linux相关命令

centos7防火墙不再采用iptables命令，改用firewalld

禁用防火墙命令：

# systemctl stop firewalld.service # systemctl disable firewalld.service # systemctl status firewalld.service 启动一个服务：systemctl start firewalld.service 关闭一个服务：systemctl stop firewalld.service 重启一个服务：systemctl restart firewalld.service 显示一个服务的状态：systemctl status firewalld.service 在开机时启用一个服务：systemctl enable firewalld.service 在开机时禁用一个服务：systemctl disable firewalld.service 查看服务是否开机启动：systemctl is-enabled firewalld.service;echo $? 查看已启动的服务列表：systemctl list-unit-files|grep enabled

防火墙设置

远程访问 MySQL， 需开放默认端口号 3306.

方式1：iptables（CentOS 7.x版本之前用法，不推荐）

打开 iptables 的配置文件：

vi /etc/sysconfig/iptables

修改

*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

在里面加入这2行：

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 3306 -j ACCEPT

改为

*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

如果该 iptables 配置文件 不存在，先执行 yum install iptables-services 安装

执行 iptables 重启生效

service iptables restart

方式2：firewall-cmd（推荐）

执行

firewall-cmd --permanent --zone=public --add-port=3306/tcp firewall-cmd --permanent --zone=public --add-port=3306/udp

这样就开放了相应的端口。

执行

firewall-cmd --reload

使最新的防火墙设置规则生效。

MySQL 安全设置

服务器启动后，可以执行

mysql_secure_installation;

看到如下提示

[root@bogon software]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): CREATE DATABASE IF NOT EXISTS yourdbname DEFAULT CHARSET utf8 COLLATE utf8_general_ci;  创建数据库指定字符集

1 Tomcat的端口被占用

              解决方法：for i in `ps aux|grep -v "grep"|grep                    tomcat|awk '{print$2}'`;do kill -9 $i ;done 这个命令可以杀死所有Tomcat的进程。

lsof -i :8009|grep -v "PID"|awk '{print "kill -9",$$2}'|sh这个命令可以杀死对应的端口进程。