[root@master init]# cd selinux/
[root@master selinux]# ls
files main.sls
[root@master selinux]# cat main.sls
/etc/selinux/config:
file.managed:
- source: salt://init/selinux/files/config
- user: root
- group: root
- mode: '0644'
'setenforce 0':
cmd.run
[root@master selinux]# cat files/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@master init]# cd chrony/
[root@master chrony]# cat main.sls
include:
- init.yum.main
chrony:
pkg.installed:
/etc/chrony.conf:
file.managed:
- source: salt://init/chrony/files/chrony.conf
- user: root
- group: root
- mode: '0644'
chrony.service:
service.running:
- enable: true
[root@master chrony]# cat files/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst #修改时间同步服务器地址
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
kernel文件描述符
[root@master init]# cd kernel/
[root@master kernel]# cat main.sls
/etc/security/limits.conf:
file.managed:
- source: salt://init/kernel/files/limits.conf
- user: root
- group: root
- mode: '0644'
/etc/sysctl.conf:
file.managed:
- source: salt://init/kernel/files/sysctl.conf
- user: root
- group: root
- mode: '0644'
cmd.run
- name: sysctl -p
[root@master kernel]# vim files/limits.conf
#ftp hard nproc 0
#@student - maxlogins 4
* soft nofile 65535 #添加
* hard nofile 65535 #添加
[root@master kernel]# vim files/sysctl.conf
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4ip_forward = 1