Saitin Sabar Farko da Tsare-tsare akan RHEL 7
A cikin wannan koyawa za mu tattauna matakan daidaitawa na farko da kuke buƙatar kulawa bayan sabon shigarwa na Red Hat Enterprise Linux 7 akan sabar karfe mara amfani ko akan Sabar Mai Zaman Kanta.
- RHEL 7 Karamin Shigarwa
Muhimmi: Masu amfani da CentOS 7, na iya bin wannan labarin don yin Saitin Sabar Farko akan CentOS 7.
Sabunta tsarin RHEL 7
A mataki na farko shiga cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa na RHEL tare da asusu tare da tushen gata ko kai tsaye azaman tushen kuma gudanar da umarnin da ke ƙasa don cikakken sabunta abubuwan tsarin ku, kamar fakitin da aka shigar, kernel ko amfani da wasu facin tsaro.
# yum check-update # yum update
Domin cire duk fakitin da aka zazzage cikin gida da sauran cache na YUM masu alaƙa, aiwatar da umarnin da ke ƙasa.
# yum clean all
Shigar da Abubuwan Utilities akan RHEL 7
Waɗannan abubuwan amfani masu zuwa na iya tabbatar da cewa suna da amfani don gudanar da tsarin yau da kullun: nano (editan rubutu don maye gurbin lsof (kayan aiki don gudanar da sadarwar gida) da bash-complete (layin umarni autocomplete).
Sanya su duka a cikin harbi ɗaya ta aiwatar da umarnin da ke ƙasa.
# yum install nano wget curl net-tools lsof bash-completion
Saita hanyar sadarwa a cikin RHEL 7
RHEL 7 yana da nau'ikan kayan aiki masu yawa waɗanda za a iya amfani da su don daidaitawa da sarrafa hanyar sadarwa, daga gyara fayil ɗin daidaitawar hanyar sadarwa da hannu zuwa yin amfani da umarni kamar nmcli ko hanya.
Mafi sauƙi mai amfani mai farawa zai iya amfani da shi don sarrafawa da canza saitunan cibiyar sadarwa shine layin umarni na hoto nmtui.
Domin canza sunan mai masaukin tsarin ta hanyar nmtui utility, aiwatar da umarnin nmtui-hostname, saita sunan mai masaukin injin ku kuma danna Ok don gamawa, kamar yadda aka kwatanta a hoton da ke ƙasa.
# nmtui-hostname
Don sarrafa hanyar sadarwa ta hanyar sadarwa, aiwatar da umarnin nmtui-edit, zaɓi wurin da kake son gyarawa kuma zaɓi gyara daga menu na dama, kamar yadda aka nuna a hoton da ke ƙasa.
Da zarar kun kasance cikin mahallin hoto wanda nmtui utility ke bayarwa zaku iya saita saitunan cibiyar sadarwar IP kamar yadda aka kwatanta a hoton da ke ƙasa. Lokacin da kuka gama, kewaya zuwa Ok ta amfani da maɓallin [tab] don adana tsarin sai ku bar.
Domin amfani da sabon tsarin sadarwa na cibiyar sadarwa, aiwatar da nmtui-connect umurnin, zaɓi abin dubawa da kake son gudanarwa kuma buga kan Deactivation/Active option to decommission and up the interface with the IP settings, kamar yadda aka gabatar a cikin hotunan kariyar kwamfuta.
# nmtui-connect
Domin duba saitunan mu'amalar cibiyar sadarwa, zaku iya bincika abun cikin fayil ɗin dubawa ko kuna iya ba da umarni na ƙasa.
# ifconfig enp0s3 # ip a # ping -c2 google.com
Sauran abubuwan amfani masu amfani waɗanda za a iya amfani da su don sarrafa saurin gudu, hanyar haɗin gwiwa ko samun bayanai game da mu'amalar hanyar sadarwar inji sune ethtool da mii-tool.
# ethtool enp0s3 # mii-tool enp0s3
Ƙirƙiri Sabon Asusun Mai amfani
A mataki na gaba, yayin shiga azaman tushen sabar ku, ƙirƙirar sabon mai amfani tare da umarnin da ke ƙasa. Za a yi amfani da wannan mai amfani daga baya don shiga cikin tsarin ku da yin ayyukan gudanarwa.
# adduser tecmint_user
Bayan kun ƙara mai amfani ta amfani da umarnin da ke sama, saita kalmar sirri mai ƙarfi don wannan mai amfani ta hanyar ba da umarnin da ke ƙasa.
# passwd tecmint_user
A cikin yanayin da kake son tilasta wa wannan sabon mai amfani ya canza kalmar sirrinsa a farkon yunƙurin shiga, aiwatar da umarnin da ke ƙasa.
# chage -d0 tecmint_user
Wannan sabon asusun mai amfani tare da shi yana da gatan asusu na yau da kullun a yanzu kuma ba zai iya yin ayyukan gudanarwa ta hanyar umarnin sudo.
Don guje wa amfani da tushen asusun don aiwatar da gata na gudanarwa, baiwa wannan sabon mai amfani da gata na gudanarwa ta ƙara mai amfani zuwa rukunin tsarin wheel.
Ana ba da izinin masu amfani da ke cikin rukunin “wheel”, ta tsohuwa a cikin RHEL, don gudanar da umarni tare da gata na tushen ta amfani da sudo mai amfani kafin rubuta umarnin da ake buƙata don aiwatarwa.
Misali, don ƙara mai amfani \tecmint_user zuwa rukunin wheel, aiwatar da umarnin da ke ƙasa.
# usermod -aG wheel tecmint_user
Bayan haka, shiga cikin tsarin tare da sabon mai amfani kuma kuyi ƙoƙarin sabunta tsarin ta hanyar 'sudo yum update' umarni don gwada idan mai amfani yana da ikon tushen tushen.
# su - tecmint_user $ sudo yum update
Saita Tabbatar da Maɓallin Jama'a na SSH akan RHEL 7
A mataki na gaba don ƙara tsaro na RHEL ɗinku, saita ingantaccen maɓalli na jama'a na SSH don sabon mai amfani. Domin samar da Maɓallin Maɓalli na SSH, maɓalli na jama'a da na sirri, aiwatar da umarni mai zuwa a na'ura mai kwakwalwa ta uwar garke. Tabbatar cewa kun shiga cikin tsarin tare da mai amfani da kuke saita maɓallin SSH.
# su - tecmint_user $ ssh-keygen -t RSA
Yayin da maɓalli ke ƙirƙira, za a sa ka ƙara kalmar wucewa don amintar maɓallin. Kuna iya shigar da kalmar wucewa mai ƙarfi ko zaɓi barin kalmar wucewa babu komai idan kuna son sarrafa ayyuka ta uwar garken SSH.
Bayan an ƙirƙiro maɓallin SSH, kwafi biyun maɓallin jama'a zuwa uwar garken nesa ta aiwatar da umarnin da ke ƙasa. Don shigar da maɓallin jama'a zuwa uwar garken SSH mai nisa kuna buƙatar asusun mai amfani wanda ke da takaddun shaida don shiga wannan sabar.
$ ssh-copy-id [email
Yanzu ya kamata ku yi ƙoƙarin shiga ta hanyar SSH zuwa uwar garken nesa ta amfani da maɓallin keɓaɓɓen azaman hanyar tantancewa. Ya kamata ku sami damar shiga ta atomatik ba tare da sabar SSH ta nemi kalmar sirri ba.
$ ssh [email
Don ganin abubuwan da ke cikin maɓallin SSH na jama'a idan kuna son shigar da maɓallin zuwa uwar garken SSH mai nisa da hannu, ba da umarni mai zuwa.
$ cat ~/.ssh/id_rsa
Amintaccen SSH akan RHEL 7
Domin kiyaye SSH daemon kuma hana SSH damar shiga tushen asusun ta kalmar sirri ko maɓalli, buɗe babban fayil ɗin uwar garken SSH kuma yi canje-canje masu zuwa.
$ sudo vi /etc/ssh/sshd_config
Nemo layin #PermitRootLogin eh, rashin jin daɗin layin ta hanyar cire alamar # (hashtag) daga farkon layin kuma gyara layin don yin kama da wanda aka nuna a cikin sashin ƙasa.
PermitRootLogin no
Bayan haka, sake kunna uwar garken SSH don amfani da sababbin saitunan kuma gwada tsarin ta ƙoƙarin shiga wannan uwar garke tare da asusun tushen. Ya kamata a iyakance damar yin amfani da tushen asusun ta hanyar SSH a yanzu.
$ sudo systemctl restart sshd
Akwai yanayi inda zaku so cire haɗin duk haɗin SSH mai nisa zuwa uwar garken ku ta atomatik bayan lokacin rashin aiki.
Domin kunna wannan fasalin a faɗin tsarin, aiwatar da umarnin da ke ƙasa, wanda ke ƙara madaidaicin TMOUT bash zuwa babban fayil ɗin bashrc kuma yana tilasta kowane haɗin SSH ya katse ko fita bayan mintuna 5 na rashin aiki.
$ su -c 'echo "TMOUT=300" >> /etc/bashrc'
Gudun umarnin wutsiya don bincika idan an ƙara mai canzawa daidai a ƙarshen /etc/bashrc fayil. Duk haɗin SSH na gaba za a rufe ta atomatik bayan mintuna 5 na rashin aiki daga yanzu.
$ tail /etc/bashrc
A cikin hoton da ke ƙasa, zaman SSH mai nisa daga injin drupal zuwa uwar garken RHEL ya kasance ta atomatik bayan mintuna 5.
Sanya Firewall akan RHEL 7
A mataki na gaba sai a saita Tacewar zaɓi don ƙara tabbatar da tsarin a matakin cibiyar sadarwa. RHEL 7 tare da aikace-aikacen Firewalld don sarrafa ka'idodin iptables akan sabar.
Da farko, tabbatar da Tacewar zaɓi yana gudana a cikin tsarin ku ta hanyar ba da umarnin da ke ƙasa. Idan an dakatar da Firewalld daemon ya kamata ku fara shi da umarni mai zuwa.
$ sudo systemctl status firewalld $ sudo systemctl start firewalld $ sudo systemctl enable firewalld
Da zarar an kunna Tacewar zaɓi kuma yana aiki a cikin tsarin ku, zaku iya amfani da mai amfani da layin umarni Firewall-cmd don saita bayanan manufofin Tacewar zaɓi kuma ba da damar zirga-zirga zuwa wasu takamaiman tashoshin cibiyar sadarwa, kamar SSH daemon, haɗin da aka yi zuwa sabar gidan yanar gizo na ciki ko wasu. ayyukan cibiyar sadarwa masu alaƙa.
Domin a yanzu muna gudanar da daemon SSH a cikin uwar garken mu, za mu iya daidaita manufofin Tacewar zaɓi don ba da damar zirga-zirgar tashar sabis na SSH ta hanyar ba da umarni mai zuwa.
$ sudo firewall-cmd --add-service=ssh --permanent $ sudo firewall-cmd --reload
Don ƙara ƙa'idar Tacewar zaɓi akan tashi, ba tare da amfani da ƙa'idar lokaci na gaba da aka fara uwar garken ba, yi amfani da tsarin umarni na ƙasa.
$ sudo firewall-cmd --add-service=sshd
Idan kun shigar da wasu ayyukan cibiyar sadarwa a cikin uwar garken ku, kamar sabar HTTP, sabar wasiku ko wasu ayyukan cibiyar sadarwa, zaku iya ƙara ƙa'idodi don ba da damar takamaiman haɗin kai kamar haka.
$ sudo firewall-cmd --permanent --add-service=http $ sudo firewall-cmd --permanent --add-service=https $ sudo firewall-cmd --permanent --add-service=smtp
Don jera duk dokokin Tacewar zaɓi gudanar da umarnin da ke ƙasa.
$ sudo firewall-cmd --permanent --list-all
Cire Ayyukan da Ba a Bukata ba a cikin RHEL 7
Domin samun jerin duk ayyukan cibiyar sadarwa (TCP da UDP) da ke gudana a cikin uwar garken RHEL ta tsohuwa, ba da umarnin ss, kamar yadda aka kwatanta a cikin samfurin ƙasa.
$ sudo ss -tulpn
Umurnin ss zai bayyana wasu ayyuka masu ban sha'awa waɗanda aka fara kuma suna gudana ta tsohuwa a cikin tsarin ku, kamar sabis na Masterfix na Postfix da uwar garken da ke da alhakin tsarin NTP.
Idan ba kwa shirin saita wannan uwar garken sabar saƙon saƙo, yakamata ku daina, kashewa kuma cire daemon Postfix ta hanyar ba da umarni na ƙasa.
$ sudo systemctl stop postfix.service $ sudo yum remove postfix
Kwanan nan, an sami rahoton wasu munanan hare-haren DDOS akan ka'idar NTP. Idan ba kwa shirin saita sabar RHEL ɗin ku don aiki azaman sabar NTP don abokan ciniki na ciki su daidaita lokaci tare da wannan uwar garken, yakamata ku kashe gaba ɗaya kuma cire Chrony daemon ta hanyar ba da umarnin da ke ƙasa.
$ sudo systemctl stop chronyd.service $ sudo yum remove chrony
Bugu da ƙari, gudanar da umarnin ss don gano idan wasu ayyukan cibiyar sadarwa suna gudana a cikin tsarin ku kuma kashe su cire su.
$ sudo ss -tulpn
Domin samar da daidaitaccen lokacin uwar garken ku da kuma daidaita lokaci tare da sabar takwarorin lokaci na sama, zaku iya shigar da kayan aikin ntpdate da lokacin daidaitawa tare da sabar NTP ta jama'a, ta aiwatar da waɗannan umarni na ƙasa.
$ sudo yum install ntpdate $ sudo ntpdate 0.uk.pool.ntp.org
Don sarrafa lokacin ntpdate aiki tare da umarnin da za a aiwatar kowace rana ba tare da wani sa hannun mai amfani ba, tsara sabon aikin crontab don gudana da tsakar dare tare da abun ciki mai zuwa.
$ sudo crontab -e
Fayil na Crontab:
@daily /usr/sbin/ntpdate 0.uk.pool.ntp.org
Shi ke nan! Yanzu, an shirya uwar garken RHEL don shigar da ƙarin software da ake buƙata don sabis na cibiyar sadarwa na al'ada ko aikace-aikace, kamar shigarwa da daidaita sabar yanar gizo, sabar bayanai, sabis na raba fayil ko wasu takamaiman aikace-aikace.
Don ƙara tsaro da taurare uwar garken RHEL 7, duba waɗannan labarai masu zuwa.
- Jagorar Mega Don Harden da Tabbatar da RHEL 7 - Kashi na 1
- Jagorar Mega Zuwa Harden da Tabbatar da RHEL 7 - Kashi na 2
Idan kuna shirin tura gidajen yanar gizo akan wannan tsarin RHEL 7, koyi yadda ake saitawa da daidaita tarin LEMP.