selinux、iptables、firewalld相关介绍
https://blog.csdn.net/weixin_47019016/article/details/109535074
[apollo@localhost ~]$ su - root Password: Last login: Mon Mar 20 22:27:10 CST 2023 on tty1 [root@localhost ~]# [root@localhost ~]#
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# [root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# chkconfig iptables off
error reading information on service iptables: No such file or directory
[root@localhost ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@localhost ~]# [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@localhost ~]#
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# ll total 252 -rw-r--r--. 1 root root 312 Mar 20 22:18 ifcfg-ens192 -rw-r--r--. 1 root root 254 Mar 29 2019 ifcfg-lo lrwxrwxrwx. 1 root root 24 Mar 20 22:10 ifdown -> ../../../usr/sbin/ifdown -rwxr-xr-x. 1 root root 654 Mar 29 2019 ifdown-bnep -rwxr-xr-x. 1 root root 6532 Mar 29 2019 ifdown-eth -rwxr-xr-x. 1 root root 6190 Aug 9 2019 ifdown-ib -rwxr-xr-x. 1 root root 781 Mar 29 2019 ifdown-ippp -rwxr-xr-x. 1 root root 4540 Mar 29 2019 ifdown-ipv6 lrwxrwxrwx. 1 root root 11 Mar 20 22:10 ifdown-isdn -> ifdown-ippp -rwxr-xr-x. 1 root root 2130 Mar 29 2019 ifdown-post -rwxr-xr-x. 1 root root 1068 Mar 29 2019 ifdown-ppp -rwxr-xr-x. 1 root root 870 Mar 29 2019 ifdown-routes -rwxr-xr-x. 1 root root 1456 Mar 29 2019 ifdown-sit -rwxr-xr-x. 1 root root 1621 Mar 18 2017 ifdown-Team -rwxr-xr-x. 1 root root 1556 Mar 18 2017 ifdown-TeamPort -rwxr-xr-x. 1 root root 1462 Mar 29 2019 ifdown-tunnel lrwxrwxrwx. 1 root root 22 Mar 20 22:10 ifup -> ../../../usr/sbin/ifup -rwxr-xr-x. 1 root root 12415 Mar 29 2019 ifup-aliases -rwxr-xr-x. 1 root root 910 Mar 29 2019 ifup-bnep -rwxr-xr-x. 1 root root 13475 Mar 29 2019 ifup-eth -rwxr-xr-x. 1 root root 10114 Aug 9 2019 ifup-ib -rwxr-xr-x. 1 root root 12075 Mar 29 2019 ifup-ippp -rwxr-xr-x. 1 root root 11893 Mar 29 2019 ifup-ipv6 lrwxrwxrwx. 1 root root 9 Mar 20 22:10 ifup-isdn -> ifup-ippp -rwxr-xr-x. 1 root root 650 Mar 29 2019 ifup-plip -rwxr-xr-x. 1 root root 1064 Mar 29 2019 ifup-plusb -rwxr-xr-x. 1 root root 4997 Mar 29 2019 ifup-post -rwxr-xr-x. 1 root root 4154 Mar 29 2019 ifup-ppp -rwxr-xr-x. 1 root root 2001 Mar 29 2019 ifup-routes -rwxr-xr-x. 1 root root 3303 Mar 29 2019 ifup-sit -rwxr-xr-x. 1 root root 1755 Mar 18 2017 ifup-Team -rwxr-xr-x. 1 root root 1876 Mar 18 2017 ifup-TeamPort -rwxr-xr-x. 1 root root 2711 Mar 29 2019 ifup-tunnel -rwxr-xr-x. 1 root root 1836 Mar 29 2019 ifup-wireless -rwxr-xr-x. 1 root root 5419 Mar 29 2019 init.ipv6-global -rw-r--r--. 1 root root 20671 Mar 29 2019 network-functions -rw-r--r--. 1 root root 31027 Mar 29 2019 network-functions-ipv6 [root@localhost network-scripts]#
[root@localhost network-scripts]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2b:90:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.17/24 brd 192.168.3.255 scope global noprefixroute dynamic ens192
valid_lft 82186sec preferred_lft 82186sec
inet6 fe80::4bb3:66d9:235e:8c36/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:e5:73:ca brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:e5:73:ca brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.17 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::4bb3:66d9:235e:8c36 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2b:90:20 txqueuelen 1000 (Ethernet)
RX packets 2740 bytes 274678 (268.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 699 bytes 96916 (94.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2 bytes 98 (98.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 98 (98.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:e5:73:ca txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]#
[root@localhost network-scripts]# ll *192*
-rw-r--r--. 1 root root 312 Mar 20 22:18 ifcfg-ens192
[root@localhost network-scripts]#
[root@localhost network-scripts]# ip route
default via 192.168.3.1 dev ens192 proto dhcp metric 100
192.168.3.0/24 dev ens192 proto kernel scope link src 192.168.3.110 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@localhost network-scripts]#
[root@localhost network-scripts]#
##################################################
## Gateway
##################################################
[root@localhost network-scripts]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 ens192
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 ens192
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@localhost network-scripts]#
##################################################
## DNS
##################################################
[root@localhost network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.1
[root@localhost network-scripts]#
[root@localhost network-scripts]#
[root@localhost network-scripts]# vi ifcfg-ens192
[root@localhost network-scripts]# more ifcfg-ens192
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO=static
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens192"
DEVICE="ens192"
ONBOOT="yes"
IPADDR=192.168.3.110
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=192.168.3.1
[root@localhost network-scripts]#
[root@localhost network-scripts]# service network restart
Restarting network (via systemctl): [ OK ]
[root@localhost network-scripts]# shutdown -r 0
[root@localhost ~]# hostnamectl set-hostname template
[root@localhost ~]# hostname
template
[root@localhost ~]#
[root@localhost:~ ]$ hostnamectl --static set-hostname template
[root@localhost:~ ]$ exit
logout
[apollo@localhost ~]$ su - root
Password:
Last login: Tue Mar 21 00:15:06 CST 2023 on pts/0
[root@template:~ ]$ shutdown -h 0
[root@template:~ ]$ df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 7.8G 0 7.8G 0% /dev tmpfs 7.8G 0 7.8G 0% /dev/shm tmpfs 7.8G 9.4M 7.8G 1% /run tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup /dev/sda1 83G 2.1G 77G 3% / tmpfs 1.6G 0 1.6G 0% /run/user/1000 [root@template:~ ]$
[root@template:~ ]$
[root@template:~ ]$
[root@template:~ ]$ localectl set-locale LANG=en_US.UTF-8
[root@template:~ ]$
[root@template:~ ]$ vi /etc/default/locale
[root@template:~ ]$ cat /etc/default/locale
LANG=en_US.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_TIME=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
LC_PAPER=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8
[root@template:~ ]$
[root@template:~ ]$
[root@template:~ ]$ fdisk -l
Disk /dev/sda: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000123a7
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 176160767 88079360 83 Linux
/dev/sda2 176160768 209715199 16777216 82 Linux swap / Solaris
[root@template:~ ]$
yum install vim
yum install lvm2
[root@template:~ ]$ cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Mar 20 22:05:33 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=c66af4d7-3af8-4403-82ed-7e60f888a1fe / ext4 defaults 1 1
UUID=6553ebd9-ee04-49af-86dd-1e728de87d95 swap swap defaults 0 0
[root@template:~ ]$
[root@template:~ ]$ cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH set -o vi PS1="[\[\033[01;32m\]\u@\h\[\033[01;34m\]:\w \[\033[00m\]]$ " alias ll='ls -al -v --group-directories-first --color=auto --time-style=long-iso' [root@template:~ ]$
[root@template:~ ]$ ll ./.ssh/ total 20K -rw-r--r-- 1 root root 171 2023-03-21 11:00 known_hosts -rw-r--r-- 1 root root 395 2023-03-21 10:59 id_rsa.pub -rw------- 1 root root 1.7K 2023-03-21 10:59 id_rsa dr-xr-x---. 5 root root 4.0K 2023-03-21 10:59 .. drwx------ 2 root root 4.0K 2023-03-21 11:00 . [root@template:~ ]$ [root@template:~ ]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@localhost /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@localhost's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@localhost'" and check to make sure that only the key(s) you wanted were added. [root@template:~ ]$ ll ./.ssh/ total 24K -rw-r--r-- 1 root root 171 2023-03-21 11:00 known_hosts -rw-r--r-- 1 root root 395 2023-03-21 10:59 id_rsa.pub -rw------- 1 root root 1.7K 2023-03-21 10:59 id_rsa -rw------- 1 root root 395 2023-03-21 11:02 authorized_keys dr-xr-x---. 5 root root 4.0K 2023-03-21 10:59 .. drwx------ 2 root root 4.0K 2023-03-21 11:02 . [root@template:~ ]$
[root@template:~ ]$ ssh root@localhost
Last login: Tue Mar 21 11:04:41 2023
[root@template:~ ]$
yum install ntp netdate
yum install chrony
- template CentOS7 CentOS Docker fortemplate centos7 centos docker centos7 centos docker centos7-docker available docker-ce centos7 package centos7 docker centos centos7 centos docker yum centos7yum centos7 centos docker docker-ce centos7 centos docker centos7-docker kafkamanager zookeeper centos7 centos7 showdoc centos docker