檢查 SELinux 設定,預設啟用
[doraemon@centos8-gui ~]$ getenforce
Enforcing
[doraemon@centos8-gui ~]$ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
檢查防火牆設定,預設啟用,預設允許的服務有 ssh、dhcp-client、cockpit
[doraemon@centos8-gui ~]$ sudo systemctl status firewalld
[sudo] password for doraemon:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset>
Active: active (running) since Sun 2019-09-29 14:45:38 CST; 28min ago
Docs: man:firewalld(1)
Main PID: 984 (firewalld)
Tasks: 2 (limit: 23858)
Memory: 34.2M
CGroup: /system.slice/firewalld.service
└─984 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
9月 29 14:45:37 centos8-gui.lab.example.com systemd[1]: Starting firewalld - dynami>
9月 29 14:45:38 centos8-gui.lab.example.com systemd[1]: Started firewalld - dynamic>
[doraemon@centos8-gui ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
看到防火牆已經允許了 cockpit 服務了,那看一下此服務目前的執行狀態如何?
[doraemon@centos8-gui ~]$ sudo systemctl status cockpit.socket
● cockpit.socket - Cockpit Web Service Socket
Loaded: loaded (/usr/lib/systemd/system/cockpit.socket; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:cockpit-ws(8)
Listen: [::]:9090 (Stream)
代表我們只要對 cockpit.socket 立即啟用,即可使用。
[doraemon@centos8-gui ~]$ sudo systemctl enable --now cockpit.socket
Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.
[doraemon@centos8-gui ~]$ sudo systemctl status cockpit.socket
● cockpit.socket - Cockpit Web Service Socket
Loaded: loaded (/usr/lib/systemd/system/cockpit.socket; enabled; vendor preset: disabled)
Active: active (listening) since Sun 2019-09-29 15:43:36 CST; 6s ago
Docs: man:cockpit-ws(8)
Listen: [::]:9090 (Stream)
Process: 32380 ExecStartPost=/bin/ln -snf active.motd /run/cockpit/motd (code=exited, status=0/SUCCESS)
Process: 32371 ExecStartPost=/usr/share/cockpit/motd/update-motd localhost (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 23858)
Memory: 1.2M
CGroup: /system.slice/cockpit.socket
9月 29 15:43:36 centos8-gui.lab.example.com systemd[1]: Starting Cockpit Web Service Socket.
9月 29 15:43:36 centos8-gui.lab.example.com systemd[1]: Listening on Cockpit Web Service Socket.
輸入帳號密碼,按下登入
即可用圖形的方式看到主機概況
接下來繼續透過 yum repolist 來看看內建有哪些軟體庫可以使用
[doraemon@centos8-gui ~]$ yum repolist
上次中介資料過期檢查:0:42:49 以前,時間點為 西元2019年09月29日 (週日) 15時08分13秒。
軟體庫 ID 軟體庫名稱 狀態
AppStream CentOS-8 - AppStream 4,928
BaseOS CentOS-8 - Base 2,713
extras CentOS-8 - Extras 3
看看有哪些模組可供安裝
[doraemon@centos8-gui ~]$ yum module list
上次中介資料過期檢查:0:44:26 以前,時間點為 西元2019年09月29日 (週日) 15時08分13秒。
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 389 Directory Server (base)
ant 1.10 [d] common [d] Java build tool
container-tools 1.0 common [d] Common tools and dependencies for container runtimes
container-tools rhel8 [d][e] common [d] Common tools and dependencies for container runtimes
freeradius 3.0 [d] server [d] High-performance and highly configurable free RADIUS se
rver
gimp 2.8 [d] common [d], devel gimp module
go-toolset rhel8 [d] common [d] Go
httpd 2.4 [d] common [d], devel, minimal Apache HTTP Server
idm DL1 common [d], adtrust, client The Red Hat Enterprise Linux Identity Management system
, dns, server module
idm client [d] common [d] RHEL IdM long term support client module
inkscape 0.92.3 [d] common [d] Vector-based drawing program using SVG
javapackages-runtime 201801 [d] common [d] Basic runtime utilities to support Java applications
libselinux-python 2.8 common Python 2 bindings for libselinux
llvm-toolset rhel8 [d][e] common [d] LLVM
mailman 2.1 [d] common [d] Electronic mail discussion and e-newsletter lists manag
ing software
mariadb 10.3 [d] client, server [d], galera MariaDB Module
maven 3.5 [d] common [d] Java project management and project comprehension tool
mercurial 4.8 [d] common [d] Mercurial -- a distributed SCM
mod_auth_openidc 2.3 Apache module suporting OpenID Connect authentication
mysql 8.0 [d] client, server [d] MySQL Module
nginx 1.14 [d] common [d] nginx webserver
nodejs 10 [d] common [d], development, mi Javascript runtime
nimal, s2i
parfait 0.5 common Parfait Module
perl 5.24 common [d], minimal Practical Extraction and Report Language
perl 5.26 [d] common [d], minimal Practical Extraction and Report Language
perl-App-cpanminus 1.7044 [d] common [d] Get, unpack, build and install CPAN modules
perl-DBD-MySQL 4.046 [d] common [d] A MySQL interface for Perl
perl-DBD-Pg 3.7 [d] common [d] A PostgreSQL interface for Perl
perl-DBD-SQLite 1.58 [d][e] common [d] SQLite DBI driver
perl-DBI 1.641 [d][e] common [d] A database access API for Perl
perl-FCGI 0.78 [d] common [d] FastCGI Perl bindings
perl-YAML 1.24 [d] common [d] Perl parser for YAML
php 7.2 [d] common [d], devel, minimal PHP scripting language
pki-core 10.6 PKI Core
pki-deps 10.6 PKI Dependencies
postgresql 10 [d] client, server [d] PostgreSQL server and client module
postgresql 9.6 client, server [d] PostgreSQL server and client module
python27 2.7 [d] common [d] Python programming language, version 2.7
python36 3.6 [d][e] common [d], build Python programming language, version 3.6
redis 5 [d] common [d] Redis persistent key-value database
rhn-tools 1.0 [d] common [d] Red Hat Satellite 5 tools for RHEL
ruby 2.5 [d] common [d] An interpreter of object-oriented scripting language
rust-toolset rhel8 [d] common [d] Rust
satellite-5-client 1.0 [d][e] common [d], gui Red Hat Satellite 5 client packages
scala 2.10 [d] common [d] A hybrid functional/object-oriented language for the JV
M
squid 4 [d] common [d] Squid - Optimising Web Delivery
subversion 1.10 [d] common [d], server Apache Subversion
swig 3.0 [d] common [d], complete Connects C/C++/Objective C to some high-level programmi
ng languages
varnish 6 [d] common [d] Varnish HTTP cache
virt rhel [d][e] common [d] Virtualization module
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
由此得知,透過內建的軟體庫,可以安裝 Apache (httpd) 2.4、MariaDB 10.3、MySQL 8.0、PHP 7.2。
來跑一下更新吧!
[doraemon@centos8-gui ~]$ sudo yum check-update
[doraemon@centos8-gui ~]$ sudo yum update -y
[sudo] password for doraemon:
上次中介資料過期檢查:0:07:45 以前,時間點為 西元2019年09月29日 (週日) 15時59分26秒。
依賴關係解析完畢。
無事可做。
完成!
[doraemon@centos8-gui ~]$ sudo systemctl reboot