阿里云centos6.8 服务器安全服务配置

SSH公钥登录

leishendeMBP:www leishen$ ssh-keygen -t rsa
leishendeMBP:www leishen$ cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat - >> ~/.ssh/authorized_keys'

开启防火墙

[root@lei ~]# ls /etc/sysconfig/iptables*
/etc/sysconfig/iptables-config
[root@lei ~]# iptables -F
[root@lei ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@lei ~]# ls /etc/sysconfig/iptables*
/etc/sysconfig/iptables  /etc/sysconfig/iptables-config

新ssh端口号在这个范围内即可，如422

先查看下服务器端口号范围：

[root@lei ~]# sysctl -a|grep ip_local_port_range
net.ipv4.ip_local_port_range = 32768    60999

修改端口重启

vim /etc/ssh/sshd_config
service sshd restart

阿里云安装组里面设置入网可访问端口

mysql安装

下载

https://dev.mysql.com/downloa...
centos本质上和red hat是一个公司的

解压

tar -xvf mysql-5.7.20-1.el6.x86_64.rpm-bundle.tar

按顺序安装（不需要全部安装）

[root@ lei xx]# rpm -ivh mysql-community-common-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-common-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-common ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-libs-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-libs-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-libs   ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-client-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-client-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-client ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-server-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-server-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-server ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-devel-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-devel-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-devel  ########################################### [100%]

启动Mysql服务

[root@lei xx]# /usr/bin/mysqld --initialize --user=mysql
-bash: /usr/bin/mysqld: No such file or directory
[root@lei xx]# service mysqld start
Initializing MySQL database:                               [  OK  ]
Starting mysqld:                                           [  OK  ]

修改管理员密码

查看安装日志中分配的密码

[root@lei xx]# grep 'temporary password' /var/log/mysqld.log
2017-11-09T10:59:41.877594Z 1 [Note] A temporary password is generated for root@localhost: fKrsw2Xh
[root@lei xx]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.20

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

修改密码

ALTER USER 'root'@'localhost' IDENTIFIED BY '1234560';

密码必须包含大写字母小写字母数字和符号，不然会提示：ERROR 1819 (HY000): Your password does not satisfy the current policy requirements（您的密码不符合当前的安全策略要求）

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'qvWjYnE8';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql>

修改成功

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'L)2X4r4B2iz4';
Query OK, 0 rows affected (0.00 sec)

开启远程登录，授权远程登录用户

grant all privileges on . to '用户名'@'%' identified by '密码' withg rant option;

mysql -uroot -proot -e "grant all privileges on . to 'root'@'%' identified by '1334676' with grant option;"

开机启动

[root@lei ~]# chkconfig --list | grep mysqld
mysqld             0:off    1:off    2:off    3:on    4:on    5:on    6:off
[root@lei ~]# chkconfig mysqld on
[root@lei ~]# chkconfig --list | grep mysqld
mysqld             0:off    1:off    2:on    3:on    4:on    5:on    6:off

设置编码

vim /etc/my.cnf
在[mysqld]下新增一行，添加character-set-server= utf8mb4，保存

查看字符集

show variables like "%character%";

character_set_client    utf8
character_set_connection    utf8
character_set_database    utf8mb4
character_set_filesystem    binary
character_set_results    utf8
character_set_server    utf8mb4
character_set_system    utf8
character_sets_dir    /usr/share/mysql/charsets/

Nginx安装

[root@aider soft]# rpm -ivh http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.10.1-1.el6.ngx.x86_64.rpm
Retrieving http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.10.1-1.el6.ngx.x86_64.rpm
warning: /var/tmp/rpm-tmp.gnEGo7: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Preparing...                ########################################### [100%]
   1:nginx                  ########################################### [100%]
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

Commercial subscriptions for nginx are available on:
* http://nginx.com/products/

----------------------------------------------------------------------

安装

[root@aider soft]# yum -y install nginx
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
....
Updated:
  nginx.x86_64 0:1.10.2-1.el6

Complete!

目录

[root@aider conf.d]# cd /etc/nginx/
[root@aider nginx]# ls
conf.d     fastcgi.conf          fastcgi_params          koi-utf  mime.types          nginx.conf          scgi_params          uwsgi_params          win-utf
default.d  fastcgi.conf.default  fastcgi_params.default  koi-win  mime.types.default  nginx.conf.default  scgi_params.default  uwsgi_params.default

启动

[root@aider nginx]# service nginx start
Starting nginx: nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
                                                           [FAILED
[root@aider nginx]# cd conf.d/
[root@aider conf.d]# ls
default.conf  ssl.conf  virtual.conf
[root@aider conf.d]# mv default.conf default
[root@aider conf.d]# service nginx start
Starting nginx:                                            [  OK  ]
[root@aider conf.d]#