1、永久关闭selinux,修改成permissive或者disabled(建议),修改完需重启
-
[root@oracle ~]# cat /etc/selinux/config
-
-
# This file controls the state of SELinux on the system.
-
# SELINUX= can take one of these three values:
-
# enforcing - SELinux security policy is enforced.
-
# permissive - SELinux prints warnings instead of enforcing.
-
# disabled - No SELinux policy is loaded.
-
SELINUX=disabled
-
# SELINUXTYPE= can take one of these two values:
-
# targeted - Targeted processes are protected,
-
# mls - Multi Level Security protection.
-
SELINUXTYPE=targeted
1.1临时关闭selinux
查看状态
-
[root@centos etc]# getenforce
-
Enforcing
关闭(0为临时关闭,1为临时启动)
-
[root@centos etc]# setenforce 0
-
[root@centos etc]# getenforce
-
Desabled
2.配置network,修改如下
-
[root@oracle ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
-
EVICE=eth0 //网卡设备名称
-
HWADDR=98:BE:94:46:BC:B2 //网卡MAC
-
TYPE=Ethernet //网络类型
-
UUID=a676465c-3608-44c2-9286-5e18c9cb9f64
-
ONBOOT=yes
-
NM_CONTROLLED=yes
-
BOOTPROTO=none
-
IPADDR=192.168.1.105 //IP地址
-
NETMASK=255.255.255.0 //子网掩码
-
GATEWAY=192.168.1.1 //网关
-
DNS1=221.228.255.1 //DNS,也可以在resolv.conf配置
3.禁止ping(可选,一般不需要禁止)(默认为0位启用ICMP协议,1为禁止),修改完无须重启
-
[root@oracle ipv4]# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
或者在sysctl.conf中添加
-
[root@mysql ~]# echo "net.ipv4.icmp_echo_ignore_all=1" >> /etc/sysctl.conf
-
[root@mysql ~]# tail -1 /etc/sysctl.conf
-
net.ipv4.icmp_echo_ignore_all=1
-
[root@mysql ~]# sysctl -p
4.(可选)登陆后显示信息,在""中输入需要在登陆后显示的信息
-
[root@oracle ~]# echo "It is product environment,be careful..." > /etc/motd
登陆后的信息
-
Using username "root".
-
Last login: Tue Sep 15 14:24:31 2015 from 192.168.1.207
-
It is product environment,be careful...
5.修改默认ssh设置,增加系统安全性
备份sshd_config文件
-
[root@mysql ssh]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.20150915
修改如下配置
-
//修改ssh远程连接的默认端口
-
#Port 22
-
修改成
-
Port 2510端口号自己指定
-
-
//ssh不允许root用户登录
-
#PermitRootLogin yes
-
修改成
-
PermitRootLogin no
-
-
//解决DNS解析慢的问题
-
#UseDNS yes
-
修改成
-
UseDNS no
-
-
//解决ssh慢的问题
-
#GSSAPIAuthentication no
-
GSSAPIAuthentication yes
-
修改成
-
GSSAPIAuthentication no
-
#GSSAPIAuthentication yes
6.优化终端超时,终端超过600秒自动断开
-
[root@mysql ~]# echo "export TMOUT=600" >> /etc/profile
-
[root@mysql ~]# tail -1 /etc/profile
-
export TMOUT=600
-
[root@mysql ~]# source /etc/profile
7.控制历史命令记录数,历史命令文件路径:~/.bash_history
-
[root@mysql ~]# echo "export HISTSIZE=20" >> /etc/profile
-
[root@mysql ~]# echo "export HISTFILESIZE=20" >> /etc/profile
-
[root@mysql ~]# tail -2 /etc/profile
-
export HISTSIZE=20
-
export HISTFILESIZE=20
-
[root@mysql ~]# source /etc/profile
-
(责任编辑:IT) |