• 一条命令关掉centos所有不必要的服务和端口号


    centos作为服务器开放的服务多了,难免一些服务软件有漏洞,开放的端口号越多,上线的服务器越危险,所以我们必须在服务器上线之前把centos里面不必要的服务全部干掉,不让坏人有可乘之机。

    首先看一下机器里面运行了哪些服务:(我的机器运行级别是3,只看3:on的服务就可以了)

    [root@centos ~]# chkconfig --list | grep "3:on"
    NetworkManager  0:off   1:off   2:on    3:on    4:on    5:on    6:off
    abrt-ccpp       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    abrtd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    acpid           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    atd             0:off   1:off   2:on    3:on    4:on    5:on    6:off
    auditd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    autofs          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    blk-availability    0:off   1:on    2:on    3:on    4:on    5:on    6:off
    certmonger      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    cgconfig        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    cgred           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    cpuspeed        0:off   1:on    2:on    3:on    4:on    5:on    6:off
    crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    dnsmasq         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    haldaemon       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    ip6tables       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    ipsec           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    irqbalance      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    kdump           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    lvm2-monitor    0:off   1:on    2:on    3:on    4:on    5:on    6:off
    mcelogd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    mdmonitor       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    netconsole      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    netfs           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    nfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
    nfslock         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    ntpdate         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    numad           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    oddjobd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
    postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    pppoe-server    0:off   1:off   2:on    3:on    4:on    5:on    6:off
    psacct          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    quota_nld       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rdisc           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    restorecond     0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rngd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rpcbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rpcgssd         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rpcsvcgssd      0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    saslauthd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
    smartd          0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sssd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    svnserve        0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
    udev-post       0:off   1:on    2:on    3:on    4:on    5:on    6:off
    winbind         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    wpa_supplicant  0:off   1:off   2:on    3:on    4:on    5:on    6:off
    ypbind          0:off   1:off   2:on    3:on    4:on    5:on    6:off

    开的服务这么多,这要是直接放到互联网怎么了得,所以我们第一步先把所有的服务统统关掉,第二步再把要必须保留的服务开启。
    第一步,关掉系统所有的服务,这么多内容只能用循环脚本了,一条一条chkconfig service off 猴年马月去了,直接看命令:
    我把所有开着的服务名称 通过awk取出来,再用for循环 chkconfig service off

    [root@centos ~]# for n in `chkconfig --list  | grep "3:on" | awk '{print $1}'`;do chkconfig $n off;done
    [root@centos ~]# chkconfig --list | grep 3:on
    [root@centos ~]# 
    [root@centos ~]# 
    [root@centos ~]#  //这会儿发现服务都被我一下子kill掉了

    这会儿问题来了,我们的服务器哪些服务必须保留呢?

    1. network提供网络的服务,服务器不上网怎么能行呢?
    2. crond时间计划任务服务,服务器日常的计划执行离不开这个服务
    3. sshd 我们需要通过ssh 才能远程连接到我们的Linux,总不能天天在idc机房拿kvm来工作吧
    4. rsyslog 服务器做了哪些事情都需要靠日志才能知道,rsyslog就是用来记录日志的,原来名字叫syslog
    5. sysstat 监控系统性能的服务,对服务器掌控怎么能离得了它,sar,mpstat,iostat,vmstat都是非常有用的工具,都在这个服务里面
      总结一下,系统必须开启的服务有network,sshd,crond,rsyslog,sysstat五个

    我们要做的是开启这些服务,然后验证收工,go...

    [root@centos ~]# for n in crond sshd network rsyslog sysstat ;do chkconfig $n on ; done
    [root@centos ~]# chkconfig --list | grep 3:on
    crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
    network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
    sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off

    另外一种思路:我把该留下的留下,其他全部干掉
    直接给答案:

    [root@centos ~]# chkconfig --list | grep 3:on | egrep -v "sshd|network|rsyslog|sysstat|crond" | awk '{print "chkconfig",$1,"off"}' 
    chkconfig NetworkManager off
    chkconfig abrt-ccpp off
    chkconfig abrtd off
    chkconfig acpid off
    chkconfig atd off
    chkconfig auditd off
    chkconfig autofs off
    chkconfig blk-availability off
    chkconfig certmonger off
    chkconfig cgconfig off
    chkconfig cgred off
    chkconfig cpuspeed off
    chkconfig cups off
    chkconfig dnsmasq off
    chkconfig haldaemon off
    chkconfig ip6tables off
    chkconfig ipsec off
    chkconfig iptables off
    chkconfig irqbalance off
    chkconfig kdump off
    chkconfig lvm2-monitor off
    chkconfig mcelogd off
    chkconfig mdmonitor off
    chkconfig messagebus off
    chkconfig netconsole off
    chkconfig netfs off
    chkconfig nfs off
    chkconfig nfslock off
    chkconfig ntpd off
    chkconfig ntpdate off
    chkconfig numad off
    chkconfig oddjobd off
    chkconfig portreserve off
    chkconfig postfix off
    chkconfig pppoe-server off
    chkconfig psacct off
    chkconfig quota_nld off
    chkconfig rdisc off
    chkconfig restorecond off
    chkconfig rngd off
    chkconfig rpcbind off
    chkconfig rpcgssd off
    chkconfig rpcsvcgssd off
    chkconfig saslauthd off
    chkconfig smartd off
    chkconfig sssd off
    chkconfig svnserve off
    chkconfig udev-post off
    chkconfig winbind off
    chkconfig wpa_supplicant off
    chkconfig ypbind off
    
    [root@centos ~]# chkconfig --list | grep 3:on | egrep -v "sshd|network|rsyslog|sysstat|crond" | awk '{print "chkconfig",$1,"off"}' | bash 

  • 相关阅读:
    进程间通信小结
    菜鸡和菜猫进行了一场Py交易
    菜鸡开始接触一些基本的算法逆向了
    菜鸡学逆向学得头皮发麻,终于它拿到了一段源代码
    静态分析-Windows找密码
    逆向-完成地址随机化关闭
    QSortFilterProxyModel 的过滤 排序
    linux命令2
    linux 命令1
    error c2059 c3905 c2148 c2238
  • 原文地址:https://www.cnblogs.com/heqiuyu/p/10372024.html
Copyright © 2020-2023  润新知