最小化安装Linux的常用配置整理
基于安全性考虑,将服务器进行最小化安装,毕竟软件包越少,漏洞越少,相对来说就约安全,但是最小化安装会给运维带来一些问题和不便,下面是我总结的,常见的一些配置和工具的安装,仅供各位大神参考,如有新的idea,欢迎补充!
1 #yum配置 2 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup 3 CentOS 5 4 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo 5 CentOS 6 6 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 7 CentOS 7 8 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 9 yum clean all 10 yum makecache 11 12 #时间同步 13 echo "*/5 * * * * /usr/sbin/ntpdate ntp.sjtu.edu.cn >> /home/timedate.log && hwclock -w && hwclock --show >> /home/timedate.log" >> /var/spool/cron/root 14 15 #ctrlaltdel 16 sed -i '/ca::ctrlaltdel:/{s/^/#/}' /etc/inittab 17 18 #initdefault 19 sed -r -i '/^id/s/.*/id:3:initdefault:/' /etc/inittab 20 21 #lock file 22 chattr +i /etc/passwd /etc/inittab /etc/group /etc/shadow /etc/gshadow 23 mv /usr/bin/chattr /usr/bin/testchattr 24 25 #常用工具安装: 26 yum -y install wget vim lsof lrzsz 27 28 # GCC编译环境 29 yum -y install gcc-* zlib zlib-devel glibc-* libpcap libpcap-devel ncurses ncurses-devel libpcap-devel* unzip 30 31 # 系统管理常用工具 32 yum -y install sysstate iotop state dstat htop iotop 33 34 #性能监控工具 35 dstat iftop htop sysstat 36 37 # setup命令 38 yum install setuptool ntsysv system-config-network-tui system-config-securitylevel-tui iptables -y 39 40 #其他工具安装 41 yum -y install rsync git vsftpd httpd 42 43 #桌面环境-右键没有terminal 44 yum -y install nautilus-open-terminal 45 reboot 46 shutdown -r now 47 48 # 防火墙 49 iptables -F 50 service iptables save 51 service iptables restart 52 chkconfig iptables off 53 54 #selinux 55 setenforce 0 56 sed -r -i '/^SELINUX=/s/.*/SELINUX=disabled/' /etc/selinux/config 57 58 #history 59 echo "HISTFILESIZE=2000" >> /etc/bashrc 60 echo "HISTFILESIZE=2000" >> /etc/bashrc 61 echo "HISTSIZE=2000" >> /etc/bashrc 62 echo "HISTTIMEFORMAT='<%F %T> : '" >> /etc/bashrc 63 64 #timeout ssh 65 echo "umask 022" >>/etc/profile 66 echo "export TMOUT=6000" >>/etc/profile 67 68 #open files 69 echo "* soft nofile 65535" >> /etc/security/limits.conf 70 echo "* hard nofile 65535" >> /etc/security/limits.conf 71 echo "* - nproc unlimited" >> /etc/security/limits.conf 72 echo "* soft nproc unlimited" >>/etc/security/limits.d/90-nproc.conf 73 echo "session required /lib64/security/pam_limits.so" >>/etc/pam.d/login
人们永远没有足够的时间把它做好,但永远有足够的时间重新来过。 可是,因为并不是总有机会重做一遍,你必须做得更好,换句话说, 人们永远没有足够的时间去考虑到底是不是想要它,但永远有足够的时间去为之后悔。 ★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★ 浅掘千口井,不如深挖一口井!当知识支撑不了野心时,那就静下心来学习吧!运维技术交流QQ群:618354452
个人微信公众号,定期发布技术文章和运维感悟。欢迎大家关注交流。