查看和控制系统服务
在RHEL6之前的版本,对系统服务控制使用命令
service
service sshd status/start/stop/restart/reload
chkconfig --list sshd
从RHEL7开始,控制系统服务的命令 systemctl
[root@abc ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset> enabled 开机自启动 disabled 开机不启动
Active: active (running) since Wed 2021-11-03 10:28:36 CST; 1 day 23h ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 819 (sshd)
Tasks: 1 (limit: 11345)
Memory: 7.1M
CGroup: /system.slice/sshd.service
└─819 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-po>
Nov 04 13:38:39 abc sshd[25913]: Accepted password for root from 172.25.250.250>
Nov 04 13:38:39 abc sshd[25913]: pam_unix(sshd:session): session opened for use>
Nov 04 15:04:10 abc sshd[26576]: Accepted password for root from 172.25.250.250>
Nov 04 15:04:10 abc sshd[26576]: pam_unix(sshd:session): session opened for use>
Nov 04 15:04:39 abc sshd[26629]: Accepted password for root from 172.25.250.250>
Nov 04 15:04:39 abc sshd[26629]: pam_unix(sshd:session): session opened for use>
Nov 04 15:06:34 abc sshd[26670]: Accepted password for root from 172.25.250.250>
Nov 04 15:06:34 abc sshd[26670]: pam_unix(sshd:session): session opened for use>
Nov 05 09:36:01 abc sshd[27215]: Accepted password for root from 172.25.250.250>
Nov 05 09:36:01 abc sshd[27215]: pam_unix(sshd:session): session opened for use>
lines 1-21/21 (END)
将服务设置为开机自启动,并直接启动起来
[root@abc ~]# systemctl enable atd --now
stop,start,restart,reload
[root@abc ~]# systemctl is-active atd
active
[root@abc ~]# systemctl is-enabled atd
enabled
查询系统启动级别 init 0 1 2 3 4 5 6
[root@abc ~]# systemctl get-default
multi-user.target init 3
[root@abc ~]#
[root@workstation ~]# systemctl get-default
graphical.target init 5
[root@workstation ~]#
[root@workstation ~]# systemctl set-default multi-user.target 启动时只启动命令行多用户模式
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/multi-user.target.
[root@workstation ~]#
屏蔽调一个服务 mask
[root@abc ~]# systemctl mask atd
Created symlink /etc/systemd/system/atd.service → /dev/null.
[root@abc ~]# systemctl start atd
Failed to start atd.service: Unit atd.service is masked.
[root@abc ~]# systemctl unmask atd
Removed /etc/systemd/system/atd.service.
[root@abc ~]# systemctl enable atd --now
Created symlink /etc/systemd/system/multi-user.target.wants/atd.service → /usr/lib/systemd/system/atd.service.
[root@abc ~]#
--------------------------------------------------------------------
ssh 服务的安全性
tcp 22 端口
修改配置文件,更改端口号
vim /etc/ssh/sshd_config
#
Port 22222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
需要重启服务
systemctl restart sshd
由于系统默认开启了selinux安全组建和firewalld防火墙软件
为了实验效果,可以先关闭
setenforce 0
systemctl stop firewalld
[root@workstation ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22222 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 172.25.250.9:22222 172.25.250.250:55820 ESTABLISHED
tcp6 0 0 :::22222 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
[root@workstation ~]# ss -ant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22222 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
ESTAB 0 0 172.25.250.9:22222 172.25.250.250:55820
LISTEN 0 128 [::]:22222 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
[root@workstation ~]#
掌握ssh命令
ssh root@x.x.x.x -p 22222
ssh -l root x.x.x.x
ssh x.x.x.x 使用当前系统登陆账号登陆远程服务器
远程复制文件到本机,或者上传本机文件到远程服务器
[kiosk@foundation1 Desktop]$ scp -P 22222 03 root@workstation:/root/
[kiosk@foundation1 Desktop]$ scp -P 22222 root@workstation:/root/555 .
root@workstation's password:
555 100% 0 0.0KB/s 00:00
[kiosk@foundation1 Desktop]$ ls
03 555
[kiosk@foundation1 Desktop]$
[kiosk@foundation1 Desktop]$ scp -P 22222 -r doc root@workstation:/root/
root@workstation's password:
03 100% 2947 777.2KB/s 00:00
555 100% 0 0.0KB/s 00:00
[kiosk@foundation1 Desktop]$
使用数字证书 ssh 登陆服务器
1。 在客户端生成数字证书 密钥 一对 公钥,私钥
[student@abc .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7HGkYcSXFVr47Uj5cDuPQHeR12X0AfKl0p/V+nvJwqo student@abc
The key's randomart image is:
+---[RSA 3072]----+
| .. =+o.+B|
| .. +o+ o+*|
| o.oo * *|
| o + B =.+|
| S .o B.= |
| . o o =. |
| . ...+o|
| o.o+|
| E... ...|
+----[SHA256]-----+
[student@abc .ssh]$
2. 将客户端的公钥 pub 上传到服务器的指定登陆账号的目录里
[devops@abc ~]$ ssh-copy-id root@workstation
如果是windows客户端,使用ssh第三方软件登陆
需要在第三方软件上制作密钥
将公钥scp ftp 传到服务器上
在服务器上,将密钥倒入到指定登陆账号.ssh目录下的认证文件里
[root@workstation .ssh]# cat id_rsa.pub >> authorized_keys
3. 客户端登陆验证免密码登陆
[student@abc ~]$ ssh root@workstation
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Nov 5 10:43:44 2021 from 172.25.250.10
[root@workstation ~]#
4. 修改sshd服务配置文件,拒绝使用口令登陆,之允许密钥登陆
#PermitEmptyPasswords no
PasswordAuthentication no yes--》no
重启sshd服务即可
-------------------------------------------------------------------
分析和存储日志
RHEL7之前,系统的日志服务 rsyslog 记录系统运行的日志信息
RHEL7开始 系统内有2个日志程序 rysyslog journal 日志程序
传统的日志储存 /var/log 目录里
新版的日志程序 /run/log/ 目录里
rsyslog
配置文件 [root@abc log]# vim /etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages 所有信息
# The authpriv file has restricted access.
authpriv.* /var/log/secure 身份认证
# Log all the mail messages in one place.
mail.* -/var/log/maillog 电子邮件
# Log cron stuff
cron.* /var/log/cron 任务计划
# Save boot messages also to boot.log
local7.* /var/log/boot.log 开机启动信息
日志内容
Nov 5 13:43:40 abc systemd[28118]: Listening on D-Bus User Message Bus Socket.
Nov 5 13:43:40 abc systemd[28118]: Reached target Sockets.
Nov 5 13:43:40 abc systemd[28118]: Reached target Basic System.
Nov 5 13:43:40 abc systemd[28118]: Reached target Default.
Nov 5 13:43:40 abc systemd[28118]: Startup finished in 42ms.
Nov 5 13:43:40 abc systemd[1]: Started User Manager for UID 0.
时间 服务器主机名 程序名 事件内容
日志级别
0 emerg 系统不可用
1 alert 必须立即采取措施
2 crit 严重状况
3 err 非严重错误状况
4 warning 警告
5 notice 重要事件
6 info 正常信息
7 debug 调试类信息
监控日志
tail -f xxxx
测试日志信息接收
使用命令 logger 给系统发日志信息
-p 选项可以定义日志的优先级别
-------------------------------------------------------------------------------
集中存储日志 搭建一个日志服务器
使用rsyslog搭建
Server: 修改配置文件,启用日志接收功能
[root@serverb ~]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
Client:
[root@abc log]# vim /etc/rsyslog.conf
# Save boot messages also to boot.log
local7.* /var/log/boot.log
*.* @172.25.250.11
------------------------------------------------------------------------
journal 日志的查看
[root@abc log]# journalctl
查看自开机以来的所有日志
通过日志优先级,筛选日志
[root@abc log]# journalctl --priority err
通过时间筛选
--since 开始时间
[root@abc log]# journalctl --since 2021-11-05
--until 终止时间
[root@abc log]# journalctl --since 2021-11-04 --until 2021-11-05
[root@abc log]# journalctl --
--after-cursor --force --no-hostname --sync
--all --full --no-pager --system
--boot --header --no-tail --unit
--catalog --help --output --until
--cursor --identifier --output-fields --update-catalog
--directory --interval --pager-end --user
--disk-usage --lines --priority --user-unit
--dmesg --list-boots --quiet --utc
--dump-catalog --list-catalog --reverse --vacuum-files
--field --local --root --vacuum-size
--fields --machine --rotate --vacuum-time
--file --merge --setup-keys --verify
--flush --new-id128 --show-cursor --verify-key
--follow --no-full --since --version
[root@abc log]# journalctl --
通过各种条件,对日志进行筛选
如果需要储存journal的日志,需要修改配置
cd /var/log/
635 mkdir journal
638 chown root:systemd-journal journal/
641 chmod 2755 journal/
645 killall -USR1 systemd-journald
----------------------------------------------------------------------------------------
确保系统时钟的准确性
启用NTP服务
chronyd 程序,用来和制定的NTP服务器,对时
可以使用命令 timedatectl 查询系统时钟状态
[root@abc log]# timedatectl
Local time: Fri 2021-11-05 14:39:28 CST
Universal time: Fri 2021-11-05 06:39:28 UTC
RTC time: Fri 2021-11-05 06:39:28
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
修改时区
[root@abc log]# timedatectl set-timezone Asia/Tokyo
[root@abc log]# timedatectl
Local time: Fri 2021-11-05 15:42:10 JST
Universal time: Fri 2021-11-05 06:42:10 UTC
RTC time: Fri 2021-11-05 06:42:10
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
[root@abc log]# timedatectl set-timezone Asia/Shanghai
[root@abc log]# timedatectl
Local time: Fri 2021-11-05 14:42:50 CST
Universal time: Fri 2021-11-05 06:42:50 UTC
RTC time: Fri 2021-11-05 06:42:50
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
修改系统时间
[root@abc log]# date
Fri Nov 5 14:43:48 CST 2021
[root@abc log]# timedatectl set-time 15:43
Failed to set time: NTP unit is active
[root@abc log]# timedatectl set-ntp false
[root@abc log]# timedatectl set-time 15:43
[root@abc log]# date
Fri Nov 5 15:43:01 CST 2021
[root@abc log]# date -s 14:44
Fri Nov 5 14:44:00 CST 2021
[root@abc log]#
[root@abc log]# hwclock -w
配置客户端和指定的服务器(NTP)对表
修改客户端软件的配置文件
[root@abc log]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server 172.25.254.254 iburst
[root@abc log]# chronyc sources -v
210 Number of sources = 4
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| | | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* tock.ntp.infomaniak.ch 1 6 17 13 +489us[+6936us] +/- 130ms
^- ntp1.ams1.nl.leaseweb.net 2 6 71 12 +710us[ +710us] +/- 205ms
^- ntp6.flashdance.cx 2 6 26 10 -7592us[-7592us] +/- 190ms
^+ time.cloudflare.com 3 6 17 15 +1594us[+8040us] +/- 122ms
[root@abc log]#
------------------------------------------------------------------
搭建自己的NTP Server
[root@abc log]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
#server 172.25.254.254 iburst
......
# Allow NTP client access from local network.
#allow 192.168/16
allow 172.25/16
重启服务
[root@abc log]# systemctl restart chronyd.service
-------------------------------------------------------------------
