CentOS
1. 설치 파일(.iso) 실행
- 언어 선택
: 한국어
- SW 선택
: 기본웹서버 선택 -> 호환성 라이브러리, 개발용 도구 선택
: 원하는 경우 웹서버
- 파티션 선택
: 보통 /boot 512MiB, /swap 4GiB(4096MiB) - 12GB이하일때, / 나머지 전부로 설정
: swap 제외 ext4로 설정
: 추가 하드 디스크가 있는 경우 설치 완료 후 작업
: 변경사항 적용으로 마무리
- 설치시작 후 리부팅
: ROOT 암호 설정
: 설치 완료 후 리부팅
2. NETWORK 설정
- 로그인
: ROOT계정으로 로그인
- IP 설정
: 연결된(UP) 네트워크 확인
ip link
: 네트워크 설정
vi /etc/sysconfig/network-scripts/ifcfg-장치명
========================================================================
BOOTPROTO=static 값 변경
ONBOOT=yes 값 변경
IPADDR=IP주소 입력
GATEWAY=게이트웨이 주소 입력
NETMASK=넷마스크 입력
DNS1=164.124.101.2 또는 168.126.63.1
DNS2=8.8.8.8
========================================================================
service network restart
systemctl restart NetworkManager
ifconfig
: 변경된 정보 확인
ping 8.8.8.8
: 외부 핑 테스트
ping DNS Address
: DNS 핑 테스트
[ CentOS 8(Rocky Linux) 네트워크 연결 방법]
nmcli dev status
nmcli connect up 이더넷이름
========================================================================
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
remi-release
yum install -y https://rpms.remirepo.net/enterprise/remi-release-6.rpm
cd /usr/local/src
wget https://rpms.remirepo.net/enterprise/remi-release-6.rpm
rpm -ivh remi-release-6.rpm
=======================================================================
CentOS7
epel-release
yum update -y curl nss nss-util nspr
yum install -y wget vim epel-release
yum upgrade
CentOS8
epel-release
yum update -y curl nss nss-util nspr
yum install -y wget vim
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
remi-release
yum install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
cd /usr/local/src
wget https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf install -y rocky-release
yum update -y
## Rocky 8 repo 활성화
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-Extras.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-HighAvailability.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-NFV.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-Plus.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-PowerTools.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-RT.repo
sed s/enabled=0/enabled=1/g -i /etc/yum.repos.d/Rocky-ResilientStorage.repo
========================================================================
3. 커널 업데이트
yum update -y
오류 나면 yum clean all
yum groupinstall base
: 중간 중간 y 선택
yum install -y wget vim
vi /etc/bashrc
========================================================================
========================================================================
4. 루트 권한 계정 설정
useradd -G wheel 계정명
passwd 계정명
vi /etc/group
: wheel 그룹에 생성한 계정이 포함되어 있는지 확인
vi /etc/pam.d/su
=================================================================
auth required pam_wheel use_uid주석해제
=================================================================
chgrp wheel /bin/su
chmod 4750 /bin/su
5. SSH 설정
- 루트 계정 사용 불가
vi /etc/ssh/sshd_config
=====================================================================
PermitRootLogin yes 주석해제 후 no로 값 변경
=====================================================================
- ssh 테스트
: 루트 계정으로는 접근 불가
: wheel 그룹으로 생성한 계정은 접근 가능
: wheel 그룹 게정으로 로그인 후 su 변환 가능
systemctl restart sshd
service sshd restart
6. IPTABLES 설정
yum install -y iptables-services
systemctl status firewalld
: 기존 방화벽 상태확인
systemctl stop firewalld
systemctl disable firewalld
cp -arp /etc/sysconfig/iptables /etc/sysconfig/iptables_original
or 날짜
vi /etc/sysconfig/iptables
=========================================================================
#Firewall configuration written by system-config-securitylevel
#Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 50001:50005 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
==================================================================
systemctl enable iptables
systemctl restart iptables
systemctl status iptables
7. selinux끄기
vi /etc/sysconfig/selinux
SELINUX=disabled
재부팅
8. FTP(vsftpd) 설정
yum install -y vsftpd
systemctl enable vsftpd
: 리부팅 시 자동 실행
systemctl start vsftpd
: 실행/ch
vi /etc/vsftpd/vsftpd.conf
==================================================================
anonymous_enable=NO
chroot_local_user=YES
allow_writeable_chroot=YES (CentOS 6에서 제외)
#chroot_list_enable=YES (주석을 풀어서 YES로 사용한다면 /etc/vsftpd/chroot_list 에 상위폴더로 갈 수 있는 계정을 넣어준다.)
#chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
listen_ipv6=NO
local_enable=YES
write_enable=YES
userlist_enable=YES
userlist_deny=YES
#userlist_file=/etc/vsftpd/user_list (기본값 = /etc/vsftpd/user_list)
#userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=50001
pasv_max_port=50005
systemctl restart iptables
chkconfig vsftpd on
: 재실행
9. history 시간표시설정
vi /etc/profile
==================================================================
HISTSIZE=100000000
HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] "
==================================================================
아래는 접속했던 IP 가 어떠한 계정으로 로그인해서 history 명령어입력
==================================================================
#history
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
then
USER_IP=`hostname`
fi
HISTSIZE=100000000
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] [${USER_IP}] [${LOGNAME}] "
==================================================================
source /etc/profile
10. 매시간동기화
## CentOS 6 ~ 7
mkdir /root/bin
yum install -y rdate
vi /root/bin/time_sync.sh
==================================================================
#!/bin/bash
rdate -s time.bora.net && date && hwclock -r && hwclock -w > /dev/null 2>&1
exit 0;
==================================================================
chmod 755 /root/bin/time_sync.sh
chown root:root /root/bin/time_sync.sh
vi /etc/crontab
==================================================================
0 * * * * root sh /root/bin/time_sync.sh
==================================================================
systemctl restart crond
systemctl enable crond
## CentOS 8 & Rocky Linux 8 & Alma Linux 8
dnf install -y chrony
vi /etc/chrony.conf
==================================================================
server time.bora.net iburst
server zero.bora.net iburst
==================================================================
systemctl enable chronyd
systemctl restart chronyd
mkdir -p /root/bin
vi /root/bin/time_sync.sh
==================================================================
#!/bin/bash
chronyc sources -v && hwclock -r && hwclock -w && hwclock -v > /dev/null 2>&1
exit 0;
==================================================================
chmod 755 /root/bin/time_sync.sh
chown root:root /root/bin/time_sync.sh
vi /etc/crontab
==================================================================
0 * * * * root sh /root/bin/time_sync.sh
==================================================================
systemctl restart crond
systemctl enable crond
timedatectl
chronyc sources -v
11. APM설치
mysql은 root의 비밀번호는 정해져있다.
12. IKVM 계정생성
DOS USB 부팅 후
cd ipmicfg
ipmicfg.exe -user add 3 일반계정 password 2
ipmicfg.exe -user level 3 4
ipmicfg.exe -user setpwd 3 비밀번호입력
ipmicfg.exe -user list
ctrl+alt+del 리부팅 진행 후 부팅 시작하면 USB 제거
13. 히스토리삭제
cat /dev/null > /root/.bash_history
history -c
14. 추가디스크 포맷 및 자동마운트 설정
fdisk -l
연결한 디스크 디렉토리 파악
fdisk /dev/???
=========================================================================
m
n
p
1
그냥엔터
+500G
사이즈 정하고
w
저장하고 나가기
=========================================================================
포맷
ex) mkfs -t ext4 /dev/sdb1
=========================================================================
blkid로 확인
/dev/sdb1: UUID="????????????????????????????????????" TYPE="ext4"
/dev/sdb2: UUID="????????????????????????????????????" TYPE="ext4"
=========================================================================
blkid >> /etc/fstab
vi /etc/fstab
UUID=??????????????????????????????? /back2 ext4 defaults 0 0
#/dev/sdb1: UUID="????????????????????????????????????" TYPE="ext4"
#/dev/sdb2: UUID="????????????????????????????????????" TYPE="ext4"
=========================================================================
mount -a
또는
GPT 파티션 생성
parted /dev/sdb
===================================================================================
GNU Parted 2.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) help
align-check TYPE N check partition N for TYPE(min|opt) alignment
check NUMBER do a simple check on the file system
cp [FROM-DEVICE] FROM-NUMBER TO-NUMBER copy file system to another partition
help [COMMAND] print general help, or help on COMMAND
mklabel,mktable LABEL-TYPE create a new disklabel (partition table)
mkfs NUMBER FS-TYPE make a FS-TYPE file system on partition NUMBER
mkpart PART-TYPE [FS-TYPE] START END make a partition
mkpartfs PART-TYPE FS-TYPE START END make a partition with a file system
move NUMBER START END move partition NUMBER
name NUMBER NAME name partition NUMBER as NAME
print [devices|free|list,all|NUMBER] display the partition table, available devices, free space, all found
partitions, or a particular partition
quit exit program
rescue START END rescue a lost partition near START and END
resize NUMBER START END resize partition NUMBER and its file system
rm NUMBER delete partition NUMBER
select DEVICE choose the device to edit
set NUMBER FLAG STATE change the FLAG on partition NUMBER
toggle [NUMBER [FLAG]] toggle the state of FLAG on partition NUMBER
unit UNIT set the default unit to UNIT
version display the version number and copyright information of GNU Parted
============================================================================================
(parted) mklabel gpt
============================================================================================
파티션 확인
(parted) print
===========================================================================================
Model: LSI 9750-16i4e DISK (scsi)
Disk /dev/sda: 30.0TB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
===========================================================================================
파티션 설정 단위
(parted) unit TB
파티션 설정 (0-15TB, 15TB-30TB)
===========================================================================================
(parted) mkpart data1 0 15
===========================================================================================
(parted) mkpart data2 15 30
===========================================================================================
※ "%" 설정도 가능함
(parted) mkpart data1 0 50%
(parted) mkpart data2 50% 100%
===========================================================================================
파티션 확인
(parted) print
Model: LSI 9750-16i4e DISK (scsi)
Disk /dev/sda: 30.0TB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 1049kB 15.0TB 15.0TB ext4 data1
2 15.0TB 30.0TB 15.0TB ext4 data2
'LinuxOS > Linux-CentOS' 카테고리의 다른 글
| CentOS 6 -> CentOS7로 OS 업그레이드(repo 이용) (0) | 2021.03.14 |
|---|---|
| Let’s encrypt 사용 방법 변경 (0) | 2021.03.04 |
| CentOS 7 웹 방화벽 설치 (0) | 2020.10.30 |
| CentOS6 설치 (0) | 2020.10.28 |
| CentOS8 부터 Network 명령어 달라진점 (0) | 2020.10.26 |
