CentOS7 template for Docker

 

 

 

selinux、iptables、firewalld相关介绍

https://blog.csdn.net/weixin_47019016/article/details/109535074

 

[apollo@localhost ~]$ su - root
Password:
Last login: Mon Mar 20 22:27:10 CST 2023 on tty1
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@localhost ~]#
[root@localhost ~]# 
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# chkconfig iptables off
error reading information on service iptables: No such file or directory
[root@localhost ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@localhost ~]#
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]#

 

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ll
total 252
-rw-r--r--. 1 root root   312 Mar 20 22:18 ifcfg-ens192
-rw-r--r--. 1 root root   254 Mar 29  2019 ifcfg-lo
lrwxrwxrwx. 1 root root    24 Mar 20 22:10 ifdown -> ../../../usr/sbin/ifdown
-rwxr-xr-x. 1 root root   654 Mar 29  2019 ifdown-bnep
-rwxr-xr-x. 1 root root  6532 Mar 29  2019 ifdown-eth
-rwxr-xr-x. 1 root root  6190 Aug  9  2019 ifdown-ib
-rwxr-xr-x. 1 root root   781 Mar 29  2019 ifdown-ippp
-rwxr-xr-x. 1 root root  4540 Mar 29  2019 ifdown-ipv6
lrwxrwxrwx. 1 root root    11 Mar 20 22:10 ifdown-isdn -> ifdown-ippp
-rwxr-xr-x. 1 root root  2130 Mar 29  2019 ifdown-post
-rwxr-xr-x. 1 root root  1068 Mar 29  2019 ifdown-ppp
-rwxr-xr-x. 1 root root   870 Mar 29  2019 ifdown-routes
-rwxr-xr-x. 1 root root  1456 Mar 29  2019 ifdown-sit
-rwxr-xr-x. 1 root root  1621 Mar 18  2017 ifdown-Team
-rwxr-xr-x. 1 root root  1556 Mar 18  2017 ifdown-TeamPort
-rwxr-xr-x. 1 root root  1462 Mar 29  2019 ifdown-tunnel
lrwxrwxrwx. 1 root root    22 Mar 20 22:10 ifup -> ../../../usr/sbin/ifup
-rwxr-xr-x. 1 root root 12415 Mar 29  2019 ifup-aliases
-rwxr-xr-x. 1 root root   910 Mar 29  2019 ifup-bnep
-rwxr-xr-x. 1 root root 13475 Mar 29  2019 ifup-eth
-rwxr-xr-x. 1 root root 10114 Aug  9  2019 ifup-ib
-rwxr-xr-x. 1 root root 12075 Mar 29  2019 ifup-ippp
-rwxr-xr-x. 1 root root 11893 Mar 29  2019 ifup-ipv6
lrwxrwxrwx. 1 root root     9 Mar 20 22:10 ifup-isdn -> ifup-ippp
-rwxr-xr-x. 1 root root   650 Mar 29  2019 ifup-plip
-rwxr-xr-x. 1 root root  1064 Mar 29  2019 ifup-plusb
-rwxr-xr-x. 1 root root  4997 Mar 29  2019 ifup-post
-rwxr-xr-x. 1 root root  4154 Mar 29  2019 ifup-ppp
-rwxr-xr-x. 1 root root  2001 Mar 29  2019 ifup-routes
-rwxr-xr-x. 1 root root  3303 Mar 29  2019 ifup-sit
-rwxr-xr-x. 1 root root  1755 Mar 18  2017 ifup-Team
-rwxr-xr-x. 1 root root  1876 Mar 18  2017 ifup-TeamPort
-rwxr-xr-x. 1 root root  2711 Mar 29  2019 ifup-tunnel
-rwxr-xr-x. 1 root root  1836 Mar 29  2019 ifup-wireless
-rwxr-xr-x. 1 root root  5419 Mar 29  2019 init.ipv6-global
-rw-r--r--. 1 root root 20671 Mar 29  2019 network-functions
-rw-r--r--. 1 root root 31027 Mar 29  2019 network-functions-ipv6
[root@localhost network-scripts]#

[root@localhost network-scripts]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:2b:90:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.17/24 brd 192.168.3.255 scope global noprefixroute dynamic ens192
       valid_lft 82186sec preferred_lft 82186sec
    inet6 fe80::4bb3:66d9:235e:8c36/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:e5:73:ca brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:e5:73:ca brd ff:ff:ff:ff:ff:ff

[root@localhost network-scripts]# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.17  netmask 255.255.255.0  broadcast 192.168.3.255
        inet6 fe80::4bb3:66d9:235e:8c36  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:2b:90:20  txqueuelen 1000  (Ethernet)
        RX packets 2740  bytes 274678 (268.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 699  bytes 96916 (94.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2  bytes 98 (98.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 98 (98.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:e5:73:ca  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost network-scripts]#


[root@localhost network-scripts]# ll *192*
-rw-r--r--. 1 root root 312 Mar 20 22:18 ifcfg-ens192

[root@localhost network-scripts]#
[root@localhost network-scripts]# ip route
default via 192.168.3.1 dev ens192 proto dhcp metric 100
192.168.3.0/24 dev ens192 proto kernel scope link src 192.168.3.110 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@localhost network-scripts]#
[root@localhost network-scripts]#


##################################################
##  Gateway
##################################################
[root@localhost network-scripts]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.3.1     0.0.0.0         UG        0 0          0 ens192
192.168.3.0     0.0.0.0         255.255.255.0   U         0 0          0 ens192
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
[root@localhost network-scripts]#

##################################################
##  DNS
##################################################
[root@localhost network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.1
[root@localhost network-scripts]#
[root@localhost network-scripts]#

[root@localhost network-scripts]# vi ifcfg-ens192
[root@localhost network-scripts]# more ifcfg-ens192
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO=static
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens192"
DEVICE="ens192"
ONBOOT="yes"
IPADDR=192.168.3.110
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=192.168.3.1


[root@localhost network-scripts]#
[root@localhost network-scripts]# service network restart
Restarting network (via systemctl):                        [  OK  ]
[root@localhost network-scripts]# shutdown -r 0

 

 

[root@localhost ~] # hostnamectl set-hostname template
[root@localhost ~]# hostname
template
[root@localhost ~]#
[root@localhost:~ ]$ hostnamectl --static    set-hostname template
[root@localhost:~ ]$ exit
logout
[apollo@localhost ~]$ su - root
Password:
Last login: Tue Mar 21 00:15:06 CST 2023 on pts/0
[root@template:~ ]$ shutdown -h 0

 

[root@template:~ ]$
[root@template:~ ]$
[root@template:~ ]$ localectl  set -locale LANG=en_US.UTF-8
[root@template:~ ]$
[root@template:~ ]$  vi /etc/default/locale 
[root@template:~ ]$  cat /etc/default/locale 
LANG=en_US.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_TIME=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
LC_PAPER=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8

[root@template:~ ]$


[root@template:~ ]$
[root@template:~ ]$  fdisk -l

Disk  /dev/sda : 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical /physical ): 512 bytes / 512 bytes
I /O size (minimum /optimal ): 512 bytes / 512 bytes
Disk label  type : dos
Disk identifier: 0x000123a7

   Device Boot      Start         End      Blocks   Id  System
 /dev/sda1 *        2048   176160767    88079360   83  Linux
 /dev/sda2 176160768   209715199    16777216   82  Linux swap / Solaris
[root@template:~ ]$



yum  install vim
yum  install lvm2



[root@template:~ ]$  cat /etc/fstab 

 #
# /etc/fstab
# Created by anaconda on Mon Mar 20 22:05:33 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=c66af4d7-3af8-4403-82ed-7e60f888a1fe /                       ext4    defaults        1 1
UUID=6553ebd9-ee04-49af-86dd-1e728de87d95 swap                    swap    defaults        0 0
[root@template:~ ]$

 

[root@template:~ ]$  cat .bash_profile
 # .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH

set -o vi
PS1="[\[\033[01;32m\]\u@\h\[\033[01;34m\]:\w \[\033[00m\]]$ "
alias ll='ls -al -v --group-directories-first --color=auto --time-style=long-iso'

[root@template:~ ]$

 

[root@template:~ ]$ ll ./. ssh /
total 20K
-rw-r--r--  1 root root  171 2023-03-21 11:00 known_hosts
-rw-r--r--  1 root root  395 2023-03-21 10:59 id_rsa.pub
-rw-------  1 root root 1.7K 2023-03-21 10:59 id_rsa
dr-xr-x---. 5 root root 4.0K 2023-03-21 10:59 ..
drwx------  2 root root 4.0K 2023-03-21 11:00 .
[root@template:~ ]$
[root@template:~ ]$  ssh -copy- id -i ~/. ssh /id_rsa .pub root@localhost
 /bin/ssh-copy-id : INFO: Source of key(s) to be installed:  "/root/.ssh/id_rsa.pub" 
 /bin/ssh-copy-id : INFO: attempting to log  in with the new key(s), to filter out any that are already installed
 /bin/ssh-copy-id : INFO: 1 key(s) remain to be installed --  if you are prompted now it is to  install the new keys
root@localhost 's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ' root@localhost'"
and check to  make sure that only the key(s) you wanted were added.

[root@template:~ ]$  ll ./. ssh /
total 24K
-rw-r--r--  1 root root  171 2023-03-21 11:00 known_hosts
-rw-r--r--  1 root root  395 2023-03-21 10:59 id_rsa.pub
-rw-------  1 root root 1.7K 2023-03-21 10:59 id_rsa
-rw-------  1 root root  395 2023-03-21 11:02 authorized_keys
dr-xr-x---. 5 root root 4.0K 2023-03-21 10:59 ..
drwx------  2 root root 4.0K 2023-03-21 11:02 .
[root@template:~ ]$
[root@template:~ ]$  ssh root@localhost
Last login: Tue Mar 21 11:04:41 2023
[root@template:~ ]$



yum  install ntp netdate
yum  install chrony