{"id":1537,"date":"2024-05-08T13:56:04","date_gmt":"2024-05-08T05:56:04","guid":{"rendered":"http:\/\/oneai.eu.org\/?p=1537"},"modified":"2024-05-08T13:56:04","modified_gmt":"2024-05-08T05:56:04","slug":"centos-7%e6%80%a7%e8%83%bd%e4%bc%98%e5%8c%96","status":"publish","type":"post","link":"https:\/\/oneai.eu.org\/?p=1537","title":{"rendered":"centos 7\u6027\u80fd\u4f18\u5316"},"content":{"rendered":"<p>centos7\u4f5c\u4e3aweb\u670d\u52a1\u5668\u4f18\u5316<br \/>\n\u6807\u7b7e\uff1a centos7 web \u670d\u52a1\u5668 | \u53d1\u8868\u65f6\u95f4\uff1a2014-09-21 06:15 | \u4f5c\u8005\uff1ayangchunhe<br \/>\n\u5206\u4eab\u5230\uff1a \u51fa\u5904\uff1a<a href=\"http:\/\/www.iteye.com\">http:\/\/www.iteye.com<\/a><br \/>\ncentos7\u4f5c\u4e3aweb\u670d\u52a1\u5668\u4f18\u5316 <\/p>\n<p>1\u3001\u5173\u95edfirewalld\uff1a<br \/>\nsystemctl stop firewalld.service #\u505c\u6b62firewall<br \/>\nsystemctl disable firewalld.service #\u7981\u6b62firewall\u5f00\u673a\u542f\u52a8<br \/>\n2\u3001\u5b89\u88c5iptables\u9632\u706b\u5899<br \/>\nyum install iptables-services #\u5b89\u88c5<br \/>\niptables -nvL   #\u67e5\u770b\u4fe1\u606f<br \/>\n3\u3001\u52a0\u5927\u6253\u5f00\u6587\u4ef6\u6570\u7684\u9650\u5236\uff08open files\uff09<br \/>\n\u67e5\u770b<br \/>\nulimit -n<br \/>\nulimit -a<br \/>\nvi \/etc\/security\/limits.conf<br \/>\n\u6700\u540e\u6dfb\u52a0 <\/p>\n<ul>\n<li>\n<p>soft nofile 1024000 <\/p>\n<\/li>\n<li>\n<p>hard nofile 1024000<br \/>\nhive   - nofile 1024000<br \/>\nhive   - nproc  1024000<br \/>\n\u7528\u6237\u8fdb\u7a0b\u9650\u5236<br \/>\nvi \/etc\/security\/limits.d\/20-nproc.conf        <\/p>\n<h1>\u52a0\u5927\u666e\u901a\u7528\u6237\u9650\u5236  \u4e5f\u53ef\u4ee5\u6539\u4e3aunlimited<\/h1>\n<pre><code>*          soft    nproc     40960\nroot       soft    nproc     unlimited<\/code><\/pre>\n<\/li>\n<li>\n<p>soft     nofile     1024000<\/p>\n<\/li>\n<li>\n<p>hard     nofile     1024000<\/p>\n<\/li>\n<li>\n<p>soft     nproc     1024000<\/p>\n<\/li>\n<li>\n<p>hard     nproc     1024000<br \/>\n~<br \/>\n\u6b64\u6b65\u9aa4\u9700\u8981\u91cd\u542f\u673a\u5668\u751f\u6548\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u5b8c\u540e\u518d\u91cd\u542f<br \/>\n4\u3001\u7f51\u7edc\u7ebf\u7a0b\u4f18\u5316<br \/>\nvi \/etc\/sysctl.conf<br \/>\n\u52a0\u5165\u4e0b\u9762\u51e0\u884c <\/p>\n<\/li>\n<\/ul>\n<h1>Disable IPv6<\/h1>\n<pre><code>    net.ipv6.conf.all.disable_ipv6 = 1\n    net.ipv6.conf.default.disable_ipv6 = 1\n\n    # Determines how often to check for stale neighbor entries.\n    net.ipv4.neigh.default.gc_stale_time=120\n\n    # Using arp_announce\/arp_ignore to solve the ARP Problem\n    net.ipv4.conf.default.arp_announce = 2\n    net.ipv4.conf.all.arp_announce=2\n    vm.swappiness = 0\n    net.ipv4.tcp_max_tw_buckets = 5000\n    net.ipv4.tcp_max_syn_backlog = 1024\n    net.ipv4.tcp_synack_retries = 2\n    net.ipv4.conf.lo.arp_announce=2\n\n    net.ipv4.tcp_keepalive_time = 1800\n    net.ipv4.tcp_keepalive_probes = 3\n    net.ipv4.tcp_keepalive_intvl = 15\n\n    net.ipv4.tcp_syncookies = 1\n    net.ipv4.tcp_tw_reuse = 1\n    net.ipv4.tcp_tw_recycle = 1\n    net.ipv4.tcp_fin_timeout = 30       \n\n    \u6267\u884c\u4e0b\u9762\u547d\u4ee4\u751f\u6548\n    \/sbin\/sysctl -p<\/code><\/pre>\n<p>5.\u65f6\u95f4\u6821\u5bf9<br \/>\ncp \/usr\/share\/zoneinfo\/Asia\/Shanghai \/etc\/localtime<br \/>\nntpdate us.pool.ntp.org<br \/>\ncrontab -e<br \/>\n0-59\/10 <em> <\/em> <em> <\/em> \/usr\/sbin\/ntpdate us.pool.ntp.org | logger -t NTP<br \/>\nservice crond restart<\/p>\n<p>6.\u5173\u95edroot\u767b\u5f55\u5e76\u4fee\u6539ssh\u7aef\u53e3<br \/>\n\u6dfb\u52a0\u666e\u901a\u7528\u6237<br \/>\ngroupadd test<br \/>\nuseradd -d \/home\/www\/ -g test test1<br \/>\npasswd test1<\/p>\n<p>iptables \u5f00\u542f6666\u7aef\u53e3  \u6b64\u6b65\u9aa4\u987b\u5148\u4e8e\u4e0b\u9762\u6b65\u9aa4\uff0c\u5426\u5219\u4f1a\u9020\u6210ssh\u8fde\u4e0d\u4e0a\u7684<br \/>\nvi \/etc\/sysconfig\/iptables<br \/>\n\u6dfb\u52a0<br \/>\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 6666 -j ACCEPT<\/p>\n<p>\u4fee\u6539ssh\u7aef\u53e3<br \/>\nvi \/etc\/ssh\/sshd_config<br \/>\n\u627e\u5230#Port 22\u4e00\u6bb5\uff0c\u8fd9\u91cc\u662f\u6807\u8bc6\u9ed8\u8ba4\u4f7f\u752822\u7aef\u53e3\uff0c\u4fee\u6539\u4e3a\u5982\u4e0b\uff1a <\/p>\n<h1>Port 22<\/h1>\n<p>Port 6666 <\/p>\n<p>\u5173\u95edroot\u767b\u5f55\u6743\u9650 \u628a<br \/>\nPermitRootLogin yes<br \/>\n\u6539\u4e3a<br \/>\nPermitRootLogin no<br \/>\n\u4fdd\u5b58\u9000\u51fa <\/p>\n<p>\u6d4b\u8bd5\u65b0\u7528\u6237\u80fd\u6b63\u5e38\u767b\u5f55\u540e\u65b9\u53ef\u4ee5\u5728iptables \u7981\u752822\u7aef\u53e3\u4e86<br \/>\n7.\u7981\u6b62\u5f00\u542fping<br \/>\n\u7981\u6b62<br \/>\necho 1 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all<br \/>\n\u5f00\u542f<br \/>\necho 0 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all<\/p>\n<h1>\u6c38\u4e45\u4fdd\u5b58<\/h1>\n<pre><code>    vi \/etc\/rc.d\/rc.local\n    echo 1 >\/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all<\/code><\/pre>\n<p>8.\u7f51\u7edc\u547d\u4ee4ifconfig <\/p>\n<p>bash: ifconfig: \u672a\u627e\u5230\u547d\u4ee4<br \/>\nyum -y install net-tools<\/p>\n","protected":false},"excerpt":{"rendered":"<p>centos7\u4f5c\u4e3aweb\u670d\u52a1\u5668\u4f18\u5316 \u6807\u7b7e\uff1a centos7 web \u670d\u52a1\u5668 | \u53d1\u8868\u65f6\u95f4\uff1a2014-09-21 06:15 | \u4f5c\u8005\uff1ayangchunhe \u5206\u4eab\u5230\uff1a \u51fa\u5904\uff1ahttp:\/\/www.iteye.com centos7\u4f5c\u4e3aweb\u670d\u52a1\u5668\u4f18\u5316 1\u3001\u5173\u95edfirewalld\uff1a systemctl stop firewalld.service #\u505c\u6b62firewall systemctl disable firewalld.service #\u7981\u6b62firewall\u5f00\u673a\u542f\u52a8 2\u3001\u5b89\u88c5iptables\u9632\u706b\u5899 yum install iptables-services #\u5b89\u88c5 iptables -nvL #\u67e5\u770b\u4fe1\u606f 3\u3001\u52a0\u5927\u6253\u5f00\u6587\u4ef6\u6570\u7684\u9650\u5236\uff08open files\uff09 \u67e5\u770b ulimit -n ulimit -a vi \/etc\/security\/limits.conf \u6700\u540e\u6dfb\u52a0 soft nofile 1024000 hard nofile 1024000 hive &#8211; nofile 1024000 hive &#8211; nproc 1024000 \u7528\u6237\u8fdb\u7a0b\u9650\u5236 vi \/etc\/security\/limits.d\/20-nproc.conf \u52a0\u5927\u666e\u901a\u7528\u6237\u9650\u5236 \u4e5f\u53ef\u4ee5\u6539\u4e3aunlimited * soft nproc 40960 root soft nproc unlimited soft nofile 1024000 hard nofile 1024000 soft nproc 1024000 hard nproc 1024000 ~ \u6b64\u6b65\u9aa4\u9700\u8981\u91cd\u542f\u673a\u5668\u751f\u6548\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u5b8c\u540e\u518d\u91cd\u542f 4\u3001\u7f51\u7edc\u7ebf\u7a0b\u4f18\u5316 vi \/etc\/sysctl.conf \u52a0\u5165\u4e0b\u9762\u51e0\u884c Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # Determines how often to check for stale neighbor entries. net.ipv4.neigh.default.gc_stale_time=120 # Using arp_announce\/arp_ignore to solve the ARP Problem net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_announce=2 vm.swappiness = 0 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_synack_retries = 2 net.ipv4.conf.lo.arp_announce=2 net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 \u6267\u884c\u4e0b\u9762\u547d\u4ee4\u751f\u6548 \/sbin\/sysctl -p 5.\u65f6\u95f4\u6821\u5bf9 cp \/usr\/share\/zoneinfo\/Asia\/Shanghai \/etc\/localtime ntpdate us.pool.ntp.org crontab -e 0-59\/10 \/usr\/sbin\/ntpdate us.pool.ntp.org | logger -t NTP service crond restart 6.\u5173\u95edroot\u767b\u5f55\u5e76\u4fee\u6539ssh\u7aef\u53e3 \u6dfb\u52a0\u666e\u901a\u7528\u6237 groupadd test useradd -d \/home\/www\/ -g test test1 passwd test1 iptables \u5f00\u542f6666\u7aef\u53e3 \u6b64\u6b65\u9aa4\u987b\u5148\u4e8e\u4e0b\u9762\u6b65\u9aa4\uff0c\u5426\u5219\u4f1a\u9020\u6210ssh\u8fde\u4e0d\u4e0a\u7684 vi \/etc\/sysconfig\/iptables \u6dfb\u52a0 -A INPUT -p tcp -m state &#8211;state NEW -m tcp &#8211;dport 6666 -j ACCEPT \u4fee\u6539ssh\u7aef\u53e3 vi \/etc\/ssh\/sshd_config \u627e\u5230#Port 22\u4e00\u6bb5\uff0c\u8fd9\u91cc\u662f\u6807\u8bc6\u9ed8\u8ba4\u4f7f\u752822\u7aef\u53e3\uff0c\u4fee\u6539\u4e3a\u5982\u4e0b\uff1a Port 22 Port 6666 \u5173\u95edroot\u767b\u5f55\u6743\u9650 \u628a PermitRootLogin yes \u6539\u4e3a PermitRootLogin no \u4fdd\u5b58\u9000\u51fa \u6d4b\u8bd5\u65b0\u7528\u6237\u80fd\u6b63\u5e38\u767b\u5f55\u540e\u65b9\u53ef\u4ee5\u5728ipt&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[99,101,80],"tags":[],"class_list":["post-1537","post","type-post","status-publish","format-standard","hentry","category-centos","category-101","category-80"],"_links":{"self":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1537"}],"version-history":[{"count":1,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1537\/revisions"}],"predecessor-version":[{"id":1538,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1537\/revisions\/1538"}],"wp:attachment":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}