Saitin Sabar Farko da Tsare-tsare akan CentOS 7

Wannan koyawa za ta yi bayanin matakan farko na asali da kuke buƙatar bi bayan shigar da ƙaramin tsarin CentOS 7 ba tare da yanayin hoto ba don samun bayanai game da tsarin da aka shigar, kayan aikin da ke saman wanda ke tafiyar da tsarin kuma saita wasu takamaiman ayyukan tsarin, kamar sadarwar yanar gizo, tushen gata, software, ayyuka da sauransu.

1. Ƙarancin Shigarwa na CentOS 7

Muhimmi: Masu amfani da RHEL 7, za su iya bin wannan labarin don yin Saitin Sabar Farko akan RHEL 7.

Sabunta tsarin CentOS 7

Mataki na farko da kuke buƙatar aiwatarwa akan sabon tsarin CentOS da aka shigar shine tabbatar da cewa tsarin ya yi zamani tare da sabbin kernel da facin tsaro na tsarin, ma'ajin software da fakiti.

Don cikakken sabunta tsarin CentOS 7, ba da umarni masu zuwa tare da tushen gata.

# yum check-update
# yum upgrade

Bayan an kammala aikin haɓakawa, don sakin sararin faifai za ku iya cire duk fakitin da aka zazzage waɗanda inda aka yi amfani da su wajen haɓakawa tare da duk bayanan ma'ajin ajiya ta hanyar aiwatar da umarni mai zuwa.

# yum clean all

Shigar da Abubuwan Utilities akan CentOS 7

Fakitin kayan aiki masu zuwa na iya tabbatar da cewa suna da amfani don gudanar da tsarin yau da kullun: nano (editan rubutu don maye gurbin lsof (kayan aiki don gudanar da sadarwar gida) da bash-complete (layin umarni autocomplete).

Sanya su duka a cikin harbi ɗaya ta aiwatar da umarnin da ke ƙasa.

# yum install nano wget curl net-tools lsof bash-completion

Saita hanyar sadarwa a cikin CentOS 7

CentOS 7 yana da kayan aiki da yawa waɗanda za a iya amfani da su don daidaitawa da sarrafa hanyar sadarwa, daga gyara fayil ɗin daidaitawar hanyar sadarwa da hannu zuwa amfani da umarni kamar nmcli ko hanya.

Mafi sauƙi mai amfani mai farawa zai iya amfani da shi don sarrafawa da canza saitunan cibiyar sadarwa shine layin umarni na hoto nmtui.

Domin canza sunan mai masaukin tsarin ta hanyar nmtui utility, aiwatar da umarnin nmtui-hostname, saita sunan mai masaukin injin ku kuma danna Ok don gamawa, kamar yadda aka kwatanta a hoton da ke ƙasa.

# nmtui-hostname

Don sarrafa hanyar sadarwa ta hanyar sadarwa, aiwatar da umarnin nmtui-edit, zaɓi wurin da kake son gyarawa kuma zaɓi gyara daga menu na dama, kamar yadda aka nuna a hoton da ke ƙasa.

# nmtui-edit

Da zarar kun kasance cikin mahallin hoto wanda nmtui utility ke bayarwa zaku iya saita saitunan cibiyar sadarwar IP kamar yadda aka kwatanta a hoton da ke ƙasa. Lokacin da kuka gama, kewaya zuwa Ok ta amfani da maɓallin [tab] don adana tsarin sai ku bar.

Domin amfani da sabon tsarin sadarwa na cibiyar sadarwa, aiwatar da nmtui-connect umurnin, zaɓi abin dubawa da kake son gudanarwa kuma buga kan Deactivation/Active option to decommission and up the interface with the IP settings, kamar yadda aka gabatar a cikin hotunan kariyar kwamfuta.

# nmtui-connect

Domin duba saitunan mu'amalar cibiyar sadarwa, zaku iya bincika abun cikin fayil ɗin dubawa ko kuna iya ba da umarni na ƙasa.

# ifconfig enp0s3
# ip a
# ping -c2 google.com

Sauran abubuwan amfani masu amfani waɗanda za a iya amfani da su don sarrafa saurin gudu, hanyar haɗin gwiwa ko samun bayanai game da mu'amalar hanyar sadarwar inji sune ethtool da mii-tool.

# ethtool enp0s3
# mii-tool enp0s3

Wani muhimmin al'amari na sadarwar injin ku shine jera duk buɗaɗɗen cibiyoyin sadarwar don ganin irin shirye-shiryen da ke saurare akan waɗanne tashoshin jiragen ruwa da kuma yanayin kafafan hanyoyin sadarwa.

Don jera duk sabar da suka buɗe TCP ko UDP soket a cikin sauraron jihar suna ba da umarni masu zuwa. Koyaya, uwar garken UDP ba zai lissafta kowace jihar soket ba saboda gaskiyar cewa UDP ƙa'idar ce wacce ba ta da alaƙa wacce kawai ke aika fakiti akan hanyar sadarwa kuma baya kafa haɗi.

# netstat -tulpn
# ss -tulpn
# lsof -i4 -6

Sarrafa Ayyuka a cikin CentOS 7

CentOS 7 yana sarrafa daemons ko sabis ta hanyar amfani da systemctl. Domin lissafin duk yanayin sabis, ba da umarni mai zuwa.

# systemctl list-units

Don bincika idan an kunna daemon ko sabis don farawa ta atomatik lokacin da tsarin ya fara, ba da umarni mai zuwa.

# systemctl list-unit-files -t service

Don lissafin tsoffin ayyukan SysV da ke cikin tsarin ku kuma kashe su suna ba da umarnin chkconfig masu zuwa.

# chkconfig --list
# chkconfig service_name off

5. Kashe ayyukan da ba'a so a cikin CentOS 7

Ana ba da shawarar bayan shigar da CentOS 7, don lissafta sabis ɗin da ke gudana a cikin tsarin ta hanyar aiwatar da umarnin da ke sama kuma a kashe da cire su don rage ɓangarorin hare-hare akan tsarin ku.

Misali, an shigar da Postfix daemon kuma an kunna shi ta tsohuwa a cikin CentOS 7. Idan tsarin ku baya buƙatar gudanar da sabar wasiƙa, yana da kyau a dakatar, musaki da cire sabis ɗin postfix ta hanyar ba da umarnin da ke ƙasa.

# systemctl stop postfix
# systemctl disable postfix
# yum remove postfix

Baya ga umarni na sama ko pstree don ganowa da gano abin da ayyukan da ba a so ke gudana a cikin na'urar ku kuma kashe ko cire su.

Ta hanyar tsoho, ba a shigar da kayan aikin pstree a cikin CentOS 7. Don shigar da shi aiwatar da umarni mai zuwa.

# yum install psmisc
# pstree -p

Kunna Firewall a cikin CentOs 7

Firewalld shine babban kayan aikin Tacewar zaɓi wanda ke amfani da hulɗa tare da don sarrafa ka'idodin iptables.
Don kunnawa da farawa da tabbatar da Tacewar zaɓi a cikin CentOS 7, aiwatar da umarni masu zuwa.

# systemctl enable firewalld
# systemctl start firewalld
# systemctl status firewalld

Domin buɗe takamaiman sabis ɗin zuwa haɗin kai, da farko tabbatar idan aikace-aikacen ya riga ya kasance a cikin dokokin wuta sannan, ƙara ƙa'idar sabis ɗin, kamar yadda aka nuna a cikin misalin da ke ƙasa wanda ke ba da damar haɗin shiga SSH. Yi amfani da canjin -- dindindin don ƙara ƙa'idar har abada.

# firewall-cmd --add-service=[tab]  #List services
# firewall-cmd --add-service=ssh
# firewall-cmd --add-service=ssh --permanent

Idan har yanzu an riga an ayyana sabis ɗin a cikin dokokin wuta, zaku iya ƙara tashar sabis da hannu, kamar yadda aka nuna a cikin misalin ƙasa.

# firewall-cmd --add-port=22/tcp --permanent
# firewall-cmd --reload     #Apply the rule on-fly

Kunna Izinin Sudo akan Asusun Mai Amfani

Domin ba da izini tushen ga mai amfani na yau da kullun, da farko ƙirƙirar mai amfani ta hanyar ba da umarnin adduser, saita kalmar wucewa don mai amfani kuma ba da izini tushen ga mai amfani ta aiwatar da umarnin da ke ƙasa wanda ke ƙara sabon mai amfani zuwa rukunin dabaran gudanarwa.

# adduser tecmint
# passwd tecmint
# usermod -aG wheel tecmint

Don gwada idan sabon mai amfani yana da tushen gata, shiga cikin tsarin tare da bayanan mai amfani kuma gudanar da yum umarni tare da izinin sudo, kamar yadda aka nuna a cikin sashin ƙasa.

# su - tecmint
# sudo yum update

Saita Tabbatar da Maɓallin Jama'a na SSH akan CentOS 7

Domin tabbatar da SSH uwar garken ku kuma saita ingantaccen maɓalli na jama'a don ƙara tsaro na uwar garken ku tare da maɓalli na SSH mai zaman kansa don shiga, fara ƙirƙirar SSH Key Pair tare da umarni mai zuwa.

Kar a shigar da kalmar wucewa idan kuna son sarrafa sarrafa uwar garken ta hanyar SSH.

# ssh-keygen -t RSA

Bayan an ƙirƙiro nau'ikan maɓallan SSH, kwafi maɓallin zuwa uwar garken da kake son haɗawa da shi ta hanyar ba da umarnin da ke ƙasa. Da farko, shigar da kalmar sirrin mai amfani ta SSH mai nisa domin kwafi maɓallin jama'a.

# ssh-copy-id [email _SERVER_IP

Bayan an kwafi maɓallin jama'a na SSH zuwa uwar garken nesa, shiga cikin uwar garken SSH mai nisa tare da umarni mai zuwa.

# ssh [email _SERVER_IP

A ƙarshe, don tabbatar da uwar garken SSH, tabbatar cewa kun hana damar SSH mai nisa zuwa tushen asusun ta buɗe fayil ɗin SSH na daidaitawa /etc/ssh/sshd_config tare da editan rubutun ku azaman tushen kuma canza shi daga Ee zuwa A'a .

PermitRootLogin no

Don amfani da saitin kuna buƙatar sake kunna sabis na SSH ta yadda zai yi amfani da sabon saitin.

# systemctl restart sshd

Shi ke nan! Waɗannan wasu ƙananan saitunan asali ne da umarni kowane mai gudanar da tsarin yana buƙatar sani da amfani akan sabon tsarin CentOS da aka shigar ko don yin ayyuka na yau da kullun akan tsarin.

Don kiyayewa da taurare uwar garken CentOS 7, duba waɗannan labarai masu zuwa.

1. Jagorar Mega Zuwa Harden da Amintacce CentOS 7 - Part 1
2. Jagorar Mega Zuwa Harden da Amintaccen CentOS 7 - Kashi na 2

Idan kuna shirin tura gidajen yanar gizo akan wannan tsarin CentOS 7, koyi yadda ake saitawa da daidaita tarin LEMP.