Docker容器技术
一、关闭防火墙、SELinux
1. 查看SELinux状态
1.1 getenforce
- getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。
- setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效
[root@localhost ~]# getenforce
Enforcing
1.2 /usr/sbin/sestatus
Current mode表示当前selinux防火墙的安全策略
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
Current mode: selinux防火墙当前的安全策略,enforcing 表示强
2. 关闭SELinux
2.1 临时关闭
setenforce 0 :用于关闭selinux防火墙,但重启后失效。
[root@localhost ~]# vim /etc/selinux/config
修改 selinux 配置文件
将SELINUX=enforcing改为SELINUX=disabled,保存后退出
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。
[root@localhost ~]# getenforce
Enforcing
重启
[root@localhost ~]# reboot
验证
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: disabled
[root@localhost ~]# getenforce
Disabled
3.关闭防火墙
查看防火墙状态
[root@localhost ~]# systemctl status firewalld
禁止防火墙开机自启
[root@localhost ~]# systemctl disable firewalld
关闭防火墙
[root@localhost ~]# systemctl stop firewalld
清除防火墙规则
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -X
[root@localhost ~]# iptables -Z
二、更新yum源与安装基础软件
1.更新yum源
备份
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost ~]# mkdir repo_bak
[root@localhost ~]# mv *.repo repo_bak/
下载新的CentOS-Base.repo 到/etc/yum.repos.d/
[root@localhost ~]# wget -O CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
yum clean all 清除缓存,运行 yum makecache 生成新的缓存
[root@localhost ~]# yum clean all
[root@localhost ~]# yum makecache
安装EPEL(Extra Packages for Enterprise Linux )源
[root@localhost ~]# yum install -y epel-release
再次运行yum clean all 清除缓存,运行 yum makecache 生成新的缓存
查看启用的yum源和所有的yum源
[root@localhost ~]# yum repolist enabled
[root@localhost ~]# yum repolist all
更新yum
[root@localhost ~]# yum -y update
2.安装基础软件
安装基础软件(最小化安装时,可能很多基础软件未安装)
[root@localhost ~]# yum install -y bash-completion vim lezsz wget expect net-tools nc nmap tree dos2unix htop iftop ittop unzip telent sl psmisc nethogs glances bc ntpdate openldap-devel