1.设置主机名2.添加用户3.防火墙设置4.网络设置5.配置服务6.升级系统7.添加外部软件源8.配置vim9.配置sudo10.设置时区11.设置键盘布局12.设置系统语言13.设置密码
1.设置主机名
1)更改主机名
#显示当前主机名
[iyunv@localhost ~]# hostname
localhost.localdomain #改变主机名
[iyunv@localhost ~]# hostname zby
[iyunv@localhost ~]# hostname
zby #只是改变 2)永久改变主机名
[iyunv@localhost ~]# hostnamectl set-hostname zby
#显示状态
[iyunv@localhost ~]# hostnamectl
Static hostname: zby
Icon name: computer-vm
Chassis: vm
Machine>
Boot> Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
#显示计算机名
[iyunv@localhost ~]# su - root
Last login: Sun Mar 11 21:48:43 CST 2018 from 172.31.253.253 on pts/0[iyunv@zby ~]# 2.添加用户
1)添加一个用户“zhang”作为下面的示例。
[iyunv@zby ~]# useradd zhang
[iyunv@zby ~]# passwd zhang
New password: #设置密码
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: #确认
passwd: all authentication tokens updated successfully.
[iyunv@zby ~]# exit #注销当前用户 2)尝试切换新添加用户
zby login: zhang #输入用户名password: #输入密码 #查看当前用户
[zhang@zby ~]$ whoami
zhang[zhang@zby ~]$ su - root #切换到root用户Password: #输入root用户密码[iyunv@zby ~]# #已切换到root用户 3)使用户只能够作为管理用户切换到root用户。
[iyunv@zby ~]# usermod -G wheel zhang
[iyunv@zby ~]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
4)转发到根用户的电子邮件到另一个用户,设置如下。
[iyunv@zby ~]# vi /etc/aliases # Person who should get root's mail
#最后一行:取消和更改用户
root: zhang
[iyunv@zby ~]# newaliases #加载 3.防火墙设置
1)可以显示防火墙的服务状态,如下所示。(默认启用)
[iyunv@zby ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2018-03-11 22:36:39 CST; 3s ago Main PID: 13164 (firewalld)
CGroup: /system.slice/firewalld.service
└─13164 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 11 22:36:38 zby systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 11 22:36:39 zby systemd[1]: Started firewalld - dynamic firewall daemon.
2)如果您使用防火墙服务,它需要修改它的设置,因为默认情况下不允许对服务的传入请求。在这里是指基本的操作和设置配置firewalld服务。
3)如果你因为一些原因不需要防火墙服务,需要停止并禁用它如下。
#停止服务
[iyunv@zby ~]# systemctl stop firewalld
#关闭服务
[iyunv@zby ~]# systemctl disable firewalld
4)显示SELinux的状态(安全增强的Linux)如下。(默认启用)
[iyunv@zby ~]# getenforceEnforcing #selinux是开启的 #关闭selinux
[iyunv@zby ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
#重新启动应用新设置
[iyunv@zby ~]# reboot
4.网络设置
1)设置静态IP,替换接口名称为"eth0"
#设置主机名
[iyunv@zby ~]# hostnamectl set-hostname zby
#显示网络设备
[iyunv@zby ~]# nmcli d
DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0 lo loopback unmanaged -- #设置IPV4地址
[iyunv@zby ~]# nmcli c modify eth0 ipv4.addresses 172.31.253.63/24
#设置默认网关
[iyunv@zby ~]# nmcli c modify eth0 ipv4.gateway 172.31.253.1
#设置域名解析
[iyunv@zby ~]# nmcli c modify eth0 ipv4.dns 211.138.24.66
#为静态设置设置手动(DHCP为“自动”)
[iyunv@zby ~]# nmcli c modify eth0 ipv4.method manual
#重新启动界面并重新加载设置
[iyunv@zby ~]# nmcli c down eth0; nmcli c up eth0
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/0)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
#显示网卡配置信息
[iyunv@zby ~]# nmcli d show eth0
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:50:56:8F:56:A5
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eth0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.31.253.63/24
IP4.GATEWAY: 172.31.253.1
IP4.DNS[1]: 211.138.24.66
IP4.DNS[2]: 211.138.30.66
IP6.ADDRESS[1]: fe80::250:56ff:fe8f:56a5/64
IP6.GATEWAY:
#显示网卡状态
[iyunv@zby ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:8f:56:a5 brd ff:ff:ff:ff:ff:ff inet 172.31.253.63/24 brd 172.31.253.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe8f:56a5/64 scope link valid_lft forever preferred_lft forever 2)关闭IPV6
[iyunv@zby ~]# vi /etc/default/grub #在第6行,添加
GRUB_CMDLINE_LINUX="crashkernel=auto ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"
#使更改生效
[iyunv@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01b
Found initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone
[iyunv@zby ~]# reboot 3)上面的接口名称的例子是“eth0”,但是如果您的系统安装在物理机器上,默认情况下该名称不是“ethX”。 然后如果你想使用网络接口名称“ethX”,配置如下。
[iyunv@zby ~]# vi /etc/default/grub #在第6行添加
GRUB_CMDLINE_LINUX="crashkernel=auto net.ifnames=0 ipv6.disable=1 rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet"
[iyunv@zby ~]# grub2-mkconfig -o /boot/grub2/grub.cfgGenerating grub configuration file ...Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.imgFound linux image: /boot/vmlinuz-0-rescue-1f96150fe7c04420b9e71c154be8c01bFound initrd image: /boot/initramfs-0-rescue-1f96150fe7c04420b9e71c154be8c01b.imgdone[iyunv@zby ~]# reboot 5.配置服务
1)查看服务状态
#显示正在运行的服务列表
[iyunv@zby ~]# systemctl -t service
UNIT LOAD ACTIVE SUB DESCRIPTIONauditd.service loaded active running Security Auditing Servicecrond.service loaded active running Command Schedulerdbus.service loaded active running D-Bus System Message Busgetty@tty1.service loaded active running Getty on tty1kdump.service loaded active exited Crash recovery kernel armingkmod-static-nodes.service loaded active exited Create list of required static device nodlvm2-lvmetad.service loaded active running LVM2 metadata daemonlvm2-monitor.service loaded active exited Monitoring of LVM2 mirrors, snapshots etclvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:2network.service loaded active exited LSB: Bring up/down networkingNetworkManager.service loaded active running Network Managerpolkit.service loaded active running Authorization Managerpostfix.service loaded active running Postfix Mail Transport Agentrhel-dmesg.service loaded active exited Dump dmesg to /var/log/dmesgrhel-import-state.service loaded active exited Import network configuration from initramrhel-readonly.service loaded active exited Configure read-only root supportrsyslog.service loaded active running System Logging Servicesshd.service loaded active running OpenSSH server daemonsystemd-journal-flush.service loaded active exited Flush Journal to Persistent Storagesystemd-journald.service loaded active running Journal Servicesystemd-logind.service loaded active running Login Servicesystemd-random-seed.service loaded active exited Load/Save Random Seedsystemd-remount-fs.service loaded active exited Remount Root and Kernel File Systemssystemd-sysctl.service loaded active exited Apply Kernel Variablessystemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Nodes in /devsystemd-tmpfiles-setup.service loaded active exited Create Volatile Files and Directoriessystemd-udev-trigger.service loaded active exited udev Coldplug all Devicessystemd-udevd.service loaded active running udev Kernel Device Managersystemd-update-utmp.service loaded active exited Update UTMP about System Boot/Shutdownsystemd-user-sessions.service loaded active exited Permit User Sessionssystemd-vconsole-setup.service loaded active exited Setup Virtual Consoletuned.service loaded active running Dynamic System Tuning Daemonvmware-tools.service loaded active running SYSV: Manages the services needed to run wpa_supplicant.service loaded active running WPA Supplicant daemonLOAD = Reflects whether the unit definition was properly loaded.ACTIVE = The high-level unit activation state, i.e. generalization of SUB.SUB = The low-level unit activation state, values depend on unit type.34 loaded units listed. Pass --all to see loaded but inactive units, too.To show all installed unit files use 'systemctl list-unit-files'. #显示所有服务
[iyunv@zby ~]# systemctl list-unit-files -t service
UNIT FILE STATE auditd.service enabled autovt@.service disabledblk-availability.service disabledbrandbot.service static console-getty.service disabledconsole-shell.service disabledcontainer-getty@.service static cpupower.service disabledcrond.service enabled dbus-org.freedesktop.hostname1.service static dbus-org.freedesktop.locale1.service static dbus-org.freedesktop.login1.service static dbus-org.freedesktop.machine1.service static dbus-org.freedesktop.network1.service invalid dbus-org.freedesktop.NetworkManager.service enabled dbus-org.freedesktop.nm-dispatcher.service enabled dbus-org.freedesktop.timedate1.service static dbus.service static debug-shell.service disableddm-event.service disableddnsmasq.service disableddracut-cmdline.service static 。。。。。。systemd-vconsole-setup.service static tcsd.service disabledteamd@.service static tuned.service enabled wpa_supplicant.service disabled139 unit files listed. 2)停止并关闭服务的自动启动设置。
[iyunv@zby ~]# systemctl stop postfix
[iyunv@zby ~]# systemctl disable postfix
Removed symlink /etc/systemd/system/multi-user.target.wants/postfix.service. 3)通过chkconfig控制一些服务是否自动启动。
[iyunv@zby ~]# chkconfig --list Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off
#例如,关闭netconsole的自动启动设置
[iyunv@zby ~]# chkconfig netconsole off
6.升级系统
1)安装CentOS后,如有可能,请先更新系统。
[iyunv@zby ~]# yum -y update。。。。。yum.noarch 0:3.4.3-154.el7.centos.1 yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 zlib.x86_64 0:1.2.7-17.el7 Replaced: NetworkManager.x86_64 1:1.0.6-27.el7 grub2.x86_64 1:2.02-0.29.el7.centos grub2-tools.x86_64 1:2.02-0.29.el7.centos pygobject3-base.x86_64 0:3.14.0-3.el7 rdma.noarch 0:7.2_4.1_rc6-1.el7 Complete! 7.添加外部软件源
添加一些有用的外部存储库来安装有用的软件。
1)安装一个插件为每个已安装的存储库添加优先级。
[iyunv@zby ~]# yum -y install yum-plugin-prioritiesDownloading packages:yum-plugin-priorities-1.1.31-42.el7.noarch.rpm | 27 kB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Verifying : yum-plugin-priorities-1.1.31-42.el7.noarch 1/1 Installed: yum-plugin-priorities.noarch 0:1.1.31-42.el7 Complete! #将[priority = 1]设置为官方存储库
[iyunv@zby ~]# sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/CentOS-Base.repo
2)添加从Fedora项目提供的EPEL存储库。
[iyunv@zby ~]# yum -y install epel-releaseRunning transaction Installing : epel-release-7-9.noarch 1/1 Verifying : epel-release-7-9.noarch 1/1 Installed: epel-release.noarch 0:7-9 Complete! # 设置[priority=5]
[iyunv@zby ~]# sed -i -e "s/\]$/\]\npriority=5/g" /etc/yum.repos.d/epel.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[iyunv@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
#如果[enabled = 0],输入命令以使用存储库
[iyunv@zby ~]# yum --enablerepo=epel install [Package]
3)添加CentOS SCLo软件集合存储库。
[iyunv@zby ~]# yum -y install centos-release-scl-rh centos-release-scl
#设置[priority=10]
[iyunv@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[iyunv@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[iyunv@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl.repo
[iyunv@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
#如果[enabled = 0],输入命令以使用存储库
[iyunv@zby ~]# yum --enablerepo=centos-sclo-rh install [Package]
[iyunv@zby ~]# yum --enablerepo=centos-sclo-sclo install [Package]
4)添加Remi的RPM存储库,它提供了许多有用的软件包。
[iyunv@zby ~]# yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# 设置 [priority=10]
[iyunv@zby ~]# sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/remi-safe.repo
#换另一种方式,更改为[enabled = 0]并仅在需要时使用它
[iyunv@zby ~]# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/remi-safe.repo
#if [enabled = 0],输入命令以使用存储库
[iyunv@zby ~]# yum --enablerepo=remi-safe install [Package]
8.配置vim安装和配置比vi更方便的vim。1)安装vim
[iyunv@zby ~]# yum -y install vim-enhanced Installed: vim-enhanced.x86_64 2:7.4.160-2.el7 Dependency Installed: gpm-libs.x86_64 0:1.20.7-5.el7 vim-common.x86_64 2:7.4.160-2.el7 vim-filesystem.x86_64 2:7.4.160-2.el7
Complete!
2)设置命令别名。 (适用于下面的所有用户,如果你申请了一个用户,在'〜/ .bashrc'中写入相同的设置)
[iyunv@zby ~]# vi /etc/profile #在最后一行添加
alias vi='vim'
[iyunv@zby ~]# source /etc/profile #重新加载环境变量 3)配置vim。 (适用于下面的用户,如果适用于所有用户,在'/ etc / vimrc'中写入相同的设置,但默认情况下会应用一些设置。)
[iyunv@zby ~]# vi ~/.vimrc #使用vim的扩展功能(不兼容vi)
set nocompatible
#指定编码
set encoding=utf-8
#指定文件编码
set fileencodings=ucs-bom,utf-8,cp936
#指定文件格式
set fileformats=unix,dos
#采取备份,如果没有,请指定[set nobackup]
set backup
#指定备份目录
set backupdir=~/backup
#采取50个搜索历史
set history=50
#忽略Case
set ignorecase
#不同的资本,如果你混合搜索词
set smartcase
#突出显示匹配的词,如果不是,请指定[set nohlsearch]
set hlsearch
#使用增量搜索,如果没有,请指定[set noincsearch]
set incsearch
#显示行号,如果不是,请指定[set nonumber]
set number
#可视化中断($)或标签(^ I)
set list
#突出显示括号
set showmatch
#显示彩色显示,如果没有,请指定[语法关闭]
syntax on
#如果已设置,则更改注释的颜色[语法]
highlight comment ctermfg=LightCyan
#包装线,如果没有,请指定[set nowrap]
set wrap
9.配置sudo
配置sudo以分离用户的责任,如果一些人共享特权。不必手动安装sudo,因为即使“最小安装”,它也是默认安装的。
1)将root权限转移给用户all。
[iyunv@zby ~]# visudo#在最后一行添加:用户'cent'可以使用所有root权限zhang ALL=(ALL) ALL#如何写⇒目的地主机=(所有者)命令 #确保用户‘zhang’
[iyunv@zby ~]# su - zhang
[zhang@zby ~]$ /usr/bin/cat /etc/shadow
sr/bin/cat: /etc/shadow: Permission denied[zhang@zby ~]$ sudo /usr/bin/cat /etc/shadow 。。。。。。
tss:!!:17586::::::
postfix:!!:17586::::::
sshd:!!:17586::::::
zhang:$6$ETtOLDOY$X9Y.WbsuwwJT.Ir7Zb9UPZHv45Ox4aZv1Ndx7p6Ef4CfOnN3ztzBpAtJ3kL7qYnuncr86pGcsWJPER2J3QI7n.:17601:0:99999:7:::
10.设置时区在下面的示例中替换为您自己的时区。
#显示时区[iyunv@zby ~]# timedatectl list-timezones 。。。。。。
Asia/Qyzylorda
Asia/Riyadh
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
Asia/Taipei
Asia/Tashkent
Asia/Tbilisi
#设置时区
[iyunv@zby ~]# timedatectl set-timezone Asia/Shanghai
#显示状态
[iyunv@zby ~]# timedatectl
Local time: Mon 2018-03-19 22:18:49 CST
Universal time: Mon 2018-03-19 14:18:49 UTC
RTC time: Mon 2018-03-19 14:18:48
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: n/aNTP
synchronized: no RTC in local
TZ: no
DST active: n/a
11.设置键盘布局
#显示当前键盘布局状态
[iyunv@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
#显示键盘映射列表
[iyunv@zby ~]# localectl list-keymaps
。。。。。。
ukunicode
us
us-acentos
us-alt-intl
us-altgr-intl
us-colemak
us-dvorak
us-dvorak-alt-intl
us-dvorak-classic
us-dvorak-intl
us-dvorak-l
us-dvorak-r
us-dvp
#设置键盘布局
[iyunv@zby ~]# localectl set-keymap us
#显示键盘布局状态
[iyunv@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
12.设置系统语言
在下面的示例中替换为您自己的语言。
#显示当前状态
[iyunv@zby ~]# localectl
System Locale:.UTF-8
VC Keymap: us
X11 Layout: us
#显示语言环境列表
[iyunv@zby ~]# localectl list-locales
。。。。。。
en_US
en_US.iso88591
en_US.iso885915
en_US.utf8
#设置区域语言
[iyunv@zby ~]# localectl set-locale.utf8
#显示语言状态
[iyunv@zby ~]# localectl
System Locale:.utf8
VC Keymap: us
X11 Layout: us
13.设置密码
出于安全原因设置密码规则。
1)设置密码过期的天数。用户必须在几天内更改密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -M(days)(user)”。
[iyunv@zby ~]# vi /etc/login.defs #第25行:为密码过期设置60
PASS_MAX_DAYS 60
2)设置可用密码的最短天数。至少在改变它之后,用户必须至少使用他们的密码。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -m(days)(user)”
[iyunv@zby ~]# vi /etc/login.defs #第26行:设置2为可用天数
PASS_MIN_DAYS 2
3)在到期前设置警告的天数。此设置仅在创建用户时才会产生影响,而不会影响到现有用户。如果设置为现有用户,请运行命令“chage -W(days)(user)”。
[iyunv@zby ~]# vi /etc/login.defs #第28行:为警告天数设置7
PASS_WARN_AGE 7
4)使用过去使用的密码进行限制。在这一代中,用户不能设置相同的密码。
[iyunv@zby ~]# vi /etc/pam.d/system-auth #第15行附近:禁止在过去的5代中使用相同的密码
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
5)设置最小密码长度。用户不能将其密码长度设置为小于此参数。
#为最小密码长度设置8
[iyunv@zby ~]# authconfig --passminlen=8 --update
#该参数在下面的配置中设置
[iyunv@zby ~]# grep "^minlen" /etc/security/pwquality.conf
minlen = 8 6)为新密码设置所需的最少字符类数。 (种类⇒UpperCase / LowerCase / Digits / Others)
#设置2以获取所需字符类别的最小数量
[iyunv@zby ~]# authconfig --passminclass=2 --update
#该参数在下面的配置中设置
[iyunv@zby ~]# grep "^minclass" /etc/security/pwquality.conf
minclass = 2 7)在新密码中设置允许的连续相同字符的最大数量。
#为允许的连续相同字符的最大数量设置2
[iyunv@zby ~]# authconfig --passmaxrepeat=2 --update
#该参数在下面的配置中设置
[iyunv@zby ~]# grep "^maxrepeat" /etc/security/pwquality.conf
maxrepeat = 2 8)在新密码中设置同一类的最大允许连续字符数。
#设置4为同一类的最大允许连续字符数
[iyunv@zby ~]# authconfig --passmaxclassrepeat=4 --update
#该参数在下面的配置中设置
[iyunv@zby ~]# grep "^maxclassrepeat" /etc/security/pwquality.conf
maxclassrepeat = 4 9)新密码中至少需要一个小写字符。
[iyunv@zby ~]# authconfig --enablereqlower --update #该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[iyunv@zby ~]# grep "^lcredit" /etc/security/pwquality.conf
lcredit = -1 10)新密码中至少需要一个大写字符。
[iyunv@zby ~]# authconfig --enablerequpper --update #该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[iyunv@zby ~]# grep "^ucredit" /etc/security/pwquality.conf
ucredit = -1 11)新密码中至少需要一位数字。
[iyunv@zby ~]# authconfig --enablereqdigit --update #该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[iyunv@zby ~]# grep "^dcredit" /etc/security/pwquality.conf
dcredit = -1 12)新密码中至少需要一个其他字符。
[iyunv@zby ~]# authconfig --enablereqother --update #该参数在下面的配置中设置#(如果你想编辑值,用vi和其他编辑)
[iyunv@zby ~]# grep "^ocredit" /etc/security/pwquality.conf
ocredit = -1 13)在新密码中设置单调字符序列的最大长度。 (ex⇒'12345','fedcb')
[iyunv@zby ~]# vi /etc/security/pwquality.conf #在最后一行添加
maxsequence = 3
14)设置旧密码中不能出现的新密码中的字符数。
[iyunv@zby ~]# vi /etc/security/pwquality.conf #在最后一行添加
difok = 5
15)检查新密码中是否包含用户passwd项的GECOS字段中长度超过3个字符的单词。
[iyunv@zby ~]# vi /etc/security/pwquality.conf #在最后一行添加
gecoscheck = 1
16)设置不能包含在密码中的Ssace分隔列表。
[iyunv@zby ~]# vi /etc/security/pwquality.conf #在最后一行添加
badwords = denywords1 denywords2 denywords3
17)为新密码设置散列/密码算法。 (默认是sha512)
#显示当前算法
[iyunv@zby ~]# authconfig --test | grep hashing
password hashing algorithm is sha512 #将算法更改为sha512
[iyunv@zby ~]# authconfig --passalgo=sha512 --update
[iyunv@zby ~]# authconfig --test | grep hashing
password hashing algorithm is sha512 | 
QQ群⑧:
窥视卡
雷达卡
发表于 2018-4-19 13:56:52
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡