安装tab提示
sudo yum -y install bash-completion
sudo yum -y install bash-completion-extras # CentOS 7 再多安装一个
# 立即生效
source /etc/profile.d/bash_completion.sh
防火墙配置
sudo systemctl start firewalld.service
sudo systemctl enable firewalld.service
# 设置默认zone
sudo firewall-cmd --set-default-zone=public
# 拦截icmp
for tyicmp in destination-unreachable echo-request echo-reply parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded; do
sudo firewall-cmd --permanent --add-icmp-block=${tyicmp}
done
# reload
sudo firewall-cmd --reload
防ssh暴力破解配置
# 创建目录
sudo mkdir -p /usr/local/feng/firewalld
cat << 'EOF' | sudo tee /usr/local/feng/firewalld/firewall.deny
#!/bin/bash
tail /var/log/secure -n 10000 | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2"="$1;}' | sort -g -t '=' -k2 | grep -v "113.87.181.158" >/tmp/black.txt
DEFINE="3"
ExistIP=$(firewall-cmd --list-sources --zone=drop)
for i in $(cat /tmp/black.txt); do
IP=$(echo "${i}" | awk -F= '{print $1}')
NUM=$(echo "${i}" | awk -F= '{print $2}')
if [ "${NUM}" -gt ${DEFINE} ]; then
result=$(echo "${ExistIP}" | grep "${IP}")
if [[ "${result}" == "" ]]; then
# echo "$IP is not exist,the count is ${NUM}"
firewall-cmd --zone=drop --permanent --add-source="${IP}"
# echo "$IP has drop"
fi
fi
done
firewall-cmd --reload
EOF
# 然后执行
sudo bash /usr/local/feng/firewalld/firewall.deny
配置自动添加ip拦截
echo "30 * * * * root bash /usr/local/feng/firewalld/firewall.deny" | sudo tee -a /etc/crontab
添加普通用户
username=feng
sudo useradd -m ${username}
sudo bash -c "echo '123456' | passwd --stdin ${username}"
sudo bash -c "echo '${username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/my_user"
sudo bash -c "echo '%${username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/my_user"
安装Docker
# 配置仓库
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装Docker最新版
sudo yum install docker-ce -y
# 启动服务
sudo systemctl enable docker
sudo systemctl start docker
把普通用户加入Docker组
# 将登陆用户加入到docker用户组中
sudo gpasswd -a $USER docker
# 更新用户组
newgrp docker
# 测试docker命令是否可以使用sudo正常使用
docker version
配置Docker镜像源及禁用iptables
# 写入daemon.json文件
cat << 'EOF' | sudo tee /etc/docker/daemon.json
{
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com"
],
"iptables": false
}
EOF
# 重启Docker
sudo systemctl restart docker.service
yum安装Nginx
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
sudo yum install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginx