VMware_CentOS7.x安装
工具
装机
前边参考centos6的安装--->install CentOS7--->中文---->语言(需要再安装一个英文版本,一些不支持中文)---->英文---->最小化安装server with GUI---->将CompatibilityLibraries+DevelopmentTools+Security选中---->自动分区(都已经是新版本了,不需要再给bios分区了)--->网络和主机名---->启动网络---->开始安装---->设置密码--->重启
ssh登录策略
ssh配置文件
1. admin@1234
2. [root@localhost ~]#/etc/ssh/sshd_config
3. [root@localhost ~]#-n /etc/ssh/sshd_config |-n '17p;38p;43p;47p;65p;79p;115p'
4. 17Port22222#工作中常设定到1万以上,否则容易被扫出来
5. 38PermitRootLoginno#禁止root远程登录
6. 43PubkeyAuthentication#开启公钥认证模式
7. 47AuthorizedKeysFile.ssh/authorized_keys #公钥存放位置
8. 65PasswordAuthenticationno#关闭密码认证
9. 79GSSAPIAuthenticationno#关闭GSSAPI认证,极大提高ssh连接速度
10. 115UseDNSno#关闭DNS反向解析,极大提高ssh连接速度
创建普通用户(使普通用户也可以免密登录,使用root的时候sudo su -,这样不用输入密码,提高了安全)
1. [root@localhost ~]#-keygen #创建密钥
2. Generatingpublic/private.
3. Enterin(/root/.ssh/id_rsa):
4. Created'/root/.ssh'.
5. Enter(empty forno):
6. Enter:
7. Yourin/root/.ssh/id_rsa.
8. Yourpublicin/root/.ssh/id_rsa.pub.
9. Theis:
10. SHA256:4N3nQ21gdkAJ1S1AzLzp2eLbfschPiRuNGn0fSmPHdc.5
11. The's randomart image is:
12. +---[RSA 2048]----+
13. | .O*+ . |
14. | =.o .|
15. | . +o.. |
16. | . o . +o+ |
17. | . S o.=o+ o|
18. | X+*.=E|
19. | +.B.*.=|
20. | o.* o+|
21. | . .o+..|
22. +----[SHA256]-----+
23. [root@localhost ~]# cd .ssh
24. [root@localhost .ssh]# mv id_rsa id_rsa_root
25. [root@localhost .ssh]# ls
26. id_rsa.pub id_rsa_root
27. [root@localhost .ssh]# cat id_rsa.pub > authorized_keys #将密钥导入keys文件中
28. [root@localhost .ssh]# ls
29. authorized_keys id_rsa.pub id_rsa_root
30. [root@localhost .ssh]# useradd yunjisuan
31. [root@localhost .ssh]# echo "123123" | passwd --stdin yunjisuan
32. Changing password for user yunjisuan.
33. passwd: all authentication tokens updated successfully.
34. [root@localhost .ssh]# mkdir -p /home/yunjisuan/.ssh
35. [root@localhost .ssh]# chown yunjisuan.yunjisuan /home/yunjisuan/.ssh
36. [root@localhost .ssh]# chmod 700 /home/yunjisuan/.ssh
37. [root@localhost .ssh]# cp -p authorized_keys /home/yunjisuan/.ssh
38. [root@localhost .ssh]# chown yunjisuan.yunjisuan /home/yunjisuan/.ssh/authorized_keys
39. [root@localhost .ssh]# ll /home/yunjisuan/.ssh/authorized_keys
40. -rw-r--r-- 1 yunjisuan yunjisuan 396 Jul 16 16:22 /home/yunjisuan/.ssh/authorized_keys
41. [root@localhost .ssh]# vim /etc/sudoers
42. [root@localhost .ssh]# sed -n '93p' /etc/sudoers
43. yunjisuan ALL=(ALL) NOPASSWD: ALL
设置xshell私钥登录Linux
1. [root@localhost .ssh]# ls
2. authorized_keys id_rsa.pub id_rsa_root
3. [root@localhost .ssh]# pwd
4. /root/.ssh
5. [root@localhost .ssh]##将文件导入桌面后,再文件导入xshell登录
xshell私钥登录后的显示
1. [yunjisuan@localhost ~]$ sudo su -
2. Last:TueJul1611:45:262019from192.168.200.1/0
3. [root@localhost ~]# ls
4. anaconda-ks.cfg
5. [root@localhost ~]# su yunjisuan
6. [yunjisuan@localhost root]$ ls
7. ls:.:Permission denied
8. [yunjisuan@localhost root]$ cd ~
9. [yunjisuan@localhost ~]$ ls -a
10. ....bash_logout .bash_profile .bashrc .ssh
11. [yunjisuan@localhost ~]$ ls .ssh/
12. authorized_keys
开机进行的操作
改名
方法一
1. [root@localhost ~]#/etc/hostname
2. [root@localhost ~]#/etc/hostname
3. liangzhunhao
4. [root@localhost ~]# reboot
5. [root@liangzhunhao ~]#
方法二
1. [root@localhost ~]# hostname liangzhunhao
2. [root@localhost ~]#/etc/hostname
3. liangzhunhao
4. [root@localhost ~]# reboot
5. [root@liangzhunhao ~]#
主机名映射
1. [root@liangzhunhao ~]#/etc/hosts
2. [root@liangzhunhao ~]#/etc/hosts
3. 127.0.0.1.localdomain localhost4 localhost4.localdomain4
4. ::1.localdomain localhost6 localhost6.localdomain6
5. 192.168.200.75 liangzhunhao
关闭NetworkManager
关闭NetworkManager服务,并关闭开机自启动(若不设置这一步,则会造成修改IP后未改变)
1. [root@liangzhunhao ~]#NetworkManager
2. ●NetworkManager.service -NetworkManager
3. Loaded:(/usr/lib/systemd/system/NetworkManager.service;;:)#开机自启动,配置文件在/usr/lib/systemd/system/NetworkManager.service
4. Active:(running)五2019-12-0621:45:37;3min21s#开启状态
5. Docs::NetworkManager(8)
6. Main:1034(NetworkManager)#pid号
7. CGroup:/system.slice/NetworkManager.service
8. ├─1034/usr/sbin/NetworkManager--no-daemon
9. └─1208/sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens32.pid -lf /var/lib/NetworkManager/dhclient-36ed6a5c-b98f-4177-80d8-0b3b4657b0cc-ens32.lease -cf /var/lib/Netw...
10. 11. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8562](ens32)::-config ->-check (reason 'none',-iface-state:'managed')
12. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8565](ens32)::-check ->(reason 'none',-iface-state:'managed')
13. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8566](ens32)::->(reason 'none',-iface-state:'managed')
14. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8596]:NetworkManageris now CONNECTED_LOCAL
15. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8605]:NetworkManageris now CONNECTED_SITE
16. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8609]:set'ens32'(ens32)asdefaultforIPv4and DNS
17. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8617](ens32):Activation:,.
18. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8632]: startup complete
19. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8698]:NetworkManageris now CONNECTED_GLOBAL
20. 12月0621:45:37[1208]:192.168.200.75--in2435547.
21. [root@liangzhunhao ~]#NetworkManager
22. [root@liangzhunhao ~]#NetworkManager
23. Removed/etc/systemd/system/multi-user.target.wants/NetworkManager.service.
24. Removed/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
25. Removed/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
26. [root@liangzhunhao ~]#NetworkManager
27. ●NetworkManager.service -NetworkManager
28. Loaded:(/usr/lib/systemd/system/NetworkManager.service;;:)
29. Active:(dead)五2019-12-0621:49:56;3s ago
30. Docs::NetworkManager(8)
31. Process:1034ExecStart=/usr/sbin/NetworkManager--no-daemon (code=exited,=0/SUCCESS)
32. Main:1034(code=exited,=0/SUCCESS)
33. CGroup:/system.slice/NetworkManager.service
34. └─1208/sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens32.pid -lf /var/lib/NetworkManager/dhclient-36ed6a5c-b98f-4177-80d8-0b3b4657b0cc-ens32.lease -cf /var/lib/Netw...
35. 36. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8596]:NetworkManageris now CONNECTED_LOCAL
37. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8605]:NetworkManageris now CONNECTED_SITE
38. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8609]:set'ens32'(ens32)asdefaultforIPv4and DNS
39. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8617](ens32):Activation:,.
40. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8632]: startup complete
41. 12月0621:45:37NetworkManager[1034]:<info>[1575639937.8698]:NetworkManageris now CONNECTED_GLOBAL
42. 12月0621:45:37[1208]:192.168.200.75--in2435547.
43. 12月0621:49:56NetworkManager[1034]:<info>[1575640196.0380],.
44. 12月0621:49:56[1]:StoppingNetworkManager...
45. 12月0621:49:56[1]:StoppedNetworkManager.
46. [root@liangzhunhao ~]#-unit-files |Network#列出所有服务开机的状态
47. NetworkManager-dispatcher.service disabled
48. NetworkManager-wait-online.service enabled
49. NetworkManager.service disabled
注释:
1. 若不进行这一步具体的systemctl status network具体报错,需systemctl stop NetworkManager
2. Mar1002:57:29[2193]:Bringinginterface:Connection(D-Bus:/org/freedesktop/NetworkManager/ActiveConnection/3)
3. 关闭networkmanager后可以观察一下network是否处于开机自启动,若不是可以/sbin/chkconfig network on打开
4. 若出现一些无法解决的错误可以重启本机的网卡试试
设置DNS
当启动network时,网卡的优先级要比它高,所以会覆盖它,但当启动后网络会先从它这里读取数据,所以可以临时生效
1. [root@liangzhunhao ~]#/etc/resolv.conf
2. # Generated by NetworkManager
3. search localdomain
4. nameserver 192.168.200.2
5. [root@liangzhunhao ~]#/etc/resolv.conf
6. [root@liangzhunhao ~]#/etc/resolv.conf
7. # Generated by NetworkManager
8. search localdomain
9. nameserver 192.168.200.66
10. [root@liangzhunhao ~]# systemctl restart network
11. [root@liangzhunhao ~]#/etc/resolv.conf
12. ;by/usr/sbin/dhclient-script
13. search localdomain
14. nameserver 192.168.200.2
设置网卡
1. [root@liangzhunhao ~]#/etc/sysconfig/network-scripts/ifcfg-ens32
2. TYPE="Ethernet"#网络类型,Ethernet为以太网
3. PROXY_METHOD="none"#代理方式
4. BROWSER_ONLY="no"#只是浏览器
5. BOOTPROTO="none"#不启用dhcp,手动配置
6. DEFROUTE="yes"#启动默认路由
7. NAME="ens32"#网卡别名
8. DEVICE="ens32"#网卡的设备名称
9. ONBOOT="yes"#开机自动激活网卡
10. IPADDR=192.168.200.75#IP地址
11. NETMASK=255.255.255.0#子网掩码
12. GATEWAY=192.168.200.2#网关
13. DNS1=192.168.200.2#dns
14. [root@liangzhunhao ~]# systemctl restart network
关闭selinux
1. [root@liangzhunhao ~]##查看selinux状态
2. SELinux: enabled
3. SELinuxfs:/sys/fs/selinux
4. SELinux:/etc/selinux
5. Loaded: targeted
6. Current: enforcing
7. Modefrom: enforcing
8. Policy: enabled
9. Policy: allowed
10. Max:31
11. [root@liangzhunhao ~]#/etc/selinux/config
12. [root@liangzhunhao ~]#/etc/selinux/config
13. 14. # This file controls the state of SELinux on the system.
15. # SELINUX= can take one of these three values:
16. # enforcing - SELinux security policy is enforced.
17. # permissive - SELinux prints warnings instead of enforcing.
18. # disabled - No SELinux policy is loaded.
19. SELINUX=disabled #永久关闭
20. # SELINUXTYPE= can take one of three two values:
21. # targeted - Targeted processes are protected,
22. # minimum - Modification of targeted policy. Only selected processes are protected.
23. # mls - Multi Level Security protection.
24. SELINUXTYPE=targeted
25. [root@liangzhunhao ~]#0#临时关闭selinux
26. [root@liangzhunhao ~]# reboot
27. [root@liangzhunhao ~]# sestatus
28. SELinux: disabled
yum源
1. [root@liangzhunhao ~]#/etc/yum.repos.d/
2. [root@liangzhunhao yum.repos.d]# mkdir bak
3. [root@liangzhunhao yum.repos.d]#./* bak
4. mv: 无法将目录"./bak" 移动至自身的子目录"bak/bak" 下
5. [root@liangzhunhao yum.repos.d]# mv bak/*M* .
6. [root@liangzhunhao yum.repos.d]# vi CentOS-Media.repo #将enabled改为1
7. [root@liangzhunhao yum.repos.d]# mkdir -p /media/cdrom
8. [root@liangzhunhao yum.repos.d]# mount /dev/sr0 /media/cdrom/
9. mount: /dev/sr0 写保护,将以只读方式挂载(若是挂载失败,查看VMware上有无光盘)
10. [root@liangzhunhao yum.repos.d]# yum -y clean all
11. [root@liangzhunhao yum.repos.d]# yum makecache
12. [root@liangzhunhao yum.repos.d]# yum provides *bin/wget
13. 已加载插件:fastestmirror
14. Loading mirror speeds from cached hostfile
15. * c7-media:
16. wget-1.14-15.el7_4.1.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
17. 源 :c7-media
18. 匹配来源:
19. 文件名 :/usr/bin/wget
20. [root@liangzhunhao yum.repos.d]# yum -y install wget-1.14-15.el7_4.1.x86_64
21. [root@liangzhunhao yum.repos.d]# ping baidu.com
22. PING baidu.com (220.181.38.148) 56(84) bytes of data.
23. 64 bytes from baidu.com (220.181.38.148): icmp_seq=1 ttl=128 time=10.7 ms
24. ^C
25. --- baidu.com ping statistics ---
26. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
27. rtt min/avg/max/mdev = 10.704/10.704/10.704/0.000 ms
28. [root@liangzhunhao yum.repos.d]# mv ./* bak
29. mv: 无法将目录"./bak" 移动至自身的子目录"bak/bak" 下
30. [root@liangzhunhao yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo
31. [root@liangzhunhao yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
32. [root@liangzhunhao yum.repos.d]# ll
33. 总用量 8
34. drwxr-xr-x 2 root root 187 12月 6 23:42 bak
35. -rw-r--r-- 1 root root 2523 6月 16 2018 CentOS-163.repo
36. -rw-r--r-- 1 root root 2523 6月 16 2018 CentOS-aliyun.repo
37. [root@liangzhunhao yum.repos.d]# yum -y clean all
38. [root@liangzhunhao yum.repos.d]# yum makecache
39. [root@liangzhunhao yum.repos.d]# yum update #更新系统(更新的时间取决于网速)
时间同步
1. [root@liangzhunhao ~]#-y install ntpdate
2. [root@liangzhunhao ~]#-unit-files
3. [root@liangzhunhao ~]#-sf /usr/share/zoneinfo/Asia/Shanghai/etc/localtime
4. #-s 软连接 -f 强制执行
5. [root@liangzhunhao ~]#.aliyun.com
6. 6Dec23:54:04[40927]:120.25.115.20-0.031152 sec
7. [root@liangzhunhao ~]# date
8. 2019年12月06日星期五23:54:08 CST
9. [root@liangzhunhao ~]#"*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >> /var/log/ntp.log 2>&1;/sbin/hwclock -w">>/var/spool/cron/root
10. [root@liangzhunhao ~]#-l
11. */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >>/var/log/ntp.log 2>&1;/sbin/hwclock -w
12. # 2>&1 这个符号写在末尾是为了将错误输出到正确输出中,但是正确输出为1,即输出到/var/log/ntp.log,也就是无论正确错误都是输出到同一个文件中
关闭防火墙
1. systemctl disable firewalld.service
+