Centos7 应用技巧

Centos7应用技巧

最小化安装后需要安装服务net-tools telnet wget lsof 等或者 yum groupinstall base

1、启动级别服务显示
#chkconfig
启用
#chkconfig sshd on
禁用
#chkconfig sshd off

2、列出随机启动服务
#systemctl list-unit-files|grep enabled

3、启动停止服务
#systemctl start sshd.service
#systemctl stop sshd.service
#systemctl restart sshd.service
#systemctl enable sshd.service
#systemctl disable sshd.service

#systemctl is-active sshd.service
#systemctl is-failed sshd.service

等同于chkconfig –list
systemctl list-unit-files –type=service

4、nmtui 网卡配置
#nmtui
#systemctl status network
#ip addr show

5、setup 服务配置

6、网络配置文件:
/etc/sysconfig/network 说是全局设置,默认里面啥也没有
/etc/hostname 用nmtui修改hostname后,主机名保存在这里
/etc/resolv.conf 保存DNS设置,不需要手工改,nmtui里面设置的DNS会出现在这里
/etc/sysconfig/network-scripts/ 连接配置信息 ifcfg 文件
/etc/NetworkManager/system-connections/ VPN、移动宽带、PPPoE连接

#nmcli con show
NAME UUID TYPE DEVICE
em2 f4bf383d-6850-4ee7-bde5-d1f7cabae7d0 802-3-ethernet —
em3 73d663d9-01ad-445a-a640-023a10a02a53 802-3-ethernet —
em4 ce923ecc-52bd-4193-8bc8-2cf2360a8368 802-3-ethernet —
em1 68c50d83-fa0a-40d5-b799-1d7348f155c2 802-3-ethernet em1

[root@localhost ~]# nmcli con show em1
connection.id: em1
connection.uuid: 68c50d83-fa0a-40d5-b799-1d7348f155c2
connection.interface-name: em1
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.timestamp: 1437115618
connection.read-only: no
connection.permissions:
connection.zone: —
connection.master: —
connection.slave-type: —
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: —
802-3-ethernet.speed: 0
802-3-ethernet.duplex: —
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: D4:BE:D9:FA:C8:77
802-3-ethernet.cloned-mac-address: —
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: —
802-3-ethernet.s390-options:
ipv4.method: manual
ipv4.dns: 8.8.8.8
ipv4.dns-search:
ipv4.addresses: 10.0.2.13/24
ipv4.gateway: 10.0.2.1
ipv4.routes:
ipv4.route-metric: -1
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: —
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: —
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.gateway: —
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: —
GENERAL.NAME: em1
GENERAL.UUID: 68c50d83-fa0a-40d5-b799-1d7348f155c2
GENERAL.DEVICES: em1
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: —
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/3
GENERAL.SPEC-OBJECT: /
GENERAL.MASTER-PATH: —
IP4.ADDRESS[1]: 10.0.2.13/24
IP4.GATEWAY: 10.0.2.1
IP4.DNS[1]: 8.8.8.8
IP6.GATEWAY:

加载配置使生效
nmcli con load /etc/sysconfig/network-scripts/ifcfg-eth0 或 nmcli reload

7.网卡bond配置
[root@localhost network-scripts]# cat ifcfg-bond0
DEVICE=bond0
BONDING_OPTS=”resend_igmp=1 updelay=0 use_carrier=1 miimon=100 downdelay=0 xmit_hash_policy=0 primary_reselect=0 fail_over_mac=0 arp_validate=0 mode=balance-rr lacp_rate=0 arp_interval=0 ad_select=0″
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=none
IPADDR=10.0.3.129
PREFIX=24
GATEWAY=10.0.3.1
DNS1=8.8.8.8
NAME=”bond0″
ONBOOT=yes
[root@localhost network-scripts]# cat ifcfg-em1
# Generated by dracut initrd
NAME=”bond-slave”
DEVICE=”em1″
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
[root@localhost network-scripts]# cat ifcfg-em2
# Generated by dracut initrd
NAME=”bond-slave”
DEVICE=”em2″
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
[root@localhost network-scripts]#

8、系统默认编码设置文件,由/etc/sysconfig/i18n 更改为 /etc/locale.conf

9、 How do I disable IPv6?

Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
To disable in the running system:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
or

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

10、防火墙应用

将8080加入默认开放策略
firewall-cmd –zone=public –add-port=8080/tcp –permannet

列出开放端口列表
firewall-cmd –list-ports

查看防火墙是否运行
# systemctl status firewalld
OR
# firewall-cmd –state

列出策略名称
# firewall-cmd –get-zones

列出策略详情
# firewall-cmd –zone=work –list-all

查看默认策略名
# firewall-cmd –get-default-zone

列出默认策略中服务
# firewall-cmd –list-services

添加服务进策略
# firewall-cmd –add-service=http

删除服务
# firewall-cmd –remove-service=http

发表评论

电子邮件地址不会被公开。 必填项已用*标注