CentOS7开局配置记录

记录一下我自己用的CentOS 7的开局配置。

查看CentOS版本，修改主机名、修改时区、升级到最新发行版

cat /etc/redhat-release 
hostnamectl --static set-hostname D2O-VPS
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
yum update

CentOS7默认没有ifconfig nslookup等工具，安装之。用回iptables代替默认的firewalld。

yum install -y bind-utils net-tools htop mlocate initscripts.x86_64 
updatedb
systemctl stop firewalld 
systemctl mask firewalld 
yum install -y iptables-services policycoreutils 
systemctl enable iptables 
systemctl enable ip6tables
systemctl start iptables 
systemctl start ip6tables

关闭selinux

vi /etc/selinux/config
 SELINUX=disabled
 
setenforce 0

修改ssh端口，修改ssh超时自动登出时间，开放ssh防火墙

vi /etc/ssh/sshd_config 
 Port xx22
vi /etc/profile
 export TMOUT=0

iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport xx22 -j ACCEPT
service iptables save

开启iptables转发，开启内核转发，关闭rp_filter。

iptables -I FORWARD -j ACCEPT
service iptables save

vi /etc/sysctl.conf 
 net.ipv4.ip_forward = 1 
 net.ipv6.conf.all.forwarding = 1 
 net.ipv4.conf.default.rp_filter = 0 
 net.ipv4.conf.all.rp_filter = 0
 
sysctl -p

导入epel源，安装htop snmp等常用工具

yum install -y epel-release
yum install -y htop net-snmp

配置snmp

cd ~ 
 mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak 
 vi /etc/snmp/snmpd.conf


 com2sec notConfigUser default d2o
 group notConfigGroup v1 notConfigUser 
 group notConfigGroup v2c notConfigUser

 view systemview included .1.3.6.1.2.1.1 
 view systemview included .1.3.6.1.2.1.25.1.1

 access notConfigGroup "" any noauth exact all none none

 view all included .1 80

 syslocation HongKong 
 syscontact D2O

 dontLogTCPWrappersConnects yes

 extend .1.3.6.1.4.1.2021.54 active_connects /bin/cat /proc/sys/net/netfilter/nf_conntrack_count 
 extend .1.3.6.1.4.1.2021.55 Route /bin/sh /etc/snmp/route_prefixes.sh

systemctl enable snmpd
systemctl start snmpd
iptables -I INPUT -p udp -m udp --dport 161 -j ACCEPT 
service iptables save

参考：

http://blog.csdn.net/conupefox/article/details/49369035
http://www.jb51.net/article/106385.htm