yum介绍
Yum(全称为 Yellow dogUpdater, Modified)是一个在Fedora和RedHat以及CentOS中的Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软件包,无须繁琐地一次次下载、安装。yum提供了查找、安装、删除某一个、一组甚至全部软件包的命令,而且命令简洁而又好记。
yum的配置文件
yum 的配置文件在 /etc/yum.repos.d
目录下, 其中有多个配置文件,每一个配置文件中都可以配置一个或多个repository
, 但是最终会被合并为一个交给系统,所以多个文件只是为了方便管理。
一、Cetnos6 配置yum源
1.1 阿里云源
备份,将 CentOS-Base.repo 为CentOS-Base.repo.backup
[root@localhost ~]$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
下载新的 http://mirrors.aliyun.com/repo/Centos-6.repo,并命名为CentOS-Base.repo
[root@localhost ~]$ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
或者
[root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
清除缓存
[root@localhost ~]$ yum clean all # 清除系统所有的yum缓存
[root@localhost ~]$ yum makecache # 生成yum缓存
如果报错If above article doesn't help to resolve this issue please open a ticket wit
http://mirrors.cloud.aliyuncs.com/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.cloud.aliyuncs.com'"
解决办法:
CentOS 6已经经历了2020年11月的结束进入了EOL(生命终结),不过有一些老设备依然需要支持,CentOS官方也给这些还不想把CentOS 6扔进垃圾堆的用户保留了最后一个版本的充分,只是这个有意义不会再有更新了
官方便在12月2日正式将CentOS 6相关的软件源移出了官方资源,随之而来逐级甚至也会陆续将其删除。
一键修复(复制到SSH执行即可):
[root@localhost ~]$ sed -i "s|enabled=1|enabled=0|g" /etc/yum/pluginconf.d/fastestmirror.conf
[root@localhost ~]$ mv /etc/yum.repos.d/CentOS*.repo /etc/yum.repos.d/CentOS-Base.repo.backup
[root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo
[root@localhost ~]$ yum clean all && yum makecache
如何使用epel源
下载安装epel源
#下载epel源
[root@localhost ~]$ wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm
#安装epel源
[root@localhost ~]$ rpm -ivh epel-release-6-8.noarch.rpm
#清除下缓存
[root@localhost ~]$ yum clean all && yum makecache
1.2 本地源
-
media: 挂载一些移动设备,例如光盘,U盘等。
-
mnt: 挂载一些硬盘等设备。
第一步: 右击虚拟机——进入“虚拟机设置”——点击“CD/DVD(IDE)”——点击“浏览”——选中安装时的镜像——勾选上“已连接”——确定
第二步: 挂载光盘到指定位置
[root@localhost ~]$ mkdir /mnt/cdrom #创建cdrom目录,作为光盘的挂载点
[root@localhost ~]$ ls /dev/cdro* #查看dev目录下的cdrom名称,有的不一致
[root@localhost ~]$ mount /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
#挂载光盘到/mnt/cdrom目录下
[root@localhost ~]$ mount -a #挂载检查,没有报错则成功
第三步: 修改其他几个yum源配置文件的扩展名,让它们失效,因为只有扩展名是“*.repo”的文件才能作为yum源配置文件
[root@localhost ~]$ cd /etc/yum.repos.d/
[root@localhost ~]$ mkdir repos && mv * repos
第四步: 修改光盘yum源配置文件CentOS-Media.repo
[root@localhost ~]$ vim CentOS-Media.repo
[c6-media]
name=CentOS-$releasever - Media
baseurl=file:///mnt/cdrom
#地址为你自己的光盘挂载地址
# file:///media/cdrom/
# file:///media/cdrecorder/
#注释这两个不存在的地址
gpgcheck=1
enabled=1
#把enabled=0改为enabled=1,让这个yum源配置文件生效
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentO
开机自动挂载:
[root@localhost ~]$ vim /etc/fstab
/dev/cdrom /mnt/cdrom iso9660 defaults 0 0
#添加说明:
/dev/cdrom:表示设备的光驱
/Media/cdrom:表示光驱挂载的位置
Iso9660:iso文件的文件类型(固定的iso文件类型格式为iso9660)
0 0 不被dump备份,开机时不检查
测试:
[root@localhost ~]$ yum clean all
[root@localhost ~]$ yum makecache
[root@localhost ~]$ yum -y install gcc
二、Cetnos7 配置yum源
2.1 阿里云源
备份,将 CentOS-Base.repo 为CentOS-Base.repo.backup
[root@localhost ~]$ mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
下载新的 http://mirrors.aliyun.com/repo/Centos-7.repo,并命名为CentOS-Base.repo
[root@localhost ~]$ wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
[root@localhost ~]$ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
清除缓存
[root@localhost ~]$ yum clean all # 清除系统所有的yum缓存
[root@localhost ~]$ yum makecache # 生成yum缓存
2.2 本地源
第一步: 设置虚拟机
第二步: 挂载光盘到指定位置
[root@localhost ~]$ mkdir /mnt/cdrom #创建cdrom目录,作为光盘的挂载点
[root@localhost ~]$ ls /dev/cdro* #查看dev目录下的cdrom名称,有的不一致
[root@localhost ~]$ mount /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
#挂载光盘到/mnt/cdrom目录下
第三步: 修改其他几个yum源配置文件的扩展名,让它们失效,因为只有扩展名是“*.repo”的文件才能作为yum源配置文件
[root@localhost ~]$ cd /etc/yum.repos.d/
[root@localhost ~]$ mkdir repos && mv * repos
第四步: 修改光盘yum源配置文件CentOS-Media.repo
[root@localhost ~]$ vim CentOS-Media.repo
[c7-media]#这个是本源的名字,不能和其他的重复(随便,不重复)
name=CentOS-$releasever - Media #名字(随便)
baseurl=file:///mnt/cdrom #上方步骤一挂载镜像创建的目录
enabled=1 #yum源是否启用 1-启用 0-不启用
gpgcheck=1 #安全检测 1-开启 0-不开启
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#设置本地yum源脚本
[root@localhost ~]$ cat > media_yum.sh << EOF
#!/bin/bash
#设置本地yum源脚本
#创建cdrom目录,作为光盘的挂载点
mkdir /mnt/cdrom
#挂载
mount /dev/cdrom /mnt/cdrom/
#修改其他几个yum源配置文件的扩展名,让它们失效
cd /etc/yum.repos.d/
mkdir repos && mv * repos
#修改光盘yum源配置文件
cat >> /etc/yum.repos.d/CentOS-Media.repo << AOF
[c7-media]
name=CentOS-\$releasever - Media
baseurl=file:///mnt/cdrom
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
AOF
#测试
yum clean all && yum makecache >> null
if [ \$? -eq 0 ]; then
echo -e "\033[32m本地yum源设置成功\033[0m"
else
echo -e "\033[5;31m本地yum源设置失败\033[0m"
fi
EOF
开机自动挂载:
[root@localhost ~]$ vim /etc/fstab
/dev/cdrom /mnt/cdrom iso9660 defaults 0 0
#添加说明:
/dev/cdrom:表示设备的光驱
/Media/cdrom:表示光驱挂载的位置
Iso9660:iso文件的文件类型(固定的iso文件类型格式为iso9660)
0 0 不被dump备份,开机时不检查
测试:
[root@localhost ~]$ yum clean all
[root@localhost ~]$ yum makecache
[root@localhost ~]$ yum -y install gcc
系统初始化配置
设置静态ip
[root@localhost ~]$ cd /etc/sysconfig/network-scripts
[root@localhost ~]$ vim ifcfg-ens33
TYPE=Ethernet #网络类型
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens33
UUID=59ab8840-ef2e-441b-97d1-f9f7fde61d7b
DEVICE=ens33
ONBOOT=yes #开机自启
BOOTPROTO=static #修改此处,改为static
IPADDR=192.168.88.100 #ip地址
NETMASK=255.255.255.0 #子网掩码
GATEWAY=192.168.88.2 #网关,可在虚拟机中查看
DNS1=114.114.114.114 #dns地址
DNS2=223.5.5.5
安装常用软件包
#安装依赖包
[root@localhost ~]$ yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools lrzsz telent gcc gcc-c++
#安装lrzsz,源码包直接拖进shell即可
修改linux语言
1、临时修改
[root@localhost ~]$ export LANG=zh_CN.UTF-8 #中文
[root@localhost ~]$ export LANG=en_US.UTF-8 # 英文
#此方法可以在此终端中生效,而且是即时生效。
2、永久修改
[root@localhost ~]$ cat > /etc/locale.conf << EOF
LANG="en_US.UTF-8"
EOF
# 将/etc/locale.conf文件的LANG值进行修改,如修改为LANG="zh_CN.UTF-8"
[root@localhost ~]$ source /etc/locale.conf // 使其生效
关闭 SELINUX
[root@localhost ~]$ swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
[root@localhost ~]$ setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config && reboot
关闭防火墙
#centos6
[root@localhost ~]$ iptables -F && service iptables save
#centos7
[root@localhost ~]$ systemctl stop firewalld && systemctl disable firewalld
系统初始化脚本
[root@localhost ~]$ vim init.sh
#!/bin/bash
# Description: system init script
# Date: 2021-01-01
# Author: lurenjia
# Network
ping -c 1 -W 3 114.114.114.114 &> /dev/null
if [ ! $? = 0 ];then
echo "Cannot be networked"
exit 1
fi
#提取本机的ip
#ip=$(ifconfig|grep "inet"|grep -v "127.0.0.1"|cut -d: -f2|awk '{print $2}')
# Set PATH Variables
export PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/root/bin
export LANG="en_US.UTF-8"
# Set output color
COLUMENS=80
SPACE_COL=$[ $COLUMENS-15 ]
#VERSION=`uname -r | awk -F'.' '{print $1}'`
VERSION=`uname -r | awk -F'.' '{print $4}' | awk -F 'l' '{print $2}'` #根据是6还是7来判断
RED='\033[1;5;31m'
GREEN='\033[1;32m'
NORMAL='\033[0m'
success() {
REAL_SPACE=$[ $SPACE_COL - ${#1} ]
for i in `seq 1 $REAL_SPACE`; do
echo -n " "
done
echo -e "[ ${GREEN}SUCCESS${NORMAL} ]"
}
failure() {
REAL_SPACE=$[ $SPACE_COL - ${#1} ]
for i in `seq 1 $REAL_SPACE`; do
echo -n " "
done
echo -e "[ ${RED}FAILURE${NORMAL} ]"
exit 1
}
#echo -e "\033[34m当前ip $ip \033[0m"
# 01
Data="01) 关闭selinux..."
echo -n $Data
setenforce 0
/bin/cp /etc/selinux/config /etc/selinux/config.bak
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config &> /dev/null
[ `grep "SELINUX=enforcing" /etc/selinux/config|wc -l` -eq 0 ] && success "$Data" || failure "$Data"
# 02
Data="02) 关闭iptables或者firewalld..."
echo -n $Data
if [ $VERSION = 6 ];then
service iptables stop &> /dev/null
chkconfig iptables off &> /dev/null
[ `chkconfig --list | grep iptables| grep 3:on | wc -l` -eq 0 ] && success "$Data" || failure "$Data"
else
systemctl stop firewalld &> /dev/null
systemctl disable firewalld &> /dev/null
[ `systemctl list-unit-files | grep firewalld | grep enabled | wc -l` -eq 0 ] && success "$Data" || failure "$Data"
fi
# 03
Data="03) 设置公网DNS..."
echo -n $Data
cat << EOF >> /etc/resolv.conf
options timeout:1 attempts:1 rotate single-request-reopen
nameserver 114.114.114.114
nameserver 114.114.114.115
EOF
[ `grep '114.114.114.114' /etc/resolv.conf | wc -l` -ne 0 ] && success "$Data" || failure "$Data"
# 04
Data="04) 安装常用基础命令..."
echo -n $Data
yum -y install vim expect screen lrzsz tree openssl openssh-clients openssl-devel openssh-server telnet iftop iotop sysstat wget ntpdate dos2unix lsof net-tools mtr gcc gcc-c++ cmake zip unzip git sudo psmisc &> /dev/null
if [ ! $? = 0 ];then
failure "$Data"
else
success "$Data"
fi
# 05
Data="05) 配置阿里云yum源..."
echo -n $Data
cd /etc/yum.repos.d
mkdir -p /etc/yum.repos.d/repo_bak
mv *.repo /etc/yum.repos.d/repo_bak/
wget http://mirrors.aliyun.com/repo/Centos-$VERSION.repo &> /dev/null
wget http://mirrors.aliyun.com/repo/epel-$VERSION.repo &> /dev/null
if [ $VERSION = 6 ];then
sed -i "s|enabled=1|enabled=0|g" /etc/yum/pluginconf.d/fastestmirror.conf
mv *.repo /etc/yum.repos.d/repo_bak/
curl -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo
fi
yum clean all &> /dev/null && yum makecache &> /dev/null
[ `grep aliyun.com /etc/yum.repos.d/Centos-$VERSION.repo | wc -l` -ne 0 -a `grep aliyun.com /etc/yum.repos.d/epel-$VERSION.repo | wc -l` -ne 0 ] && success "$Data" || failure "$Data"
# 06
Data="06) 与阿里云时间同步服务器进行时间同步..."
echo -n $Data
/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null && hwclock --systohc &> /dev/null
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com && hwclock --systohc" >> /var/spool/cron/root
if [ $VERSION = 6 ];then
service crond restart &> /dev/null
else
systemctl restart crond &> /dev/null
fi
[ `grep ntpdate /var/spool/cron/root |wc -l` -ne 0 ] && success "$Data" || failure "$Data"
# 07
Data="07) 调整用户级别的文件描述符数量..."
echo -n $Data
/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo "* - nofile 65535">> /etc/security/limits.conf
[ `grep nofile /etc/security/limits.conf | grep -v ^# | awk -F 'nofile' '{print $2}'` -ge 60000 ] && success "$Data" || failure "$Data"
# 08
Data="08) 调整用户级别的进程数量..."
echo -n $Data
if [ $VERSION = 6 ];then
/bin/cp /etc/security/limits.d/90-nproc.conf /etc/security/limits.d/90-nproc.conf.bak
echo -e '* soft nproc 65535\nroot soft nproc unlimited' > /etc/security/limits.d/90-nproc.conf
[ `grep '*' /etc/security/limits.d/90-nproc.conf | grep -v ^# | awk -F ' ' '{print $4}'` -ge 60000 ] && success "$Data" || failure "$Data"
else
/bin/cp /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak
echo -e '* soft nproc 65535\nroot soft nproc unlimited' > /etc/security/limits.d/20-nproc.conf
[ `grep '*' /etc/security/limits.d/20-nproc.conf | grep -v ^# | awk -F ' ' '{print $4}'` -ge 60000 ] && success "$Data" || failure "$Data"
fi
# 09
Data="09) 修改字符集..."
echo -n $Data
if [ $VERSION = 6 ];then
/bin/cp /etc/sysconfig/i18n /etc/sysconfig/i18n.bak
echo 'LANG="en_US.UTF-8"' > /etc/sysconfig/i18n
source /etc/sysconfig/i18n
[ `echo $LANG | grep 'en_US.UTF-8' | wc -l` -ne 0 ] && success "$Data" || failure "$Data"
else
/bin/cp /etc/locale.conf /etc/locale.conf.bak
echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
source /etc/locale.conf
[ `echo $LANG | grep 'en_US.UTF-8' | wc -l` -ne 0 ] && success "$Data" || failure "$Data"
fi
# 10
Data="10) 精简开机自启服务..."
echo -n $Data
if [ $VERSION = 6 ];then
for cgt in `chkconfig --list | grep 3:on | awk '{print $1}'`;do chkconfig --level 3 $cgt off &> /dev/null;done
for cgt in {crond,sshd,network,rsyslog};do chkconfig --level 3 $cgt on &>/dev/null;done
[ `chkconfig --list|grep 3:on|wc -l` -eq 4 ] && success "$Data" || failure "$Data"
else
systemctl list-unit-files|grep service| grep enable | awk '{print $1}'|xargs -i systemctl disable {} &> /dev/null
for cgt in {crond,sshd,network,rsyslog,NetworkManager};do systemctl enable $cgt &>/dev/null;done
[ `systemctl list-unit-files | grep enabled | wc -l` -lt 20 ] && success "$Data" || failure "$Data"
fi
# 11
Data="11) 内核参数优化..."
echo -n $Data
[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F-%H%M%S) || /bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_forward = 1 #开启路由转发
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1 #启用源路由核查功能
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0 #禁用所有IP源路由
kernel.sysrq = 0 #使用sysrq组合键是了解系统目前运行情况,为安全起见设为0关闭
kernel.core_uses_pid = 1 #控制core文件的文件名是否添加pid作为扩展
net.ipv4.tcp_syncookies = 1 #开启SYN Cookies,当出现SYN等待队列溢出时,启用cookies来处理
kernel.msgmnb = 65536 #每个消息队列的大小(单位:字节)限制
kernel.msgmax = 65536 #整个系统最大消息队列数量限制
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
###调整系统级别的文件描述符的数量
fs.file-max = 6553500
###调整系统级别的允许线程的数量
kernel.pid_max=1000000
###内存资源使用相关设定
vm.vfs_cache_pressure = 100000
vm.max_map_count = 262144
vm.swappiness = 0
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 8192 4194304
net.ipv4.tcp_wmem = 4096 8192 4194304
##应对DDOS攻击,TCP连接建立设置
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_max_syn_backlog = 262144
##应对timewait过高,TCP连接断开设置
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.ip_local_port_range = 1024 65000
###TCP keepalived 连接保鲜设置
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
###其他TCP相关调节
net.core.somaxconn = 8192
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
EOF
sysctl -p &> /dev/null
[ `grep "net.ipv4.ip_forward = 1" /etc/sysctl.conf|wc -l` -ne 0 ] && success "$Data" || failure "$Data"
# 12
Data="12) 禁止空密码连接..."
echo -n $Data
/bin/cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
#sed -i 's/\#Port 22/Port 13888/' /etc/ssh/sshd_config
#sed -i 's/\#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/\#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
[ `grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | wc -l` -ne 0 -a `grep "UseDNS no" /etc/ssh/sshd_config|wc -l` -ne 0 ] && success "$Data" || failure "$Data"
# 13
Data="13) 优化history记录..."
echo -n $Data
cat << EOF >> /etc/profile
export HISTSIZE=10000
USER_IP=\`who -u am i | awk '{print \$NF}'|sed -e 's/[()]//g'\`
if [ -z \$USER_IP ]
then
USER_IP="NO_client_IP"
fi
export HISTTIMEFORMAT="<%Y.%m.%d %H:%M:%S-\$USER_IP-\$USER> : "
EOF
source /etc/profile
[ `grep "HISTTIMEFORMAT" /etc/profile | wc -l` -ne 0 ] && success "$Data" || failure "$Data"