linux环境搭建_linux iptables的rpm手动安装-CSDN博客

本文链接：https://blog.csdn.net/qq_36383716/article/details/88361505

1、查看CentOS版本

[root@localhost /]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core) 
[root@localhost /]#

2、查看信息

[mical@localhost ~]$ uname -a
Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

4、查看系统有没有自带的openjdk

[mical@localhost ~]$ rpm -qa |grep java
java-1.8.0-openjdk-headless-1.8.0.181-7.b13.el7.x86_64
python-javapackages-3.4.1-11.el7.noarch
java-1.7.0-openjdk-1.7.0.191-2.6.15.5.el7.x86_64
java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64
tzdata-java-2018e-3.el7.noarch
javapackages-tools-3.4.1-11.el7.noarch
java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.5.el7.x86_64
[mical@localhost ~]$ rpm -qa |grep jdk
copy-jdk-configs-3.3-10.el7_5.noarch
java-1.8.0-openjdk-headless-1.8.0.181-7.b13.el7.x86_64
java-1.7.0-openjdk-1.7.0.191-2.6.15.5.el7.x86_64
java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64
java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.5.el7.x86_64
[mical@localhost ~]$ rpm -qa |grep gcj
[mical@localhost ~]$

5、批量卸载JDK

[root@localhost mical]# rpm -qa | grep java | xargs rpm -e --nodeps
[root@localhost mical]#

6、检索yum中有没有java1.8的包

[root@localhost /]# yum list java-1.8*
[root@localhost mical]#

注意：
yum问题处理
rm -rf /var/run/yum.pid
/sbin/service yum-updatesd restart
更新yum
yum update

7、安装jdk

[root@localhost /]# yum install java-1.8.0-openjdk* -y
[root@localhost mical]#

8、验证是否安装成功，查看jdk版

[root@localhost /]# java -version
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
[root@localhost /]#

9、查看环境变量

[root@localhost /]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@localhost /]#

10、查看jdk的JAVA_HOME

[root@localhost /]# whereis javac
javac: /usr/bin/javac /usr/share/man/man1/javac.1.gz
[root@localhost /]#

很明显，/usr/bin/javac 默认加入了PATH路径中，使用ll命令(ls -l)查看它链接的地址

[root@localhost /]# ll /usr/bin/javac
lrwxrwxrwx. 1 root root 23 Feb 19 14:54 /usr/bin/javac -> /etc/alternatives/javac
[root@localhost /]# 

[root@localhost /]# clear
[root@localhost /]# ll /etc/alternatives/javac
lrwxrwxrwx. 1 root root 70 Feb 19 14:54 /etc/alternatives/javac -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/bin/javac
[root@localhost /]# 

[root@localhost /]# ll /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/bin/javac
-rwxr-xr-x. 1 root root 7424 Nov 19 11:47 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/bin/javac
[root@localhost /]#

说明/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/bin/javac是一个真实的地址

11、配置JAVA_HOME
打开配置环境变量的文件 vi /etc/profile，在后面增加配置

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

12、使配置生效

[root@localhost /]# source  /etc/profile

13、检验测试

[root@localhost /]# echo $JAVA_HOME
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
[root@localhost /]#

14、将tomcat包上传到 /home/tomcatservers/下，进入apache-tomcat-8.0.8/bin

[root@localhost /]# cd /home/tomcatServers/apache-tomcat-8.0.8/bin
[root@localhost bin]# ll
total 784
-rw-r--r--. 1 root root  27927 Feb 19 15:05 bootstrap.jar
-rw-r--r--. 1 root root  13821 Feb 19 15:05 catalina.bat
-rw-r--r--. 1 root root  21362 Feb 19 15:05 catalina.sh
-rw-r--r--. 1 root root   2187 Feb 19 15:05 catalina-tasks.xml
-rw-r--r--. 1 root root  24283 Feb 19 15:05 commons-daemon.jar
-rw-r--r--. 1 root root 204944 Feb 19 15:05 commons-daemon-native.tar.gz
-rw-r--r--. 1 root root   2040 Feb 19 15:05 configtest.bat
-rw-r--r--. 1 root root   1922 Feb 19 15:05 configtest.sh
-rw-r--r--. 1 root root   7884 Feb 19 15:05 daemon.sh
-rw-r--r--. 1 root root   2091 Feb 19 15:05 digest.bat
-rw-r--r--. 1 root root   1965 Feb 19 15:05 digest.sh
-rw-r--r--. 1 root root   3195 Feb 19 15:05 setclasspath.bat
-rw-r--r--. 1 root root   3459 Feb 19 15:05 setclasspath.sh
-rw-r--r--. 1 root root   2020 Feb 19 15:05 shutdown.bat
-rw-r--r--. 1 root root   1902 Feb 19 15:05 shutdown.sh
-rw-r--r--. 1 root root   2022 Feb 19 15:05 startup.bat
-rw-r--r--. 1 root root   1904 Feb 19 15:05 startup.sh
-rw-r--r--. 1 root root  39878 Feb 19 15:05 tomcat-juli.jar
-rw-r--r--. 1 root root 384311 Feb 19 15:05 tomcat-native.tar.gz
-rw-r--r--. 1 root root   4057 Feb 19 15:05 tool-wrapper.bat
-rw-r--r--. 1 root root   5061 Feb 19 15:05 tool-wrapper.sh
-rw-r--r--. 1 root root   2026 Feb 19 15:05 version.bat
-rw-r--r--. 1 root root   1908 Feb 19 15:05 version.sh
[root@localhost bin]# ./startup.sh
-bash: ./startup.sh: Permission denied
[root@localhost bin]#

启动失败，原因：没有授权，现授权在启动

部署tomcat启动不生效问题（权限不足） chmod 777 *.sh

[root@localhost bin]#  chmod 777 *.sh 
[root@localhost bin]# ./startup.sh
Using CATALINA_BASE:   /home/tomcatServers/apache-tomcat-8.0.8
Using CATALINA_HOME:   /home/tomcatServers/apache-tomcat-8.0.8
Using CATALINA_TMPDIR: /home/tomcatServers/apache-tomcat-8.0.8/temp
Using JRE_HOME:        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre
Using CLASSPATH:       /home/tomcatServers/apache-tomcat-8.0.8/bin/bootstrap.jar:/home/tomcatServers/apache-tomcat-8.0.8/bin/tomcat-juli.jar
Tomcat started.
[root@localhost bin]# 

[root@localhost bin]# cd ..
[root@localhost apache-tomcat-8.0.8]# cd logs
[root@localhost logs]# 
[root@localhost logs]# tail -f catalina.out
19-Feb-2019 15:06:14.501 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.8
19-Feb-2019 15:06:14.560 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/docs
19-Feb-2019 15:06:16.294 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/docs has finished in 1,733 ms
19-Feb-2019 15:06:16.294 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/examples
19-Feb-2019 15:06:16.632 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/examples has finished in 337 ms
19-Feb-2019 15:06:16.633 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/host-manager
19-Feb-2019 15:06:16.752 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/tomcatServers/apache-tomcat-8.0.8/webapps/host-manager has finished in 120 ms
19-Feb-2019 15:06:16.774 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
19-Feb-2019 15:06:16.827 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
19-Feb-2019 15:06:16.851 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 2509 ms

15、查看tomcat进程

[root@localhost logs]# ps -ef|grep tomcat
root      59703      1  2 16:13 pts/1    00:00:03 /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/bin/java -Djava.util.logging.config.file=/home/tomcatservers/apache-tomcat-8.0.8/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/home/tomcatservers/apache-tomcat-8.0.8/endorsed -classpath /home/tomcatservers/apache-tomcat-8.0.8/bin/bootstrap.jar:/home/tomcatservers/apache-tomcat-8.0.8/bin/tomcat-juli.jar -Dcatalina.base=/home/tomcatservers/apache-tomcat-8.0.8 -Dcatalina.home=/home/tomcatservers/apache-tomcat-8.0.8 -Djava.io.tmpdir=/home/tomcatservers/apache-tomcat-8.0.8/temp org.apache.catalina.startup.Bootstrap start
root      59744  59561  0 16:15 pts/1    00:00:00 grep --color=auto tomcat
[root@localhost logs]#

16、通过开放centos7防火墙的8080端口、重新加载、检查是否生效

[root@localhost logs]# firewall-cmd --permanent --zone=public --add-port=8080/tcp
success
[root@localhost logs]# firewall-cmd --reload
success
[root@localhost logs]# firewall-cmd --zone=public --query-port=8080/tcp
yes
[root@localhost logs]#

17、访问访问 http://192.168.136.17:8080/成功

iptables的filter的配置

关闭firewall

[root@localhost /]# systemctl stop firewalld.service

禁止firewall开机启动

[root@localhost /]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost /]#

先检查是否安装了iptables

[root@localhost /]# service iptables status
Redirecting to /bin/systemctl status iptables.service
Unit iptables.service could not be found.
[root@localhost /]#

安装iptables

[root@localhost /]# yum install -y iptables
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.nwsuaf.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.cn99.com
Package iptables-1.4.21-28.el7.x86_64 already installed and latest version
Nothing to do
[root@localhost /]#

升级iptables

[root@localhost /]# yum update iptables 
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.ustc.edu.cn
 * extras: centos.ustc.edu.cn
 * updates: mirrors.cn99.com
No packages marked for update
[root@localhost /]#

安装iptables-services

[root@localhost /]# yum install iptables-services
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.ustc.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-28.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================================================================
 Package                                                    Arch                                            Version                                                Repository                                     Size
=======================================================================================================================================================================================================================
Installing:
 iptables-services                                          x86_64                                          1.4.21-28.el7                                          base                                           52 k

Transaction Summary
=======================================================================================================================================================================================================================
Install  1 Package

Total download size: 52 k
Installed size: 26 k
Is this ok [y/d/N]: y
Downloading packages:
iptables-services-1.4.21-28.el7.x86_64.rpm                                                                                                                                                      |  52 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iptables-services-1.4.21-28.el7.x86_64                                                                                                                                                              1/1 
  Verifying  : iptables-services-1.4.21-28.el7.x86_64                                                                                                                                                              1/1 

Installed:
  iptables-services.x86_64 0:1.4.21-28.el7                                                                                                                                                                             

Complete!
[root@localhost /]#

查看是否安装成功

[root@localhost /]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@localhost /]#

查看iptables现有规则

[root@localhost /]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost /]#

先允许所有,不然有可能会杯具 iptables -P INPUT ACCEPT
清空所有默认规则 iptables -F
清空所有自定义规则 iptables -X
所有计数器归0 iptables -Z
允许来自于lo接口的数据包(本地访问)
iptables -A INPUT -i lo -j ACCEPT
开放22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
开放21端口(FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
开放80端口(HTTP)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
开放443端口(HTTPS)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
允许ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
允许接受本机请求之后的返回数据 RELATED,是为FTP设置的
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
其他入站一律丢弃
iptables -P INPUT DROP
所有出站一律绿灯
iptables -P OUTPUT ACCEPT
所有转发一律丢弃
iptables -P FORWARD DROP
如果要添加内网ip信任（接受其所有TCP请求）
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT
过滤所有非以上规则的请求
iptables -P INPUT DROP
要封停一个IP，使用下面这条命令
iptables -I INPUT -s .***.***. -j DROP
要解封一个IP，使用下面这条命令
iptables -D INPUT -s .***.***. -j DROP
保存上述规则

service iptables save[root@localhost /]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@localhost /]#

注册iptables服务，相当于以前的chkconfig iptables on
systemctl enable iptables.service
开启服务
systemctl start iptables.service
查看状态

[root@localhost /]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Tue 2019-02-19 15:30:50 EST; 10s ago
  Process: 59406 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 59406 (code=exited, status=0/SUCCESS)

Feb 19 15:30:50 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
Feb 19 15:30:50 localhost.localdomain iptables.init[59406]: iptables: Applying firewall rules: [  OK  ]
Feb 19 15:30:50 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.
[root@localhost /]#

查看iptables现有规则

[root@localhost /]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost /]#

iptables防火墙的相关状态
关闭虚拟机防火墙：
关闭命令： service iptables stop
永久关闭防火墙：chkconfig iptables off
两个命令同时运行，运行完成后查看防火墙关闭状态
service iptables status
1 关闭防火墙—–service iptables stop
2 启动防火墙—–service iptables start
3 重启防火墙—–service iptables restart
4 查看防火墙状态–service iptables status
5 永久关闭防火墙–chkconfig iptables off
6 永久关闭后启用–chkconfig iptables on

docker安装

检查内核版本，必须是3.10及以上

[root@localhost /]# uname -r
3.10.0-957.el7.x86_64

安装docker
yum install docker
输入y确认安装
启动docker，查看docker版本

[root@localhost /]# systemctl start docker
[root@localhost /]# docker -v
Docker version 1.13.1, build 07f3374/1.13.1
[root@localhost /]#

开机启动docker

[root@localhost /]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@localhost /]#