centos 6.9版本vmware虚拟机模版制作


centos 6.9版本虚拟机模版制作

1、挂载本地ios镜像文件作为yum源

(1)、连接虚拟机的ios数据文件

(2)、创建目录/mnt/cdrom

	`mkdir /mnt/cdrom`

(3)、挂载光盘

    `mount /dev/sr0 /mnt/cdrom`

(4)、编辑yum文件

cd /etc/yum.repo.d
rm -rf *
vi default.repo

添加:

[local]
name=localyum
baseurl=file:///mnt/cdrom/
gpgcheck=0
enabled=1

2、安装依赖包

yum install -y zlib-devel gcc telnet lrzsz pam-devel

3、升级openssh7.6p1

(1)、上传安装包

cd /usr/local
rz 选中openssh-7.6p1.tar.gz  openssl-1.0.2n.tar.gz

(2)、升级openssl

卸载旧版本的openssl:
rpm -e openssl-1.0.1e-57.el6.x86_64 --nodeps
解压:
tar -zxvf openssl-1.0.2n.tar.gz
进入目录:
cd openssl-1.0.2n
编译

	./config shared zlib --prefix=/usr/local/openssl
	make
	make test
	make install

修改配置库文件搜索路径
vi /etc/ld.so.conf
添加:/usr/local/openssl/lib
刷新缓存: ldconfig -v

	cd /usr/local/openssl/lib
	cp libssl.so.1.0.0 /usr/lib64
	cp libcrypto.so.1.0.0 /usr/lib64/
	chmod 555 /usr/lib64/libssl.so.1.0.0
	chmod 555 /usr/lib64/libcrypto.so.1.0.0
	ln -s /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so.10
	ln -s /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so.10
	ln -s /usr/lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so
	ln -s /usr/lib64/libssl.so.1.0.0 /usr/lib64/libssl.so

修改环境变量
vi /etc/profile
添加:

	PATH=/usr/local/openssl/bin:$PATH
	export PATH

生效 source /etc/profile
查看openssl版本是否正确 openssl version -a

(3)升级openssh

停止ssh服务:service sshd stop
卸载旧版本的openssh:

	[root@moban openssl-1.0.2n]# rpm -qa |grep openssh
	openssh-5.3p1-122.el6.x86_64
	openssh-clients-5.3p1-122.el6.x86_64
	openssh-server-5.3p1-122.el6.x86_64
	openssh-askpass-5.3p1-122.el6.x86_64

卸载:

	rpm -e --nodeps openssh-askpass-5.3p1-122.el6.x86_64
	rpm -e --nodeps openssh-server-5.3p1-122.el6.x86_64
	rpm -e --nodeps openssh-clients-5.3p1-122.el6.x86_64
	rpm -e --nodeps openssh-5.3p1-122.el6.x86_64

备份配置文件:mv /etc/ssh/ /etc/ssh.old/
解压 tar zxvf openssh-7.6p1.tar.gz
进入目录 cd openssh-7.6p1
编译

	./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man
	make
	make install

添加启动脚本

	cp ./contrib/redhat/sshd.init /etc/init.d/sshd
	chmod +x /etc/init.d/sshd
	chkconfig --add sshd

重启ssh
service sshd start
确认ssh openssl版本
ssh -V
显示OpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017即完成升级

编辑sshd配置文件:
vi /etc/ssh/sshd_config
添加:

X11Forwarding yes
PermitRootLogin yes

修改#UsePAM noUsePAM yes

增加pam模块认证文件

cd /etc/pam.d/	
vi sshd

添加:

					#%PAM-1.0
					auth            include         system-auth
					account         required        pam_nologin.so
					account         include         system-auth
					password        include         system-auth
					session         optional        pam_keyinit.so force revoke
					session         include         system-auth
					session         required        pam_loginuid.so

重启ssh
service sshd restart

4、关闭不使用的服务

(1)、查看开启的服务列表

		chkconfig --list |grep on
		[root@moban pam.d]# chkconfig --list |grep on
		abrt-ccpp       0:off   1:off   2:off   3:on    4:off   5:on    6:off
		abrtd           0:off   1:off   2:off   3:on    4:off   5:on    6:off
		acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
		atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
		auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
		autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off
		blk-availability        0:off   1:on    2:on    3:on    4:on    5:on    6:off
		bluetooth       0:off   1:off   2:off   3:on    4:on    5:on    6:off
		certmonger      0:off   1:off   2:off   3:on    4:on    5:on    6:off
		cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
		crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
		cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
		haldaemon       0:off   1:off   2:off   3:on    4:on    5:on    6:off
		ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
		iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
		irqbalance      0:off   1:off   2:off   3:on    4:on    5:on    6:off
		lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
		mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
		messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
		netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
		netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
		network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
		nfslock         0:off   1:off   2:off   3:on    4:on    5:on    6:off
		portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
		postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
		rdma            0:off   1:on    2:on    3:on    4:on    5:on    6:off
		restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
		rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
		rpcgssd         0:off   1:off   2:off   3:on    4:on    5:on    6:off
		rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
		spice-vdagentd  0:off   1:off   2:off   3:off   4:off   5:on    6:off
		sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
		sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
		udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
		wdaemon         0:off   1:off   2:off   3:off   4:off   5:off   6:off

(2)、关闭服务

		chkconfig bluetooth off;chkconfig ip6tables off;chkconfig iptables off;
		service bluetooth stop;service ip6tables stop;service iptables stop;

5、优化

(1)、调整文件描述符大小

		#查看文件描述符大小
		ulimit -n
		# 调整
		vi /etc/security/limits.conf
		* soft nofile 65535
		* hard nofile 65535
		* soft nproc 65535
		* hard nproc 65535
		* soft nofile 65535
		* hard nofile 65535 

(2)、内核参数优化

		vi /etc/sysctl.conf
		添加:
		net.ipv4.tcp_max_syn_backlog = 65536
		net.core.netdev_max_backlog = 32768
		net.core.somaxconn = 32768

		net.core.wmem_default = 8388608
		net.core.rmem_default = 8388608
		net.core.rmem_max = 16777216
		net.core.wmem_max = 16777216

		net.ipv4.tcp_timestamps = 0
		net.ipv4.tcp_synack_retries = 2
		net.ipv4.tcp_syn_retries = 2

		net.ipv4.tcp_tw_reuse = 1
		net.ipv4.tcp_max_tw_buckets=10000
		net.ipv4.tcp_mem = 94500000 915000000 927000000
		net.ipv4.tcp_max_orphans = 3276800
		生效:/sbin/sysctl -p

6、时间同步

	crontab -e
	# xxx为时间同步服务器地址
	#*/5 * * * * /usr/sbin/ntpdate xxxx  >/dev/null 2 >&1

7、修改网卡配置

(1)、删除网卡PCI记录

		vi /etc/udev/rules.d/70-persistent-net.rules
		删除:
		SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:56:be:00:5c", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

(2)、删除ip mac地址

你可能感兴趣的:(linux)