Centos7基础设置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Centos7基础设置相关的知识,希望对你有一定的参考价值。
1.设置主机名2.添加用户3.防火墙设置4.网络设置5.配置服务6.升级系统7.添加外部软件源8.配置vim9.配置sudo10.设置时区11.设置键盘布局12.设置系统语言13.设置密码1.设置主机名
1)更改主机名
#显示当前主机名 [[email protected] ~]# hostname |
| localhost.localdomain |
#改变主机名 [[email protected] ~]# hostname zby [[email protected] ~]# hostname |
| zby #只是改变 |
2)永久改变主机名
[[email protected] ~]# hostnamectl set-hostname zby #显示状态 [[email protected] ~]# hostnamectl |
Static hostname: zby Icon name: computer-vm Chassis: vm Machine ID: 1f96150fe7c04420b9e71c154be8c01b Boot ID: 35495cc567584fd19646472d8e853fcc Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-327.el7.x86_64 Architecture: x86-64 |
#显示计算机名 [[email protected] ~]# su - root |
| Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0 |
| [[email protected] ~]# |
2.添加用户
1)添加一个用户“zhang”作为下面的示例。
[[email protected] ~]# useradd zhang [[email protected] ~]# passwd zhang |
New password: #设置密码 BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: #确认 passwd: all authentication tokens updated successfully. |
| [[email protected] ~]# exit #注销当前用户 |
2)尝试切换新添加用户
| zby login: zhang #输入用户名password: #输入密码 |
#查看当前用户 [[email protected] ~]$ whoami |
| zhang |
| [[email protected] ~]$ su - root #切换到root用户 |
| Password: #输入root用户密码 |
| [[email protected] ~]# #已切换到root用户 |
3)使用户只能够作为管理用户切换到root用户。
[[email protected] ~]# usermod -G wheel zhang [[email protected] ~]# vi /etc/pam.d/su |
#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so |
4)转发到根用户的电子邮件到另一个用户,设置如下。
| [[email protected] ~]# vi /etc/aliases |
# Person who should get root's mail #最后一行:取消和更改用户 root: zhang |
| [[email protected] ~]# newaliases #加载 |
3.防火墙设置
1)可以显示防火墙的服务状态,如下所示。(默认启用)
| [[email protected] ~]# systemctl status firewalld |
● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s ago Main PID: 13164 (firewalld) CGroup: /system.slice/firewalld.service └─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon... Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon. |
2)如果您使用防火墙服务,它需要修改它的设置,因为默认情况下不允许对服务的传入请求。在这里是指基本的操作和设置配置firewalld服务。
3)如果你因为一些原因不需要防火墙服务,需要停止并禁用它如下。
#停止服务 [[email protected] ~]# systemctl stop firewalld |
#关闭服务 [[email protected] ~]# systemctl disable firewalld |
4)显示SELinux的状态(安全增强的Linux)如下。(默认启用)
| [[email protected] ~]# getenforce |
| Enforcing #selinux是开启的 |
#关闭selinux [[email protected] ~]# vi /etc/selinux/config |
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted |
#重新启动应用新设置 [[email protected] ~]# reboot |
4.网络设置
1)设置静态IP,替换接口名称为"eth0"
#设置主机名 [[email protected] ~]# hostnamectl set-hostname zby #显示网络设备 [[email protected] ~]# nmcli d |
| DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0 lo loopback unmanaged -- |
#设置IPV4地址 [[email protected] ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24 #设置默认网关 [[email protected] ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1 #设置域名解析 [[email protected] ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66 #为静态设置设置手动(DHCP为“自动”) [[email protected] ~]# nmcli c modify eth0 ipv4.method manual #重新启动界面并重新加载设置 [[email protected] ~]# nmcli c down eth0; nmcli c up eth0 |
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) |
#显示网卡配置信息 [[email protected] ~]# nmcli d show eth0 |
GENERAL.DEVICE: eth0 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:50:56:8F:56:A5 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: eth0 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 172.31.253.63/24 IP4.GATEWAY: 172.31.253.1 IP4.DNS[1]: 211.138.24.66 IP4.DNS[2]: 211.138.30.66 IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64 IP6.GATEWAY: |
#显示网卡状态 [[email protected] ~]# ip addr show |
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.253.63/24 brd 172.31.253.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe8f:56a5/64 scope link valid_lft forever preferred_lft forever |
2)关闭IPV6
| [[email protected] ~]# vi /etc/default/grub |
#在第6行,添加 GRUB_CMDLINE_LINUX="crashkernel=auto ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
#使更改生效 [[email protected] ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [[email protected] ~]# reboot |
3)上面的接口名称的例子是“eth0”,但是如果您的系统安装在物理机器上,默认情况下该名称不是“ethX”。 然后如果你想使用网络接口名称“ethX”,配置如下。
| [[email protected] ~]# vi /etc/default/grub |
#在第6行添加 GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet" |
| [[email protected] ~]# grub2-mkconfig -o /boot/grub2/grub.cfg |
| Generating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone |
| [[email protected] ~]# reboot |
5.配置服务
1)查看服务状态
#显示正在运行的服务列表 [[email protected] ~]# systemctl -t service |
| UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Bus[email protected] loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etc[email protected]:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to run wpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'. |
#显示所有服务 [[email protected] ~]# systemctl list-unit-files -t service |
| UNIT FILE STATE auditd.service enabled [email protected] disabledblk-availability.service disabledbrandbot.service static console-getty.service disabledconsole-shell.service disabled[email protected] static cpupower.service disabledcrond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static 。。。。。。systemd-vconsole-setup.service static tcsd.service disabled[email protected] static tuned.service enabled wpa_supplicant.service disabled139 unit files listed. |
2)停止并关闭服务的自动启动设置。
[[email protected] ~]# systemctl stop postfix [[email protected] ~]# systemctl disable postfix |
| Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service. |
3)通过chkconfig控制一些服务是否自动启动。
| [[email protected] ~]# chkconfig --list |
Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'. netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
#例如,关闭netconsole的自动启动设置 [[email protected] ~]# chkconfig netconsole off |
6.升级系统
1)安装CentOS后,如有可能,请先更新系统。
| [[email protected] ~]# yum -y update |
| 。。。。。yum.noarch 0:3.4.3-154.el7.centos.1 yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 zlib.x86_64 0:1.2.7-17.el7 Replaced: NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centos grub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7 rdma.noarch 0:7.2_4.1_rc6-1.el7 Complete! |
7.添加外部软件源
添加一些有用的外部存储库来安装有用的软件。
1)安装一个插件为每个已安装的存储库添加优先级。
| [[email protected] ~]# yum -y install yum-plugin-priorities |
| Downloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Installed: yum-plugin-priorities.noarch 0:1.1.31-42.el7 Complete! |
#将[priority = 1]设置为官方存储库 [[email protected] ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo |
2)添加从Fedora项目提供的EPEL存储库。
| [[email protected] ~]# yum -y install epel-release |
| Running transaction Installing : epel-release-7-9.noarch 1/1 Verifying : epel-release-7-9.noarch 1/1 Installed: epel-release.noarch 0:7-9 Complete! |
# 设置[priority=5] [[email protected] ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo #换另一种方式,更改为[enabled = 0]并仅在需要时使用它 [[email protected] ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo #如果[enabled = 0],输入命令以使用存储库 [[email protected] ~]# yum --enablerepo=epel install [Package] |
3)添加CentOS SCLo软件集合存储库。
[[email protected] ~]# yum -y install centos-release-scl-rh centos-release-scl #设置[priority=10] [[email protected] ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [[email protected] ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #换另一种方式,更改为[enabled = 0]并仅在需要时使用它 [[email protected] ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo [[email protected] ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo #如果[enabled = 0],输入命令以使用存储库 [[email protected] ~]# yum --enablerepo=centos-sclo-rh install [Package] [[email protected] ~]# yum --enablerepo=centos-sclo-sclo install [Package] |
4)添加Remi的RPM存储库,它提供了许多有用的软件包。
[[email protected] ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm # 设置 [priority=10] [[email protected] ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo #换另一种方式,更改为[enabled = 0]并仅在需要时使用它 [[email protected] ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo #if [enabled = 0],输入命令以使用存储库 [[email protected] ~]# yum --enablerepo=remi-safe install [Package] |
8.配置vim安装和配置比vi更方便的vim。1)安装vim
| [[email protected] ~]# yum -y install vim-enhanced |
Installed: vim-enhanced.x86_64 2:7.4.160-2.el7 Dependency Installed: gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7 vim-filesystem.x86_64 2:7.4.160-2.el7 Complete! |
2)设置命令别名。 (适用于下面的所有用户,如果你申请了一个用户,在'?/ .bashrc'中写入相同的设置)
| [[email protected] ~]# vi /etc/profile |
#在最后一行添加 alias vi='vim' |
| [[email protected] ~]# source /etc/profile #重新加载环境变量 |
3)配置vim。 (适用于下面的用户,如果适用于所有用户,在'/ etc / vimrc'中写入相同的设置,但默认情况下会应用一些设置。)
| [[email protected] ~]# vi ~/.vimrc |
#使用vim的扩展功能(不兼容vi) set nocompatible #指定编码 set encoding=utf-8 #指定文件编码 set fileencodings=ucs-bom,utf-8,cp936 #指定文件格式 set fileformats=unix,dos #采取备份,如果没有,请指定[set nobackup] set backup #指定备份目录 set backupdir=~/backup #采取50个搜索历史 set history=50 #忽略Case set ignorecase #不同的资本,如果你混合搜索词 set smartcase #突出显示匹配的词,如果不是,请指定[set nohlsearch] set hlsearch #使用增量搜索,如果没有,请指定[set noincsearch] set incsearch #显示行号,如果不是,请指定[set nonumber] set number #可视化中断($)或标签(^ I) set list #突出显示括号 set showmatch #显示彩色显示,如果没有,请指定[语法关闭] syntax on #如果已设置,则更改注释的颜色[语法] highlight comment ctermfg=LightCyan #包装线,如果没有,请指定[set nowrap] set wrap |
9.配置sudo
配置sudo以分离用户的责任,如果一些人共享特权。不必手动安装sudo,因为即使“最小安装”,它也是默认安装的。
1)将root权限转移给用户all。
| [[email protected] ~]# visudo |
| #在最后一行添加:用户'cent'可以使用所有root权限zhang ALL=(ALL) ALL#如何写?目的地主机=(所有者)命令 |
#确保用户‘zhang’ [[email protected] ~]# su - zhang [[email protected] ~]$ /usr/bin/cat /etc/shadow |
| sr/bin/cat: /etc/shadow: Permission denied |
| [[email protected] ~]$ sudo /usr/bin/cat /etc/shadow |
。。。。。。 tss:!!:17586:::::: postfix:!!:17586:::::: sshd:!!:17586:::::: zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7::: |
10.设置时区在下面的示例中替换为您自己的时区。
| #显示时区[[email protected] ~]# timedatectl list-timezones |
。。。。。。 Asia/Qyzylorda Asia/Riyadh Asia/Sakhalin Asia/Samarkand Asia/Seoul Asia/Shanghai Asia/Singapore Asia/Srednekolymsk Asia/Taipei Asia/Tashkent Asia/Tbilisi |
#设置时区 [[email protected] ~]# timedatectl set-timezone Asia/Shanghai #显示状态 [[email protected] ~]# timedatectl |
Local time: Mon 2018-03-19 22:18:49 CST Universal time: Mon 2018-03-19 14:18:49 UTC RTC time: Mon 2018-03-19 14:18:48 Time zone: Asia/Shanghai (CST, +0800) NTP enabled: n/aNTP synchronized: no RTC in local TZ: no DST active: n/a |
11.设置键盘布局
#显示当前键盘布局状态 [[email protected] ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#显示键盘映射列表 [[email protected] ~]# localectl list-keymaps |
。。。。。。 ukunicode us us-acentos us-alt-intl us-altgr-intl us-colemak us-dvorak us-dvorak-alt-intl us-dvorak-classic us-dvorak-intl us-dvorak-l us-dvorak-r us-dvp |
#设置键盘布局 [[email protected] ~]# localectl set-keymap us #显示键盘布局状态 [[email protected] ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
12.设置系统语言
在下面的示例中替换为您自己的语言。
#显示当前状态 [[email protected] ~]# localectl |
System Locale:.UTF-8 VC Keymap: us X11 Layout: us |
#显示语言环境列表 [[email protected] ~]# localectl list-locales |
。。。。。。 en_US en_US.iso88591 en_US.iso885915 en_US.utf8 |
#设置区域语言 [[email protected] ~]# localectl set-locale.utf8 #显示语言状态 [[email protected] ~]# localectl |
System Locale:.utf8 VC Keymap: us X11 Layout: us |
13.设置密码
出于安全原因设置密码规则。
1)设置密码过期的天数。用户必须在几天内更改密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -M(days)(user)”。
| [[email protected] ~]# vi /etc/login.defs |
#第25行:为密码过期设置60 PASS_MAX_DAYS 60 |
2)设置可用密码的最短天数。至少在改变它之后,用户必须至少使用他们的密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -m(days)(user)”
| [[email protected] ~]# vi /etc/login.defs |
#第26行:设置2为可用天数 PASS_MIN_DAYS 2 |
3)在到期前设置警告的天数。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -W(days)(user)”。
| [[email protected] ~]# vi /etc/login.defs |
#第28行:为警告天数设置7 PASS_WARN_AGE 7 |
4)使用过去使用的密码进行限制。在这一代中,用户不能设置相同的密码。
| [[email protected] ~]# vi /etc/pam.d/system-auth |
#第15行附近:禁止在过去的5代中使用相同的密码 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5 |
5)设置最小密码长度。用户不能将其密码长度设置为小于此参数。
#为最小密码长度设置8 [[email protected] ~]# authconfig --passminlen=8 --update |
#该参数在下面的配置中设置 [[email protected] ~]# grep "^minlen" /etc/security/pwquality.conf |
| minlen = 8 |
6)为新密码设置所需的最少字符类数。 (种类?UpperCase / LowerCase / Digits / Others)
#设置2以获取所需字符类别的最小数量 [[email protected] ~]# authconfig --passminclass=2 --update |
#该参数在下面的配置中设置 [[email protected] ~]# grep "^minclass" /etc/security/pwquality.conf |
| minclass = 2 |
7)在新密码中设置允许的连续相同字符的最大数量。
#为允许的连续相同字符的最大数量设置2 [[email protected] ~]# authconfig --passmaxrepeat=2 --update |
#该参数在下面的配置中设置 [[email protected] ~]# grep "^maxrepeat" /etc/security/pwquality.conf |
| maxrepeat = 2 |
8)在新密码中设置同一类的最大允许连续字符数。
#设置4为同一类的最大允许连续字符数 [[email protected] ~]# authconfig --passmaxclassrepeat=4 --update |
#该参数在下面的配置中设置 [[email protected] ~]# grep "^maxclassrepeat" /etc/security/pwquality.conf |
| maxclassrepeat = 4 |
9)新密码中至少需要一个小写字符。
| [[email protected] ~]# authconfig --enablereqlower --update |
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑) [[email protected] ~]# grep "^lcredit" /etc/security/pwquality.conf |
| lcredit = -1 |
10)新密码中至少需要一个大写字符。
| [[email protected] ~]# authconfig --enablerequpper --update |
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑) [[email protected] ~]# grep "^ucredit" /etc/security/pwquality.conf |
| ucredit = -1 |
11)新密码中至少需要一位数字。
| [[email protected] ~]# authconfig --enablereqdigit --update |
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑) [[email protected] ~]# grep "^dcredit" /etc/security/pwquality.conf |
| dcredit = -1 |
12)新密码中至少需要一个其他字符。
| [[email protected] ~]# authconfig --enablereqother --update |
#该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑) [[email protected] ~]# grep "^ocredit" /etc/security/pwquality.conf |
| ocredit = -1 |
13)在新密码中设置单调字符序列的最大长度。 (ex?'12345','fedcb')
| [[email protected] ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 maxsequence = 3 |
14)设置旧密码中不能出现的新密码中的字符数。
| [[email protected] ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 difok = 5 |
15)检查新密码中是否包含用户passwd项的GECOS字段中长度超过3个字符的单词。
| [[email protected] ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 gecoscheck = 1 |
16)设置不能包含在密码中的Ssace分隔列表。
| [[email protected] ~]# vi /etc/security/pwquality.conf |
#在最后一行添加 badwords = denywords1 denywords2 denywords3 |
17)为新密码设置散列/密码算法。 (默认是sha512)
#显示当前算法 [[email protected] ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |
#将算法更改为sha512 [[email protected] ~]# authconfig --passalgo=sha512 --update [[email protected] ~]# authconfig --test | grep hashing |
| password hashing algorithm is sha512 |
以上是关于Centos7基础设置的主要内容,如果未能解决你的问题,请参考以下文章