个人主页:💗wei_shuo的个人主页
🏀 Hello World !🏀
文章目录
firewalld
防火墙预设安全区域
| public | 仅允许访问本机的sshd、dhcp、ping等少量服务 |
|---|---|
| trusted | 允许任何访问 |
| block | 拒绝任何来访请求 |
| drop | 丢弃任何来访的数据包 |
#开启防护墙
[root@cocalhost ~]# systemctl start firewalld.service
#产看默认区域
[root@cocalhost ~]# firewall-cmd --get-default-zone
public
#修改默认区域
#[root@cocalhost ~]# firewall-cmd --set-default-zone=区域名
[root@cocalhost ~]# firewall-cmd --set-default-zone=trusted
success
#查看区域规则
#[root@cocalhost ~]# firewall-cmd --zone=区域名 --list-all
[root@cocalhost ~]# firewall-cmd --zone=public --list-all
public (active)
target: default #默认区域
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh #允许访问服务
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
#为public区域添加http协议,使用 --add-services=服务名
[root@cocalhost ~]# firewall-cmd --zone=public --add-service=http
success
[root@cocalhost ~]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client http ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
封网段开服务
#若针对永久配置需添加 --permanent
#使用 --add-source=网段地址
#为public区域永久添加http协议
[root@cocalhost ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@cocalhost ~]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client http ftp ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
#永久修改需要重新加载防火墙配置
# firewall-cmd --reload
[root@cocalhost ~]# firewall-cmd --reload
success
# 单独拒绝某一个ip
# firewall-cmd --zone=block/drop --add-service= IP地址
[root@cocalhost ~]# firewall-cmd --zone=block --add-source=192.168.10.1
[root@cocalhost ~]# firewall-cmd --zone=block --list-all
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources: 192.168.10.1
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
# 删除规则:--remove--source
# 删除block区域指定IP
[root@cocalhost ~]# firewall-cmd --zone=block --remove-source=192.168.10.1
success
[root@cocalhost ~]# firewall-cmd --zone=block --list-all
block
#删除public区域的ftp协议
[root@cocalhost ~]# firewall-cmd --zone=public --remove-service=ftp
success
[root@cocalhost ~]# firewall-cmd --zone=public --list-all
public
grep
文件内容过滤
| -n | 以行号形式输出 |
|---|---|
| -i | 忽略字符串大小写 |
| -v | 显示不包含匹配的行 |
| ^字符串 | 显示以该字符串开头的行 |
| $字符串 | 显示以该字符串结尾的行 |
| ^$字符串 | 显示空行 |
[root@cocalhost ~]# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
[root@cocalhost ~]# grep -n root /etc/passwd
1:root:x:0:0:root:/root:/bin/bash
10:operator:x:11:0:operator:/root:/sbin/nologin
[root@cocalhost ~]# grep -i ssh /etc/passwd
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
[root@cocalhost ~]# grep -v '#' /etc/fstab
/dev/mapper/cl-root / xfs defaults 0 0
UUID=344a914a-7d28-4a91-9030-a1217c0ada86 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0
/dev/sdc2 /test01 xfs defaults 0 0
/dev/vg05/lv05 /test5 xfs defaults 0 0
| ^字符串 | 显示以该字符串开头的行 |
|---|---|
| 字符串$ | 显示以该字符串结尾的行 |
| ^$字符串 | 显示空行 |
[root@cocalhost ~]# grep -n -v '^#' /etc/fstab
1:
9:/dev/mapper/cl-root / xfs defaults 0 0
10:UUID=344a914a-7d28-4a91-9030-a1217c0ada86 /boot xfs defaults 0 0
11:/dev/mapper/cl-swap swap swap defaults 0 0
12:/dev/sdc2 /test01 xfs defaults 0 0
13:/dev/vg05/lv05 /test5 xfs defaults 0 0
14:
[root@cocalhost ~]# grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
[root@cocalhost ~]# grep 'bash$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
weishuo:x:1000:1000:weishuo:/home/weishuo:/bin/bash
user01:x:1001:1001::/home/user01:/bin/bash
user02:x:1002:1003::/home/user02:/bin/bash
natasha:x:1003:1006::/home/natasha:/bin/bash
[root@cocalhost ~]# grep -n ^$ /etc/fstab
1:
14:
[root@cocalhost ~]# grep -v '^#' /etc/fstab | grep -n -v '^$'
2:/dev/mapper/cl-root / xfs defaults 0 0
3:UUID=344a914a-7d28-4a91-9030-a1217c0ada86 /boot xfs defaults 0 0
4:/dev/mapper/cl-swap swap swap defaults 0 0
5:/dev/sdc2 /test01 xfs defaults 0 0
6:/dev/vg05/lv05 /test5 xfs defaults 0 0
[root@cocalhost ~]# grep -v '^#' /etc/login.defs | grep -v ^$ -n | wc -l
17
[root@cocalhost ~]#
systemd管理服务
| systemctl restart | 重启服务 |
|---|---|
| systemctl stop | 停止服务 |
| systemctl enable | 设置服务开机自启 |
| systemctl start | 启动服务 |
| systemctl disable | 设置服务不开机自启 |
| systemctl status | 查看服务状态 |
| systemctl is-enabled | 查看服务是否被设置开机自启 |
