1.设置主机名
1)更改主机名#显示当前主机名
[root@localhost ~]# hostname
localhost.localdomain
#改变主机名
[root@localhost ~]# hostname zby
[root@localhost ~]# hostname
zby #只是改变
2)永久改变主机名[root@localhost ~]# hostnamectl set-hostname zby
#显示状态
[root@localhost ~]# hostnamectl
Static hostname: zby
Icon name: computer-vm
Chassis: vm
Machine ID: 1f96150fe7c04420b9e71c154be8c01b
Boot ID: 35495cc567584fd19646472d8e853fcc
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
#显示计算机名
[root@localhost ~]# su - root
Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0
[root@zby ~]#
2.添加用户
1)添加一个用户“zhang”作为下面的示例。[root@zby ~]# useradd zhang
[root@zby ~]# passwd zhang
New password: #设置密码
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: #确认
passwd: all authentication tokens updated successfully.
[root@zby ~]# exit #注销当前用户
2)尝试切换新添加用户zby login: zhang #输入用户名password: #输入密码
#查看当前用户
[zhang@zby ~]$ whoami
zhang
[zhang@zby ~]$ su - root #切换到root用户
Password: #输入root用户密码
[root@zby ~]# #已切换到root用户
3)使用户只能够作为管理用户切换到root用户。[root@zby ~]# usermod -G wheel zhang
[root@zby ~]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
4)转发到根用户的电子邮件到另一个用户,设置如下。[root@zby ~]# vi /etc/aliases
# Person who should get root's mail
#最后一行:取消和更改用户
root: zhang
[root@zby ~]# newaliases #加载
3.防火墙设置
1)可以显示防火墙的服务状态,如下所示。(默认启用)[root@zby ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s agoMain PID: 13164 (firewalld)
CGroup: /system.slice/firewalld.service
└─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon.
2)如果您使用防火墙服务,它需要修改它的设置,因为默认情况下不允许对服务的传入请求。在这里是指基本的操作和设置配置firewalld服务。
3)如果你因为一些原因不需要防火墙服务,需要停止并禁用它如下。#停止服务
[root@zby ~]# systemctl stop firewalld
#关闭服务
[root@zby ~]# systemctl disable firewalld
4)显示SELinux的状态(安全增强的Linux)如下。(默认启用)[root@zby ~]# getenforce
Enforcing #selinux是开启的
#关闭selinux
[root@zby ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
#重新启动应用新设置
[root@zby ~]# reboot
4.网络设置
1)设置静态IP,替换接口名称为"eth0"#设置主机名
[root@zby ~]# hostnamectl set-hostname zby
#显示网络设备
[root@zby ~]# nmcli d
DEVICE TYPE STATE CONNECTIONeth0 ethernet connected eth0lo loopback unmanaged --
#设置IPV4地址
[root@zby ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24
#设置默认网关
[root@zby ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1
#设置域名解析
[root@zby ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66
#为静态设置设置手动(DHCP为“自动”)
[root@zby ~]# nmcli c modify eth0 ipv4.method manual
#重新启动界面并重新加载设置
[root@zby ~]# nmcli c down eth0; nmcli c up eth0
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
#显示网卡配置信息
[root@zby ~]# nmcli d show eth0
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:50:56:8F:56:A5
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eth0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.31.253.63/24
IP4.GATEWAY: 172.31.253.1
IP4.DNS[1]: 211.138.24.66
IP4.DNS[2]: 211.138.30.66
IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64
IP6.GATEWAY:
#显示网卡状态
[root@zby ~]# ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ffinet 172.31.253.63/24 brd 172.31.253.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::250:56ff:fe8f:56a5/64 scope linkvalid_lft forever preferred_lft forever
2)关闭IPV6[root@zby ~]# vi /etc/default/grub
#在第6行,添加
GRUB_CMDLINE_LINUX="crashkernel=autoipv6.disable=1rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"
#使更改生效
[root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b
Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone
[root@zby ~]# reboot
3)上面的接口名称的例子是“eth0”,但是如果您的系统安装在物理机器上,默认情况下该名称不是“ethX”。 然后如果你想使用网络接口名称“ethX”,配置如下。[root@zby ~]# vi /etc/default/grub
#在第6行添加
GRUB_CMDLINE_LINUX="crashkernel=autonet.ifnames=0ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"
[root@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone
[root@zby ~]# reboot
5.配置服务
1)查看服务状态#显示正在运行的服务列表
[root@zby ~]# systemctl -t service
UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Busgetty@tty1.service loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etclvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to runwpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'.
#显示所有服务
[root@zby ~]# systemctl list-unit-files -t service
UNIT FILE STATEauditd.service enabledautovt@.service disabledblk-availability.service disabledbrandbot.service staticconsole-getty.service disabledconsole-shell.service disabledcontainer-getty@.service staticcpupower.service disabledcrond.service enableddbus-org.freedesktop.hostname1.service staticdbus-org.freedesktop.locale1.service staticdbus-org.freedesktop.login1.service staticdbus-org.freedesktop.machine1.service staticdbus-org.freedesktop.network1.service invaliddbus-org.freedesktop.NetworkManager.service enableddbus-org.freedesktop.nm-dispatcher.service enableddbus-org.freedesktop.timedate1.service staticdbus.service staticdebug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static。。。。。。systemd-vconsole-setup.service statictcsd.service disabledteamd@.service statictuned.service enabledwpa_supplicant.service disabled139 unit files listed.
2)停止并关闭服务的自动启动设置。[root@zby ~]# systemctl stop postfix
[root@zby ~]# systemctl disable postfix
Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service.
3)通过chkconfig控制一些服务是否自动启动。[root@zby ~]# chkconfig --list
Note: This output shows SysV services only and does not include nativesystemd services. SysV configuration data might be overridden by nativesystemd configuration.If you want to list systemd services use 'systemctl list-unit-files'.To see services enabled on particular target use'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off
#例如,关闭netconsole的自动启动设置
[root@zby ~]# chkconfig netconsole off
6.升级系统
1)安装CentOS后,如有可能,请先更新系统。[root@zby ~]# yum -y update
。。。。。yum.noarch 0:3.4.3-154.el7.centos.1yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7zlib.x86_64 0:1.2.7-17.el7Replaced:NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centosgrub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7rdma.noarch 0:7.2_4.1_rc6-1.el7Complete!
7.添加外部软件源
添加一些有用的外部存储库来安装有用的软件。
1)安装一个插件为每个已安装的存储库添加优先级。[root@zby ~]# yum -y install yum-plugin-priorities
Downloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1Installed:yum-plugin-priorities.noarch 0:1.1.31-42.el7Complete!
#将[priority = 1]设置为官方存储库
[root@zby ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo
2)添加从Fedora项目提供的EPEL存储库。[root@zby ~]# yum -y install epel-release
Running transactionInstalling : epel-release-7-9.noarch 1/1Verifying : epel-release-7-9.noarch 1/1Installed:epel-release.noarch 0:7-9Complete!
# 设置[priority=5]
[root@zby ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
#如果[enabled = 0],输入命令以使用存储库
[root@zby ~]# yum --enablerepo=epel install [Package]
3)添加CentOS SCLo软件集合存储库。[root@zby ~]# yum -y install centos-release-scl-rh centos-release-scl
#设置[priority=10]
[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
#如果[enabled = 0],输入命令以使用存储库
[root@zby ~]# yum --enablerepo=centos-sclo-rh install [Package]
[root@zby ~]# yum --enablerepo=centos-sclo-sclo install [Package]
4)添加Remi的RPM存储库,它提供了许多有用的软件包。# 设置 [priority=10]
[root@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[root@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo
#if [enabled = 0],输入命令以使用存储库
[root@zby ~]# yum --enablerepo=remi-safe install [Package]
8.配置vim安装和配置比vi更方便的vim。1)安装vim[root@zby ~]# yum -y install vim-enhanced
Installed:vim-enhanced.x86_64 2:7.4.160-2.el7Dependency Installed:gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7vim-filesystem.x86_64 2:7.4.160-2.el7
Complete!
2)设置命令别名。 (适用于下面的所有用户,如果你申请了一个用户,在'〜/ .bashrc'中写入相同的设置)[root@zby ~]# vi /etc/profile
#在最后一行添加
alias vi='vim'
[root@zby ~]# source /etc/profile #重新加载环境变量
3)配置vim。 (适用于下面的用户,如果适用于所有用户,在'/ etc / vimrc'中写入相同的设置,但默认情况下会应用一些设置。)[root@zby ~]# vi ~/.vimrc
#使用vim的扩展功能(不兼容vi)
set nocompatible
#指定编码
set encoding=utf-8
#指定文件编码
set fileencodings=ucs-bom,utf-8,cp936
#指定文件格式
set fileformats=unix,dos
#采取备份,如果没有,请指定[set nobackup]
set backup
#指定备份目录
set backupdir=~/backup
#采取50个搜索历史
set history=50
#忽略Case
setignorecase
#不同的资本,如果你混合搜索词
set smartcase
#突出显示匹配的词,如果不是,请指定[set nohlsearch]
set hlsearch
#使用增量搜索,如果没有,请指定[set noincsearch]
set incsearch
#显示行号,如果不是,请指定[set nonumber]
set number
#可视化中断($)或标签(^ I)
set list
#突出显示括号
set showmatch
#显示彩色显示,如果没有,请指定[语法关闭]
syntax on
#如果已设置,则更改注释的颜色[语法]
highlight comment ctermfg=LightCyan
#包装线,如果没有,请指定[set nowrap]
set wrap
9.配置sudo
配置sudo以分离用户的责任,如果一些人共享特权。不必手动安装sudo,因为即使“最小安装”,它也是默认安装的。
1)将root权限转移给用户all。[root@zby ~]# visudo
#在最后一行添加:用户'cent'可以使用所有root权限zhang ALL=(ALL) ALL#如何写⇒目的地主机=(所有者)命令
#确保用户‘zhang’
[root@zby ~]# su - zhang
[zhang@zby ~]$ /usr/bin/cat /etc/shadow
sr/bin/cat: /etc/shadow: Permission denied
[zhang@zby ~]$ sudo /usr/bin/cat /etc/shadow
。。。。。。
tss:!!:17586::::::
postfix:!!:17586::::::
sshd:!!:17586::::::
zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7:::
10.设置时区在下面的示例中替换为您自己的时区。#显示时区[root@zby ~]# timedatectl list-timezones
。。。。。。
Asia/Qyzylorda
Asia/Riyadh
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
Asia/Taipei
Asia/Tashkent
Asia/Tbilisi
#设置时区
[root@zby ~]# timedatectl set-timezone Asia/Shanghai
#显示状态
[root@zby ~]# timedatectl
Local time: Mon 2018-03-19 22:18:49 CST
Universal time: Mon 2018-03-19 14:18:49 UTC
RTC time: Mon 2018-03-19 14:18:48
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: n/aNTP
synchronized: noRTC in local
TZ: no
DST active: n/a
11.设置键盘布局#显示当前键盘布局状态
[root@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
#显示键盘映射列表
[root@zby ~]# localectl list-keymaps
。。。。。。
ukunicode
us
us-acentos
us-alt-intl
us-altgr-intl
us-colemak
us-dvorak
us-dvorak-alt-intl
us-dvorak-classic
us-dvorak-intl
us-dvorak-l
us-dvorak-r
us-dvp
#设置键盘布局
[root@zby ~]# localectl set-keymap us
#显示键盘布局状态
[root@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
12.设置系统语言
在下面的示例中替换为您自己的语言。#显示当前状态
[root@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
#显示语言环境列表
[root@zby ~]# localectl list-locales
。。。。。。
en_US
en_US.iso88591
en_US.iso885915
en_US.utf8
#设置区域语言
[root@zby ~]# localectl set-locale.utf8
#显示语言状态
[root@zby ~]# localectl
System Locale:.utf8
VC Keymap: us
X11 Layout: us
13.设置密码
出于安全原因设置密码规则。
1)设置密码过期的天数。用户必须在几天内更改密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -M(days)(user)”。[root@zby ~]# vi /etc/login.defs
#第25行:为密码过期设置60
PASS_MAX_DAYS 60
2)设置可用密码的最短天数。至少在改变它之后,用户必须至少使用他们的密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -m(days)(user)”[root@zby ~]# vi /etc/login.defs
#第26行:设置2为可用天数
PASS_MIN_DAYS 2
3)在到期前设置警告的天数。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -W(days)(user)”。[root@zby ~]# vi /etc/login.defs
#第28行:为警告天数设置7
PASS_WARN_AGE 7
4)使用过去使用的密码进行限制。在这一代中,用户不能设置相同的密码。[root@zby ~]# vi /etc/pam.d/system-auth
#第15行附近:禁止在过去的5代中使用相同的密码
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
5)设置最小密码长度。用户不能将其密码长度设置为小于此参数。#为最小密码长度设置8
[root@zby ~]# authconfig --passminlen=8 --update
#该参数在下面的配置中设置
[root@zby ~]# grep "^minlen" /etc/security/pwquality.conf
minlen = 8
6)为新密码设置所需的最少字符类数。 (种类⇒UpperCase / LowerCase / Digits / Others)#设置2以获取所需字符类别的最小数量
[root@zby ~]# authconfig --passminclass=2 --update
#该参数在下面的配置中设置
[root@zby ~]# grep "^minclass" /etc/security/pwquality.conf
minclass = 2
7)在新密码中设置允许的连续相同字符的最大数量。#为允许的连续相同字符的最大数量设置2
[root@zby ~]# authconfig --passmaxrepeat=2 --update
#该参数在下面的配置中设置
[root@zby ~]# grep "^maxrepeat" /etc/security/pwquality.conf
maxrepeat = 2
8)在新密码中设置同一类的最大允许连续字符数。#设置4为同一类的最大允许连续字符数
[root@zby ~]# authconfig --passmaxcla***epeat=4 --update
#该参数在下面的配置中设置
[root@zby ~]# grep "^maxcla***epeat" /etc/security/pwquality.conf
maxcla***epeat = 4
9)新密码中至少需要一个小写字符。[root@zby ~]# authconfig --enablereqlower --update
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[root@zby ~]# grep "^lcredit" /etc/security/pwquality.conf
lcredit = -1
10)新密码中至少需要一个大写字符。[root@zby ~]# authconfig --enablerequpper --update
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[root@zby ~]# grep "^ucredit" /etc/security/pwquality.conf
ucredit = -1
11)新密码中至少需要一位数字。[root@zby ~]# authconfig --enablereqdigit --update
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[root@zby ~]# grep "^dcredit" /etc/security/pwquality.conf
dcredit = -1
12)新密码中至少需要一个其他字符。[root@zby ~]# authconfig --enablereqother --update
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[root@zby ~]# grep "^ocredit" /etc/security/pwquality.conf
ocredit = -1
13)在新密码中设置单调字符序列的最大长度。 (ex⇒'12345','fedcb')[root@zby ~]# vi /etc/security/pwquality.conf
#在最后一行添加
maxsequence = 3
14)设置旧密码中不能出现的新密码中的字符数。[root@zby ~]# vi /etc/security/pwquality.conf
#在最后一行添加
difok = 5
15)检查新密码中是否包含用户passwd项的GECOS字段中长度超过3个字符的单词。[root@zby ~]# vi /etc/security/pwquality.conf
#在最后一行添加
gecoscheck = 1
16)设置不能包含在密码中的Ssace分隔列表。[root@zby ~]# vi /etc/security/pwquality.conf
#在最后一行添加
badwords = denywords1 denywords2 denywords3
17)为新密码设置散列/密码算法。 (默认是sha512)#显示当前算法
[root@zby ~]# authconfig --test | grep hashing
password hashing algorithm is sha512
#将算法更改为sha512
[root@zby ~]# authconfig --passalgo=sha512 --update
[root@zby ~]# authconfig --test | grep hashing
password hashing algorithm is sha512