linux centous7写死ip,Centos7基础设置

最新推荐文章于 2022-12-05 18:15:23 发布

张元兴

最新推荐文章于 2022-12-05 18:15:23 发布

阅读量393

点赞数

文章标签： linux centous7写死ip

1.设置主机名

1)更改主机名#显示当前主机名

[root@localhost ~]# hostname

localhost.localdomain

#改变主机名

[root@localhost ~]# hostname zby

[root@localhost ~]# hostname

zby #只是改变

2)永久改变主机名[root@localhost ~]# hostnamectl set-hostname zby

#显示状态

[root@localhost ~]# hostnamectl

Static hostname: zby

Icon name: computer-vm

Chassis: vm

Machine ID: 1f96150fe7c04420b9e71c154be8c01b

Boot ID: 35495cc567584fd19646472d8e853fcc

Virtualization: vmware

Operating System: CentOS Linux 7 (Core)

CPE OS Name: cpe:/o:centos:centos:7

Kernel: Linux 3.10.0-327.el7.x86_64

Architecture: x86-64

#显示计算机名

[root@localhost ~]# su - root

Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0

[root@zby ~]#

2.添加用户

1)添加一个用户“zhang”作为下面的示例。[root@zby ~]# useradd zhang

[root@zby ~]# passwd zhang

New password: #设置密码

BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word

Retype new password: #确认

passwd: all authentication tokens updated successfully.

[root@zby ~]# exit #注销当前用户

2)尝试切换新添加用户zby login: zhang #输入用户名password: #输入密码

#查看当前用户

[zhang@zby ~]$ whoami

zhang

[zhang@zby ~]$ su - root #切换到root用户

Password: #输入root用户密码

[root@zby ~]# #已切换到root用户

3)使用户只能够作为管理用户切换到root用户。[root@zby ~]# usermod -G wheel zhang

[root@zby ~]# vi /etc/pam.d/su

#%PAM-1.0

auth sufficient pam_rootok.so

# Uncomment the following line to implicitly trust users in the "wheel" group.

#auth sufficient pam_wheel.so trust use_uid

# Uncomment the following line to require a user to be in the "wheel" group.

auth required pam_wheel.so use_uid

auth substack system-auth

auth include postlogin

account sufficient pam_succeed_if.so uid = 0 use_uid quiet

account include system-auth

password include system-auth

session include system-auth

session include postlogin

session optional pam_xauth.so

4)转发到根用户的电子邮件到另一个用户，设置如下。[root@zby ~]# vi /etc/aliases

# Person who should get root's mail

#最后一行：取消和更改用户

root: zhang

[root@zby ~]# newaliases #加载

3.防火墙设置

1)可以显示防火墙的服务状态，如下所示。(默认启用)[root@zby ~]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s agoMain PID: 13164 (firewalld)

CGroup: /system.slice/firewalld.service

└─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon...

Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon.

2)如果您使用防火墙服务，它需要修改它的设置，因为默认情况下不允许对服务的传入请求。在这里是指基本的操作和设置配置firewalld服务。

3)如果你因为一些原因不需要防火墙服务，需要停止并禁用它如下。#停止服务

[root@zby ~]# systemctl stop firewalld

#关闭服务

[root@zby ~]# systemctl disable firewalld

4)显示SELinux的状态(安全增强的Linux)如下。(默认启用)[root@zby ~]# getenforce

Enforcing #selinux是开启的

#关闭selinux

[root@zby ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

#重新启动应用新设置

[root@zby ~]# reboot

4.网络设置

1)设置静态IP，替换接口名称为"eth0"#设置主机名

[root@zby ~]# hostnamectl set-hostname zby

#显示网络设备

[root@zby ~]# nmcli d

DEVICE TYPE STATE CONNECTIONeth0 ethernet connected eth0lo loopback unmanaged --

#设置IPV4地址

[root@zby ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24

#设置默认网关

[root@zby ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1

#设置域名解析

[root@zby ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66

#为静态设置设置手动(DHCP为“自动”)

[root@zby ~]# nmcli c modify eth0 ipv4.method manual

#重新启动界面并重新加载设置

[root@zby ~]# nmcli c down eth0; nmcli c up eth0

Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0)

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)

#显示网卡配置信息

[root@zby ~]# nmcli d show eth0

GENERAL.DEVICE: eth0

GENERAL.TYPE: ethernet

GENERAL.HWADDR: 00:50:56:8F:56:A5

GENERAL.MTU: 1500

GENERAL.STATE: 100 (connected)

GENERAL.CONNECTION: eth0

GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1

WIRED-PROPERTIES.CARRIER: on

IP4.ADDRESS[1]: 172.31.253.63/24

IP4.GATEWAY: 172.31.253.1

IP4.DNS[1]: 211.138.24.66

IP4.DNS[2]: 211.138.30.66

IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64

IP6.GATEWAY:

#显示网卡状态

[root@zby ~]# ip addr show

1: lo: mtu 65536 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ffinet 172.31.253.63/24 brd 172.31.253.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::250:56ff:fe8f:56a5/64 scope linkvalid_lft forever preferred_lft forever

2)关闭IPV6[root@zby ~]# vi /etc/default/grub

#在第6行，添加

GRUB_CMDLINE_LINUX="crashkernel=autoipv6.disable=1rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"

#使更改生效

[root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg

Generating grub configuration file ...

Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64

Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img

Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b

Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone

[root@zby ~]# reboot

3)上面的接口名称的例子是“eth0”，但是如果您的系统安装在物理机器上，默认情况下该名称不是“ethX”。然后如果你想使用网络接口名称“ethX”，配置如下。[root@zby ~]# vi /etc/default/grub

#在第6行添加

GRUB_CMDLINE_LINUX="crashkernel=autonet.ifnames=0ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"

[root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg

Generating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone

[root@zby ~]# reboot

5.配置服务

1)查看服务状态#显示正在运行的服务列表

[root@zby ~]# systemctl -t service

UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Busgetty@tty1.service loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etclvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to runwpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'.

#显示所有服务

[root@zby ~]# systemctl list-unit-files -t service

UNIT FILE STATEauditd.service enabledautovt@.service disabledblk-availability.service disabledbrandbot.service staticconsole-getty.service disabledconsole-shell.service disabledcontainer-getty@.service staticcpupower.service disabledcrond.service enableddbus-org.freedesktop.hostname1.service staticdbus-org.freedesktop.locale1.service staticdbus-org.freedesktop.login1.service staticdbus-org.freedesktop.machine1.service staticdbus-org.freedesktop.network1.service invaliddbus-org.freedesktop.NetworkManager.service enableddbus-org.freedesktop.nm-dispatcher.service enableddbus-org.freedesktop.timedate1.service staticdbus.service staticdebug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static。。。。。。systemd-vconsole-setup.service statictcsd.service disabledteamd@.service statictuned.service enabledwpa_supplicant.service disabled139 unit files listed.

2)停止并关闭服务的自动启动设置。[root@zby ~]# systemctl stop postfix

[root@zby ~]# systemctl disable postfix

Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.

3)通过chkconfig控制一些服务是否自动启动。[root@zby ~]# chkconfig --list

Note: This output shows SysV services only and does not include nativesystemd services. SysV configuration data might be overridden by nativesystemd configuration.If you want to list systemd services use 'systemctl list-unit-files'.To see services enabled on particular target use'systemctl list-dependencies [target]'.

netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off

network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off

＃例如，关闭netconsole的自动启动设置

[root@zby ~]# chkconfig netconsole off

6.升级系统

1)安装CentOS后，如有可能，请先更新系统。[root@zby ~]# yum -y update

。。。。。yum.noarch 0:3.4.3-154.el7.centos.1yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7zlib.x86_64 0:1.2.7-17.el7Replaced:NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centosgrub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7rdma.noarch 0:7.2_4.1_rc6-1.el7Complete!

7.添加外部软件源

添加一些有用的外部存储库来安装有用的软件。

1)安装一个插件为每个已安装的存储库添加优先级。[root@zby ~]# yum -y install yum-plugin-priorities

Downloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1Installed:yum-plugin-priorities.noarch 0:1.1.31-42.el7Complete!

＃将[priority = 1]设置为官方存储库

[root@zby ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo

2)添加从Fedora项目提供的EPEL存储库。[root@zby ~]# yum -y install epel-release

Running transactionInstalling : epel-release-7-9.noarch 1/1Verifying : epel-release-7-9.noarch 1/1Installed:epel-release.noarch 0:7-9Complete!

# 设置[priority=5]

[root@zby ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo

＃换另一种方式，更改为[enabled = 0]并仅在需要时使用它

[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo

＃如果[enabled = 0]，输入命令以使用存储库

[root@zby ~]# yum --enablerepo=epel install [Package]

3)添加CentOS SCLo软件集合存储库。[root@zby ~]# yum -y install centos-release-scl-rh centos-release-scl

#设置[priority=10]

[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo

[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

＃换另一种方式，更改为[enabled = 0]并仅在需要时使用它

[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo

[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo

＃如果[enabled = 0]，输入命令以使用存储库

[root@zby ~]# yum --enablerepo=centos-sclo-rh install [Package]

[root@zby ~]# yum --enablerepo=centos-sclo-sclo install [Package]

4)添加Remi的RPM存储库，它提供了许多有用的软件包。# 设置 [priority=10]

[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo

＃换另一种方式，更改为[enabled = 0]并仅在需要时使用它

[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo

＃if [enabled = 0]，输入命令以使用存储库

[root@zby ~]# yum --enablerepo=remi-safe install [Package]

8.配置vim安装和配置比vi更方便的vim。1)安装vim[root@zby ~]# yum -y install vim-enhanced

Installed:vim-enhanced.x86_64 2:7.4.160-2.el7Dependency Installed:gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7vim-filesystem.x86_64 2:7.4.160-2.el7

Complete!

2)设置命令别名。 (适用于下面的所有用户，如果你申请了一个用户，在'〜/ .bashrc'中写入相同的设置)[root@zby ~]# vi /etc/profile

#在最后一行添加

alias vi='vim'

[root@zby ~]# source /etc/profile #重新加载环境变量

3)配置vim。 (适用于下面的用户，如果适用于所有用户，在'/ etc / vimrc'中写入相同的设置，但默认情况下会应用一些设置。)[root@zby ~]# vi ~/.vimrc

#使用vim的扩展功能(不兼容vi)

set nocompatible

#指定编码

set encoding=utf-8

#指定文件编码

set fileencodings=ucs-bom,utf-8,cp936

#指定文件格式

set fileformats=unix,dos

#采取备份，如果没有，请指定[set nobackup]

set backup

#指定备份目录

set backupdir=~/backup

#采取50个搜索历史

set history=50

#忽略Case

setignorecase

#不同的资本，如果你混合搜索词

set smartcase

#突出显示匹配的词，如果不是，请指定[set nohlsearch]

set hlsearch

#使用增量搜索，如果没有，请指定[set noincsearch]

set incsearch

#显示行号，如果不是，请指定[set nonumber]

set number

#可视化中断($)或标签(^ I)

set list

#突出显示括号

set showmatch

#显示彩色显示，如果没有，请指定[语法关闭]

syntax on

#如果已设置，则更改注释的颜色[语法]

highlight comment ctermfg=LightCyan

#包装线，如果没有，请指定[set nowrap]

set wrap

9.配置sudo

配置sudo以分离用户的责任，如果一些人共享特权。不必手动安装sudo，因为即使“最小安装”，它也是默认安装的。

1)将root权限转移给用户all。[root@zby ~]# visudo

#在最后一行添加：用户'cent'可以使用所有root权限zhang ALL=(ALL) ALL#如何写⇒目的地主机=(所有者)命令

#确保用户‘zhang’

[root@zby ~]# su - zhang

[zhang@zby ~]$ /usr/bin/cat /etc/shadow

sr/bin/cat: /etc/shadow: Permission denied

[zhang@zby ~]$ sudo /usr/bin/cat /etc/shadow

。。。。。。

tss:!!:17586::::::

postfix:!!:17586::::::

sshd:!!:17586::::::

zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7:::

10.设置时区在下面的示例中替换为您自己的时区。#显示时区[root@zby ~]# timedatectl list-timezones

。。。。。。

Asia/Qyzylorda

Asia/Riyadh

Asia/Sakhalin

Asia/Samarkand

Asia/Seoul

Asia/Shanghai

Asia/Singapore

Asia/Srednekolymsk

Asia/Taipei

Asia/Tashkent

Asia/Tbilisi

#设置时区

[root@zby ~]# timedatectl set-timezone Asia/Shanghai

#显示状态

[root@zby ~]# timedatectl

Local time: Mon 2018-03-19 22:18:49 CST

Universal time: Mon 2018-03-19 14:18:49 UTC

RTC time: Mon 2018-03-19 14:18:48

Time zone: Asia/Shanghai (CST, +0800)

NTP enabled: n/aNTP

synchronized: noRTC in local

TZ: no

DST active: n/a

11.设置键盘布局#显示当前键盘布局状态

[root@zby ~]# localectl

System Locale:.UTF-8

VC Keymap: us

X11 Layout: us

#显示键盘映射列表

[root@zby ~]# localectl list-keymaps

。。。。。。

ukunicode

us-acentos

us-alt-intl

us-altgr-intl

us-colemak

us-dvorak

us-dvorak-alt-intl

us-dvorak-classic

us-dvorak-intl

us-dvorak-l

us-dvorak-r

us-dvp

#设置键盘布局

[root@zby ~]# localectl set-keymap us

#显示键盘布局状态

[root@zby ~]# localectl

System Locale:.UTF-8

VC Keymap: us

X11 Layout: us

12.设置系统语言

在下面的示例中替换为您自己的语言。#显示当前状态

[root@zby ~]# localectl

System Locale:.UTF-8

VC Keymap: us

X11 Layout: us

#显示语言环境列表

[root@zby ~]# localectl list-locales

。。。。。。

en_US

en_US.iso88591

en_US.iso885915

en_US.utf8

#设置区域语言

[root@zby ~]# localectl set-locale.utf8

#显示语言状态

[root@zby ~]# localectl

System Locale:.utf8

VC Keymap: us

X11 Layout: us

13.设置密码

出于安全原因设置密码规则。

1)设置密码过期的天数。用户必须在几天内更改密码。此设置仅在创建用户时才会产生影响，而不会影响到现有用户。如果设置为现有用户，请运行命令“chage -M(days)(user)”。[root@zby ~]# vi /etc/login.defs

＃第25行：为密码过期设置60

PASS_MAX_DAYS 60

2)设置可用密码的最短天数。至少在改变它之后，用户必须至少使用他们的密码。此设置仅在创建用户时才会产生影响，而不会影响到现有用户。如果设置为现有用户，请运行命令“chage -m(days)(user)”[root@zby ~]# vi /etc/login.defs

＃第26行：设置2为可用天数

PASS_MIN_DAYS 2

3)在到期前设置警告的天数。此设置仅在创建用户时才会产生影响，而不会影响到现有用户。如果设置为现有用户，请运行命令“chage -W(days)(user)”。[root@zby ~]# vi /etc/login.defs

＃第28行：为警告天数设置7

PASS_WARN_AGE 7

4)使用过去使用的密码进行限制。在这一代中，用户不能设置相同的密码。[root@zby ~]# vi /etc/pam.d/system-auth

＃第15行附近：禁止在过去的5代中使用相同的密码

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5

5)设置最小密码长度。用户不能将其密码长度设置为小于此参数。＃为最小密码长度设置8

[root@zby ~]# authconfig --passminlen=8 --update

＃该参数在下面的配置中设置

[root@zby ~]# grep "^minlen" /etc/security/pwquality.conf

minlen = 8

6)为新密码设置所需的最少字符类数。 (种类⇒UpperCase / LowerCase / Digits / Others)＃设置2以获取所需字符类别的最小数量

[root@zby ~]# authconfig --passminclass=2 --update

＃该参数在下面的配置中设置

[root@zby ~]# grep "^minclass" /etc/security/pwquality.conf

minclass = 2

7)在新密码中设置允许的连续相同字符的最大数量。＃为允许的连续相同字符的最大数量设置2

[root@zby ~]# authconfig --passmaxrepeat=2 --update

＃该参数在下面的配置中设置

[root@zby ~]# grep "^maxrepeat" /etc/security/pwquality.conf

maxrepeat = 2

8)在新密码中设置同一类的最大允许连续字符数。＃设置4为同一类的最大允许连续字符数

[root@zby ~]# authconfig --passmaxcla***epeat=4 --update

＃该参数在下面的配置中设置

[root@zby ~]# grep "^maxcla***epeat" /etc/security/pwquality.conf

maxcla***epeat = 4

9)新密码中至少需要一个小写字符。[root@zby ~]# authconfig --enablereqlower --update

＃该参数在下面的配置中设置＃(如果你想编辑值，用vi和其他编辑)

[root@zby ~]# grep "^lcredit" /etc/security/pwquality.conf

lcredit = -1

10)新密码中至少需要一个大写字符。[root@zby ~]# authconfig --enablerequpper --update

＃该参数在下面的配置中设置＃(如果你想编辑值，用vi和其他编辑)

[root@zby ~]# grep "^ucredit" /etc/security/pwquality.conf

ucredit = -1

11)新密码中至少需要一位数字。[root@zby ~]# authconfig --enablereqdigit --update

＃该参数在下面的配置中设置＃(如果你想编辑值，用vi和其他编辑)

[root@zby ~]# grep "^dcredit" /etc/security/pwquality.conf

dcredit = -1

12)新密码中至少需要一个其他字符。[root@zby ~]# authconfig --enablereqother --update

＃该参数在下面的配置中设置＃(如果你想编辑值，用vi和其他编辑)

[root@zby ~]# grep "^ocredit" /etc/security/pwquality.conf

ocredit = -1

13)在新密码中设置单调字符序列的最大长度。 (ex⇒'12345'，'fedcb')[root@zby ~]# vi /etc/security/pwquality.conf

#在最后一行添加

maxsequence = 3

14)设置旧密码中不能出现的新密码中的字符数。[root@zby ~]# vi /etc/security/pwquality.conf

#在最后一行添加

difok = 5

15)检查新密码中是否包含用户passwd项的GECOS字段中长度超过3个字符的单词。[root@zby ~]# vi /etc/security/pwquality.conf

#在最后一行添加

gecoscheck = 1

16)设置不能包含在密码中的Ssace分隔列表。[root@zby ~]# vi /etc/security/pwquality.conf

#在最后一行添加

badwords = denywords1 denywords2 denywords3

17)为新密码设置散列/密码算法。 (默认是sha512)＃显示当前算法

[root@zby ~]# authconfig --test | grep hashing

password hashing algorithm is sha512

＃将算法更改为sha512

[root@zby ~]# authconfig --passalgo=sha512 --update

[root@zby ~]# authconfig --test | grep hashing

password hashing algorithm is sha512

张元兴

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
linux centous7写死ip,Centos7基础设置

1.设置主机名1)更改主机名#显示当前主机名[root@localhost ~]# hostnamelocalhost.localdomain#改变主机名[root@localhost ~]# hostname zby[root@localhost ~]# hostnamezby #只是改变2)永久改变主机名[root@localhost ~]# hostnamect...
复制链接

扫一扫

linux centous7写死ip,Centos7基础设置

“相关推荐”对你有帮助么？