Linux常见运维指令03

11 查看 SELinux状态及关闭SELinux

查看SELinux状态(l两种方法)：

    1、/usr/sbin/sestatus -v      ##如果SELinux status参数为enabled即为开启状态

        SELinux status:                 enabled

    2、getenforce                 ##也可以用这个命令检查

关闭SELinux：

    1、临时关闭（不用重启机器）：

    setenforce 0                  ##设置SELinux 成为permissive模式

                                          ##setenforce 1 设置SELinux 成为enforcing模式

    2、修改配置文件需要重启机器(操作完要 重启机器)：

    修改/etc/selinux/config 文件

    将SELINUX=enforcing改为SELINUX=disabled

12 openssh升级（源码安装）

(a)查看当前的ssh服务版本

# ssh –V

yum update openssl

(b)卸载openssh和openssl的rpm安装包且安装依赖包

#rpm -e `rpm -qa | grep openssh` --nodeps

此时会把所有关于ssh服务的配置文件自动删除，但会生成配置文件备份/etc/ssh/ssd_config.rpmsave

yum install –y gcc openssl-devel pam-devel rpm-build

(c)使用root用户telent登陆上,继续操作;

#yum install -y telnet

#vim /etc/xinetd.d/telnet

修改disable = no

#service xintd restart

(d)安装openssh

#tar xzvf openssh-7.5p1.tar.gz

#cd openssh-7.5p1

#./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib

# make && make install

(e)修改相关配置文件

# cp -p contrib/redhat/sshd.init /etc/init.d/sshd

# chmod u+x /etc/init.d/sshd

# chkconfig --add sshd

#cp /usr/src/openssh5.9p1/sshd_config /etc/ssh/sshd_config

# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

# service sshd start -----------断开连接!!!

Starting sshd: [ OK ]

openssh源码安装脚本：

#!/bin/bash
set -x
#run by root

ORI_PATH=/root
yum install -y gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel
rpm -q gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel
if [ $? != 0 ];then
	echo "problem occured during yum."
	exit 1;
else
	cd ${ORI_PATH}
	tar -zxf openssh-7.6p1.tar.gz
	cd openssh-7.6p1
	./configure --with-kerberos5=/usr/lib64/libkrb5.so
	make && make install

	#remove old sshd
	yum remove openssh -y

	#copy sshd
	#cp /etc/init.d/sshd /etc/init.d/sshdbak
	cp ./contrib/redhat/sshd.init /etc/init.d/sshd
	chmod +x /etc/init.d/sshd

	#modify the path of sshd
	sed -i 's:/usr/sbin/ssh-keygen:/usr/local/bin/ssh-keygen:g' /etc/init.d/sshd
	sed -i 's:/usr/sbin/sshd:/usr/local/sbin/sshd:g' /etc/init.d/sshd
	chkconfig --add sshd

	#copy sshd_config
	#cp /etc/ssh/sshd_config /etc/ssh/sshd_configbak
	#rm /etc/ssh/sshd_config
	cp ${ORI_PATH}/openssh-7.6p1/sshd_config /etc/ssh/sshd_config

	#configure sshd_config: allow root user login remotely; config sftp; solve the problem Incompatible ssh peer (no acceptable kex algorithm).
	echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
	sed -i '/$SSHD $OPTIONS && success || failure/i\\tOPTIONS="-f /etc/ssh/sshd_config"' /etc/init.d/sshd
	sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
	sed -i 's/#GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/g' /etc/ssh/sshd_config
	#sed -i 's:Subsystem      sftp    /usr/libexec/sftp-server:#Subsystem      sftp    /usr/libexec/sftp-server:g' /etc/ssh/sshd_config
	sed -i 's:/usr/libexec/sftp-server:internal-sftp:g' /etc/ssh/sshd_config

	echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
	#start sshd
	service sshd start

	exit 0
fi

13 虚拟网桥修改

        在我们使用虚拟机管理器的图形界面来安装虚拟机的时候，自动创建虚拟网桥和虚拟网卡。另外，我们很少会在一个虚拟机中再安装一个虚拟机，所以，我们可以将宿主机上的网桥删除。方法如下：

# virsh net-list
# virsh net-destroy default
# virsh net-undefine default
# service libvirtd restart