Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about the common configuration methods of CentOS. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

1. Configure IP address: cat / etc/sysconfig/network-scripts/ifcfg-eth0

The code is as follows:

NETMASK=255.255.255.0

IPADDR=X.X.X.X

GATEWAY=X.X.X.X

2. Configure DNS: / etc/resolv.conf

The code is as follows:

Nameserver 59.77.139.1

Search localdomain

Restart the service after configuration:

Service network restart

3. Solve Chinese garbled code: / etc/sysconfig/i18n:

The code is as follows:

LANG= "zh_CN.GB18030"

LANGUAGE= "zh_CN.GB18030:zh_CN.GB2312:zh_CN"

SUPPORTED= "zh_CN.GB18030:zh_CN:zh:en_US.UTF-8:en_US:en"

SYSFONT= "lat0-sun16"

4. Modify the startup level. Default is graphical startup, and change it to character interface: / etc/inittab

Id:5:initdefault: change to id:3:initdefault:

5. VNCServer is a remote connection tool, which is equivalent to the remote desktop under Windows. It is very good and is recommended. I have tried a lot of methods, but none of them seems to start automatically, so I have to start it manually after booting. You can use VNCViewer to connect on your own computer.

Start VNCServer manually:

/ usr/bin/vncserver

Or: / etc/init.d/vncserver start

6. Enable the firewall to allow SSH and VNCServer ports (5801 and 5901): / etc/sysconfig/iptables

The code is as follows:

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

* filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

: RH-Firewall-1-INPUT-[0:0]

-An INPUT-j RH-Firewall-1-INPUT

-A FORWARD-j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT-I lo-j ACCEPT

-A RH-Firewall-1-INPUT-p icmp- icmp-type any-j ACCEPT

-A RH-Firewall-1-INPUT-p 50-j ACCEPT

-A RH-Firewall-1-INPUT-p 51-j ACCEPT

-A RH-Firewall-1-INPUT-p udp-dport 5353-d 224.0.0.251-j ACCEPT

-A RH-Firewall-1-INPUT-p udp-m udp-dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m tcp-dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-m state-state ESTABLISHED,RELATED-j ACCEPT

-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 22-j ACCEPT

-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 5801-j ACCEPT

-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 5901-j ACCEPT

-A RH-Firewall-1-INPUT-j REJECT-reject-with icmp-host-prohibited

COMMIT

7. Some configurations for Vi:

The code is as follows:

Cp / etc ~ / .vimrc

Vi ~ / .vimrc:

Add the following:

"Show line number

Set number

"number of rows recording history

Set history=1000

"grammatical highlight display

Syntax on

"the background is black

Set background=dark

"use automatic alignment, that is, apply the alignment format of the current line to the next line

Set autoindent

"according to the above alignment format, intelligently choose the alignment, for similar C language programming

Set smartindent

"sets the matching pattern, similar to matching the corresponding closing parenthesis when you enter a left parenthesis

Set showmatch

"the first line sets the tab key to 4 spaces, and the second line sets the use of 4 spaces when lines are interlaced

Set tabstop=4

Set shiftwidth=4

"during editing, the status line of the cursor position is displayed in the lower right corner

Set ruler

Set incsearch

"highlight the current line

Set cursorline

Some security settings:

1. Shut down some unnecessary services.

The following lists only the services that need to be started, and services that are not listed can be turned off:

The code is as follows:

# setup

Acpid

Anacron

Cpuspeed

Crond

Irqbalance\\ needs to be turned on only if the server CPU is S.M.P architecture or supports dual-core and HT technology, otherwise it is turned off.

Microcode_ctl

Network

Random

Sendmail

Sshd

Syslog

Yum-updatesd

2. View the system user: / etc/passwd:

Delete the bloated and redundant accounts of the system:

Userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp if you do not allow anonymous FTP, delete this user account

Groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers

3 、

Chmod 600 / etc/xinetd.conf

4. Ban PING

Add a line to / etc/rc.d/rc.local

Echo 1 > / proc/sys/net/ipv4/icmp_echo_ignore_all

0 means allow 1 means forbidden

5. Password file

The chattr command adds an immutable attribute to the following file to prevent unauthorized users from gaining permissions.

The code is as follows:

# chattr + I / etc/passwd

# chattr + I / etc/shadow

# chattr + I / etc/group

# chattr + I / etc/gshadow

6. Prohibit Ctrl Alt Delete from restarting the machine command

Modify the / etc/inittab file to comment out the line "ca::ctrlaltdel:/sbin/shutdown-T3-r now". And then reset

Set the permissions for all files in the / etc/rc.d/init.d/ directory and run the following command:

# chmod-R 700 / etc/rc.d/init.d/*

This leaves only root to read, write, or execute all of the above script files.

7. To change the SSH port, it is best to change it to more than 10000, and the probability of others scanning the port will also be reduced.

Lower versions of the SSH protocol are not allowed

Vi / etc/ssh/sshd_config

Change # protocol 2 to 1

Protocol 2

Change PORT to more than 1000 ports

Vi / etc/ssh/sshd_config

Port 10086

The above is the common configuration method of CentOS shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.