22.centos7基础学习与积累-008-系统调优及安全设置

从头开始积累centos7系统运用

大牛博客：https://blog.51cto.com/yangrong/p5

1.关闭selinux功能：

SELinux(Securety-EnhancedLinux)是美国国家安全局（NSA）对于强制访问控制的实现，这个功能让系统管理员又爱又恨，

这里我们还是把它给关闭了吧，至于安全问题，后面通过其他手段来解决，这也是大多数生产环境的做法，如果非要开启也是可以的，

关闭方式如下：enforcing改成disabled

加 -i才是修改，不加只是查看。修改配置文件

sed 's#SELINUX=disabled#SELINUX=enforcing#g'  /etc/selinux/config

路径：

[root@python01 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@python01 ~]# grep 'SELINUX=disabled' /etc/selinux/config
SELINUX=disabled
[root@python01 ~]# grep 'disabled' /etc/selinux/config         
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

以上修改配置文件后selinux还是没有生效：

查看selinux状态：

[root@python01 ~]# getenforce
Disabled

[root@python01 ~]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

仅仅开启警告：重启后生效

[root@python01 ~]#  setenforce 0

 

2.运行级别：

[root@python01 ~]# cat /etc/inittab
# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target
#

 

[root@python01 ~]# runlevel
N 5

[root@python01 ~]# systemctl get-default
graphical.target

 

3.关闭防火墙：

查看防火墙状态：systemctl status firewalld.service

关闭：systemctl stop firewalld

开启：systemctl start firewalld

开机自动关闭：systemctl disable firewalld

开机自动启动：systemctl enable firewalld

4.中文乱码：

[root@python01 ~]# cat /etc/locale.conf
#LANG="zh_CN.UTF-8"
LANG="en_US.UTF-8"

5.setup命令工具：没试过

yum install setuptool

yum install ntsysv

yum install iptables

yum install system-config-securitylevel-tui

yum install system-config-network-tui

6.见19 history命令

7.特殊变量设置：不用做到系统里面，知道就好了

[root@python01 ~]# echo 'export TOUT=300' >>/etc/profile

[root@python01 ~]# echo 'export HISTSIZE=5' >>/etc/profile 

[root@python01 ~]# echo 'export HISTFILESIZE=5' >>/etc/profile

8.隐藏linux系统信息

清空以下文件内容即可

[root@python01 ~]# cat /etc/issue
\S
Kernel \r on an \m

[root@python01 ~]# cat /etc/issue.net
\S
Kernel \r on an \m

9.快照的概念：

可以还原系统到指定快照时间

10.克隆虚拟机：学习专用

以一台机为标准（快照）：