Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏

12.11. CentOS 6

12.11.1. service

# service nginx
Usage: nginx {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}

# service nginx stop
# service nginx start
# service nginx restart
		
[ ] NetworkManager   自动在多种网络连接中进行转换,如果你的电脑有Wireless WiFi 和 Ethernet多种网络连接类型的话,可以选择开启。
[ ] acpid            (Advanced Configuration and Power Interface)是为替代传统的APM电源管理标准而推出的新型电源管理标准。通常笔记本电脑需要启动电源进行管理。
[*] anacron          自动化运行任务守护进程
[*] atd              自动化运行任务守护进程
[ ] auditd           审核信息,将消息写入控制台以及 audit_warn 电子邮件别名。用于存放内核生成的系统审查记录,这些记录会被一些程序使用。特别是对于SELinux用户来说。
[ ] autofs           自动挂载/卸载文件系统服务,可以自动挂载想访问但还未挂载的文件系统,自动卸载长期不访问的文件系统,自动安装管理进程automount,与NFS 相关,依赖于NIS
[ ] avahi-daemon     Zeroconf service discovery守护进程,Avahi是zeroconf协议的实现。它可以在没有DNS服务的局域网里发现基于zeroconf协议的设备和服务。它跟mDNS一样。除非你有兼容的设备或使用 zeroconf 协议的服务,否则就可以关闭。
[ ] avahi-dnsconfd   /etc/avahi/dnsconf.action脚本守护进程
[ ] bluetooth        蓝牙
[ ] conman           控制台管理
[ ] cpuspeed         监测系统空闲百分比,降低或加快CPU时钟速度和电压
[*] crond            一个传统的UNIX程序crontab,可以周期地运行用户调度的任务。
[ ] cups             通用UNIX打印守护进程,(Common UNIX Printing System)公共UNIX打印支持,为Linux提供打印功能。 安装打印机时需要的服务。
[ ] dnsmasq          Dns cache server守护进程
[ ] dund             蓝牙拨号网络
[ ] firstboot        安装完之后的用户配置向导,用于第一次设置系统
[ ] gpm              为文本模式下的Linux程序提供鼠标支持、拷贝、粘贴操作、弹出式菜单
[ ] haldaemon        硬件监控系统
[ ] hidd             蓝牙H.I.D.服务器
[ ] httpd            Apache服务器
[ ] ip6tables        防火墙守护进程
[*] iptables         防火墙守护进程
[ ] irda             红外端口守护进程
[*] irqbalance       多系统处理器环境下的系统中断请求进行负载平衡,单CPU无用
[ ] kudzu            硬件自动检测程序,如不增加新硬件,可以关闭
[ ] lvm2-monitor     LVM2 mirror devices守护进程
[ ] mcstrans         SELinux Context Translation System Daemon
[ ] mdmonitor        RAID相关设备的守护程序
[ ] mdmpd            RAID相关设备的守护程序
[*] messagebus       事件监控服务,在必要时向所有用户发送广播信息
[ ] microcode_ctl    可编码以及发送新微代码到内核以更新Intel IA32系列处理器守护进程
[ ] multipathd       Manage device-mapper multipath devices
[ ] netconsole       Initializes network console logging
[ ] netfs            安装和卸载NFS、SAMBA和NCP网络文件系统
[ ] netplugd         服务监控网络界面,根据信号关闭或启动它,用于手提电脑
[*] network          激活已配置网络接口的脚本程序
[ ] nfs              网络文件系统守护进程
[ ] nfslock          NFS文件锁定功能
[ ] nscd             密码与群查找服务
[ ] ntpd             网络时间同步
[ ] oddjobd
[ ] pand             蓝牙个人区域网络
[ ] pcscd            智能卡支持
[ ] portmap          用来支持RPC连接,RPC被用于NFS以及NIS 等服务
[ ] psacct           进程审计守护进程
[ ] rawdevices		 rawdevices	to block devices。Oracle数据库使用
[ ] rdisc            discovers routers守护进程
[ ] readahead_early  开机内存载入优化
[ ] readahead_later  开机内存载入优化
[ ] restorecond      SELinux相关联
[ ] rpcgssd          manages RPCSEC GSS contexts for the NFSv4 server
[ ] rpcidmapd        rpcidmapd for NFSv4 that maps user names to UID and GID nu
[ ] rpcsvcgssd       rpcsvcgssd manages RPCSEC GSS contexts for the NFSv4 server
[ ] saslauthd        使用SASL的认证守护进程
[*] sendmail         邮件服务器sendmail守护进程
[*] smartd           监控硬盘故障
[*] sshd             OpenSSH服务器守护进程
[*] syslog           系统日志
[ ] winbind          用于Samba服务器
[ ] wpa_supplicant   无线设备支持
[ ] xfs              X Window字型服务器守护进程,为本地和远程X服务器提供字型集
[ ] ypbind           为NIS客户机激活ypbind服务进程
[ ] yum-updatesd	 RPM操作系统自动升级和软件包管理守护进程
		

12.11.1.1. chkconfig

chkconfig acpid off
			
[root@development ~]# chkconfig --add mysqld 		[在服务清单中添加mysql服务]
[root@development ~]# chkconfig mysqld on			[设置mysql服务开机启动]
[root@development ~]# chkconfig --list mysqld		[设置mysql启动级别]
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
			
chkconfig --level 3 mysqld on
chkconfig --level 3 mysqld off
			

12.11.2. xinetd.d

# yum -y install xinetd
		

12.11.2.1. tftpd

# yum install -y tftp-server tftp
			

/etc/xinetd.d/tftp

# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = yes
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}
			

disable = yes 改为 disable = no

mkdir /tftpboot
/etc/init.d/xinetd restart
			
atftp-server
# yum install -y atftp-server atftp
				

/etc/xinetd.d/tftp

# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer protocol. The tftp protocol is often used to boot diskless workstations, download configuration files to network-aware printers, and to start the installation process for some operating systems.
service tftp
{
    disable         = no
    socket_type     = dgram
    protocol        = udp
    wait            = yes
    user            = root
    server          = /usr/sbin/in.tftpd
    server_args     = /tftpboot
    per_source      = 11
    cps             = 100 2
    flags           = IPv4
}
				

atftp-server 是一个可以不依赖xinetd的tftp服务器

				

12.11.2.2. rsync

# vim /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#       allows crc checksumming etc.
service rsync
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}

			

12.11.2.3. rshd

/etc/xinetd.d/rsh

# cat  /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
#	consequently, for the rsh(1) program.  The server provides \
#	remote execution facilities with authentication based on \
#	privileged port numbers from trusted hosts.
service shell
{
	socket_type		= stream
	wait			= no
	user			= root
	log_on_success		+= USERID
	log_on_failure 		+= USERID
	server			= /usr/sbin/in.rshd
	disable			= no
}
			

访问权限配置

# cat /etc/hosts.allow
#
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
in.rshd : your.example.com 192.168.0.1
			
# cat /etc/hosts.deny
#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
all : all
			

访问主机设置

# cat ~/.rhosts
your.example.com user
192.168.0.1	user
			

12.11.3. rpcinfo

# rpcinfo -p 192.168.187.75
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    697  status
    100024    1   tcp    700  status
    100011    1   udp    864  rquotad
    100011    2   udp    864  rquotad
    100011    1   tcp    867  rquotad
    100011    2   tcp    867  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   udp  32778  nlockmgr
    100021    3   udp  32778  nlockmgr
    100021    4   udp  32778  nlockmgr
    100021    1   tcp  35837  nlockmgr
    100021    3   tcp  35837  nlockmgr
    100021    4   tcp  35837  nlockmgr
    100005    1   udp    880  mountd
    100005    1   tcp    883  mountd
    100005    2   udp    880  mountd
    100005    2   tcp    883  mountd
    100005    3   udp    880  mountd
    100005    3   tcp    883  mountd
		

12.11.4. SELINUX

禁用SElinux编辑/etc/selinux/config,修改如下内容:

SELINUX=disabled
		

使用命令

getenforce
setenforce 0
		
lokkit --selinux=disabled