Linux59期day14
系统优化
查看系统版本信息
系统
[root@oldboyedu59 ~]# cat /etc/redhat-release /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
CentOS Linux release 7.6.1810 (Core)
[root@oldboyedu59 ~]# ll /etc/redhat-release /etc/centos-release
-rw-r--r--. 1 root root 38 Nov 23 21:16 /etc/centos-release
lrwxrwxrwx. 1 root root 14 Mar 26 11:38 /etc/redhat-release -> centos-release
内核
[root@oldboyedu59 ~]# uname -r
3.10.0-957.el7.x86_64
2.6.32 CentOS 6.x
[root@oldboyedu59 ~]# uname -m
x86_64
32位
i386 i686
64位
x86_64
非交互式设置密码
[root@oldboy59 ~]# echo 123456|passwd --stdin oldboy
Changing password for user oldboy.
passwd: all authentication tokens updated successfully.
环境变量:
1.系统设置 创建 显示或配置系统特性
2.名字大写
3.可以在Linux下面随处使用 一般含义一样
常见环境变量
UID 当前用户UID信息
PATH 存放的是命令的位置/路径
[root@oldboy59 ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
PS1 控制命令行格式
[root@oldboy59 ~]# echo $PS1
[\u@\h \W]\$
\u 当前用户的用户名
\h 主机名
\W当前所在位置
\ $ 用户提示符

修改环境变量过程
1.临时-重新登录系统失效
[root@oldboy59 ~]# export PS1='[\u@\h \w]\$ '
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]]\\$ "
2.永久-写入文件/etc/profile 与生效
最后一行写入
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]\[\e[33;1m\]]\\$ "
[root@oldboy59 ~]# source /etc/profile
3.检查
[root@oldboy59 ~]# tail -1 /etc/profile
export PS1="[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\] \[\e[31;1m\]\w\[\e[0m\]\[\e[33;1m\]]\\$ "
SELinux 增强型Linux(安全)
NSA(安全局):
限制root和普通用户权限
关闭SELinux
操作前备份 操作后检查
cp /etc/selinux/config /etc/selinux/config.bak
临时查看
[root@oldboy59 ~]# getenforce
Disabled
临时更改setenforce
永久
修改配置文件
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of disabled.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=enforcing
SELINUX=右边可以写什么
SELINUX=enforcing SELinux开启
SELINUX=permissive SELinux关闭 还会有警告信息
SELINUX=disabled SELinux彻底关闭
防火墙firewalld (C7)
iptables(C6 C7)
防火墙的作用:根据设置规则 准许/禁止用户进出
是否开启?服务器有公网ip地址 开启防火墙
服务器有公网ip 局域网 并发没访问量太高 关闭防火墙
如何关闭?
临时:
[root@oldboy59 ~]# systemctl stop firewalld
查看
[root@oldboy59 ~]# systemctl status firewalld
[root@oldboy59 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
永久:[root@oldboy59 ~]# systemctl disable firewalld
enable 永久开启
[root@oldboyedu59 ~]# grep '=disabled' /etc/selinux/config
SELINUX=disabled
[root@wuxin-123 ~]# systemctl restart firewalld.service
** (pkttyagent:103429): WARNING **: 11:29:43.184: Unable to register authentication agent: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.106" (uid=0 pid=103429 comm="/usr/bin/pkttyagent --notify-fd 5 --fallback ") interface="org.freedesktop.PolicyKit1.Authority" member="RegisterAuthenticationAgentWithOptions" error name="(unset)" requested_reply="0" destination=":1.2" (uid=999 pid=6336 comm="/usr/lib/polkit-1/polkitd --no-debug ")
Error registering authentication agent: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.106" (uid=0 pid=103429 comm="/usr/bin/pkttyagent --notify-fd 5 --fallback ") interface="org.freedesktop.PolicyKit1.Authority" member="RegisterAuthenticationAgentWithOptions" error name="(unset)" requested_reply="0" destination=":1.2" (uid=999 pid=6336 comm="/usr/lib/polkit-1/polkitd --no-debug ") (g-dbus-error-quark, 9)
/var/log/messages 报错
Apr 15 11:34:36 wuxin-123 dbus[6339]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.109" (uid=0 pid=103805 comm="/usr/bin/pkttyagent --notify-fd 5 --fallback ") interface="org.freedesktop.PolicyKit1.Authority" member="RegisterAuthenticationAgentWithOptions" error name="(unset)" requested_reply="0" destination=":1.2" (uid=999 pid=6336 comm="/usr/lib/polkit-1/polkitd --no-debug ")
解决 发现切换用户会卡主 重启服务报错
可能与系统用户登录服务有关重启后 解决。
[root@wuxin-123 ~]# systemctl restart systemd-logind.service
[root@wuxin-123 ~]#
[root@wuxin-123 ~]#
[root@wuxin-123 ~]# su - oldboy
Last login: Mon Apr 15 09:27:22 CST 2019 on pts/1
[oldboy@wuxin-123 ~]$ logout
[root@wuxin-123 ~]#
[root@wuxin-123 ~]# systemctl restart firewalld
配置yum源
镜像网站 mirrors.aliyun.com
软件下载仓库 阿里云仓库 清华仓库
[root@oldboy59 ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
repo id repo name status
base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,019
epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,051
extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 385
updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 1,511
repolist: 24,966