最近安装了个centos操作系统。感觉用着还不错,在此需要感谢cnbird对我的指导,以及他所作的 linux安全加固教程!在此表示感谢!
至于centos的安装请加入网络大工QQ群,在群里面有文本安装centos操作系统的详细视频教程!
这里以安装完成centos操作系统开始!
启动centos界面如下:
一般的服务器都是托管的,而利用telnet上去比较消耗内存,也不利于管理。所以我们选择远程连接工具SecureCRT 。
有人或许又会问我到哪里去下载SecureCRT 呢?
我不能告诉你迅雷里面就有,而且我也不能告诉你,迅雷里面还有破解的。
说到这里大家都应该明白该怎么办了吧。
这里我们简单设置下就可以远程到centos主机。
首先查看下centos的主机网络地址使用ifconfig eth0 可以查看到 如图:
然后设置SecureCRT 就可以直接ssh上去。
连接之后如图:
之后在secureCRT上操作也就相当于在本地操作了。
好了,闲话少说,我们进入第一个命令的学习man。
man文档是一个非常重要的帮助文档,但这又常常是技术人员常常忘记的一种方式。
比如说我们要差关于yum的用法可以使用 man yum来查看
这里就列出了yum的详细用法
安装完一个服务器的之后 首先要做的就是升级操作系统。这里我们可以使用 yum update 命令
更新完了之后,会提示是否安装,输入Y即可。
关闭不必要的端口,那么这里就需要用到用什么命令来查看本地开放的端口呢。
使用netstat -an 命令来查看
[root@localhost ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:644 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.105:56873 61.110.198.174:80 TIME_WAIT
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::ffff:192.168.1.105:22 ::ffff:192.168.1.102:2068 ESTABLISHED
udp 0 0 0.0.0.0:641 0.0.0.0:*
udp 0 0 0.0.0.0:54055 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:638 0.0.0.0:*
udp 0 0 :::5353 :::*
udp 0 0 :::45809 :::*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8052 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 9432 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5947 /var/run/setrans/.setrans-unix
unix 2 [ ACC ] STREAM LISTENING 6495 /var/run/audispd_events
unix 2 [ ] DGRAM 1494 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 6976 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8245 @/var/run/hald/dbus-qXR2dhEA1T
unix 2 [ ACC ] STREAM LISTENING 7057 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 7178 /var/run/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 7342 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 7450 /var/run/cups/cups.sock
unix 2 [ ] DGRAM 8253 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 8244 @/var/run/hald/dbus-bLZwz6mHGV
unix 2 [ ACC ] STREAM LISTENING 8199 /var/run/avahi-daemon/socket
unix 17 [ ] DGRAM 6573 /dev/log
unix 2 [ ACC ] STREAM LISTENING 9816 /tmp/ssh-caXIjO2766/agent.2766
unix 2 [ ACC ] STREAM LISTENING 7675 /dev/gpmctl
unix 2 [ ] DGRAM 9798
unix 3 [ ] STREAM CONNECTED 9435 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 9434
unix 3 [ ] STREAM CONNECTED 9421 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9420
unix 3 [ ] STREAM CONNECTED 8958 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8957
unix 3 [ ] STREAM CONNECTED 8926 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8925
unix 3 [ ] STREAM CONNECTED 8791 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8790
unix 3 [ ] STREAM CONNECTED 8783 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 8782
unix 3 [ ] STREAM CONNECTED 8775 @/var/run/hald/dbus-bLZwz6mHGV
unix 3 [ ] STREAM CONNECTED 8773
unix 3 [ ] STREAM CONNECTED 8248 @/var/run/hald/dbus-qXR2dhEA1T
unix 3 [ ] STREAM CONNECTED 8247
unix 3 [ ] STREAM CONNECTED 8202 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8201
unix 3 [ ] STREAM CONNECTED 8196
unix 3 [ ] STREAM CONNECTED 8195
unix 2 [ ] DGRAM 8193
unix 2 [ ] DGRAM 8085
unix 2 [ ] DGRAM 7706
unix 2 [ ] DGRAM 7669
unix 2 [ ] DGRAM 7638
unix 2 [ ] DGRAM 7589
unix 2 [ ] DGRAM 7504
unix 2 [ ] DGRAM 7276
unix 2 [ ] DGRAM 7223
unix 2 [ ] DGRAM 7177
unix 3 [ ] STREAM CONNECTED 7065 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 7064
unix 2 [ ] DGRAM 7033
unix 2 [ ] DGRAM 7023
unix 3 [ ] STREAM CONNECTED 6993
unix 3 [ ] STREAM CONNECTED 6992
unix 3 [ ] STREAM CONNECTED 6914
unix 3 [ ] STREAM CONNECTED 6913
unix 2 [ ] DGRAM 6768
unix 2 [ ] DGRAM 6581
unix 3 [ ] STREAM CONNECTED 6480
unix 3 [ ] STREAM CONNECTED 6479
可是查看下来的结果是太多了,那么有没有什么看起来简单一点的方法呢,答案是显然的。
我们在后面修改一个参数也就是netstat -tnl 。t代表的是tcp协议也可以用u代替,l代表的是listen
我们现在知道了端口之后怎么知道是哪些服务和该端口对应的呢。losf命令也即losf -i。
[root@localhost /]# lsof -i|more
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 1973 root 4u IPv4 6235 UDP *:bootpc
portmap 2129 rpc 3u IPv4 6672 UDP *:sunrpc
portmap 2129 rpc 4u IPv4 6677 TCP *:sunrpc (LISTEN)
rpc.statd 2158 rpcuser 3u IPv4 6778 UDP *:repcmd
rpc.statd 2158 rpcuser 6u IPv4 6769 UDP *:mcns-sec
rpc.statd 2158 rpcuser 7u IPv4 6786 TCP *:dwr (LISTEN)
sshd 2412 root 3u IPv6 7397 TCP *:ssh (LISTEN)
cupsd 2427 root 4u IPv4 7449 TCP localhost.localdomain:ipp (L
ISTEN)
cupsd 2427 root 6u IPv4 7452 UDP *:ipp
sendmail 2467 root 4u IPv4 7594 TCP localhost.localdomain:smtp (
LISTEN)
avahi-dae 2591 avahi 13u IPv4 8207 UDP *:mdns
avahi-dae 2591 avahi 14u IPv6 8208 UDP *:mdns
avahi-dae 2591 avahi 15u IPv4 8209 UDP *:54055
avahi-dae 2591 avahi 16u IPv6 8210 UDP *:45809
sshd 2766 root 3u IPv6 9600 TCP 192.168.1.105:ssh->192.168.1
.102:avauthsrvprtcl (ESTABLISHED)
chkconfig
我们首先man chkconfig来看下chkconfig的用法
我们使用chkconfig --list来查看系统服务的状态
[root@localhost ~]# chkconfig --list
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
avahi-dnsconfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bluetooth 0:off 1:off 2:on 3:on 4:on 5:on 6:off
capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
clvmd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cman 0:off 1:off 2:off 3:off 4:off 5:off 6:off
conman 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcdbd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dovecot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dund 0:off 1:off 2:off 3:off 4:off 5:off 6:off
firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
gfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gfs2 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
hidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ibmasm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
innd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
isdn 0:off 1:on 2:on 3:on 4:on 5:on 6:on
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
oddjobd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
openais 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pand 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
qdiskd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
readahead_later 0:off 1:off 2:off 3:off 4:off 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
scsi_reserve 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smartd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
tux 0:off 1:off 2:off 3:off 4:off 5:off 6:off
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yum-updatesd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
cvs: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
eklogin: off
ekrb5-telnet: off
gssftp: off
klogin: off
krb5-telnet: off
kshell: off
rsync: off
tcpmux-server: off
time-dgram: off
time-stream: off
倘若我们要关闭isdn的level 123456的话又该怎么做呢?
我们可以使用chkconfig --level 123456 isdn off 就可以
那么关闭了又该如何启动呢?
那就是chkconfig --level 123456 isdn on
我们在用chkconfig |grep isdn来查看是否关闭了isdn服务
所有操作过程如图:
如果不适用命令行的话,我们可以使用ntsysv命令来进行图形化界面的操作。
这里就不多做介绍了,图形界面很容易理解!
今天就写到这里吧!
(菜鸟写博,老鸟飞过。欢迎拍砖,深入交流!)
多吃东西多喝水,
少玩游戏少睡觉! -------珏石头
©著作权归作者所有:来自51CTO博客作者珏石头的原创作品,如需转载,请与作者联系,否则将追究法律责任
命令职场休闲OperatingSystem
共同学习,写下你的评论
评论加载中...
作者其他优质文章
