mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-21 02:10:11 +08:00
Xingyu.Wang
commit
297c5e292c
@ -1,177 +0,0 @@
|
||||
Translating by ictlyh
|
||||
30 Things to Do After Minimal RHEL/CentOS 7 Installation--4
|
||||
================================================================================
|
||||
### 17. Installing Webmin ###
|
||||
|
||||
Webmin is a Web based configuration tool for Linux. It acts as a central system to configure various system configuration like users, disk quota, services and configurations of HTTP server, Apache, MySQL, etc.
|
||||
|
||||
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm
|
||||
# rpm -ivh webmin-*.rpm
|
||||
|
||||
|
||||
Install Webmin
|
||||
|
||||
After webmin installation, you will get a message on terminal to login to your host (http://ip-address:10000) using your root password on port number 10000. If running a headless server you can forward the port and access it on a machine/server that is headed.
|
||||
|
||||
### 18. Enable Third Party Repositories ###
|
||||
|
||||
It is not a good idea to add untrusted repositories specially in production and it may be fatal. However just for example here we will be adding a few community approved trusted repositories to install third party tools and packages.
|
||||
|
||||
Add Extra Package for Enterprise Linux (EPEL) Repository.
|
||||
|
||||
# yum install epel-release
|
||||
|
||||
Add Community Enterprise Linux Repository.
|
||||
|
||||
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
|
||||
|
||||
|
||||
Install Epel Repo
|
||||
|
||||
**Attention**! Extra care is needs to be taken while adding Third Party Repository.
|
||||
|
||||
### 19. Install 7-zip Utility ###
|
||||
|
||||
In the CentOS Minimal Install you don’t get utility like unzip or unrar. We have the option to install each utility as required or an utility that servers for all. 7-zip is such an utility which compress and extract files of all known types.
|
||||
|
||||
# yum install p7zip
|
||||
|
||||
|
||||
Install 7zip Tool
|
||||
|
||||
**Notice**: The package is downloaded and installed from Fedora EPEL 7 Repository.
|
||||
|
||||
### 20. Install NTFS-3G Driver ###
|
||||
|
||||
A small yet very useful NTFS driver called NTFS-3G is available for most of the UNIX-like distribution. It is useful to mount and access Windows NTFS file system. Though other alternatives like Tuxera NTFS is available, NTFS-3G is most widely used.
|
||||
|
||||
# yum install ntfs-3g
|
||||
|
||||
|
||||
Install NTFS-3G to Mount Windows Partition
|
||||
|
||||
After installing ntfs-3g has been installed, you can mount Windows NTFS partitions (where /dev/sda5 is my windows drive) using following command.
|
||||
|
||||
# mount -ro ntfs-3g /dev/sda5 /mnt
|
||||
# cd /mnt
|
||||
# ls -l
|
||||
|
||||
### 21. Install Vsftpd FTP Server ###
|
||||
|
||||
VSFTPD which stands for Very Secure File Transfer Protocol Daemon is a FTP server for UNIX-like System. It is one of the most efficient and secure FTP Server available today.
|
||||
|
||||
# yum install vsftpd
|
||||
|
||||
|
||||
Install Vsftpd FTP
|
||||
|
||||
Edit the configuration file located at ‘/etc/vsftpd/vsftpd.conf‘ to secure vsftpd.
|
||||
|
||||
# vi /etc/vsftpd/vsftpd.conf
|
||||
|
||||
Edit a few fields and leave other as it is, unless you know what you are doing.
|
||||
|
||||
anonymous_enable=NO
|
||||
local_enable=YES
|
||||
write_enable=YES
|
||||
chroot_local_user=YES
|
||||
|
||||
You may also change the port number and open vsftpd port through the firewall.
|
||||
|
||||
# firewall-cmd --add-port=21/tcp
|
||||
# firewall-cmd --reload
|
||||
|
||||
Next restart vsftpd and enable to start at boot time.
|
||||
|
||||
# systemctl restart vsftpd
|
||||
# systemctl enable vsftpd
|
||||
|
||||
### 22. Install and Configure sudo ###
|
||||
|
||||
sudo which is commonly called as super do as well as suitable user do is a program for UNIX-like operating system to execute a program with the security privileged of another user. Let’s see how to configure sudo…
|
||||
|
||||
# visudo
|
||||
|
||||
It will open the file /etc/sudoers for editing..
|
||||
|
||||
|
||||
sudoers File
|
||||
|
||||
Give all the permission (equal to root) to a user (say tecmint), that has already been created.
|
||||
|
||||
tecmint ALL=(ALL) ALL
|
||||
|
||||
Give all the permission (equal to root) to a user (say tecmint), except the permission to reboot and shutdown the server.
|
||||
|
||||
Again open the same file and edit it with the below contents.
|
||||
|
||||
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
|
||||
|
||||
Then add alias with Logical (!) operator.
|
||||
|
||||
tecmint ALL=(ALL) ALL,!nopermit
|
||||
|
||||
Give permission to a group (say debian) to run a few root privilege command say (add user and delete user) .
|
||||
|
||||
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel
|
||||
|
||||
And then add the permission to group debian.
|
||||
|
||||
debian ALL=(ALL) permit
|
||||
|
||||
### 23. Install and Enable SELinux ###
|
||||
|
||||
SELinux which stands for Security-Enhanced Linux is a security module at kernel level.
|
||||
|
||||
# yum install selinux-policy
|
||||
|
||||
|
||||
Install SElinux Policy
|
||||
|
||||
Check SELinux Mode.
|
||||
|
||||
# getenforce
|
||||
|
||||
|
||||
Check SELinux Mode
|
||||
|
||||
The output is enforcing mode which means SELinux policy is in effect.
|
||||
|
||||
For debugging, set selinux mode to permissive temporarily. No need to reboot.
|
||||
|
||||
# setenforce 0
|
||||
|
||||
After debugging set selinux to enforcing again without rebooting.
|
||||
|
||||
# setenforce 1
|
||||
|
||||
### 24. Install Rootkit Hunter ###
|
||||
|
||||
Rootkit Hunter abbreviated as Rkhunter is an application that scan rootkits and other potentially harmful exploits in Linux systems.
|
||||
|
||||
# yum install rkhunter
|
||||
|
||||
|
||||
Install Rootkit Hunter
|
||||
|
||||
Run rkhunter as a scheduled job, from a script file or manually to scan harmful exploits in Linux.
|
||||
|
||||
# rkhunter --check
|
||||
|
||||
|
||||
Scan for rootkits
|
||||
|
||||
|
||||
RootKit Scan Results
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/4/
|
||||
|
||||
作者:[Avishek Kumar][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
@ -1,136 +0,0 @@
|
||||
Translating by ictlyh
|
||||
30 Things to Do After Minimal RHEL/CentOS 7 Installation--5
|
||||
================================================================================
|
||||
### 25. Install Linux Malware Detect (LMD) ###
|
||||
|
||||
Linux Malware Detect (LMD) is a open source Linux malware scanner released under the GNU GPLv2 license, that is
|
||||
specially designed for threats faced in hosting environments. For complete installation, configuration and usage of LMD can be found at:
|
||||
|
||||
- [Install and Use (LMD) with ClamAV as Antivirus Engine][1]
|
||||
|
||||
### 26. Server Bandwidth Testing with Speedtest-cli ###
|
||||
|
||||
speedtest-cli is a tool written in python to test internet bandwidth including download and upload speed. For complete installation and usage of speedtest-cli tool, read our article at [Check Linux Server Bandwidth Speed from Command Line][2]
|
||||
|
||||
### 27. Configure Cron Jobs ###
|
||||
|
||||
This is one of the most widely used software utility. It function as job scheduler i.e., schedule a job now that will execute in future itself. It is useful in logging and maintaining records unattained as well as several other routine work like regular backup. All the schedule is written in /etc/crontab file.
|
||||
|
||||
The crontab file contains 6 fields as follows:
|
||||
|
||||
Minutes Hour Day of Month Month of Year Week Day Command
|
||||
(0-59) (0-23) (1-31) (1/jan-12/dec) (0-6/sun-sat) Command/script
|
||||
|
||||
|
||||
Crontab Fields
|
||||
|
||||
To run a cron job (say run /home/$USER/script.sh) everyday at 04:30 am.
|
||||
|
||||
Minutes Hour Day of Month month of year Week Day command
|
||||
30 4 * * * speedtest-cli
|
||||
|
||||
Add the following entry to the crontab file ‘/etc/crontab/‘.
|
||||
|
||||
30 4 * * * /home/$user/script.sh
|
||||
|
||||
After adding the above line to crontab, it will run automatically at 04:30 am everyday and the output depends upon what is there in script file. Moreover script can be replaced by commands. For more examples of cron jobs, read [11 Cron Jobs Examples in Linux][3]
|
||||
|
||||
### 28. Install Owncloud ###
|
||||
|
||||
Owncloud is a HTTP based data synchronization, file sharing and remote file storage application. For more detail on installing own cloud, you may like to see this article : [Create Personal/Private Cloud Storage in Linux][4]
|
||||
|
||||
### 29. Enable Virtualization with Virtualbox ###
|
||||
|
||||
Virtualization is a process of creating virtual OS, Hardware and Network, is one of the most sought technology of these days. We will be discussing on how to install and configure virtualization in detail.
|
||||
|
||||
Our CentOS Minimal server is a headless server. Lets prepare it to host virtual machines that is accessible over HTTP by installing following packages.
|
||||
|
||||
# yum groupinstall 'Development Tools' SDL kernel-devel kernel-headers dkms
|
||||
|
||||
|
||||
Install Development Tools
|
||||
|
||||
Change working directory to ‘/etc/yum.repos.d/‘ and download Virtualbox repository.
|
||||
|
||||
# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
|
||||
|
||||
Install the key just downloaded.
|
||||
|
||||
# rpm --import oracle_vbox.asc
|
||||
|
||||
Update and Install Virtualbox.
|
||||
|
||||
# yum update && yum install virtualbox-4.3
|
||||
|
||||
Next, download and install Virtualbox extension pack.
|
||||
|
||||
# wget http://download.virtualbox.org/virtualbox/4.3.12/Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack
|
||||
# VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack
|
||||
|
||||
|
||||
Install Virtualbox Extension Pack
|
||||
|
||||
|
||||
Installing Virtualbox Extension Pack
|
||||
|
||||
Create a user ‘vbox‘ to manage virtualbox and add it to group vboxusers.
|
||||
|
||||
# adduser vbox
|
||||
# passwd vobx
|
||||
# usermod -G vboxusers vbox
|
||||
|
||||
Install HTTPD server.
|
||||
|
||||
# yum install httpd
|
||||
|
||||
Install PHP (with soap extension).
|
||||
|
||||
# yum install php php-devel php-common php-soap php-gd
|
||||
|
||||
Download PHP virtualBox.
|
||||
|
||||
# wget http://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-4.3-1.zip
|
||||
|
||||
Extract the zip and copy the extracted folder to HTTP working directory.
|
||||
|
||||
# unzip phpvirtualbox-4.*.zip
|
||||
# cp phpvirtualbox-4.3-1 -R /var/www/html
|
||||
|
||||
Next, rename file /var/www/html/phpvirtualbox/config.php-example to var/www/html/phpvirtualbox/config.php.
|
||||
|
||||
# mv config.php.example config.php
|
||||
|
||||
Open the configuration file to edit and add ‘username‘ and ‘password‘ we just created in the above step.
|
||||
|
||||
# vi config.php
|
||||
|
||||
Finally, restart VirtualBox and HTTP server.
|
||||
|
||||
# service vbox-service restart
|
||||
# service httpd restart
|
||||
|
||||
Now forward the port and access it on a headed server.
|
||||
|
||||
http://192.168.0.15/phpvirtualbox-4.3-1/
|
||||
|
||||
|
||||
PHP Virtualbox Login
|
||||
|
||||
|
||||
PHP Virtualbox Dashboard
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/5/
|
||||
|
||||
作者:[Avishek Kumar][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
[1]:http://www.tecmint.com/install-linux-malware-detect-lmd-in-rhel-centos-and-fedora/
|
||||
[2]:http://www.tecmint.com/check-internet-speed-from-command-line-in-linux/
|
||||
[3]:http://www.tecmint.com/11-cron-scheduling-task-examples-in-linux/
|
||||
[4]:http://www.tecmint.com/install-owncloud-to-create-personal-storage-in-linux/
|
||||
@ -1,81 +0,0 @@
|
||||
Translating by ictlyh
|
||||
30 Things to Do After Minimal RHEL/CentOS 7 Installation--6
|
||||
================================================================================
|
||||
### 30. Password Protect GRUB ###
|
||||
|
||||
Password protect your boot loader so that you get an additional level of security right at the booting time. Also you get a protection layer of protection at physical level. Protect your Server by locking GRUB at boot to avoid any unauthorized access.
|
||||
|
||||
First make backup of two files, so that if anything goes bad, you have the option to revert back. Create a backup of ‘/etc/grub2/grub.cfg‘ as ‘/etc/grub2/grub.cfg.old‘.
|
||||
|
||||
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old
|
||||
|
||||
Also, Create a backup of ‘/etc/grub.d/10_linux‘ as ‘/etc/grub.d/10_linux.old‘.
|
||||
|
||||
# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old
|
||||
|
||||
Now open ‘/etc/grub.d/10_linux‘ and add the below line at the end of the file.
|
||||
|
||||
cat <<EOF
|
||||
set superusers=”tecmint”
|
||||
Password tecmint avi@123
|
||||
EOF
|
||||
|
||||
|
||||
Password Protect Grub
|
||||
|
||||
Notice in the above file, replace “tecmint” as username and “avi@123” as password with your username and password.
|
||||
|
||||
Now generate the new grub.cfg file by issuing following command.
|
||||
|
||||
# grub2-mkconfig --output=/boot/grub2/grub.cfg
|
||||
|
||||
|
||||
Generate Grub File
|
||||
|
||||
After creating new grub.cfg file, reboot the machine and press ‘e‘ to edit. You will find that it requires you to enter ‘valid credentials‘ in order to edit boot menu.
|
||||
|
||||
|
||||
Password Protected Boot Menu
|
||||
|
||||
After entering login credentials, you will able to edit grub boot menu.
|
||||
|
||||
|
||||
Grub Menu File
|
||||
|
||||
Also you can generate encrypted password in place of plain password as shown in the above step. First generate an encrypted password as suggested below.
|
||||
|
||||
# grub2-mkpasswd-pbkdf2
|
||||
|
||||
[Enter Normal password twice]
|
||||
|
||||
|
||||
Generate Encrypted Grub Password
|
||||
|
||||
Now open ‘/etc/grub.d/10_linux‘ file and add the below line at the end of the file.
|
||||
|
||||
cat <<EOF
|
||||
set superusers=”tecmint”
|
||||
Password_pbkdf2 tecmint
|
||||
grub.pbkdf2.sha512**************************************************
|
||||
EOF
|
||||
|
||||
|
||||
Encrypted Grub Password
|
||||
|
||||
Replace the password with the one generated on your system. Don’t forget to cross check the password.
|
||||
|
||||
Also note you need to generate grub.cfg in this case as well, as described above. Reboot and next time you press ‘e‘ to edit, you will be prompted for username and password.
|
||||
|
||||
We’ve tried to cover most of the necessary post-installation points of industry standard distributions RHEL 7 and CentOS 7. If you find that we’ve missed certain points or you need to extend this post with a new post-install things, you may share with us, we will include your point in this article by extending it.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/6/
|
||||
|
||||
作者:[vishek Kumar][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
@ -0,0 +1,176 @@
|
||||
安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情--4
|
||||
================================================================================
|
||||
### 17. 安装 Webmin ###
|
||||
|
||||
Webmin 是基于 Web 的 Linux 配置工具。它像一个中央系统用于配置各种系统设置,比如用户、磁盘分配、服务以及 HTTP 服务器、Apache、MySQL 等的配置。
|
||||
|
||||
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.740-1.noarch.rpm
|
||||
# rpm -ivh webmin-*.rpm
|
||||
|
||||
|
||||
安装 Webmin
|
||||
|
||||
安装完 webmin 后,你会在终端上得到一个用你的 root 密码在 端口 10000 登录你的主机(http://ip-address:10000)的信息。 如果运行的是无头服务器(译注:无头服务器是指没有专门用于向其它计算机和它们的用户提供服务的本地接口的计算设备)你可以转发端口然后从有头机器/服务器上访问它。
|
||||
|
||||
### 18. 启用第三方库 ###
|
||||
|
||||
添加不受信任的库并不是一个好主意,尤其是在生产环境中,这可能导致致命的问题。但仅作为例子在这里我们会添加一些社区证实可信任的库用于安装第三方工具和软件包。
|
||||
|
||||
为企业版 Linux(EPEL)库添加额外的软件包。
|
||||
|
||||
# yum install epel-release
|
||||
|
||||
添加社区企业版 Linux 库
|
||||
|
||||
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
|
||||
|
||||
|
||||
安装 Epel 库
|
||||
|
||||
**注意**! 添加第三方库的时候尤其需要注意。
|
||||
|
||||
### 19. 安装 7-zip 工具 ###
|
||||
|
||||
在最小化安装 CentOS 时你并没有获得类似 unzip 或者 untar 的工具。我们可以选择基于需要安装每个工具或者一个能处理所有格式的工具。7-zip 就是一个能压缩和解压所有已知类型文件的工具。
|
||||
|
||||
# yum install p7zip
|
||||
|
||||
|
||||
安装 7zip 工具
|
||||
|
||||
**注意**: 该软件包从 Fedora EPEL 7 的库中下载和安装。
|
||||
|
||||
### 20. 安装 NTFS-3G 驱动 ###
|
||||
|
||||
NTFS-3G,一个很小但非常有用的 NTFS 驱动在大部分类 UNIX 发行版上都可用。它对于挂载和访问 Windows NTFS 文件系统很有用。尽管也有其它可用的替代品,比如 Tuxera,但 NTFS-3G 是使用最广泛的。
|
||||
|
||||
# yum install ntfs-3g
|
||||
|
||||
|
||||
安装 NTFS-3G 用于挂载 Windows 分区
|
||||
|
||||
ntfs-3g 安装完成之后,你可以使用以下命令挂载 Windows NTFS 分区(我的 Windows 分区是 /dev/sda5)。
|
||||
|
||||
# mount -ro ntfs-3g /dev/sda5 /mnt
|
||||
# cd /mnt
|
||||
# ls -l
|
||||
|
||||
### 21. 安装 Vsftpd FTP 服务器 ###
|
||||
|
||||
VSFTPD 表示 Very Secure File Transfer Protocol Daemon,是用于类 UNIX 系统的 FTP 服务器。它是现今最高效和安全的 FTP 服务器之一。
|
||||
|
||||
# yum install vsftpd
|
||||
|
||||
|
||||
安装 Vsftpd FTP
|
||||
|
||||
编辑配置文件 ‘/etc/vsftpd/vsftpd.conf’ 用于保护 vsftpd。
|
||||
|
||||
# vi /etc/vsftpd/vsftpd.conf
|
||||
|
||||
编辑一些值并使其它保留原样,除非你知道自己在做什么。
|
||||
|
||||
anonymous_enable=NO
|
||||
local_enable=YES
|
||||
write_enable=YES
|
||||
chroot_local_user=YES
|
||||
|
||||
你也可以更改端口号并使 vsftpd 端口通过防火墙。
|
||||
|
||||
# firewall-cmd --add-port=21/tcp
|
||||
# firewall-cmd --reload
|
||||
|
||||
下一步重启 vsftpd 并启用随机启动。
|
||||
|
||||
# systemctl restart vsftpd
|
||||
# systemctl enable vsftpd
|
||||
|
||||
### 22. 安装和配置 sudo ###
|
||||
|
||||
sudo 通常被称为 super do 或者 suitable user do,是一个类 UNIX 操作系统中用其它用户的安全权限执行程序的软件。让我们来看看怎样配置 sudo。
|
||||
|
||||
# visudo
|
||||
|
||||
打开要编辑的文件 /etc/sudoers
|
||||
|
||||
|
||||
sudoers 文件
|
||||
|
||||
给一个已经创建的用户(比如 tecmint)赋予所有权限(等同于 root)。
|
||||
|
||||
tecmint ALL=(ALL) ALL
|
||||
|
||||
给一个已经创建的用户(比如 tecmint)赋予除重启和关闭服务器以外的所有权限(等同于 root)。
|
||||
|
||||
再一次打开文件并用下面的内容编辑文件。
|
||||
|
||||
cmnd_Alias nopermit = /sbin/shutdown, /sbin/reboot
|
||||
|
||||
用 逻辑操作符(!) 添加别名。
|
||||
|
||||
tecmint ALL=(ALL) ALL,!nopermit
|
||||
|
||||
准许一个组(比如 debian) 运行一些 root 权限命令,比如(增加或删除用户)。
|
||||
|
||||
cmnd_Alias permit = /usr/sbin/useradd, /usr/sbin/userdel
|
||||
|
||||
给组 debian 增加权限。
|
||||
|
||||
debian ALL=(ALL) permit
|
||||
|
||||
### 23. 安装并启用 SELinux ###
|
||||
|
||||
SELinux 表示 Security-Enhanced Linux,是内核级别的安全模块。
|
||||
|
||||
# yum install selinux-policy
|
||||
|
||||
|
||||
安装 SElinux 策略
|
||||
|
||||
查看 SELinux 模式。
|
||||
|
||||
# getenforce
|
||||
|
||||
|
||||
查看 SELinux 模式
|
||||
|
||||
输出是 Enforcing,意味着 SELinux 策略已经生效。
|
||||
|
||||
为了调试,可以临时设置 selinux 模式为允许。不需要重启。
|
||||
|
||||
# setenforce 0
|
||||
|
||||
调试完了之后再次设置 selinux 为强制模式,无需重启。
|
||||
|
||||
# setenforce 1
|
||||
|
||||
### 24. 安装 Rootkit Hunter ###
|
||||
|
||||
Rootkit Hunter,简写为 RKhunter,是在 Linux 系统中扫描 rootkits 和其它可能有害攻击的程序。
|
||||
|
||||
# yum install rkhunter
|
||||
|
||||
|
||||
安装 Rootkit Hunter
|
||||
|
||||
在 Linux 中,从脚本文件以计划作业的形式运行 rkhunter 或者手动扫描有害攻击。
|
||||
|
||||
# rkhunter --check
|
||||
|
||||
|
||||
扫描 rootkits
|
||||
|
||||
|
||||
RootKit 扫描结果
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/4/
|
||||
|
||||
作者:[Avishek Kumar][a]
|
||||
译者:[ictlyh](https://github.com/ictlyh)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
@ -0,0 +1,134 @@
|
||||
安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情--5
|
||||
================================================================================
|
||||
### 25. 安装 Linux Malware Detect (LMD) ###
|
||||
|
||||
Linux Malware Detect (LMD) 是 GNU GPLv2 协议下发布的开源 Linux 恶意程序扫描器,尤其是为面临威胁的主机环境。LMD 完整的安装、配置以及使用方法可以查看:
|
||||
|
||||
- [安装 LMD 并和 ClamAV 一起使用作为反病毒引擎][1]
|
||||
|
||||
### 26. 用 Speedtest-cli 测试服务器带宽 ###
|
||||
|
||||
speedtest-cli 是用 python 写的用于测试网络下载和上传带宽的工具。关于 speedtest-cli 工具的完整安装和使用请阅读我们的文章[用命令行查看 Linux 服务器带宽][2]
|
||||
|
||||
### 27. 配置 Cron 作业 ###
|
||||
|
||||
这是最广泛使用的软件工具之一。它是一个作业调度器,比如,现在安排一个以后可以自动运行的作业。它对于日志、保存没有实现的记录以及其它日常工作,比如常规备份,非常有用。所有的调度都写在文件 /etc/crontab 中。
|
||||
|
||||
crontab 文件包含下面的 6 个域:
|
||||
|
||||
分 时 日期 月份 星期 命令
|
||||
(0-59) (0-23) (1-31) (1/jan-12/dec) (0-6/sun-sat) Command/script
|
||||
|
||||
|
||||
Crontab 域
|
||||
|
||||
在每天 04:30 运行一个 cron 作业(比如运行 /home/$USER/script.sh)。
|
||||
|
||||
分 时 日期 月份 星期 命令
|
||||
30 4 * * * speedtest-cli
|
||||
|
||||
把下面的条目增加到 crontab 文件 ‘/etc/crontab/’。
|
||||
|
||||
30 4 * * * /home/$user/script.sh
|
||||
|
||||
把上面一行增加到 crontab 之后,它会在每天的 04:30 am 自动运行,输出取决于脚本文件的内容。另外脚本也可以用命令代替。关于更多 cron 作业的例子,可以阅读[Linux 上的 11 个 Cron 作业例子][3]
|
||||
|
||||
### 28. 安装 Owncloud ###
|
||||
|
||||
Owncloud 是一个基于 HTTP 的数据同步、文件共享和远程文件存储应用。更多关于安装 owncloud 的内容,你可以阅读这篇文章:[在 Linux 上创建个人/私有云存储][4]
|
||||
|
||||
### 29. 启用 Virtualbox 虚拟化 ###
|
||||
|
||||
虚拟化是创建虚拟操作系统、硬件和网络的过程,是当今最热门的技术之一。我们会详细地讨论如何安装和配置虚拟化。
|
||||
|
||||
我们的最小化 CentOS 服务器是一个无头服务器(译注:无头服务器是指没有专门用于向其它计算机和它们的用户提供服务的本地接口的计算设备)。我们通过安装下面的软件包为它承载可通过 HTTP 访问的虚拟机器做准备。
|
||||
|
||||
# yum groupinstall 'Development Tools' SDL kernel-devel kernel-headers dkms
|
||||
|
||||
|
||||
安装开发工具
|
||||
|
||||
更改工作目录到 ‘/etc/yum.repos.d/’ 并下载 VirtualBox 库。
|
||||
|
||||
# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
|
||||
|
||||
安装刚下载的密钥。
|
||||
|
||||
# rpm --import oracle_vbox.asc
|
||||
|
||||
升级并安装 VirtualBox。
|
||||
|
||||
# yum update && yum install virtualbox-4.3
|
||||
|
||||
下一步,下载和安装 VirtualBox 扩展包。
|
||||
|
||||
# wget http://download.virtualbox.org/virtualbox/4.3.12/Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack
|
||||
# VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack
|
||||
|
||||
|
||||
安装 VirtualBox 扩展包
|
||||
|
||||
|
||||
正在安装 VirtualBox 扩展包
|
||||
|
||||
添加用户 ‘vbox’ 用于管理 VirtualBox 并把它添加到组 vboxusers 中。
|
||||
|
||||
# adduser vbox
|
||||
# passwd vobx
|
||||
# usermod -G vboxusers vbox
|
||||
|
||||
安装 HTTPD 服务器。
|
||||
|
||||
# yum install httpd
|
||||
|
||||
安装 PHP (有 soap 扩展)。
|
||||
|
||||
# yum install php php-devel php-common php-soap php-gd
|
||||
|
||||
下载 PHP virtualBox.
|
||||
|
||||
# wget http://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-4.3-1.zip
|
||||
|
||||
解压 zip 文件并把解压后的文件夹复制到 HTTP 工作目录。
|
||||
|
||||
# unzip phpvirtualbox-4.*.zip
|
||||
# cp phpvirtualbox-4.3-1 -R /var/www/html
|
||||
|
||||
下一步,重命名文件 /var/www/html/phpvirtualbox/config.php-example 为 var/www/html/phpvirtualbox/config.php。
|
||||
|
||||
# mv config.php.example config.php
|
||||
|
||||
打开配置文件并添加我们上一步创建的 ‘username ’ 和 ‘password’。
|
||||
|
||||
# vi config.php
|
||||
|
||||
最后,重启 VirtualBox 和 HTTP 服务器。
|
||||
|
||||
# service vbox-service restart
|
||||
# service httpd restart
|
||||
|
||||
转发端口并从一个有头服务器上访问它。
|
||||
|
||||
http://192.168.0.15/phpvirtualbox-4.3-1/
|
||||
|
||||
|
||||
登录 PHP Virtualbox
|
||||
|
||||
|
||||
PHP Virtualbox 面板
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/5/
|
||||
|
||||
作者:[Avishek Kumar][a]
|
||||
译者:[ictlyh](https://github.com/ictlyh)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
[1]:http://www.tecmint.com/install-linux-malware-detect-lmd-in-rhel-centos-and-fedora/
|
||||
[2]:http://www.tecmint.com/check-internet-speed-from-command-line-in-linux/
|
||||
[3]:http://www.tecmint.com/11-cron-scheduling-task-examples-in-linux/
|
||||
[4]:http://www.tecmint.com/install-owncloud-to-create-personal-storage-in-linux/
|
||||
@ -0,0 +1,80 @@
|
||||
安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情--6
|
||||
================================================================================
|
||||
### 30. 用密码保护 GRUB ###
|
||||
|
||||
用密码保护你的 boot 引导程序这样你就可以在启动时获得额外水平的安全保障。同时你也可以在物理水平获得保护层。通过在引导时给 GRUB 加锁防止任何无授权访问来保护你的服务器。
|
||||
|
||||
首先备份两个文件,这样如果有任何错误出现,你可以有回滚的选择。备份 ‘/etc/grub2/grub.cfg’ 为 ‘/etc/grub2/grub.cfg.old’。
|
||||
|
||||
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old
|
||||
|
||||
同样,备份 ‘/etc/grub.d/10_linux’ 为 ‘/etc/grub.d/10_linux.old’。(这里10_linux下划线不知道怎么弄,请校对的时候注意改正,thx)
|
||||
|
||||
# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old
|
||||
|
||||
打开文件 ‘/etc/grub.d/10_linux’ 并在文件末尾添加下面一行。
|
||||
|
||||
cat <<EOF
|
||||
set superusers=”tecmint”
|
||||
Password tecmint avi@123
|
||||
EOF
|
||||
|
||||
|
||||
密码保护 Grub
|
||||
|
||||
注意在上面的文件中,用你自己的用户名和密码代替 “tecmint” 和 “avi@123”。
|
||||
|
||||
现在通过运行下面的命令生成新的 grub.cfg 文件。
|
||||
|
||||
# grub2-mkconfig --output=/boot/grub2/grub.cfg
|
||||
|
||||
|
||||
生成 Grub 文件
|
||||
|
||||
创建 grub.cfg 文件之后,重启机器并敲击 ‘e’ 进入编辑。你会发现它会要求你输入 ‘valid credentials’ 来编辑 boot 菜单。
|
||||
|
||||
|
||||
有密码保护的 Boot 菜单
|
||||
|
||||
输入登录验证之后,你就可以编辑 grub boot 菜单。
|
||||
|
||||
|
||||
Grub 菜单文件
|
||||
|
||||
你也可以用加密的密码代替上一步的明文密码。首先按照下面推荐的生成加密密码。
|
||||
|
||||
# grub2-mkpasswd-pbkdf2
|
||||
|
||||
[两次输入正常密码]
|
||||
|
||||
|
||||
生成加密的 Grub 密码
|
||||
|
||||
打开 ‘/etc/grub.d/10_linux’ 文件并在文件末尾添加下面一行。
|
||||
|
||||
cat <<EOF
|
||||
set superusers=”tecmint”
|
||||
Password_pbkdf2 tecmint
|
||||
grub.pbkdf2.sha512**************************************************
|
||||
EOF
|
||||
|
||||
|
||||
加密 Grub 密码
|
||||
|
||||
用你系统上生成的密码代替原来的密码,别忘了交叉检查密码。
|
||||
|
||||
同样注意在这种情况下你也需要像上面那样生成 grub.cfg。重启并敲击 ‘e’ 进入编辑,会提示你输入用户名和密码。
|
||||
|
||||
我们已经介绍了大部分工业标准发行版 RHEL 7 和 CentOS 7 安装后必要的操作。如果你发现我们缺少了一些点或者你有新的东西可以扩充这篇博文,你可以和我们一起分享,我们会通过扩充在这篇文章中包括你的分享。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/6/
|
||||
|
||||
作者:[vishek Kumar][a]
|
||||
译者:[ictlyh](https://github.com/ictlyh)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.tecmint.com/author/avishek/
|
||||
Loading…
Reference in New Issue
Block a user