VMware_CentOS7.x安装

@Mrliang123 2021-07-15 21:52 字数 11811 阅读 0

 

 

 

VMware_CentOS7.x安装

工具

---

 

装机

前边参考centos6的安装--->install CentOS7--->中文---->语言（需要再安装一个英文版本，一些不支持中文）---->英文---->最小化安装server with GUI---->将CompatibilityLibraries+DevelopmentTools+Security选中---->自动分区（都已经是新版本了，不需要再给bios分区了）--->网络和主机名---->启动网络---->开始安装---->设置密码--->重启 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

ssh登录策略

ssh配置文件

 

1. admin@1234
2. [root@localhost ~]# vim /etc/ssh/sshd_config
3. [root@localhost ~]# cat -n /etc/ssh/sshd_config | sed -n '17p;38p;43p;47p;65p;79p;115p'
4. 17 Port 22222 #工作中常设定到1万以上，否则容易被扫出来
5. 38 PermitRootLogin no #禁止root远程登录
6. 43 PubkeyAuthentication yes #开启公钥认证模式
7. 47 AuthorizedKeysFile .ssh/authorized_keys #公钥存放位置
8. 65 PasswordAuthentication no #关闭密码认证
9. 79 GSSAPIAuthentication no #关闭GSSAPI认证，极大提高ssh连接速度
10. 115 UseDNS no #关闭DNS反向解析，极大提高ssh连接速度

创建普通用户（使普通用户也可以免密登录，使用root的时候sudo su -，这样不用输入密码，提高了安全）

 

1. [root@localhost ~]# ssh-keygen #创建密钥
2. Generating public/private rsa key pair.
3. Enter file in which to save the key (/root/.ssh/id_rsa):
4. Created directory '/root/.ssh'.
5. Enter passphrase (empty for no passphrase):
6. Enter same passphrase again:
7. Your identification has been saved in /root/.ssh/id_rsa.
8. Your public key has been saved in /root/.ssh/id_rsa.pub.
9. The key fingerprint is:
10. SHA256:4N3nQ21gdkAJ1S1AzLzp2eLbfschPiRuNGn0fSmPHdc root@Centos7.5
11. The key's randomart image is:
12. +---[RSA 2048]----+
13. | .O*+ . |
14. | =.o .|
15. | . +o.. |
16. | . o . +o+ |
17. | . S o.=o+ o|
18. | X+*.=E|
19. | +.B.*.=|
20. | o.* o+|
21. | . .o+..|
22. +----[SHA256]-----+
23. [root@localhost ~]# cd .ssh
24. [root@localhost .ssh]# mv id_rsa id_rsa_root
25. [root@localhost .ssh]# ls
26. id_rsa.pub id_rsa_root
27. [root@localhost .ssh]# cat id_rsa.pub > authorized_keys #将密钥导入keys文件中
28. [root@localhost .ssh]# ls
29. authorized_keys id_rsa.pub id_rsa_root
30. [root@localhost .ssh]# useradd yunjisuan
31. [root@localhost .ssh]# echo "123123" | passwd --stdin yunjisuan
32. Changing password for user yunjisuan.
33. passwd: all authentication tokens updated successfully.
34. [root@localhost .ssh]# mkdir -p /home/yunjisuan/.ssh
35. [root@localhost .ssh]# chown yunjisuan.yunjisuan /home/yunjisuan/.ssh
36. [root@localhost .ssh]# chmod 700 /home/yunjisuan/.ssh
37. [root@localhost .ssh]# cp -p authorized_keys /home/yunjisuan/.ssh
38. [root@localhost .ssh]# chown yunjisuan.yunjisuan /home/yunjisuan/.ssh/authorized_keys
39. [root@localhost .ssh]# ll /home/yunjisuan/.ssh/authorized_keys
40. -rw-r--r-- 1 yunjisuan yunjisuan 396 Jul 16 16:22 /home/yunjisuan/.ssh/authorized_keys
41. [root@localhost .ssh]# vim /etc/sudoers
42. [root@localhost .ssh]# sed -n '93p' /etc/sudoers
43. yunjisuan ALL=(ALL) NOPASSWD: ALL

设置xshell私钥登录Linux

 

1. [root@localhost .ssh]# ls
2. authorized_keys id_rsa.pub id_rsa_root
3. [root@localhost .ssh]# pwd
4. /root/.ssh
5. [root@localhost .ssh]# sz id_rsa_root #将文件导入桌面后，再文件导入xshell登录

xshell私钥登录后的显示

 

1. [yunjisuan@localhost ~]$ sudo su -
2. Last login: Tue Jul 16 11:45:26 CST 2019 from 192.168.200.1 on pts/0
3. [root@localhost ~]# ls
4. anaconda-ks.cfg
5. [root@localhost ~]# su yunjisuan
6. [yunjisuan@localhost root]$ ls
7. ls: cannot open directory .: Permission denied
8. [yunjisuan@localhost root]$ cd ~
9. [yunjisuan@localhost ~]$ ls -a
10. . .. .bash_logout .bash_profile .bashrc .ssh
11. [yunjisuan@localhost ~]$ ls .ssh/
12. authorized_keys

 

开机进行的操作

 

改名

方法一

 

1. [root@localhost ~]# vi /etc/hostname
2. [root@localhost ~]# cat /etc/hostname
3. liangzhunhao
4. [root@localhost ~]# reboot
5. [root@liangzhunhao ~]#

方法二

 

1. [root@localhost ~]# hostname liangzhunhao
2. [root@localhost ~]# cat /etc/hostname
3. liangzhunhao
4. [root@localhost ~]# reboot
5. [root@liangzhunhao ~]#

 

主机名映射

 

1. [root@liangzhunhao ~]# vi /etc/hosts
2. [root@liangzhunhao ~]# cat /etc/hosts
3. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
4. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
5. 192.168.200.75 liangzhunhao

 

关闭NetworkManager

关闭NetworkManager服务，并关闭开机自启动（若不设置这一步，则会造成修改IP后未改变）

 

1. [root@liangzhunhao ~]# systemctl status NetworkManager
2. ● NetworkManager.service - Network Manager
3. Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) #开机自启动，配置文件在/usr/lib/systemd/system/NetworkManager.service
4. Active: active (running) since 五 2019-12-06 21:45:37 CST; 3min 21s ago #开启状态
5. Docs: man:NetworkManager(8)
6. Main PID: 1034 (NetworkManager) #pid号
7. CGroup: /system.slice/NetworkManager.service
8. ├─1034 /usr/sbin/NetworkManager --no-daemon
9. └─1208 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens32.pid -lf /var/lib/NetworkManager/dhclient-36ed6a5c-b98f-4177-80d8-0b3b4657b0cc-ens32.lease -cf /var/lib/Netw...
11. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8562] device (ens32): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
12. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8565] device (ens32): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
13. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8566] device (ens32): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
14. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8596] manager: NetworkManager state is now CONNECTED_LOCAL
15. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8605] manager: NetworkManager state is now CONNECTED_SITE
16. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8609] policy: set 'ens32' (ens32) as default for IPv4 routing and DNS
17. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8617] device (ens32): Activation: successful, device activated.
18. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8632] manager: startup complete
19. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8698] manager: NetworkManager state is now CONNECTED_GLOBAL
20. 12月 06 21:45:37 liangzhunhao dhclient[1208]: bound to 192.168.200.75 -- renewal in 2435547 seconds.
21. [root@liangzhunhao ~]# systemctl stop NetworkManager
22. [root@liangzhunhao ~]# systemctl disable NetworkManager
23. Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
24. Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
25. Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
26. [root@liangzhunhao ~]# systemctl status NetworkManager
27. ● NetworkManager.service - Network Manager
28. Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
29. Active: inactive (dead) since 五 2019-12-06 21:49:56 CST; 3s ago
30. Docs: man:NetworkManager(8)
31. Process: 1034 ExecStart=/usr/sbin/NetworkManager --no-daemon (code=exited, status=0/SUCCESS)
32. Main PID: 1034 (code=exited, status=0/SUCCESS)
33. CGroup: /system.slice/NetworkManager.service
34. └─1208 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-ens32.pid -lf /var/lib/NetworkManager/dhclient-36ed6a5c-b98f-4177-80d8-0b3b4657b0cc-ens32.lease -cf /var/lib/Netw...
36. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8596] manager: NetworkManager state is now CONNECTED_LOCAL
37. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8605] manager: NetworkManager state is now CONNECTED_SITE
38. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8609] policy: set 'ens32' (ens32) as default for IPv4 routing and DNS
39. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8617] device (ens32): Activation: successful, device activated.
40. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8632] manager: startup complete
41. 12月 06 21:45:37 liangzhunhao NetworkManager[1034]: <info> [1575639937.8698] manager: NetworkManager state is now CONNECTED_GLOBAL
42. 12月 06 21:45:37 liangzhunhao dhclient[1208]: bound to 192.168.200.75 -- renewal in 2435547 seconds.
43. 12月 06 21:49:56 liangzhunhao NetworkManager[1034]: <info> [1575640196.0380] caught SIGTERM, shutting down normally.
44. 12月 06 21:49:56 liangzhunhao systemd[1]: Stopping Network Manager...
45. 12月 06 21:49:56 liangzhunhao systemd[1]: Stopped Network Manager.
46. [root@liangzhunhao ~]# systemctl list-unit-files | grep Network #列出所有服务开机的状态
47. NetworkManager-dispatcher.service disabled
48. NetworkManager-wait-online.service enabled
49. NetworkManager.service disabled

注释：

 

1. 若不进行这一步具体的systemctl status network具体报错，需systemctl stop NetworkManager
2. Mar 10 02:57:29 liangzhunhao network[2193]: Bringing up interface ens32: Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
3. 关闭networkmanager后可以观察一下network是否处于开机自启动，若不是可以/sbin/chkconfig network on打开
4. 若出现一些无法解决的错误可以重启本机的网卡试试

 

设置DNS

当启动network时，网卡的优先级要比它高，所以会覆盖它，但当启动后网络会先从它这里读取数据，所以可以临时生效

 

1. [root@liangzhunhao ~]# cat /etc/resolv.conf
2. # Generated by NetworkManager
3. search localdomain
4. nameserver 192.168.200.2
5. [root@liangzhunhao ~]# vi /etc/resolv.conf
6. [root@liangzhunhao ~]# cat /etc/resolv.conf
7. # Generated by NetworkManager
8. search localdomain
9. nameserver 192.168.200.66
10. [root@liangzhunhao ~]# systemctl restart network
11. [root@liangzhunhao ~]# cat /etc/resolv.conf
12. ; generated by /usr/sbin/dhclient-script
13. search localdomain
14. nameserver 192.168.200.2

 

设置网卡

 

1. [root@liangzhunhao ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
2. TYPE="Ethernet" #网络类型，Ethernet为以太网
3. PROXY_METHOD="none" #代理方式
4. BROWSER_ONLY="no" #只是浏览器
5. BOOTPROTO="none" #不启用dhcp，手动配置
6. DEFROUTE="yes" #启动默认路由
7. NAME="ens32" #网卡别名
8. DEVICE="ens32" #网卡的设备名称
9. ONBOOT="yes" #开机自动激活网卡
10. IPADDR=192.168.200.75 #IP地址
11. NETMASK=255.255.255.0 #子网掩码
12. GATEWAY=192.168.200.2 #网关
13. DNS1=192.168.200.2 #dns
14. [root@liangzhunhao ~]# systemctl restart network

 

关闭selinux

 

1. [root@liangzhunhao ~]# sestatus #查看selinux状态
2. SELinux status: enabled
3. SELinuxfs mount: /sys/fs/selinux
4. SELinux root directory: /etc/selinux
5. Loaded policy name: targeted
6. Current mode: enforcing
7. Mode from config file: enforcing
8. Policy MLS status: enabled
9. Policy deny_unknown status: allowed
10. Max kernel policy version: 31
11. [root@liangzhunhao ~]# vi /etc/selinux/config
12. [root@liangzhunhao ~]# cat /etc/selinux/config
14. # This file controls the state of SELinux on the system.
15. # SELINUX= can take one of these three values:
16. # enforcing - SELinux security policy is enforced.
17. # permissive - SELinux prints warnings instead of enforcing.
18. # disabled - No SELinux policy is loaded.
19. SELINUX=disabled #永久关闭
20. # SELINUXTYPE= can take one of three two values:
21. # targeted - Targeted processes are protected,
22. # minimum - Modification of targeted policy. Only selected processes are protected.
23. # mls - Multi Level Security protection.
24. SELINUXTYPE=targeted
25. [root@liangzhunhao ~]# setenforce 0 #临时关闭selinux
26. [root@liangzhunhao ~]# reboot
27. [root@liangzhunhao ~]# sestatus
28. SELinux status: disabled

 

yum源

 

1. [root@liangzhunhao ~]# cd /etc/yum.repos.d/
2. [root@liangzhunhao yum.repos.d]# mkdir bak
3. [root@liangzhunhao yum.repos.d]# mv ./* bak
4. mv: 无法将目录"./bak" 移动至自身的子目录"bak/bak" 下
5. [root@liangzhunhao yum.repos.d]# mv bak/*M* .
6. [root@liangzhunhao yum.repos.d]# vi CentOS-Media.repo #将enabled改为1
7. [root@liangzhunhao yum.repos.d]# mkdir -p /media/cdrom
8. [root@liangzhunhao yum.repos.d]# mount /dev/sr0 /media/cdrom/
9. mount: /dev/sr0 写保护，将以只读方式挂载（若是挂载失败，查看VMware上有无光盘）
10. [root@liangzhunhao yum.repos.d]# yum -y clean all
11. [root@liangzhunhao yum.repos.d]# yum makecache
12. [root@liangzhunhao yum.repos.d]# yum provides *bin/wget
13. 已加载插件：fastestmirror
14. Loading mirror speeds from cached hostfile
15. * c7-media:
16. wget-1.14-15.el7_4.1.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
17. 源 ：c7-media
18. 匹配来源：
19. 文件名 ：/usr/bin/wget
20. [root@liangzhunhao yum.repos.d]# yum -y install wget-1.14-15.el7_4.1.x86_64
21. [root@liangzhunhao yum.repos.d]# ping baidu.com
22. PING baidu.com (220.181.38.148) 56(84) bytes of data.
23. 64 bytes from baidu.com (220.181.38.148): icmp_seq=1 ttl=128 time=10.7 ms
24. ^C
25. --- baidu.com ping statistics ---
26. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
27. rtt min/avg/max/mdev = 10.704/10.704/10.704/0.000 ms
28. [root@liangzhunhao yum.repos.d]# mv ./* bak
29. mv: 无法将目录"./bak" 移动至自身的子目录"bak/bak" 下
30. [root@liangzhunhao yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo
31. [root@liangzhunhao yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
32. [root@liangzhunhao yum.repos.d]# ll
33. 总用量 8
34. drwxr-xr-x 2 root root 187 12月 6 23:42 bak
35. -rw-r--r-- 1 root root 2523 6月 16 2018 CentOS-163.repo
36. -rw-r--r-- 1 root root 2523 6月 16 2018 CentOS-aliyun.repo
37. [root@liangzhunhao yum.repos.d]# yum -y clean all
38. [root@liangzhunhao yum.repos.d]# yum makecache
39. [root@liangzhunhao yum.repos.d]# yum update #更新系统（更新的时间取决于网速）

 

时间同步

 

1. [root@liangzhunhao ~]# yum -y install ntpdate
2. [root@liangzhunhao ~]# systemctl list-unit-files
3. [root@liangzhunhao ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
4. #-s 软连接 -f 强制执行
5. [root@liangzhunhao ~]# ntpdate ntp1.aliyun.com
6. 6 Dec 23:54:04 ntpdate[40927]: adjust time server 120.25.115.20 offset -0.031152 sec
7. [root@liangzhunhao ~]# date
8. 2019年 12月 06日 星期五 23:54:08 CST
9. [root@liangzhunhao ~]# echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >> /var/log/ntp.log 2>&1;/sbin/hwclock -w" >> /var/spool/cron/root
10. [root@liangzhunhao ~]# crontab -l
11. */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >> /var/log/ntp.log 2>&1;/sbin/hwclock -w
12. # 2>&1 这个符号写在末尾是为了将错误输出到正确输出中，但是正确输出为1，即输出到/var/log/ntp.log，也就是无论正确错误都是输出到同一个文件中

 

关闭防火墙

 

1. systemctl disable firewalld.service

+

 

@Mrliang123 2021-07-15 21:52 字数 11811 阅读 0

 

 

 

本地文稿已同步至最新状态。