运维笔记：购买vps服务器后，在Linux最初需要做的几件事

Posted 2021-06-28 the丶only

本人系统为CentOS 8
可通过 命令 cat /etc/redhat-release 查看自己系统版本

[root@EasygoingEssential-VM /]# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
[root@EasygoingEssential-VM /]#

命令 uname -a 可查看内核版本

[root@EasygoingEssential-VM /]# uname -a
Linux EasygoingEssential-VM 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

1：更改root原始密码

命令输入 passwd ，输入两遍密码

[root@EasygoingEssential-VM ~]# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2: 安装bash-completion Tab补齐

按Tab建没法补齐命令，所以需要自己安装bash-completion
命令输入 yum -y install bash-completion

[root@EasygoingEssential-VM /]# yum -y install bash-completion

重新登录生效

3: 安装第三方源epel-release，和国内yum源

自己安的是阿里yum源
1，备份原有源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

2，下载阿里源
本人系统版本为CentOS-8,所以下载

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

如果其他版本如CentOS-7,则
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

[root@EasygoingEssential-VM ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
--2021-06-15 09:17:20--  https://mirrors.aliyun.com/repo/Centos-8.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 47.246.22.232, 47.246.22.233, 47.246.22.234, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|47.246.22.232|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2595 (2.5K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/CentOS-Base.repo’

/etc/yum.repos.d/CentO 100%[===========================>]   2.53K  --.-KB/s    in 0s

2021-06-15 09:17:22 (15.1 MB/s) - ‘/etc/yum.repos.d/CentOS-Base.repo’ saved [2595/2595]

最后清除系统所有的yum缓存
yum clean all
生成yum缓存
yum makecache

安装完成！！！！！1

如果没有wget 命令，会提示

-bash: wget: command not found

同样先安装 yum -y install wget即可；
3：安装epel-release
命令：
yum install -y epel-release

[root@EasygoingEssential-VM ~]# yum install -y epel-release
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
CentOS-8 - Base - mirrors.aliyun.com                       897 kB/s | 2.6 MB     00:02
CentOS-8 - Extras - mirrors.aliyun.com                     3.0 kB/s | 9.6 kB     00:03
....
....
Installed:
  epel-release-8-8.el8.noarch

Complete!
[root@EasygoingEssential-VM ~]#

安装成功！！！

yum repolist enabled可查看可用的yum源
yum repolist all显示所有yum源

[root@EasygoingEssential-VM ~]# yum repolist enabled
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Last metadata expiration check: 0:00:18 ago on Tue 15 Jun 2021 09:36:37 AM EDT.
repo id               repo name                                                      status
AppStream             CentOS-8 - AppStream                                           5,289
base                  CentOS-8 - Base - mirrors.aliyun.com                           1,744
*epel                 Extra Packages for Enterprise Linux 8 - x86_64                 7,437
*epel-modular         Extra Packages for Enterprise Linux Modular 8 - x86_64             0
extras                CentOS-8 - Extras - mirrors.aliyun.com                            34

4：更改ssh端口或者禁用root远程登陆

禁用root前，需要创建一个普通用户及远程登陆密码
useradd slan 创建一个为slan的用户
passwd slan 设置用户slan的密码

[root@EasygoingEssential-VM ~]# useradd slan
[root@EasygoingEssential-VM ~]# passwd slan
Changing password for user test.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@EasygoingEssential-VM ~]#

然后编辑ssh配置文件
vi /etc/ssh/sshd_config
将Port 22 改为 Port 9527(1到65535之间，且没有被占用)
PermitRootLogin yes 改为 PermitRootLogin no 禁用root远程登陆

 Port 9527
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

完成，保存重启ssh服务生效。

注: 更改端口一定要关闭防火墙，否则无法用新端口连接ssh.或者自己设置防火墙放行
systemctl stop firewalld.service 关闭防火墙
systemctl disable firewalld.service关闭开机启动

[root@EasygoingEssential-VM ~]# systemctl stop firewalld.service
[root@EasygoingEssential-VM ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.

以后ssh登录用创建的slan普通用户登录，登录后可用su -切换root用户。

5：更改终端命令行颜色

更改终端命令行颜色，为了更加直观方便以后观看及查看命令。
更改
vi /etc/profile
在最后面加上PS1=’[[\\e[32m]\\u[\\e[0m][\\e[35m]@[\\e[0m][\\e[33m]\\h[\\e[0m][\\e[36m] \\W[\\e[0m]]$'

PS1='[\\[\\e[32m\\]\\u\\[\\e[0m\\]\\[\\e[35m\\]@\\[\\e[0m\\]\\[\\e[33m\\]\\h\\[\\e[0m\\]\\[\\e[36m\\] \\W\\[\\e[0m\\]]\\$'

最后
source /etc/profile 更新文件，可以看到命令行颜色已变化。