关于SUSE linux

1、关于提示符

在SUSElinux中：

localhost:~ # set|grep PS1
PS1=$'\\[\E[1m\E[31m\\]\\h:\\w # \\[\E(B\E[m\\]'
localhost:~ #

在CentOSlinux中：

[root@localhost ~]# set|grep PS1
PS1='[\u@\h \W]\$ '
[root@localhost ~]#

2、关于主机名修改

在SUSElinux中：

night:~ # cat /etc/HOSTNAME
night
night:~ #

在CentOSlinux中：

[root@localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=localhost.localdomain
GATEWAY=192.168.100.1
[root@localhost ~]#

3、关于ip/gateway/dns

在SUSElinux中：

night:~ # cat /etc/sysconfig/network/ifcfg-eth0
BOOTPROTO='static'  //静态方式获取
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.100.210/24'   //ip地址和子网掩码
MTU=''
NAME='82540EM Gigabit Ethernet Controller'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'     //开机激活网卡
USERCONTROL='no'
night:~ # cat /etc/sysconfig/network/routes
default 192.168.100.1 - -
night:~ # cat /etc/resolv.conf
### /etc/resolv.conf file autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
#     NETCONFIG_DNS_STATIC_SEARCHLIST
#     NETCONFIG_DNS_STATIC_SERVERS
#     NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
#     NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
# Note: Manual change of this file disables netconfig too, but
# may get lost when this file contains comments or empty lines
# only, the netconfig settings are same with settings in this
# file and in case of a "netconfig update -f" call.
#
### Please remove (at least) this line when you modify the file!
search localdomain
nameserver 192.168.100.1
nameserver 8.8.8.8
night:~ #

关于CentOSlinux中：

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82540EM Gigabit Ethernet Controller
DEVICE=eth0      //设备名称
BOOTPROTO=static    //静态方式
BROADCAST=192.168.100.255  //广播地址
HWADDR=08:00:27:8E:37:90   //网卡地址
IPADDR=192.168.100.200   //ip地址
NETMASK=255.255.255.0  //子网掩码
NETWORK=192.168.100.0   //网络地址
ONBOOT=yes      //开机激活网卡
[root@localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=localhost.localdomain
GATEWAY=192.168.100.1
[root@localhost ~]# cat /etc/resolv.conf
nameserver 192.168.100.1
nameserver 8.8.8.8
search localhost
[root@localhost ~]#

重启网络的方法相同：/etc/init.d/networkstart|stop|restart

4、关于版本查看

在SUSElinux中：

night:~ # cat /etc/issue
Welcome to SUSE Linux Enterprise Server 11 SP2  (x86_64) - Kernel \r (\l).
night:~ # lsb_release -a
LSB Version:    core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
Distributor ID: SUSE LINUX
Description:    SUSE Linux Enterprise Server 11 (x86_64)
Release:        11
Codename:       n/a
night:~ #

在CentOSlinux中：

[root@localhost ~]# cat /etc/issue
CentOS release 5.9 (Final)
Kernel \r on an \m
[root@localhost ~]# cat /etc/redhat-release
CentOS release 5.9 (Final)
[root@localhost ~]# lsb_release -a
LSB Version:    :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description:    CentOS release 5.9 (Final)
Release:        5.9
Codename:       Final
[root@localhost ~]#

5、关于hosts文件

两者一样

6、关于软件包管理

在SUSElinux中：

night:~ # rpm -qa | grep sshd
yast2-sshd-2.17.2-1.21
night:~ #

在CentOSlinux中：

[root@localhost ~]# rpm -qa | grep ssh
openssh-clients-4.3p2-82.el5
openssh-askpass-4.3p2-82.el5
openssh-4.3p2-82.el5
openssh-server-4.3p2-82.el5
[root@localhost ~]#

在SUSElinux中：

night:~ # zypper search ftp
Loading repository data...
Reading installed packages...
S | Name              | Summary                                       | Type
--+-------------------+-----------------------------------------------+-----------
| atftp             | Advanced TFTP Server and Client               | package
| atftp             | Advanced TFTP Server and Client               | srcpackage
i | lukemftp          | Enhanced FTP Client                           | package
| lukemftp          | Enhanced FTP Client                           | srcpackage
| ncftp             | A Comfortable FTP Program                     | package
| ncftp             | A Comfortable FTP Program                     | srcpackage
| php5-ftp          | PHP5 Extension Module                         | package
| php53-ftp         | PHP5 Extension Module                         | package
| pure-ftpd         | A Lightweight, Fast, and Secure FTP Server    | package
| pure-ftpd         | A Lightweight, Fast, and Secure FTP Server    | srcpackage
| tftp              | Trivial File Transfer Protocol (TFTP)         | package
| tftp              | Trivial File Transfer Protocol (TFTP)         | srcpackage
| vsftpd            | Very Secure FTP Daemon - Written from Scratch | package
| vsftpd            | Very Secure FTP Daemon - Written from Scratch | srcpackage
i | yast2-ftp-server  | YaST2 - FTP configuration                     | package
| yast2-ftp-server  | YaST2 - FTP configuration                     | srcpackage
i | yast2-tftp-server | YaST2 - TFTP Server Configuration             | package
| yast2-tftp-server | YaST2 - TFTP Server Configuration             | srcpackage
night:~ # zypper install vsftpd
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
vsftpd
1 new package to install.
Overall download size: 126.0 KiB. After the operation, additional 290.0 KiB will be used.
Continue? [y/n/?] (y): n
night:~ # yast2 -i vsftpd
night:~ #

在CentOSlinux中：

[root@localhost ~]# yum search ftp
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.neusoft.edu.cn
* extras: mirrors.neusoft.edu.cn
* updates: mirrors.neusoft.edu.cn
============================================================================ Matched: ftp =============================================================================
bug-buddy.x86_64 : A bug reporting utility for GNOME
esound.i386 : 允许几个音频流在单个音频设备上播放。
esound.x86_64 : 允许几个音频流在单个音频设备上播放。
esound-devel.i386 : 用于 EsounD 程序的开发文件。
esound-devel.x86_64 : 用于 EsounD 程序的开发文件。
gdm.x86_64 : GNOME 显示管理器。
……省略……

7、关于用户管理

在SUSElinux中：

night:~ # useradd --help
Usage: useradd ...
useradd - create a new user
-c comment     Set the GECOS field for the new account
--show-defaults Print default values
--save-defaults Save modified default values
-D binddn      Use dn "binddn" to bind to the LDAP directory
-d homedir     Home directory for the new user
-e expire      Date on which the new account will be disabled
-f inactive    Days after a password expires until account is disabled
-G group,...   List of supplementary groups
-g gid         Name/number of the users primary group
-k skeldir     Specify an alternative skel directory
-m             Create home directory for the new user
-o             Allow duplicate (non-unique) UID
-P path        Search passwd, shadow and group file in "path"
-p password    Encrypted password as returned by crypt(3)
-u uid         Force the new userid to be the given number
-U umask       Umask value used for creating home directory
-r, --system   Create a system account
-s shell       Name of the user's login shell
--service srv   Add account to nameservice 'srv'
--help     Give this help list
--usage    Give a short usage message
-v, --version  Print program version
Valid services for --service are: files, ldap
night:~ # useradd --show-defaults
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
GROUPS=video,dialout
CREATE_MAIL_SPOOL=no
UMASK=022
night:~ # useradd test
night:~ # id test
uid=1000(test) gid=100(users) groups=16(dialout),33(video),100(users)
night:~ # grep test /etc/passwd
test:x:1000:100::/home/test:/bin/bash
night:~ # cat /etc/default/useradd
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
GROUPS=video,dialout
CREATE_MAIL_SPOOL=no
night:~ #

在CentOSlinux中：

[root@localhost ~]# useradd --help
Usage: useradd [options] LOGIN
Options:
-b, --base-dir BASE_DIR       base directory for the new user account
home directory
-c, --comment COMMENT         set the GECOS field for the new user account
-d, --home-dir HOME_DIR       home directory for the new user account
-D, --defaults                print or save modified default useradd
configuration
-e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE       set password inactive after expiration
to INACTIVE
-g, --gid GROUP               force use GROUP for the new user account
-G, --groups GROUPS           list of supplementary groups for the new
user account
-h, --help                    display this help message and exit
-k, --skel SKEL_DIR           specify an alternative skel directory
-K, --key KEY=VALUE           overrides /etc/login.defs defaults
-m, --create-home             create home directory for the new user
account
-l,                       do not add user to lastlog database file
-M,                       do not create user's home directory(overrides /etc/login.defs)
-r,                       create system account
-o, --non-unique              allow create user with duplicate
(non-unique) UID
-p, --password PASSWORD       use encrypted password for the new user
account
-s, --shell SHELL             the login shell for the new user account
-u, --uid UID                 force use the UID for the new user account
-Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
[root@localhost ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@localhost ~]# useradd test
[root@localhost ~]# id test
uid=500(test) gid=501(test) groups=501(test) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@localhost ~]# grep test /etc/passwd
test:x:500:501::/home/test:/bin/bash
[root@localhost ~]# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@localhost ~]#

关于默认所属用户组的差别还是很大的。这个时候会发现在SUSElinux中并没有为用户生成一个家目录，这个时候可以这样做。

night:~ # useradd -m test
night:~ # ll -d /home/test/
drwxr-xr-x 5 test users 4096 Sep 26 19:42 /home/test/
night:~ #

这个文件夹的权限和CentOS也是有区别的。

8、关于防火墙

在SUSElinux中：

关于控制程序

night:~ # chkconfig --list | grep fire
SuSEfirewall2_init        0:off  1:off  2:off  3:on   4:off  5:on   6:off
SuSEfirewall2_setup       0:off  1:off  2:off  3:on   4:off  5:on   6:off
night:~ # which rcSuSEfirewall2
/sbin/rcSuSEfirewall2
night:~ # file /sbin/rcSuSEfirewall2
/sbin/rcSuSEfirewall2: symbolic link to `/etc/init.d/SuSEfirewall2_setup'
night:~ # /etc/init.d/SuSEfirewall2_init
Usage: /etc/init.d/SuSEfirewall2_init {start|stop|status|restart|reload|force-reload}
night:~ # /etc/init.d/SuSEfirewall2_setup
Usage: /etc/init.d/SuSEfirewall2_setup {start|stop|status|restart|reload|force-reload}
night:~ #

关于配置文件

night:~ # cat /etc/sysconfig/SuSEfirewall2 | grep -v ^#|grep -v ^$
FW_DEV_EXT="any eth0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV="zone:ext"
FW_MASQ_NETS="0/0"
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="22"   //tcp端口修改，多个端口空格隔开
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_DROP_DMZ=""
FW_SERVICES_DROP_INT=""
FW_SERVICES_REJECT_EXT=""
FW_SERVICES_REJECT_DMZ=""
FW_SERVICES_REJECT_INT=""
FW_SERVICES_ACCEPT_EXT=""
FW_SERVICES_ACCEPT_DMZ=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_RELATED_EXT=""
FW_SERVICES_ACCEPT_RELATED_DMZ=""
FW_SERVICES_ACCEPT_RELATED_INT=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP=""
FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_REJECT=""
FW_FORWARD_DROP=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES="nf_conntrack_netbios_ns"
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_FORWARD_ALLOW_BRIDGING=""
FW_BOOT_FULL_INIT=""
night:~ #

另外，可以将iptables的规则定义成为一个shellscript，然后放在/etc/init.d里面利用chkconfig来管理，这样的话更加方便，可以定义成类似redhat（centos）的管理iptables的方式。

再或者，在SUSElinux中可以将要启动的命令放置在脚本/etc/init.d/after.local中；默认该脚本是不存在的，可自行创建，after.local在系统启动过程中会调用。

注意：如果使用iptables的脚本或者是iptables的命令的话，要让/etc/init.d/SuSEfirewall2_setup在开机的时候是off的！

补充：在SUSElinux中的用户的一些命令重命名的一些命令放置在/etc/bash.bashrc；而CentOS中放置在/etc/profile

在CentOSlinux中：

[root@localhost ~]# chkconfig --list|grep iptables
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@localhost ~]# /etc/init.d/iptables
Usage: /etc/init.d/iptables {start|stop|reload|restart|condrestart|status|panic|save}
[root@localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@localhost ~]#

9、关于管理工具

在SUSElinux中，yast2可以完成大部分的工作

在CentOSlinux中：

10、补充说明，在securecrt连SUSElinux的时候，提示密钥认证，这个时候可以进行如下操作

linux-08wz:~ # vim /etc/ssh/sshd_config
PubkeyAuthentication no #<==默认是注释的，而且是yes，只要去掉注释，并改为no
……
linux-08wz:~ # rcsshd restart
Shutting down SSH daemon                                                                                                                                    done
Starting SSH daemon                                                                                                                                         done
linux-08wz:~ #