CentOS 7
网络设置
配置网卡自启动
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
# 修改
BOOTPROTO="static"
ONBOOT=yes
# 添加
IPADDR=192.168.123.11
GATEWAY=192.168.123.2
NETMASK=255.255.255.0
DNS服务器
vim /etc/resolv.conf
nameserver 114.114.114.114
nameserver 8.8.8.8
重启网络
systemctl restart network
安装网络工具
yum install net-tools
配置源
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
vim /etc/yum.repos.d/CentOS-Base.repo
:%s/mirror.centos.org/mirrors.163.com/g
yum clean all
yum makecache
服务管理
启动服务
systemctl start httpd
停止服务
systemctl stop httpd
重启服务
systemctl restart httpd
重新加载
systemctl reload httpd
显示服务状态
systemctl status httpd
启用服务
systemctl enable httpd
禁用服务
systemctl disable httpd
检查服务状态
systemctl is-enabled httpd
列举出所有服务的指令
systemctl list-unit-files --type=service
iptables设置
安装iptables服务
yum install -y iptables-services
设置iptables服务
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -L -v
保存iptables设置
service iptables save
配置iptables设置
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
重启iptables服务
systemctl restart iptables
自启动iptables服务
systemctl enable iptables
时间设置
查看当前时间
timedatectl
设置当前时区
timedatectl set-timezone Asia/Shanghai
开启网络时间同步
timedatectl set-ntp 1
Firewalld防火墙
永久打开一个端口
firewall-cmd --permanent --zone=public --add-port=8080/tcp
永久关闭一个端口
firewall-cmd --permanent --zone=public --remove-port=8080/tcp
永久打开某项服务
firewall-cmd --permanent --zone=public --add-service=http
永久关闭某项服务
firewall-cmd --permanent --zone=public --remove-service=http
进行端口转发
firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55
允许转发到其他地址
firewall-cmd --permanent --zone=public --add-masquerade
列出激活的zone
firewall-cmd --get-active-zones
列出所有的zone
firewall-cmd --list-all-zones
列出默认zone的详细信息
firewall-cmd --list-all
将接口移动到另一个zone
firewall-cmd --zone=work --change-interface=enp0s8
重新加载防火墙
firewall-cmd --reload
富语言
指定ip访问端口
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.3" port port="6060" protocol="tcp" accept'
参考地址
https://fedoraproject.org/wiki/FirewallD/zh-cn
禁用iptables
yum install iptables-services
systemctl stop iptables
systemctl disable iptables
服务自启动
创建启动文件
/usr/lib/systemd/system/fibjs.service
[Unit]
Description=Fibjs
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/root/tool/fibjs.pid
ExecStart=/usr/local/bin/fibjs /root/tool/main.js
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=always
PrivateTmp=true
[Install]
WantedBy=multi-user.target
/usr/lib/systemd/system/gitautoupdate.service
[Unit]
Description=Git Auto Update
After=syslog.target
After=network.target
[Service]
Type=simple
ExecStart=/bin/su www -s /bin/bash /home/wwwroot/gitupdate.sh
Restart=always
[Install]
WantedBy=multi-user.target
启动服务
systemctl enable fibjs
相当于
ln -s '/usr/lib/systemd/system/fibjs.service' '/etc/systemd/system/multi-user.target.wants/fibjs.service'
enable 默认是从/usr/lib/systemd/system目录找fibjs.service文件
服务修改重新加载
systemctl daemon-reload
查看端口
netstat -tunpl | grep 80
lsof -i -n -P
查看流量使用
总流量消耗
ifconfig
RX packets 0 bytes 0 (0.0 B) # 收到的数据
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B) # 发送的数据
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
实时查看
yum install -y epel-release
yum install -y iftop
iftop