Kashe da Cire Ayyukan da Ba'a so akan RHEL/CentOS 7 Ƙaramar Shigarwa
RHEL/CentOS 7 ƙaramin shigarwa don sabobin yana zuwa tare da wasu tsoffin ayyukan da aka riga aka shigar, kamar su Postfix Agent Canja wurin daemon, Avahi mdns daemon (Tsarin Sunan Domain Multicast) da Chrony sabis, wanda ke da alhakin kula da agogon tsarin.
Yanzu ya zo ga tambaya.. Me ya sa wed bukatar musaki duk wadannan ayyuka. idan an riga an shigar dasu? Ɗaya daga cikin babban dalilin shine ƙara darajar matakin tsaro na tsarin, dalili na biyu shine tsarin karshe makoma kuma na uku shine albarkatun tsarin.
- Ƙarancin Shigarwa na CentOS 7
- RHEL 7 Karamin Shigarwa
Idan kuna shirin amfani da sabon shigar da kuka shigar RHEL/CentOS 7 don karɓar bakuncin, bari mu ce, ƙaramin gidan yanar gizo wanda ke gudana akan Apache ko Nginx, ko don samar da ayyukan cibiyar sadarwa kamar DNS , DHCP, PXE boot, FTP uwar garken, da dai sauransu ko wasu ayyuka waɗanda ba sa buƙatar gudanar da Postifx MTA daemon, Chrony ko Avahi daemon, to me yasa za mu ci gaba da shigar da duk waɗannan daemons marasa amfani ko ma suna gudana akan sabar ku.
Babban sabis na waje wanda uwar garken ku ke buƙatar gaske don gudanar da shi bayan kun yi ƙaramin shigarwa zai zama kawai daemon SSH, don ba da damar shiga nesa a kan tsarin, kuma, a wasu lokuta, sabis na NTP, zuwa daidaita daidai agogon cikin uwar garken ku tare da sabar NTP na waje.
Kashe/Cire Postfix MTA, Avahi da Sabis na Zamani
1. Bayan an gama shigarwa, shiga cikin uwar garken ku tare da asusun root ko mai amfani da tushen gata kuma aiwatar da sabunta tsarin, don tabbatar da cewa na'urar ku ta zamani tare da duk fakiti da tsaro. faci.
# yum upgrade
2. Mataki na gaba shine shigar da wasu kayan aiki masu amfani ta amfani da YUM Package Manager, kamar net-tools (wannan kunshin yana samar da tsofaffin
amma mai kyau ifconfig umarni), nano editan rubutu, wget da curl don canja wurin URL, lsof (don lissafta buɗaɗɗen fayilolinku) da bash-completion, wanda ke cika umarnin da aka buga ta atomatik.
# yum install nano bash-completion net-tools wget curl lsof
3. Yanzu za ka iya fara kashewa da cire pre-shigar maras so sabis. Da farko sami jerin duk ayyukan da aka kunna da gudana ta hanyar gudanar da netstat umarni a kan TCP, UDP da Sockets na cibiyar sadarwa na Jiha.
# netstat -tulpn ## To output numerical service sockets # netstat -tulp ## To output literal service sockets
4. Kamar yadda kuke gani an fara Postfix kuma yana sauraron localhost akan tashar jiragen ruwa 25, Avahi daemon yana ɗaure akan duk Interfaces na cibiyar sadarwa kuma sabis na Chronyd yana ɗaure a kunne. localhost da duk hanyoyin sadarwa na yanar gizo akan tashoshin jiragen ruwa daban-daban. Ci gaba tare da cire sabis na MTA na Postfix ta hanyar ba da umarni masu zuwa.
# systemctl stop postfix # yum remove postfix
5. Na gaba cire sabis na Chronyd, wanda za a maye gurbinsa da uwar garken NTP, ta hanyar ba da umarni masu zuwa.
# systemctl stop chronyd # yum remove chrony
6. Yanzu lokaci ya yi da za a cire Avahi daemon. Ga alama a cikin RHEL/CentOS 7 Avahi daemon yana da ƙarfi sosai kuma ya dogara da sabis na Manajan hanyar sadarwa. Yin cirewar Avahi daemon na iya barin tsarin ku ba tare da wani haɗin yanar gizo ba.
Don haka, kula da wannan matakin. Idan da gaske kuna buƙatar saitin hanyar sadarwa ta atomatik wanda Manajan hanyar sadarwa ya samar ko kuna buƙatar gyara abubuwan mu'amalar ku
ta hanyar nmtui cibiyar sadarwa da mai amfani, to kawai ka tsaya ka kashe Avahi daemon kuma kada ka cire komai.
Idan har yanzu kuna son cire wannan sabis ɗin gabaɗaya to dole ne ku shirya fayilolin daidaitawar hanyar sadarwa da hannu waɗanda ke cikin /etc/sysconfig/network-scripts/ifcfg-interface_name, sannan fara kuma kunna sabis na sadarwar.
Ba da umarni masu zuwa don cire Avahi mdns daemon. Tsanaki: Kada kayi ƙoƙarin cire Avahi daemon idan kun haɗa ta hanyar SSH.
# systemctl stop avahi-daemon.socket avahi-daemon.service # systemctl disable avahi-daemon.socket avahi-daemon.service
--------- Stop here if you don't want removal --------- # yum remove avahi-autoipd avahi-libs avahi
7. Ana buƙatar wannan matakin ne kawai idan kun cire Avahi daemon kuma haɗin yanar gizon ku ya lalace kuma kuna buƙatar sake saita Network Interface Card da hannu.
Don shirya NIC ɗin ku don amfani da IPv6 da Adireshin IP na tsaye, je zuwa hanyar /etc/sysconfig/network-scripts/ hanyar, buɗe fayil ɗin NIC interface. (yawanci katin farko ana kiransa ifcfg-eno1677776 kuma an riga an saita shi ta hanyar Mai sarrafa hanyar sadarwa) kuma yi amfani da abin da ke gaba a matsayin jagora idan kuna
hanyar sadarwa ba ta da tsari.
IPV6INIT=no
IPV6_AUTOCONF=yes
BOOTPROTO=none
DEVICE=eno16777736
ONBOOT=yes
UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0
TYPE=Ethernet
#DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME="System eno16777736"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
HWADDR=00:0C:29:E2:06:E9
IPADDR=192.168.1.25
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
Mafi mahimmancin saituna anan yakamata kuyi la'akari dasu sune:
- BOOTPROTO - Saita zuwa babu ko a tsaye - don adireshin IP na tsaye.
- ONBOOT - Saita zuwa e - don kawo abin dubawa bayan sake kunnawa.
- DEFROUTE - Bayanin da aka yi sharhi tare da # ko kuma an cire gaba ɗaya - kar a yi amfani da hanyar da ta dace (Idan kuna amfani da ita a nan ya kamata ku ƙara DEFROUTE: a'a zuwa duk hanyoyin sadarwa na cibiyar sadarwa, ba a yi amfani da su azaman tsoho ba. hanya).
8. Idan ababen more rayuwa suna da uwar garken DHCP wanda ke ba da adiresoshin IP kai tsaye, yi amfani da bayanan da ke gaba don Kanfigareshan Hanyoyin Sadarwar Sadarwa.
IPV6INIT=no IPV6_AUTOCONF=yes BOOTPROTO=dhcp DEVICE=eno16777736 ONBOOT=yes UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0 TYPE=Ethernet ##DEFROUTE=no IPV4_FAILURE_FATAL=no IPV6_DEFROUTE=no IPV6_FAILURE_FATAL=no NAME="System eno16777736" IPV6_PEERDNS=yes IPV6_PEERROUTES=yes HWADDR=00:0C:29:E2:06:E9
Daidai da daidaitawa tare da Adireshin IP Static, tabbatar da cewa an saita BOOTPROTO zuwa dhcp, ana sharhi ko cire DEFROUTE sannan an saita na'urar zuwa ga farawa ta atomatik akan taya. Idan baku amfani da IPv6 kawai cire ko sharhi duk layin da ke ɗauke da IPV6.
9. Domin yin amfani da sabbin saitunan hanyoyin sadarwar sadarwar ku dole ne ku sake kunna sabis na cibiyar sadarwa. Bayan kun sake kunna daemon na cibiyar sadarwa yi amfani da ifconfig
ko ip addr show umarni don samun saitunan haɗin yanar gizon ku kuma gwada yin ping sunan yanki don ganin ko cibiyar sadarwa tana aiki.
# service network restart ## Use this command before systemctl # chkconfig network on # systemctl restart network # ifconfig # ping domain.tld
10. A matsayin saitin ƙarshe ka tabbata ka saita suna don tsarin hostname ta amfani da hostnamectl utility kuma duba tsarinka tare da umarnin hostname.
# hostnamectl set-hostname FQDN_system_name # hostnamectl status # hostname # hostname -s ## Short name # hostname -f ## FQDN name
11. Shi ke nan! A matsayin gwajin ƙarshe na gudanar da netstat sake yin umarni don ganin irin ayyukan da ke gudana akan tsarin ku.
# netstat -tulpn # netstat -tulp
12. Bayan uwar garken SSH, idan cibiyar sadarwar ku tana amfani da DHCP don cire saitunan IP mai ƙarfi, abokin ciniki na DHCP ya kamata ya yi aiki kuma ya kasance mai aiki akan tashoshin UDP.
# netstat -tulpn
13. A matsayin madadin amfani da netstat za ku iya fitar da sockets na cibiyar sadarwar ku tare da taimakon Sockets Statistics umurnin.
# ss -tulpn
14. Sake yi uwar garken ku kuma gudanar da systemd-analize umarni don tantance aikin lokacin boot-up na tsarin kuma, kuma, yi amfani da free da Disk
Umurni na kyauta don nuna ƙididdigar RAM da HDD da saman umarni don ganin saman kayan aikin da aka fi amfani da su.
# free -h # df -h # top
Taya murna! Yanzu kuna da tsaftataccen muhallin tsarin RHEL/CentOS 7 tare da ƙarancin shigar da ayyuka da gudana da ƙarin albarkatu don daidaitawa na gaba.
Karanta Hakanan: Tsaya kuma Kashe Ayyukan da ba'a so daga Linux