阿里云centos6.8 服务器安全服务配置

摘要：公钥登录开启防火墙新端口号在这个范围内即可，如先查看下服务器端口号范围修改端口重启阿里云安装组里面设置入网可访问端口安装下载本质上和是一个公司的解压按顺序安装不需要全部安装

leishendeMBP:www leishen$ ssh-keygen -t rsa
leishendeMBP:www leishen$ cat ~/.ssh/id_rsa.pub | ssh root@39.106.74.195 "cat - >> ~/.ssh/authorized_keys"

[root@lei ~]# ls /etc/sysconfig/iptables*
/etc/sysconfig/iptables-config
[root@lei ~]# iptables -F
[root@lei ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@lei ~]# ls /etc/sysconfig/iptables*
/etc/sysconfig/iptables  /etc/sysconfig/iptables-config

先查看下服务器端口号范围：

[root@lei ~]# sysctl -a|grep ip_local_port_range
net.ipv4.ip_local_port_range = 32768    60999

修改端口重启

vim /etc/ssh/sshd_config
service sshd restart

阿里云安装组里面设置入网可访问端口

下载

https://dev.mysql.com/downloa...
centos本质上和red hat是一个公司的

解压

tar -xvf mysql-5.7.20-1.el6.x86_64.rpm-bundle.tar

按顺序安装（不需要全部安装）

[root@ lei xx]# rpm -ivh mysql-community-common-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-common-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-common ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-libs-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-libs-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-libs   ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-client-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-client-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-client ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-server-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-server-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-server ########################################### [100%]
[root@ lei xx]# rpm -ivh mysql-community-devel-5.7.20-1.el6.x86_64.rpm
warning: mysql-community-devel-5.7.20-1.el6.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                ########################################### [100%]
   1:mysql-community-devel  ########################################### [100%]

启动Mysql服务

[root@lei xx]# /usr/bin/mysqld --initialize --user=mysql
-bash: /usr/bin/mysqld: No such file or directory
[root@lei xx]# service mysqld start
Initializing MySQL database:                               [  OK  ]
Starting mysqld:                                           [  OK  ]

修改管理员密码

查看安装日志中分配的密码

[root@lei xx]# grep "temporary password" /var/log/mysqld.log
2017-11-09T10:59:41.877594Z 1 [Note] A temporary password is generated for root@localhost: fKrsw2Xh
[root@lei xx]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.20

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type "help;" or "h" for help. Type "c" to clear the current input statement.

mysql>

修改密码

ALTER USER "root"@"localhost" IDENTIFIED BY "1234560";  

密码必须包含大写字母小写字母数字和符号，不然会提示：ERROR 1819 (HY000): Your password does not satisfy the current policy requirements（您的密码不符合当前的安全策略要求）

mysql> ALTER USER "root"@"localhost" IDENTIFIED BY "qvWjYnE8";
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql>

修改成功

mysql> ALTER USER "root"@"localhost" IDENTIFIED BY "L)2X4r4B2iz4";
Query OK, 0 rows affected (0.00 sec)

开启远程登录，授权远程登录用户

grant all privileges on . to "用户名"@"%" identified by "密码" withg rant option;

mysql -uroot -proot -e "grant all privileges on . to "root"@"%" identified by "1334676" with grant option;"

开机启动

[root@lei ~]# chkconfig --list | grep mysqld
mysqld             0:off    1:off    2:off    3:on    4:on    5:on    6:off
[root@lei ~]# chkconfig mysqld on
[root@lei ~]# chkconfig --list | grep mysqld
mysqld             0:off    1:off    2:on    3:on    4:on    5:on    6:off

设置编码

vim /etc/my.cnf
在[mysqld]下新增一行，添加character-set-server= utf8mb4，保存

查看字符集

show variables like "%character%";

character_set_client    utf8
character_set_connection    utf8
character_set_database    utf8mb4
character_set_filesystem    binary
character_set_results    utf8
character_set_server    utf8mb4
character_set_system    utf8
character_sets_dir    /usr/share/mysql/charsets/

[root@aider soft]# rpm -ivh http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.10.1-1.el6.ngx.x86_64.rpm
Retrieving http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.10.1-1.el6.ngx.x86_64.rpm
warning: /var/tmp/rpm-tmp.gnEGo7: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Preparing...                ########################################### [100%]
   1:nginx                  ########################################### [100%]
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

Commercial subscriptions for nginx are available on:
* http://nginx.com/products/

----------------------------------------------------------------------

安装

[root@aider soft]# yum -y install nginx
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
....
Updated:
  nginx.x86_64 0:1.10.2-1.el6

Complete!

目录

[root@aider conf.d]# cd /etc/nginx/
[root@aider nginx]# ls
conf.d     fastcgi.conf          fastcgi_params          koi-utf  mime.types          nginx.conf          scgi_params          uwsgi_params          win-utf
default.d  fastcgi.conf.default  fastcgi_params.default  koi-win  mime.types.default  nginx.conf.default  scgi_params.default  uwsgi_params.default

启动

[root@aider nginx]# service nginx start
Starting nginx: nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
                                                           [FAILED
[root@aider nginx]# cd conf.d/
[root@aider conf.d]# ls
default.conf  ssl.conf  virtual.conf
[root@aider conf.d]# mv default.conf default
[root@aider conf.d]# service nginx start
Starting nginx:                                            [  OK  ]
[root@aider conf.d]#