Linux常见运维指令03

11 查看 SELinux状态及关闭SELinux
查看SELinux状态(l两种方法):
    1、/usr/sbin/sestatus -v      ##如果SELinux status参数为enabled即为开启状态
        SELinux status:                 enabled
    2、getenforce                 ##也可以用这个命令检查

关闭SELinux:
    1、临时关闭(不用重启机器):
    setenforce 0                  ##设置SELinux 成为permissive模式
                                          ##setenforce 1 设置SELinux 成为enforcing模式
    2、修改配置文件需要重启机器(操作完要重启机器):
    修改/etc/selinux/config 文件
    将SELINUX=enforcing改为SELINUX=disabled


12 openssh升级(源码安装)
(a)查看当前的ssh服务版本
# ssh –V
yum update openssl
(b)卸载openssh和openssl的rpm安装包且安装依赖包
#rpm -e `rpm -qa | grep openssh` --nodeps
此时会把所有关于ssh服务的配置文件自动删除,但会生成配置文件备份/etc/ssh/ssd_config.rpmsave
yum install –y gcc openssl-devel pam-devel rpm-build
(c)使用root用户telent登陆上,继续操作;
#yum install -y telnet
#vim /etc/xinetd.d/telnet
修改disable = no
#service xintd restart
(d)安装openssh
#tar xzvf openssh-7.5p1.tar.gz
#cd openssh-7.5p1
#./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib
# make && make install
(e)修改相关配置文件
# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
# chmod u+x /etc/init.d/sshd
# chkconfig --add sshd
#cp /usr/src/openssh5.9p1/sshd_config /etc/ssh/sshd_config
# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
# service sshd start -----------断开连接!!!
Starting sshd: [ OK ]
openssh源码安装脚本:
#!/bin/bash
set -x
#run by root

ORI_PATH=/root
yum install -y gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel
rpm -q gcc-c++ zlib zlib-devel openssl openssl-devel pam-devel
if [ $? != 0 ];then
	echo "problem occured during yum."
	exit 1;
else
	cd ${ORI_PATH}
	tar -zxf openssh-7.6p1.tar.gz
	cd openssh-7.6p1
	./configure --with-kerberos5=/usr/lib64/libkrb5.so
	make && make install

	#remove old sshd
	yum remove openssh -y

	#copy sshd
	#cp /etc/init.d/sshd /etc/init.d/sshdbak
	cp ./contrib/redhat/sshd.init /etc/init.d/sshd
	chmod +x /etc/init.d/sshd

	#modify the path of sshd
	sed -i 's:/usr/sbin/ssh-keygen:/usr/local/bin/ssh-keygen:g' /etc/init.d/sshd
	sed -i 's:/usr/sbin/sshd:/usr/local/sbin/sshd:g' /etc/init.d/sshd
	chkconfig --add sshd

	#copy sshd_config
	#cp /etc/ssh/sshd_config /etc/ssh/sshd_configbak
	#rm /etc/ssh/sshd_config
	cp ${ORI_PATH}/openssh-7.6p1/sshd_config /etc/ssh/sshd_config

	#configure sshd_config: allow root user login remotely; config sftp; solve the problem Incompatible ssh peer (no acceptable kex algorithm).
	echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
	sed -i '/$SSHD $OPTIONS && success || failure/i\\tOPTIONS="-f /etc/ssh/sshd_config"' /etc/init.d/sshd
	sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication yes/g' /etc/ssh/sshd_config
	sed -i 's/#GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/g' /etc/ssh/sshd_config
	#sed -i 's:Subsystem      sftp    /usr/libexec/sftp-server:#Subsystem      sftp    /usr/libexec/sftp-server:g' /etc/ssh/sshd_config
	sed -i 's:/usr/libexec/sftp-server:internal-sftp:g' /etc/ssh/sshd_config

	echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >> /etc/ssh/sshd_config
	#start sshd
	service sshd start

	exit 0
fi

13 虚拟网桥修改
        在我们使用虚拟机管理器的图形界面来安装虚拟机的时候,自动创建虚拟网桥和虚拟网卡。另外,我们很少会在一个虚拟机中再安装一个虚拟机,所以,我们可以将宿主机上的网桥删除。方法如下:
# virsh net-list
# virsh net-destroy default
# virsh net-undefine default
# service libvirtd restart

阅读更多
文章标签: openssh libvirtd selinux
个人分类: linux运维
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭