From f05eac0eab5bc55f96afe9787708502a30537b70 Mon Sep 17 00:00:00 2001 From: X Date: Tue, 22 Apr 2025 03:35:09 +0000 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20openEuler?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- openEuler.md | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 1 deletion(-) diff --git a/openEuler.md b/openEuler.md index fa86202..e7cc23f 100644 --- a/openEuler.md +++ b/openEuler.md @@ -21,4 +21,136 @@ nmcli connection up eth0 ``` nmcli connection modify eth0 ipv4.addresses "192.168.1.200/24" nmcli connection down eth0 && nmcli connection up eth0 -``` \ No newline at end of file +``` + + +## 一、修改root密码 +``` +passwd root +``` + +## 二、添加可sudo的管理员用户并设置密码 +Redhat/CentOS系: +``` +useradd -m -g wheel -s /bin/bash "username" && passwd "username" +``` +Debian/ubuntu系: +``` +useradd -m -g sudo -s /bin/bash "username" && passwd "username" +``` + +## 三、清理无用账号(如有) + +- 进入指定账户home目录,备份文件至/tmp下 +``` +cd /home/"username" +mv * /tmp +``` +- 删除账号及目录 +``` +userdel -rf "username" +``` + + +## 四、修改SSH安全配置 + +编辑SSH配置文件: +``` +vi /etc/ssh/sshd.config +``` +将下列语句加入文件最后: +``` +PermitRootLogin no +Ciphers aes256-ctr,aes192-ctr,aes128-ctr +MACs hmac-sha2-512,hmac-sha2-256 +``` + +添加完成后重启ssh服务: +``` +systemctl restart sshd +``` + +## 五、添加软件源,更新所有应用程序 +阿里云服务器参考[深圳国家基因库开源镜像站](https://gitlab.genomics.cn/tianjing/faq/-/wikis/%E5%9B%BD%E5%AE%B6%E5%9F%BA%E5%9B%A0%E5%BA%93%E5%BC%80%E6%BA%90%E9%95%9C%E5%83%8F%E7%AB%99) +集团横岗&盐田虚拟化平台参考[华大集团开源镜像站](https://gitlab.genomics.cn/yangjiewei/platformops-faq/-/wikis/%E5%8D%8E%E5%A4%A7%E9%9B%86%E5%9B%A2%E5%BC%80%E6%BA%90%E9%95%9C%E5%83%8F%E7%AB%99) +其他地区参考华为云或阿里云软件源进行互联网更新。 + + +Redhat/CentOS系软件更新: +``` +sudo yum update -y +``` +Debian/ubuntu系软件更新: +``` +sudo apt update +sudo apt upgrade +``` +## 六、检查是否安装HIDS,如未安装先安装HIDS客户端 + +参考[HIDS安装指南](https://gitlab.genomics.cn/moshengan/issmkd/-/wikis/%E4%B8%BB%E6%9C%BA%E5%85%A5%E4%BE%B5%E6%A3%80%E6%B5%8B%E7%B3%BB%E7%BB%9F(HIDS)Agent%E5%AE%89%E8%A3%85%E6%8C%87%E5%8D%97) + +## 七、配置时区和时钟同步 + +设置时区: +``` +timedatectl set-timezone Asia/Shanghai +``` + +
RHEL9时钟同步服务: + +``` +#编辑配置文件,加上ntp server +sudo vim /etc/chrony.conf + +#时钟源 +server ntp.genomics.cn +server ntp.ntsc.ac.cn + +#重启服务 +systemctl restart chronyd + +#查看同步状态 +chronyc sources +``` +![image](uploads/4f7941a70aeaa8407c48052c0ab3ccfb/image.png) + + +
+ +
Debian/ubuntu安装ntp服务: + +``` +sudo apt install ntpsec -y +``` +编辑ntp服务配置文件: +``` +vim /etc/ntpsec/ntp.conf +``` +#将原来的pool和server全部注释,然后增加内网NTP Server和中科院备用NTP Server +![image](uploads/e455867333b06263987263585df7536d/image.png) + +重启NTP服务: +``` +systemctl restart ntpsec +``` +查看服务状态: +``` +systemctl status ntpsec +``` +``` +#查看时钟同步状态 +ntpq -p +``` +![image](uploads/a19af8af82d7f1120b485a66a3385b0c/image.png) + + +
+ + +## 八、配置日志传送 +[日志服务器配置](https://gitlab.genomics.cn/moshengan/issmkd/-/wikis/%E6%97%A5%E5%BF%97%E6%8E%A5%E5%85%A5%E6%97%A5%E5%BF%97%E5%AE%A1%E8%AE%A1%E7%B3%BB%E7%BB%9F%E9%85%8D%E7%BD%AE) + +## 九、配置服务器资源监控 + +**GUN/Linux** +[配置服务器性能资源监控](https://gitlab.genomics.cn/moshengan/secop/-/wikis/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%AE%89%E8%A3%85Categraf-Agent)