1、關於提示符
在SUSElinux中:
localhost:~ # set|grep PS1PS1=$'\\[\E[1m\E[31m\\]\\h:\\w # \\[\E(B\E[m\\]'localhost:~ #
在CentOSlinux中:
[root@localhost ~]# set|grep PS1PS1='[\u@\h \W]\$ '[root@localhost ~]#
2、關於主機名稱修改
在SUSElinux中:
night:~ # cat /etc/HOSTNAMEnightnight:~ #
在CentOSlinux中:
[root@localhost ~]# cat /etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=noHOSTNAME=localhost.localdomainGATEWAY=192.168.100.1[root@localhost ~]#
3、關於ip/gateway/dns
在SUSElinux中:
night:~ # cat /etc/sysconfig/network/ifcfg-eth0BOOTPROTO='static' //靜態方式擷取BROADCAST=''ETHTOOL_OPTIONS=''IPADDR='192.168.100.210/24' //ip地址和子網路遮罩MTU=''NAME='82540EM Gigabit Ethernet Controller'NETWORK=''REMOTE_IPADDR=''STARTMODE='auto' //開機啟用網卡USERCONTROL='no'night:~ # cat /etc/sysconfig/network/routesdefault 192.168.100.1 - -night:~ # cat /etc/resolv.conf### /etc/resolv.conf file autogenerated by netconfig!## Before you change this file manually, consider to define the# static DNS configuration using the following variables in the# /etc/sysconfig/network/config file:# NETCONFIG_DNS_STATIC_SEARCHLIST# NETCONFIG_DNS_STATIC_SERVERS# NETCONFIG_DNS_FORWARDER# or disable DNS configuration updates via netconfig by setting:# NETCONFIG_DNS_POLICY=''## See also the netconfig(8) manual page and other documentation.## Note: Manual change of this file disables netconfig too, but# may get lost when this file contains comments or empty lines# only, the netconfig settings are same with settings in this# file and in case of a "netconfig update -f" call.#### Please remove (at least) this line when you modify the file!search localdomainnameserver 192.168.100.1nameserver 8.8.8.8night:~ #
關於CentOSlinux中:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0# Intel Corporation 82540EM Gigabit Ethernet ControllerDEVICE=eth0 //裝置名稱BOOTPROTO=static //靜態方式BROADCAST=192.168.100.255 //廣播位址HWADDR=08:00:27:8E:37:90 //網卡地址IPADDR=192.168.100.200 //ip地址NETMASK=255.255.255.0 //子網路遮罩NETWORK=192.168.100.0 //網路地址ONBOOT=yes //開機啟用網卡[root@localhost ~]# cat /etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=noHOSTNAME=localhost.localdomainGATEWAY=192.168.100.1[root@localhost ~]# cat /etc/resolv.confnameserver 192.168.100.1nameserver 8.8.8.8search localhost[root@localhost ~]#
重啟網路的方法相同:/etc/init.d/networkstart|stop|restart
4、關於版本查看
在SUSElinux中:
night:~ # cat /etc/issueWelcome to SUSE Linux Enterprise Server 11 SP2 (x86_64) - Kernel \r (\l).night:~ # lsb_release -aLSB Version: core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarchDistributor ID: SUSE LINUXDescription: SUSE Linux Enterprise Server 11 (x86_64)Release: 11Codename: n/anight:~ #
在CentOSlinux中:
[root@localhost ~]# cat /etc/issueCentOS release 5.9 (Final)Kernel \r on an \m[root@localhost ~]# cat /etc/redhat-releaseCentOS release 5.9 (Final)[root@localhost ~]# lsb_release -aLSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarchDistributor ID: CentOSDescription: CentOS release 5.9 (Final)Release: 5.9Codename: Final[root@localhost ~]#
5、關於hosts檔案
兩者一樣
6、關於軟體包管理
在SUSElinux中:
night:~ # rpm -qa | grep sshdyast2-sshd-2.17.2-1.21night:~ #
在CentOSlinux中:
[root@localhost ~]# rpm -qa | grep sshopenssh-clients-4.3p2-82.el5openssh-askpass-4.3p2-82.el5openssh-4.3p2-82.el5openssh-server-4.3p2-82.el5[root@localhost ~]#
在SUSElinux中:
night:~ # zypper search ftpLoading repository data...Reading installed packages...S | Name | Summary | Type--+-------------------+-----------------------------------------------+-----------| atftp | Advanced TFTP Server and Client | package| atftp | Advanced TFTP Server and Client | srcpackagei | lukemftp | Enhanced FTP Client | package| lukemftp | Enhanced FTP Client | srcpackage| ncftp | A Comfortable FTP Program | package| ncftp | A Comfortable FTP Program | srcpackage| php5-ftp | PHP5 Extension Module | package| php53-ftp | PHP5 Extension Module | package| pure-ftpd | A Lightweight, Fast, and Secure FTP Server | package| pure-ftpd | A Lightweight, Fast, and Secure FTP Server | srcpackage| tftp | Trivial File Transfer Protocol (TFTP) | package| tftp | Trivial File Transfer Protocol (TFTP) | srcpackage| vsftpd | Very Secure FTP Daemon - Written from Scratch | package| vsftpd | Very Secure FTP Daemon - Written from Scratch | srcpackagei | yast2-ftp-server | YaST2 - FTP configuration | package| yast2-ftp-server | YaST2 - FTP configuration | srcpackagei | yast2-tftp-server | YaST2 - TFTP Server Configuration | package| yast2-tftp-server | YaST2 - TFTP Server Configuration | srcpackagenight:~ # zypper install vsftpdLoading repository data...Reading installed packages...Resolving package dependencies...The following NEW package is going to be installed:vsftpd1 new package to install.Overall download size: 126.0 KiB. After the operation, additional 290.0 KiB will be used.Continue? [y/n/?] (y): nnight:~ # yast2 -i vsftpdnight:~ #
在CentOSlinux中:
[root@localhost ~]# yum search ftpLoaded plugins: fastestmirror, securityLoading mirror speeds from cached hostfile* base: mirrors.neusoft.edu.cn* extras: mirrors.neusoft.edu.cn* updates: mirrors.neusoft.edu.cn============================================================================ Matched: ftp =============================================================================bug-buddy.x86_64 : A bug reporting utility for GNOMEesound.i386 : 允許幾個音頻流在單個音訊裝置上播放。esound.x86_64 : 允許幾個音頻流在單個音訊裝置上播放。esound-devel.i386 : 用於 EsounD 程式的開發檔案。esound-devel.x86_64 : 用於 EsounD 程式的開發檔案。gdm.x86_64 : GNOME 顯示管理器。……省略……
7、關於使用者管理
在SUSElinux中:
night:~ # useradd --helpUsage: useradd ...useradd - create a new user-c comment Set the GECOS field for the new account--show-defaults Print default values--save-defaults Save modified default values-D binddn Use dn "binddn" to bind to the LDAP directory-d homedir Home directory for the new user-e expire Date on which the new account will be disabled-f inactive Days after a password expires until account is disabled-G group,... List of supplementary groups-g gid Name/number of the users primary group-k skeldir Specify an alternative skel directory-m Create home directory for the new user-o Allow duplicate (non-unique) UID-P path Search passwd, shadow and group file in "path"-p password Encrypted password as returned by crypt(3)-u uid Force the new userid to be the given number-U umask Umask value used for creating home directory-r, --system Create a system account-s shell Name of the user's login shell--service srv Add account to nameservice 'srv'--help Give this help list--usage Give a short usage message-v, --version Print program versionValid services for --service are: files, ldapnight:~ # useradd --show-defaultsGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelGROUPS=video,dialoutCREATE_MAIL_SPOOL=noUMASK=022night:~ # useradd testnight:~ # id testuid=1000(test) gid=100(users) groups=16(dialout),33(video),100(users)night:~ # grep test /etc/passwdtest:x:1000:100::/home/test:/bin/bashnight:~ # cat /etc/default/useraddGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelGROUPS=video,dialoutCREATE_MAIL_SPOOL=nonight:~ #
在CentOSlinux中:
[root@localhost ~]# useradd --helpUsage: useradd [options] LOGINOptions:-b, --base-dir BASE_DIR base directory for the new user accounthome directory-c, --comment COMMENT set the GECOS field for the new user account-d, --home-dir HOME_DIR home directory for the new user account-D, --defaults print or save modified default useraddconfiguration-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE-f, --inactive INACTIVE set password inactive after expirationto INACTIVE-g, --gid GROUP force use GROUP for the new user account-G, --groups GROUPS list of supplementary groups for the newuser account-h, --help display this help message and exit-k, --skel SKEL_DIR specify an alternative skel directory-K, --key KEY=VALUE overrides /etc/login.defs defaults-m, --create-home create home directory for the new useraccount-l, do not add user to lastlog database file-M, do not create user's home directory(overrides /etc/login.defs)-r, create system account-o, --non-unique allow create user with duplicate(non-unique) UID-p, --password PASSWORD use encrypted password for the new useraccount-s, --shell SHELL the login shell for the new user account-u, --uid UID force use the UID for the new user account-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping[root@localhost ~]# useradd -DGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelCREATE_MAIL_SPOOL=yes[root@localhost ~]# useradd test[root@localhost ~]# id testuid=500(test) gid=501(test) groups=501(test) context=root:system_r:unconfined_t:SystemLow-SystemHigh[root@localhost ~]# grep test /etc/passwdtest:x:500:501::/home/test:/bin/bash[root@localhost ~]# cat /etc/default/useradd# useradd defaults fileGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelCREATE_MAIL_SPOOL=yes[root@localhost ~]#
關於預設所屬使用者組的差別還是很大的。這個時候會發現在SUSElinux中並沒有為使用者產生一個家目錄,這個時候可以這樣做。
night:~ # useradd -m testnight:~ # ll -d /home/test/drwxr-xr-x 5 test users 4096 Sep 26 19:42 /home/test/night:~ #
這個檔案夾的許可權和CentOS也是有區別的。
8、關於防火牆
在SUSElinux中:
關於控製程序
night:~ # chkconfig --list | grep fireSuSEfirewall2_init 0:off 1:off 2:off 3:on 4:off 5:on 6:offSuSEfirewall2_setup 0:off 1:off 2:off 3:on 4:off 5:on 6:offnight:~ # which rcSuSEfirewall2/sbin/rcSuSEfirewall2night:~ # file /sbin/rcSuSEfirewall2/sbin/rcSuSEfirewall2: symbolic link to `/etc/init.d/SuSEfirewall2_setup'night:~ # /etc/init.d/SuSEfirewall2_initUsage: /etc/init.d/SuSEfirewall2_init {start|stop|status|restart|reload|force-reload}night:~ # /etc/init.d/SuSEfirewall2_setupUsage: /etc/init.d/SuSEfirewall2_setup {start|stop|status|restart|reload|force-reload}night:~ #
關於設定檔
night:~ # cat /etc/sysconfig/SuSEfirewall2 | grep -v ^#|grep -v ^$FW_DEV_EXT="any eth0"FW_DEV_INT=""FW_DEV_DMZ=""FW_ROUTE="no"FW_MASQUERADE="no"FW_MASQ_DEV="zone:ext"FW_MASQ_NETS="0/0"FW_NOMASQ_NETS=""FW_PROTECT_FROM_INT="no"FW_SERVICES_EXT_TCP="22" //tcp連接埠修改,多個連接埠空格隔開FW_SERVICES_EXT_UDP=""FW_SERVICES_EXT_IP=""FW_SERVICES_EXT_RPC=""FW_CONFIGURATIONS_EXT=""FW_SERVICES_DMZ_TCP=""FW_SERVICES_DMZ_UDP=""FW_SERVICES_DMZ_IP=""FW_SERVICES_DMZ_RPC=""FW_CONFIGURATIONS_DMZ=""FW_SERVICES_INT_TCP=""FW_SERVICES_INT_UDP=""FW_SERVICES_INT_IP=""FW_SERVICES_INT_RPC=""FW_CONFIGURATIONS_INT=""FW_SERVICES_DROP_EXT=""FW_SERVICES_DROP_DMZ=""FW_SERVICES_DROP_INT=""FW_SERVICES_REJECT_EXT=""FW_SERVICES_REJECT_DMZ=""FW_SERVICES_REJECT_INT=""FW_SERVICES_ACCEPT_EXT=""FW_SERVICES_ACCEPT_DMZ=""FW_SERVICES_ACCEPT_INT=""FW_SERVICES_ACCEPT_RELATED_EXT=""FW_SERVICES_ACCEPT_RELATED_DMZ=""FW_SERVICES_ACCEPT_RELATED_INT=""FW_TRUSTED_NETS=""FW_ALLOW_INCOMING_HIGHPORTS_TCP=""FW_ALLOW_INCOMING_HIGHPORTS_UDP=""FW_FORWARD=""FW_FORWARD_REJECT=""FW_FORWARD_DROP=""FW_FORWARD_MASQ=""FW_REDIRECT=""FW_LOG_DROP_CRIT="yes"FW_LOG_DROP_ALL="no"FW_LOG_ACCEPT_CRIT="yes"FW_LOG_ACCEPT_ALL="no"FW_LOG_LIMIT=""FW_LOG=""FW_KERNEL_SECURITY="yes"FW_STOP_KEEP_ROUTING_STATE="no"FW_ALLOW_PING_FW="yes"FW_ALLOW_PING_DMZ="no"FW_ALLOW_PING_EXT="no"FW_ALLOW_FW_SOURCEQUENCH=""FW_ALLOW_FW_BROADCAST_EXT="no"FW_ALLOW_FW_BROADCAST_INT="no"FW_ALLOW_FW_BROADCAST_DMZ="no"FW_IGNORE_FW_BROADCAST_EXT="yes"FW_IGNORE_FW_BROADCAST_INT="no"FW_IGNORE_FW_BROADCAST_DMZ="no"FW_ALLOW_CLASS_ROUTING=""FW_CUSTOMRULES=""FW_REJECT=""FW_REJECT_INT="yes"FW_HTB_TUNE_DEV=""FW_IPv6=""FW_IPv6_REJECT_OUTGOING=""FW_IPSEC_TRUST="no"FW_ZONES=""FW_USE_IPTABLES_BATCH=""FW_LOAD_MODULES="nf_conntrack_netbios_ns"FW_FORWARD_ALWAYS_INOUT_DEV=""FW_FORWARD_ALLOW_BRIDGING=""FW_BOOT_FULL_INIT=""night:~ #
另外,可以將iptables的規則定義成為一個shellscript,然後放在/etc/init.d裡面利用chkconfig來管理,這樣的話更加方便,可以定義成類似redhatcentos)的管理iptables的方式。
再或者,在SUSElinux中可以將要啟動的命令放置在指令碼/etc/init.d/after.local中;預設該指令碼是不存在的,可自行建立,after.local在系統啟動過程中會調用。
注意:如果使用iptables的指令碼或者是iptables的命令的話,要讓/etc/init.d/SuSEfirewall2_setup在開機的時候是off的!
補充:在SUSElinux中的使用者的一些命令重新命名的一些命令放置在/etc/bash.bashrc;而CentOS中放置在/etc/profile
在CentOSlinux中:
[root@localhost ~]# chkconfig --list|grep iptablesiptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off[root@localhost ~]# /etc/init.d/iptablesUsage: /etc/init.d/iptables {start|stop|reload|restart|condrestart|status|panic|save}[root@localhost ~]# cat /etc/sysconfig/iptables# Firewall configuration written by system-config-securitylevel# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:RH-Firewall-1-INPUT - [0:0]-A INPUT -j RH-Firewall-1-INPUT-A FORWARD -j RH-Firewall-1-INPUT-A RH-Firewall-1-INPUT -i lo -j ACCEPT-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT-A RH-Firewall-1-INPUT -p 50 -j ACCEPT-A RH-Firewall-1-INPUT -p 51 -j ACCEPT-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibitedCOMMIT[root@localhost ~]#
9、關於管理工具
在SUSElinux中,yast2可以完成大部分的工作
650) this.width=650;" title="1.png" alt="201134456.png" src="http://www.bkjia.com/uploads/allimg/131227/2326104213-0.png" />
在CentOSlinux中:
650) this.width=650;" title="2.png" alt="201246451.png" src="http://img1.51cto.com/attachment/201309/201246451.png" />
10、補充說明,在securecrt連SUSElinux的時候,提示密鑰認證,這個時候可以進行如下操作
linux-08wz:~ # vim /etc/ssh/sshd_configPubkeyAuthentication no #<==預設是注釋的,而且是yes,只要去掉注釋,並改為no……linux-08wz:~ # rcsshd restartShutting down SSH daemon doneStarting SSH daemon donelinux-08wz:~ #
本文出自 “night ★linux營運|| DBA” 部落格,請務必保留此出處http://thinkdba.blog.51cto.com/7492507/1302340
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
