CentOS 7

2015-02-10 16:36  804人阅读  评论 (0)

网络设置

配置网卡自启动

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

# 修改并保存
ONBOOT=yes

重启网络

systemctl restart network

安装网络工具

yum install net-tools

服务管理

启动服务

systemctl start httpd

停止服务

systemctl stop httpd

重启服务

systemctl restart httpd

重新加载

systemctl reload httpd

显示服务状态

systemctl status httpd

启用服务

systemctl enable httpd

禁用服务

systemctl disable httpd

检查服务状态

systemctl is-enabled httpd

列举出所有服务的指令

systemctl list-unit-files --type=service

iptables设置

安装iptables服务

yum install -y iptables-services

设置iptables服务

iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -L -v

保存iptables设置

service iptables save

配置iptables设置

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

重启iptables服务

systemctl restart iptables

自启动iptables服务

systemctl enable iptables

时间设置

查看当前时间

timedatectl

设置当前时区

timedatectl set-timezone Asia/Shanghai

开启网络时间同步

timedatectl set-ntp 1

Firewalld防火墙

永久打开一个端口

firewall-cmd --permanent --add-port=8080/tcp

永久关闭一个端口

firewall-cmd --permanent --remove-port=8080/tcp

永久打开某项服务

firewall-cmd --permanent --add-service=http

永久关闭某项服务

firewall-cmd --permanent --remove-service=http

进行端口转发

firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55

允许转发到其他地址

firewall-cmd --permanent --add-masquerade

列出激活的zone

firewall-cmd --get-active-zones

列出所有的zone

firewall-cmd --list-all-zones

列出默认zone的详细信息

firewall-cmd --list-all

将接口移动到另一个zone

firewall-cmd --zone=work --change-interface=enp0s8

重新加载防火墙

firewall-cmd --reload

富语言

指定ip访问端口

firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.3" port port="6060" protocol="tcp" accept'

参考地址

https://fedoraproject.org/wiki/FirewallD/zh-cn

禁用iptables

yum install iptables-services
systemctl stop iptables
systemctl disable iptables

服务自启动

创建启动文件

/usr/lib/systemd/system/fibjs.service

[Unit]
Description=Fibjs
After=syslog.target network.target

[Service]
Type=forking
PIDFile=/root/tool/fibjs.pid
ExecStart=/usr/local/bin/fibjs /root/tool/main.js
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=always
PrivateTmp=true

[Install]
WantedBy=multi-user.target

/usr/lib/systemd/system/gitautoupdate.service

[Unit]
Description=Git Auto Update
After=syslog.target
After=network.target

[Service]
Type=simple
ExecStart=/bin/su www -s /bin/bash /home/wwwroot/gitupdate.sh
Restart=always

[Install]
WantedBy=multi-user.target

启动服务

systemctl enable fibjs

相当于

ln -s '/usr/lib/systemd/system/fibjs.service' '/etc/systemd/system/multi-user.target.wants/fibjs.service'

enable 默认是从/usr/lib/systemd/system目录找fibjs.service文件

服务修改重新加载

systemctl daemon-reload