CentOS common configuration methods

Time:2021-12-8

1. Configure IP address: cat / etc / sysconfig / network scripts / ifcfg-eth0

Copy code

The code is as follows:

NETMASK=255.255.255.0
IPADDR=X.X.X.X
GATEWAY=X.X.X.X

2. Configure DNS: / etc / resolv.conf

Copy code

The code is as follows:

nameserver 59.77.139.1
search localdomain

Restart the service after configuration:

service network restart

3. Solve Chinese garbled Code: / etc / sysconfig / I18N:

Copy code

The code is as follows:

LANG=”zh_CN.GB18030″
LANGUAGE=”zh_CN.GB18030:zh_CN.GB2312:zh_CN”
SUPPORTED=”zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en”
SYSFONT=”lat0-sun16″

4. Modify the startup level. The default is graphical startup. Change it to character interface: / etc / inittab

ID: 5: initdefault: changed to ID: 3: initdefault:

5. Vncserver is a remote connection tool, which is equivalent to the remote desktop under windows. It is very good and recommended. I’ve tried many methods. It seems that I can’t start myself. I have to start it manually after starting it. You can use vncviewer to connect on your own computer.

Start vncserver manually:

/usr/bin/vncserver
Or: / etc / init.d/vncserver start

6. Open the firewall and allow SSH and vncserver ports (5801 and 5901): / etc / sysconfig / iptables

Copy code

The code is as follows:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 5801 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

7. Some configurations for VI:

Copy code

The code is as follows:

cp /etc ~/.vimrc
vi ~/.vimrc:

Add the following:

Show line numbers
set number

“Number of rows to record history”
set history=1000

Syntax highlight
syntax on

“The background is black
set background=dark

“Use automatic alignment, that is, apply the alignment format of the current line to the next line;
set autoindent

“According to the above alignment format, you can intelligently select the alignment method, which is similar to C language
set smartindent

“Set the matching mode, which is similar to matching the corresponding closing parenthesis when an opening parenthesis is entered
set showmatch

“The first line sets the tab key to 4 spaces, and the second line sets 4 spaces when interleaving between lines
set tabstop=4
set shiftwidth=4

“During editing, the status line of the cursor position is displayed in the lower right corner
set ruler
set incsearch
Highlight current row
set cursorline

Some security settings:

1. Shut down some unnecessary services.
Only the services that need to be started are listed below. Services that are not listed can be shut down:

Copy code

The code is as follows:

#setup
acpid
anacron
cpuspeed
crond
Irqbalance \ \ only when the server CPU is in s.m.p architecture or supports dual core and HT Technology, it needs to be turned on, otherwise it needs to be turned off.
microcode_ctl
network
random
sendmail
sshd
syslog
yum-updatesd

2. View system user: / etc / passwd:

Delete redundant system accounts:

Userdel ADM userdel LP userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel FTP if you do not allow anonymous FTP, delete this user account

groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers

3、

chmod 600 /etc/xinetd.conf

4. Forbidden Ping
/Add a line in / etc.rc.d/rc.local

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
0 means allowed and 1 means prohibited

5. Password file
The chatr command adds an unchangeable attribute to the following files to prevent unauthorized users from gaining permissions.

Copy code

The code is as follows:

# chattr +i /etc/passwd
# chattr +i /etc/shadow
# chattr +i /etc/group
# chattr +i /etc/gshadow

6. Disable Ctrl Alt delete restart machine command
Modify the / etc / inittab file and comment out the line “CA:: Ctrl altdel: / SBIN / shutdown – T3 – r now”. Then reset
Set the permission of all files in / etc / rc.d/init.d/ directory, and run the following command:

# chmod -R 700 /etc/rc.d/init.d/*

In this way, only root can read, write, or execute all of the above script files.

7. It is better to change the SSH port to more than 10000, and the probability of others scanning the port will also decrease
Lower versions of SSH protocol are not allowed

vi /etc/ssh/sshd_config
Change #protocol 2,1 to
protocol 2

Change port to more than 1000 ports

vi /etc/ssh/sshd_config
Port 10086

Recommended Today

Tutorial on sending e-mail using net:: SMTP class in Ruby

Simple Mail Transfer Protocol(SMTP)SendE-mailAnd routing protocol processing between e-mail servers. RubyIt provides the connection of simple mail transfer protocol (SMTP) client of net:: SMTP class, and provides two new methods: new and start New takes two parameters: Server name defaults to localhost Port number defaults to 25 The start method takes these parameters: Server – […]