搭建 CentOS 6 服务器(3)

（1）系统架构

查看内核

# uname -s -r
  Linux 2.6.32-358.el6.x86_64

查看发布版本

# cat /etc/redhat-release
  CentOS release 6.4 (Final)

查看CPU架构

# arch
  x86_64(x86_64表示64位机器/i686表示32位机器)
# getconf LONG_BIT
  64

（2）用户设置

添加用户

# /usr/sbin/useradd user1 -d /home/user1 -G nobody
# passwd user1
  New password: 123456
  Retype new password: 123456
  passwd: all authentication tokens updated successfully.

确认用户

# id user1

删除用户

# userdel -r user1

赋予root权限

# usermod -G wheel hoge
# vi /etc/pam.d/su
  auth       required     pam_wheel.so use_uid  # <= 取消注释

用户一览

# cat /etc/passwd

（3）网络设置

设置IP

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
  DEVICE="eth0"
  OTPROTO="static" # <=
  HWADDR="00:0C:29:53:A5:AE"
  IPV6INIT="no" # <=
  NM_CONTROLLED="yes"
  ONBOOT="yes"
  TYPE="Ethernet"
  UUID="1ca6acf4-ebce-415a-a89b-bf89a67819ff"
  IPADDR="xxx.xxx.xx.xx" # <=
  NETMASK="255.255.255.0" # <=
  GATEWAY="xxx.xxx.xx.xx" # <=
  DNS1="xxx.xxx.xx.xx" # <=

# service network restart
  Shutting down interface eth0:
  ......
  Connection activated      [  OK  ]

# ifconfig
  eth0      Link encap:Ethernet  HWaddr 00:0C:29:2F:D5:58
              inet addr:xxx.xxx.xx.xx  Bcast:xxx.xxx.xx.xx Mask:255.255.255.0
  ......

卸载NestworkManager服务

# chkconfig NetworkManager off
# yum -y remove NetworkManager

关闭IPv6

# service ip6tables stop
# chkconfig ip6tables off
# echo "install ipv6 /bin/true" >> /etc/modprobe.d/disable-ipv6.conf
# vi /etc/sysconfig/network
  NETWORKING_IPV6=no
  IPV6INIT=no
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# shutdown -r now
# lsmod | grep ipv6
  没有ipv6模块
# netstat -an | grep ffff
  没有:ffff:开始的IP
# ifconfig
  没有inet6 addr开始的文字

（4）包管理设置

yum清理

# yum clean all
  Loaded plugins: fastestmirror, security
  Cleaning repos: base extras updates
  Cleaning up Everything
# yum makecache
  Loaded plugins: fastestmirror, security
  Determining fastest mirrors
  ………….
  Metadata Cache Created

yum更新

# yum -y update

自动更新

# yum -y install yum-cron
# vi /etc/sysconfig/yum-cron
  CHECK_ONLY=yes
  DOWNLOAD_ONLY=yes
# /etc/rc.d/init.d/yum-cron start
# chkconfig yum-cron on
# chkconfig --list yum-cron

自动查找最快镜像

# yum -y install yum-plugin-fastestmirror
# vi /etc/yum/pluginconf.d/fastestmirror.conf
  enabled=0   ←0：无效 1：有效

添加repository

# vi /etc/yum.repos.d/CentOS-Base.repo

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# vi /etc/yum.repos.d/rpmforge.repo
  enabled=0
# yum --enablerepo=rpmforge install xxxx

# rpm -Uvh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# vi /etc/yum.repos.d/epel.repo
  enabled=0
# yum --enablerepo=epel install xxxx

（5）设置vim

# yum -y install vim-enhanced
# vi /etc/profile
  alias vi='vim'
# source /etc/profile
# vi /etc/vimrc

（6）安全设置

关闭SELinux

# getenforce
# setenforce 0 ←临时关闭
# vi /etc/sysconfig/selinux
  SELINUX=enforcing
　　　↓
  SELINUX=disabled

停止iptables

# /etc/rc.d/init.d/iptables stop
  iptables: Flushing firewall rules:                         [  OK  ]
  iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
  iptables: Unloading modules:                               [  OK  ]
# chkconfig iptables off
# chkconfig --list iptables
  iptables        0:off 1:off 2:off 3:off 4:off 5:off 6:off

（7）系统运行情况

磁盘使用情况

# df -h

# yum -y install sysstat
# iostat

内存使用情况

# free -m

CPU和内存

# cat /proc/cpuinfo
# cat /proc/meminfo

（8）其他

本地语言化

# yum -y groupinstall "Japanese Support"
# vi /etc/sysconfig/i18n
  LANG="en_US.UTF-8"
　　　↓
  LANG="ja_JP.UTF-8"
# source /etc/sysconfig/i18n
# echo $LANG
  ja_JP.UTF-8
# shutdown -r now

停止不必要的服务

# chkconfig --list | grep 3:on
# service ip6tables stop
# chkconfig ip6tables off

编码转换nkf(Network Kanji Filter)

# yum -y install nkf
# vi readme.txt
  test
  漢字
# nkf -g readme.txt
  UTF-8 (LF)
# nkf -s --overwrite readme.txt
# nkf -g readme.txt
  Shift_JIS (LF)
# nkf -j --overwrite readme.txt
# nkf -g readme.txt
  ISO-2022-JP (LF)

安装gcc

# rpm -qa gcc
# yum -y install gcc gcc-c++
# gcc -v
  Using built-in specs.
  Target: i686-redhat-linux
  …………
  gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)

安装PCRE

# cd /usr/local/src
# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz
# tar zxvf pcre-8.35.tar.gz
# cd /usr/local/src/pcre-8.35
# ./configure --prefix=/usr/local/pcre/8.35
# make clean
# make && make install
# PATH=/usr/local/pcre/8.35/bin:$PATH
# vi /etc/ld.so.conf
  /usr/local/pcre/8.35/lib ←末尾追加
# ldconfig
# rpm -qa pcre
  pcre-7.8-6.el6.x86_64
# pcretest -C
  PCRE version 7.8 2008-09-05

安装OpenSSL

# cd /usr/local/src
# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz
# tar xzvf openssl-1.0.1h.tar.gz
# cd openssl-1.0.1h
# ./config shared -fPIC
# make && make install
# vi /etc/ld.so.conf
  /usr/local/ssl/lib ←末尾追加
# ldconfig
# ldconfig -f /etc/ld.so.conf -vp|grep ssl/lib
  libssl.so.1.0.0 (libc6) => /usr/local/ssl/lib/libssl.so.1.0.0
  libssl.so (libc6) => /usr/local/ssl/lib/libssl.so
  libcrypto.so.1.0.0 (libc6) => /usr/local/ssl/lib/libcrypto.so.1.0.0
  libcrypto.so (libc6) => /usr/local/ssl/lib/libcrypto.so
# /usr/local/ssl/bin/openssl version
  OpenSSL 1.0.1h 5 Jun 2014

NTP同步时间

引用

# yum -y install ntp
# mv /etc/ntp.conf /etc/ntp.conf.org
# vi /etc/ntp.conf
  driftfile /var/lib/ntp/drift
  server 0.jp.pool.ntp.org
  server 1.jp.pool.ntp.org
  server 2.jp.pool.ntp.org
  server 3.jp.pool.ntp.org
# ntpdate 0.jp.pool.ntp.org
# /etc/init.d/ntpd start
# ntpq -p
# ntpstat

GHOST: glibc vulnerability (CVE-2015-0235)

# yum update glibc
# rpm -qa | grep glibc
  2.12-1.149.el6_6.5