【HCIA-openEuler】实验手册—07【openEuler系统及进程管理】
霍襦宗
一、实验介绍
1、内容描述
本实验主要介绍openEuler的计划任务、系统管理和服务管理等内容
2、实验目的
✔ 掌握系统任务管理方法;
✔ 掌握openEuler网络管理配置;
✔ 掌握openEuler系统服务管理。
二、任务管理
1、临时任务管理
步骤1:登录虚拟机
步骤2:执行如下命令添加单次任务,输入完成后按组合键Ctrl-D
[root@localhost ~]# at now+5min
warning: commands will be executed using /bin/sh
at> echo "aaa" >> /tmp/at.log
at> echo "bbb" >> /tmp/at.log
at> date >> /tmp/at.log
at> <EOT> #此处按Ctrl+D组合键
job 1 at Fri Dec 30 10:06:00 2022
[root@localhost ~]# at 22:00
warning: commands will be executed using /bin/sh
at> pwd >> /tmp/check.log
at> <EOT> #此处按Ctrl+D组合键
job 2 at Fri Dec 30 22:00:00 2022
[root@localhost ~]#
步骤3:执行如下命令查询任务列表
[root@localhost ~]# atq #左侧数字表示任务ID
1 Fri Dec 30 10:06:00 2022 a root
2 Fri Dec 30 22:00:00 2022 a root
[root@localhost ~]#
步骤4:执行如下命令查看任务详细信息
[root@localhost ~]# at -c 1
#!/bin/sh
# atrun uid=0 gid=0
# mail root 0
umask 77
SHELL=/bin/bash; export SHELL
HISTCONTROL=; export HISTCONTROL
HISTSIZE=1000; export HISTSIZE
HOSTNAME=localhost.localdomain; export HOSTNAME
HISTTIMEFORMAT=; export HISTTIMEFORMAT
GOMP_CPU_AFFINITY=0-1; export GOMP_CPU_AFFINITY
PWD=/root; export PWD
LOGNAME=root; export LOGNAME
XDG_SESSION_TYPE=tty; export XDG_SESSION_TYPE
HOME=/root; export HOME
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass; export SSH_ASKPASS
LANG=zh_CN.UTF-8; export LANG
PROMPT_COMMAND=openEuler_history; export PROMPT_COMMAND
SSH_CONNECTION=192.168.74.1\ 55378\ 192.168.74.136\ 22; export SSH_CONNECTION
XDG_SESSION_CLASS=user; export XDG_SESSION_CLASS
SELINUX_ROLE_REQUESTED=; export SELINUX_ROLE_REQUESTED
USER=root; export USER
SELINUX_USE_CURRENT_RANGE=; export SELINUX_USE_CURRENT_RANGE
SHLVL=1; export SHLVL
XDG_SESSION_ID=100; export XDG_SESSION_ID
XDG_RUNTIME_DIR=/run/user/0; export XDG_RUNTIME_DIR
SSH_CLIENT=192.168.74.1\ 55378\ 22; export SSH_CLIENT
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin; export PATH
SELINUX_LEVEL_REQUESTED=; export SELINUX_LEVEL_REQUESTED
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/0/bus; export DBUS_SESSION_BUS_ADDRESS
MAIL=/var/spool/mail/root; export MAIL
SSH_TTY=/dev/pts/0; export SSH_TTY
cd /root || {
echo 'Execution directory inaccessible' >&2
exit 1
}
${SHELL:-/bin/sh} << 'marcinDELIMITER47f020d3'
echo "aaa" >> /tmp/at.log
echo "bbb" >> /tmp/at.log
date >> /tmp/at.log
marcinDELIMITER47f020d3
[root@localhost ~]#
步骤5:执行如下命令删除临时任务
[root@localhost ~]# atrm 2 # 删除任务2
[root@localhost ~]# atq #若前述步骤操作的慢,可能导致此处查询没有任务
1 Fri Dec 30 10:06:00 2022 a root
[root@localhost ~]# cat /tmp/at.log #可以查看第一个临时任务执行结果
cat: /tmp/at.log: 没有那个文件或目录
[root@localhost ~]#
2、周期任务管理
执行如下步骤管理周期任务
[root@localhost ~]# crontab -l #查询系统当前用户的cron定时任务
no crontab for root
[root@localhost ~]# crontab -e #crontab 将会打开一个编辑器,请在编辑器中输入如下内容,保存退出
内容如下:
5 * * * * date >> /tmp/croncheck.log # 6个域,前5个是时间,第六个是命令
*/2 * * * * id >> /tmp/cronuser.log # minute hour day-of-month month-of-year day-of-week commands
#编辑完保存并退出
no crontab for root - using an empty one
crontab: installing new crontab
[root@localhost ~]# crontab -l #查询系统当前用户的cron定时任务
5 * * * * date >> /tmp/croncheck.log
*/2 * * * * id >> /tmp/cronuser.log
[root@localhost ~]# crontab -r #删除当前用户的所有计划任务
[root@localhost ~]# crontab -l
no crontab for root
[root@localhost ~]#
三、网络管理
1、主机名管理
步骤1:查看主机名
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# cat /etc/hostname #这个文件是主机名的配置文件
localhost.localdomain
[root@localhost ~]#
步骤2:临时修改主机名
[root@localhost ~]# hostname huawei #临时修改主机名,重启失效
[root@localhost ~]# hostname
huawei
[root@localhost ~]# bash #重新启动一个会话
Welcome to 4.19.90-2003.4.0.0036.oe1.x86_64
System information as of time: 2022年 12月 30日 星期五 10:21:24 CST
System load: 0.00
Processes: 182
Memory used: 22.7%
Swap used: 6.4%
Usage On: 35%
IP address: 192.168.74.136
Users online: 1
[root@huawei ~]# #可以看到前面的提示符里,主机名已经变成了huawei
[root@huawei ~]# exit
exit
[root@localhost ~]#
步骤3:永久修改主机名
方法1:此种方法不需要重启,重新登录即可
[root@localhost ~]# hostnamectl set-hostname huawei
[root@localhost ~]# exit
注销
Connection to 192.168.xxx.xxx closed.
PS C:\Users\Administrator> ssh root@192.168.xxx.xxx
Authorized users only. All activities may be monitored and reported.
root@192.168.xxx.xxx's password:
Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Fri Dec 30 10:33:23 2022 from 192.168.74.1
Welcome to 4.19.90-2003.4.0.0036.oe1.x86_64
System information as of time: 2022年 12月 30日 星期五 10:33:45 CST
System load: 0.00
Processes: 182
Memory used: 30.1%
Swap used: 0.0%
Usage On: 35%
IP address: 192.168.xxx.xxx
Users online: 1
[root@huawei ~]#
方法2:修改此文件中主机名,保存退出即可,需要重启才可以生效
[root@localhost ~]# vim /etc/hostname
[root@localhost ~]# reboot
2、网络管理
步骤1:使用IP命令修改网卡IP地址
[root@openEuler ~]# ip addr show #显示当前主机的IP信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:e2:47:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.30.121/24 brd 192.168.30.255 scope global dynamic noprefixroute enp0s3
valid_lft 86338sec preferred_lft 86338sec
inet6 fe80::8c0:1654:bb7e:dab4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
[root@openEuler ~]# ip addr add 192.168.110.100/24 dev enp0s3
[root@openEuler ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:e2:47:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.30.121/24 brd 192.168.30.255 scope global dynamic noprefixroute enp0s3
valid_lft 86317sec preferred_lft 86317sec
inet 192.168.110.100/24 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::8c0:1654:bb7e:dab4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
[root@openEuler ~]# ip addr del 192.168.110.100/24 dev enp0s3
[root@openEuler ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:e2:47:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.30.121/24 brd 192.168.30.255 scope global dynamic noprefixroute enp0s3
valid_lft 86295sec preferred_lft 86295sec
inet6 fe80::8c0:1654:bb7e:dab4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:91:98:6f brd ff:ff:ff:ff:ff:ff
[root@openEuler ~]#
步骤2:配置静态路由
[root@openEuler ~]# ip route
default via 192.168.30.1 dev enp0s3 proto dhcp metric 100
192.168.30.0/24 dev enp0s3 proto kernel scope link src 192.168.30.121 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
[root@openEuler ~]# ip route add 192.168.2.1 via 192.168.30.1 dev enp0s3
[root@openEuler ~]# ip route
default via 192.168.30.1 dev enp0s3 proto dhcp metric 100
192.168.2.1 via 192.168.30.1 dev enp0s3
192.168.30.0/24 dev enp0s3 proto kernel scope link src 192.168.30.121 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
[root@openEuler ~]#
步骤3:使用nmcli命令修改主机IP地址
[root@openEuler ~]# nmcli general status
STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN
已连接 完全 已启用 已启用 已启用 已启用
[root@openEuler ~]# nmcli connection show
NAME UUID TYPE DEVICE
enp0s3 e2738ebd-9f54-3f5c-bd7b-f7e5d255ec68 ethernet enp0s3
virbr0 0206fffd-0128-4497-a5f7-3c1342e9c517 bridge virbr0
[root@openEuler ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet 已连接 enp0s3
virbr0 bridge 已连接 virbr0
lo loopback 未托管 --
virbr0-nic tun 未托管 --
[root@openEuler ~]# nmcli con add type ethernet con-name net-static ifname enp0s3 ip4 192.168.30.122/24 gw4 192.168.30.1
连接 "net-static" (968f524e-33cd-4306-8eee-956657eb2b00) 已成功添加。
[root@openEuler ~]# nmcli con up net-static ifname enp0s3
步骤4:执行如下步骤使用nmcli命令配置静态路由
[root@openEuler ~]# nmcli connection modify enp0s3 +ipv4.routes "192.168.100.0/24 192.168.110.254"
步骤5:执行如下步骤通过修改ifcfg文件修改主机IP地址
[root@openEuler ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet #配置文件接口类型
PROXY_METHOD=none #代理方式
BROWSER_ONLY=no #只浏览
BOOTPROTO=dhcp #系统启动地址协议
DEFROUTE=yes #默认路由
IPV4_FAILURE_FATAL=no #是否一定要进行ipv4检查
IPV6INIT=yes #是否执行IPv6
IPV6_AUTOCONF=yes #IPv6自动配置
IPV6_DEFROUTE=yes #IPv6默认路由
IPV6_FAILURE_FATAL=no #是否一定要进行ipv6检查
IPV6_ADDR_GEN_MODE=stable-privacy #I Pv6地址生成方式
NAME=enp0s3 #网络连接的名字
UUID=e2738ebd-9f54-3f5c-bd7b-f7e5d255ec68 #设备UUID
ONBOOT=yes #随系统启动
AUTOCONNECT_PRIORITY=-999 #自动连接优先级
DEVICE=enp0s3 #物理设备的名字
[root@openEuler ~]#
配置网络时可以将dhcp修改成static或者none,然后增加如下信息:
IPADDR=192.168.30.122
NETMASK=255.255.255.0
GATEWAY=192.168.30.1
DNS1=114.114.114.114
如何生效
[root@openEuler ~]# ifdown ens33
[root@openEuler ~]# ifup ens33
步骤6:修改/etc/resolv.conf,用来指向DNS服务器地址
[root@openEuler ~]# dnf -y install bind-utils
Last metadata expiration check: 0:00:13 ago on 2022年12月30日 星期五 12时51分39秒.
Package bind-utils-32:9.11.4-13.oe1.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@openEuler ~]# vim /etc/resolv.conf
nameserver 192.168.74.2 #改文件的格式是nameserver IP,IP地址为DNS服务器IP.修改完成后保存退出
[root@openEuler ~]# nslookup openeuler.org
Server: 192.168.74.2
Address: 192.168.74.2#53
Non-authoritative answer:
Name: openeuler.org
Address: 49.0.231.109
[root@openEuler ~]# ping openeuler.org -c 3
PING openeuler.org (49.0.231.109) 56(84) bytes of data.
64 bytes from ecs-49-0-231-109.compute.hwclouds-dns.com (49.0.231.109): icmp_seq=1 ttl=128 time=9.73 ms
64 bytes from ecs-49-0-231-109.compute.hwclouds-dns.com (49.0.231.109): icmp_seq=2 ttl=128 time=10.2 ms
64 bytes from ecs-49-0-231-109.compute.hwclouds-dns.com (49.0.231.109): icmp_seq=3 ttl=128 time=19.9 ms
--- openeuler.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 9.728/13.274/19.904/4.691 ms
[root@openEuler ~]#
步骤7:修改/etc/hosts
[root@openEuler ~]# vim /etc/hosts #hosts是系统中一个负责IP地址与域名快速解析的文件,在最后新增一行,输入如下信息:
49.0.231.109 server #新增这一行,完成后保存退出
[root@openEuler ~]# ping server -c 3
PING server (49.0.231.109) 56(84) bytes of data.
64 bytes from server (49.0.231.109): icmp_seq=1 ttl=128 time=10.2 ms
64 bytes from server (49.0.231.109): icmp_seq=2 ttl=128 time=10.1 ms
64 bytes from server (49.0.231.109): icmp_seq=3 ttl=128 time=10.6 ms
--- server ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.107/10.302/10.586/0.205 ms
[root@openEuler ~]#
四、防火墙管理
步骤1:查看防火墙状态
[root@openEuler ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@openEuler ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-12-30 13:01:59 CST; 32min ago
Docs: man:firewalld(1)
Main PID: 2251 (firewalld)
Tasks: 2
Memory: 27.6M
CGroup: /system.slice/firewalld.service
└─2251 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
12月 30 13:01:58 openEuler systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 30 13:01:59 openEuler systemd[1]: Started firewalld - dynamic firewall daemon.
[root@openEuler ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all -- anywhere anywhere
LIBVIRT_FWI all -- anywhere anywhere
LIBVIRT_FWO all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- anywhere anywhere
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (3 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (3 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (3 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
ACCEPT all -- 192.168.122.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain LIBVIRT_INP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@openEuler ~]#
######iptables默认的规则链######
INPUT:处理入站数据包
OUTPUT:处理出站数据包
FORWARD:处理转发数据包
POSTROUTING链:在进行路由选择后处理数据包
PREROUTING链:在进行路由选择前处理数据包
步骤2:启动防火墙
[root@openEuler ~]# systemctl start firewalld.service #启动防火墙服务
[root@openEuler ~]# firewall-cmd --version #查看防火墙firewalld版本
0.6.2
[root@openEuler ~]# firewall-cmd --help #查看帮助
[root@openEuler ~]# firewall-cmd --state #查看运行状态
running
[root@openEuler ~]# firewall-cmd --list-all #查看防火墙配置信息
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33 ens36
sources:
services: ssh mdns dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@openEuler ~]#
步骤3:配置防火墙放通规则
[root@openEuler ~]# firewall-cmd --panic-on #拒绝所有包
success
[root@openEuler ~]# firewall-cmd --panic-off #取消拒绝所有包
success
[root@openEuler ~]# firewall-cmd --query-panic #更新防火墙规则,无需断开
no
[root@openEuler ~]# firewall-cmd --reload
success
[root@openEuler ~]# firewall-cmd --zone=public --add-interface=ens3 #将网口添加到区域,默认都在public
success
[root@openEuler ~]# firewall-cmd --set-default-zone=public #设置默认接口区域
success
[root@openEuler ~]# firewall-cmd --zone=public --permanent --add-port=22/tcp #打开22端口
success
[root@openEuler ~]# firewall-cmd --reload #重载防火墙
success
[root@openEuler ~]# firewall-cmd --list-port #查看开放的端口
22/tcp
[root@openEuler ~]# firewall-cmd --zone=public --add-service=http #打开一个服务
success
[root@openEuler ~]# systemctl restart firewalld.service
[root@openEuler ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33 ens36
sources:
services: ssh mdns dhcpv6-client
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@openEuler ~]#
五、服务管理
1、管理系统服务
步骤1:显示当前服务
[root@openEuler ~]# systemctl list-units --type service
UNIT LOAD ACTIVE SUB DESCRIPTION
atd.service loaded active running Deferred execution schedu
auditd.service loaded active running Security Auditing Service
bluetooth.service loaded active running Bluetooth service
chronyd.service loaded active running NTP client/server
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
dkms.service loaded active exited Builds and install new ke
dracut-shutdown.service loaded active exited Restore /run/initramfs on
firewalld.service loaded active running firewalld - dynamic firew
getty@tty1.service loaded active running Getty on tty1
gssproxy.service loaded active running GSSAPI Proxy Daemon
hwclock-save.service loaded active exited Update RTC With System Cl
irqbalance.service loaded active running irqbalance daemon
iscsi.service loaded active exited Login and scanning of iSC
kdump.service loaded active exited Crash recovery kernel arm
kmod-static-nodes.service loaded active exited Create list of static dev
libstoragemgmt.service loaded active running libstoragemgmt plug-in se
libvirtd.service loaded active running Virtualization daemon
● lm_sensors.service loaded failed failed Hardware Monitoring Senso
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lvm2-monitor.service loaded active exited Monitoring of LVM2 mirror
lvm2-pvscan@8:2.service loaded active exited LVM2 PV scan on device 8:
mdmonitor.service loaded active running MD array monitor
netcf-transaction.service loaded active exited Rollback uncommitted netc
NetworkManager-wait-online.service loaded active exited Network Manager Wait Onli
NetworkManager.service loaded active running Network Manager
pmcd.service loaded active running Performance Metrics Colle
pmie.service loaded active exited Performance Metrics Infer
pmlogger.service loaded active exited Performance Metrics Archi
polkit.service loaded active running Authorization Manager
rasdaemon.service loaded active running RAS daemon to log the RAS
restorecond.service loaded active running Restorecon maintaining pa
rngd.service loaded active running Hardware RNG Entropy Gath
rpc-statd-notify.service loaded active exited Notify NFS peers of a res
rpcbind.service loaded active running RPC Bind
rsyslog.service loaded active running System Logging Service
smartd.service loaded active running Self Monitoring and Repor
sshd.service loaded active running OpenSSH server daemon
sysstat.service loaded active exited Resets System Activity Lo
systemd-fsck-root.service loaded active exited File System Check on Root
systemd-fsck@dev-disk-by\x2duuid-efd1ba3e\x2d87aa\x2d4c30\x2d9c6a\x2d21026b385e73.service loaded active exited File >
systemd-fsck@dev-mapper-openeuler\x2dhome.service loaded active exited File System Check on /dev
systemd-journal-flush.service loaded active exited Flush Journal to Persiste
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-machined.service loaded active running Virtual Machine and Conta
systemd-networkd-wait-online.service loaded active exited Wait for Network to be Co
systemd-networkd.service loaded active running Network Service
systemd-random-seed.service loaded active exited Load/Save Random Seed
systemd-remount-fs.service loaded active exited Remount Root and Kernel F
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-timesyncd.service loaded active running Network Time Synchronizat
systemd-tmpfiles-setup-dev.service loaded active exited Create Static Device Node
systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and
systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
systemd-udevd.service loaded active running udev Kernel Device Manage
systemd-update-utmp.service loaded active exited Update UTMP about System
systemd-user-sessions.service loaded active exited Permit User Sessions
systemtap.service loaded active exited Run a configured list of
tuned.service loaded active running Dynamic System Tuning Dae
user-runtime-dir@0.service loaded active exited User Runtime Directory /r
user-runtime-dir@993.service loaded active exited User Runtime Directory /r
user@0.service loaded active running User Manager for UID 0
user@993.service loaded active running User Manager for UID 993
vdo.service loaded active exited VDO volume services
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
65 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
[root@openEuler ~]#
步骤2:显示服务状态,如防火墙服务
[root@openEuler ~]# systemctl status firewalld.service #查看服务状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-12-30 13:42:32 CST; 15min ago
Docs: man:firewalld(1)
Main PID: 11528 (firewalld)
Tasks: 2
Memory: 21.9M
CGroup: /system.slice/firewalld.service
└─11528 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
12月 30 13:47:39 openEuler firewalld[11528]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --dele>
[root@openEuler ~]# systemctl is-active firewalld.service #查看服务是否运行
active
[root@openEuler ~]# systemctl is-enabled firewalld.service #查看服务是否被启用
enabled
[root@openEuler ~]#
步骤3:终止服务,如防火墙服务
[root@openEuler ~]# systemctl stop firewalld.service
[root@openEuler ~]# systemctl is-active firewalld.service
inactive
[root@openEuler ~]#
步骤4:重启服务,如防火墙
[root@openEuler ~]# systemctl restart firewalld.service
[root@openEuler ~]# systemctl is-active firewalld.service
active
步骤5:禁用服务,如防火墙
[root@openEuler ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@openEuler ~]# systemctl is-enabled firewalld.service
disabled
[root@openEuler ~]#
步骤6:启用服务,如防火墙
[root@openEuler ~]# systemctl enable firewalld.service
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@openEuler ~]# systemctl is-enabled firewalld.service
enabled
[root@openEuler ~]#
类似资料: