{"id":397,"date":"2015-09-21T13:30:09","date_gmt":"2015-09-21T05:30:09","guid":{"rendered":"http:\/\/blogs.woria.cn\/?p=397"},"modified":"2015-09-21T13:30:09","modified_gmt":"2015-09-21T05:30:09","slug":"centos6-hello-world","status":"publish","type":"post","link":"https:\/\/blogs.woria.cn\/?p=397","title":{"rendered":"CentOS6\u6807\u51c6\u6d41\u7a0b"},"content":{"rendered":"<p>centos 6 mini\u5b89\u88c5\uff08\u5185\u5bb9\u6781\u5176\u7cbe\u7b80\uff09<br \/>\n\u7ea2\u5e3d\u5b98\u65b9\u4e2d\u6587\u6587\u6863<br \/>\nhttp:\/\/docs.redhat.com\/docs\/zh-CN\/Red_Hat_Enterprise_Linux\/index.html<\/p>\n<p>\u9ed8\u8ba4\u90ae\u4ef6\u670d\u52a1\u5668\u5c31\u662fpostfix<br \/>\n\u5347\u7ea7\u7cfb\u7edf<br \/>\n# yum update<\/p>\n<p>\u7cbe\u7b80\u670d\u52a1<br \/>\nchkconfig ip6tables off<br \/>\nchkconfig iscsi off<br \/>\nchkconfig iscsid off<br \/>\nchkconfig netfs off<br \/>\nchkconfig auditd off<br \/>\nchkconfig nfslock off<br \/>\nchkconfig rpcgssd off<br \/>\nchkconfig rpcbind off<br \/>\nchkconfig rpcidmapd off<br \/>\nchkconfig lvm2-monitor off<br \/>\nchkconfig lldpad off<br \/>\n<!--more--><\/p>\n<p>\u5b89\u88c5\u57fa\u672c\u914d\u7f6e\u7a0b\u5e8f(cronie \u4e3a\u5b89\u88c5Cron)<br \/>\n# yum install -y setuptool ntsysv system-config-firewall-tui system-config-network-tui cronie wget vim unzip openssh-clients screen rsync ftp telnet<\/p>\n<p>\u8bb0\u5f55\u6bcf\u6b21bash\u547d\u4ee4\u7684\u6267\u884c\u65f6\u95f4<br \/>\nvi \/etc\/profile<br \/>\n\u52a0\u5165\uff08centos6\u6700\u597d\u52a0\u5230\u7b2c54\u884c\uff09<br \/>\nHISTTIMEFORMAT=&#8221;%Y-%m-%d %H:%M:%S &#8221;<br \/>\nexport HISTTIMEFORMAT<\/p>\n<p>\u5b89\u5168\u914d\u7f6e<br \/>\n\u7981\u7528selinux<br \/>\n\u7f16\u8f91# vi \/etc\/selinux\/config<br \/>\nSELINUX=disabled<\/p>\n<p>su\u52a0\u56fa<br \/>\n\u7f16\u8f91\u914d\u7f6e\u6587\u4ef6<br \/>\n# vi \/etc\/pam.d\/su<br \/>\n\u5927\u7ea6\u7b2c\u516d\u884c\u53bb\u6389#<br \/>\n#auth            required        pam_wheel.so use_uid<br \/>\n\u8fd0\u884c<br \/>\n# echo &#8220;SU_WHEEL_ONLY yes&#8221; >> \/etc\/login.defs<\/p>\n<p>\u8bbe\u7f6e\u53ef\u4ee5su\u7684\u7528\u6237\u5230wheel\u7ec4<br \/>\n# useradd -G wheel yezhiqiu<br \/>\n# passwd yezhiqiu<\/p>\n<p>SSH\u90e8\u5206<br \/>\n# vim  \/etc\/ssh\/sshd_config<br \/>\n\u4fee\u6539\u7aef\u53e3\u53f7<br \/>\n\u5927\u7ea6\u7b2c13\u884c<br \/>\nPort 58022<br \/>\n\u4e0d\u5141\u8bb8\u7528root\u8fdb\u884c\u767b\u5f55<br \/>\n\u5927\u7ea6\u7b2c42\u884c<br \/>\nPermitRootLogin no<br \/>\n\u4e0d\u5141\u8bb8\u7a7a\u5bc6\u7801\u767b\u5f55<br \/>\n\u5927\u7ea6\u7b2c65\u884c<br \/>\nPermitEmptyPasswords no<br \/>\n\u7981\u7528DNS<br \/>\n\u5927\u7ea6\u7b2c81\u884c<br \/>\nGSSAPIAuthentication no<br \/>\n\u5927\u7ea6\u7b2c122\u884c<br \/>\nUseDNS no<\/p>\n<p>\u6700\u540e\u4e00\u884c\u53ea\u5141\u8bb8\u6307\u5b9a\u7528\u6237\u767b\u5f55ssh<br \/>\nAllowUsers yezhiqiu<br \/>\n\u7f16\u8f91\u9632\u706b\u5899\u6587\u4ef6<br \/>\n# vi \/etc\/sysconfig\/iptables<br \/>\n\u52a0\u5165<br \/>\n-A INPUT -m state &#8211;state NEW -m tcp -p tcp &#8211;dport 58022 -j ACCEPT<br \/>\n\u91cd\u542f\u670d\u52a1<br \/>\n# \/etc\/init.d\/sshd restart<br \/>\n# \/etc\/init.d\/iptables restart<\/p>\n<p>\u6dfb\u52a0\u76d1\u63a7\u5b9d\u7684snmpd\u76d1\u63a7<br \/>\n# yum -y install net-snmp<br \/>\n# vi \/etc\/snmp\/snmpd.conf<br \/>\n# &#8212;&#8212;\u6dfb\u52a0\u76d1\u63a7\u5b9d\u8d26\u53f7&#8212;&#8212;<br \/>\nrocommunity jiankongbao 60.195.249.83<br \/>\nrocommunity jiankongbao 60.195.252.107<br \/>\nrocommunity jiankongbao 60.195.252.110<br \/>\n\u91cd\u542f\u670d\u52a1<br \/>\n# \/etc\/init.d\/snmpd start<br \/>\n# chkconfig snmpd on<br \/>\n\u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e<br \/>\n# vi \/etc\/sysconfig\/iptables<br \/>\n# &#8212;&#8212;\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219&#8212;&#8212;<br \/>\n-A INPUT -p udp -m udp &#8211;dport 161 -j ACCEPT<br \/>\n\u91cd\u542f\u9632\u706b\u5899<br \/>\n# \/etc\/init.d\/iptables restart<\/p>\n<p>\u6821\u65f6<br \/>\n# yum install -y ntp<br \/>\n# \/usr\/sbin\/ntpdate 210.72.145.44<br \/>\n# \/sbin\/hwclock &#8211;systohc<br \/>\n\u52a0\u5165\u5907\u4efd\u811a\u672c<br \/>\n# crontab -e<br \/>\n5 *\/6 * * * \/usr\/sbin\/ntpdate 210.72.145.44 > \/dev\/null 2>&#038;1<\/p>\n<p>\u6709\u4e9b\u673a\u623f\u7981\u7528UDP \u53ef\u4ee5\u4f7f\u7528rdate<br \/>\n# yum install -y rdate<br \/>\n5 *\/6 * * * \/usr\/bin\/rdate -s stdtime.gov.hk > \/dev\/null 2>&#038;1<\/p>\n<p>\u5b89\u88c5\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u4ed3\u5e93<br \/>\nEPEL<br \/>\n# wget http:\/\/dl.fedoraproject.org\/pub\/epel\/6\/x86_64\/epel-release-6-8.noarch.rpm<br \/>\n# rpm -ivh epel-release-6-8.noarch.rpm<br \/>\n\u4fee\u6539enabled = 0\u9ed8\u8ba4\u4e0d\u542f\u7528<br \/>\n# vim  \/etc\/yum.repos.d\/epel.repo<br \/>\n# yum &#8211;enablerepo=epel -y install htop pbzip2<\/p>\n<p>rpmforge\u9010\u6b65\u6dd8\u6c70\u4e0d\u7528<br \/>\n# wget http:\/\/pkgs.repoforge.org\/rpmforge-release\/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm<br \/>\n# rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm<br \/>\n\u4fee\u6539enabled = 0\u9ed8\u8ba4\u4e0d\u542f\u7528<br \/>\n# vim \/etc\/yum.repos.d\/rpmforge.repo<br \/>\n# yum &#8211;enablerepo=rpmforge -y install htop unrar axel<\/p>\n<p>\u4f18\u5316Linux\u5185\u6838\u53c2\u6570<br \/>\n# vi \/etc\/sysctl.conf<br \/>\n\u5728\u672b\u5c3e\u589e\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a<br \/>\n\u5f15\u7528<br \/>\n# Add<br \/>\nnet.ipv4.tcp_max_syn_backlog = 65536<br \/>\nnet.core.netdev_max_backlog =  32768<br \/>\nnet.core.somaxconn = 32768<\/p>\n<p>net.core.wmem_default = 8388608<br \/>\nnet.core.rmem_default = 8388608<br \/>\nnet.core.rmem_max = 16777216<br \/>\nnet.core.wmem_max = 16777216<\/p>\n<p>net.ipv4.tcp_timestamps = 0<br \/>\nnet.ipv4.tcp_synack_retries = 2<br \/>\nnet.ipv4.tcp_syn_retries = 2<\/p>\n<p>net.ipv4.tcp_tw_recycle = 1<br \/>\n#net.ipv4.tcp_tw_len = 1<br \/>\nnet.ipv4.tcp_tw_reuse = 1<\/p>\n<p>net.ipv4.tcp_mem = 94500000 915000000 927000000<br \/>\nnet.ipv4.tcp_max_orphans = 3276800<\/p>\n<p>#net.ipv4.tcp_fin_timeout = 30<br \/>\n#net.ipv4.tcp_keepalive_time = 120<br \/>\nnet.ipv4.ip_local_port_range = 1024  65535<\/p>\n<p>\u76ee\u524d\u53ef\u4ee5\u786e\u5b9a\u7684\u662f<br \/>\n#######<br \/>\nfs.aio-max-nr = 1048576<br \/>\nfs.file-max = 6815744<br \/>\nkernel.shmall = 2097152<br \/>\nkernel.shmmax =  536870912<br \/>\nkernel.shmmni = 4096<br \/>\nkernel.sem = 250 32000 100 128<br \/>\nnet.ipv4.ip_local_port_range = 9000 65500<br \/>\nnet.core.rmem_default = 262144<br \/>\nnet.core.rmem_max = 4194304<br \/>\nnet.core.wmem_default = 262144<br \/>\nnet.core.wmem_max = 1048586<br \/>\n#######<br \/>\n\u4f7f\u914d\u7f6e\u7acb\u5373\u751f\u6548\uff1a<br \/>\n\/sbin\/sysctl -p<\/p>\n<p>\u8c03\u6574ulimit<br \/>\n# vi \/etc\/security\/limits.conf<br \/>\n\u5728\u6587\u4ef6\u672b\u52a0\u4e0a\uff1a<br \/>\n*   soft   nofile   65535<br \/>\n*   hard   nofile   65535<br \/>\n# vi \/etc\/security\/limits.d\/90-nproc.conf<br \/>\n\u4fee\u6539<br \/>\n*         soft    nproc    1024<br \/>\n\u4e3a<br \/>\n*         soft    nproc    65535<\/p>\n<p>\u8bbe\u7f6elogwatch\u53d1\u7ed9\u6307\u5b9a\u90ae\u7bb1<br \/>\n# yum install logwatch -y<br \/>\n# echo &#8220;MailTo = yezhiqiu.cn@gmail.com&#8221; >>\/etc\/logwatch\/conf\/logwatch.conf<br \/>\n\u6dfb\u52a0<br \/>\nMailTo = yezhiqiu.cn@gmail.com<br \/>\n\u5220\u9664\u5bf9httpd\u7684\u65e5\u5fd7\u5206\u6790\u5728 \/usr\/share\/logwatch\/default.conf\/logwatch.conf\u52a0\u5165\u5927\u7ea6\u572886\u884c<br \/>\nService = &#8220;-http&#8221;<\/p>\n<p>\u5982\u679c\u9700\u8981\u81ea\u5df1\u7f16\u8bd1\u8f6f\u4ef6<br \/>\n# yum install gcc gcc-c++ make automake autoconf patch<\/p>\n<p>LAMP\u670d\u52a1\u5668\u505a\u5982\u4e0b\u6b65\u9aa4\uff1a<br \/>\n# yum &#8211;enablerepo=epel install cronolog<br \/>\n# yum install httpd mysql-server<br \/>\n# yum install postgresql-devel mysql-devel httpd-devel openssl-devel libxml2-devel zlib-devel curl-devel libmcrypt-devel mhash-devel libjpeg-devel libpng-devel gd-devel freetype-devel libtool-ltdl-devel<br \/>\n# yum install libevent-devel libc-client-devel readline-devel<br \/>\n# yum install libXpm-devel libxslt-devel krb5-devel net-snmp-devel<br \/>\n# cd \/usr\/lib64<br \/>\n# ln -s \/usr\/lib64\/mysql\/libmysqlclient.so<br \/>\n# yum install php53 php53-gd php53-devel php53-mbstring php53-mysql php53-xml php53-xmlrpc<\/p>\n<p>\u9644\uff1a<br \/>\n\u786c\u4ef6\u68c0\u6d4b\uff1a<br \/>\n# wget http:\/\/aspersa.googlecode.com\/svn\/trunk\/summary<br \/>\n# chmod +x summary<br \/>\n# .\/summary<\/p>\n<p>CentOS\u5347\u7ea7\u6d41\u7a0b\uff1a<br \/>\nyum clean all<br \/>\nyum update glibc\\* -y<br \/>\nyum update yum\\* rpm\\* pyth\\* -y<br \/>\nyum clean all<br \/>\nyum update mkinitrd nash -y<br \/>\nyum update selinux\\* -y<br \/>\nyum update -y<br \/>\nshutdown -r now<\/p>\n<p>\u5b89\u88c5\u5e38\u7528\u9644\u52a0\u8f6f\u4ef6<br \/>\n# yum install screen sysstat iptraf<br \/>\niptraf \uff1aCLI \u6d41\u91cf\u76d1\u63a7\u8f6f\u4ef6<br \/>\nscreen\uff1a\u8fdc\u7a0b\u4f1a\u8bdd\u7ba1\u7406<br \/>\nsysstat\uff1a\u7cfb\u7edf\u6027\u80fd\u5206\u6790\u5de5\u5177\u5305<\/p>\n<p>\u78c1\u76d8IO\u6d4b\u8bd5<br \/>\nyum &#8211;enablerepo=rpmforge install iozone<\/p>\n<p>\u53bb\u6389atime\u63d0\u9ad8\u6587\u4ef6\u7cfb\u7edf\u6027\u80fd\uff1a<br \/>\n\u53ef\u4ee5\u5728\/etc\/fstab\u4e2d\u589e\u52a0,noatime,nodiratime\u53c2\u6570<br \/>\n\u964d\u4f4e\u6587\u4ef6\u7cfb\u7edf\u6743\u9650<br \/>\nnosuid,noexec,nodev\u53c2\u6570<\/p>\n<p>\u6740\u6bd2\u8f6f\u4ef6<br \/>\n# yum &#8211;enablerepo=epel install clamd<br \/>\n\u5347\u7ea7\u75c5\u6bd2\u5e93<br \/>\n# freshclam &#8211;verbose<br \/>\n# clamscan -i -r \/dir<br \/>\n\u5907\u9009\u5e93<br \/>\nhttp:\/\/rpms.famillecollet.com\/<br \/>\n\u53ef\u4ee5\u5b89\u88c5\u5728centos5\u7b49\u4f4e\u7248\u672c\u4e2d\u5b89\u88c5php-fpm\u7b49\u8f6f\u4ef6<\/p>\n","protected":false},"excerpt":{"rendered":"<p>centos 6 mini\u5b89\u88c5\uff08\u5185\u5bb9\u6781\u5176\u7cbe\u7b80\uff09 \u7ea2\u5e3d\u5b98\u65b9\u4e2d\u6587\u6587\u6863 http:\/\/docs.redhat.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,8,4],"tags":[],"class_list":["post-397","post","type-post","status-publish","format-standard","hentry","category-technique","category-master","category-windtalker"],"_links":{"self":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=397"}],"version-history":[{"count":0,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=\/wp\/v2\/posts\/397\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.woria.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}