centos - xud6的笔记本

Centos 开启 dns缓存

安装nscd yum install nscd 在有IPA Client(或SSSD)的情况下修改/etc/nscd.conf中enable-cache为如下 enable-cache hosts yes enable-cache passwd no enable-cache group no enable-cache netgroup no enable-cache services no 启动 systemctl enable nscd systemctl restart nscd 验证已经开启 time getent hosts www.bing.com 结果中 real 0m0.002s user 0m0.001s sys 0m0.000s

centos

centos 8 自动更新

安装dnf-automatic dnf install dnf-automatic 编辑/etc/dnf/automatic.conf apply_updates = yes 启动定时器 systemctl enable --now dnf-automatic.timer

centos

Centos 7 启用定期TRIM

启用定期TRIM sudo systemctl enable fstrim.timer sudo systemctl restart fstrim.timer 手动TRIM sudo fstrim -a -v debian8 sudo cp /usr/share/doc/util-linux/examples/fstrim.service /etc/systemd/system sudo cp /usr/share/doc/util-linux/examples/fstrim.timer /etc/systemd/system

linux

selinux 常用命令

查看是否有被selinux阻挡 sudo cat /var/log/audit/audit.log | grep denied boolean 查看boolean状态 sudo sestatus -b sudo sestatus -b | grep -i sendmail 设置boolean sudo setsebool -P $boolean名 $1或0 常用boolean boolean名意义 httpd_can_network_connect 允许httpd反向代理 httpd_can_sendmail 允许httpd发送邮件 semanager 安装semanager sudo yum install -y policycoreutils-python Centos 8 sudo yum

centos7

Centos 清理旧内核

Centos 7 sudo yum install yum-utils -y && sudo package-cleanup --oldkernels --count=1 -y Centos 8 dnf remove --oldinstallonly --setopt installonly_limit=1

centos

centos7手动同步ntp服务器

ntpdate -u pool.ntp.org

centos

Centos7 apache使用freeipa pki提供证书

安装apache和mod_nss sudo yum install httpd mod_nss -y 配置mod_nss sudo sh -c "echo 'Listen 443' >> /etc/httpd/conf.d/nssconfig.conf" sudo sh -c "echo 'NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_

linux

curl 获取网站head

curl -IL http://url/

centos

查询是否被SELinux阻挡

sudo cat /var/log/audit/audit.log | grep denied

centos

SELinux boolean操作

查询boolean状态 sudo sestatus -b 或者 sudo sestatus -b | grep -i sendmail 设置boolean sudo setsebool -P $boolean名 $1或0 如允许httpd发送邮件 sudo setsebool -P httpd_can_sendmail 1

centos

Centos 7 安装wordpress

首先安装LAMP Centos 7 安装LAMP并配置event MPM和FastCGI 以下假设wordpress安装在/opt/wordpress下创建安装文件夹 sudo mkdir /opt/wordpress sudo chown -R `whoami`:`whoami` /opt/wordpress 准备数据库 mysql -u root -p 输入MySQL的ROOT密码 CREATE DATABASE 数据库名; CREATE USER 用户名@localhost IDENTIFIED BY '用户密码'; GRANT ALL PRIVILEGES ON 数据库名.* TO 用户名@localhost IDENTIFIED BY '用户密码'; FLUSH PRIVILEGES; exit

centos

Centos 7 安装LAMP并配置event MPM和FastCGI

安装工具软件 sudo yum install nano wget -y sudo yum update -y 安装Apache sudo yum install httpd -y 配置MPM sudo nano /etc/httpd/conf.modules.d/00-mpm.conf 注释掉prefork MPM并取消event MPM的注释，完成后是这样的(注释已删除) #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so

centos

Centos 7 加入freeipa域

安装需要的软件包 yum install ipa-client -y 加入域 ipa-client-install --domain YOUR_DOMAIN_NAME 打开自动创建home文件夹 authconfig --enablemkhomedir --update

centos

selinux 允许apache访问文件

yum install -y policycoreutils-python semanage fcontext -a -t httpd_sys_content_t /path/to/file restorecon -v /path/to/file semanage fcontext -a -t httpd_sys_content_t "/path/to/dir(/.*)?" restorecon -R -v /path/to/dir

centos

centos 清理旧内核

sudo yum install yum-utils sudo package-cleanup --oldkernels --count=1

centos

centos7 selinux 允许 apache 反向代理

执行 setsebool -P httpd_can_network_connect=1

centos7

centos 7 安装windows域ca证书

首先从ca服务器下载证书，比如 http://server/certsrv 然后将下载到的cer证书以base64格式导出为crt证书。将证书上传到服务器以下目录： /etc/pki/ca-trust/source/anchors 运行update-ca-trust sudo update-ca-trust

centos

centos 7 安装 privoxy

安装编译工具 yum groupinstall "Development Tools" 下载privoxy最新版 http://sourceforge.net/projects/ijbswa/files/Sources/ 编译 tar xzvf privoxy-3.0.23-stable-src.tar.gz cd privoxy-3.0.23-stable autoheader autoconf ./configure # (--help to see options) make # (the make from GNU, sometimes called gmake) 建立账户 sudo useradd privoxy -r -s /usr/sbin/

centos

centos安装postgresql并配置

安装postgresql yum install -y postgresql-server 初始化数据库 postgresql-setup initdb 允许外部访问数据库 nano /var/lib/pgsql/data/postgresql.conf 替换listen_addresses = 'localhost'为listen_addresses = '*' 允许通过密码登录 nano /var/lib/pgsql/data/pg_hba.conf 将ident替换为md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all

centos

centos 7 安装polipo

下载 git clone https://github.com/jech/polipo.git cd polipo (可选)使用发布的版本 git checkout polipo-1.1.1 安装 make all su -c 'make install' 建立配置文件 mkdir /opt/polipo nano /opt/polipo/config 复制http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/config.sample 内容并编辑建立polipo账户 useradd polipo -r -s /usr/

centos

centos 7 firewalld常用命令

将ip添加到zone sudo firewall-cmd --permanent --zone=work --add-source=192.168.0.0/24 将某个网口添加到zone sudo firewall-cmd --permanent --zone=work --add-interface=eth0 在某个zone打开端口 sudo firewall-cmd --permanent --zone=work --add-port=8080-8090/tcp 永久打开一个端口 firewall-cmd --permanent --add-port=8080/tcp 永久关闭一个端口 firewall-cmd --permanent --remove-port=8080/tcp 永久打开某项服务 firewall-cmd --permanent --add-service=http 永久关闭某项服务 firewall-cmd --permanent --remove-service=

centos

selinux允许nginx反向代理

centos

systemd服务创建

在/etc/systemd/system中新建servicename.service文件。按以下模板填入内容 [Unit] Description=servicedescription After=network.target [Service] Type=simple WorkingDirectory=/path/to/service User=http Group=http ExecStart=/usr/bin/service(startscript) ExecStop=/usr/bin/service(stopscript) Restart=always SyslogIdentifier=servicename [Install] WantedBy=multi-user.target 之后修改启动脚本/程序的selinux属性 semanage fcontext -a -t unconfined_exec_t

centos

hyper-v centos安装后优化

安装常用软件包括nano文字编辑器、wget、curl、lsof、bash-completion和ifconfig sudo yum install -y nano bash-completion net-tools wget curl lsof policycoreutils-python 移除不用的服务 sudo systemctl stop iprdump iprinit iprupdate NetworkManager sudo systemctl disable iprdump iprinit iprupdate NetworkManager sudo yum remove -y btrfs-progs* iprutils ivtv* iwl*firmware libertas* NetworkManager* aic94xx-firmware* alsa-* 可选移除不用的服务 systemctl stop postfix avahi-daemon.