事情是这样的
出生于2009年的高贵的CentOS7.9已经要停止维护了
大人,食大便了
然而作为牛马实习生的我,用惯了5.x和6.x内核的Debian和Ubuntu,但ld只会用CentOS7.9(他在口嗨),还是内核3.10那种,于是乎开始恶补相关知识
但是呢,在网上很多很多很多博客的源、教程都已经过时了,在折腾一天之后终于忍不住了,不行!我一定要拿小本本记下来,不然我下次还得找!
CentOS 换源
清华源
sed -e "s|^mirrorlist=|#mirrorlist=|g" \
-e "s|^#baseurl=http://mirror.centos.org/centos/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-e "s|^#baseurl=http://mirror.centos.org/\$contentdir/\$releasever|baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009|g" \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo
EPEL 换源
暂时tuna源为不可用状态,还是用我自己的吧
sudo sed -e 's!^metalink=!#metalink=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
-e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
-i /etc/yum.repos.d/epel{,-testing}.repo
LD给的老黄历
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh http://repo.mysql.com/mysql-community-release-el7.rpm
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/ius/ius-release-el7.rpm
rpm -ivh http://repo.webtatic.com/yum/el7/webtatic-release.rpm
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
软件安装
Wireguard
Wireguard – Installation
这里有高贵的三种方法
Method 1: a signed module is available as built-in to CentOS’s kernel-plus:
sudo yum install yum-utils epel-release
sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
sudo yum install kernel-plus wireguard-tools
sudo reboot
Method 2: users wishing to stick with the standard kernel may use ELRepo’s pre-built module:
sudo yum install epel-release elrepo-release
sudo yum install yum-plugin-elrepo
sudo yum install kmod-wireguard wireguard-tools
【推荐/RECOMMEND】Method 3: users running non-standard kernels may wish to use the DKMS package instead:
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools
不过对于大多数机器,要全程换源,太难受了,还是用自建源吧,如果第一步安装epel都跑不通那请先对centos进行换源
sudo yum install epel-release elrepo-release -y
sudo sed -e 's!^metalink=!#metalink=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!https\?://download\.fedoraproject\.org/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
-e 's!https\?://download\.example/pub/epel!https://mirrors.0e7.cn/pub/archive/epel!g' \
-i /etc/yum.repos.d/epel{,-testing}.repo
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://mirrors.0e7.cn/copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo sed -i "s/download.copr.fedorainfracloud.org/mirrors.0e7.cn/g" etc/yum.repos.d/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools -y
Docker
# sudo yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+https://download.docker.com+https://mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker
防火墙
切换firewall为iptables
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services
systemctl enable iptables
清空防火墙规则
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
mkdir -p /etc/sysconfig/
service iptables save
iptables-save > /etc/sysconfig/iptables
写在最后
推友:你们搞安全的最后真的会变成运维吗?
我:😭还真是