登录后的Banner
## 修改登录后的banner ##
vim /etc/motd
## 或者屏蔽banner ##
touch ~/.hushlogin
##修改主机名
假设将主机名设置为:domain.com
1.修改主机名
shell > hostname "domain.com"
2.让系统重启后还使用修改后的主机名
shell > vi /etc/sysconfig/network #centos 6
#HOSTNAME=localhost.localdomain
HOSTNAME=domain.com
shell > vi /etc/hostname #centos 7
#localhost.localdomain
domain.com
3.设置主机名的解析
vi /etc/hosts
#127.0.0.1 localhost.localdomain
127.0.0.1 domain.com
4.验证以下
hostname
##设置时间同步服务器
阿里公共NTP服务器
Unix类系统:time1-7.aliyun.com
Windows: time.pool.aliyun.com
1.安装或更新
yum install -y ntp
chkconfig ntpd start[^6]
systemctl enable ntpd[^7]
2.#执行时间同步
systemctl stop ntpd 或
ntpdate time1.aliyun.com
systemctl start ntpd 或 chkconfig ntpd start
hwclock --systohc #系统时钟和硬件时钟同步
CentOS 5.x
echo -e “0 0 * * * /sbin/ntpdate time1.aliyun.com &>/dev/null” >> /var/spool/cron/root #添加计划任务
CentOS 6.x 7.x
echo -e “0 0 * * * /usr/sbin/ntpdate time1.aliyun.com &>/dev/null” >> /var/spool/cron/root #添加计划任务
service crond restart #重启服务
##更改root用户密码
passwd
##增加一个普通用户
使用普通用户远程登录操作系统
useradd username
##给/etc/shadow与/etc/passwd添加i属性
chattr +i /etc/shadow
chattr +i /etc/passwd
检查文件属性
lsattr /etc/passwd
##修改ssh服务端配置
打开配置文件
vi /etc/ssh/sshd_config
*修改ssh默认链接端口22为其它端口
推荐把sshd默认端口号22改为比1024大的端口号。大多数的端口扫描器默认只扫描1024以下的端口
# Port 22
Port xxxx
*禁止root使用ssh登入
#PermitRootLogin yes
PermitRootLogin no
*设置密钥登录系统
注意:先将用户公钥上传到 ~/.ssh/authorized_keys
打开配置文件
vi /etc/ssh/sshd_config
确认有如下内容
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
找到如下内容,禁用密码登录
PasswordAuthentication no
*重启sshd
注意:重启之前确认新修改的远程端口是否有打开
systemctl restart sshd
##设置系统防火墙规则
*安装 iptables-services 并且禁用 firewalld ,启用 iptables 和ip6tables
yum install iptables-services
systemctl mask firewalld.service
systemctl enable iptables.service
systemctl enable ip6tables.service
*编写规则
静态防火墙规则配置文件是 /etc/sysconfig/iptables 以及 /etc/sysconfig/ip6tables
*启用 iptables 与 ip6tables 服务
systemctl stop firewalld.service
systemctl start iptables.service
systemctl start ip6tables.service
##优化操作系统内核配置
vi /etc/security/limits.conf #在最后一行添加以下代码
-
soft nproc unlimited
-
hard nproc unlimited
-
soft nofile 655350
-
hard nofile 655350
:wq! #保存退出
sudo syntax to run multiple commands
```bash
sudo sh -c 'command1 && command2'
sudo -- sh -c 'command1 && command2'
sudo -u userNameHere -- sh -c 'command1; command2'
sudo -- sh -c 'command1; command2'
sudo -- bash -c 'command1; command2'
sudo -i -- 'command1; command2; command3'
sudo -i -- sh -c 'command1 && command2 && command3'
sudo -u oracle -s -- "cmd1; cmd2; cmd3"
To run multiple commands sudo we used the following options:
-- : A -- signals the end of options and disables further option processing for sudo command.
sh -c : Run sh shell with given commands
bash -c : Same as above.
'apt-get update && sudo apt-get -y upgrade' : First update repo and apply upgrades if update was successful.
via https://www.cyberciti.biz/faq/how-to-run-multiple-commands-in-sudo-under-linux-or-unix/
#!/bin/bash
echo "Running commands as a root user..."
sudo -- -sh -c <<EOF
apt-get update
apt-get -y upgrade
apt-get -y install nginx
apt-get -y remove nano
apt-get clean
echo "All done."
EOF
查看某用户的资源硬限制数
su - yourName -c "ulimit -Ha"
su - yourName --shell /bin/bash -c "ulimit -Ha"
## You can use the sudo command ##
sudo -u yourName bash -c "ulimit -Ha"
sudo -u yourName sh -c "ulimit -Ha"
查看某个进程的资源限制数
ps aux | grep nginx
cat /proc/PID/limits
help ulimit
man bash
查看
pass options to free
alias meminfo=‘free -m -l -t’
get top process eating memory
alias psmem=‘ps auxf | sort -nr -k 4’
alias psmem10=‘ps auxf | sort -nr -k 4 | head -10’
get top process eating cpu
alias pscpu=‘ps auxf | sort -nr -k 3’
alias pscpu10=‘ps auxf | sort -nr -k 3 | head -10’
Get server cpu info
alias cpuinfo=‘lscpu’
older system use /proc/cpuinfo
##alias cpuinfo=‘less /proc/cpuinfo’ ##