环境准备:
1)设置本地国际化语言为en_US.UTF-8
[root@c58 ~]# sed -i 's/^(LANG=).*$/1"en_US.UTF-8"/' /etc/sysconfig/i18n
[root@c58 ~]# cat /etc/sysconfig/i18n
LANG="en_US.UTF-8"
[root@c58 ~]# LANG=en_US.UTF-8
2)更新系统软件包
备份默认yum源:
find /etc/yum.repos.d -name '*.repo' -exec mv {} {}.bak ;
添加163yum源:
redhat5或centos5:
wget http://mirrors.163.com/.help/CentOS5-Base-163.repo -P /etc/yum.repos.d
redhat6或centos6
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -P /etc/yum.repos.d
添加epel yum源:
redhat5.x 32bit:
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
redhat5.x 64bit:
rpm -ivh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
redhat6.x 32bit:
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
redhat6.x 64bit:
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
>
更新证书:
yum -y upgrade ca-certificates --disablerepo=epel
更新系统所有软件包:
yum clean allyum makecacheyum -y upgrade
下文以redhat5/centos5为例
一、服务最小化原则
关闭所有开机自启动服务,仅开启sshd、crond、network、iptables、syslog(redhat5)、rsyslog(redhat6),然后在此基础上按需添加需要开机启动的服务。
1)关闭所有开机自启动服务
[root@c58 ~]# for i in `chkconfig --list | awk '{if ($1~/^$/) {exit 0;} else {print $1}}'`; do chkconfig $i off; done
2)开启基础服务
[root@c58 ~]# for i in sshd network syslog crond iptables; do chkconfig $i on; done
3)查看开启的服务
[root@c58 ~]# chkconfig --list | grep '3:on'
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
