1、添加用戶

新增名為"wang"的用戶

[root@vdevops ~]# useradd wang #添加賬戶[root@vdevops ~]# passwd wang #設置密碼Changing password for user wang.New password: Retype new password: passwd: all authentication tokens updated successfully.[root@vdevops ~]# exit #退出以用戶"wang"為例，設置其為唯一擁有管理員權限的賬戶[root@vdevops ~]# usermod -G wheel wang[root@vdevops ~]# vim /etc/pam.d/su[html] view plain copy print?#%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. # 取消下面一行的注釋 auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so 設置root賬戶的郵件轉發# Person who should get root's mail# 最后一行，取消注釋，改變用戶名稱root: wang

2、設置防火墻和SELINUX

【1】防火墻

查看防火墻狀態

[root@vdevops ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2016-10-26 01:09:49 CST; 1h 36min ago Main PID: 744 (firewalld) CGroup: /system.slice/firewalld.service └─744 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 26 01:09:46 vdevops.com systemd[1]: Starting firewalld - dynamic firewall daemon... Oct 26 01:09:49 vdevops.com systemd[1]: Started firewalld - dynamic firewall daemon. 

防火墻基本操作

[root@vdevops ~]# systemctl start firewalld #啟動防火墻 [root@vdevops ~]# systemctl enable firewalld #設置防火墻開機自啟 

默認情況下，“public”區域應用于NIC，dhcpv6-client和ssh是允許的。

當使用“firewall-cmd”命令操作時，如果輸入命令不帶“--zone = ***”規范，則配置設置為默認區域。

#顯示默認區域 [root@vdevops ~]# firewall-cmd --get-default-zone public #顯示當前設置 [root@vdevops ~]# firewall-cmd --list-all public (default, active) interfaces: eno16777736 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: #顯示全部區域 [root@vdevops ~]# firewall-cmd --list-all-zones block interfaces: sources: services: ports: masquerade: no forward-ports: icmp-blocks: rich rules: dmz interfaces: sources: services: ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: ... #顯示特定區域允許的服務 [root@vdevops ~]# firewall-cmd --list-service --zone=external ssh #改變默認區域 [root@vdevops ~]# firewall-cmd --set-default-zone=external success #改變制定區域的接口 [root@vdevops ~]# firewall-cmd --change-interface=eth1 --zone=external success #顯示制定區域的狀態 [root@vdevops ~]# firewall-cmd --list-all --zone=external external (default, active) interfaces: eno16777736 eth1 sources: services: ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules: #注：改變制定區域的接口，前提是次接口在當前系統是存在的