备案控制台
开发者社区 开发与运维 文章 正文

CentOS7一键安全加固及系统优化脚本

2022-12-03 1153
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
本文涉及的产品
运维安全中心(堡垒机),免费版 6个月
简介: CentOS7一键安全加固及系统优化脚本

640.jpg

CentOS7一键安全加固及系统优化脚本


init_centos7.sh 脚本内容如下 脚本说明:本脚本在 https://github.com/vtrois/spacepack上下载,并在其脚本基础上做了调整,根据前期CentOS7安全加固系列文章,添加了部分加固项


#!/usr/bin/env bash
#
# Author:       Seaton Jiang <seaton@vtrois.com>
# Github URL:   https://github.com/vtrois/spacepack
# License:      MIT
# Date:         2020-08-13
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
RGB_DANGER='\033[31;1m'
RGB_WAIT='\033[37;2m'
RGB_SUCCESS='\033[32m'
RGB_WARNING='\033[33;1m'
RGB_INFO='\033[36;1m'
RGB_END='\033[0m'
CHECK_CENTOS=$( cat /etc/redhat-release|sed -r 's/.* ([0-9]+)\..*/\1/' )
CHECK_RAM=$( cat /proc/meminfo | grep "MemTotal" | awk -F" " '{ram=$2/1000000}{printf("%.0f",ram)}' )
LOCK=/var/log/init_centos7_record.log
tool_info() {
    echo -e "========================================================================================="
    echo -e "                              Init CentOS 7 Script                                       "
    echo -e "          For more information please visit https://github.com/vtrois/spacepack          "
    echo -e "========================================================================================="
}
check_root(){
    if [[ $EUID -ne 0 ]]; then
        echo -e "${RGB_DANGER}This script must be run as root!${RGB_END}"
        exit 1
    fi
}
check_lock() {
    if [ ! -f "$LOCK" ];then
        touch $LOCK
    else
        echo -e "${RGB_DANGER}Detects that the initialization is complete and does not need to be initialized any further!${RGB_END}"
        exit 1
    fi
}
check_os() {
    if [ "${CHECK_CENTOS}" != '7' ]; then
        echo -e "${RGB_DANGER}This script must be run in CentOS 7!${RGB_END}"
        exit 1
    fi
}
new_swap() {
    echo "============= swap =============" >> ${LOCK} 2>&1
    if [ "${CHECK_RAM}" -le '2' ]; then
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    dd if=/dev/zero of=/swapfile bs=1024 count=1048576 >> ${LOCK} 2>&1
    chmod 600 /swapfile >> ${LOCK} 2>&1
    mkswap /swapfile >> ${LOCK} 2>&1
    swapon /swapfile >> ${LOCK} 2>&1
    echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
    echo '# Swap' >> /etc/sysctl.conf
    echo 'vm.swappiness = 10' >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    sysctl -n vm.swappiness >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
    else
    echo -e "${RGB_SUCCESS}Skip, no configuration needed${RGB_END}"
    fi
}
open_bbr() {
    echo "============= bbr =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo "# BBR" >> /etc/sysctl.conf
    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    sysctl -n net.ipv4.tcp_congestion_control >> ${LOCK} 2>&1
    lsmod | grep bbr >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
disable_software() {
    echo "============= selinux firewalld =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    setenforce 0 >> ${LOCK} 2>&1
    sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
    systemctl disable firewalld.service >> ${LOCK} 2>&1
 systemctl stop firewalld.service >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
time_zone() {
    echo "============= time zone =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    rm -rf /etc/localtime >> ${LOCK} 2>&1
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime >> ${LOCK} 2>&1
    ls -ln /etc/localtime >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
custom_profile() {
    echo "============= custom profile =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    cat > /etc/profile.d/centos7init.sh << EOF
PS1="\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\h \[\e[35;40m\]\W\[\e[0m\]]\\\\$ "
GREP_OPTIONS="--color=auto"
alias l='ls -AFhlt'
alias grep='grep --color'
alias egrep='egrep --color'
alias fgrep='fgrep --color'
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S  "
EOF
    cat /etc/profile.d/centos7init.sh >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
adjust_ulimit() {
    echo "============= adjust ulimit =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i '/^# End of file/,$d' /etc/security/limits.conf
    cat >> /etc/security/limits.conf <<EOF
# End of file
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
EOF
    cat /etc/security/limits.conf >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
kernel_optimum() {
    echo "============= kernel optimum =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    [ ! -e "/etc/sysctl.conf_bak" ] && /bin/mv /etc/sysctl.conf{,_bak}
    cat > /etc/sysctl.conf << EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0 
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.log_martians = 1 
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.default.promote_secondaries = 1
# Controls the use of TCP syncookies
# Number of pid_max
kernel.core_uses_pid = 1
kernel.pid_max = 1000000
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
# Controls the default maxmimum size of a mesage queue
# Controls the maximum shared segment size, in bytes
# Controls the maximum number of shared memory segments, in pages
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
kernel.sysrq = 1
kernel.softlockup_panic = 1
kernel.printk = 5
# TCP kernel paramater
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# Socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 65535
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# TCP conn reuse
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_max_tw_buckets = 7000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 1024 65535
net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 4096
EOF
    sysctl -p >> ${LOCK} 2>&1
    cat /etc/sysctl.conf >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
updatedb_optimum() {
    echo "============= updatedb optimum =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's,media,media /data,' /etc/updatedb.conf
    cat /etc/updatedb.conf >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
open_ipv6() {
    echo "============= open ipv6 =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo '# IPV6' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.all.disable_ipv6=0' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.default.disable_ipv6=0' >> /etc/sysctl.conf
    echo 'net.ipv6.conf.lo.disable_ipv6=0' >> /etc/sysctl.conf
    sysctl -p >> ${LOCK} 2>&1
    cat /etc/sysctl.conf >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
disable_cad() {
    echo "============= disable cad =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    systemctl mask ctrl-alt-del.target >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
remove_users() {
    echo "============= remove users =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    for u in adm lp sync shutdown halt mail operator games ftp 
    do
    userdel ${u} >> ${LOCK} 2>&1
    done
    cut -d : -f 1 /etc/passwd >> ${LOCK} 2>&1
    for g in adm lp mail games ftp 
    do
    groupdel ${g} >> ${LOCK} 2>&1
    done
    cat /etc/group >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
sys_permissions() {
    echo "============= sys permissions =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    chmod 644 /etc/passwd >> ${LOCK} 2>&1
    chmod 644 /etc/group >> ${LOCK} 2>&1
    chmod 000 /etc/shadow >> ${LOCK} 2>&1
    chmod 000 /etc/gshadow >> ${LOCK} 2>&1
    ls -la /etc/passwd >> ${LOCK} 2>&1
    ls -la /etc/group >> ${LOCK} 2>&1
    ls -la /etc/shadow >> ${LOCK} 2>&1
    ls -la /etc/gshadow >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
password_policy() {
    echo "============= password policy =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/^PASS_MAX_DAYS.*$/PASS_MAX_DAYS   90/' /etc/login.defs
    sed -i 's/^PASS_MIN_DAYS.*$/PASS_MIN_DAYS   10/' /etc/login.defs
    cat /etc/login.defs >> ${LOCK} 2>&1
    cat >>/etc/security/pwquality.conf << EOF
minlen = 8 
dcredit = -1
ucredit = -1
ocredit = -1
lcredit = -1
EOF
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
change_useradd() {
    echo "============= change useradd =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/^INACTIVE.*$/INACTIVE=180/' /etc/default/useradd
    cat /etc/default/useradd >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
sec_ssh() {
    echo "============= sec ssh =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    sed -i 's/UseDNS.*$/UseDNS no/' /etc/ssh/sshd_config
    sed -i 's/^#LoginGraceTime.*$/LoginGraceTime 60/' /etc/ssh/sshd_config
    sed -i 's/^#PermitEmptyPasswords.*$/PermitEmptyPasswords no/' /etc/ssh/sshd_config
    sed -i 's/^#PubkeyAuthentication.*$/PubkeyAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#MaxAuthTries.*$/MaxAuthTries 3/' /etc/ssh/sshd_config
    sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 30/g" /etc/ssh/sshd_config 
    sed -i "s/#ClientAliveCountMax 3/ClientAliveCountMax 3/g" /etc/ssh/sshd_config
    sed -i "s/X11Forwarding yes/X11Forwarding no/g" /etc/ssh/sshd_config
    sed -i "s/#Banner none/Banner \/etc\/issue.net/g" /etc/ssh/sshd_config
    echo "Authorized users only. All activity may be monitored and reported.">/etc/issue.net
    systemctl restart sshd.service >> ${LOCK} 2>&1
    cat /etc/ssh/sshd_config >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
timeout_config() {
    echo "============= timeout config =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    echo "export TMOUT=1800" >> /etc/profile.d/centos7init.sh
    cat /etc/profile.d/centos7init.sh >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
lockout_policy() {
    echo "============= lockout policy =============" >> ${LOCK} 2>&1
    echo -en "${RGB_WAIT}Configuring...${RGB_END}"
    [ ! -e "/etc/pam.d/system-auth_bak" ] && /bin/mv /etc/pam.d/system-auth{,_bak}
    cat > /etc/pam.d/system-auth << EOF
auth        required                                     pam_env.so
auth        required                                     pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=die]                                pam_faillock.so  authfail  audit  deny=3  unlock_time=300
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so
account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so
account     required                                     pam_faillock.so
password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so
session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so
EOF
    [ ! -e "/etc/pam.d/password-auth_bak" ] && /bin/mv /etc/pam.d/password-auth{,_bak}
    cat > /etc/pam.d/password-auth << EOF
auth        required                                     pam_env.so
auth        required                                     pam_faillock.so preauth silent audit deny=3 unlock_time=300
auth        required                                     pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=die]                                pam_faillock.so  authfail  audit  deny=3  unlock_time=300
auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient                                   pam_sss.so forward_pass
auth        required                                     pam_deny.so
account     required                                     pam_unix.so
account     sufficient                                   pam_localuser.so
account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required                                     pam_permit.so
account     required                                     pam_faillock.so
password    requisite                                    pam_pwquality.so try_first_pass local_users_only
password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient                                   pam_sss.so use_authtok
password    required                                     pam_deny.so
session     optional                                     pam_keyinit.so revoke
session     required                                     pam_limits.so
-session    optional                                     pam_systemd.so
session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
session     required                                     pam_unix.so
session     optional                                     pam_sss.so
EOF
    systemctl restart sshd.service >> ${LOCK} 2>&1
    cat /etc/pam.d/etc/pam.d/system-auth >> ${LOCK} 2>&1
    cat /etc/pam.d/password-auth >> ${LOCK} 2>&1
    echo -e "\r${RGB_SUCCESS}Configuration Success${RGB_END}"
}
reboot_os() {
    echo -e "\n${RGB_WARNING}Please restart the server and see if the services start up fine.${RGB_END}"
    echo -en "${RGB_WARNING}Do you want to restart OS ? [y/n]: ${RGB_END}"
    while :; do
        read REBOOT_STATUS
        if [[ ! "${REBOOT_STATUS}" =~ ^[y,n]$ ]]; then
            echo -en "${RGB_DANGER}Input error, please only input 'y' or 'n': ${RGB_END}"
        else
            break
        fi
    done
    [ "${REBOOT_STATUS}" == 'y' ] && reboot
}
main() {
    echo -e "\n${RGB_INFO}1/18 : Start Init CentOS7 Script ${RGB_END}"
    echo -e "\n${RGB_INFO}2/18 : Customize the profile (color and alias)${RGB_END}"
    custom_profile
    echo -e "\n${RGB_INFO}3/18 : Time zone adjustment${RGB_END}"
    time_zone
    echo -e "\n${RGB_INFO}4/18 : Disable selinux and firewalld${RGB_END}"
    disable_software
    echo -e "\n${RGB_INFO}5/18 : Disable Ctrl+Alt+Del${RGB_END}"
    disable_cad
    echo -e "\n${RGB_INFO}6/18 : Kernel parameter optimization${RGB_END}"
    kernel_optimum
    echo -e "\n${RGB_INFO}7/18 : The updatedb optimization${RGB_END}"
    updatedb_optimum
    echo -e "\n${RGB_INFO}8/18 : Adding swap space${RGB_END}"
    new_swap
    echo -e "\n${RGB_INFO}9/18 : Adjustment of ulimit${RGB_END}"
    adjust_ulimit
    echo -e "\n${RGB_INFO}10/18 : Enable tcp bbr congestion control algorithm${RGB_END}"
    open_bbr
    echo -e "\n${RGB_INFO}11/18 : Enable IPV6${RGB_END}"
    open_ipv6
    echo -e "\n${RGB_INFO}12/18 : Remove unnecessary users and user groups from the system${RGB_END}"
    remove_users
    echo -e "\n${RGB_INFO}13/18 : System permissions for sensitive files${RGB_END}"
    sys_permissions
    echo -e "\n${RGB_INFO}14/18 : Modify Account Password Survival Policy${RGB_END}"
    password_policy
    echo -e "\n${RGB_INFO}15/18 : Maximum number of days an account is valid after password expiration strategy${RGB_END}"
    change_useradd
    echo -e "\n${RGB_INFO}16/18 : Secure configuration of SSH${RGB_END}"
    sec_ssh
    echo -e "\n${RGB_INFO}17/18 : Timeout Auto-Logout Configuration${RGB_END}"
    timeout_config
    echo -e "\n${RGB_INFO}18/18 : Configure account login failure lockout policy${RGB_END}"
    lockout_policy
    reboot_os
}
clear
tool_info
check_root
check_os
check_lock
main


测试执行截图如下

640.png


再次执行脚本会提示已经做了安全加固优化,无须再次执行


640.png





文章标签:
运维安全中心(堡垒机)
Linux
安全
关键词:
CentOS脚本
安全加固脚本
CentOS安全加固
安全加固centos7
centos7安全加固
yuanfan_2012
目录
相关文章
yuanfan_2012
|
2月前
|
Linux
CentOS7.9服务器一键脚本部署FRP内网穿透服务端与客户端
CentOS7.9服务器一键脚本部署FRP内网穿透服务端与客户端
yuanfan_2012
365 1
怒放de生命
|
2月前
|
Java Linux Docker
centos7 开机自启动自定义脚本
centos7 开机自启动自定义脚本
怒放de生命
57 0
终究是雾散
|
10月前
|
缓存 运维 Linux
Linux(CentOS)运维脚本工具集合
Linux(CentOS)运维脚本工具集合
终究是雾散
184 2
清雨小竹
|
9月前
|
Java Linux
centos启动jar脚本
centos启动jar脚本
清雨小竹
53 0
WCGhost-Netsafe
|
4天前
|
网络协议 Linux Python
Python脚本配置Centos静态ip地址
这是一个Python脚本,用于自动化配置CentOS系统的静态IP地址。脚本创建或修改文件,填写接口名(如ens33)、IP地址、子网掩码、网关和DNS。运行时需替换变量值并使用`sudo`以管理员权限执行。完成配置后,它会重启网络服务。注意,用户应根据实际网络环境调整参数。
WCGhost-Netsafe
24 4
Python脚本配置Centos静态ip地址
WCGhost-Netsafe
|
4天前
|
网络协议 Shell Linux
Shell脚本配置Centos静态ip地址
这是一个用于在CentOS上设置静态IP的Shell脚本摘要: - 脚本交互式获取用户输入的IP地址、子网掩码、网关和DNS。 - 使用`sed`命令动态更新`/etc/sysconfig/network-scripts/ifcfg-ENS33`配置文件。 - 修改`BOOTPROTO`为`static`,并设置IP、NETMASK、GATEWAY和DNS1字段。 - 用`systemctl restart network`重启网络服务。 - 提示用户新配置的静态IP信息。
WCGhost-Netsafe
20 5
石宗昊
|
1月前
|
Ubuntu Java Linux
Linux centos7 ubuntu 一键安装Java JDK 脚本 shell 脚本
Linux centos7 ubuntu 一键安装Java JDK 脚本 shell 脚本
石宗昊
50 2
石宗昊
|
1月前
|
Ubuntu 应用服务中间件 Linux
Linux Centos7 ubuntu 安装nginx,脚本一键安装nginx
Linux Centos7 ubuntu 安装nginx,脚本一键安装nginx
石宗昊
56 2
石宗昊
|
1月前
|
关系型数据库 MySQL Linux
centos linux mysql 5.5脚本全自动源码包 编译安装
centos linux mysql 5.5脚本全自动源码包 编译安装
石宗昊
29 0
默不会开发
|
2月前
|
关系型数据库 MySQL Shell
在Centos7中利用Shell脚本:实现MySQL的数据备份
在Centos7中利用Shell脚本:实现MySQL的数据备份
默不会开发
46 0

热门文章

最新文章

  • 1
    centos5.4 安装配置oracle10g
  • 2
    使用centos(linux)命令行常用命令
  • 3
    在CentOS设置MariaDB的开机自启动
  • 4
    CentOS6.5编译安装Nginx和Openssl
  • 5
    VMware下CentOS6.4网卡设置为桥接模式静态IP配置方法详解
  • 6
    在centos 下安装小小输入法存在的问题
  • 7
    CentOS7 iso封装语句
  • 8
    CentOS6.4安装mysql2redis
  • 9
    CentOS6.7安装Python3.4
  • 10
    14.15. CentOS 网络配置
  • 1
    Go语言Gin框架安全加固:全面解析SQL注入、XSS与CSRF的解决方案
    104
  • 2
    CenOS6.5安全加固及性能优化(脚本)
    21
  • 3
    第十六届山东省职业院校技能大赛中职组 “网络安全”赛项竞赛试题—A模块基础设施设置/安全加固
    30
  • 4
    2024年山东省职业院校技能大赛中职组 “网络安全”赛项竞赛试题-C基础设施设置/安全加固
    33
  • 5
    2024年甘肃省职业院校技能大赛中职组 “网络安全”赛项竞赛样题-C模块基础设施设置/安全加固
    22
  • 6
    2024年甘肃省职业院校技能大赛中职组 “网络安全”赛项竞赛样题-B模块基础设施设置/安全加固
    33
  • 7
    APP安全加固怎么做?加固技术、加固方法、加固方案
    49
  • 8
    ios安全加固 ios 加固方案
    50
  • 9
    iOS移动应用安全加固:保护您的App免受恶意攻击的重要步骤
    47
  • 10
    【教程】移动应用安全加固技术解析
    100

    • 相关课程

    更多
  • Linux企业运维实战 - 入门及常用命令
  • LINUX 企业常用服务
  • Linux MySQL服务器搭建与应用
  • Linux Web服务器Nginx搭建与配置
  • Linux软件包安装和yum仓库实战
  • Linux文件管理命令

    • 相关电子书

    更多
  • CentOS Nginx PHP JAVA 多语言镜像使用手
  • CentOS Nginx PHP JAVA多语言镜像使用手册
  • Debian GNU/Linux 安全合规之路

    • 相关实验场景

    更多
  • 基于Ubuntu搭建个人网盘
  • 基于ROS一键安装LAMP环境

    • 推荐镜像

    更多
  • centos
  • centos-vault
  • centos-altarch
    • 下一篇
    2024年阿里云免费云服务器及学生三百通用额度申请教程参考