系统安全优化
selinux
配置文件路径:/etc/selinux/config
[root@localhost ~]#
[root@localhost ~]#cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
永久禁用:
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
临时禁用:
setenforce 0
0 : 临时禁用
1 :临时启用
firewalld 防火墙
云主机 ----> 安全组
firewalld --- > 防火墙(简化)
iptables --- > 防火墙
systemctl disable --now firewalld
systemctl:系统控制
disable : 禁止开启
--now : 立即执行
systemctl enable --now firewalld
enable : 开机自启动
systemctl start firewalld # 开启
systemctl stop firewalld # 关闭
systemctl status firewalld # 查看防火墙状态
防止系统乱码优化
en_US.UTF-8
en :英文
US :美式
UTF-8 : 指定的编码
zh_CN.UTF-8
zh : 中文
CN :简体中文
修改
LANG=zh_CN.UTF-8
持久化保存字符编码文件
/etc/locale.conf
同时临时永久修改字符集
localectl set-locale LANG=en_US.utf8
source /etc/locale.conf