centos6.5 Related commands

Mount USB Drive

1. Enter the MNT directory:

#cd/mnt

2. Create a new USB directory:

#mkdir USB

3. View the directory of the USB flash drive:

#fdisk –l

4. Mount:

#mount –t Vfat/dev/sdb1/mnt/usb

-T VFAT refers to the format of fat,/DEV/SDB1 refers to a USB stick,/mnt/usb refers to the place of Mount

5. Enter the U disk

#cd/mnt/usb

6. Uninstalling U disk

#umount/mnt/usb or UMNOUT/DEV/SDB1.

Be careful not to uninstall in the USB directory, or you will be prompted to do so in a different directory.

Modify the NIC

1. Check the network card information:

#ifconfig

Command syntax: ifconfig [parameters]

Parameter description:

No parameter: Displays the currently active NIC

-A: Displays configuration information for all network cards in the system

NIC Device Name: Displays configuration information for the specified NIC

Eg: view eth0 network card information: #ifconfig eth0

B. Set the IP address

Command syntax: ifconfig NIC device name IP address netmask Subnet mask

(Note: The IP address set by the Ifconfig command takes effect immediately, but after restarting the machine, the IP address is restored to the original IP address, so the ifconfig command can only be used to set a temporary IP address)

Eg:ifconfig eth0 192.168.168.156 netmask 255.255.255.0

2. Start and close the network card command

Disable NIC

Syntax: Ifdown NIC device name

#ifdown eth0

Enable NIC

Syntax: ifup NIC device name

#ifup eth0

3. Network Card configuration file

The configuration for NIC information typically includes: Configuring the IP address, subnet mask, and gateway. The network card information is saved in the NIC configuration file. The NIC configuration file is located in the/etc/sysconfig/network-scripts directory. One NIC corresponds to a network card profile, and the configuration file naming rules:

ifcfg-network card type and serial number of the NIC

Since the Ethernet card type is ETH, the serial number of the network card starts from 0, so the configuration file name of the first Nic is called Ifcfg-eth0, the second NIC is ifcfg-eth1, and so on.

The common profile names in the NIC configuration file are also as follows:

Device=eth0, define the identification name of the network card.

BOOTPROTO=DHCP, start the recognized name of the NIC.

Static/none: Represents a fixed IP address;

BOOTP/DHCP: IP address obtained via BOOTP or DHCP protocol.

Hwaddr=00:02:b3:0b:64:22, the MAC address of the network card.

Onboot=yes, whether the network adapter is enabled when the network service is started. When the Redhat system starts the network service, the Network Service reads the configuration files that are stored in the/etc/sysconfig/network-scripts/directory for all network cards at one time. If the onboot of the NIC configuration file is set to Yes, the network service invokes the IFUP command to start the network card, and if the Onboot parameter of the NIC's configuration file is no,network, it skips the work of starting the NIC.

Type=ethernet, the type of the NIC.

Userctl=no, whether to allow the normal user to start or stop the network card.

Ipv6init=no, whether to start the IPV6 function on the NIC.

Peerdns=yes, whether the NIC is allowed to query the DHCP server for DNS information at startup and automatically overwrite the/etc/resolv.conf profile.

The following configuration item is used to specify the static IP address of the network card, at which point the Bootproto must be static or none.

ipaddr=192.168.1.55, statically specifies the IP address of the NIC.

netmask=255.255.255.0, defines the subnet mask for the NIC.

mtu=1500, set the maximum Transfer unit size for Mac frames of the network card.

gateway=192.168.1.1, set the default gateway for the network.

dns1=192.168.128.5, specify the primary DNS server address.

dns2=192.168.128.6, specify an alternate DNS server address.

modifying SELinux properties

1. Check if SELinux is enabled

#sestatus

2. Turn off SELinux

Ways to temporarily close selinux:
#setenforce 0

Modify a file

#vi/etc/sysconfig/selinux

Setting SELinux to disable will stop SELinux the next time you start the system.

IPTABLES

1. View Iptables

#service iptables Status

2. Start Iptables

#service iptables Start

3. Close Iptables
#service Iptalbes Stop

4, after the restart of the permanent effect iptables

#chkconfig iptables on

5, restart after the permanent shutdown iptables

#chkconfig iptables off

6, 70, and 115 of the iptables scripts used

#!/bin/sh

Iptables-f

Iptables-f-T NAT

Iptables-x

Iptables-p INPUT DROP

Iptables-p OUTPUT ACCEPT

Iptables-p FORWARD ACCEPT

Iptables-a input-f-M limit--limit 100/sec--limit-burst 100-jaccept

Iptables-a input-p ICMP--icmp-type echo-request-m limit--limit1/s--limit-burst 10-j ACCEPT

Iptables-a input-p tcp-m tcp--tcp-flags syn,rst,ack syn-m limit--limit 20/sec--limit-burst 200-j ACCEPT

Iptables-a input-i lo-j ACCEPT

Iptables-a Output-o lo-j ACCEPT

Iptables-a input-m State--state established,related-j ACCEPT

Iptables-a input-p TCP--dport 80-j ACCEPT

Iptables-a input-s 119.130.112.228-p TCP--dport 22-j ACCEPT

Iptables-a input-s 121.9.227.43-p TCP--dport 3306-j ACCEPT

Iptables-a input-s 119.130.112.228-p TCP--dport 3306-j ACCEPT

Iptables-a input-p TCP--dport 22-j ACCEPT

Iptables-a output-p TCP--sport 22-j ACCEPT

/etc/rc.d/init.d/iptables Save

7. Iptables Rule Description

# Iptables–l–n View the settings of this machine

# iptables-f Clears the default list of all chain rules in the filter

# iptables–x Clear Preset Table filter rules for user-defined chains

#/etc/rc.d/init.d/iptables Save writes to/etc/sysconfig/iptables file

# iptables-p INPUT drop chain rule inpu the rule for processing packets is drop (discard)

# iptables-p Output Accept chain rule output the rules for processing packets are ACCEPT (via)

# iptables-p FORWARD ACCEPT chain rule inpu The rule to process packets is drop (discard)

Note: If you are a remote SSH login, you should drop it when you enter the first command. Because you didn't set any rules.

Remote SSH Login, open Port

# iptables-a input-p TCP--dport 22-j ACCEPT

# iptables-a output-p TCP--sport 22-j ACCEPT

This rule, if the output is set to drop the need to write this step, always can not ssh.

WEB Server, open Port

# iptables-a input-p TCP--dport 80-j ACCEPT

# iptables-a output-p TCP--sport 80-j ACCEPT

Allow ICMP Package through , Which allows Ping,

# iptables-a Output-p icmp-j ACCEPT (OUTPUT set to drop)

# iptables-a Input-p icmp-jaccept (INPUT set to drop)

Allow loopback! ( This may cause problems such as DNS not shutting down properly )

#IPTABLES-A input-i lo-p all-j ACCEPT (if it is Inputdrop)
#IPTABLES-A output-o lo-p all-j ACCEPT (if OUTPUT DROP)

Reduce insecure port connections

# iptables-a output-p TCP--sport 31337-jdrop

# iptables-a output-p TCP--dport 31337-jdrop

Note: Some Trojan horses scan services on ports 31337 through 31340 (that is, the elite ports in the hacker language). Since legitimate services do not use these non-standard ports to communicate, blocking these ports can effectively reduce the chance that your network may be infected by the machine and their remote primary server for independent communication and other ports as well, such as: 31335, 27444, 27665, 20034 NetBus, 9704, 137-139 (SMB), 2049 (NFS) ports should also be disabled,

Allow only 192.168.0.3 the machine is SSH Connection

# iptables-a input-s192.168.0.3-p TCP--dport 22-j ACCEPT

centos6.5 Related commands