1 . 编写resolv.conf(dns) 文件

[root@node1 ~]# cat /srv/salt/system/dns/dns.sls 

/etc/resolv.conf: 

  file.managed: 

    - source: salt://system/dns/resolv.conf 

    - user: root

    - group: root 

    - mode: 644 


2 . 给历史命令(history)添加时间

[root@node1 ~]# cat /srv/salt/system/history/history.sls 

/etc/profile: 

  file.append: 

   - text: 

     - export HISTTIMEFORMAT="%F %T `whoami`" 


3 . 编写命令审计功能

[root@node1 ~]# cat audit.sls 

/etc/bashrc 

  file.append: 

    - text: 

      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' 


4 .更改内核参数

[root@node1 ~]# cat sysctl.sls 

vm.swappiness: 

  sysctl.present: 

    - value: 0 

net.ipv4.ip_local_port_range: 

  sysctl.present: 

    - value: 10000 65000 

fs.file-max: 

  sysctl.present: 

    - value: 100000 


5.集中管理上面4个配置文件

[root@node1 ~]# cat /srv/salt/system/init.sls 

include: 

  - system.dns 

  - system.history

  - system.audit 

  - system.sysctl 


6.执行salt

[root@node1 ~]# salt '*' state.sls  system.dns  system.history  system.audit  system.sysctl


7.查看minion端是否执行成功

[root@node1 init]# salt '*' cmd.run 'cat /etc/resolv.conf' 

salt-minion: 

    nameserver 8.8.8.8