Shulou(Shulou.com)06/02 Report--

New features of Centos7

Centos7 single user mode

There are no longer 0-6 startup levels in centos7, but 4 target

Graphical.target multiplayer mode, which supports both graphic login and command line login, corresponding to the previous level 3 and 5

Multi-user.target multiplayer mode, which only supports command line login, corresponding to the previous 3 levels

Rescue.target single player mode, corresponding to the previous level 1

Emergency.target single-player mode, but the root directory after the system is entered is read-only

Centos7 uses grub2, which is different from the previous approach.

Press "e" on the corresponding kernel entry to enter edit mode, search for the ro line, start with linux16, press the "end" key to the end, type rd.break, and then press ctrl+x to enter

After entering, re-mount / sysroot/, to increase write permission

Mount-o remount,rw / sysroot/

Switch to the original system

Chroot / sysroot/

Passwd

Change the password and enter a new password

Touch / .autorelabel / / this sentence is for selinux to take effect.

The way to exit a single user is

Ctrl+d exits first, then reboot

1.3 centos7 Rescue Model

Set up CD-ROM drive boot

Select Troubleshooting

Select Rescure a centos system

Select continue

Chroot / mnt/sysimage

Passwd

1.4 set IP

The name of the network card is no longer eth0 or eth2

Dhclient automatically acquires ip first

There is no ifconfig command, use ip add to view ip

To continue using ifconfig, you need to install net-tools

Yum install-y net-tools

Edit configuration file

Vi / etc/sysconfig/network-scripts/ifcfg-eno16777736

The configuration is the same as centos6.

1.5 set hostname & & set command automatic completion

Hostname View Hostname

Hostnamectl set-hostname test1

Hostnamectl status / / View hostname status

Cat / etc/hostname / / View configuration file

Centos7 supports completion of command parameters

Install bash-completion

Yum install-y bash-completion

Source / etc/profile

1.6 centos7 service related

Centos7 no longer has chkconfig tools, but uses systemd

Cause a service to self-start systemctl enable httpd.service

Do not start systemctl disable httpd.service automatically

View service status systemctl status httpd.service

View all service systemctl list-units-- type=service

Start the service systemctl start httpd.service

Stop serving systemctl stop httpd.service

Restart the service systemctl restart httpd.service

Startup script path / usr/lib/systemd/system/

Check whether a service starts systemctl is-enabled httpd for boot

1.7 centos7 systemd-unit

The characteristics of the mechanism for managing services by systemd:

Support services to start side by side without having to start sequentially, thus shortening the boot time

Support for automatic detection of services on which services depend

Systemd can manage all system resources. Different resources are collectively referred to as Unit.

Unit is divided into 12 types.

Service unit: system service Target unit: a group of multiple Unit

Device Unit: hardware device Mount Unit: the mount point of the file system

Automount Unit: auto mount point Path Unit: file or path

Scope Unit: an external process that is not started by Systemd

Slice Unit: process group Snapshot Unit:Systemd snapshot, which can be switched back to a snapshot

Socket Unit: socket Swap Unit:swap file for interprocess communication

Timer Unit: timer

List the Unit systemctl list-units that is running

List all Unit, including those that did not find the configuration file or failed to start

Systemctl list-units-all

List all Unit systemctl list-units that are not running-- all-- state=inactive

List all Unit systemctl list-units that failed to load-- failed

List all running Unit of type service

Systemctl list-units-type=service

Displays whether a Unit is running systemctl is-active application.service

Displays whether a Unit is in a failed startup state

Systemctl is-failed application.service

Displays whether a Unit service has established a startup link

Systemctl is-enabled application.service

1.8 centos7 systemd-target

Target is similar to the startup level in centos6, but target supports multiple target starts at the same time. Target is actually a combination of multiple unit. To put it bluntly, system startup is to start multiple unit. In order to manage conveniently, use target to manage these unit.

View all Target of the current system

Systemctl list-unit-files-type=target

View all the Unit contained in a Target

Systemctl list-dependencies multi-user.target

View the default Target systemctl get-default at startup

Set the default Target systemctl set-default multi-user.target at startup

When switching Target, the process started by the previous Target is not closed by default.

The systemctl isolate command changes this behavior, shutting down all processes in the previous Target that do not belong to the latter Target

Systemctl isolate multi-user.target

1.9 centos7 target Associated unit

Main configuration file / etc/systemd/system.conf

Load / etc/systemd/system/default.target first when you open the opportunity

All service and target are in / usr/lib/systemd/system/

Ls-l / etc/systemd/system/defaut.target is a soft connection

Soft connection to / usr/lib/systemd/system/multi-user.target

It will load the service under / usr/lib/systemd/system/multi-user.target.wants

To see which target a service belongs to, the specific service file of cat is required.

Cat / usr/lib/systemd/system/sshd.service

Look at the [install] section inside

2.0 centos7 continues to use centos6's iptables management mechanism

Centos7 no longer uses iptables, but uses firewalld

If you do not want to use firewalld and continue to use iptables, you can stop firewalld and install the iptables-services package

Systemctl stop firewalld

Systemctl disable firewalld

Yum install-y iptables-services

Systemctl enable iptables

Systemctl start iptables

The use of firewalld

For the static firewall used on centos6, the rules are saved in / etc/sysconfig/iptalbes, and the rules are updated, which requires reloading or restarting the iptables service, which is equivalent to emptying all the previous rules and loading the rules in the configuration file.

On the other hand, centos7 uses a dynamic firewall, or firewalld, which is no longer like before, when the rules were changed and the configuration was not reloaded.

Whether it is firewalld or the previous iptables service, the underlying iptables tool is used to configure rules.

Fiewalld has the concept of zone and service

The iptables rules in each zone are different, and there are 9 zone by default.

The default zone for centos7 is public

Use the command firewall-cmd-- get-zones to get all the zone

Use the command firewall-cmd-- get-default-zone to get the default zone

2.1 zone for centos7 firewalld

Drop any received network packets are discarded without any reply. There can only be outgoing network connections.

Block (restriction) any received network connection is rejected by IPv4's icmp-host-prohibited information and IPv6's icmp6-adm-prohibited information.

Public (public) is used in public areas. You can't trust other computers in the network to cause no harm to your computer. You can only receive selected connections.

External (external), especially extranets that enable camouflage for routers. You cannot trust other calculations from the network, cannot trust that they will not cause harm to your computer, and can only receive selected connections.

The dmz (demilitarized zone) is used for computers in your demilitarized zone, which is publicly accessible, has limited access to your internal network, and receives only selected connections.

Work (work) is used in the workspace. You can basically believe that other computers in the network will not harm your computer. Receive only selected connections.

Home (home) is used in home networks. You can basically trust that other computers in the network will not harm your computer. Receive only selected connections.

Internal (internal) is used for internal networks. You can basically trust that other computers in the network will not threaten your computer. Only selected connections are accepted.

Trusted (trust) accepts all network connections.

It is possible to specify one of the areas as the default area. When interface connections join the NetworkManager, they are assigned as default areas. During installation, the default area in firewalld is set to public area > domain.

2.2 zone related commands for centos7 firewalld

Set the default zone firewalld-cmd-- set-default-zone=work

View the zone where the specified network card is located

Firewall-cmd-get-zone-of-interface=eno16777736

Set zone firewall-cmd-- zone=public-- add-interface=lo to the specified network card

Change zone firewall-cmd-- zone=dmz-- change-interface=lo for the network card

You can also delete zone for network card

Firewall-cmd-zone=dmz-remove-interface=lo

Check the zone firewall-cmd where all network cards are located-- get-active-zones

2.3 centos7 firewalld service operation

In the / usr/lib/firewalld/services/ directory, another type of configuration file is saved, each corresponding to a specific network service, such as ssh service, etc.

The corresponding configuration file records the tcp/udp ports used by various services, and 70 + services have been defined for our use by default in the latest version of firewalld.

Zone calls different service to achieve different effects.

List all service: firewall-cmd-- get-services

List the service: firewall-cmd-- list-services loaded under the current zone

Check the service:firewall-cmd-- zone=public-- list-services under a zone.

Add a service to a zone:

Firewall-cmd-zone=public-add-service=http

This change will not be saved to the configuration file. To save it to the configuration file, you need to add-- permanent

Firewall-cmd-zone=public-add-service=http-permanent

Since it can be added, it can also be deleted.

Firewall-cmd-zone=public-remove-service=http-permanent

2.4 centos7 firewalld increase rules

Assuming that the custom ssh port number is 12222, use the following command to add the firewall rule for the new port

Firewall-cmd-add-port=12222/tcp-permanent

If you need to save the rules to the zone configuration file, you need to add the parameter-- permanent

The firewall configuration file can also be modified manually. Remember to reload after modification. The command to reload is

Firewall-cmd-- reload in this case, reloading the firewall will not break the user connection, but can also be loaded completely, which will interrupt the user connection and discard the status information.

Firewall-cmd-complete-reload

You can also add a port range

Firewall-cmd-- add-port=2000-4000/tcp

Add a port for a zone

Firewall-cmd-permanent-zone=home-add-port=443/tcp

Enable port forwarding, such as forwarding port 22 to 127.0.0.2

Firewall-cmd-permanent-zone=home-add-forward-port=port=22:proto=tcp:toaddr=127.0.0.2

2.5 centos7 firewalld change profile

Two paths / etc/firewalld/ and / usr/lib/firewalld

The system uses the configuration file under / etc/firewalld

There is only one public.xml under / etc/firewalld/zones. If you make some changes to another zone and save it permanently, the corresponding configuration file will be generated automatically.

For example, add a port to work zone

Firewall-cmd-permanent-zone=work-add-port=1000/tcp

A work.xml configuration file is generated

Requirements: modify the port of ftp. The default ftp port is 21, which needs to be changed to 1121.

Cp / usr/lib/firewalld/services/ftp.xml / etc/firewalld/services/

Vi / etc/firewalld/services/ftp.xml / / change 21 to 1121

Vi / etc/firewalld/zones/work.xml / / work is the default zone, so to edit this, add a line

Firewall-cmd-- reload / / reload

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.