CentOS7系统初始化配置

博主： admin
发布时间：2024 年 05 月 16 日
74 次浏览
暂无评论
70字数
分类： CentOS 操作系统

放置pubkey

mkdir -p ~/.ssh/
touch ~/.ssh/authorized_keys
cat <<'EOF'> ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsFITm4ITWJPBvnD4pzVQQ7+gumY//IjWo2V8ciU+1Rzfv4IjYh25yPv0K6pf06JGtHyOGTkPzIWx85wtuNZ96cst6hjfzw7pp2IVy31DBPae6lMLhylZxrYmg8KAZE6msR1QKE4J3d8qFvyQWhOVcOF6gv5d5NPKR0vcQbOFtdAxoLGZE1/x3BXjCeb4IXA+bnXPgwB01a+cNEg8kLnt74DvoJU+aS2iX90hKOrMQ1yLzpoA0gHE38yJ9E2DfA5b6NiNcJU8r5wonWz9U08ztYTjsK1SAHSgXd5xgUlW2ImYASuxTznXIF9ehInCPxk/Khw6zKp2TaDnZUWojS1D5iEug0e+wVeuBtIMQdnHtNQtolKBzPmcSyr+SAGKdUU+y1oF6L9N4Ilu/Y1xUYfRP8s/qPUr8NBVkTyPiKslZKUeSVtn3hw5+FFR9ieKpvDinLizhkP/KWN2fKlQOjWHyB1ln4c00BjMc7HHCBioV+fN5YecFbIF82Wdr6p/XMVU= jacky
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1W0wLOHU//+ufmG1bgtJfFFq90ggOhdkIlRVV4ZPlH jacky@jacky-office
EOF

查看版本

cat /etc/redhat-release

修改更新源

cd /etc/yum.repos.d/ && mkdir bak && mv * bak/

cat <<EOF>/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS7 - base
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/base/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS7 - updates
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/updates/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS7 - extras
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/extras/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[epel]
name=CentOS7 - epel
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/epel/
gpgcheck=0
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-EPEL-7

[docker-ce-stable]
name=CentOS7 - docker-ce-stable
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/docker-ce-stable/
enabled=1
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/gpg

EOF

cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9
Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn
4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ
4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ
Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj
WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1
x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO
IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY
438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB
JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j
NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB
tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC
CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG
QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL
F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw
4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4
Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv
hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO
aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD
3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD
ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137
YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv
pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3
uPNL0eRx4S1G4Jn5
=OGYX
-----END PGP PUBLIC KEY BLOCK-----
EOF


cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----
EOF


cat <<'EOF'>/etc/pki/rpm-gpg/gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
=0Zqq
-----END PGP PUBLIC KEY BLOCK-----
EOF

cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBEm+/6QRBAC5mbtqOFSQ0FkTLIMdIoqxtraIeUqwbPp3IBYQ/u/EREjyEf1D
qFyBEXII0dD8JDT85vRZ81jhB7nFWa0VbUfY0xfghkbnokiNBVNpiQcvszw3UYDF
aLAaOC8Z98vmlsQaBBTQG6704ZXLr7FJyG3GP5WE6egXIQQbrMcdmCoRBwCg/dwC
HLWjuemoDc5SX7hKHbB4zZ8D/jP+oMbqz+bDn8OZ2UuaGdxr+mHW8tzTdPjnEU8e
hUt1ws8eBqn/gMfKvUBa8xFSILe8Ty99u+VjFbcRsdf0H6dRre9AdDVUz5oxzoPw
gamA8mhPQvFh3wt9smtRUh5IoM2LiM1s5pGMLuYuvSnVUPArEnSfW6K5I6v7OarU
3WfrBACDEGGcaWKjfdkRtmKIQrzu6AnldVC1ISLVAoqxHnKNFTk1BgO0PSZDpfJI
x8fMCnGlusoL6F5+LYEk4K4B0zvlj1ur3JocjxpuBLccl94JTo/+I9ZbS8ptUqLw
LBUkgIQJzzIH4G5NZsQ3FpzSWGRFVa7etqTv9BfUMUmJxhEoobQ/ZWxyZXBvLm9y
ZyAoUlBNIFNpZ25pbmcgS2V5IGZvciBlbHJlcG8ub3JnKSA8c2VjdXJlQGVscmVw
by5vcmc+iGAEExECACAFAkm+/6QCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
CRAwm8MFuq2uUlgWAKCGWOpyodbzxS7Xy/0X9m9qVnHq+ACfUHrQzYAtFRpT07Sg
giosE+mvAKu5Ag0ESb7/pxAIALgT0q0HhwugE717a7N+gAtCbFu8pCXOZcrAnJpG
cMA9VWmsODZStPTxXYM2ggCMSzUnNis8pPZOPIP5C+t2IYtVjLshM4C9UiY7u5ET
jErWCxWmF+2QLO50K56E4qxj0wufZt9P+Ih0USUM5L2oyrQG51uj/2v3Qq3igc8Z
NTtmEOfis3losusQbAfZtTBmNQ0570kkhMxiyavgAUxLenXHYrkDJFuL7XdBCmna
kykTn2dzU81rIDZ+QPxII4V/eZ5xGiRY/EDUIAysEV2m0NNZgWi/twUnZICm7zYp
VRviJrBnFTvNEPMhiGRnJgQp/Krv4WIHQ67N8lQg3q5RJX8AAwUH/0UBjBgbsuWR
dB+ZYWjKPBy+bJY/6HefPUuLrt3QDNINMW8kY7VzWRMWyGc4IlPJDW0nwOn/vT5H
Dgc3YmA3tm7cKj5wpFijzff61Db8eq+CUKGscKxDBGzHq6oirM5U7DQLmipCs5Eb
efwHIjE3aOUSnoQmniEnBWI2hm/rftmY9oJSi8xgns4wAokDPiMcucADtbV3fznx
ppuowtBi8bcGB1vJZjTySQcSKWv+IVp5ej06uZ9501BEm6HxUZkuAGPecP65kcQu
5bg7B7LQeI5AWyujqvfuWgAF34xhl9QU/sDWxM3wUog+bw7y8pyWCqnJhp70yx8o
SqzhFygT62eISQQYEQIACQUCSb7/pwIbDAAKCRAwm8MFuq2uUq8PAKC1+E2pSwiS
oHXkKYPYDwApsP1mVACfRe1YnggLYQtG9LMeweVQQC77rK8=
=qyRr
-----END PGP PUBLIC KEY BLOCK-----
EOF

设置本地编码

要将 CentOS 的本地区域设置更改为 `zh_CN.UTF-8`（中文简体UTF-8编码），你可以执行以下步骤：

1. 打开终端并以超级用户（root）权限登录，或者使用 sudo 进行操作。

2. 首先，查看可用的语言和区域设置：
localectl list-locales
确保 `zh_CN.UTF-8` 在列表中。

3. 设置系统的语言和区域设置为 `zh_CN.UTF-8`：
localectl set-locale LANG=zh_CN.UTF-8

4. 更新系统的区域设置配置：
source /etc/locale.conf

5. 重启系统以使更改生效：
reboot

在系统重新启动后，你的本地区域设置应该已经更改为 `zh_CN.UTF-8`。这将影响系统的界面语言、日期格式和其他相关设置。请注意，这仅更改系统级别的区域设置。对于特定用户的区域设置，可以使用 `~/.bashrc` 或 `~/.bash_profile` 文件进行自定义。

修改主机名

hostnamectl set-hostname master
#reboot

修改hosts

$ vim /etc/hosts                   
# 添加如下内容
    10.0.1.9 master
    10.0.1.5 node1

优化sshd

echo 'UseDNS no' >> /etc/ssh/sshd_config; systemctl restart sshd
yum update -y ca-certificates

优化sysctl参数、limits参数、systemd参数

cat <<'EOF'>/etc/sysctl.conf
fs.file-max=11000000
fs.nr_open=11000000
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1000000
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.ip_local_port_range = 1024 65000
net.core.netdev_max_backlog = 16384
net.core.somaxconn = 16384
net.netfilter.nf_conntrack_max=1048576
EOF

cat <<'EOF'>/etc/security/limits.conf
* soft nofile 10000000
* hard nofile 10000000
* soft nproc 10000000
* hard nproc 10000000
EOF

cat <<'EOF'>/etc/systemd/system.conf
[Manager]
LogLevel=debug
DefaultLimitNOFILE=10000000
EOF

cat <<'EOF'>/etc/systemd/user.conf
[Manager]
DefaultLimitNOFILE=10000000
EOF

修改时区

rm -f /etc/localtime ; ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

时间同步

yum install -y chrony
systemctl restart chronyd
systemctl enable chronyd
systemctl status chronyd

关闭selinux

# 临时关闭selinux
setenforce 0
# 设置永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

关闭交换分区

# 临时关闭交换分区
swapoff -a
# 永久关闭交换分区
sed -i '/ swap / s/^/#/' /etc/fstab

关闭防火墙

systemctl disable firewalld
systemctl stop firewalld
iptables -t filter -F

安装基础软件

# 安装基础软件
yum install -y tar curl wget telnet rsync net-tools  unzip tree

# 安装高级软件
yum install -y smem iftop dstat sysstat lrzsz traceroute tcpdump tshark bind-utils git-lfs git smem psmisc conntrack

配置网卡

# 配置静态地址
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=<interface>
UUID=<UUID>
DEVICE=<interface>
ONBOOT=yes
IPADDR=<your_static_ip>
NETMASK=<your_netmask>
GATEWAY=<your_gateway_ip>
DNS1=<your_dns_server_ip>

# 配置动态地址
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=<interface>
UUID=<UUID>
DEVICE=<interface>
ONBOOT=yes

# 重启网卡
systemctl restart network

ip

# 显示网络接口信息
ip a

# 显示路由表
ip route

# 配置IP地址和子网掩码
ip addr add <IP地址>/<子网掩码位数> dev <接口名>
ip addr add 192.168.1.2/24 dev eth0 

# 启用或禁用接口
ip link set <接口名> up
ip link set <接口名> down

# 添加静态路由
ip route add <目标网络> via <网关IP>
ip route add 192.168.2.0/24 via 192.168.1.1 

# 删除静态路由
ip route del <目标网络>

proxychains

#1. 下载
#2. so文件放在/usr/lib64/proxychains-ng
#3. conf文件放在/etc/proxychains.conf
#4. proxychains文件放在/bin/或者别的地方也可以
mkdir -p /usr/lib64/proxychains-ng
cd /tmp
wget https://vip.123pan.cn/1815238395/download/proxychains/proxychains.tar.gz
tar xzvf proxychains.tar.gz 
mv libproxychains4.so /usr/lib64/proxychains-ng
mv proxychains.conf /etc/
mv proxychains /bin/

tcping

cd /bin
wget https://vip.123pan.cn/1815238395/download/tcping/amd64/tcping_Linux_static%202.0.0.tar.gz
tar xzvf tcping_Linux_static\ 2.0.0.tar.gz

nali

cd /bin
wget https://vip.123pan.cn/1815238395/download/nali/nali-linux-amd64-v0.7.3.gz
gunzip nali-linux-amd64-v0.7.3.gz
mv nali-linux-amd64-v0.7.3 nali
chmod a+x nali

mkdir -p ~/.local/share/nali
cd ~/.local/share/nali/
wget https://vip.123pan.cn/1815238395/download/nali/nali.share.tar.gz
tar xzvf nali.share.tar.gz

cd ~/.local/share/nali
wget https://vip.123pan.cn/1815238395/download/nali/qqwry.dat

trzsz

wget --no-check-certificate -O /tmp/trzsz_1.1.7_linux_x86_64.tar.gz http://filecdn.zcyun.cn/1815238395/download/tssh/trzsz_1.1.7/trzsz_1.1.7_linux_x86_64.tar.gz
cd /tmp
tar xvf trzsz_1.1.7_linux_x86_64.tar.gz
mv -f trzsz_1.1.7_linux_x86_64/* /bin/
rm -rf trzsz*

python

# 使用本镜像站来升级 pip
pip install -i https://mirrors.ustc.edu.cn/pypi/web/simple pip -U
pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple

golang

export all_proxy=socks5://120.224.58.239:47891
wget https://golang.google.cn/dl/go1.21.1.linux-amd64.tar.gz
sudo tar xfz go1.21.1.linux-amd64.tar.gz -C /usr/local

cat <<'EOF'>> /etc/profile
export GOROOT=/usr/local/go
export GOPATH=$HOME/gowork
export GOBIN=$GOPATH/bin
export PATH=$GOPATH:$GOBIN:$GOROOT/bin:$PATH
EOF

source /etc/profile

firewalld

# 启动firewalld服务
sudo systemctl start firewalld

# 停止firewalld服务
sudo systemctl stop firewalld

# 重启firewalld服务
sudo systemctl restart firewalld

# 查看firewalld服务状态
sudo systemctl status firewalld

# 启用firewalld服务开机自启动
sudo systemctl enable firewalld

# 禁用firewalld服务开机自启动
sudo systemctl disable firewalld

# 查看防火墙规则列表
sudo firewall-cmd --list-all

# 查看已启用的防火墙服务
sudo firewall-cmd --list-services

# 开放端口（例如，打开SSH端口 22）
sudo firewall-cmd --add-port=22/tcp --permanent
sudo firewall-cmd --reload

# 开放服务（例如，打开HTTP服务）
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

# 移除端口或服务规则（例如，移除SSH端口规则）
sudo firewall-cmd --remove-port=22/tcp --permanent
sudo firewall-cmd --reload

# 显示防火墙状态（运行时信息）
sudo firewall-cmd --state

# 查看firewalld的版本信息
sudo firewall-cmd --version

ipsec

# 需求
Intranet subnets: 172.17.165.249/32
Public network address: 1.222.209.74
密码：XXX

# ipsec.conf - strongSwan IPsec configuration file
# basic configuration

config setup
    uniqueids=never


conn %default
    authby=psk
    type=tunnel


conn To-Unitel-FirtiGate500E
    keyexchange=ikev1
    left=%any
    leftsubnet=172.17.165.249/32
    leftid=1.222.209.74
    right=2.182.106.164
    rightsubnet=10.120.54.115/32
    rightid=2.182.106.164
    auto=start
    ike=aes256-sha256-modp1024
    ikelifetime=28800s
    esp=aes256-sha256
    lifetime=3600
    type=tunnel
    closeaction=restart
    dpdaction=restart
    keyingtries=%forever

conn To-Unitel-FirtiGate100F
    keyexchange=ikev1
    left=%any
    leftsubnet=172.17.165.249/32
    leftid=8.222.209.74
    right=183.182.100.130
    rightsubnet=10.78.3.234/32
    rightid=183.182.100.130
    auto=start
    ike=aes256-sha256-modp1024
    ikelifetime=28800s
    esp=aes256-sha256
    lifetime=3600
    type=tunnel
    closeaction=restart
    dpdaction=restart
    keyingtries=%forever


# 密码文件
# ipsec.secrets - strongSwan IPsec secrets file
1.222.209.74 2.182.106.164 : PSK "xxx"

# 测试命令
## 查看状态
strongswan statusall
strongswan up xxx
strongswan down xxx

## 查看路由
ip xfrm policy

## 链路测试
traceroute -w 1 -d -n 1.62.111.200

最后修改：2024 年 07 月 12 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

CentOS7系统初始化配置

admin • 2024 年 05 月 16 日

<h1>放置pubkey</h1><pre><code>mkdir -p ~/.ssh/
touch ~/.ssh/authorized_keys
cat &lt;&lt;'EOF'&gt; ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsFITm4ITWJPBvnD4pzVQQ7+gumY//IjWo2V8ciU+1Rzfv4IjYh25yPv0K6pf06JGtHyOGTkPzIWx85wtuNZ96cst6hjfzw7pp2IVy31DBPae6lMLhylZxrYmg8KAZE6msR1QKE4J3d8qFvyQWhOVcOF6gv5d5NPKR0vcQbOFtdAxoLGZE1/x3BXjCeb4IXA+bnXPgwB01a+cNEg8kLnt74DvoJU+aS2iX90hKOrMQ1yLzpoA0gHE38yJ9E2DfA5b6NiNcJU8r5wonWz9U08ztYTjsK1SAHSgXd5xgUlW2ImYASuxTznXIF9ehInCPxk/Khw6zKp2TaDnZUWojS1D5iEug0e+wVeuBtIMQdnHtNQtolKBzPmcSyr+SAGKdUU+y1oF6L9N4Ilu/Y1xUYfRP8s/qPUr8NBVkTyPiKslZKUeSVtn3hw5+FFR9ieKpvDinLizhkP/KWN2fKlQOjWHyB1ln4c00BjMc7HHCBioV+fN5YecFbIF82Wdr6p/XMVU= jacky
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1W0wLOHU//+ufmG1bgtJfFFq90ggOhdkIlRVV4ZPlH jacky@jacky-office
EOF</code></pre><h1>查看版本</h1><pre><code>cat /etc/redhat-release
</code></pre><h1>修改更新源</h1><pre><code>cd /etc/yum.repos.d/ &amp;&amp; mkdir bak &amp;&amp; mv * bak/

cat &lt;&lt;EOF&gt;/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS7 - base
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/base/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[updates]
name=CentOS7 - updates
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/updates/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[extras]
name=CentOS7 - extras
enabled=1
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/extras/
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7

[epel]
name=CentOS7 - epel
failovermethod=priority
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/epel/
gpgcheck=0
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-EPEL-7

[docker-ce-stable]
name=CentOS7 - docker-ce-stable
baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/docker-ce-stable/
enabled=1
gpgcheck=1
gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/gpg

EOF

cat &lt;&lt;'EOF'&gt;/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9
Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn
4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ
4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ
Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj
WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1
x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO
IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY
438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB
JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j
NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB
tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC
CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG
QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL
F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw
4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4
Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv
hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO
aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD
3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD
ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137
YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv
pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3
uPNL0eRx4S1G4Jn5
=OGYX
-----END PGP PUBLIC KEY BLOCK-----
EOF

cat &lt;&lt;'EOF'&gt;/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----
EOF

cat &lt;&lt;'EOF'&gt;/etc/pki/rpm-gpg/gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
=0Zqq
-----END PGP PUBLIC KEY BLOCK-----
EOF

cat &lt;&lt;'EOF'&gt;/etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBEm+/6QRBAC5mbtqOFSQ0FkTLIMdIoqxtraIeUqwbPp3IBYQ/u/EREjyEf1D
qFyBEXII0dD8JDT85vRZ81jhB7nFWa0VbUfY0xfghkbnokiNBVNpiQcvszw3UYDF
aLAaOC8Z98vmlsQaBBTQG6704ZXLr7FJyG3GP5WE6egXIQQbrMcdmCoRBwCg/dwC
HLWjuemoDc5SX7hKHbB4zZ8D/jP+oMbqz+bDn8OZ2UuaGdxr+mHW8tzTdPjnEU8e
hUt1ws8eBqn/gMfKvUBa8xFSILe8Ty99u+VjFbcRsdf0H6dRre9AdDVUz5oxzoPw
gamA8mhPQvFh3wt9smtRUh5IoM2LiM1s5pGMLuYuvSnVUPArEnSfW6K5I6v7OarU
3WfrBACDEGGcaWKjfdkRtmKIQrzu6AnldVC1ISLVAoqxHnKNFTk1BgO0PSZDpfJI
x8fMCnGlusoL6F5+LYEk4K4B0zvlj1ur3JocjxpuBLccl94JTo/+I9ZbS8ptUqLw
LBUkgIQJzzIH4G5NZsQ3FpzSWGRFVa7etqTv9BfUMUmJxhEoobQ/ZWxyZXBvLm9y
ZyAoUlBNIFNpZ25pbmcgS2V5IGZvciBlbHJlcG8ub3JnKSA8c2VjdXJlQGVscmVw
by5vcmc+iGAEExECACAFAkm+/6QCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
CRAwm8MFuq2uUlgWAKCGWOpyodbzxS7Xy/0X9m9qVnHq+ACfUHrQzYAtFRpT07Sg
giosE+mvAKu5Ag0ESb7/pxAIALgT0q0HhwugE717a7N+gAtCbFu8pCXOZcrAnJpG
cMA9VWmsODZStPTxXYM2ggCMSzUnNis8pPZOPIP5C+t2IYtVjLshM4C9UiY7u5ET
jErWCxWmF+2QLO50K56E4qxj0wufZt9P+Ih0USUM5L2oyrQG51uj/2v3Qq3igc8Z
NTtmEOfis3losusQbAfZtTBmNQ0570kkhMxiyavgAUxLenXHYrkDJFuL7XdBCmna
kykTn2dzU81rIDZ+QPxII4V/eZ5xGiRY/EDUIAysEV2m0NNZgWi/twUnZICm7zYp
VRviJrBnFTvNEPMhiGRnJgQp/Krv4WIHQ67N8lQg3q5RJX8AAwUH/0UBjBgbsuWR
dB+ZYWjKPBy+bJY/6HefPUuLrt3QDNINMW8kY7VzWRMWyGc4IlPJDW0nwOn/vT5H
Dgc3YmA3tm7cKj5wpFijzff61Db8eq+CUKGscKxDBGzHq6oirM5U7DQLmipCs5Eb
efwHIjE3aOUSnoQmniEnBWI2hm/rftmY9oJSi8xgns4wAokDPiMcucADtbV3fznx
ppuowtBi8bcGB1vJZjTySQcSKWv+IVp5ej06uZ9501BEm6HxUZkuAGPecP65kcQu
5bg7B7LQeI5AWyujqvfuWgAF34xhl9QU/sDWxM3wUog+bw7y8pyWCqnJhp70yx8o
SqzhFygT62eISQQYEQIACQUCSb7/pwIbDAAKCRAwm8MFuq2uUq8PAKC1+E2pSwiS
oHXkKYPYDwApsP1mVACfRe1YnggLYQtG9LMeweVQQC77rK8=
=qyRr
-----END PGP PUBLIC KEY BLOCK-----
EOF
</code></pre><h1>设置本地编码</h1><pre><code>要将 CentOS 的本地区域设置更改为 `zh_CN.UTF-8`（中文简体UTF-8编码），你可以执行以下步骤：

1. 打开终端并以超级用户（root）权限登录，或者使用 sudo 进行操作。

2. 首先，查看可用的语言和区域设置：
localectl list-locales
确保 `zh_CN.UTF-8` 在列表中。

3. 设置系统的语言和区域设置为 `zh_CN.UTF-8`：
localectl set-locale LANG=zh_CN.UTF-8

4. 更新系统的区域设置配置：
source /etc/locale.conf

5. 重启系统以使更改生效：
reboot

在系统重新启动后，你的本地区域设置应该已经更改为 `zh_CN.UTF-8`。这将影响系统的界面语言、日期格式和其他相关设置。请注意，这仅更改系统级别的区域设置。对于特定用户的区域设置，可以使用 `~/.bashrc` 或 `~/.bash_profile` 文件进行自定义。</code></pre><h1>修改主机名</h1><pre><code>hostnamectl set-hostname master
#reboot</code></pre><h1>修改hosts</h1><pre><code>$ vim /etc/hosts                   
# 添加如下内容
    10.0.1.9 master
    10.0.1.5 node1</code></pre><h1>优化sshd</h1><pre><code>echo 'UseDNS no' &gt;&gt; /etc/ssh/sshd_config; systemctl restart sshd
yum update -y ca-certificates</code></pre><h1>优化sysctl参数、limits参数、systemd参数</h1><pre><code>cat &lt;&lt;'EOF'&gt;/etc/sysctl.conf
fs.file-max=11000000
fs.nr_open=11000000
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1000000
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.ip_local_port_range = 1024 65000
net.core.netdev_max_backlog = 16384
net.core.somaxconn = 16384
net.netfilter.nf_conntrack_max=1048576
EOF

cat &lt;&lt;'EOF'&gt;/etc/security/limits.conf
* soft nofile 10000000
* hard nofile 10000000
* soft nproc 10000000
* hard nproc 10000000
EOF

cat &lt;&lt;'EOF'&gt;/etc/systemd/system.conf
[Manager]
LogLevel=debug
DefaultLimitNOFILE=10000000
EOF

cat &lt;&lt;'EOF'&gt;/etc/systemd/user.conf
[Manager]
DefaultLimitNOFILE=10000000
EOF
</code></pre><h1>修改时区</h1><pre><code>rm -f /etc/localtime ; ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime</code></pre><h1>时间同步</h1><pre><code>yum install -y chrony
systemctl restart chronyd
systemctl enable chronyd
systemctl status chronyd</code></pre><h1>关闭selinux</h1><pre><code># 临时关闭selinux
setenforce 0
# 设置永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config</code></pre><h1>关闭交换分区</h1><pre><code># 临时关闭交换分区
swapoff -a
# 永久关闭交换分区
sed -i '/ swap / s/^/#/' /etc/fstab</code></pre><h1>关闭防火墙</h1><pre><code>systemctl disable firewalld
systemctl stop firewalld
iptables -t filter -F</code></pre><h1>安装基础软件</h1><pre><code># 安装基础软件
yum install -y tar curl wget telnet rsync net-tools  unzip tree

# 安装高级软件
yum install -y smem iftop dstat sysstat lrzsz traceroute tcpdump tshark bind-utils git-lfs git smem psmisc conntrack</code></pre><h1>配置网卡</h1><pre><code># 配置静态地址
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=&lt;interface&gt;
UUID=&lt;UUID&gt;
DEVICE=&lt;interface&gt;
ONBOOT=yes
IPADDR=&lt;your_static_ip&gt;
NETMASK=&lt;your_netmask&gt;
GATEWAY=&lt;your_gateway_ip&gt;
DNS1=&lt;your_dns_server_ip&gt;

# 配置动态地址
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=&lt;interface&gt;
UUID=&lt;UUID&gt;
DEVICE=&lt;interface&gt;
ONBOOT=yes

# 重启网卡
systemctl restart network</code></pre><h1>ip</h1><pre><code># 显示网络接口信息
ip a

# 显示路由表
ip route

# 配置IP地址和子网掩码
ip addr add &lt;IP地址&gt;/&lt;子网掩码位数&gt; dev &lt;接口名&gt;
ip addr add 192.168.1.2/24 dev eth0

# 启用或禁用接口
ip link set &lt;接口名&gt; up
ip link set &lt;接口名&gt; down

# 添加静态路由
ip route add &lt;目标网络&gt; via &lt;网关IP&gt;
ip route add 192.168.2.0/24 via 192.168.1.1

# 删除静态路由
ip route del &lt;目标网络&gt;
</code></pre><h1>proxychains</h1><pre><code>#1. 下载
#2. so文件放在/usr/lib64/proxychains-ng
#3. conf文件放在/etc/proxychains.conf
#4. proxychains文件放在/bin/或者别的地方也可以
mkdir -p /usr/lib64/proxychains-ng
cd /tmp
wget https://vip.123pan.cn/1815238395/download/proxychains/proxychains.tar.gz
tar xzvf proxychains.tar.gz 
mv libproxychains4.so /usr/lib64/proxychains-ng
mv proxychains.conf /etc/
mv proxychains /bin/</code></pre><h1>tcping</h1><pre><code>cd /bin
wget https://vip.123pan.cn/1815238395/download/tcping/amd64/tcping_Linux_static%202.0.0.tar.gz
tar xzvf tcping_Linux_static\ 2.0.0.tar.gz</code></pre><h1>nali</h1><pre><code>cd /bin
wget https://vip.123pan.cn/1815238395/download/nali/nali-linux-amd64-v0.7.3.gz
gunzip nali-linux-amd64-v0.7.3.gz
mv nali-linux-amd64-v0.7.3 nali
chmod a+x nali

mkdir -p ~/.local/share/nali
cd ~/.local/share/nali/
wget https://vip.123pan.cn/1815238395/download/nali/nali.share.tar.gz
tar xzvf nali.share.tar.gz

cd ~/.local/share/nali
wget https://vip.123pan.cn/1815238395/download/nali/qqwry.dat</code></pre><h1>trzsz</h1><pre><code>wget --no-check-certificate -O /tmp/trzsz_1.1.7_linux_x86_64.tar.gz http://filecdn.zcyun.cn/1815238395/download/tssh/trzsz_1.1.7/trzsz_1.1.7_linux_x86_64.tar.gz
cd /tmp
tar xvf trzsz_1.1.7_linux_x86_64.tar.gz
mv -f trzsz_1.1.7_linux_x86_64/* /bin/
rm -rf trzsz*</code></pre><h1>python</h1><pre><code># 使用本镜像站来升级 pip
pip install -i https://mirrors.ustc.edu.cn/pypi/web/simple pip -U
pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple</code></pre><h1>golang</h1><pre><code>export all_proxy=socks5://120.224.58.239:47891
wget https://golang.google.cn/dl/go1.21.1.linux-amd64.tar.gz
sudo tar xfz go1.21.1.linux-amd64.tar.gz -C /usr/local

cat &lt;&lt;'EOF'&gt;&gt; /etc/profile
export GOROOT=/usr/local/go
export GOPATH=$HOME/gowork
export GOBIN=$GOPATH/bin
export PATH=$GOPATH:$GOBIN:$GOROOT/bin:$PATH
EOF

source /etc/profile
</code></pre><h1>firewalld</h1><pre><code># 启动firewalld服务
sudo systemctl start firewalld

# 停止firewalld服务
sudo systemctl stop firewalld

# 重启firewalld服务
sudo systemctl restart firewalld

# 查看firewalld服务状态
sudo systemctl status firewalld

# 启用firewalld服务开机自启动
sudo systemctl enable firewalld

# 禁用firewalld服务开机自启动
sudo systemctl disable firewalld

# 查看防火墙规则列表
sudo firewall-cmd --list-all

# 查看已启用的防火墙服务
sudo firewall-cmd --list-services

# 开放端口（例如，打开SSH端口 22）
sudo firewall-cmd --add-port=22/tcp --permanent
sudo firewall-cmd --reload

# 开放服务（例如，打开HTTP服务）
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

# 移除端口或服务规则（例如，移除SSH端口规则）
sudo firewall-cmd --remove-port=22/tcp --permanent
sudo firewall-cmd --reload

# 显示防火墙状态（运行时信息）
sudo firewall-cmd --state

# 查看firewalld的版本信息
sudo firewall-cmd --version</code></pre><h1>ipsec</h1><pre><code># 需求
Intranet subnets: 172.17.165.249/32
Public network address: 1.222.209.74
密码：XXX

# ipsec.conf - strongSwan IPsec configuration file
# basic configuration

config setup
    uniqueids=never

conn %default
    authby=psk
    type=tunnel

conn To-Unitel-FirtiGate500E
    keyexchange=ikev1
    left=%any
    leftsubnet=172.17.165.249/32
    leftid=1.222.209.74
    right=2.182.106.164
    rightsubnet=10.120.54.115/32
    rightid=2.182.106.164
    auto=start
    ike=aes256-sha256-modp1024
    ikelifetime=28800s
    esp=aes256-sha256
    lifetime=3600
    type=tunnel
    closeaction=restart
    dpdaction=restart
    keyingtries=%forever

conn To-Unitel-FirtiGate100F
    keyexchange=ikev1
    left=%any
    leftsubnet=172.17.165.249/32
    leftid=8.222.209.74
    right=183.182.100.130
    rightsubnet=10.78.3.234/32
    rightid=183.182.100.130
    auto=start
    ike=aes256-sha256-modp1024
    ikelifetime=28800s
    esp=aes256-sha256
    lifetime=3600
    type=tunnel
    closeaction=restart
    dpdaction=restart
    keyingtries=%forever

# 密码文件
# ipsec.secrets - strongSwan IPsec secrets file
1.222.209.74 2.182.106.164 : PSK &quot;xxx&quot;

# 测试命令
## 查看状态
strongswan statusall
strongswan up xxx
strongswan down xxx

## 查看路由
ip xfrm policy

## 链路测试
traceroute -w 1 -d -n 1.62.111.200
</code></pre>

放置pubkey

查看版本

修改更新源

设置本地编码

修改主机名

修改hosts

优化sshd

优化sysctl参数、limits参数、systemd参数

修改时区

时间同步

关闭selinux

关闭交换分区

关闭防火墙

安装基础软件

配置网卡

ip

proxychains

tcping

nali

trzsz

python

golang

firewalld

ipsec

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

CentOS7系统初始化配置

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款