1.1模板机准备
模板机
重新安装1台,Linux 优化 软件 yum
创建虚拟机
注意: 一共2块网卡 一个是nat模式 一个是lan区段模式
安装系统
修改网卡名字 ens33 ---> eth0 eth1 ....
安装界面 选择 install centos 7 按 tab 键 在最后 输入
net.ifnames=0 biosdevname=0
配置网卡
eth0 10.0.0.200/24 配置网关 ,DNS
eth1 172.16.1.200/24 不配置网关 ,DNS
设置时间
选择软件
整体安装信息汇总
1.2 Linux系统基础优化
关闭防火墙和selinux
配置yum源 base, epel
安装常用软件
ssh连接慢解决
网络服务关闭NetworkManager 保留network
配置时间同步 定时任务
PS1
hosts解析
1) 关闭防火墙和selinux
systemctl stop firewalld
systemctl disable firewalld
#selinux NSA 增强的安全配置
##临时关闭 重启linux系统后失效
setenforce 0
getenforce #关闭 disabled 或 Permissive selinux关闭
#永久关闭 重启Linux系统后生效 vi /etc/selinux/config
enforcing - selinux 启动
permissive - selinux关闭 ,提示警告信息
disabled - selinux彻底关闭
[root@oldboy-muban ~]# grep disabled /etc/selinux/config
# disabled - No SELinux policy is loaded.
SELINUX=disabled
2) 配置yum源 base, epel
#配置 base 源
curl -o /etc/yum.repos.d/CentOS-Base.repo
http://mirrors.aliyun.com/repo/Centos-7.repo
#配置 epel 源
curl -o /etc/yum.repos.d/epel.repo
http://mirrors.aliyun.com/repo/epel-7.repo
3) 常用工具
https://www.jianshu.com/p/604b4d79a227
.安装常用软件
yum install -y tree vim wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs
4) ssh连接慢解决
ssh服务端配置文件
ll /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
GSSAPIAuthentication no
UseDNS no
[root@oldboy-muban ~]# egrep ‘^GSSAPIA|^UseDNS‘
/etc/ssh/sshd_config
GSSAPIAuthentication no
UseDNS no
systemctl restart sshd 未来连接速度就很快
5) 网络服务关闭NetworkManager 保留 network
[root@oldboy-muban ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi
user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus
org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network
online.target.wants/NetworkManager-wait-online.service.
[root@oldboy-muban ~]# systemctl stop NetworkManager
6) 配置时间同步 定时任务
crontab -e
# sync time by lidao996
*/2 * * * * /sbin/ntpdate ntp1.aliyun.com &>/dev/null
7) PS1
PS1 控制命令行格式
man bash 搜索PS1
vim /etc/profile 最后一行写入
export PS1=‘[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ ‘
[root@oldboy-muban ~]# tail -1 /etc/profile
export PS1=‘[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\
[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ ‘
[root@oldboy-muban ~]# source /etc/profile
[故障集合]Linux必备故障及原因50个
https://www.jianshu.com/p/99ec5bb4183f
8)hosts解析
在一个局域网中通过主机名 互相访问.
公网配置DNS:img.oldboyedu.com --DNS A记录--> 10.0.0.7
内网搭建的内部的DNS服务(服务器数量巨大)
服务器数量不多-修改/etc/hosts文件 写入 解析记录
10.0.0.7 web01 web01.oldboyedu.com
10.0.0.8 web02
/etc/hosts应用场景, 配置ip地址与主机名对应关系,类似于DNS
访问自己搭建的测试环境 jd.com ---> 10.0.0.200 `10.0.0.200
jd.com`
让局域网中的设备通过域名(主机名),互相访问
cat >/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01 db01.etiantian.org
172.16.1.61 m01
EOF
9) 配置sudo
[root@oldboy-muban ~]$ grep wheel /etc/sudoers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
# %wheel ALL=(ALL) NOPASSWD: ALL
[root@oldboy-muban ~]$ id oldboy
uid=1000(oldboy) gid=1000(oldboy)
groups=1000(oldboy),10(wheel)
想要配置可以这么操作
oldboy ALL=(ALL) NOPASSWD: ALL
10) 检查
[root@oldboy-muban ~]$ crontab -l
# sync time by lidao996
*/2 * * * * /sbin/ntpdate ntp1.aliyun.com &>/dev/null
#防火墙
[root@oldboy-muban ~]$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded
(/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Apr 25 10:22:49 oldboy-muban systemd[1]: Starting
firewalld - dynamic firewall daemon...
Apr 25 10:22:51 oldboy-muban systemd[1]: Started firewalld
- dynamic firewall daemon.
Apr 25 10:36:17 oldboy-muban systemd[1]: Stopping
firewalld - dynamic firewall daemon
Apr 25 10:36:18 oldboy-muban systemd[1]: Stopped firewalld
- dynamic firewall daemon.
#selinux
[root@oldboy-muban ~]$ getenforce
Permissive
[root@oldboy-muban ~]$ grep SELINUX= /etc/selinux/config
# SELINUX= can take one of these three values:
SELINUX=disabled
#yum
[root@oldboy-muban ~]$ yum repolist
#软件
#ssh
[root@oldboy-muban ~]$ egrep -i ‘GSSAPIA|UseDNS‘
/etc/ssh/sshd_config
GSSAPIAuthentication no
UseDNS no
# NetworkManager
[root@oldboy-muban ~]$ systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded
(/usr/lib/systemd/system/NetworkManager.service; disabled;
vendor preset: enabled)
Active: inactive (dead) since Sun 2021-04-25 11:19:48
CST; 35min ago
Docs: man:NetworkManager(8)
Main PID: 1192 (code=exited, status=0/SUCCESS)
#定时同步时间
[root@oldboy-muban ~]$ crontab -l
# sync time by lidao996
*/2 * * * * /sbin/ntpdate ntp1.aliyun.com &>/dev/null
#hosts
systemctl status firewalld 检查防火墙1
getenforce
grep SELINUX= /etc/selinux/config 检查seLinux 2
yum repolist 检查安装包3
egrep ‘^GSSAPIA|^UseDNS‘ /etc/ssh/sshd_config
检查sshd 4
systemctl status NetworkManager 网卡状态 5
crontab -l 检查定时任务 6
cat /etc/hosts 检查hosts 7