Saitin Sabis na Farko tare da CentOS/RHEL 8
A cikin wannan labarin, zamu bi ku ta hanyar matakan farko da kuke buƙatar amfani da su bayan girka ƙaramar uwar garken CentOS/RHEL 8 ba tare da wani mahalli mai zane ba don dawo da bayanan game da tsarin da aka sanya, kayan aikin da ke kan sabar. yana gudana kuma yana daidaita wasu takamaiman ayyukan tsarin, kamar sabunta tsarin, sadarwar, gata ta asali, saita ssh, sarrafa ayyuka, da sauransu.
- Jagorar Shigar da CentOS 8
- RHEL 8 Minananan Shigowa
- A kunna Biyan RHEL a cikin RHEL 8
Mahimmanci: Dole ne ku sami Sabis ɗin Biyan Kuɗi na Red Hat da aka kunna akan sabarku ta RHEL 8 don yin ɗaukaka tsarin da shigarwar software.
Mataki na 1: Sabunta Software Software
Da farko, shiga cikin sabarku a matsayin mai amfani da tushen kuma gudanar da waɗannan umarni don sabunta tsarin tare da sabuwar kernel, facin tsaro na tsarin, wuraren ajiyar software, da fakiti.
# dnf check-update # dnf update
Da zarar tsarin haɓaka software ya ƙare, don sakin sararin faifai za ku iya share duk fakitin kayan aikin da aka sauke tare da duk bayanan adana bayanai ta hanyar gudanar da wannan umarnin.
# dnf clean all
Mataki 2: Shigar da Kayan Gudanar da System
Wadannan abubuwan amfani na tsarin na iya zama masu matukar amfani ga ayyukan gudanarwa na yau da kullun: kammala bash (layin umarni ba tare da cikawa ba).
# dnf install nano vim wget curl net-tools lsof bash-completion
Mataki 3: Saita Sunan mai masauki da Sadarwa
A cikin CentOS/RHEL 8, akwai wadatattun kayan aikin da aka haɗa a cikin rumbun adana bayanan waɗanda suka yi amfani da su don daidaitawa da sarrafa sadarwar, daga sauya fayilolin sanyi na hanyar sadarwa ta hanyar amfani da umarni kamar nmtui.
Amfani mafi sauki da sabuwar shiga zata iya amfani dashi don daidaitawa da sarrafa abubuwan daidaitawa na hanyar sadarwa kamar saita sunan mai masaukin sadarwa da saita adireshin IP tsaye yana amfani da nmtui mai amfani da layin umarni.
Domin saita ko sauya sunan sunan mai amfani da tsarin gudanar da umarni mai nmtui-hostname, wanda zai baka damar shigar da sunan mashin din ka kuma latsa OK ya gama, kamar yadda aka nuna a hoton da ke kasa.
# nmtui-hostname
Don saita hanyar sadarwar hanyar sadarwa, gudanar da umarnin nmtui-edit mai zuwa, wanda zai baka damar zaban hanyar da kake son saitawa daga menu kamar yadda aka nuna a hoton da ke kasa.
# nmtui-edit
Da zarar ka latsa maɓallin Shirya, zai faɗakar da kai ka saita saitunan IP na hanyar sadarwa kamar yadda aka nuna a cikin hoton ƙasa. Lokacin da ka gama, kewaya zuwa Ok ta amfani da [tab] mabuɗin don adana sanyi kuma ku daina.
Da zarar kun gama tare da daidaitawar cibiyar sadarwa, kuna buƙatar gudanar da umarni mai zuwa don amfani da sabon saitunan cibiyar sadarwa ta hanyar zaɓar keɓaɓɓiyar hanyar da kuke son sarrafawa da bugawa a kan Zaɓin Kashewa/Kunnawa don ƙaddamarwa da kuma kawo yanayin tare da saitunan IP, kamar yadda aka gabatar a cikin hoton da ke ƙasa.
# nmtui-connect
Domin tabbatar da saitunan sanyi na hanyar sadarwar, zaku iya bincika abubuwan cikin fayil ɗin ke dubawa ko zaku iya ba da umarnin ƙasa.
# ifconfig enp0s3 # ip a # ping -c2 google.com
Hakanan zaka iya amfani da sauran kayan amfani na hanyar sadarwa masu amfani kamar ethtool da mii-kayan aiki don bincika saurin haɗin yanar gizo, matsayin hanyar haɗin yanar gizo da samun bayanai game da musaya tsakanin hanyoyin sadarwa.
# ethtool enp0s3 # mii-tool enp0s3
Wani muhimmin al'amari game da sadarwar injin ka, yana da mahimmanci a lissafa duk fayilolin da aka buɗe ta hanyar aiwatarwa.
# netstat -tulpn # ss -tulpn # lsof -i4 -6
Mataki na 4: Createirƙiri Sabon Asusun Mai amfani
Yana da kyau koyaushe a sami mai amfani na al'ada tare da tushen izini don yin ayyukan gudanarwa lokacin da ake buƙata. Domin sanya gatan tushen akan mai amfani na yau da kullun, da farko, ƙirƙirar mai amfani tare da umarnin useradd, saita kalmar wucewa kuma ƙara mai amfani ga rukunin motar gudanarwa.
# useradd ravisaive # passwd ravisaive # usermod -aG wheel ravisaive
Don tabbatar da cewa sabon mai amfani yana da gata na tushen, shiga cikin tsarin tare da takardun shaidarka na mai amfani kuma gudanar da umarnin dnf tare da izinin Sudo kamar yadda aka nuna.
# su - ravisaive # sudo dnf update
Mataki 5: Saita Shiga kalmar wucewa ta SSH akan CentOS 8
Domin karawa uwar garkenka tsaro, saita ingantaccen kalmar sirri ta SSH ga sabon mai amfani da ita ta hanyar samar da maɓallin SSH - wanda ya ƙunshi maɓallin jama'a da na sirri, amma kuna buƙatar ƙirƙirar ɗaya. Wannan zai kara tsaron sabarku ta hanyar bukatar maballin SSH mai zaman kansa don haduwa da tsarin.
# su - ravisaive $ ssh-keygen -t RSA
Da zarar an kirkiro madannin, zai tambayeka ka shigar da maimaitawar kalmar domin amintar da mabuɗin masu zaman kansu. Kuna iya shigar da cikakkiyar ma'anar kalmar wucewa ko zaɓi barin barin ma'anar kalmar fanko idan kuna son sanya aikin atomatik ta hanyar amfani da sabar SSH
Da zarar an ƙirƙiri mabuɗin SSH, kuna buƙatar kwafin maɓallan maɓallin jama'a da aka ƙirƙira zuwa sabar nesa ta hanyar gudanar da umarnin ssh-copy-id tare da sunan mai amfani da adireshin IP na uwar garken nesa kamar yadda aka nuna.
$ ssh-copy-id [email
Da zarar an kwafe maɓallin SSH, yanzu kuna iya ƙoƙarin shiga cikin sabar Linux ta nesa ta amfani da maɓallin keɓaɓɓe azaman hanyar tabbatarwa. Ya kamata ku sami damar shiga ta atomatik ba tare da uwar garken SSH ba neman kalmar sirri.
Mataki na 6: Tabbatar da Shiga Hanyar Nesa
Anan, za mu amintar da sabar mu ta hanyar ƙara kashe damar SSH zuwa asusun asali a cikin fayil ɗin daidaitawar SSH.
# vi /etc/ssh/sshd_config
Nemo layin da yake faɗi #PermitRootLogin a , ba damuwa layin ta hanyar share # daga farkon layin kuma gyara layin zuwa.
PermitRootLogin no
Bayan haka, sake farawa da sabar SSH don amfani da sababbin canje-canje kwanan nan.
# systemctl restart sshd
Yanzu tabbatar da daidaitawar ta hanyar ƙoƙarin shiga azaman asusu na tushen, zaku sami damar Kuskuren izinin izini na SSH kamar yadda aka nuna.
# ssh [email
Akwai yanayin da zaku so cire haɗin duk haɗin SSH na nesa ta atomatik zuwa sabarku bayan wani lokacin rashin aiki.
Mataki 7: Sanya Firewall akan CentOS 8
A cikin CentOS/RHEL 8, Tacewar zaɓi ta asali ita ce Firewalld, wanda ake amfani da shi don sarrafa ƙa'idodin iptables a kan sabar. Don kunnawa da fara sabis ɗin wuta a kan sabar, gudanar da waɗannan umarnin.
# systemctl enable firewalld # systemctl start firewalld # systemctl status firewalld
Don buɗe haɗin haɗin shiga zuwa takamaiman sabis (SSH), da farko, kuna buƙatar tabbatar da cewa sabis ɗin yana cikin dokokin wuta sannan kuma, ƙara ƙa'idar sabis ɗin ta ƙara --permanent canza zuwa umarni kamar yadda aka nuna.
# firewall-cmd --add-service=[tab] #List services # firewall-cmd --add-service=ssh # firewall-cmd --add-service=ssh --permanent
Idan ana son bude hanyoyin sadarwa masu shigowa zuwa wasu ayyukan sadarwar kamar HTTP ko SMTP, kawai a kara dokokin kamar yadda aka nuna ta hanyar tantance sunan aikin.
# firewall-cmd --permanent --add-service=http # firewall-cmd --permanent --add-service=https # firewall-cmd --permanent --add-service=smtp
Don duba duk dokokin Tacewar zaɓi a kan sabar, gudanar da umarnin mai zuwa.
# firewall-cmd --permanent --list-all
Mataki 8: Cire Sabis ɗin da Ba A So A cikin CentOS 8
An ba da shawarar sosai bayan shigar da sabon sabobin CentOS/RHEL 8, kuna buƙatar cirewa da musaki ayyukan da ba a buƙata da ke gudana ta tsohuwa a kan sabar don rage hare-hare a kan sabar.
Don jera duk ayyukan sadarwar da ke gudana ciki har da TCP da UDP akan sabar, gudanar da umarnin netstat kamar yadda aka nuna a misalin da ke ƙasa.
# ss -tulpn OR # netstat -tulpn
Umurnin da ke sama zai lissafa wasu ayyuka masu ban sha'awa wadanda ke gudana ta tsoho a kan sabar, kamar sabar gidan wasikun Postfix. Idan baku shirya karbar bakuncin tsarin wasiku akan saba ba, dole ne ku tsaya ku cire shi daga tsarin kamar yadda aka nuna.
# systemctl stop postfix # systemctl disable postfix # dnf remove postfix
Toari da umarni na sama ko na pstree don ganowa da gano duk ayyukan da ba'a so da cire su daga tsarin.
# dnf install psmisc # pstree -p
Mataki 9: Sarrafa Ayyuka a cikin CentOS 8
A cikin CentOS/RHEL 8, ana gudanar da dukkan sabis da ɗamarar ta hanyar umarnin systemctl, kuma zaku iya amfani da wannan umarnin don lissafa duk ayyukan aiki, gudu, fita ko waɗanda suka gaza.
# systemctl list-units
Don bincika idan daemon ko sabis aka kunna ta atomatik yayin fara tsarin, ba da umarnin mai zuwa.
# systemctl list-unit-files -t service
Don ƙarin koyo game da umarnin systemctl, karanta labarinmu wanda yayi bayani - Yadda ake Sarrafa Ayyuka Ta amfani da 'Systemctl' a cikin Linux.
Shi ke nan! A cikin wannan labarin, munyi bayani game da wasu saitunan asali kuma muka umarci kowane mai gudanar da tsarin Linux ya buƙaci sani da amfani dashi akan sabon tsarin CentOS/RHEL 8 da aka girka ko don aiwatar da ayyukan yau da kullun akan tsarin.