CentOS
http://www.server-world.info/en/note?os=CentOS_6&p=samba
OS
[root@localhost user]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
Hostname
[root@localhost opt]# hostname
localhost.localdomain
[user@localhost opt]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
CentOS6
[root@localhost opt]# vi /etc/sysconfig/network
[root@localhost opt]# cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=yfddt6Z
[root@localhost opt]# vi /etc/hosts
[user@localhost opt]$ cat /etc/hosts
127.0.0.1 localhost yfddt6Z localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
CentOS7:
# vim /etc/hostnam
[root@localhost opt]# reboot
网络
Centos7网络自动启动+手工指定IP
# vi /etc/sysconfig/network-scripts/ifcfg-eno1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.3.6
NETMASK=255.255.255.0
PREFIX=24
GATEWAY=192.168.3.1
NM_CONTROLLED=no
解决network和NetworkManager服务冲突
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager
sudo nmcli dev status
[user@yfddt6Z network-scripts]$ sudo nmcli dev status
错误:NetworkManager 未运行。
Reference
http://www.centoscn.com/CentOS/config/2015/0604/5593.html
网络有关的主要设置文件如下:
/etc/host.conf 配置域名服务客户端的控制文件
/etc/protocols 设定了主机使用的协议以及各个协议的协议号
/etc/hosts 完成主机名映射为IP地址的功能
/etc/resolv.conf 域名服务客户端的配置文件,用于指定域名服务器的位置
/etc/sysconfig/network 包含了主机最基本的网络信息,用于系统启动.
/etc/sysconfig/network-script/ 系统启动时初始化网络的一些信息
/etc/xinetd.conf 定义了由超级进程xinetd启动的网络服务
/etc/networks 完成域名与网络地址的映射
/etc/services 设定主机的不同端口的网络服务
开启ipv6通过appstore的审核
http://www.cnblogs.com/xueweihan/p/6624946.html
CentOS 7为例,配置IPv6隧道地址。
过程:
1. 编辑 /etc/sysctl.conf 文件,将其中三条禁用IPv6的设置更改为:
- net.ipv6.conf.all.disable_ipv6 = 0
- net.ipv6.conf.default.disable_ipv6 = 0
- net.ipv6.conf.lo.disable_ipv6 = 0
2.再运行 sysctl -p 的命令,启用IPv6
查看服务监听的IP中是否有IPv6格式的地址。(netstat -tuln)
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::11211 :::* LISTEN
tcp6 0 0 :::6379 :::* LISTEN
上网网卡默认有fe80开头的IPv6不是有效的可访问的地址,或许可以简单理解为如IPv4里的192.168.*.*。
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.229.28 netmask 255.255.240.0 broadcast 172.31.239.255
inet6 fe80::216:3eff:fe00:27e prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:00:02:7e txqueuelen 1000 (Ethernet)
RX packets 44030958 bytes 11911500506 (11.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41199961 bytes 13263997598 (12.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1004976 bytes 122408297 (116.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1004976 bytes 122408297 (116.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
为阿里云ECS(CentOS7)配置IPv6地址
http://www.cnblogs.com/xueweihan/p/6624946.html
http://www.server110.com/cloud_tech/201705/93552.html
通过 IPV6 地址访问域名,如何设置域名解析
https://help.aliyun.com/knowledge_detail/39813.html
用户和权限
新增用户和修改密码:
# useradd -d /home/admin -m admin
# passwd admin
删除用户及其主目录:
# userdel -r develop
设置root不能直接ssh登录的方法
先增加一个普通权限的用户
#vi /etc/ssh/sshd_config
把PermitRootLogin yes改为PermitRootLogin no,重启sshd服务
#service sshd restart
用普通用户登录,然后用 su root 切换到root用户拿到最高权限
配置 sudo
CentOS7有两种方式提升自己权限
- 直接编辑/etc/sudoers
- 把用户加入组wheel
- 不需要密码:## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
http://www.centoscn.com/CentOS/2015/0502/5336.html
# visudo
给一个已经创建好的用户(比如 admin)赋予所有权限(等同于 root)。
admin ALL=(ALL) ALL
https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-a-centos-7-server
列出当前:sudo lid -g wheel
添加一个用户:gpasswd -a username wheel
直接在crontab里以sudo执行命令无效,会提示 sudo: sorry, you must have a tty to run sudo .需要修改/etc/sudoers,执行visudo或者vim /etc/sudoers 将"Defaults requiretty"这一行注释掉。因为sudo默认需要tty终端,而crontab里的命令实际是以无tty形式执行的。注释掉"Defaults requiretty"即允许以无终端方式执行sudo
SSH
/etc/ssh/sshd_config 把Port 22 前面的注释去掉,并改成需要的端口号,重启sshd服务 service sshd restart
允许root登录
vi /etc/ssh/sshd_config
将PermitRootLogin值改yes
允许不输入密码登录
将PermitEmptyPasswords yes前面的#号去掉
重启服务:service sshd restart(/etc/initd.d/sshd restart)
CentOS7配置服务随系统启用和控制:systemctl
http://linux.it.net.cn/CentOS/course/2015/0201/12774.html
配置systemctl摘要:
1. tomcat 需要增加一个pid文件
tomca/bin/setenv.sh
CATALINA_PID="$CATALINA_BASE/tomcat.pid"
2. 增加tomcat.service
/usr/lib/systemd/system目录下增加tomcat.service
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/opt/tomcat8/tomcat.pid
ExecStart=/opt/tomcat8/bin/startup.sh
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
User=user
Group=user
[Install]
WantedBy=multi-user.target
3. 使用tomcat.service
systemctl enable tomcat
systemctl start tomcat
关于CentOS 7 systemctl
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html#sect-Managing_Services_with_systemd-Services-List
Java
install openjdk
[admin@iZ2598egy3qZ ~]$ yum list installed | grep java
[admin@iZ2598egy3qZ ~]$ yum -y list java*
[root@iZ2598egy3qZ admin]# yum -y install java-1.8.0-openjdk.x86_64
uninstall
[root@iZ2598egy3qZ admin]#yum -y remove java
install Oracle jdk -- rpm
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
rpm -ivh jdk-7u79-linux-x64.rpm
[admin@iZwz9anq19ppckmzdu86n4Z tomcat-ddtservice]$ java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)
rpm uninstall
# rpm -e jdk
[root@ghyx3850server opt]# java -version
java version "1.6.0_25"
Java(TM) SE Runtime Environment (build 1.6.0_25-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.0-b11, mixed mode)
[root@ghyx3850server opt]# rpm -qa|grep jdk
jdk-1.6.0_25-fcs.x86_64
[root@ghyx3850server opt]# rpm -e jdk-1.6.0_25-fcs.x86_64
openjdk7 运行tomcat7出错
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Exception in thread "main" java.lang.InternalError
at sun.security.ec.SunEC.initialize(Native Method)
at sun.security.ec.SunEC.access$000(SunEC.java:49)
at sun.security.ec.SunEC$1.run(SunEC.java:61)
at sun.security.ec.SunEC$1.run(SunEC.java:58)
at java.security.AccessController.doPrivileged(Native Method)
...
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427)
使用update-alternatives命令进行版本的切换
http://www.open-open.com/lib/view/open1452089422355.html
$ sudo update-alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_79/bin/java 3
$ sudo update-alternatives --config java
SELinux导致mysql启动失败
SELinux(Security-Enhanced Linux) 是美国国家安全局(NSA)对于强制访问控制的实现,是 Linux历史上最杰出的新安全子系统。在这种访问控制体系的限制下,进程只能访问那些在他的任务中所需要文件。SELinux 默认安装在 Fedora 和 Red Hat Enterprise Linux 上。虽然SELinux很好用,但是在多数情况我们还是将其关闭,因为在不了解其机制的情况下使用SELinux会导致软件安装或者应用部署失败。
以下就是关闭SELinux的方法
系统版本:centos 6.4
1、查看selinux状态
查看selinux的详细状态,如果为enable则表示为开启
# /usr/sbin/sestatus -v
查看selinux的模式
# getenforce
开启模式显示结果:Enforcing
关闭模式显示结果:Permissive
2、关闭selinux
永久性关闭(这样需要重启服务器后生效)
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
临时性关闭(立即生效,但是重启服务器后失效)
# setenforce 0 #设置selinux为permissive模式(即关闭)
# setenforce 1 #设置selinux为enforcing模式(即开启)