最近安裝了個centos作業系統。感覺用着還不錯,在此需要感謝cnbird對我的指導,以及他所作的 linux安全加強教程!在此表示感謝!
至于centos的安裝請加入網絡大工QQ群,在群裡面有文本安裝centos作業系統的詳細視訊教程!
這裡以安裝完成centos作業系統開始!
啟動centos界面如下:
一般的伺服器都是托管的,而利用telnet上去比較消耗記憶體,也不利于管理。是以我們選擇遠端連接配接工具SecureCRT 。
有人或許又會問我到哪裡去下載下傳SecureCRT 呢?
我不能告訴你迅雷裡面就有,而且我也不能告訴你,迅雷裡面還有破解的。
說到這裡大家都應該明白該怎麼辦了吧。
這裡我們簡單設定下就可以遠端到centos主機。
首先檢視下centos的主機網絡位址使用ifconfig eth0 可以檢視到 如圖:
然後設定SecureCRT 就可以直接ssh上去。
連接配接之後如圖:
之後在secureCRT上操作也就相當于在本地操作了。
好了,閑話少說,我們進入第一個指令的學習man。
man文檔是一個非常重要的幫助文檔,但這又常常是技術人員常常忘記的一種方式。
比如說我們要差關于yum的用法可以使用 man yum來檢視
這裡就列出了yum的詳細用法
安裝完一個伺服器的之後 首先要做的就是更新作業系統。這裡我們可以使用 yum update 指令
更新完了之後,會提示是否安裝,輸入Y即可。
關閉不必要的端口,那麼這裡就需要用到用什麼指令來檢視本地開放的端口呢。
使用netstat -an 指令來檢視
[root@localhost ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:644 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.105:56873 61.110.198.174:80 TIME_WAIT
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::ffff:192.168.1.105:22 ::ffff:192.168.1.102:2068 ESTABLISHED
udp 0 0 0.0.0.0:641 0.0.0.0:*
udp 0 0 0.0.0.0:54055 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:638 0.0.0.0:*
udp 0 0 :::5353 :::*
udp 0 0 :::45809 :::*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8052 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 9432 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5947 /var/run/setrans/.setrans-unix
unix 2 [ ACC ] STREAM LISTENING 6495 /var/run/audispd_events
unix 2 [ ] DGRAM 1494 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 6976 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8245 @/var/run/hald/dbus-qXR2dhEA1T
unix 2 [ ACC ] STREAM LISTENING 7057 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 7178 /var/run/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 7342 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 7450 /var/run/cups/cups.sock
unix 2 [ ] DGRAM 8253 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 8244 @/var/run/hald/dbus-bLZwz6mHGV
unix 2 [ ACC ] STREAM LISTENING 8199 /var/run/avahi-daemon/socket
unix 17 [ ] DGRAM 6573 /dev/log
unix 2 [ ACC ] STREAM LISTENING 9816 /tmp/ssh-caXIjO2766/agent.2766
unix 2 [ ACC ] STREAM LISTENING 7675 /dev/gpmctl
unix 2 [ ] DGRAM 9798
unix 3 [ ] STREAM CONNECTED 9435 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 9434
unix 3 [ ] STREAM CONNECTED 9421 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9420
unix 3 [ ] STREAM CONNECTED 8958 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8957
unix 3 [ ] STREAM CONNECTED 8926 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8925
unix 3 [ ] STREAM CONNECTED 8791 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8790
unix 3 [ ] STREAM CONNECTED 8783 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 8782
unix 3 [ ] STREAM CONNECTED 8775 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8773
unix 3 [ ] STREAM CONNECTED 8248 @/var/run/hald/dbus-qXR2dhEA1T
unix 3 [ ] STREAM CONNECTED 8247
unix 3 [ ] STREAM CONNECTED 8202 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8201
unix 3 [ ] STREAM CONNECTED 8196
unix 3 [ ] STREAM CONNECTED 8195
unix 2 [ ] DGRAM 8193
unix 2 [ ] DGRAM 8085
unix 2 [ ] DGRAM 7706
unix 2 [ ] DGRAM 7669
unix 2 [ ] DGRAM 7638
unix 2 [ ] DGRAM 7589
unix 2 [ ] DGRAM 7504
unix 2 [ ] DGRAM 7276
unix 2 [ ] DGRAM 7223
unix 2 [ ] DGRAM 7177
unix 3 [ ] STREAM CONNECTED 7065 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7064
unix 2 [ ] DGRAM 7033
unix 2 [ ] DGRAM 7023
unix 3 [ ] STREAM CONNECTED 6993
unix 3 [ ] STREAM CONNECTED 6992
unix 3 [ ] STREAM CONNECTED 6914
unix 3 [ ] STREAM CONNECTED 6913
unix 2 [ ] DGRAM 6768
unix 2 [ ] DGRAM 6581
unix 3 [ ] STREAM CONNECTED 6480
unix 3 [ ] STREAM CONNECTED 6479
可是檢視下來的結果是太多了,那麼有沒有什麼看起來簡單一點的方法呢,答案是顯然的。
我們在後面修改一個參數也就是netstat -tnl 。t代表的是tcp協定也可以用u代替,l代表的是listen
我們現在知道了端口之後怎麼知道是哪些服務和該端口對應的呢。losf指令也即losf -i。
[root@localhost /]# lsof -i|more
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 1973 root 4u IPv4 6235 UDP *:bootpc
portmap 2129 rpc 3u IPv4 6672 UDP *:sunrpc
portmap 2129 rpc 4u IPv4 6677 TCP *:sunrpc (LISTEN)
rpc.statd 2158 rpcuser 3u IPv4 6778 UDP *:repcmd
rpc.statd 2158 rpcuser 6u IPv4 6769 UDP *:mcns-sec
rpc.statd 2158 rpcuser 7u IPv4 6786 TCP *:dwr (LISTEN)
sshd 2412 root 3u IPv6 7397 TCP *:ssh (LISTEN)
cupsd 2427 root 4u IPv4 7449 TCP localhost.localdomain:ipp (L
ISTEN)
cupsd 2427 root 6u IPv4 7452 UDP *:ipp
sendmail 2467 root 4u IPv4 7594 TCP localhost.localdomain:smtp (
LISTEN)
avahi-dae 2591 avahi 13u IPv4 8207 UDP *:mdns
avahi-dae 2591 avahi 14u IPv6 8208 UDP *:mdns
avahi-dae 2591 avahi 15u IPv4 8209 UDP *:54055
avahi-dae 2591 avahi 16u IPv6 8210 UDP *:45809
sshd 2766 root 3u IPv6 9600 TCP 192.168.1.105:ssh->192.168.1
.102:avauthsrvprtcl (ESTABLISHED)
chkconfig
我們首先man chkconfig來看下chkconfig的用法
我們使用chkconfig --list來檢視系統服務的狀态
[root@localhost ~]# chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-dnsconfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off
capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
clvmd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cman 0:off 1:off 2:off 3:off 4:off 5:off 6:off
conman 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcdbd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dovecot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dund 0:off 1:off 2:off 3:off 4:off 5:off 6:off
firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
gfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gfs2 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ibmasm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
innd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
isdn 0:off 1:on 2:on 3:on 4:on 5:on 6:on
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
oddjobd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
openais 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pand 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
qdiskd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
readahead_later 0:off 1:off 2:off 3:off 4:off 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
scsi_reserve 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
tux 0:off 1:off 2:off 3:off 4:off 5:off 6:off
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yum-updatesd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
cvs: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
eklogin: off
ekrb5-telnet: off
gssftp: off
klogin: off
krb5-telnet: off
kshell: off
rsync: off
tcpmux-server: off
time-dgram: off
time-stream: off
倘若我們要關閉isdn的level 123456的話又該怎麼做呢?
我們可以使用chkconfig --level 123456 isdn off 就可以
那麼關閉了又該如何啟動呢?
那就是chkconfig --level 123456 isdn on
我們在用chkconfig |grep isdn來檢視是否關閉了isdn服務
所有操作過程如圖:
如果不适用指令行的話,我們可以使用ntsysv指令來進行圖形化界面的操作。
這裡就不多做介紹了,圖形界面很容易了解!
今天就寫到這裡吧!
(菜鳥寫博,老鳥飛過。歡迎拍磚,深入交流!)
多吃東西多喝水,
少玩遊戲少睡覺! -------珏石頭
本文轉自 珏石頭 51CTO部落格,原文連結:http://blog.51cto.com/gavinshaw/148583,如需轉載請自行聯系原作者
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)