1.修改主机名
hostnamectl set-hostname ***
2.使用静态IP地址
Centos oracle linux修改如下配置文件:
[root@zabbix ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
UUID=efcd9869-2bd4-4a95-aa04-377f7eb7197c
DEVICE=ens192
ONBOOT=yes
IPADDR=192.168.16.*
NETMASK=255.255.254.0
GATEWAY=192.168.16.1
ubantu修改静态地址(需要特别注意格式和空格):
修改文件:/etc/netplan/01-network-manager-all.yaml
network:
ethernets:
ens160:
addresses: [192.168.16.103/23]
dhcp4: false
optional: true
gateway4: 192.168.16.1
nameservers:
addresses: [202.96.134.33]
version: 2
3.配置dns
Centos :
[root@zabbix ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 202.96.134.33
nameserver 192.168.16.58
ubantu请见静态IP地址配置。
4.配置yum源& apt-get update
Centos 可用yum源文件放/etc/yum.repos.d/路径下,yum clean all,情况缓存,yum repolist 重新生成查看可用包数量
Ubantu:
5.密码使用时间:
可以在/etc/login.defs 文件中配置:
PASS_MAX_DAYS 90 #新建用户的密码最长使用天数
PASS_MIN_DAYS 0 #新建用户的密码最短使用天数
PASS_WARN_AGE 7 #新建用户的密码到期提前提醒天数
6.密码复杂度
执行 : awk -F: '($2 == "") { print $1 }' /etc/shadow 检查是否有空账号
可以在/etc/pam.d/system-auth 文件中配置:
password requisite pam_cracklib.so difok=3 minlen=8 ucredit=-1 lcredit=-1
dcredit=1
至少8 位,包含一位大写字母,一位小写字母和一位数字
7.用户锁定策略
使用命令“vi /etc/pam.d/system-auth”修改配置文件,添加
auth required pam_tally.so onerr=fail deny=10 unlock_time=300
#设置连续输错10 次密码,帐号锁定5 分钟
注:解锁用户faillog -u <用户名> -r
8.修改umask
umask 查看当前umask 数值
执行 cat /etc/profile | grep umask 修改umask值
022表示默认创建新文件权限为755 也就是 rwxr-xr-x(所有者全部权限,属组读执行,其它人读执行)
027表示默认创建新文件权限为750 也就是rwxr-x---(所有者全部权限,属组读执行,其它人无)
9.关闭selinux
[root@zabbix ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
ubantu:无需处理
10.linux关闭防护墙
systemctl stop firewalld
11.配置时间同步
同步地址:内网192.168.16.65,外网可以选择默认或者国家授时中心:ntp.ntsc.ac.cn
可以配置chrony.conf
[root@ntp ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
ntp可能需要安装启动服务,配置同/chrony
[root@md5-comp ~]# cat /etc/ntp.conf | grep -Ev '^$|^#'
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
设置开启开机自动启动 systemctl enable **
12.安装zabbix-agent
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm *下载zabbix安装repo
yum clean all
yum install zabbix-agent2 -y
修改配置文件:
grep -Ev '^#|^$' /etc/zabbix/zabbix_agent2.conf #去除#开头和空行查看文件 Server=127.0.0.1 #修改为服务器地址 ServerActive=127.0.0.1 #修改为服务器地址 Hostname=Zabbix server #修改为本机主机名
验证客户端连接性:
yum install zabbix-get -y
zabbix_get -s '192.168.8.8' -p 10050 -k 'agent.ping'
zabbix_get -s '192.168.8.8' -p 10050 -k 'system.hostname'