5月技术考核1
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了5月技术考核1相关的知识,希望对你有一定的参考价值。
CentOS系统基本设置(考试20分钟)1.修改ssh远程端口为12345,验证能用12345端口登录即可。
2.设置开启CentOS防火墙,并通过tcp的12345和3306端口,只能设置一条规则。
3.在配置文件里面关闭SELINUX,在不重启系统的情况下生效。
查看ssh端口,一般是默认的22
[[email protected] ~]# netstat -antulp | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 1101/sshd
tcp6 0 0 :::22 ::: LISTEN 1101/sshd
修改ssh端口,找到第18行,加一行Port 12345,保存退出
[[email protected] ~]# vim /etc/ssh/sshd_config
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
Port 12345
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
重启ssh服务才能生效,再查看端口,修改成功
[[email protected] ~]# systemctl restart sshd
[[email protected] ~]# netstat -antulp | grep sshd
tcp 0 0 0.0.0.0:12345 0.0.0.0: LISTEN 3463/sshd
tcp6 0 0 :::12345 ::: LISTEN 3463/sshd
查看防火墙状态
[[email protected] ~]# firewall-cmd --state
Running
若果没开启就运行
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# firewall-cmd --state
Running
防火墙服务预设的安全区域 public、trusted、drop
public 区域:为默认区域,只允许针对本机的 SSH 服务,其他都拒绝
trusted 区域:对本机的任何访问都被允许
drop 区域:访问本机的任何数据包都会被拒绝
[[email protected] ~]# firewall-cmd --list-all
You‘re performing an operation over default zone (‘trusted‘),
but your connections/interfaces are in zone ‘public‘ (see --get-active-zones)
You most likely need to use --zone=public option.
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
修改默认
[[email protected] ~]# firewall-cmd --set-default-zone=public
Success
[[email protected] ~]# firewall-cmd --reload
Success
[[email protected] ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
添加通过tcp的12345和3306端口
[[email protected] ~]# firewall-cmd --permanent --zone=public --add-port=12345/tcp --add-port=3306/tcp
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports: 12345/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
在配置文件里面关闭SELINUX,在不重启系统的情况下生效。
修改selinux配置文件,SELINUX=disabled
vim /etc/selinux/
#* This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.*
SELINUXTYPE=targeted
查看selinux’状态
[[email protected] selinux]# getenforce
Enforcing 强制
临时关闭
[[email protected] selinux]# setenforce 0
[[email protected] selinux]# getenforce
Permissive
以上是关于5月技术考核1的主要内容,如果未能解决你的问题,请参考以下文章