安装CentOS6.5 服务器前期准备
时间:2016-04-02 03:28 来源:linux.it.net.cn 作者:IT
一、如果是国内服务器建议修改yum源:
cd /etc/yum.repos.d/
mv CentOS-Base.repo CentOS-Base.repo.old
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
mv CentOS6-Base-163.repo CentOS-Base.repo
二、禁用SELinux:
永久禁用,需要重启生效:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
临时禁用,不需要重新启动:
setenforce 0
三、修改系统时间:
rm -rvf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate cn.pool.ntp.org
date
四、修改系统语言:
cd /etc/sysconfig/
cp i18n i18n.bak
vim i18n
LANG="zh_CN.UTF-8"
SYSFONT="latarcyrheb-sun16"
SUPPORTED="zh_CN.UTF-8:zh_CN:zh"
locale
五、更新系统补丁包:
yum update -y
六、安装常用工具:
yum install vim wget gcc gcc-c++ gcc* ntp ntp automake autoconf cmake make vim-enhanced zlib* libxml* libtool perl perl-Net-SSLeay
七、修改开启启动的服务进程:
chkconfig --level 0123456 abrt-ccpp off
chkconfig --level 0123456 abrt-oops off
chkconfig --level 0123456 abrtd off
chkconfig --level 0123456 acpid off
chkconfig --level 0123456 atd off
chkconfig --level 0123456 auditd off
chkconfig --level 0123456 autofs off
chkconfig --level 0123456 blk-availability off
chkconfig --level 0123456 certmonger off
chkconfig --level 0123456 cgconfig off
chkconfig --level 0123456 cgred off
chkconfig --level 0123456 cpuspeed off
chkconfig --level 0123456 crond off
chkconfig --level 0123456 cups off
chkconfig --level 0123456 dnsmasq off
chkconfig --level 0123456 haldaemon off
chkconfig --level 0123456 ip6tables off
chkconfig --level 0123456 iptables off
chkconfig --level 0123456 irqbalance off
chkconfig --level 0123456 kdump off
chkconfig --level 0123456 lvm2-monitor off
chkconfig --level 0123456 mcelogd off
chkconfig --level 0123456 mdmonitor off
chkconfig --level 0123456 messagebus off
chkconfig --level 0123456 netconsole off
chkconfig --level 0123456 netfs off
chkconfig --level 0123456 network off
chkconfig --level 0123456 nfs off
chkconfig --level 0123456 nfslock off
chkconfig --level 0123456 ntpd off
chkconfig --level 0123456 ntpdate off
chkconfig --level 0123456 numad off
chkconfig --level 0123456 oddjobd off
chkconfig --level 0123456 portreserve off
chkconfig --level 0123456 postfix off
chkconfig --level 0123456 psacct off
chkconfig --level 0123456 quota_nld off
chkconfig --level 0123456 rdisc off
chkconfig --level 0123456 restorecond off
chkconfig --level 0123456 rngd off
chkconfig --level 0123456 rpcbind off
chkconfig --level 0123456 rpcgssd off
chkconfig --level 0123456 rpcsvcgssd off
chkconfig --level 0123456 rsyslog off
chkconfig --level 0123456 saslauthd off
chkconfig --level 0123456 smartd off
chkconfig --level 0123456 sshd off
chkconfig --level 0123456 sssd off
chkconfig --level 0123456 sysstat off
chkconfig --level 0123456 udev-post off
chkconfig --level 0123456 waagent off
chkconfig --level 0123456 winbind off
chkconfig --level 0123456 ypbind off
chkconfig --level 2345 crond on
chkconfig --level 2345 haldaemon on
chkconfig --level 2345 iptables on
chkconfig --level 2345 messagebus on
chkconfig --level 2345 network on
chkconfig --level 2345 ntpd on
chkconfig --level 2345 rpcbind on
chkconfig --level 2345 rsyslog on
chkconfig --level 2345 sshd on
chkconfig --level 2345 sysstat on
chkconfig --level 2345 udev-post on
chkconfig --level 0123456 waagent on
八、iptables防火墙开放ssh远程端口:
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 68 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
service iptables save
service iptables restart
cat /etc/sysconfig/iptables
service iptables status
iptables -nL
(责任编辑:IT)
一、如果是国内服务器建议修改yum源: cd /etc/yum.repos.d/ mv CentOS-Base.repo CentOS-Base.repo.old wget http://mirrors.163.com/.help/CentOS6-Base-163.repo mv CentOS6-Base-163.repo CentOS-Base.repo 二、禁用SELinux: 永久禁用,需要重启生效: sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 临时禁用,不需要重新启动: setenforce 0 三、修改系统时间: rm -rvf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ntpdate cn.pool.ntp.org date 四、修改系统语言: cd /etc/sysconfig/ cp i18n i18n.bak vim i18n LANG="zh_CN.UTF-8" SYSFONT="latarcyrheb-sun16" SUPPORTED="zh_CN.UTF-8:zh_CN:zh" locale 五、更新系统补丁包: yum update -y 六、安装常用工具: yum install vim wget gcc gcc-c++ gcc* ntp ntp automake autoconf cmake make vim-enhanced zlib* libxml* libtool perl perl-Net-SSLeay 七、修改开启启动的服务进程: chkconfig --level 0123456 abrt-ccpp off chkconfig --level 0123456 abrt-oops off chkconfig --level 0123456 abrtd off chkconfig --level 0123456 acpid off chkconfig --level 0123456 atd off chkconfig --level 0123456 auditd off chkconfig --level 0123456 autofs off chkconfig --level 0123456 blk-availability off chkconfig --level 0123456 certmonger off chkconfig --level 0123456 cgconfig off chkconfig --level 0123456 cgred off chkconfig --level 0123456 cpuspeed off chkconfig --level 0123456 crond off chkconfig --level 0123456 cups off chkconfig --level 0123456 dnsmasq off chkconfig --level 0123456 haldaemon off chkconfig --level 0123456 ip6tables off chkconfig --level 0123456 iptables off chkconfig --level 0123456 irqbalance off chkconfig --level 0123456 kdump off chkconfig --level 0123456 lvm2-monitor off chkconfig --level 0123456 mcelogd off chkconfig --level 0123456 mdmonitor off chkconfig --level 0123456 messagebus off chkconfig --level 0123456 netconsole off chkconfig --level 0123456 netfs off chkconfig --level 0123456 network off chkconfig --level 0123456 nfs off chkconfig --level 0123456 nfslock off chkconfig --level 0123456 ntpd off chkconfig --level 0123456 ntpdate off chkconfig --level 0123456 numad off chkconfig --level 0123456 oddjobd off chkconfig --level 0123456 portreserve off chkconfig --level 0123456 postfix off chkconfig --level 0123456 psacct off chkconfig --level 0123456 quota_nld off chkconfig --level 0123456 rdisc off chkconfig --level 0123456 restorecond off chkconfig --level 0123456 rngd off chkconfig --level 0123456 rpcbind off chkconfig --level 0123456 rpcgssd off chkconfig --level 0123456 rpcsvcgssd off chkconfig --level 0123456 rsyslog off chkconfig --level 0123456 saslauthd off chkconfig --level 0123456 smartd off chkconfig --level 0123456 sshd off chkconfig --level 0123456 sssd off chkconfig --level 0123456 sysstat off chkconfig --level 0123456 udev-post off chkconfig --level 0123456 waagent off chkconfig --level 0123456 winbind off chkconfig --level 0123456 ypbind off chkconfig --level 2345 crond on chkconfig --level 2345 haldaemon on chkconfig --level 2345 iptables on chkconfig --level 2345 messagebus on chkconfig --level 2345 network on chkconfig --level 2345 ntpd on chkconfig --level 2345 rpcbind on chkconfig --level 2345 rsyslog on chkconfig --level 2345 sshd on chkconfig --level 2345 sysstat on chkconfig --level 2345 udev-post on chkconfig --level 0123456 waagent on 八、iptables防火墙开放ssh远程端口: iptables -F -t nat iptables -X -t nat iptables -Z -t nat iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 68 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -p all -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A FORWARD -m state --state INVALID -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT service iptables save service iptables restart cat /etc/sysconfig/iptables service iptables status iptables -nL (责任编辑:IT) |