1.安装Centos6.5 2.6.32-642.4.2.el6.x86_64
升级所有软件至最新:
yum update
2.同步时间。安装ntpd
yum install ntpdate
ntpdate 时间服务器地址
ntpdate cn.ntp.org.cn
将时间写入硬件(bios)
clock -w
2.1 配置时间同步
crontab -e
*/10 * * * * /usr/sbin/ntpdate -u pool.ntp.org >/dev/null 2>&1 #每隔十分钟同步一次 service crond restart
chkconfig crond on
3.关闭selinux
/etc/selinux/config
SELINUX=enforcing #重启生效
4.安装常用软件:
yum install wget unzip make gcc gcc-c++ gcc-g77
5.配置ssh 默认端口号:这里改成 33122
vim /etc/ssh/sshd_config
Port 33122
6.防火墙设置:
iptables -F
iptabels -X
iptables -Z
[root@zabbix3 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Aug 28 21:27:57 2016
*filter
:INPUT DROP [10:1249]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 192.168.2.121 -p tcp -m tcp --dport 33122 -j ACCEPT #允许ip访问次端口
-A INPUT -s 192.168.2.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT #允许所有访问此端口
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT ##如果没有此规则,你将不能通过127.0.0.1访问本地服务,例如ping 127.0.0.1
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ##允许所有对外请求的返回包 ,本机对外请求相当于OUTPUT,对于返回数据包必须接收啊,这相当于INPUT了
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT #允许 ping
-A INPUT -s 192.168.18.0/24 -p tcp -j ACCEPT #信任IP允许所有连接
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Sun Aug 28 21:27:57 2016
# Firewall configuration written by system-config-firewall
# # Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 192.168.18.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 192.168.18.0/24 -p tcp -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT