rhel配置 本地yum
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
yum命令是现在最常用的软件管理,但该命令默认从网站上查找新的软件包进行更新。我很想从本地的光盘或ISO文件更新软件.下面介绍一个最简单的方法
1、把光盘或ISO文件mount到指定目录,这里我们让它实现自动挂载
mkdir /media/dvd
vi /etc/fstab
#最后一行添加
/dev/cdrom /media/dvd iso9660 default 0 0
mount -a
2、修改yum.conf文件
用文本编辑器创建/etc/yum.repos.d/rhel5-dvd.repo文件
vi /etc/yum.repos.d/rhel5-dvd.repo
[rhel5-dvd]
name=rhel5-dvd
baseurl=file:///media/dvd/Server/
gpgcheck=0
保存退出
3、测试
在命令行输入
#yum check-update
#yum install ****.rpm
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ubuntu下相关配置
http://knowledge-republic.com/CRM/2011/05/ubuntu-account-password-policy/
https://wiki.archlinux.org/index.php/Sudo_%28%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87%29
添加环境变量,指定visudo编辑器为vim
export EDITOR="/usr/bin/vim -p -X"
Summaries
(/etc/login.defs)
PASS_MAX_DAYS 90
PAM相关函数库路径
ls /lib/security/pam*
密码复杂度要求,记住5个历史密码
(/etc/pam.d/common-password)
apt-get install libpam-cracklib
root@ubuntu:/etc/pam.d# grep -v ^# common-password | grep -v ^$
password requisite pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 remember=5
password requisite pam_deny.so
password required pam_permit.so
root@ubuntu:/etc/pam.d#
密码5次错误锁定30分钟
(/etc/pam.d/common-auth)
root@ubuntu:/etc/pam.d# grep -v ^# common-auth | grep -v ^$
auth required pam_tally.so onerr=fail deny=5 unlock_time=1800
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
root@ubuntu:/etc/pam.d#
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
sudo相关
admin组可以 sudo执行任何命令
禁止普通用户su切换用户
(/etc/pam.d/su)
root@ubuntu:/etc/pam.d# grep -v ^# su | grep -v ^$
auth sufficient pam_rootok.so
auth required pam_wheel.so
auth sufficient pam_wheel.so trust
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
session optional pam_mail.so nopen
@include common-auth
@include common-account
@include common-session
sudo用户权限相关配置
useradd admin -g admin -m -s /bin/bash
useradd user1 -G admin -m -s /bin/bash
usermod -G lgl,admin lgl
#使用加密密码更改admin用户密码,此处密码为123456
usermod -p '$1$SpLt3glw$8rv9NuZzQx/TmXkJ6oK2V.' admin
Ubuntu 10.04
#!/bin/bash
lsb_release -a | grep lucid
if [ $? -ne 0 ]; then
echo "Your current system version not Ubuntu 10.04!"
exit
else
curl mirrors.sh.ctriptravel.com
if [ $? -ne 0 ]; then
echo "Your current host to mirrors.sh.ctriptravel.com unreachable!"
exit
fi
mkdir /var/backup
for I in /etc/sysctl.conf /etc/security/limits.conf /etc/bash.bashrc /etc/login.defs /etc/pam.d/common-password /etc/pam.d/common-auth /etc/pam.d/su /etc/sudoers /etc/ssh/sshd_config /etc/init/control-alt-delete.conf /etc/ntp.conf /etc/profile /etc/default/grub /etc/default/rcS; do
cp $I /var/backup;
done
#指定update服务器
cat > /etc/apt/sources.list << "EOF"
deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid main restricted universe multiverse
deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-security main restricted universe multiverse
deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-updates main restricted universe multiverse
deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-proposed main restricted universe multiverse
deb http://mirrors.sh.ctriptravel.com/ubuntu/ lucid-backports main restricted universe multiverse
EOF
apt-get clean all
apt-get update
#开启limits限制
cat >> /etc/security/limits.conf << "EOF"
* - nofile 65536
* - nproc 65536
* - sigpending 65536
EOF
#禁用ipv6
sed -i 's/quiet/quiet ipv6.disable=1/' /etc/default/grub
update-grub
#设置用户密码有效期
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs
#强制密码复杂***
apt-get -y install libpam-cracklib
sed -i 's/pam_cracklib.so retry=3 minlen=8 difok=3/pam_cracklib.so retry=3 minlen=17 difok=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/' /etc/pam.d/common-password
#设置多次错误密码帐号锁定时间
sed -i '/Primary/a\auth required pam_tally.so onerr=fail deny=5 unlock_time=1800' /etc/pam.d/common-auth
#禁止普通用户su切换用户身份
sed -i 's/# auth required pam_wheel.so/auth required pam_wheel.so/' /etc/pam.d/su
sed -i 's/# auth sufficient pam_wheel.so trust/auth sufficient pam_wheel.so trust/' /etc/pam.d/su
#记录用户历史命令
cat >> /etc/bash.bashrc << "EOF"
HISTORY_DIR=/tmp/.`date +%Y-%m-%d`
export PROMPT_COMMAND_FILE=${HISTORY_DIR}/`whoami`_`hostname`_history
export PROMPT_COMMAND='{ z=$(history 1 | { read x y; echo $y; }); echo -e "`who am i`: `pwd` :: $z"; } >> $PROMPT_COMMAND_FILE'
EOF
#添加root任务计划创建history目录
echo "01 * * * * root /bin/bash /bin/history.sh" > /etc/cron.d/history
cat > /bin/history.sh << "EOF"
#!/bin/bash
DIR=/tmp/.`date +%Y-%m-%d`
mkdir -p $DIR
chmod 777 $DIR
EOF
chmod 755 /bin/history.sh
#预创建/tmp下目录
mkdir -p /tmp/.`date +%Y-%m-%d`
chmod 777 /tmp/.`date +%Y-%m-%d`
#/tmp目录下内容保留最近10天
sed -i 's/TMPTIME=0/TMPTIME=10/' /etc/default/rcS
#设置用户终端超时间
sed -i '$a\TMOUT=600' /etc/profile
#ssh服务安全
sed -i 's/Port 22/Port 1022/' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers [email protected]' /etc/ssh/sshd_config
sed -i '$a\AllowUsers *@192.168.93.78' /etc/ssh/sshd_config
#禁用ctrl+alt+delete重启系统
sed -i 's$^exec shutdown$#exec shutdown$' /etc/init/control-alt-delete.conf
#配置ntp服务指向公司内部时间服务器
apt-get -y install ntp
sed -i 's/^server ntp.ubuntu.com/#server ntp.ubuntu.com/' /etc/ntp.conf
sed -i '/#server ntp.ubuntu.com/a\server time.sh.ctriptravel.com' /etc/ntp.conf
#添加admin用户
useradd admin -g admin -m -s /bin/bash
echo admin:GpV^fJ5#}xhdsad3fw4x | chpasswd
mkdir /home/admin/.ssh
cat > /home/admin/.ssh/authorized_keys << "EOF"
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzxp1XrHOXuE6jne/MrsdzRN/50UtDZHOinnpYkZzKS2u3bfhrBqVBPrDzfjJwdHQJsfnqjJsrrbIowyTJGR0Xn/G2z4zB2ng72jdju7DamM2UrBzHl6V/VJXfhwrfcIm76m1MWRY++9TZfRD6mOdL+sWhLEOkLYc5JAL66yduzY3PVFpxqtYQptC+FUHFwB4Jkt7g+st/1cSWD9GhwFDQ8PgoYoG2UGRm+8ORNf3xF9B71tBvOivTlqXWqIOrpMv4dRrZlddmNTYWCbQ/EjBHSB2ZzQCq7upbK/Q13mC9iQmNvKo7rVVYGHhRkXP/NFvNw0eCTEhGpzCWJGIzPpizQ== admin@vms00232
EOF
chmod 700 /home/admin/.ssh
chmod 600 /home/admin/.ssh/authorized_keys
chown -R admin.admin /home/admin/.ssh
#配置sudo相关权限
sed -i 's/%admin ALL=(ALL) ALL/%admin ALL=(ALL) NOPASSWD:ALL/' /etc/sudoers
fi
回退
192.168.49.33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
软件包管理
aptitude命令使用
命令 作用
aptitude update 更新可用的包列表
aptitude upgrade 升级可用的包
aptitude dist-upgrade 将系统升级到新的发行版
aptitude install pkgname 安装包
aptitude remove pkgname 删除包
aptitude purge pkgname 删除包及其配置文件
aptitude search string 搜索包
aptitude show pkgname 显示包的详细信息
aptitude clean 删除下载的包文件
aptitude autoclean 仅删除过期的包文件
dpkg命令使用
命令 作用
dpkg -i package.deb 安装包
dpkg -r package 删除包
dpkg -P package 删除包(包括配置文件)
dpkg -L package 列出与该包关联的文件
dpkg -l package 显示该包的版本
dpkg --unpack package.deb 解开 deb 包的内容
dpkg -S keyword 搜索所属的包内容
dpkg -l 列出当前已安装的包
dpkg -c package.deb 列出 deb 包的内容
dpkg --configure package 配置包
APT命令使用
命令 作用
apt-cache search package 搜索包
apt-cache show package 获取包的相关信息,如说明、大小、版本等
apt-get install package 安装包
apt-get install package --reinstall 重新安装包
apt-get -f install 修复安装"-f = ——fix-missing"
apt-get remove package 删除包
apt-get remove package --purge 删除包,包括删除配置文件等
apt-get update 更新源
apt-get upgrade 更新已安装的包
apt-get dist-upgrade 升级系统
apt-get dselect-upgrade 使用 dselect 升级
apt-cache depends package 了解使用依赖
apt-cache rdepends package 是查看该包被哪些包依赖
apt-get build-dep package 安装相关的编译环境
apt-get source package 下载该包的源代码
apt-get clean
apt-get autoclean 清理无用的包
apt-get check 检查是否有损坏的依赖
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Debian的crontab默认的编辑器是nano 设置默认VI 命令
Debian的crontab默认的编辑器是nano,用起来很不习惯,怎么才能转回VI呢?
用如下命令即可:
#update-alternatives --config editor
出现如下所示的界面:
There are 3 alternatives which provide `editor'.
Selection Alternative
-----------------------------------------------
1 /bin/ed
+ 2 /bin/nano
* 3 /usr/bin/vim.tiny
Press enter to keep the default[*], or type selection number:
然后选择3使用/usr/bin/vim就可以了。
PS:如果你发现你的定时没有生效,可以/etc/init.d/cron restart命令强制生效一下。
#########################################
rsync结合了delete功能
rsync -vzrtopg --delete --progress /data/mfs/ '-e ssh -p58422' [email protected]:/data/mfs/