcretest -C
  PCRE version 7.8 2008-09-05


[color=blue]安装OpenSSL[/color]
# cd /usr/local/src
# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz
# tar xzvf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config shared -fPIC
# make && make install
# vi /etc/ld.so.conf
  /usr/local/ssl/lib ←末尾追加
# ldconfig
# ldconfig -f /etc/ld.so.conf -vp|grep ssl/lib
  libssl.so.1.0.0 (libc6) => /usr/local/ssl/lib/libssl.so.1.0.0
  libssl.so (libc6) => /usr/local/ssl/lib/libssl.so
  libcrypto.so.1.0.0 (libc6) => /usr/local/ssl/lib/libcrypto.so.1.0.0
  libcrypto.so (libc6) => /usr/local/ssl/lib/libcrypto.so
# /usr/local/ssl/bin/openssl version
  OpenSSL 1.0.1h 5 Jun 2014


[color=blue]NTP同步时间[/color]
[quote]# yum -y install ntp
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
server 0.jp.pool.ntp.org
server 1.jp.pool.ntp.org
server 2.jp.pool.ntp.org
server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat [/quote]

[quote]CentOS默认安装NTP服务、NTP服务采用的是Server/Client的模式、一台机器同时是ntp服务器和ntp客户端。

同步方法:ntpdate、ntpd

ntpdate:强制修改系统时间(需要定期同步修正cpu tick)
# ntpdate time.ntp.org
# crontab -e
0 12 * * * * /usr/sbin/ntpdate time.ntp.org
每天12点强制同步一下时间

ntpd服务:修正系统时间并修正cpu tick
# vi /etc/ntp.conf
#restrict 127.0.0.1
restrict 192.168.21.0 mask 255.255.255.0 nomodify notrap
server -4 192.168.21.1 *** -4代表通过IPv4连接服务器
# /etc/init.d/ntpd start
# netstat -ln|grep 123
# ntpstat
每64秒与上源服务器同步一次,随着误差减小,逐步增加同步的间隔

需要确保是否有权限连接到服务器端。

先使用ntpdate强制同步时间,之后使用ntpd服务同步时间
安装
# yum -y install ntp
# ntpd --version
设置
# cp /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
手动同步
# ntpdate pool.ntp.org
启动ntpd
# service ntpd start
# chkconfig ntpd on
确认
# ntpq -p
# ntpstat

# ntpd -gq 强制更新[/quote]

[color=red][b]GHOST: glibc vulnerability (CVE-2015-0235)[/b][/color]
# yum update glibc
# rpm -qa | grep glibc
  2.12-1.149.el6_6.5
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值