Chinaunix首页 | 论坛 | 博客
  • 博客访问: 354178
  • 博文数量: 213
  • 博客积分: 566
  • 博客等级: 中士
  • 技术积分: 1210
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-21 13:09
文章分类

全部博文(213)

文章存档

2015年(1)

2013年(7)

2012年(128)

2011年(77)

分类:

2012-02-17 18:19:02

原文地址:CentOS 6.0 Optimize 作者:k_ewell

Config mutil ipaddr automatic by network service

[root@] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO=none
BROADCAST="192.168.8.255"
DNS1="202.103.24.68"
GATEWAY="192.168.8.8"
IPADDR="192.168.8.199"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT="yes"
HWADDR="00:0C:29:F3:9B:59"
TYPE=Ethernet
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
[root@] ~]# 
[root@] ~]# 
[root@] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE="eth0:1"
BOOTPROTO=none
IPADDR="192.168.200.199"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE=Ethernet
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0:1"
[root@] ~]# 
[root@] ~]# 
[root@] ~]# chkconfig --list | grep "3:on"
mysqld          0:off   1:off   2:on    3:on    4:off   5:on    6:off
network         0:off   1:off   2:off   3:on    4:off   5:off   6:off
sshd            0:off   1:off   2:off   3:on    4:off   5:off   6:off
xinetd          0:off   1:off   2:off   3:on    4:off   5:off   6:off


Security tcp connection protect 

reference: 
http://wiki.centos.org/HowTos/Network/SecuringSSH?highlight=%28hosts.deny%29#head-a296ec93e31637aa349538be07b37f67d836688a
%28hosts.deny%29#head-c6bf533e4f6de1ff3e13d556053fc40bc121e5cc

Using TCP Wrappers
TCP wrappers can provide a quick and easy method for controlling access to applications linked to them. Examples of TCP Wrapper aware applications are sshd, and portmap. A restrictive example is below. This example blocks everything but ssh.

echo "ALL:ALL" >> /etc/hosts.deny
echo "sshd:ALL" >> /etc/hosts.allow


[root@] ~]# cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
ALL:ALL
[root@] ~]# 
[root@] ~]# 
[root@] ~]# cat /etc/hosts.allow 
#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
#sshd:ALL                            # it works
#in.sshd:192.168.18.0/24:allow       # cannot work
#sshd:192.168.18.0/24                # cannot work
sshd:192.168.8.*
sshd:192.168.200.0/24


Disable IPV6(why?)
refer: 
recommend: 

[root@] ~]# cat /etc/modprobe.d/disable-ipv6.conf 
install ipv6 /bin/true

OR

Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1


[root@] ~]# // Then after reboot u system will no such driver module
[root@] ~]# lsmod  | grep "ipv6"
[root@] ~]# 
阅读(282) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~