CentOS 常用配置方法是怎样的

CentOS 简介

CentOS(Community Enterprise Operating System,中文称为“社区企业操作系统”)是一个基于Linux的开源操作系统，它是由Red Hat公司的一个开发者社区创建和维护的，目的是为了提供一个免费、稳定、安全的操作系统替代品，CentOS广泛应用于服务器、桌面计算机以及嵌入式设备等领域。

安装 CentOS

1、下载 CentOS 镜像文件

我们需要从官方网站(https://www.centos.org/download/)下载 CentOS 的 ISO 镜像文件，选择适合自己硬件架构的版本，如 x86_64(64 位)或 i386(32 位)。

2、制作启动盘

将下载好的 ISO 镜像文件刻录到 U盘或者光盘上，制作成启动盘，这样在安装过程中就可以从该启动盘启动电脑了。

3、安装 CentOS

重启电脑，进入 BIOS 设置，将启动顺序设置为从 U盘或者光盘启动，然后按照屏幕提示进行安装。

常用配置方法

1、更新系统

在安装完成后，建议立即更新系统，以获取最新的安全补丁和功能，打开终端，输入以下命令：

sudo yum update

2、查看系统信息

要查看系统的基本信息，可以使用以下命令：

cat /etc/os-release

3、修改主机名(hostname)

为了方便识别和管理，可以修改主机名为一个有意义的名称，查看当前主机名：

hostname

使用以下命令修改主机名：

sudo hostnamectl set-hostname new_hostname

4、配置 SSH 服务(SSH)

SSH 是用于远程登录和管理服务器的安全协议，要启用并配置 SSH 服务，可以按照以下步骤操作：

1、安装 OpenSSH 服务：

sudo yum install openssh-server openssh-clients -y

2、启动并设置开机自启动 SSH 服务：

sudo systemctl start sshd.service
sudo systemctl enable sshd.service

3、修改 SSH 配置文件：

编辑 /etc/ssh/sshd_config 文件，根据需要修改相关配置，如端口号、最大连接数等，将端口号修改为 2222:

Port 2222

4、重启 SSH 服务使配置生效：

sudo systemctl restart sshd.service

5、为远程用户设置密码(可选):如果需要允许用户通过 SSH 登录服务器，可以为每个用户设置密码，添加用户：

sudo useradd username_without_spaces --create-home --shell /bin/bash --groups adm,sudo,dip,plugdev,lpadmin --password your_password_here username_without_spaces@localhost && echo 'username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/username_without_spaces && echo 'username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> /etc/pam.d/common-password && echo 'username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> /etc/shadow || exit $?; echo "${USER} ALL=(ALL) NOPASSWD: ALL" | (umask 077 && chpasswd) || exit $?; usermod -aG sudo username_without_spaces || exit $?; usermod -aG dip username_without_spaces || exit $?; usermod -aG plugdev username_without_spaces || exit $?; usermod -aG lpadmin username_without_spaces || exit $?; sudo visudo && echo '%username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> %sudo%/etc/sudoers.d/username_without_spaces && echo '%username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> %sudo%/etc/pam.d/common-password && echo '%username_without_spaces ALL=(ALL) NOPASSWD: ALL' >> %sudo%/etc/shadow && echo '%username_without_spaces ALL=(ALL) NOPASSWD: ALL' >&4 && cat >>%sudo%/etc/pam.d/common-password <<EOT password    requisite     pam_pwquality.so tryfirst passwd minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 \mdparms minclass=3\mdparms minlen=8 ucredit=-1 lcredit=-1 \mdparms useauthtok \mdparms remember=5 days \mdparms secure => required\EOT && echo '%username_without_spaces ALL=(ALL) NOPASSWD: ALL' >&4 && cat >>%sudo%/etc/pam.d/common-password <<EOT password    requisite     pam_pwquality.so tryfirst passwd minlen=8 ucredit=-1 lcredit=-1 \mdparms minclass=3\mdparms minlen=8 ucredit=-1 lcredit=-1 \mdparms useauthtok \mdparms remember=5 days \mdparms secure => required\EOT && echo 'username_without_spaces ALL = (ALL) NOPASSWD: ALL' >&4 && cat >>%sudo%/etc/pam.d/su <<EOT password    requisite     pam_pwquality.so tryfirst minlen=8 ucredit=-1 lcredit=-1 \mdparms minclass=3\mdparms minlen=8 ucredit=-1 lcredit=-1 \mdparms useauthtok \mdparms remember=5 days \mdparms secureEOT && echo 'username_without_spaces ALL = (ALL) NOPASSWD: ALL' >&4 && cat >>%sudo%/etc/pam.d/su <<EOT auth        sufficient     pam_rootok.so root ok=
auth        sufficient     pam_unix.so nullok=
auth        sufficient     pam_securetty.so ensure = mode::change == ask
account         required      pam_tally2.so deny=5 unlock_time=900
account         required      pam_tally2.so deny=7 unlock_time=900
session         required      pam_loginuid.so session
session         [default=15] pam_lastlog.so warn=300
session         [default=15] pam_succeed_if.so service != shutdown
session         [default=15] pam_time.so time=
session         [default=15] pam_faillock.so authfail
session         [default=15] pam_denyuser.so
session         [default!~unmanaged] pam_mkhomedir.so umask=
session         [default!~unmanaged] pam_fileperms.so umask=
session         [default!~unmanaged] pam_access.so
session         [default!~unmanaged] pam_envmailaddr.so
session         [default!~unmanaged] pam_warnPAMFailure.so
session         [success=1 default=ignore] pam_succeed_if.so service != shutdown
Uncomment the following line to require a user to be in the "users" group.
account required pam_wheel.so group=users
Uncomment the following line if you want root to lock the session after failed attempts for three times or more from a single IP address and log the fail attempt with id and date of login to the specified file with name "authfail" using the following command:
authfail audit deny=3 unlocktime=900
Uncomment the following line if you want root to lock the session after failed attempts for three times or more from a single IP address and log the fail attempt with id and date of login to the specified file with name "authfail" using the following command:
authfail audit deny=3 unlocktime=900
mkhomedir     specify=%h
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory create temp dirs before creating a new one
mktemp       directory