服务器基本信息

主机名 操作系统位数 CPU型号 CPU个数 CPU核数 共计内存/G 硬件型号 系统版本
localhost.localdomain x86_64 Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz 2 1 3 VMware Virtual Platform

现有用户信息

用户 密码 UID GID 描述 主目录 Bash 可登录 最近修改密码 密码过期密码 密码失效密码 帐户过期时间 密码最大使用天数
root x 0 0 root /root /bin/bash 从不 从不 从不 从不 99999
bin x 1 1 bin /bin /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
daemon x 2 2 daemon /sbin /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
adm x 3 4 adm /var/adm /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
lp x 4 7 lp /var/spool/lpd /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
sync x 5 0 sync /sbin /bin/sync 3月 14, 2021 从不 从不 从不 99999
shutdown x 6 0 shutdown /sbin /sbin/shutdown 3月 14, 2021 从不 从不 从不 99999
halt x 7 0 halt /sbin /sbin/halt 3月 14, 2021 从不 从不 从不 99999
mail x 8 12 mail /var/spool/mail /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
operator x 11 0 operator /root /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
games x 12 100 games /usr/games /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
ftp x 14 50 FTP User /var/ftp /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
nobody x 65534 65534 Kernel Overflow User / /sbin/nologin 3月 14, 2021 从不 从不 从不 99999
dbus x 81 81 System message bus / /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
systemd-coredump x 999 997 systemd Core Dumper / /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
systemd-resolve x 193 193 systemd Resolver / /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
tss x 59 59 Account used for TPM access /dev/null /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
polkitd x 998 996 User for polkitd / /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
libstoragemgmt x 997 994 daemon account for libstoragemgmt /var/run/lsm /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
sssd x 996 992 User for sssd / /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
cockpit-ws x 995 991 User for cockpit web service /nonexisting /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
cockpit-wsinstance x 994 990 User for cockpit-ws instances /nonexisting /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
chrony x 993 989 /var/lib/chrony /sbin/nologin 5月 15, 2024 从不 从不 从不 -1
sshd x 74 74 Privilege-separated SSH /var/empty/sshd /sbin/nologin 5月 15, 2024 从不 从不 从不 -1

==不应存在除root之外UID为0的用户:====sudo userdel –r== ==username==

新建用户密码信息(只对新创建的用户账户有效)

用户更改密码之间的最小天数 用户密码的最大有效期 在密码过期之前发出警告的天数 新创建的文件和目录的默认权限掩码 加密用户密码的方法
0 99999 7 022 SHA512

安全加固方案(参考配置):

  1. 执行备份:cp -p /etc/login.defs /etc/login.defs_bak

  2. 修改策略设置,编辑文件 /etc/login.defs(vi /etc/login.defs),在文件中加入如下内容

    PASS_MAX_DAYS 90

    PASS_WARN_AGE 7

    执行命令:change-M 90 -W 7 username修改已有用户的口令生存期和过期告警天数。

密码复杂度策略(/etc/security/pwquality.conf)

最小长度 数字字符位数 大写字母位数 小写字母位数 特殊符号位数 最小类别数量 重复字符最大位数 连续重复字符位数

安全加固方案(参考配置):

  1. 执行备份: cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf_bak
  2. 执行命令:authconfig - -passminlen=8 - -passminclass=3 - -update #至少包含数字、小写字母、大写字母、特殊字符中的三项,且长度≥8
  3. 执行命令 change -d 0 username #强制指定的用户下次登录修改密码

sshd_config安全配置信息

是否可以root登录 是否允许密码进行验证 是否允许空密码进行认证 版本协议 关闭连接之前允许的最大身份验证尝试次数
true true false SSHV2 6

安全加固方案(参考配置):

  1. 执行命令:vi /etc/ssh/sshd_config 找到Port 讲其后方的 22 改为其他端口号,然后删掉前方的 # 取消该行的注释(端口号最好取10000-65535之间的端口号,10000以下容易被系统或一些特殊软件占用)
  2. 执行命令:semanage port -a -t ssh_port -p tcp 修改后的 端口号,讲修改后的端口添加到SELinux开放给ssh使用的端口
  3. 执行命令:firewall -cmd - -zone=public - -add-port=ssh端口号/tcp - -permanent,防火墙放行刚修改的ssh端口号
  4. 执行命令:systemctl restart sshd;systemctl restart firewalld 重启ssh和防火墙,使配置生效

端口开放状态

协议 状态 监听地址 进程信息
udp UNCONN [fe80::250:56ff:fead:2c6b]%ens192:546 users:((“NetworkManager”,pid=995,fd=25))

重要文件信息

文件 权限 大小(字节) 所属用户 所属组 最后访问时间 最后修改时间
/etc/passwd 644 1227 root root 2024-07-01 11:24:58.718653517 +0800 2024-05-15 19:16:08.803795012 +0800
/etc/shadow 0 723 root root 2024-07-01 11:25:53.310655786 +0800 2024-05-15 19:19:17.959130581 +0800
/etc/group 644 611 root root 2024-07-01 11:24:58.449653506 +0800 2024-05-15 19:31:16.191684534 +0800
/etc/rsyslog.conf
/etc/sudoers 440 4328 root root 2024-07-01 11:26:37.392657618 +0800 2022-04-20 16:44:39.000000000 +0800
/etc/hosts.allow
/etc/hosts.deny
/etc/ssh/sshd_config 600 4269 root root 2024-07-01 11:25:04.974653777 +0800 2022-04-12 15:26:41.000000000 +0800
/etc/pam.d/sshd 644 727 root root 2024-07-01 11:26:36.374657576 +0800 2022-04-12 15:26:41.000000000 +0800
/etc/pam.d/passwd 644 168 root root 2024-07-01 11:26:37.246657612 +0800 2022-04-20 07:49:34.000000000 +0800
/var/log/messages
/var/log/audit/audit.log 600 5470424 root root 2024-07-01 11:51:10.459718837 +0800 2024-07-01 11:51:12.322718914 +0800
/etc/security/pwquality.conf 644 2674 root root 2024-07-01 11:26:37.011657602 +0800 2020-08-03 18:30:48.000000000 +0800
/usr/lib64/security/pam_pwquality.so 755 11720 root root 2024-07-01 11:25:53.232655783 +0800 2021-05-19 10:44:55.000000000 +0800
/etc/resolv.conf 644 105 root root 2024-07-01 11:25:08.591653928 +0800 2024-07-01 11:25:08.585653927 +0800
/etc/fstab 644 579 root root 2024-05-15 19:27:07.412674195 +0800 2024-05-15 19:14:25.551882798 +0800
/etc/sysctl.conf 644 449 root root 2024-07-01 11:24:58.282653499 +0800 2022-05-09 14:51:39.000000000 +0800
/etc/selinux/config 644 548 root root 2024-07-01 11:24:58.184653495 +0800 2024-05-15 19:15:30.098316808 +0800
/etc/sysctl.conf 644 449 root root 2024-07-01 11:24:58.282653499 +0800 2022-05-09 14:51:39.000000000 +0800
/etc/audit/auditd.conf 640 882 root root 2024-07-01 11:25:00.518653592 +0800 2022-05-10 21:26:18.000000000 +0800

基线符合性性判定依据一般可以依据以下内容:

/etc/passwd文件的权限<=644

/etc/shadow文件的权限<=600

/etc/group文件的权限<=644

/etc/gshadow文件的权限<=600

/etc/hosts.deny文件的权限<=644

/etc/hosts.allow文件的权限<=644

/etc/services文件的权限<=644

/etc/ssh/sshd config文件的权限<=600

修复示例:使用chmod 664 /etc/passwd 修改

防火墙/selinux状态

名称 状态
firewalld active
selinux enforcing

防火墙策略

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

地址限制

/etc/hosts.allow:

/etc/hosts.deny:

网卡信息

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.160  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fd37:c557:65a6:0:250:56ff:fead:2c6b  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:56ff:fead:2c6b  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:ad:2c:6b  txqueuelen 1000  (Ethernet)
        RX packets 17457  bytes 1515549 (1.4 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 9160  bytes 1435359 (1.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 12  bytes 1020 (1020.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12  bytes 1020 (1020.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

磁盘信息

文件系统             容量  已用  可用 已用% 挂载点
devtmpfs             1.9G     0  1.9G    0% /dev
tmpfs                1.9G     0  1.9G    0% /dev/shm
tmpfs                1.9G  8.7M  1.9G    1% /run
tmpfs                1.9G     0  1.9G    0% /sys/fs/cgroup
/dev/mapper/rl-root   46G  4.1G   41G   10% /
/dev/sda1           1014M  188M  827M   19% /boot
tmpfs                374M     0  374M    0% /run/user/0

DNS配置信息(/etc/resolv.conf已去除注释行)

nameserver 8.8.8.8
nameserver 114.114.114.114
nameserver fd37:c557:65a6::1

/etc/sudoers

Defaults   !visiblepw
Defaults    always_set_home
Defaults    match_group_by_gid
Defaults    always_query_group_plugin
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)   ALL
%wheel  ALL=(ALL)   ALL

etc/rsyslog.conf(已去除注释行)

/etc/pam.d/sshd(已去除注释行)

auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin

/etc/pam.d/system-auth(已去除注释行)

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so
account     required      pam_unix.so
password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

/etc/pam.d/passwd(已去除注释行)

password   substack  system-auth
-password   optional    pam_gnome_keyring.so use_authtok
password   substack postlogin

/etc/security/pwquality.conf(已去除注释行)

正在运行的进程

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.2  0.3 175160 13400 ?        Ss   11:24   0:03 /usr/lib/systemd/systemd --switched-root --system --deserialize 17
root           2  0.0  0.0      0     0 ?        S    11:24   0:00 [kthreadd]
root           3  0.0  0.0      0     0 ?        I<   11:24   0:00 [rcu_gp]
root           4  0.0  0.0      0     0 ?        I<   11:24   0:00 [rcu_par_gp]
root           6  0.0  0.0      0     0 ?        I<   11:24   0:00 [kworker/0:0H-events_highpri]
root           9  0.0  0.0      0     0 ?        I<   11:24   0:00 [mm_percpu_wq]
root          10  0.0  0.0      0     0 ?        S    11:24   0:00 [rcu_tasks_rude_]
root          11  0.0  0.0      0     0 ?        S    11:24   0:00 [rcu_tasks_trace]
root          12  0.0  0.0      0     0 ?        S    11:24   0:00 [ksoftirqd/0]
root          13  0.0  0.0      0     0 ?        I    11:24   0:00 [rcu_sched]
root          14  0.0  0.0      0     0 ?        S    11:24   0:00 [migration/0]
root          15  0.0  0.0      0     0 ?        S    11:24   0:00 [watchdog/0]
root          16  0.0  0.0      0     0 ?        S    11:24   0:00 [cpuhp/0]
root          17  0.0  0.0      0     0 ?        S    11:24   0:00 [cpuhp/1]
root          18  0.0  0.0      0     0 ?        S    11:24   0:00 [watchdog/1]
root          19  0.0  0.0      0     0 ?        S    11:24   0:00 [migration/1]
root          20  0.0  0.0      0     0 ?        S    11:24   0:00 [ksoftirqd/1]
root          22  0.0  0.0      0     0 ?        I<   11:24   0:00 [kworker/1:0H-events_highpri]
root          25  0.0  0.0      0     0 ?        S    11:24   0:00 [kdevtmpfs]
root          26  0.0  0.0      0     0 ?        I<   11:24   0:00 [netns]
root          27  0.0  0.0      0     0 ?        S    11:24   0:00 [kauditd]
root          28  0.0  0.0      0     0 ?        S    11:24   0:00 [khungtaskd]
root          29  0.0  0.0      0     0 ?        S    11:24   0:00 [oom_reaper]
root          30  0.0  0.0      0     0 ?        I<   11:24   0:00 [writeback]
root          31  0.0  0.0      0     0 ?        S    11:24   0:00 [kcompactd0]
root          32  0.0  0.0      0     0 ?        SN   11:24   0:00 [ksmd]
root          33  0.0  0.0      0     0 ?        SN   11:24   0:00 [khugepaged]
root          34  0.0  0.0      0     0 ?        I<   11:24   0:00 [crypto]
root          35  0.0  0.0      0     0 ?        I<   11:24   0:00 [kintegrityd]
root          36  0.0  0.0      0     0 ?        I<   11:24   0:00 [kblockd]
root          37  0.0  0.0      0     0 ?        I<   11:24   0:00 [blkcg_punt_bio]
root          38  0.0  0.0      0     0 ?        I<   11:24   0:00 [tpm_dev_wq]
root          39  0.0  0.0      0     0 ?        I<   11:24   0:00 [md]
root          40  0.0  0.0      0     0 ?        I<   11:24   0:00 [edac-poller]
root          41  0.0  0.0      0     0 ?        S    11:24   0:00 [watchdogd]
root          42  0.0  0.0      0     0 ?        I<   11:24   0:00 [kworker/0:1H-xfs-log/dm-0]
root          75  0.0  0.0      0     0 ?        S    11:24   0:00 [kswapd0]
root         178  0.0  0.0      0     0 ?        I<   11:24   0:00 [kthrotld]
root         179  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/24-pciehp]
root         180  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/25-pciehp]
root         181  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/26-pciehp]
root         182  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/27-pciehp]
root         183  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/28-pciehp]
root         184  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/29-pciehp]
root         185  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/30-pciehp]
root         186  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/31-pciehp]
root         187  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/32-pciehp]
root         188  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/33-pciehp]
root         189  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/34-pciehp]
root         190  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/35-pciehp]
root         191  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/36-pciehp]
root         192  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/37-pciehp]
root         193  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/38-pciehp]
root         194  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/39-pciehp]
root         195  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/40-pciehp]
root         196  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/41-pciehp]
root         197  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/42-pciehp]
root         198  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/43-pciehp]
root         199  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/44-pciehp]
root         200  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/45-pciehp]
root         201  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/46-pciehp]
root         202  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/47-pciehp]
root         203  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/48-pciehp]
root         204  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/49-pciehp]
root         205  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/50-pciehp]
root         206  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/51-pciehp]
root         207  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/52-pciehp]
root         208  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/53-pciehp]
root         209  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/54-pciehp]
root         210  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/55-pciehp]
root         211  0.0  0.0      0     0 ?        I<   11:24   0:00 [acpi_thermal_pm]
root         212  0.0  0.0      0     0 ?        I<   11:24   0:00 [kmpath_rdacd]
root         213  0.0  0.0      0     0 ?        I<   11:24   0:00 [kaluad]
root         215  0.0  0.0      0     0 ?        I<   11:24   0:00 [ipv6_addrconf]
root         216  0.0  0.0      0     0 ?        I<   11:24   0:00 [kstrp]
root         219  0.0  0.0      0     0 ?        I<   11:24   0:00 [kworker/1:1H-xfs-log/dm-0]
root         503  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_0]
root         504  0.0  0.0      0     0 ?        I<   11:24   0:00 [ata_sff]
root         505  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_1]
root         506  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_0]
root         507  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_1]
root         508  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_2]
root         509  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_3]
root         510  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_2]
root         511  0.0  0.0      0     0 ?        I<   11:24   0:00 [vmw_pvscsi_wq_0]
root         512  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_4]
root         513  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_3]
root         514  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_4]
root         515  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_5]
root         516  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_5]
root         517  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_6]
root         518  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_6]
root         519  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_7]
root         520  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_7]
root         521  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_8]
root         522  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_8]
root         523  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_9]
root         524  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_9]
root         525  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_10]
root         526  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_10]
root         527  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_11]
root         528  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_11]
root         529  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_12]
root         530  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_12]
root         531  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_13]
root         532  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_13]
root         533  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_14]
root         534  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_14]
root         535  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_15]
root         536  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_15]
root         537  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_16]
root         538  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_16]
root         539  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_17]
root         540  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_17]
root         541  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_18]
root         542  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_18]
root         543  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_19]
root         544  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_19]
root         545  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_20]
root         546  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_20]
root         547  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_21]
root         548  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_21]
root         549  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_22]
root         550  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_22]
root         552  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_23]
root         555  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_23]
root         556  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_24]
root         557  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_24]
root         558  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_25]
root         559  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_25]
root         560  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_26]
root         561  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_26]
root         562  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_27]
root         564  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_27]
root         568  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_28]
root         569  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_28]
root         570  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_29]
root         571  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_29]
root         572  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_30]
root         573  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_30]
root         574  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_31]
root         575  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_31]
root         576  0.0  0.0      0     0 ?        S    11:24   0:00 [scsi_eh_32]
root         578  0.0  0.0      0     0 ?        I<   11:24   0:00 [scsi_tmf_32]
root         607  0.0  0.0      0     0 ?        I    11:24   0:00 [kworker/u4:30-writeback]
root         608  0.0  0.0      0     0 ?        I    11:24   0:00 [kworker/u4:31-flush-253:0]
root         676  0.0  0.0      0     0 ?        I<   11:24   0:00 [kdmflush/253:0]
root         683  0.0  0.0      0     0 ?        I<   11:24   0:00 [kdmflush/253:1]
root         709  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfsalloc]
root         710  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs_mru_cache]
root         711  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-buf/dm-0]
root         712  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-conv/dm-0]
root         713  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-cil/dm-0]
root         714  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-reclaim/dm-]
root         715  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-blockgc/dm-]
root         717  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-log/dm-0]
root         718  0.0  0.0      0     0 ?        S    11:24   0:00 [xfsaild/dm-0]
root         803  0.0  0.2  89496  9580 ?        Ss   11:24   0:00 /usr/lib/systemd/systemd-journald
root         838  0.0  0.3 118928 13512 ?        Ss   11:24   0:00 /usr/lib/systemd/systemd-udevd
root         840  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-buf/sda1]
root         841  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-conv/sda1]
root         842  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-cil/sda1]
root         843  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-reclaim/sda]
root         844  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-blockgc/sda]
root         845  0.0  0.0      0     0 ?        I<   11:24   0:00 [xfs-log/sda1]
root         846  0.0  0.0      0     0 ?        S    11:24   0:00 [xfsaild/sda1]
root         873  0.0  0.0      0     0 ?        I<   11:24   0:00 [ttm_swap]
root         874  0.0  0.0      0     0 ?        S    11:24   0:00 [irq/16-vmwgfx]
root         875  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc0]
root         876  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc1]
root         877  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc2]
root         878  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc3]
root         879  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc4]
root         883  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc5]
root         884  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc6]
root         885  0.0  0.0      0     0 ?        S    11:24   0:00 [card0-crtc7]
root         932  0.0  0.0  75000  2384 ?        S<sl 11:24   0:00 /sbin/auditd
polkitd      954  0.0  0.6 1631264 25104 ?       Ssl  11:25   0:00 /usr/lib/polkit-1/polkitd --no-debug
root         955  0.0  0.1 125024  4828 ?        Ssl  11:25   0:00 /usr/sbin/irqbalance --foreground
root         956  0.0  0.1  50280  5372 ?        Ss   11:25   0:00 /usr/sbin/smartd -n -q never
root         958  0.0  0.0  17788  2196 ?        Ss   11:25   0:00 /usr/sbin/mcelog --ignorenodev --daemon --foreground
libstor+     959  0.0  0.0  19744  2012 ?        Ss   11:25   0:00 /usr/bin/lsmd -d
dbus         960  0.0  0.1  84992  6060 ?        Ssl  11:25   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root         961  0.0  0.3 402260 11632 ?        Ss   11:25   0:00 /usr/sbin/sssd -i --logger=files
root         971  0.0  0.3 410824 12596 ?        S    11:25   0:00 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files
root         976  0.0  1.1 505856 42176 ?        Ssl  11:25   0:00 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
root         977  0.0  0.9 401400 38172 ?        S    11:25   0:00 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
root         978  0.0  0.2  94496  9832 ?        Ss   11:25   0:00 /usr/lib/systemd/systemd-logind
root         995  0.0  0.5 602124 19388 ?        Ssl  11:25   0:00 /usr/sbin/NetworkManager --no-daemon
root        1001  0.0  0.2  92408  7796 ?        Ss   11:25   0:00 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-rsa
root        1002  0.3  0.9 704056 36820 ?        Ssl  11:25   0:05 /usr/libexec/platform-python -Es /usr/sbin/tuned -l -P
root        1014  0.0  0.1 246756  3836 ?        Ss   11:25   0:00 /usr/sbin/crond -n
root        1015  0.0  0.1 123120  5632 ?        Ss   11:25   0:00 login -- root
root        1017  0.0  0.0  44036  2428 ?        Ss   11:25   0:00 /usr/sbin/atd -f
root        1607  0.0  0.2  89512  9340 ?        Ss   11:25   0:00 /usr/lib/systemd/systemd --user
root        1610  0.0  0.1 230180  4628 ?        S    11:25   0:00 (sd-pam)
root        1617  0.0  0.1 237188  5616 tty1     Ss+  11:25   0:00 -bash
root       17097  0.0  0.0      0     0 ?        I    11:32   0:00 [kworker/0:0-cgroup_pidlist_destroy]
root       17098  0.0  0.0      0     0 ?        I    11:35   0:00 [kworker/1:0-events_power_efficient]
root       17099  0.0  0.0      0     0 ?        I    11:38   0:00 [kworker/0:2-cgroup_destroy]
root       17102  0.0  0.0      0     0 ?        I    11:40   0:00 [kworker/1:3-events_power_efficient]
root       17364  0.0  0.0      0     0 ?        I    11:44   0:00 [kworker/0:1-events]
root       17365  0.0  0.0      0     0 ?        I    11:46   0:00 [kworker/1:1-events]
root       23544  0.0  0.0      0     0 ?        I    11:49   0:00 [kworker/0:3-mm_percpu_wq]
root       23545  2.0  0.2 153500 10372 ?        Ss   11:51   0:00 sshd: root [priv]
root       23549  2.0  0.1 153500  6084 ?        S    11:51   0:00 sshd: root@notty
root       23974  0.0  0.1 268528  4084 ?        Rs   11:51   0:00 ps aux

定时任务

NFS服务(/etc/exports已去除注释行)

环境变量

pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}
if [ -x /usr/bin/id ]; then
    if [ -z "$EUID" ]; then
        # ksh workaround
        EUID=`/usr/bin/id -u`
        UID=`/usr/bin/id -ru`
    fi
    USER="`/usr/bin/id -un`"
    LOGNAME=$USER
    MAIL="/var/spool/mail/$USER"
fi
if [ "$EUID" = "0" ]; then
    pathmunge /usr/sbin
    pathmunge /usr/local/sbin
else
    pathmunge /usr/local/sbin after
    pathmunge /usr/sbin after
fi
HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
    export HISTCONTROL=ignoreboth
else
    export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
    umask 002
else
    umask 022
fi
for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do
    if [ -r "$i" ]; then
        if [ "${-#*i}" != "$-" ]; then
            . "$i"
        else
            . "$i" >/dev/null
        fi
    fi
done
unset i
unset -f pathmunge
if [ -n "${BASH_VERSION-}" ] ; then
        if [ -f /etc/bashrc ] ; then
                # Bash login shells run only /etc/profile
                # Bash non-login shells run only /etc/bashrc
                # Check for double sourcing is done in /etc/bashrc.
                . /etc/bashrc
       fi
fi

版本信息

Rocky Linux release 8.6 (Green Obsidian)
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
Rocky Linux release 8.6 (Green Obsidian)
Rocky Linux release 8.6 (Green Obsidian)
Rocky Linux release 8.6 (Green Obsidian)
4.18.0-372.9.1.el8.x86_64

正在运行的docker

开机启动项

atd.service                                enabled
auditd.service                             enabled
autovt@.service                            enabled
crond.service                              enabled
dbus-org.fedoraproject.FirewallD1.service  enabled
dbus-org.freedesktop.nm-dispatcher.service enabled
dbus-org.freedesktop.timedate1.service     enabled
firewalld.service                          enabled
getty@.service                             enabled
import-state.service                       enabled
irqbalance.service                         enabled
kdump.service                              enabled
libstoragemgmt.service                     enabled
loadmodules.service                        enabled
lvm2-monitor.service                       enabled
mcelog.service                             enabled
mdmonitor.service                          enabled
microcode.service                          enabled
NetworkManager-dispatcher.service          enabled
NetworkManager-wait-online.service         enabled
NetworkManager.service                     enabled
nis-domainname.service                     enabled
nvmefc-boot-connections.service            enabled
selinux-autorelabel-mark.service           enabled
smartd.service                             enabled
sshd.service                               enabled
sssd.service                               enabled
timedatex.service                          enabled
tuned.service                              enabled
vdo.service                                enabled
dm-event.socket                            enabled
lvm2-lvmpolld.socket                       enabled
sssd-kcm.socket                            enabled
ctrl-alt-del.target                        enabled
reboot.target                              enabled
remote-fs.target                           enabled
runlevel6.target                           enabled
dnf-makecache.timer                        enabled
mlocate-updatedb.timer                     enabled

部分关键日志信息

前十行:
>
后十行:

日志切割配置

File: /etc/logrotate.conf
weekly
rotate 4
create
dateext
include /etc/logrotate.d

File: /etc/logrotate.d/btmp
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

File: /etc/logrotate.d/chrony
/var/log/chrony/*.log {
    missingok
    nocreate
    sharedscripts
    postrotate
        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
    endscript
}

File: /etc/logrotate.d/dnf
/var/log/hawkey.log {
    missingok
    notifempty
    rotate 4
    weekly
    create
}

File: /etc/logrotate.d/firewalld
/var/log/firewalld {
    weekly
    missingok
    rotate 4
    copytruncate
    minsize 1M
}

File: /etc/logrotate.d/kvm_stat
/var/log/kvm_stat.csv {
    size 10M
    missingok
    compress
    maxage 30
    rotate 5
    nodateext
    postrotate
        /usr/bin/systemctl try-restart kvm_stat.service
    endscript
}

File: /etc/logrotate.d/psacct
/var/account/pacct {
    compress
    delaycompress
    notifempty
    daily
    rotate 31
    create 0600 root root
    postrotate
       if /usr/bin/systemctl --quiet is-active psacct.service ; then
           /usr/sbin/accton /var/account/pacct | /usr/bin/grep -v "Turning on process accounting, file set to '/var/account/pacct'." | /usr/bin/cat
       fi
    endscript
}

File: /etc/logrotate.d/samba
/var/log/samba/log.* {
    compress
    dateext
    maxage 365
    rotate 99
    notifempty
    olddir /var/log/samba/old
    missingok
    copytruncate
}

File: /etc/logrotate.d/sssd
/var/log/sssd/*.log {
    weekly
    missingok
    notifempty
    sharedscripts
    rotate 2
    compress
    delaycompress
    postrotate
        /bin/kill -HUP `cat /var/run/sssd.pid  2>/dev/null`  2> /dev/null || true
    endscript
}

File: /etc/logrotate.d/wtmp
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}