Article Directory
First, boot
1.Ubuntu boot
You can set the boot there are two places:
First, in the /etc/init.d directory, the service can be placed in this directory.
The second is the rc.local under /etc/init.d, you may need to boot the program starts writing the file. You can use sysv-rc-conf command set and view the start-up services.
- Create a new script in /etc/init.d/ test, in the following format:
#!/bin/bash
#要执行的命令
exit 0
- Added a script executable permissions
sudo chmod +x test
- Set boot
sudo update-rc.d test defaults
#90是优先级,越大优先级越低,越晚执行
- Use sysv-rc-conf command to set the run level
#sysv-rc-conf默认没有安装,首先安装
sudo apt install sysv-rc-conf
#执行命令sudo sysv-rc-conf,用空格键选中或取消指定的运行级别。
#取消开机启动可以使用
sudo update-rc.d -f 脚本名 remove
Second, the firewall
1.ubuntu firewall
UFW or Uncomplicated Firewall iptables interface is designed to simplify the process of configuring the firewall. UFW installed by default on Ubuntu. If not, you can use the sudo apt-get install ufw.
- ufw common operations
sudo ufw status #查看状态和规则
sudo ufw disable #禁用
sudo ufw enable #启用
sudo ufw reset #重置
sudo ufw status numbered #显示规则编号
- Set the default policy
If you have just started using a firewall, the first rule you want to define your default policy. These rules control how not clearly match any other rules of traffic.
sudo ufw default deny incoming #拒绝所有传入连接
sudo ufw default allow outgoing #允许所有传出连接
- To enable or disable the specified connection
#允许连接
sudo ufw allow 端口/服务
#允许ssh远程连接
sudo ufw allow ssh #或者sudo ufw allow 22/tcp
#允许未加密的web访问
sudo ufw allow http #或sudo ufw allow 80
#允许加密的web访问
sudo ufw allow https #或sudo ufw allow 443
#允许ftp访问
sudo ufw allow ftp #或sudo ufw allow 21/tcp
#允许远程mysql访问
sudo ufw allow 3306
#允许特定范围的端口
sudo ufw allow 6000:6007/tcp #允许使用端口6000 - 6007 X11连接
#允许特定ip地址
sudo ufw allow from 15.15.15.51
#允许特定子网
sudo ufw allow from 15.15.15.0/24 #允许所有的IP地址范围从15.15.15.1到15.15.15.254
#拒绝连接
sudo ufw deny http
sudo ufw deny from 15.15.15.51
Link on the remote server is not on MySQL, not just the configuration file is not in effect, or modify the error, it could be 3306 port is not open port 3306 if you can not control the server security policy, may use the sudo command to open
- Delete Rule
sudo ufw status numbered #先查看编号
sudo ufw delete 2 #再按编号删除
#按实际规则
sudo ufw delete allow http
sudo ufw delete allow 80
2. CentOS7 firewall
CentOS7 / RHEL7 system default iptables management tools firewalld, is no longer the past iptables-services, command them not the same, of course, you can also choose to uninstall firewalld, install iptables-services. If you do not install first install firewalld
2.1 Installation firewalld
yum -y install firewalld
2.2 firewalld basic use
- start up:
systemctl start firewalld - shut down:
systemctl stop firewalld - View status:
systemctl status firewalld - Disable boot:
systemctl disable firewalld - Power On:
systemctl enable firewalld
2.3 Firewall configuration firewalld-cmd
firewalld character interface management tool is firewall-cmd
firewall-cmd --state #显示状态
#查看端口或服务
firewall-cmd --permanent --zone=public --list-ports #查看所有端口
firewall-cmd --permanent --zone=public --list-services #服务
#添加服务或端口
irewall-cmd --zone=public --add-service=https #临时
firewall-cmd --permanent --zone=public --add-service=https #永久
firewall-cmd --permanent --zone=public --add-port=8080-8081/tcp #永久
firewall-cmd --permanent --remove-port=8080/tcp #移除端口
firewall-cmd --reload #重新载入
2.4 selinux
centos advanced firewall
vim /etc/sysconfig/selinux
#SELINUX=enforcing
SELINUX=disabled #添加禁止启动
#SELINUXTYPE=targeted
setenforce 0 #让修改立即生效,或者临时关闭selinux