Rocky、Centos linux常用操作

📅 2026/7/10 13:36:19 👁️ 阅读次数 📝 编程学习
Rocky、Centos linux常用操作

修改Rocky服务器ip地址:

cd /etc/NetworkManager/system-connections/

修改文件中的ip

systemctl restart NetworkManager

查看本机公网ip地址:

curl http://cip.cc

curl http://ipinfo.io

查看防火墙白名单:

firewall-cmd --list-all

查看防火墙状态:

firewall-cmd --state

firewall 添加和删除白名单:


firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="需要访问后台的ip" port protocol="tcp" port="8080" accept'
firewall-cmd --reload

添加端口:

firewall-cmd --permanent --add-port=443/tcp

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.28.6.0/24" port protocol="tcp" port="3306" accept'
firewall-cmd --reload


3删除可访问的ip
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="要删除的ip" port protocol="tcp" port="3306" accept'
firewall-cmd --reload

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="172.28.6.0/24" port protocol="tcp" port="3306" accept'

sed 命令修改文件内容

sed -i "s/pam_deny.so/pam_deny.so onerr=fail deny=5 unlock_time=600 root_unlock_time=600/" /etc/pam.d/password-auth
sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 600/" /etc/ssh/sshd_config
sed -i "s/local_users_only/local_users_only minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=5 enforce_for_root/" /etc/pam.d/system-auth
systemctl restart sshd

查看8080端口占用进行:

netstat -tulnp | grep :8080

查看cpu、系统版等

lscpu

uname -a

cat /etc/os-release

Centos8更换国内yum源:

# 1. 备份当前的YUM源配置文件
sudo cp -a /etc/yum.repos.d /etc/yum.repos.d.bak

# 2. 删除/移除当前的YUM源配置文件
sudo rm -f /etc/yum.repos.d/*.repo

# 3. 下载阿里云的CentOS 8 YUM源配置文件
sudo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo

# 4. 重新加载YUM源
sudo yum clean all
sudo yum makecache

umount 挂载目录出现“device is busy”错误时,可以用命令:umount -fl 目录,解决。

当前日期输出为字符串:

echo $(date +"%Y%m%d%H%M")

ssh 连不上另一台linux服务器时:

echo "AllowUsers *@172.16.7.13" >> /etc/ssh/sshd_config
systemctl restart sshd

minio文件服务器搭建文档:

单节点单硬盘部署MinIO — MinIO中文文档 | MinIO Linux中文文档

linux定时执行:

crontab -e

30 1 * * 6 sh /root/fullBackup-244.sh 2>&1 > /root/mariadbBackup/log_$(date +\%Y-\%m-\%d-\%H-\%M)
30 1 * * 0-5 sh /root/increBackup-244.sh 2>&1 > /root/mariadbBackup/log_incre_$(date +\%Y-\%m-\%d-\%H-\%M)

docker代理设置

vim /etc/docker/daemon.json

{
"registry-mirrors":[
"https://docker.1ms.run"
],
"dns": ["8.8.8.8", "114.114.114.114"],
"data-root": "/home/docker"
}

安全加固:

useradd -m -s /bin/bash jiajie
passwd jiajie

vim /etc/ssh/sshd_config
PermitRootLogin no

ssh连接空闲最大时长断开配置

vim /etc/ssh/sshd_config

ClientAliveInterval 300
ClientAliveCountMax 2
LoginGraceTime 60

systemctl restart sshd

vim /etc/profile
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
unset HISTFILE

TMOUT=300

密码复杂度控制:

vim /etc/pam.d/system-auth
vim /etc/pam.d/password-auth


password requisite pam_pwquality.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=12 maxrepeat=3 reject_username enforce_for_root

用户密码最大修改时间设置:
vim /etc/login.defs

PASS_MAX_DAYS 90 # 密码最长使用 90 天,到期必须修改
PASS_WARN_AGE 7 # 过期前 7 天每日提醒

chage -M 90 -W 7 jiajie

chage -l jiajie