One Tuning and security settings after installing the Linux system:
1 Turn off the SELinux function:
1 [root@localhost data]# sed 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config (Use the sed command to modify the output content first, then add -i to modify the file content, which is also required in the production environment 2 # This file controls the state of SELinux on the system. 3 # SELINUX= can take one of these three values: 4 # enforcing - SELinux security policy is enforced. 5 # permissive - SELinux prints warnings instead of enforcing. 6 # disabled - No SELinux policy is loaded. 7 SELINUX= disabled 8 # SELINUXTYPE= can take one of three two values: 9# targeted - Targeted processes are protected , 10 # minimum - Modification of targeted policy. Only selected processes are protected . 11 # mls - Multi Level Security protection. 12 SELINUXTYPE= targeted 13 14 [root@localhost data]# sed -i 's #SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config (After confirming that the output is changed successfully, add -i to execute the changed file content) 15 [root@localhost data]# grep "SELINUX=disabled" /etc/ selinux/ config (check with grep again) 16 SELINUX=disabled
*The above is only to modify the configuration file, and it needs to be restarted to take effect. However, the production environment does not allow the server to restart, which affects customer access. In this case, another command is required.
1 [root@localhost data]# getenforce (view SElinux status) 2 Enforcing 3 [root@localhost data]# setenforce (set status) 4 usage: setenforce [ Enforcing | Permissive | 1 | 0 ] (Enforcing is 1, Permissive is 0 means) 5 [root@localhost data]# setenforce 0 6 [root@localhost data]# getenforce 7 Permissive
Do this: Before restarting, it was Permissive, but the previous configuration file was changed to disabled. Once restarted, it was disabled. However, because restarting is not actually allowed, the configuration file and command line were changed, and both disabled and Permissive were not affected. .
II: The seven operating levels of Linux and their corresponding functions.
·Enterprise scenario interview questions : 7 operating levels of Linux and their corresponding functions. (Keep in mind)
·Enterprise scenario interview questions : To change the operating level of Linux from 3 to 5, which file should be modified?
Answer: /etc/inittab
Default runlevel.The runlevels used are:
0 -halt(Do NOT set initdefault to this) Shutdown.
1 -Single user mode Single user state, it is used when the server needs to be maintained, such as password loss.
2 -Multiuser,without NFS(The same as 3,if you not have networking) Multiuser mode.
3 -Full multiuser mode Full multiuser mode, command line mode. The working environment generally uses 3 levels.
4 -unused Not used, reserved.
5 -Xll Mode with desktop.
6 -reboot (Do NOT set initdefault to this) Reboot.
Check the current Linux running mode:
[root@localhost ~]# runlevel
N 5
run level can be switched:
[root@localhost ~]# init Enter numbers 0-6 to switch to the mode you want.
·runlevel: View the current system run level.
·init: switch the run level, followed by the number of the corresponding level, for example, init 6 is to restart the linux server.
Three: Shutdown and restart commands and firewall settings:
shutdown #shutdown. halt, init0 is also a shutdown command.
Shutdown: shutdown -h now (or specified time).
· rboot #reboot. init6 also restarts.
Restart: shutdowndowm -r now
Close the firewall command: [root@localhost ~]# /etc/init.d/iptables stop Temporarily close
the firewall permanently: [root@localhost ~]# chkconfig iptables off The next boot will not start automatically.
View the firewall command: [root@localhost ~]# /etc/init.d/iptables status
CentOS 7 uses firewall as the firewall by default.
# service firewalld status; #Check the firewall status
(disabled indicates that the startup has been prohibited. Enable indicates that the startup is automatic, and inactive indicates that the firewall is closed. activated (running) indicates the open state)
# service firewalld start; Or #systemctl start firewalld.service;#Open the firewall
# service firewalld stop; Or #systemctl stop firewalld.service;#Close the firewall
# service firewalld restart; Or #systemctl restart firewalld.service; #Restart the firewall
# systemctl disable firewalld.service# Disable the firewall to open automatically
# systemctl enable firewalld#Set the firewall to start at boot
#yum remove firewalld#Uninstall firewall
Four Linux Chinese display settings:
This optimization is optional, that is, adjust the character set settings of the Linux system.
A character set is a set of text symbols and their encodings. At present, the character sets commonly used under Linux are:
·GBKL: fixed-length, double-byte, not an international standard, supported by many systems, but not much used by actual enterprises.
·UTF-8: Unfixed length, 1-4 bytes, widely supported, MYSQL also uses UTF-8, which is widely used by enterprises.
In versions earlier than CentOS 7, the path to the default character set was generally stored in the /etc/sysconfig/i18n file.
But in CentOS 7 version, the charset configuration file is located in /etc/locale.conf.
The following demonstration makes Linux Chinese display in Centos7:
1 [root@localhost ~]# cat /etc/ locale.conf (view character set configuration file) 2 LANG= " en_US.UTF-8 " 3 [root@localhost ~]# cp // etc/locale.conf /etc /locale.conf.ori (best backup) 4 [root@localhost ~]# echo ' LANG="zh_CN.UTF-8" ' >/etc/ locale.conf (use echo command to append output, replace content) 5 [ root@localhost ~]# cat /etc/ locale.conf (view character set configuration file) 6 LANG= " zh_CN.UTF-8 " 7 [root@localhost ~ ]# echo $LANG (view character set configuration file) 8 en_US .UTF- 8 9[root@localhost ~]# . /etc/ locale.conf (also need to use . or source command to make changes take effect) 10 [root@localhost ~ ]# echo $LANG (check variable $LANG) 11 zh_CN.UTF- 8 12 [root@localhost ~]# source /etc/ locale.conf 13 [root@localhost ~ ]# echo $LANG 14 zh_CN.UTF- 8
Finally, change the character encoding to UTF-8 in the properties-appearance of the virtual machine, and reconnect, so that the server side and the client side correspond to ensure that the dialogue characters are consistent.
1 [root@localhost ~]# echo $LANG 2 zh_CN.UTF-8 3 [root@localhost ~]# cat /etc/locale.conf 4 LANG="zh_CN.UTF-8" 5 [root@localhost ~]# touch 老男孩。txt 6 [root@localhost ~]# ls 7 anaconda-ks.cfg initial-setup-ks.cfg oldboy.txt 老男孩。txt 8 [root@localhost ~]#
Note: Do not use any Chinese information in Linux system.
5 The command to set the timeout period for idle accounts only takes effect temporarily:
[root@localhost ~]# export TMOUT=5
[root@localhost ~]# timed out waiting for input: auto-logout
Lu Clear all history commands:
[root@localhost ~]# history -c
Delete a specified command:
[root@localhost ~]# history -d Number (the number of the line to be deleted)
[root@localhost ~]# export HISTSIZE=5 Set the number of command line records displayed
[root@localhost ~]# cat ~/.bash_bash_history (but you can still see all history commands from the command line file)
[root@localhost ~]# export HISTFILESIZE=5 (set the number of command line file history)
history #View and clear history. -c clears all, -d deletes the specified history.
export HISTORY= 5 Number of command line history. (Linux special variables). export HISTFILESIZE = 5 Number of command line file history. cat ~/.bash_bash_history View command line file history
Put the above command into the configuration file to make it permanent:
1 [root@localhost ~]# echo 'export TMOUT=300' >>/etc/profile 2 [root@localhost ~]# echo 'export HISTSIZE=5' >>/etc/profile 3 [root@localhost ~]# echo 'export HISTFILESIZE=5' >>/etc/profile 4 [root@localhost ~]# tail -3 /etc/profile 5 export TMOUT=300 6 export HISTSIZE=5 7 export HISTFILESIZE=5 8 [root@localhost ~]# source /etc/profile (使配置文件生效)
7 Hide the Linux version information and display:
1 [root@localhost ~]# cat /etc/ issue to view version information 2 \S 3 Kernel \r on an \m 4 [root@localhost ~]# cat /etc/ issue.net 5 \S 6 Kernel \r on an \m 7 [root@localhost ~]# > /etc/issue to clear the information with > 8 [root@localhost ~]# > /etc/issue. net