欢迎各位兄弟 发布技术文章
这里的技术是共享的
12345678910 | 编辑 /etc/ssh/sshd_config 配置文件 // 全部都应该设置为no /etc/ssh/sshd_config // 服务端配置文件 /etc/ssh/ssh_config // 客户端配置文件 Port 52113 // 修改端口52113 UseDNS no // 修改为No会反向查询客户端主机名,进行验证,防止客户端欺骗 PermitRootlogin no // 禁止root登录 PermitEmpasswords no // 禁止使用空密码(默认为空) ListenAddress 192.168.1.x // 只运行服务器上的内网地址来进行远程连接,外网地址直接拒绝,可以用Vpn做跳,可以不做设置 GSSAPIAuthentication no // 解决Linux之间使用 ssh 连接慢的问题 板进入局域网,通过这样来访问,更加的安全 |
sed进行修改
12345 | [root@7mini ~] # sed -ir '12 iPort 52113\nUseDNS no\nPermitRootlogin no\nGSSAPIAuthentication no' /etc/ssh/sshd_config [root@7mini ~] # /etc/init.d/sshd restart //重启生效 Stopping sshd: [ OK ] Starting sshd: [ OK ] |
12345678910111213 | 中文字符集调整,调整服务器端字符集, Xshell客户端连接工具也需要调整为UTF-8 [root@ student ~] # cat /etc/sysconfig/i18n //调整为zh注意大小写 LANG= "zh_CN.UTF-8" SYSFONT= "latarcyrheb-sun16" [root@oldboy ~] # source /etc/sysconfig/i18n //source配置文件生效 [root@oldboy ~] # echo $LANG zh_CN.UTF-8 英文字符集调整 export LANG=en_US.UTF-8 // 临时生效 sed 或者 vim修改配置文件 “ /etc/sysconfig/i18n ” 更改 LANG= "en_US.UTF-8" > /etc/sysconfig/i18n && echo "LANG=en_US.UTF-8" > /etc/sysconfig/i18n && source /etc/sysconfig/i18n |
123456789101112131415 | ntpdate ntp1.aliyun.com cp /etc/chrony .conf{,.bak} vim /etc/chrony .conf server ntp6.aliyun.com iburst systemctl start chronyd systemctl enable chronyd #开机启动 systemctl restart chronyd chronyc sources #查看同步源 [root@7mini-node2 ~] # chronyc sources 210 Number of sources = 1 MS Name /IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 203.107.6.88 2 6 17 31 +653us[+1965us] + /- 32ms<br><br>2)或者通过计划任务进行同步 |
12345 | [root@linux-node1 ~] # crontab -e no crontab for root - using an empty one crontab : installing new crontab [root@linux-node1 ~] # crontab -l * /5 * * * * /usr/sbin/ntpdate time1.aliyun.com > /dev/null |
123456789101112131415161718192021222324252627282930 | history 查看历史记录 默认100条,防止黑客进入服务器,查看到机密信息 参数: -c:清空历史记录 -d:指定删除一行 export HISTSIZE=5 [root@student ~] # export HISTSIZE=5 命令行只看见5条信息(控制终端) [root@student ~] # history 查看是否只存留5条 730 history 731 ls 732 history 733 export HISTSIZE=5 734 history [root@student ~] # echo 'export HISTSIZE=5' >>/etc/profile 写入全局配置文件,永久生效控制终端只有5条信息 [root@student ~] #source /etc/profile 立即生效 [root@student ~] # export HISTFILESIZE=5 ~/.bash_historty(控制用户家目录下的记录) [root@student ~] # cat ~/.bash_history Test Welcome to xuliangwei Linux EOF Exit [root@student ~] # echo 'export HISTFILESIZE=5' >>/etc/profile 写入全局配置文件,永久生效。当前用户家目录下~/.bash_history [root@student ~] #source /etc/profile 立即生效 [root@student ~] # history -c 清空历史记录终端 [root@student ~] # history 734 history export HISTTIMEFORMAT= "%F %T `whoami`" 记录历史命令执行时间以及是谁执行(生产必加) |
123456 | 启动进程使用它来表示打开的文件。每个进程启动都会占用文件描述符,如果过文件描述符不够,会导致进程失败 ulinit -n 查看默认文件描述符 参数: -S:软 -H:硬 [root@student ~] # ulimit -SHn 65535 //临时生效调整文件描述符 [root@student ~] # echo "* - nofile 65535" >>/etc/security/limits.conf // 永久生效调整文件描述符(退出终端可生效) |
12 | [root@student ~] # mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup //备份yum源 [root@student ~] # wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo //CentOS 6源 |
1 | yum install -y vim wget openssl openssl-devel openssl pcre pcre-devel telnet setuptool ntsysv git python-urllib3 sqlite sqlite-devel bzip2 bzip2 -devel gcc gcc -c++ cmake lsof sysstat bind-utils ntp iftop iotop tree screen iftop ntpdate |
123456789 | 修改 /etc/selinux/config-- > SELINUX=enforcing修改为SELINUX=disabled sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 使用 sed 替换关闭selinux getenforce 查看selinux当前环境 setenforce 临时关闭 1.开启 0.关闭 permissive [root@localhost ~] # /etc/init.d/iptables stop iptables:将链设置为政策 ACCEPT:filter [确定] iptables:清除防火墙规则: [确定] iptables:正在卸载模块: [确定] [root@localhost ~] # chkconfig iptables off |
123456 | vi /etc/sysconfig/network HOSTNAME=localhost.localdomain #修改localhost.localdomain为6mini vi /etc/hosts 127.0.0.1 localhost.localdomain #修改localhost.localdomain为6mini |
1234567891011121314151617181920212223242526272829 | net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.ip_conntrack_max = 65536 net.ipv4.netfilter.ip_conntrack_max=65536 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 如下内容,如果不开启iptables防火墙,会报错 #net.bridge.bridge-nf-call-ip6tables = 0 #net.bridge.bridge-nf-call-iptables = 0 #net.bridge.bridge-nf-call-arptables = 0 #net.ipv4.ip_conntrack_max = 65536 #net.ipv4.netfilter.ip_conntrack_max=65536 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=180 |
1234567891011121314 | [root@student ~] # chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 锁定文件系统 [root@student ~] # lsattr /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 查看锁定文件 ----i--------e- /etc/passwd ----i--------e- /etc/shadow ----i--------e- /etc/group ----i--------e- /etc/gshadow ----i--------e- /etc/inittab [root@student ~] # chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 解除锁定 [root@student ~] # lsattr /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab 再次查看 -------------e- /etc/passwd -------------e- /etc/shadow -------------e- /etc/group -------------e- /etc/gshadow -------------e- /etc/inittab |
12345 | [root@student ~] # >/etc/issue 清空版本信息 [root@student ~] # >/etc/issue = cat > /dev/null /etc/issue [root@student ~] # cat >> /etc/motd << EOF 编辑/etc/motd (设置登录提示信息) > Welcome to xuliangwei Linux > EOF |
来自 https://www.cnblogs.com/jimmy-xuli/p/9051181.html