First, disable SELinux:
# permanently disabled, requires reboot to take effect:
' s/selinux=enforcing/selinux=disabled/g '/etc/sysconfig/'s/selinux=enforcing/selinux=disabled/g' /etc/ Selinux/config
# temporarily disabled, no reboot required:
0
Second, modify the system language:
cp/etc/locale.conf/etc//etc/locale.conf
lang="zh_cn. UTF-8" #中文 #lang="en_US. UTF-8" #英文
View Code
Third, update the system patches:
Yum Update-y
Iv. installation of common tools
Yum install vim wget lvm2 lsb net-tools openssh-clients vim-enhanced
V. LNMP environment-dependent package installation:
Yum install vim vim-enhanced wget zip unzip telnet ntsysv compat* apr* nasm* gcc gcc* gcc-c++ ntp make Imake cmake Automak E autoconf python-devel zlib zlib-devel glibc glibc-devel glib2 libxml glib2-devel libxml2 libxml2-devel bzip2 bzip2-devel LIBXPM libxpm-devel libidn libidn-devel libtool libtool-ltdl-devel* libmcrypt libmcrypt-devel libevent-devel libmcrypt* Libicu-devel libxslt-devel postgresql-devel Curl curl-devel perl perl-net-ssleay pcre pcre-devel ncurses ncurses-devel op Enssl openssl-devel openldap openldap-devel openldap-clients openldap-servers krb5 krb5-devel e2fsprogs e2fsprogs-devel Libjpeg libpng libjpeg-devel libjpeg-6b libjpeg-devel-6b libpng-devel libtiff-devel freetype freetype-devel Fontconfig-devel GD gd-devel kernel screen sysstat Flex bison nss_ldap pam-devel compat-libstdc++-
Vi. Close the FIREWALLD firewall:
Systemctl Stop Firewalld.servicesystemctl Disable Firewalld.service
Seven, enable Iptables firewall:
Yum install iptables-servicesservice itpables start
VIII. installation Configuration Initialize the Iptables policy:
Iptables-f-T Natiptables-X-T Natiptables-Z-T Natiptables-Fiptables-Xiptables-P INPUT dropiptables-P OUTPUT acceptiptables-P FORWARD dropiptables-A Input-p TCP--dport A-J Acceptiptables-A input-p ICMP-J Acceptiptables-A input-i lo-p all-J Acceptiptables-A input-m state--state INVALID-J Dropiptables-A output-m state--state INVALID-J Dropiptables-A forward-m state--state INVALID-J Dropiptables-A input-m state--state established,related-J Acceptiptables-A output-m state--state established,related-J Acceptservice iptables saveservice iptables restartcat/etc/sysconfig/iptablesservice iptables statusiptables, N-
Nine, disable root remote login:
Vim/etc/ssh/sshd_config
Add
View Code
# Restart the SSH service:
Service sshd Restart
Ten, modify the remote login port number:
Vim/etc/ssh/sshd_config
Add
10022
View Code
#重启ssh服务:
Service sshd Restart
Xi. Setting the Account auto-logoff time:
Vim/etc/profile
Add
tmout=
View Code
12. Set the history command:
Vim/etc/profile
Modify
Histsize=Ten
View Code
13. Configure Environment variables: (purely personal hobby)
Vim/etc/bashrc
# add
Alias ll='ls-l--time-style= "+%y-%m-%d%h:%m:%s"' #ll命令显示文件时间格式alias Date=' Date "+%y-%m-%d%h:%m:%s.%a"' #日期和时间的显示格式PS1="" # Terminal shell with color
View Code
14. Configure Scheduled Tasks update patches:
" Yum Update " >>/etc/"3 * * 1 yum update" >>/var/spool/ Cron/root
XV, enable public key authentication:
Vim/etc/ssh/sshd_config
# add
Rsaauthentication Yes # Enable RSA authentication, default is yespubkeyauthentication Yes # Enable public key authentication, default is Yes
View Code
Mkdir-p ~/ ~/.ssh
"~/.ssh/id_rsa.pub [email protected] target Ip/.ssh/authorized_keys
# operate on the target server:
~/.ssh/authorized_keys
# validation
Ssh-l Root Target I
centos_7.2 Server Pre-