跳到主要內容

CentOS環境設定

修改開機為文字模式

vi /etc/inittab
id:3:initdefault:

更改hostname

vi /etc/hosts
vi /etc/sysconfig/network
hostname fw

限制root不能用ssh登入

vi /etc/ssh/sshd_config
PermitRootLogin no
最後一行加入
AllowUsers username
重新啟動sshd
service sshd restart

限制來源IP使用ssh


vi /etc/hosts.deny
sshd: ALL
僅允許 192.168.1.* 與 1.2.3.4 連線
vi /etc/hosts.allow
sshd: 192.168.1 1.2.3.4

限制只有特定user可以su

vi /etc/pam.d/su
把以下此行前面的#號刪掉
auth required pam_wheel.so use_uid
把想要可以su的帳號加入wheel群組
usermod -G wheel username
標籤:

這個網誌中的熱門文章

CactiEZ Default Login Information

To login to the OS (you will want to change this) user: root pass: CactiEZ To login to cacti (it prompts to change this) user: admin pass: admin Get to webmin at (requires the root user / pass) https://serverip:10000/ To configure ntop (you will want to change this) user: admin pass: CactiEZ To configure nagios user: nagiosadmin pass: CactiEZ #vi /etc/sysconfig/clock # 修改 ZONE="Asia/Taipei"
閱讀完整內容

CentOS 7 firewall nat

開啟ip forward vi /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p 增加firewall policy firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth_ext -j MASQUERADE firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_int -o eth_ext -j ACCEPT firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_ext -o eth_int -m state --state RELATED,ESTABLISHED -j ACCEPT firewall-cmd --runtime-to-permanent
閱讀完整內容