Loading... # 放置pubkey ``` mkdir -p ~/.ssh/ touch ~/.ssh/authorized_keys cat <<'EOF'> ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsFITm4ITWJPBvnD4pzVQQ7+gumY//IjWo2V8ciU+1Rzfv4IjYh25yPv0K6pf06JGtHyOGTkPzIWx85wtuNZ96cst6hjfzw7pp2IVy31DBPae6lMLhylZxrYmg8KAZE6msR1QKE4J3d8qFvyQWhOVcOF6gv5d5NPKR0vcQbOFtdAxoLGZE1/x3BXjCeb4IXA+bnXPgwB01a+cNEg8kLnt74DvoJU+aS2iX90hKOrMQ1yLzpoA0gHE38yJ9E2DfA5b6NiNcJU8r5wonWz9U08ztYTjsK1SAHSgXd5xgUlW2ImYASuxTznXIF9ehInCPxk/Khw6zKp2TaDnZUWojS1D5iEug0e+wVeuBtIMQdnHtNQtolKBzPmcSyr+SAGKdUU+y1oF6L9N4Ilu/Y1xUYfRP8s/qPUr8NBVkTyPiKslZKUeSVtn3hw5+FFR9ieKpvDinLizhkP/KWN2fKlQOjWHyB1ln4c00BjMc7HHCBioV+fN5YecFbIF82Wdr6p/XMVU= jacky ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1W0wLOHU//+ufmG1bgtJfFFq90ggOhdkIlRVV4ZPlH jacky@jacky-office EOF ``` # 查看版本 ``` cat /etc/redhat-release ``` # 修改更新源 ``` cd /etc/yum.repos.d/ && mkdir bak && mv * bak/ cat <<EOF>/etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS7 - base enabled=1 failovermethod=priority baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/base/ gpgcheck=1 gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7 [updates] name=CentOS7 - updates enabled=1 failovermethod=priority baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/updates/ gpgcheck=1 gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7 [extras] name=CentOS7 - extras enabled=1 failovermethod=priority baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/extras/ gpgcheck=1 gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-CentOS-7 [epel] name=CentOS7 - epel failovermethod=priority baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/epel/ gpgcheck=0 gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/RPM-GPG-KEY-EPEL-7 [docker-ce-stable] name=CentOS7 - docker-ce-stable baseurl=http://vip.123pan.cn/1815238395/mirrors/centos/7/docker-ce-stable/ enabled=1 gpgcheck=1 gpgkey=http://vip.123pan.cn/1815238395/mirrors/centos/7/gpg EOF cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9 Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn 4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ 4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1 x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY 438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8 c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw 4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4 Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD 3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137 YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3 uPNL0eRx4S1G4Jn5 =OGYX -----END PGP PUBLIC KEY BLOCK----- EOF cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB 9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk 5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re 9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== =hdPa -----END PGP PUBLIC KEY BLOCK----- EOF cat <<'EOF'>/etc/pki/rpm-gpg/gpg -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ 1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO +VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM +q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC /LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW 5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ =0Zqq -----END PGP PUBLIC KEY BLOCK----- EOF cat <<'EOF'>/etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQGiBEm+/6QRBAC5mbtqOFSQ0FkTLIMdIoqxtraIeUqwbPp3IBYQ/u/EREjyEf1D qFyBEXII0dD8JDT85vRZ81jhB7nFWa0VbUfY0xfghkbnokiNBVNpiQcvszw3UYDF aLAaOC8Z98vmlsQaBBTQG6704ZXLr7FJyG3GP5WE6egXIQQbrMcdmCoRBwCg/dwC HLWjuemoDc5SX7hKHbB4zZ8D/jP+oMbqz+bDn8OZ2UuaGdxr+mHW8tzTdPjnEU8e hUt1ws8eBqn/gMfKvUBa8xFSILe8Ty99u+VjFbcRsdf0H6dRre9AdDVUz5oxzoPw gamA8mhPQvFh3wt9smtRUh5IoM2LiM1s5pGMLuYuvSnVUPArEnSfW6K5I6v7OarU 3WfrBACDEGGcaWKjfdkRtmKIQrzu6AnldVC1ISLVAoqxHnKNFTk1BgO0PSZDpfJI x8fMCnGlusoL6F5+LYEk4K4B0zvlj1ur3JocjxpuBLccl94JTo/+I9ZbS8ptUqLw LBUkgIQJzzIH4G5NZsQ3FpzSWGRFVa7etqTv9BfUMUmJxhEoobQ/ZWxyZXBvLm9y ZyAoUlBNIFNpZ25pbmcgS2V5IGZvciBlbHJlcG8ub3JnKSA8c2VjdXJlQGVscmVw by5vcmc+iGAEExECACAFAkm+/6QCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK CRAwm8MFuq2uUlgWAKCGWOpyodbzxS7Xy/0X9m9qVnHq+ACfUHrQzYAtFRpT07Sg giosE+mvAKu5Ag0ESb7/pxAIALgT0q0HhwugE717a7N+gAtCbFu8pCXOZcrAnJpG cMA9VWmsODZStPTxXYM2ggCMSzUnNis8pPZOPIP5C+t2IYtVjLshM4C9UiY7u5ET jErWCxWmF+2QLO50K56E4qxj0wufZt9P+Ih0USUM5L2oyrQG51uj/2v3Qq3igc8Z NTtmEOfis3losusQbAfZtTBmNQ0570kkhMxiyavgAUxLenXHYrkDJFuL7XdBCmna kykTn2dzU81rIDZ+QPxII4V/eZ5xGiRY/EDUIAysEV2m0NNZgWi/twUnZICm7zYp VRviJrBnFTvNEPMhiGRnJgQp/Krv4WIHQ67N8lQg3q5RJX8AAwUH/0UBjBgbsuWR dB+ZYWjKPBy+bJY/6HefPUuLrt3QDNINMW8kY7VzWRMWyGc4IlPJDW0nwOn/vT5H Dgc3YmA3tm7cKj5wpFijzff61Db8eq+CUKGscKxDBGzHq6oirM5U7DQLmipCs5Eb efwHIjE3aOUSnoQmniEnBWI2hm/rftmY9oJSi8xgns4wAokDPiMcucADtbV3fznx ppuowtBi8bcGB1vJZjTySQcSKWv+IVp5ej06uZ9501BEm6HxUZkuAGPecP65kcQu 5bg7B7LQeI5AWyujqvfuWgAF34xhl9QU/sDWxM3wUog+bw7y8pyWCqnJhp70yx8o SqzhFygT62eISQQYEQIACQUCSb7/pwIbDAAKCRAwm8MFuq2uUq8PAKC1+E2pSwiS oHXkKYPYDwApsP1mVACfRe1YnggLYQtG9LMeweVQQC77rK8= =qyRr -----END PGP PUBLIC KEY BLOCK----- EOF ``` # 设置本地编码 ``` 要将 CentOS 的本地区域设置更改为 `zh_CN.UTF-8`(中文简体UTF-8编码),你可以执行以下步骤: 1. 打开终端并以超级用户(root)权限登录,或者使用 sudo 进行操作。 2. 首先,查看可用的语言和区域设置: localectl list-locales 确保 `zh_CN.UTF-8` 在列表中。 3. 设置系统的语言和区域设置为 `zh_CN.UTF-8`: localectl set-locale LANG=zh_CN.UTF-8 4. 更新系统的区域设置配置: source /etc/locale.conf 5. 重启系统以使更改生效: reboot 在系统重新启动后,你的本地区域设置应该已经更改为 `zh_CN.UTF-8`。这将影响系统的界面语言、日期格式和其他相关设置。请注意,这仅更改系统级别的区域设置。对于特定用户的区域设置,可以使用 `~/.bashrc` 或 `~/.bash_profile` 文件进行自定义。 ``` # 修改主机名 ``` hostnamectl set-hostname master #reboot ``` # 修改hosts ``` $ vim /etc/hosts # 添加如下内容 10.0.1.9 master 10.0.1.5 node1 ``` # 优化sshd ``` echo 'UseDNS no' >> /etc/ssh/sshd_config; systemctl restart sshd yum update -y ca-certificates ``` # 优化sysctl参数、limits参数、systemd参数 ``` cat <<'EOF'>/etc/sysctl.conf fs.file-max=11000000 fs.nr_open=11000000 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_retries2 = 5 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 32768 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 1000000 net.ipv4.tcp_wmem = 8192 131072 16777216 net.ipv4.tcp_rmem = 32768 131072 16777216 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.ip_local_port_range = 1024 65000 net.core.netdev_max_backlog = 16384 net.core.somaxconn = 16384 net.netfilter.nf_conntrack_max=1048576 EOF cat <<'EOF'>/etc/security/limits.conf * soft nofile 10000000 * hard nofile 10000000 * soft nproc 10000000 * hard nproc 10000000 EOF cat <<'EOF'>/etc/systemd/system.conf [Manager] LogLevel=debug DefaultLimitNOFILE=10000000 EOF cat <<'EOF'>/etc/systemd/user.conf [Manager] DefaultLimitNOFILE=10000000 EOF ``` # 修改时区 ``` rm -f /etc/localtime ; ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ``` # 时间同步 ``` yum install -y chrony systemctl restart chronyd systemctl enable chronyd systemctl status chronyd ``` # 关闭selinux ``` # 临时关闭selinux setenforce 0 # 设置永久关闭selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config ``` # 关闭交换分区 ``` # 临时关闭交换分区 swapoff -a # 永久关闭交换分区 sed -i '/ swap / s/^/#/' /etc/fstab ``` # 关闭防火墙 ``` systemctl disable firewalld systemctl stop firewalld iptables -t filter -F ``` # 安装基础软件 ``` # 安装基础软件 yum install -y tar curl wget telnet rsync net-tools unzip tree # 安装高级软件 yum install -y smem iftop dstat sysstat lrzsz traceroute tcpdump tshark bind-utils git-lfs git smem psmisc conntrack ``` # 配置网卡 ``` # 配置静态地址 TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=<interface> UUID=<UUID> DEVICE=<interface> ONBOOT=yes IPADDR=<your_static_ip> NETMASK=<your_netmask> GATEWAY=<your_gateway_ip> DNS1=<your_dns_server_ip> # 配置动态地址 TYPE=Ethernet BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=<interface> UUID=<UUID> DEVICE=<interface> ONBOOT=yes # 重启网卡 systemctl restart network ``` # ip ``` # 显示网络接口信息 ip a # 显示路由表 ip route # 配置IP地址和子网掩码 ip addr add <IP地址>/<子网掩码位数> dev <接口名> ip addr add 192.168.1.2/24 dev eth0 # 启用或禁用接口 ip link set <接口名> up ip link set <接口名> down # 添加静态路由 ip route add <目标网络> via <网关IP> ip route add 192.168.2.0/24 via 192.168.1.1 # 删除静态路由 ip route del <目标网络> ``` # proxychains ``` #1. 下载 #2. so文件放在/usr/lib64/proxychains-ng #3. conf文件放在/etc/proxychains.conf #4. proxychains文件放在/bin/或者别的地方也可以 mkdir -p /usr/lib64/proxychains-ng cd /tmp wget https://vip.123pan.cn/1815238395/download/proxychains/proxychains.tar.gz tar xzvf proxychains.tar.gz mv libproxychains4.so /usr/lib64/proxychains-ng mv proxychains.conf /etc/ mv proxychains /bin/ ``` # tcping ``` cd /bin wget https://vip.123pan.cn/1815238395/download/tcping/amd64/tcping_Linux_static%202.0.0.tar.gz tar xzvf tcping_Linux_static\ 2.0.0.tar.gz ``` # nali ``` cd /bin wget https://vip.123pan.cn/1815238395/download/nali/nali-linux-amd64-v0.7.3.gz gunzip nali-linux-amd64-v0.7.3.gz mv nali-linux-amd64-v0.7.3 nali chmod a+x nali mkdir -p ~/.local/share/nali cd ~/.local/share/nali/ wget https://vip.123pan.cn/1815238395/download/nali/nali.share.tar.gz tar xzvf nali.share.tar.gz cd ~/.local/share/nali wget https://vip.123pan.cn/1815238395/download/nali/qqwry.dat ``` # trzsz ``` wget --no-check-certificate -O /tmp/trzsz_1.1.7_linux_x86_64.tar.gz http://filecdn.zcyun.cn/1815238395/download/tssh/trzsz_1.1.7/trzsz_1.1.7_linux_x86_64.tar.gz cd /tmp tar xvf trzsz_1.1.7_linux_x86_64.tar.gz mv -f trzsz_1.1.7_linux_x86_64/* /bin/ rm -rf trzsz* ``` # python ``` # 使用本镜像站来升级 pip pip install -i https://mirrors.ustc.edu.cn/pypi/web/simple pip -U pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple ``` # golang ``` export all_proxy=socks5://120.224.58.239:47891 wget https://golang.google.cn/dl/go1.21.1.linux-amd64.tar.gz sudo tar xfz go1.21.1.linux-amd64.tar.gz -C /usr/local cat <<'EOF'>> /etc/profile export GOROOT=/usr/local/go export GOPATH=$HOME/gowork export GOBIN=$GOPATH/bin export PATH=$GOPATH:$GOBIN:$GOROOT/bin:$PATH EOF source /etc/profile ``` # firewalld ``` # 启动firewalld服务 sudo systemctl start firewalld # 停止firewalld服务 sudo systemctl stop firewalld # 重启firewalld服务 sudo systemctl restart firewalld # 查看firewalld服务状态 sudo systemctl status firewalld # 启用firewalld服务开机自启动 sudo systemctl enable firewalld # 禁用firewalld服务开机自启动 sudo systemctl disable firewalld # 查看防火墙规则列表 sudo firewall-cmd --list-all # 查看已启用的防火墙服务 sudo firewall-cmd --list-services # 开放端口(例如,打开SSH端口 22) sudo firewall-cmd --add-port=22/tcp --permanent sudo firewall-cmd --reload # 开放服务(例如,打开HTTP服务) sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --reload # 移除端口或服务规则(例如,移除SSH端口规则) sudo firewall-cmd --remove-port=22/tcp --permanent sudo firewall-cmd --reload # 显示防火墙状态(运行时信息) sudo firewall-cmd --state # 查看firewalld的版本信息 sudo firewall-cmd --version ``` # ipsec ``` # 需求 Intranet subnets: 172.17.165.249/32 Public network address: 1.222.209.74 密码:XXX # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup uniqueids=never conn %default authby=psk type=tunnel conn To-Unitel-FirtiGate500E keyexchange=ikev1 left=%any leftsubnet=172.17.165.249/32 leftid=1.222.209.74 right=2.182.106.164 rightsubnet=10.120.54.115/32 rightid=2.182.106.164 auto=start ike=aes256-sha256-modp1024 ikelifetime=28800s esp=aes256-sha256 lifetime=3600 type=tunnel closeaction=restart dpdaction=restart keyingtries=%forever conn To-Unitel-FirtiGate100F keyexchange=ikev1 left=%any leftsubnet=172.17.165.249/32 leftid=8.222.209.74 right=183.182.100.130 rightsubnet=10.78.3.234/32 rightid=183.182.100.130 auto=start ike=aes256-sha256-modp1024 ikelifetime=28800s esp=aes256-sha256 lifetime=3600 type=tunnel closeaction=restart dpdaction=restart keyingtries=%forever # 密码文件 # ipsec.secrets - strongSwan IPsec secrets file 1.222.209.74 2.182.106.164 : PSK "xxx" # 测试命令 ## 查看状态 strongswan statusall strongswan up xxx strongswan down xxx ## 查看路由 ip xfrm policy ## 链路测试 traceroute -w 1 -d -n 1.62.111.200 ``` 最后修改:2024 年 07 月 12 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏