linux安装后的基本调优和安全设置
关闭Selinux
方法一:用vi /etc/selinux/config修改
[root@liangenyu ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disable
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
2.方法二:
sed -i s:替换并且修改文件
[root@liangenyu ~]# sed -i ‘s/SELINUX=enforcing/SELINUX=disable/‘ /etc/selinux/config
查看一下配置是否成功?
[root@liangenyu ~]# grep SELINUX=disable /etc/selinux/config
SELINUX=disable
因为修改了配置需要重启才生效,工作中不可能经常重启系统,我们也将临时生效修改下!
[root@liangenyu ~]# setenforce 0
[root@liangenyu ~]# getenforce
Permissive
修改系统启动模式:
runlevel: 查看运行级别
init: 切换运行级别
[root@liangenyu ~]# runlevel
N 3
不同模式切换:
init 0 重启
init 3 命令行模式
init 5 图形模式
用vi永久修改默认运行级别:
[root@liangenyu ~]# vi /etc/inittab
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this) 关机
# 1 - Single user mode 单用户模式
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking) 多用户模式
# 3 - Full multiuser mode 命令行模式
# 4 - unused 不常用
# 5 - X11 图形模式
# 6 - reboot (Do NOT set initdefault to this) 重启
id:3:initdefault: 这里默认是第3命令行模式
精简启动程序:
前期需要启动的四个基本服务:crond network rsyslog ssh
查看级别3启动的服务名称:
[root@liangenyu ~]# LANG=en
[root@liangenyu ~]# chkconfig --list|grep "3:on"
NetworkManager 0:off1:off2:on3:on4:on5:on6:off
abrt-ccpp 0:off1:off2:off3:on4:off5:on6:off
abrtd 0:off1:off2:off3:on4:off5:on6:off
acpid 0:off1:off2:on3:on4:on5:on6:off
atd 0:off1:off2:off3:on4:on5:on6:off
auditd 0:off1:off2:on3:on4:on5:on6:off
autofs 0:off1:off2:off3:on4:on5:on6:off
blk-availability0:off1:on2:on3:on4:on5:on6:off
bluetooth 0:off1:off2:off3:on4:on5:on6:off
certmonger 0:off1:off2:off3:on4:on5:on6:off
cpuspeed 0:off1:on2:on3:on4:on5:on6:off
crond 0:off1:off2:on3:on4:on5:on6:off
cups 0:off1:off2:on3:on4:on5:on6:off
haldaemon 0:off1:off2:off3:on4:on5:on6:off
写个脚本一键完成处理:
[root@liangenyu ~]# vim serviceoff.sh
#/bin/bash
LANG=en
for liangenyu in `chkconfig --list|grep 3:on|awk ‘{print $1}‘`;
do chkconfig --level 3 $liangenyu off;
done
for liangenyu in crond network rsyslog sshd;
do chkconfig --level 3 $liangenyu on;
查看已成功:
[root@liangenyu ~]# chkconfig --list|grep "3:on"
crond 0:off1:off2:on3:on4:on5:on6:off
network 0:off1:off2:on3:on4:on5:on6:off
rsyslog 0:off1:off2:on3:on4:on5:on6:off
sshd 0:off1:off2:on3:on4:on5:on6:off
脚本二:
[root@liangenyu ~]# vim serviceon.sh
#!/bin/bash
for liangenyu in `chkconfig --list|grep "3:on"|awk ‘{print $1}‘|grep -vE "crond|network|sshd|rsyslog"`;
do chkconfig $liangenyu off;
done
执行脚本,并且查看已成功!
[root@liangenyu ~]# ./serviceon.sh
[root@liangenyu ~]# chkconfig --list|grep "3:on"
crond 0:off1:off2:on3:on4:on5:on6:off
network 0:off1:off2:on3:on4:on5:on6:off
rsyslog 0:off1:off2:on3:on4:on5:on6:off
sshd 0:off1:off2:on3:on4:on5:on6:off
更改SSH服务远程登录配置:
linux远程默认端口:22
默认超级用户:root
[root@liangenyu ~]# vim /etc/ssh//ssh_config
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 52113 修改端口为52113
#Port 22 提示默认端口是22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no 改为不允许空密码登录
PasswordAuthentication yes
#LoginGraceTime 2m
PermitRootLogin no ssh远程不能用root登录
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no DNS改为no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
重启sshd服务
/etc/init.d/sshd restart==service sshd restart
[root@liangenyu ssh]# service sshd restart
停止 sshd: [确定]
正在启动 sshd: [确定]
本文出自 “linux运维分享” 博客,请务必保留此出处http://liangey.blog.51cto.com/9097868/1571432
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。