System initialization script can be unified, automatic configuration, reduce manpower.
Here is a brief talk about Yum installation and source code compilation and installation, please correct me. I have been insisting on Yum installation for the following reasons
First, easy to install, do not need to spend more energy to consider the problem of dependency
Second, the configuration is unified, convenient later maintenance, automation and so on
Third, convenient upgrade
Four, okay, I'm a vegetable chicken, I admit it. 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0039.gif "alt=" j_0039.gif "/>
see its blog post
#!/bin/bash # #Change yum source rpm -uvh http://dl.fedoraproject.org /pub/epel/6/i386/epel-release-6-8.noarch.rpmsed -i ' 1,10{s/^#//g;s/^mirrorlist/#mirrorlist/g;} ' /etc/yum.repos.d/epel.repoyum clean all yum makecache #Set wrong password locksed -i ' 1a auth required pam_tally2.so deny=3 lock_time= 300 even_deny_root root_unlock_time=300 ' /etc/pam.d/sshd #Install tools&update system yum -y install vim htop ntpdate wgetyum -y groupinstall "Development tools" "develoment libraries " yum -y update echo "0 0 * * * /usr/bin/yum -y update > /dev/null" >> /var/spool/cron/root#Selinux setenforce 0 sed -i ' S/^selinux=.*/selinux =disabled/g ' /etc/selinux/config #Time ntpdate ntp.api.bz hwclock -w echo "*/15 * * * * /usr/sbin/ntpdate ntp.api.bz > /dev/null " >> /var/spool/ cron/root#record command sed -i ' S/^histsize=.*$/histsize=100/' /etc/profile echo "Export prompt_command= ' { msg=\$ (history 1 | { read x y; echo \ $y; }); user=\$ (WhoAmI); echo \$ (date \ "+%y-%m-%d %h:%m:%s\"): \ $user : \ ' pwd\ '/:\ $msg ---- \$ (who am i); } >> /tmp/\ ' hostname\ '. \ ' Whoami\ '. History-timestamp ' " >> /root/.bash_profile #Iptables service iptables stop && chkconfig iptables off
A simple explanation is as follows:
①set Wrong password lock Please use carefully, I set is all users (including root), password error more than 5 times will be locked, when the server is malicious login will cause the administrator can not log in, must be logged in TTY. I will be in a later blog post script Way to ban the malicious login IP
②record command will record the user's changes made after landing, convenient audit, path/tmp/\ ' hostname\ '. \ ' whoami\ '. History-timestamp
③ the internal server shuts down the firewall, security measures need to be done on the hardware firewall.
If there is any mistake, please do not hesitate to correct me.
This article is from the "Talk" blog, please be sure to keep this source http://jixing.blog.51cto.com/821242/1629543
Centos init script