rhle,centos,ubuntu相关工作笔记

rhel配置 本地yum

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 yum命令是现在最常用的软件管理，但该命令默认从网站上查找新的软件包进行更新。我很想从本地的光盘或ISO文件更新软件.下面介绍一个最简单的方法

 

 

1、把光盘或ISO文件mount到指定目录，这里我们让它实现自动挂载

mkdir /media/dvd

vi /etc/fstab

#最后一行添加

/dev/cdrom /media/dvd iso9660 default 0 0

mount -a

 

 

2、修改yum.conf文件

用文本编辑器创建/etc/yum.repos.d/rhel5-dvd.repo文件

vi /etc/yum.repos.d/rhel5-dvd.repo

[rhel5-dvd]

name=rhel5-dvd

baseurl=file:///media/dvd/Server/

gpgcheck=0

 

保存退出

 

 

3、测试

在命令行输入

#yum check-update

#yum install ****.rpm

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Ubuntu下相关配置

http://knowledge-republic.com/CRM/2011/05/ubuntu-account-password-policy/

https://wiki.archlinux.org/index.php/Sudo_%28%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87%29

 

添加环境变量，指定visudo编辑器为vim

export EDITOR="/usr/bin/vim -p -X"

 

Summaries

 

(/etc/login.defs)

PASS_MAX_DAYS   90

 

PAM相关函数库路径

ls /lib/security/pam*

 

 

 

 

密码复杂度要求，记住5个历史密码

(/etc/pam.d/common-password)

apt-get install libpam-cracklib

root@ubuntu:/etc/pam.d# grep -v ^# common-password | grep -v ^$

password    requisite           pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1

password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512 remember=5

password requisite pam_deny.so

password required pam_permit.so

root@ubuntu:/etc/pam.d# 

 

 

 

密码5次错误锁定30分钟

(/etc/pam.d/common-auth)

root@ubuntu:/etc/pam.d# grep -v ^# common-auth | grep -v ^$

auth    required            pam_tally.so onerr=fail deny=5 unlock_time=1800

auth [success=1 default=ignore] pam_unix.so nullok_secure

auth requisite pam_deny.so

auth required pam_permit.so

root@ubuntu:/etc/pam.d# 

 

 

 

 

http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

 

 

 

sudo相关

admin组可以 sudo执行任何命令

 

禁止普通用户su切换用户

(/etc/pam.d/su)

root@ubuntu:/etc/pam.d# grep -v ^# su | grep -v ^$

auth       sufficient pam_rootok.so

auth       required   pam_wheel.so

auth       sufficient pam_wheel.so trust

session       required   pam_env.so readenv=1

session       required   pam_env.so readenv=1 envfile=/etc/default/locale

session    optional   pam_mail.so nopen

@include common-auth

@include common-account

@include common-session

 

sudo用户权限相关配置

useradd admin -g admin -m -s /bin/bash

 

useradd user1 -G admin -m -s /bin/bash

 

usermod -G lgl,admin lgl

 

#使用加密密码更改admin用户密码,此处密码为123456

usermod -p '$1$SpLt3glw$8rv9NuZzQx/TmXkJ6oK2V.' admin

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ubuntu 10.04 

#!/bin/bash

 

lsb_release -a | grep lucid

if [ $? -ne 0 ]; then

echo "Your current system version not Ubuntu 10.04!"

exit

else

curl mirrors.sh.ctriptravel.com

if [ $? -ne 0 ]; then

echo "Your current host to mirrors.sh.ctriptravel.com unreachable!"

exit

fi

mkdir /var/backup

for I in /etc/sysctl.conf /etc/security/limits.conf /etc/bash.bashrc /etc/login.defs /etc/pam.d/common-password /etc/pam.d/common-auth /etc/pam.d/su /etc/sudoers /etc/ssh/sshd_config /etc/init/control-alt-delete.conf /etc/ntp.conf /etc/profile /etc/default/grub /etc/default/rcS; do

cp $I /var/backup;

done

 

#指定update服务器

cat > /etc/apt/sources.list << "EOF"

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-security main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-updates main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-proposed main restricted universe multiverse

deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-backports main restricted universe multiverse

EOF

apt-get clean all

apt-get update

 

 

#开启limits限制

cat >> /etc/security/limits.conf << "EOF"

* - nofile 65536

* - nproc 65536

* - sigpending 65536

EOF

 

#禁用ipv6

sed -i 's/quiet/quiet ipv6.disable=1/' /etc/default/grub

update-grub

 

#设置用户密码有效期

sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs

 

#强制密码复杂***

apt-get -y install libpam-cracklib

sed -i 's/pam_cracklib.so retry=3 minlen=8 difok=3/pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/' /etc/pam.d/common-password

 

#设置多次错误密码帐号锁定时间

sed -i '/Primary/a\auth    required            pam_tally.so onerr=fail deny=5 unlock_time=1800' /etc/pam.d/common-auth

 

#禁止普通用户su切换用户身份

sed -i 's/# auth       required   pam_wheel.so/auth       required   pam_wheel.so/' /etc/pam.d/su

sed -i 's/# auth       sufficient pam_wheel.so trust/auth       sufficient pam_wheel.so trust/' /etc/pam.d/su

 

#记录用户历史命令

cat >> /etc/bash.bashrc << "EOF"

HISTORY_DIR=/tmp/.`date +%Y-%m-%d`

export PROMPT_COMMAND_FILE=${HISTORY_DIR}/`whoami`_`hostname`_history

export PROMPT_COMMAND='{ z=$(history 1 | { read x y; echo $y; }); echo -e "`who am i`: `pwd` :: $z"; } >> $PROMPT_COMMAND_FILE'

EOF

 

#添加root任务计划创建history目录

echo "01 * * * * root /bin/bash /bin/history.sh" > /etc/cron.d/history

 

cat > /bin/history.sh << "EOF"

#!/bin/bash

DIR=/tmp/.`date +%Y-%m-%d`

mkdir -p $DIR

chmod 777 $DIR

EOF

chmod 755 /bin/history.sh

 

#预创建/tmp下目录

mkdir -p /tmp/.`date +%Y-%m-%d`

chmod 777 /tmp/.`date +%Y-%m-%d`

 

#/tmp目录下内容保留最近10天

sed -i 's/TMPTIME=0/TMPTIME=10/' /etc/default/rcS

 

#设置用户终端超时间

sed -i '$a\TMOUT=600' /etc/profile

 

#ssh服务安全

sed -i 's/Port 22/Port 1022/' /etc/ssh/sshd_config

sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.96.36' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.96.37' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@192.168.93.41' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.30.251.85' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.30.251.86' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.28.93.31' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@172.28.126.6' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@10.168.21.3' /etc/ssh/sshd_config

sed -i '$a\AllowUsers siteviewmon@10.168.149.10' /etc/ssh/sshd_config

sed -i '$a\AllowUsers *@192.168.93.78' /etc/ssh/sshd_config

 

#禁用ctrl+alt+delete重启系统

sed -i 's$^exec shutdown$#exec shutdown$' /etc/init/control-alt-delete.conf

 

#配置ntp服务指向公司内部时间服务器

apt-get -y install ntp

sed -i 's/^server ntp.ubuntu.com/#server ntp.ubuntu.com/' /etc/ntp.conf

sed -i '/#server ntp.ubuntu.com/a\server time.sh.ctriptravel.com' /etc/ntp.conf

 

#添加admin用户

useradd admin -g admin -m -s /bin/bash

echo admin:GpV^fJ5#}xhdsad3fw4x | chpasswd

mkdir /home/admin/.ssh

cat > /home/admin/.ssh/authorized_keys << "EOF"

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzxp1XrHOXuE6jne/MrsdzRN/50UtDZHOinnpYkZzKS2u3bfhrBqVBPrDzfjJwdHQJsfnqjJsrrbIowyTJGR0Xn/G2z4zB2ng72jdju7DamM2UrBzHl6V/VJXfhwrfcIm76m1MWRY++9TZfRD6mOdL+sWhLEOkLYc5JAL66yduzY3PVFpxqtYQptC+FUHFwB4Jkt7g+st/1cSWD9GhwFDQ8PgoYoG2UGRm+8ORNf3xF9B71tBvOivTlqXWqIOrpMv4dRrZlddmNTYWCbQ/EjBHSB2ZzQCq7upbK/Q13mC9iQmNvKo7rVVYGHhRkXP/NFvNw0eCTEhGpzCWJGIzPpizQ== admin@vms00232

EOF

chmod 700 /home/admin/.ssh

chmod 600 /home/admin/.ssh/authorized_keys

chown -R admin.admin /home/admin/.ssh

 

#配置sudo相关权限

sed -i 's/%admin ALL=(ALL) ALL/%admin ALL=(ALL) NOPASSWD:ALL/' /etc/sudoers

fi

 

 

回退

192.168.49.33

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

软件包管理

 

 

aptitude命令使用

命令 作用

aptitude update 更新可用的包列表

aptitude upgrade 升级可用的包

aptitude dist-upgrade 将系统升级到新的发行版

aptitude install pkgname 安装包

aptitude remove pkgname 删除包

aptitude purge pkgname 删除包及其配置文件

aptitude search string 搜索包

aptitude show pkgname 显示包的详细信息

aptitude clean 删除下载的包文件

aptitude autoclean 仅删除过期的包文件

 

 

dpkg命令使用

命令 作用

dpkg -i package.deb 安装包

dpkg -r package 删除包

dpkg -P package 删除包（包括配置文件）

dpkg -L package 列出与该包关联的文件

dpkg -l package 显示该包的版本

dpkg --unpack package.deb 解开 deb 包的内容

dpkg -S keyword 搜索所属的包内容

dpkg -l 列出当前已安装的包

dpkg -c package.deb 列出 deb 包的内容

dpkg --configure package 配置包

 

 

APT命令使用

命令 作用

apt-cache search package 搜索包

apt-cache show package 获取包的相关信息，如说明、大小、版本等

apt-get install package 安装包

apt-get install package --reinstall 重新安装包

apt-get -f install 修复安装"-f = &mdash;&mdash;fix-missing"

apt-get remove package 删除包

apt-get remove package --purge 删除包，包括删除配置文件等

apt-get update 更新源

apt-get upgrade 更新已安装的包

apt-get dist-upgrade 升级系统

apt-get dselect-upgrade 使用 dselect 升级

apt-cache depends package 了解使用依赖

apt-cache rdepends package 是查看该包被哪些包依赖

apt-get build-dep package 安装相关的编译环境

apt-get source package 下载该包的源代码

apt-get clean 

apt-get autoclean 清理无用的包

apt-get check 检查是否有损坏的依赖

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Debian的crontab默认的编辑器是nano 设置默认VI 命令

 

Debian的crontab默认的编辑器是nano，用起来很不习惯,怎么才能转回VI呢?
用如下命令即可：
#update-alternatives --config editor

出现如下所示的界面：

There are 3 alternatives which provide `editor'.

Selection    Alternative
-----------------------------------------------
          1    /bin/ed
+        2    /bin/nano
*         3    /usr/bin/vim.tiny

Press enter to keep the default[*], or type selection number:

然后选择3使用/usr/bin/vim就可以了。

PS：如果你发现你的定时没有生效，可以/etc/init.d/cron restart命令强制生效一下。 

#########################################

rsync结合了delete功能

rsync -vzrtopg --delete --progress /data/mfs/ '-e ssh -p58422' application@10.32.60.32:/data/mfs/