Merge pull request #2674 from ictlyh/master

[Translating] tech/30 Things to Do After Minimal RHEL/CentOS 7 Installat...
2025-03-12 01:40:10 +08:00 · 2015-04-27 09:24:28 +08:00 · 2015-04-27 09:24:28 +08:00 · dfbf1267f8
commit dfbf1267f8
parent 7ff27e6008 09b7c75c51
5 changed files with 256 additions and 253 deletions
--- a/Installation--3.md
+++ b/Installation--3.md
@ -1,253 +0,0 @@
-30 Things to Do After Minimal RHEL/CentOS 7 Installation--3
-================================================================================
-### 12. Install Apache Tomcat ###
-
-Tomcat is a servlet container designed by Apache to run Java HTTP web server. Install tomcat as below but it is necessary to point out that you must have installed Java prior of installing tomcat.
-
-    # yum install tomcat
-
-![Install Apache Tomcat](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Apache-Tomcat.jpeg)
-Install Apache Tomcat
-
-After tomcat has been installed, star the tomcat service.
-
-    # systemctl start tomcat
-
-Check Version of tomcat.
-
-    # /usr/sbin/tomcat version
-
-![Check Tomcat Version](http://www.tecmint.com/wp-content/uploads/2015/04/Check-tomcat-version.jpeg)
-Check Tomcat Version
-
-Add service tomcat and default port (8080) through firewall and reload settings.
-
-    # firewall-cmd –zone=public –add-port=8080/tcp --permannet
-    # firewall-cmd –reload
-
-Now it’s time to secure tomcat server, create a user and a password to access and manage. We need to edit file ‘/etc/tomcat/tomcat-users.xml‘. See the section which looks like:
-
-    <tomcat-users>
-    ....
-    </tomcat-users>
-    
-    
-    <role rolename="manager-gui"/>
-     <role rolename="manager-script"/>
-     <role rolename="manager-jmx"/>
-     <role rolename="manager-status"/>
-     <role rolename="admin-gui"/>
-     <role rolename="admin-script"/>
-     <user username="tecmint" password="tecmint" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
-    </tomcat-users>
-
-![Secure Tomcat](http://www.tecmint.com/wp-content/uploads/2015/04/Secure-Tomcat.jpeg)
-Secure Tomcat
-
-Here we added user “tecmint” to administer/manage tomcat using password “tecmint”. Stop and start the service tomcat so that the changes are taken into effect and enable tomcat service to start at system boot.
-
-    # systemctl stop tomcat
-    # systemctl start tomcat
-    # systemctl enable tomcat.service
-
-Read Also: Installing and Configuring Apache Tomcat 8.0.9 in RHEL/CentOS 7.0/6.x
-
-### 13. Install Nmap to Monitor Open Ports ###
-
-Nmap for Network Mapper creates a map of the network by discovering host on which it is running as well as by analyzing network. nmap is not included in the default installation and you have to install it from repository.
-
-    # yum install nmap
-
-![Install Nmap Monitoring Tool](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Nmap.jpeg)
-Install Nmap Monitoring Tool
-
-List all open ports and corresponding services using them on host.
-
-    # namp 127.0.01
-
-![Monitor Open Ports](http://www.tecmint.com/wp-content/uploads/2015/04/Monitor-Open-Ports.jpeg)
-Monitor Open Ports
-
-You may also use firewall-cmd to list all the ports, however I find nmap more useful.
-
-    # firewall-cmd –list-ports
-
-![Check Open Ports in Firewall](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Open-Ports-in-Firewall.jpeg)
-Check Open Ports in Firewall
-
-Read Also: [29 Useful Nmap Command to Monitor Open Ports][1]
-
-### 14. FirewallD Configuration ###
-
-firewalld is a firewall service which manages the server dynamically. Firewalld removed iptables in CentOS 7. Firewalld is installed by default on RedHat Enterprise Linux and its derivatives by default. With iptables every change in order to be taken into effect needs to flush all the old rules and create new rules.
-
-However with firewalld, no flushing and recreating of new rules required and only changes are applied on the fly.
-
-Check if Firewalld is running or not.
-
-    # systemctl status firewalld
-    OR
-    # firewall-cmd –state
-
-![Check Firewalld Status](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Firewalld-Status.jpeg)
-Check Firewalld Status
-
-Get a list of all the zones.
-
-    # firewall-cmd --get-zones
-
-![Check Firewalld Zones](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Firewalld-Zones.jpeg)
-Check Firewalld Zones
-
-To get details on a zone before switching.
-
-    # firewall-cmd --zone=work --list-all
-
-![Check Zone Details](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Zone-Details.jpeg)
-Check Zone Details
-
-To get default zone.
-
-    # firewall-cmd --get-default-zone
-
-![Firewalld Default Zone](http://www.tecmint.com/wp-content/uploads/2015/04/Firewalld-Default-Zone.jpeg)
-Firewalld Default Zone
-
-To switch to a different zone say ‘work‘.
-
-    # firewall-cmd --set-default-zone=work
-
-![Swich Firewalld Zones](http://www.tecmint.com/wp-content/uploads/2015/04/Swich-Zones.jpeg)
-Swich Firewalld Zones
-
-To list all the services in the zone.
-
-    # firewall-cmd --list-services
-
-![List Firewalld Zone Services](http://www.tecmint.com/wp-content/uploads/2015/04/List-Firewalld-Service.jpeg)
-List Firewalld Zone Services
-
-To add a service say http, temporarily and reload firewalld.
-
-    # firewall-cmd  --add-service=http
-    # firewall-cmd –reload
-
-Add http Service Temporarily
-
-Add http Service Temporarily
-
-To add a service say http, permanently and reload firewalld.
-
-# firewall-cmd --add-service=http --permanent
-# firewall-cmd --reload
-
-![Add http Service Permanent](http://www.tecmint.com/wp-content/uploads/2015/04/Add-http-Service-Temporarily.jpeg)
-Add http Service Permanent
-
-To remove a service say http, temporarily.
-
-    # firewall-cmd  --remove-service=http
-    # firewall-cmd --reload
-
-![Remove Firewalld Service Temporarily](http://www.tecmint.com/wp-content/uploads/2015/04/Add-http-Service-Permanent.jpeg)
-Remove Firewalld Service Temporarily
-
-To remove a service say http, permanently.
-
-    # firewall-cmd --zone=work --remove-service=http --permanent
-    # firewall-cmd --reload
-
-![Remove Service Permanently](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Service-Parmanently.jpeg)
-Remove Service Permanently
-
-To allow a port (say 331), temporarily.
-
-    # firewall-cmd --add-port=331/tcp
-    # firewall-cmd --reload
-
-![Open Firewalld Port Temporarily](http://www.tecmint.com/wp-content/uploads/2015/04/Open-Port-Temporarily.jpeg)
-Open Port Temporarily
-
-To allow a port (say 331), permanently.
-
-    # firewall-cmd --add-port=331/tcp --permanent
-    # firewall-cmd --reload
-
-![Open Port in Firewalld Permanent](http://www.tecmint.com/wp-content/uploads/2015/04/Open-Port-Permanent.jpeg)
-Open Port Permanently
-
-To block/remove a port (say 331), temporarily.
-
-    # firewall-cmd --remove-port=331/tcp
-    # firewall-cmd --reload
-
-![Remove Port Temporarily in Firewalld](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Port-Temporarily.jpeg)
-Remove Port Temporarily
-
-To block/remove a port (say 331), permanently.
-
-    # firewall-cmd --remove-port=331/tcp --permanent
-    # firewall-cmd --reload
-
-![Remove Port Permanently in Firewalld](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Port-Permanently.jpeg)
-Remove Port Permanently
-
-To disable firewalld.
-
-    # systemctl stop firewalld
-    # systemctl disable firewalld
-    # firewall-cmd --state
-
-![Disable Firewalld in CentOS 7](http://www.tecmint.com/wp-content/uploads/2015/04/Disable-Firewalld.jpeg)
-Disable Firewalld Service
-
-To enable firewalld.
-
-    # systemctl enable firewalld
-    # systemctl start firewalld
-    # firewall-cmd --state
-
-![Enable Firewalld in CentOS 7](http://www.tecmint.com/wp-content/uploads/2015/04/Enable-Firewalld.jpeg)
-Enable Firewalld
-
- [How to Configure ‘FirewallD’ in RHEL/CentOS 7][2]
- [Useful ‘FirewallD’ Rules to Configure and Manage Firewall][3]
-
-### 15. Installing Wget ###
-
-wget is a Linux command line based utility that retrieves (downloads) content from web servers. It is an important tool you must have to retrieve web contents or download any files using wget command.
-
-    # yum install wget
-
-![Install Wget Tool](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Wget.png)
-Install Wget Tool
-
-For more usage and practical examples on how to use wget command to download files on the terminal, read [10 Wget Command Examples][4].
-
-### 16. Installing Telnet ###
-
-Telnet is a network protocol that enables a user to login into another computer on the same network over TCP/IP. Once connection etablished to the remote computer it becomes a virtual terminal and allow you to communicate with the remote host within your computer as per whatever privileges provided to you.
-
-Telnet also very useful for checking listening ports on remote computer or host.
-
-    # yum install telnet
-    # telnet google.com 80
-
-![Telnet Port Checking](http://www.tecmint.com/wp-content/uploads/2015/04/telnet-testing.png)
-Telnet Port Checking
-
--------------------------------------------------------------------------------
-
-via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/3/
-
-作者：[Avishek Kumar][a]
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-[a]:http://www.tecmint.com/author/avishek/
-[1]:http://www.tecmint.com/nmap-command-examples/
-[2]:http://www.tecmint.com/configure-firewalld-in-centos-7/
-[3]:http://www.tecmint.com/firewalld-rules-for-centos-7/
-[4]:http://www.tecmint.com/10-wget-command-examples-in-linux/
--- a/Installation--4.md
+++ b/Installation--4.md
@ -1,3 +1,4 @@
+Translating by ictlyh
 30 Things to Do After Minimal RHEL/CentOS 7 Installation--4
 ================================================================================
 ### 17. Installing Webmin ###
--- a/Installation--5.md
+++ b/Installation--5.md
@ -1,3 +1,4 @@
+Translating by ictlyh
 30 Things to Do After Minimal RHEL/CentOS 7 Installation--5
 ================================================================================
 ### 25. Install Linux Malware Detect (LMD) ###
--- a/Installation--6.md
+++ b/Installation--6.md
@ -1,3 +1,4 @@
+Translating by ictlyh
 30 Things to Do After Minimal RHEL/CentOS 7 Installation--6
 ================================================================================
 ### 30. Password Protect GRUB ###
--- a/Installation--3.md
+++ b/Installation--3.md
@ -0,0 +1,253 @@
+安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情--3
+================================================================================
+### 12. 安装 Apache Tomcat ###
+
+Tomcat 是由 Apache 设计的用来运行 Java HTTP web 服务器的 servlet 容器。按照下面的方法安装 tomcat，但需要指出的是安装 tomcat 之前必须先安装 Java。
+
+    # yum install tomcat
+
+![安装 Apache Tomcat](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Apache-Tomcat.jpeg)
+安装 Apache Tomcat
+
+安装完 tomcat 之后，启动 tomcat 服务。
+
+    # systemctl start tomcat
+
+查看 tomcat 版本。
+
+    # /usr/sbin/tomcat version
+
+![查看 tomcat 版本](http://www.tecmint.com/wp-content/uploads/2015/04/Check-tomcat-version.jpeg)
+查看 tomcat 版本
+
+允许 tomcat 服务和默认端口(8080) 通过防火墙并重新加载设置。
+
+    # firewall-cmd –zone=public –add-port=8080/tcp --permannet
+    # firewall-cmd –reload
+
+现在该保护 tomcat 服务器了，添加一个用于访问和管理的用户和密码。我们需要编辑文件 ‘/etc/tomcat/tomcat-users.xml’。查看类似下面的部分：
+
+    <tomcat-users>
+    ....
+    </tomcat-users>
+    
+    
+    <role rolename="manager-gui"/>
+     <role rolename="manager-script"/>
+     <role rolename="manager-jmx"/>
+     <role rolename="manager-status"/>
+     <role rolename="admin-gui"/>
+     <role rolename="admin-script"/>
+     <user username="tecmint" password="tecmint" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
+    </tomcat-users>
+
+![保护 Tomcat](http://www.tecmint.com/wp-content/uploads/2015/04/Secure-Tomcat.jpeg)
+保护 Tomcat
+
+我们在这里添加用户 “tecmint” 到 tomcat 的管理员/管理 组中，使用 “tecmint” 作为密码。先停止在启动 tomcat 服务以使更改生效，并添加 tomcat 服务到随系统启动。
+
+    # systemctl stop tomcat
+    # systemctl start tomcat
+    # systemctl enable tomcat.service
+
+请阅读: 在 RHEL/CentOS 7.0/6.x 中安装和配置 Apache Tomcat 8.0.9
+
+### 13. 安装 Nmap 监视开放端口 ###
+
+Nmap 网络映射器通过检查运行它的主机以及分析网络创建一个网络映射。nmap 并没有默认安装，你需要从库中安装它。
+
+    # yum install nmap
+
+![安装 Nmap 监视工具](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Nmap.jpeg)
+安装 Nmap 监视工具
+
+列出主机中所有的开放端口以及对应使用它们的服务。
+
+    # namp 127.0.01
+
+!监视开放端口](http://www.tecmint.com/wp-content/uploads/2015/04/Monitor-Open-Ports.jpeg)
+监视开放端口
+
+你也可以使用 firewall-cmd 列出所有端口，但我发现 nmap 更有用。
+
+    # firewall-cmd –list-ports
+
+![在防火墙中检查开放端口](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Open-Ports-in-Firewall.jpeg)
+在防火墙中检查开放端口
+
+请阅读: [Nmap 监视开放端口的 29 个有用命令][1]
+
+### 14. 配置 FirewallD ###
+
+firewalld 是动态管理服务器的防火墙服务。在 CentOS 7 中 Firewalld 移除了 iptables。在红帽企业版 Linux 和它的衍生版中默认安装了 Firewalld。如果有 iptables 的话为了使每个更改生效需要清空所有旧的规则然后创建新规则。
+
+然而用firewalld，不需要清空并重新创建新规则就可以实现更改生效。
+
+检查 Firewalld 是否运行。
+
+    # systemctl status firewalld
+    或
+    # firewall-cmd –state
+
+![检查 Firewalld 状态](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Firewalld-Status.jpeg)
+检查 Firewalld 状态
+
+获取所有的区域列表。
+
+    # firewall-cmd --get-zones
+
+![检查 Firewalld 区域](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Firewalld-Zones.jpeg)
+检查 Firewalld 区域
+
+在切换之前先获取区域的详细信息。
+
+    # firewall-cmd --zone=work --list-all
+
+![检查区域详情](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Zone-Details.jpeg)
+检查区域详情
+
+获取默认区域。
+
+    # firewall-cmd --get-default-zone
+
+![Firewalld 默认区域](http://www.tecmint.com/wp-content/uploads/2015/04/Firewalld-Default-Zone.jpeg)
+Firewalld 默认区域
+
+切换到另一个区域，比如 ‘work’。
+
+    # firewall-cmd --set-default-zone=work
+
+![切换 Firewalld 区域](http://www.tecmint.com/wp-content/uploads/2015/04/Swich-Zones.jpeg)
+切换 Firewalld 区域
+
+列出区域中的所有服务。
+
+    # firewall-cmd --list-services
+
+![列出 Firewalld 区域的服务](http://www.tecmint.com/wp-content/uploads/2015/04/List-Firewalld-Service.jpeg)
+列出 Firewalld 区域的服务
+
+添加临时服务，比如 http，然后重载 firewalld。
+
+    # firewall-cmd  --add-service=http
+    # firewall-cmd –reload
+
+添加临时 http 服务
+
+添加临时 http 服务
+
+添加永久服务，比如 http，然后重载 firewalld。
+
+# firewall-cmd --add-service=http --permanent
+# firewall-cmd --reload
+
+![添加永久 http 服务](http://www.tecmint.com/wp-content/uploads/2015/04/Add-http-Service-Temporarily.jpeg)
+添加永久 http 服务
+
+删除临时服务，比如 http。
+
+    # firewall-cmd  --remove-service=http
+    # firewall-cmd --reload
+
+![删除临时 Firewalld 服务](http://www.tecmint.com/wp-content/uploads/2015/04/Add-http-Service-Permanent.jpeg)
+删除临时 Firewalld 服务
+
+删除永久服务，比如 http
+
+    # firewall-cmd --zone=work --remove-service=http --permanent
+    # firewall-cmd --reload
+
+![删除永久服务](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Service-Parmanently.jpeg)
+删除永久服务
+
+允许一个临时端口(比如 331)。
+
+    # firewall-cmd --add-port=331/tcp
+    # firewall-cmd --reload
+
+![打开临时 Firewalld 端口](http://www.tecmint.com/wp-content/uploads/2015/04/Open-Port-Temporarily.jpeg)
+打开临时端口
+
+允许一个永久端口(比如 331)。
+
+    # firewall-cmd --add-port=331/tcp --permanent
+    # firewall-cmd --reload
+
+![打开永久 Firewalld 端口](http://www.tecmint.com/wp-content/uploads/2015/04/Open-Port-Permanent.jpeg)
+打开永久端口
+
+阻塞/移除临时端口(比如 331)。
+
+    # firewall-cmd --remove-port=331/tcp
+    # firewall-cmd --reload
+
+![移除 Firewalld 临时端口](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Port-Temporarily.jpeg)
+移除临时端口
+
+阻塞/移除永久端口(比如 331)。
+
+    # firewall-cmd --remove-port=331/tcp --permanent
+    # firewall-cmd --reload
+
+![移除 Firewalld 永久端口](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Port-Permanently.jpeg)
+移除永久端口
+
+停用 firewalld。
+
+    # systemctl stop firewalld
+    # systemctl disable firewalld
+    # firewall-cmd --state
+
+![在 CentOS 7 中停用 Firewalld](http://www.tecmint.com/wp-content/uploads/2015/04/Disable-Firewalld.jpeg)
+停用 Firewalld 服务
+
+启用 firewalld。
+
+    # systemctl enable firewalld
+    # systemctl start firewalld
+    # firewall-cmd --state
+
+![在 CentOS 7 中取消 Firewalld](http://www.tecmint.com/wp-content/uploads/2015/04/Enable-Firewalld.jpeg)
+启用 Firewalld
+
+- [如何在 RHEL/CentOS 7 中配置 ‘Firewalld’][2]
+- [配置和管理 Firewalld 的有用 ‘Firewalld’ 规则][3]
+
+### 15. 安装 Wget ###
+
+Wget 是基于 Linux 命令行从 web 服务器获取(下载)内容的工具。它是你使用 wget 命令获取 web 内容或下载任何文件必须要有的重要工具。
+
+    # yum install wget
+
+![安装 Wget 工具](http://www.tecmint.com/wp-content/uploads/2015/04/Install-Wget.png)
+安装 Wget 工具
+
+关于在终端中如何使用 wget 命令下载文件的方法和实际例子，请阅读[10 个 Wget 命令例子][4]。
+
+### 16. 安装 Telnet ###
+
+Telnet 是通过 TCP/IP 允许用户登录到相同网络上的另一台计算机的网络协议。和远程计算机的连接建立后，它就成为了一个允许你在自己的计算机上用所有提供给你的权限和远程主机交互的虚拟终端。
+
+Telnet 对于检查远程计算机或主机的监听端口也非常有用。
+
+    # yum install telnet
+    # telnet google.com 80
+
+![检查 Telnet 端口](http://www.tecmint.com/wp-content/uploads/2015/04/telnet-testing.png)
+检查 Telnet 端口
+
+--------------------------------------------------------------------------------
+
+via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/3/
+
+作者：[Avishek Kumar][a]
+译者：[ictlyh](https://github.com/ictlyh)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
+
+[a]:http://www.tecmint.com/author/avishek/
+[1]:http://www.tecmint.com/nmap-command-examples/
+[2]:http://www.tecmint.com/configure-firewalld-in-centos-7/
+[3]:http://www.tecmint.com/firewalld-rules-for-centos-7/
+[4]:http://www.tecmint.com/10-wget-command-examples-in-linux/