Centos7 入门几个操作

http://www.wallcopper.com/linux/1650.html

创建文件软连接

ln -s 源路径 目标路径

查看软连接
ls -il

服务操作：
systemctl start foo.service
systemctl stop foo.service
systemctl restart foo.service
systemctl status foo.service
在开机时启用一个服务：
systemctl enable foo.service
在开机时禁用一个服务：
systemctl disable foo.service
列出服务的开机状态：
systemctl list-unit-files
列出当前系统服务的状态：
systemctl list-units
查看指定服务的状态：
systemctl status foo

iptables实例：
cat > /etc/sysconfig/iptables < !
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 322 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
!

systemctl enable iptables.service
systemctl disable firewalld.service

systemctl stop firewalld
systemctl start iptables
iptables -nvL

firwalld实例

firewalld默认配置文件有两个：

/usr/lib/firewalld/ （系统配置，尽量不要修改）和 /etc/firewalld/ （用户配置地址）

firewall-cmd –get-default-zone
firewall-cmd –set-default-zone=public
firewall-cmd –zone=public –add-service=http
firewall-cmd –zone=public –query-service=http
firewall-cmd –add-port=80/tcp –permanent //永久添加80端口
firewall-cmd –query-port=80/tcp //查询80端口是yes还是no
firewall-cmd –zone=public –list-all
常用命令介绍

firewall-cmd –permanent –zone=public –add-port=80/tcp  //public区域

firewall-cmd –permanent –zone=public –remove-port=80/tcp  //移除80端口号

firewall-cmd –state ##查看防火墙状态，是否是running
firewall-cmd –reload ##重新载入配置，比如添加规则之后，需要执行此命令
firewall-cmd –get-zones ##列出支持的zone
firewall-cmd –get-services ##列出支持的服务，在列表中的服务是放行的
firewall-cmd –query-service ftp ##查看ftp服务是否支持，返回yes或者no
firewall-cmd –add-service=ftp ##临时开放ftp服务
firewall-cmd –add-service=ftp –permanent ##永久开放ftp服务
firewall-cmd –remove-service=ftp –permanent ##永久移除ftp服务
firewall-cmd –add-port=80/tcp
iptables nvL ##查看规则，这个命令是和iptables的相同的
man firewall-cmd ##查看帮助

firewall-cmd –list-all

firewall-cmd –list-ports
5666/tcp 322/tcp 80/tcp

例如修改sshd登陆端口为822后：
firewall-cmd –add-port=822/tcp
firewall-cmd –add-port=522/tcp –permanent //永久添加

systemctl restart firewalld.service
iptables -nvL
参考:
http://lduan.blog.51cto.com/5428084/1547139
http://fedorahosted.org/firewalld/

3、切换到“runlevel 3”：

systemctl isolate multi-user.target (or)
systemctl isolate runlevel3.target

切换到“runlevel 5 ”：

systemctl isolate graphical.target (or)
systemctl isolate runlevel5.target

配置开机默认切换到runlevel 3 ：

ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

默认切换到runlevel 5 ：

ln -sf /lib/systemd/system/graphical.target/etc/systemd/system/default.target

关闭SELINUX

vi /etc/selinux/config或者/etc/sysconfig/selinux
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出

#setenforce 0 #使配置立即生效
否则sshd端口无法修改：systemctl status sshd
Sep 11 21:11:54 server28 sshd[46046]: error: Bind to port 322 on :: failed: Permission denied.
Sep 11 21:11:56 server28 python[46049]: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket .

修改sshd_config端口配置
Port=22

安装ifconfig, dig，wget等软件
yum -y install net-tools bind-utils wget

配置sysctl.conf
vi /usr/lib/sysctl.d/00-system.conf

more
/etc/security/limits.conf

修改时钟
vi /etc/adjtime
UTC改为LOCAL
0 0 * * * /usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w
rpm -qf /usr/sbin/ntpdate
ntp-4.2.2p1-15.el5.centos.1
yum -y install ntp
执行
/usr/sbin/ntpdate 0.pool.ntp.org;/sbin/hwclock -w

停止不必要的服务及端口
systemctl disable cupsd
systemctl disable avahi-daemon
systemctl disable nfs-lock
systemctl disable rpcbind.service
systemctl disable rpcbind.socket
systemctl disable chronyd
systemctl disable postfix
systemctl disable firewalld
systemctl disable libvirtd
systemctl enable iptables
systemctl stop cupsd
systemctl stop avahi-daemon
systemctl stop nfs-lock
systemctl stop rpcbind.service
systemctl stop rpcbind.socket
systemctl stop chronyd
systemctl stop postfix
systemctl stop firewalld
systemctl stop libvirtd
systemctl start iptables

卸载firefox和evolution
rpm -e firefox
yum remove evolution-data-server evolution evolution-help
yum remove gnome-session gnome-shell

Yum源
// 1 安装
yum install package  // 安装指定的安装包package

// 2 更新和升级
yum update  // 全部更新
yum update package  // 更新指定程序包package
yum check-update  // 检查可更新的程序
yum upgrade package  // 升级指定程序包package

// 3 查找和显示
yum info // 列出所有可以安装或更新的包的信息
yum info package //显示安装包信息package
yum list // 显示所有已经安装和可以安装的程序包
yum list package  // 显示指定程序包安装情况package
yum search package // 搜索匹配特定字符的package的详细信息

// 4 删除程序
yum remove | erase package  // 删除程序包package
yum deplist package  // 查看程序package依赖情况

// 5 清除缓存
yum clean packages  // 清除缓存目录下的软件包
yum clean headers // 清除缓存目录下的 headers
yum clean oldheaders // 清除缓存目录下旧的 headers
yum clean, yum clean all  // (= yum clean packages; yum clean oldheaders) 清除缓存目录下的软件包及旧的headers