[关闭]
@cdmonkey 2018-11-29T08:03:18.000000Z 字数 3961 阅读 1061

CentOS7

操作系统

基本优化

http://hequan.blog.51cto.com/5701886/1789146

修改主机名

http://www.centoscn.com/CentOS/config/2014/1031/4039.html

使用hostnamectl的命令行工具,它允许你查看及修改同主机名相关的配置。

  1. hostnamectl set-hostname --static PBSZBX01

静态地址

http://www.centoscn.com/CentOS/config/2014/1031/4034.html

关闭不必要的服务

http://www.linuxdown.net/install/faq/20160309_how_linux_4976.html

服务开机自启动

http://www.centoscn.com/CentOS/config/2015/0507/5374.html

View and manage services

  1. [root@zabbix-server ~]# systemctl -t service
  2. UNIT                               LOAD   ACTIVE SUB     DESCRIPTION
  3. auditd.service                     loaded active running Security Auditing Service
  4. crond.service                      loaded active running Command Scheduler
  5. dbus.service                       loaded active running D-Bus System Message Bus
  6. getty@tty1.service                 loaded active running Getty on tty1
  7. httpd.service                      loaded active running The Apache HTTP Server
  8. irqbalance.service                 loaded active running irqbalance daemon
  9. kmod-static-nodes.service          loaded active exited  Create list of required static device nodes for the current kernel
  10. lvm2-lvmetad.service               loaded active running LVM2 metadata daemon
  11. lvm2-monitor.service               loaded active exited  Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling
  12. lvm2-pvscan@8:2.service            loaded active exited  LVM2 PV scan on device 8:2
  13. network.service                    loaded active exited  LSB: Bring up/down networking
  14. NetworkManager.service             loaded active running Network Manager
  15. onealert.service                   loaded active running LSB: OneAlert local agent
  16. polkit.service                     loaded active running Authorization Manager
  17. rhel-autorelabel-mark.service      loaded active exited  Mark the need to relabel after reboot
  18. rhel-dmesg.service                 loaded active exited  Dump dmesg to /var/log/dmesg
  19. rhel-import-state.service          loaded active exited  Import network configuration from initramfs
  20. rhel-readonly.service              loaded active exited  Configure read-only root support
  21. rsyslog.service                    loaded active running System Logging Service
  22. sendmail.service                   loaded active running Sendmail Mail Transport Agent
  23. sm-client.service                  loaded active running Sendmail Mail Transport Client
  24. sshd.service                       loaded active running OpenSSH server daemon
  25. systemd-journal-flush.service      loaded active exited  Flush Journal to Persistent Storage
  26. systemd-journald.service           loaded active running Journal Service
  27. systemd-logind.service             loaded active running Login Service
  28. systemd-random-seed.service        loaded active exited  Load/Save Random Seed
  29. systemd-remount-fs.service         loaded active exited  Remount Root and Kernel File Systems
  30. systemd-sysctl.service             loaded active exited  Apply Kernel Variables
  31. systemd-tmpfiles-setup-dev.service loaded active exited  Create Static Device Nodes in /dev
  32. systemd-tmpfiles-setup.service     loaded active exited  Create Volatile Files and Directories
  33. systemd-udev-trigger.service       loaded active exited  udev Coldplug all Devices
  34. systemd-udevd.service              loaded active running udev Kernel Device Manager
  35. systemd-update-utmp.service        loaded active exited  Update UTMP about System Boot/Shutdown
  36. systemd-user-sessions.service      loaded active exited  Permit User Sessions
  37. systemd-vconsole-setup.service     loaded active exited  Setup Virtual Console
  38. tuned.service                      loaded active running Dynamic System Tuning Daemon
  39. vmware-tools.service               loaded active running SYSV: Manages the services needed to run VMware software
  40. wpa_supplicant.service             loaded active running WPA Supplicant daemon
  41. zabbix-agent.service               loaded active running Zabbix Agent
  42. zabbix-server.service              loaded active running Zabbix Server
  44. LOAD   = Reflects whether the unit definition was properly loaded.
  45. ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
  46. SUB    = The low-level unit activation state, values depend on unit type.
  48. 40 loaded units listed. Pass --all to see loaded but inactive units, too.
  49. To show all installed unit files use 'systemctl list-unit-files'.

关闭防火墙

  1. [root@PBSZBX01 ~]# systemctl disable firewalld.service
  2. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
  3. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
  4. # Ckeck
  5. [root@PBSZBX01 ~]# firewall-cmd --state
  6. not running

Forbid IPv6

这只是其中一种办法,简单可行。

  1. [root@hidocker ~]# vim /etc/sysctl.conf
  2. # 增加下面两行:
  3. net.ipv6.conf.all.disable_ipv6 =1
  4. net.ipv6.conf.default.disable_ipv6 =1
  5. # 保存并退出文件,并执行下面的命令来使设置生效:
  6. sysctl -p

SELinux

http://www.centoscn.com/CentOS/config/2015/0618/5681.html

VNC

https://linux.cn/article-5335-1.html

安全加固、检测、审计

http://blog.csdn.net/wh211212/article/details/53063599?fps=1&locationNum=2

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注