RHEL/CentOS 系统安装与基础配置

一、系统安装

1.1. 设置 Linux Swap 空间(可选)

生成 swapfile

# M=Mebibytes, G=Gibibytes # dd if=/dev/zero of=/swapfile bs=1M count=2048 fallocate -l 2G /swapfile

启用 swapfile

# 权限 chmod 600 /swapfile # 格式化 mkswap /swapfile # 启用指定 swapfile swapon /swapfile # 开机启用 vi /etc/fstab /swapfile swap swap defaults 0 0 # 手动启用所有 mount -a swapon -a

Swap 策略

# 策略,物理内存不足时启用 sysctl -w vm.swappiness=10 echo vm.swappiness = 10 | tee -a /etc/sysctl.conf sysctl vm.vfs_cache_pressure=60 echo vm.vfs_cache_pressure = 60 | tee -a /etc/sysctl.conf

其他命令

# 状态 swapon -s free -m # 设备UUID lsblk -no UUID /dev/xxx

二、SSH 证书登录

2.1. 生成证书

ssh-keygen -t rsa -b 4096 -C "dmfy-wangyan" mkdir ~/.ssh; vi ~/.ssh/authorized_keys chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys

文件权限:

-rw-r--r-- 1 root root 0 Mar 7 22:19 authorized_keys -rw------- 1 root root 3243 Mar 7 22:46 id_rsa -rw-r--r-- 1 root root 733 Mar 7 22:46 id_rsa.pub

2.2. 禁用密码登录

vi /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no KerberosAuthentication no GSSAPIAuthentication no #systemctl restart sshd.socket

三、网络设置

3.1. 使用静态IP

备份配置文件

# RHEL 7 cp /etc/sysconfig/network-scripts/ifcfg-em1 \ /etc/sysconfig/network-scripts/ifcfg-em1.bak # RHEL 8 cp /etc/sysconfig/network-scripts/ifcfg-eno1 \ /etc/sysconfig/network-scripts/ifcfg-eno1.bak

读取 UUID

sed -n '/UUID/'p /etc/sysconfig/network-scripts/ifcfg-eno1

注意:下面的 IP GATEWAY UUID 都要修改

RHEL 8

cat >/etc/sysconfig/network-scripts/ifcfg-eno1<<-EOF TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eno1 UUID=2feb14ad-d70f-4473-8beb-683ba7dfdead DEVICE=eno1 ONBOOT=yes IPADDR=192.168.10.245 PREFIX=24 NETMASK=255.255.255.0 GATEWAY=192.168.10.1 PEERDNS=no DNS1=114.114.114.114 EOF

RHEL 7

cat >/etc/sysconfig/network-scripts/ifcfg-em1<<-EOF TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=em1 UUID=9ba3101c-ded9-4726-a533-de584cc28ed5 DEVICE=em1 ONBOOT=yes IPADDR=192.168.10.246 PREFIX=24 NETMASK=255.255.255.0 GATEWAY=192.168.10.1 PEERDNS=no DNS1=114.114.114.114 EOF

3.2. 使用nmcli来管理网络

# 查看网卡信息 nmcli connection # 显示所有活动连接 nmcli connection show --active # 修改主IP nmcli connection modify eno1 ipv4.addresses 192.168.10.245 # 添加一个ipv4 nmcli connection modify eno1 +ipv4.addresses 192.168.10.251/24 # 删除一个ipv4 nmcli connection modify eno1 -ipv4.addresses 192.168.10.251/24 # 修改主DNS nmcli connection modify eno1 ipv4.dns 114.114.114.114 nmcli connection modify eno1 +ipv4.dns 114.114.115.115 # 使用nmcli重新回载网络配置 nmcli c reload nmcli c up eno1 # 删除网卡连接 nmcli connection delete eno1 # 添加网卡 nmcli connection add type ethernet con-name eno1 # 图形化工具 nmtui

3.3. 禁用IPV6

临时禁用

sysctl -w net.ipv6.conf.all.disable_ipv6=1. sysctl -w net.ipv6.conf.default.disable_ipv6=1.

CentOS 7

vi /etc/sysctl.conf # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 sysctl -p

Red Hat Enterprise Linux 7

cat >>/usr/lib/sysctl.d/50-default.conf<<-EOF # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 EOF

生效

sysctl -p

四、其他系统配置

4.1. 修改主机名

hostnamectl status hostnamectl set-hostname s1

4.2. 不升级内核、系统

# 当前内核 # Linux 3.10.0-514.el7.x86_64 uname -rs # 发行版 #CentOS Linux release 7.3.1611 (Core) cat /etc/centos-release # 排除内核和系统版本更新 vim /etc/yum.conf exclude=kernel* centos-release* redhat-release*

4.3. 禁用防火墙

systemctl stop firewalld.service && \ systemctl disable firewalld.service

4.4. 时间日期配置 (选做)

yum install ntp -y && \ timedatectl set-timezone Asia/Shanghai && \ timedatectl set-ntp yes && \ systemctl enable ntpd.service && \ systemctl start ntpd.service

4.5. 禁用 SELinux

vim /etc/selinux/config SELINUX=disabled

4.6. 修改最大文件限制数 ulimit

避免 too many open files 错误

# bash 级限制 ulimit -n 1000000

/etc/security/limits.conf

# 用户级限制 * soft nofile 1000001 * hard nofile 1000002 root soft nofile 1000001 root hard nofile 1000002

/proc/sys/fs/file-max

# 系统级限制 cat /proc/sys/fs/file-max

4.7. 关闭不需要的服务 (选做)

netstat -tulpn # 查看 yum remove package_name # 删除 systemctl stop postfix.service && \ systemctl disable postfix.service

4.8. 更新系统

yum -y update