Linux初始化模版系统配置

一、yum源配置1、挂在光驱到/media1.mount/dev/cdrom/media2、RHEL6yum源文件，名称为local.repo1.[local-Server]2.baseurl=file:///media/Server3.enabled=14.gpgcheck=05.[local-HA]6.baseurl=file:///media/HighAvailability7.enabled=18.gpgcheck=09.[local=LB]10.baseurl=file:///media/LoadBalancer11.enabled=112.gpgcheck=013.[local-RS]14.baseurl=file:///media/ResilientStorage15.enabled=116.gpgcheck=0二、开发程序、开发库1、使用yum安装DevelopmentToolsDevelopmentLibraries1.yumgroupinstallDevelopmentToolsDevelopmentLibrariesenabled=1三、新建账户shadm1（登录用户）was（应用账号设uid500）1、新建账户shadm1（登录用户）1.useraddshadm12.passwdshadm13.root1232、was（应用账号设uid500）1.groupadd-g500wasgrp2.useradd-u500was-gwasgrp四、ntp服务配置1、编辑/etc/ntp.conf添加两条代码1.server172.16.20.262.restrict172.16.20.262、配置启动1./etc/rc.d/init.d/ntpdstart2.chkconfigntpdon五、socket最大连接数修改1.编辑/etc/security/limits.conf1.*softnofile3000002.*hardnofile3000002./etc/pam.d/login在后面加上1.sessionrequiredpam_limits.so六、安装配置x11桌面1、安装x11桌面1.yuminstallxorg*2、配置x11桌面vi/etc/inittab修改一条如下1.id:3:initdefault:七、停不必要的服务1.serviceabrt-ccppstop2.serviceabrtdstop3.serviceacpidstop4.serviceatdstop5.ervicebuletoothstop6.servicecaermanagerstop7.servicecpuspeedstop8.servicecupsstop9.serviceip6tablesstop10.servicelibvirt-guestsstop11.servicemdmonitorstop12.servicenfslockstop13.serviceNetworkManagerstop14.chkconfigNetworkManageroff八、删除不必要系统账号1.userdeladm2.userdellp3.userdelshutdown4.userdelhalt5.userdeluucp6.userdeloperator7.userdelgames8.userdelgopher九、openssh编译安装最新版本（OpenSSH6.7）1、配置telnet服务1.1检查安装依赖包yuminstallzlibgccmake下载openssl-1.0.1j安装配置openssl1.#./config--prefix=/usr--shared2.#make3.#maketest4.#makeinstall2、升级sshd到OpenSSH-6.72.1查看安装是否缺包#rpm-qa|egrepgcc|make|perl|pam|pam-devel如果有配置yum了的话可以直接yum安装这些包，这样既可以检验是否装了，没装的直接装上。yum-yinstallgcc*makeperlpampam-devel安装配置openssh备份ssh：5.#mv/etc/ssh/etc/ssh.bak6.#opensslversion–a7.#tarzxfopenssh-6.7p1.tar.gz&&cdopenssh-6.7p18.#./configure--prefix=/usr--sysconfdir=/etc/ssh--with-pam--with-zlib--with-md5-passwords9.#make10.#makeinstall2.3复制启动脚本到/etc/init.d1.[root@dqapp67]#cp/opt/openssh-6.7p1/contrib/redhat/sshd.init/etc/init.d/sshd2.cp:overwrite`/etc/init.d/sshd'?y2.4加入开机自启1.#chkconfig--addsshd十、ssh配置文件：关掉dns反查在server上/etc/ssh/sshd_config文件中修改或加入UseDNS=no十一、ssh配置文件：关闭root登录禁止root用户远程登陆：修改PermitRootLogin，默认为yes且注释掉了；修改是把注释去掉，并改成no。十二、配置密码复杂度检查编辑/etc/login.defs文件如下信息1.PASS_MAX_DAYS902.PASS_MIN_DAYS803.PASS_MIN_LEN104.PASS_WARN_AGE7