1. root密码设置
安装RHEL10后,首先需要设置root密码并确保密码安全。更多学习教程www.fgedu.net.cn
参考Red Hat Enterprise Linux 10官方文档中的System administration章节
$ ssh root@192.168.1.100
root@192.168.1.100’s password:
Last login: Wed Apr 2 10:00:00 2026 from 192.168.1.1
# 修改root密码
# passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# 验证密码修改
# su – root
Password:
Last login: Wed Apr 2 10:00:00 2026 on pts/0
# 设置密码策略
# vi /etc/login.defs
# 修改以下参数
PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_MIN_LEN 12
PASS_WARN_AGE 7
# 验证密码策略
# grep -E “^PASS_” /etc/login.defs
PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_MIN_LEN 12
PASS_WARN_AGE 7
2. 用户创建与配置
创建普通用户并配置sudo权限。学习交流加群风哥微信: itpux-com
# groupadd -g 1000 fgedu
# groupadd -g 1001 developers
# groupadd -g 1002 admins
# 验证用户组
# cat /etc/group | grep -E “fgedu|developers|admins”
fgedu:x:1000:
developers:x:1001:
admins:x:1002:
# 创建普通用户
# useradd -u 1000 -g fgedu -G developers,admins -m -s /bin/bash fgedu
# useradd -u 1001 -g fgedu -G developers -m -s /bin/bash dev1
# useradd -u 1002 -g fgedu -G developers -m -s /bin/bash dev2
# 设置用户密码
# echo “fgedu:Password@123” | chpasswd
# echo “dev1:DevPass@123” | chpasswd
# echo “dev2:DevPass@456” | chpasswd
# 验证用户创建
# id fgedu
uid=1000(fgedu) gid=1000(fgedu) groups=1000(fgedu),1001(developers),1002(admins)
# id dev1
uid=1001(dev1) gid=1000(fgedu) groups=1000(fgedu),1001(developers)
# id dev2
uid=1002(dev2) gid=1000(fgedu) groups=1000(fgedu),1001(developers)
# visudo
# 添加以下内容
## Allow members of group admins to execute any command
%admins ALL=(ALL) ALL
## Allow members of group developers to execute specific commands
%developers ALL=(ALL) /usr/bin/dnf, /usr/bin/systemctl, /usr/bin/vim
## Allow fgedu user to execute any command without password
fgedu ALL=(ALL) NOPASSWD:ALL
# 验证sudo配置
# sudo -l -U fgedu
User fgedu may run the following commands on rhel10-server:
(ALL) NOPASSWD: ALL
# sudo -l -U dev1
User dev1 may run the following commands on rhel10-server:
(ALL) /usr/bin/dnf, /usr/bin/systemctl, /usr/bin/vim
# 测试sudo权限
# su – fgedu
$ sudo whoami
root
$ sudo dnf list installed | head -10
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:00 ago on Wed 02 Apr 2026 10:00:00 AM CST.
Installed Packages
NetworkManager.x86_64 1:1.42.0-1.el10 @anaconda
NetworkManager-libnm.x86_64 1:1.42.0-1.el10 @anaconda
NetworkManager-team.x86_64 1:1.42.0-1.el10 @anaconda
NetworkManager-wifi.x86_64 1:1.42.0-1.el10 @anaconda
acl.x86_64 2.3.1-3.el10 @anaconda
aic94xx-firmware.noarch 30-6.el10 @anaconda
alsa-lib.x86_64 1.2.9-3.el10 @anaconda
alsa-ucm-conf.noarch 1.2.9-3.el10 @anaconda
alsa-tools-firmware.noarch 1.2.9-3.el10 @anaconda
3. 网络配置
配置网络接口和DNS。学习交流加群风哥QQ113257174
# ip addr show
1: lo:
link/loopback 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:
link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic noprefixroute ens33
valid_lft 86399sec preferred_lft 86399sec
inet6 fe80::20c:29ff:fe12:3456/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# 配置静态IP地址
# nmcli con mod ens33 ipv4.addresses 192.168.1.100/24
# nmcli con mod ens33 ipv4.gateway 192.168.1.1
# nmcli con mod ens33 ipv4.dns “8.8.8.8 8.8.4.4”
# nmcli con mod ens33 ipv4.method manual
# nmcli con up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# 验证网络配置
# ip addr show ens33
2: ens33:
link/ether 00:0c:29:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe12:3456/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
# ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=12.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=11.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=12.1 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=11.9 ms
— 8.8.8.8 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 11.832/12.058/12.317/0.198 ms
# 测试DNS解析
# nslookup www.baidu.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.39
# 查看网络连接
# ss -tuln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
4. 主机名配置
配置系统主机名。更多学习教程公众号风哥教程itpux_com from LinuxDBA视频:www.itpux.com
# hostname
rhel10-server
# hostnamectl
Static hostname: rhel10-server
Icon name: computer-vm
Chassis: vm
Machine ID: abc123def45678901234567890123456
Boot ID: def78901234567890123456789012345
Operating System: Red Hat Enterprise Linux 10.0 (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:10::baseos
Kernel: Linux 6.5.0-0.rc0.20260401git1234567.el10.x86_64
Architecture: x86_64
# 设置静态主机名
# hostnamectl set-hostname rhel10-server.fgedu.net.cn
# 验证主机名修改
# hostname
rhel10-server.fgedu.net.cn
# hostnamectl
Static hostname: rhel10-server.fgedu.net.cn
Icon name: computer-vm
Chassis: vm
Machine ID: abc123def45678901234567890123456
Boot ID: def78901234567890123456789012345
Operating System: Red Hat Enterprise Linux 10.0 (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:10::baseos
Kernel: Linux 6.5.0-0.rc0.20260401git1234567.el10.x86_64
Architecture: x86_64
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# vi /etc/hosts
# 添加以下内容
127.0.0.1 rhel10-server rhel10-server.fgedu.net.cn localhost
192.168.1.100 rhel10-server rhel10-server.fgedu.net.cn
# 验证hosts文件
# cat /etc/hosts
127.0.0.1 rhel10-server rhel10-server.fgedu.net.cn localhost
192.168.1.100 rhel10-server rhel10-server.fgedu.net.cn
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 测试主机名解析
# ping -c 2 rhel10-server
PING rhel10-server (192.168.1.100) 56(84) bytes of data.
64 bytes from rhel10-server (192.168.1.100): icmp_seq=1 ttl=64 time=0.012 ms
64 bytes from rhel10-server (192.168.1.100): icmp_seq=2 ttl=64 time=0.015 ms
— rhel10-server ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.012/0.013/0.015/0.001 ms
5. 时区配置
配置系统时区和时间同步。更多学习教程www.fgedu.net.cn 更多视频教程www.fgedu.net.cn
# timedatectl
Local time: Wed 2026-04-02 10:00:00 CST
Universal time: Wed 2026-04-02 02:00:00 UTC
RTC time: Wed 2026-04-02 02:00:00
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
# 查看所有可用时区
# timedatectl list-timezones | grep -i shanghai
Asia/Shanghai
# 设置时区
# timedatectl set-timezone Asia/Shanghai
# 验证时区设置
# timedatectl
Local time: Wed 2026-04-02 10:00:00 CST
Universal time: Wed 2026-04-02 02:00:00 UTC
RTC time: Wed 2026-04-02 02:00:00
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
# 手动设置时间
# timedatectl set-time “2026-04-02 10:00:00”
# 验证时间设置
# date
Wed Apr 2 10:00:00 CST 2026
# dnf install -y chrony
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:00 ago on Wed 02 Apr 2026 10:00:00 AM CST.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
chrony x86_64 4.5-2.el10 rhel-10-baseos 500 K
Transaction Summary
================================================================================
Install 1 Packages
Total download size: 500 K
Installed size: 1.5 M
Downloading Packages:
(1/1): chrony-4.5-2.el10.x86_64.rpm 500 KB/s | 500 KB 00:01
——————————————————————————–
Total 500 KB/s | 500 KB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : chrony-4.5-2.el10.x86_64 1/1
Running scriptlet: chrony-4.5-2.el10.x86_64 1/1
Verifying : chrony-4.5-2.el10.x86_64 1/1
Installed:
chrony-4.5-2.el10.x86_64
Complete!
# 启动chronyd服务
# systemctl start chronyd
# systemctl enable chronyd
Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.
# 验证chronyd服务状态
# systemctl status chronyd
● chronyd.service – NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2026-04-02 10:00:00 CST; 10s ago
Docs: man:chronyd(8) man:chrony.conf(5)
Main PID: 1234 (chronyd)
Tasks: 2 (limit: 4915)
Memory: 2.5M
CGroup: /system.slice/chronyd.service
└─1234 /usr/sbin/chronyd
# 查看时间同步状态
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.cloudflare.com 3 6 377 23 -12us[ -123us] +/- 14ms
^* time.google.com 2 6 377 25 +45us[ +45us] +/- 10ms
^* time.apple.com 2 6 377 27 +78us[ +78us] +/- 12ms
# 验证时间同步
# timedatectl
Local time: Wed 2026-04-02 10:00:00 CST
Universal time: Wed 2026-04-02 02:00:00 UTC
RTC time: Wed 2026-04-02 02:00:00
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
6. 防火墙配置
配置firewalld防火墙规则。学习交流加群风哥微信: itpux-com
# firewall-cmd –state
running
# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# 开放常用服务
# firewall-cmd –permanent –add-service=http
success
# firewall-cmd –permanent –add-service=https
success
# firewall-cmd –permanent –add-service=mysql
success
# firewall-cmd –permanent –add-service=postgresql
success
# 开放自定义端口
# firewall-cmd –permanent –add-port=8080/tcp
success
# firewall-cmd –permanent –add-port=8443/tcp
success
# firewall-cmd –permanent –add-port=9000-9100/tcp
success
# 重新加载防火墙规则
# firewall-cmd –reload
success
# 验证防火墙规则
# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh http https mysql postgresql
ports: 8080/tcp 8443/tcp 9000-9100/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# 允许特定IP访问SSH
# firewall-cmd –permanent –add-rich-rule=’rule family=”ipv4″ source address=”192.168.1.0/24″ service name=”ssh” accept’
success
# 拒绝特定IP访问
# firewall-cmd –permanent –add-rich-rule=’rule family=”ipv4″ source address=”10.0.0.0/8″ reject’
success
# 重新加载防火墙规则
# firewall-cmd –reload
success
# 验证富规则
# firewall-cmd –list-rich-rules
rule family=”ipv4″ source address=”192.168.1.0/24″ service name=”ssh” accept
rule family=”ipv4″ source address=”10.0.0.0/8″ reject
# 查看防火墙日志
# journalctl -u firewalld -n 20
— Logs begin at Mon 2026-04-01 10:00:00 CST, end at Wed 2026-04-02 10:00:00 CST. —
Apr 02 10:00:00 rhel10-server systemd[1]: Starting firewalld – dynamic firewall daemon…
Apr 02 10:00:00 rhel10-server firewalld[1234]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
Apr 02 10:00:00 rhel10-server systemd[1]: Started firewalld – dynamic firewall daemon.
Apr 02 10:00:00 rhel10-server firewalld[1234]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w10 -D FORWARD -i virbr0 -o virbr0 -j ACCEPT’ failed: iptables: No chain/target/match by that name.
Apr 02 10:00:00 rhel10-server firewalld[1234]: WARNING: COMMAND_FAILED: ‘/usr/sbin/iptables -w10 -D FORWARD -i virbr0 -o virbr0 -j ACCEPT’ failed: iptables: No chain/target/match by that name.
7. SELinux配置
配置SELinux安全策略。学习交流加群风哥QQ113257174
# getenforce
Enforcing
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
# 临时修改SELinux模式
# setenforce 0
# 验证SELinux模式
# getenforce
Permissive
# 恢复Enforcing模式
# setenforce 1
# 验证SELinux模式
# getenforce
Enforcing
# vi /etc/selinux/config
# 修改以下内容
SELINUX=enforcing
SELINUXTYPE=targeted
# 验证SELinux配置
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
# 查看SELinux上下文
# ls -Z /var/www/html
system_u:object_r:httpd_sys_content_t:s0 index.html
# 修改SELinux上下文
# chcon -R -t httpd_sys_content_t /var/www/html
# 验证SELinux上下文
# ls -Z /var/www/html
system_u:object_r:httpd_sys_content_t:s0 index.html
# 永久修改SELinux上下文
# semanage fcontext -a -t httpd_sys_content_t “/var/www/html(/.*)?”
# restorecon -R -v /var/www/html
restorecon reset /var/www/html context system_u:object_r:user_home_t:s0->system_u:object_r:httpd_sys_content_t:s0
# ausearch -m avc -ts recent | tail -20
—-
time->Wed Apr 2 10:00:00 2026
type=AVC msg=audit(1234567890.123:123): avc: denied { read } for pid=1234 comm=”httpd” name=”index.html” dev=”sda1″ ino=123456 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0
# 使用audit2allow生成SELinux规则
# ausearch -c ‘httpd_t’ –raw | audit2allow -w
# 生成SELinux模块
# ausearch -c ‘httpd_t’ –raw | audit2allow -M httpd_custom
# 加载SELinux模块
# semodule -i httpd_custom.pp
# 验证SELinux模块
# semodule -l | grep httpd
httpd_custom
8. YUM源配置
配置DNF/YUM软件源。更多学习教程公众号风哥教程itpux_com
# dnf repolist
repo id repo name
rhel-10-for-x86_64-baseos-rpms Red Hat Enterprise Linux 10 for x86_64 – BaseOS
rhel-10-for-x86_64-appstream-rpms Red Hat Enterprise Linux 10 for x86_64 – AppStream
# 查看软件源详细信息
# dnf repoinfo rhel-10-for-x86_64-baseos-rpms
Repo-id : rhel-10-for-x86_64-baseos-rpms
Repo-name : Red Hat Enterprise Linux 10 for x86_64 – BaseOS
Repo-revision : 1234567890
Repo-updated : Wed 02 Apr 2026 10:00:00 GMT
Repo-pkgs : 5432
Repo-available-pkgs: 5432
Repo-size : 10G
Repo-baseurl : https://cdn.redhat.com/content/dist/layered/rhel10/x86_64/baseos/os
Repo-expire : 86400 seconds (last: Wed 02 Apr 2026 10:00:00 GMT)
Repo-filename : /etc/yum.repos.d/redhat.repo
# 配置本地YUM源
# mkdir -p /mnt/iso
# mount -o loop /path/to/rhel10.iso /mnt/iso
# vi /etc/yum.repos.d/local.repo
# 添加以下内容
[local-baseos]
name=Local BaseOS
baseurl=file:///mnt/iso/BaseOS
enabled=1
gpgcheck=0
[local-appstream]
name=Local AppStream
baseurl=file:///mnt/iso/AppStream
enabled=1
gpgcheck=0
# 验证本地YUM源
# dnf repolist
repo id repo name
rhel-10-for-x86_64-baseos-rpms Red Hat Enterprise Linux 10 for x86_64 – BaseOS
rhel-10-for-x86_64-appstream-rpms Red Hat Enterprise Linux 10 for x86_64 – AppStream
local-baseos Local BaseOS
local-appstream Local AppStream
# vi /etc/yum.repos.d/mirror.repo
# 添加以下内容
[mirror-baseos]
name=Mirror BaseOS
baseurl=http://mirrors.aliyun.com/centos/10-stream/BaseOS/x86_64/os/
enabled=1
gpgcheck=0
[mirror-appstream]
name=Mirror AppStream
baseurl=http://mirrors.aliyun.com/centos/10-stream/AppStream/x86_64/os/
enabled=1
gpgcheck=0
# 验证镜像源
# dnf repolist
repo id repo name
rhel-10-for-x86_64-baseos-rpms Red Hat Enterprise Linux 10 for x86_64 – BaseOS
rhel-10-for-x86_64-appstream-rpms Red Hat Enterprise Linux 10 for x86_64 – AppStream
mirror-baseos Mirror BaseOS
mirror-appstream Mirror AppStream
# 清理YUM缓存
# dnf clean all
0 files removed
# 生成YUM缓存
# dnf makecache
Mirror BaseOS 12 MB/s | 5.4 MB 00:00
Mirror AppStream 15 MB/s | 3.2 MB 00:00
Metadata cache created.
9. 系统更新
更新系统到最新版本。更多学习教程www.fgedu.net.cn
# dnf check-update
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:00 ago on Wed 02 Apr 2026 10:00:00 AM CST.
kernel.x86_64 6.5.0-0.rc0.20260401git1234567.el10 rhel-10-for-x86_64-baseos-rpms
systemd.x86_64 252-28.el10 rhel-10-for-x86_64-baseos-rpms
NetworkManager.x86_64 1:1.42.0-2.el10 rhel-10-for-x86_64-baseos-rpms
# 更新系统
# dnf update -y
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:00 ago on Wed 02 Apr 2026 10:00:00 AM CST.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
kernel x86_64 6.5.0-0.rc0.20260402git1234567.el10 rhel-10-baseos 150 M
kernel-core x86_64 6.5.0-0.rc0.20260402git1234567.el10 rhel-10-baseos 100 M
kernel-modules x86_64 6.5.0-0.rc0.20260402git1234567.el10 rhel-10-baseos 50 M
systemd x86_64 252-28.el10 rhel-10-baseos 5.0 M
Transaction Summary
================================================================================
Upgrade 4 Packages
Total download size: 305 M
Downloading Packages:
(1/4): kernel-core-6.5.0-0.rc0.20260402git1234567.el10.x86_64.rpm 100 MB/s | 100 MB 00:01
(2/4): kernel-modules-6.5.0-0.rc0.20260402git1234567.el10.x86_64.rpm 50 MB/s | 50 MB 00:01
(3/4): kernel-6.5.0-0.rc0.20260402git1234567.el10.x86_64.rpm 150 MB/s | 150 MB 00:01
(4/4): systemd-252-28.el10.x86_64.rpm 5.0 MB/s | 5.0 MB 00:01
——————————————————————————–
Total 305 MB/s | 305 MB 00:04
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/4
Upgrading : kernel-core-6.5.0-0.rc0.20260402git1234567.el10.x86_64 1/4
Upgrading : kernel-modules-6.5.0-0.rc0.20260402git1234567.el10.x86_64 2/4
Upgrading : kernel-6.5.0-0.rc0.20260402git1234567.el10.x86_64 3/4
Upgrading : systemd-252-28.el10.x86_64 4/4
Cleanup : kernel-6.5.0-0.rc0.20260401git1234567.el10.x86_64 1/4
Cleanup : kernel-core-6.5.0-0.rc0.20260401git1234567.el10.x86_64 2/4
Cleanup : kernel-modules-6.5.0-0.rc0.20260401git1234567.el10.x86_64 3/4
Cleanup : systemd-252-26.el10.x86_64 4/4
Running scriptlet: kernel-6.5.0-0.rc0.20260402git1234567.el10.x86_64 4/4
Verifying : kernel-core-6.5.0-0.rc0.20260402git1234567.el10.x86_64 1/4
Verifying : kernel-modules-6.5.0-0.rc0.20260402git1234567.el10.x86_64 2/4
Verifying : kernel-6.5.0-0.rc0.20260402git1234567.el10.x86_64 3/4
Verifying : systemd-252-28.el10.x86_64 4/4
Installed:
kernel-6.5.0-0.rc0.20260402git1234567.el10.x86_64
kernel-core-6.5.0-0.rc0.20260402git1234567.el10.x86_64
kernel-modules-6.5.0-0.rc0.20260402git1234567.el10.x86_64
systemd-252-28.el10.x86_64
Complete!
# dnf install -y vim wget curl git net-tools tcpdump htop iotop nethogs
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:00 ago on Wed 02 Apr 2026 10:00:00 AM CST.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 9.0.1234-1.el10 rhel-10-appstream 2.5 M
wget x86_64 1.21.1-7.el10 rhel-10-baseos 1.0 M
curl x86_64 7.76.1-19.el10 rhel-10-baseos 500 K
git x86_64 2.39.1-1.el10 rhel-10-appstream 5.0 M
net-tools x86_64 2.0-0.69.20160312git.el10 rhel-10-baseos 300 K
tcpdump x86_64 4.99.1-3.el10 rhel-10-baseos 1.5 M
htop x86_64 3.2.2-1.el10 rhel-10-appstream 200 K
iotop x86_64 0.6-22.el10 rhel-10-appstream 100 K
nethogs x86_64 0.8.7-1.el10 rhel-10-appstream 100 K
Transaction Summary
================================================================================
Install 9 Packages
Total download size: 11.2 M
Installed size: 35.0 M
Downloading Packages:
(1/9): vim-enhanced-9.0.1234-1.el10.x86_64.rpm 2.5 MB/s | 2.5 MB 00:01
(2/9): wget-1.21.1-7.el10.x86_64.rpm 1.0 MB/s | 1.0 MB 00:01
(3/9): curl-7.76.1-19.el10.x86_64.rpm 500 KB/s | 500 KB 00:01
(4/9): git-2.39.1-1.el10.x86_64.rpm 5.0 MB/s | 5.0 MB 00:01
(5/9): net-tools-2.0-0.69.20160312git.el10.x86_64.rpm 300 KB/s | 300 KB 00:01
(6/9): tcpdump-4.99.1-3.el10.x86_64.rpm 1.5 MB/s | 1.5 MB 00:01
(7/9): htop-3.2.2-1.el10.x86_64.rpm 200 KB/s | 200 KB 00:01
(8/9): iotop-0.6-22.el10.x86_64.rpm 100 KB/s | 100 KB 00:01
(9/9): nethogs-0.8.7-1.el10.x86_64.rpm 100 KB/s | 100 KB 00:01
——————————————————————————–
Total 11.2 MB/s | 11.2 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/9
Installing : vim-enhanced-9.0.1234-1.el10.x86_64 1/9
Installing : wget-1.21.1-7.el10.x86_64 2/9
Installing : curl-7.76.1-19.el10.x86_64 3/9
Installing : git-2.39.1-1.el10.x86_64 4/9
Installing : net-tools-2.0-0.69.20160312git.el10.x86_64 5/9
Installing : tcpdump-4.99.1-3.el10.x86_64 6/9
Installing : htop-3.2.2-1.el10.x86_64 7/9
Installing : iotop-0.6-22.el10.x86_64 8/9
Installing : nethogs-0.8.7-1.el10.x86_64 9/9
Running scriptlet: vim-enhanced-9.0.1234-1.el10.x86_64 9/9
Verifying : vim-enhanced-9.0.1234-1.el10.x86_64 1/9
Verifying : wget-1.21.1-7.el10.x86_64 2/9
Verifying : curl-7.76.1-19.el10.x86_64 3/9
Verifying : git-2.39.1-1.el10.x86_64 4/9
Verifying : net-tools-2.0-0.69.20160312git.el10.x86_64 5/9
Verifying : tcpdump-4.99.1-3.el10.x86_64 6/9
Verifying : htop-3.2.2-1.el10.x86_64 7/9
Verifying : iotop-0.6-22.el10.x86_64 8/9
Verifying : nethogs-0.8.7-1.el10.x86_64 9/9
Installed:
vim-enhanced-9.0.1234-1.el10.x86_64 wget-1.21.1-7.el10.x86_64
curl-7.76.1-19.el10.x86_64 git-2.39.1-1.el10.x86_64
net-tools-2.0-0.69.20160312git.el10.x86_64 tcpdump-4.99.1-3.el10.x86_64
htop-3.2.2-1.el10.x86_64 iotop-0.6-22.el10.x86_64
nethogs-0.8.7-1.el10.x86_64
Complete!
# 验证软件包安装
# which vim
/usr/bin/vim
# which git
/usr/bin/git
# which htop
/usr/bin/htop
10. 风哥经验总结
在生产环境中进行安装后初始化配置的经验总结。学习交流加群风哥微信: itpux-com
$ cat > /backup/postinstall_experience1.txt << 'EOF' 经验1:建立标准化的初始化流程 1. 制定初始化清单 - root密码设置 - 用户创建与配置 - 网络配置 - 主机名配置 - 时区配置 - 防火墙配置 - SELinux配置 - YUM源配置 - 系统更新 - 常用软件包安装 2. 使用脚本自动化 - 编写初始化脚本 - 使用Ansible等工具 - 验证脚本功能 - 定期更新脚本 3. 记录配置信息 - 记录所有配置 - 保存配置文件 - 记录密码信息 - 记录网络信息 EOF
$ cat > /backup/postinstall_experience2.txt << 'EOF' 经验2:加强系统安全 1. 密码安全 - 使用强密码 - 定期更换密码 - 禁用root远程登录 - 使用SSH密钥认证 2. 网络安全 - 配置防火墙规则 - 限制访问源 - 使用VPN - 监控网络流量 3. 系统安全 - 保持SELinux启用 - 定期更新系统 - 安装安全软件 - 监控系统日志 EOF
$ cat > /backup/postinstall_experience3.txt << 'EOF' 经验3:建立监控体系 1. 系统监控 - CPU使用率 - 内存使用率 - 磁盘使用率 - 网络流量 2. 服务监控 - 服务状态 - 服务响应时间 - 服务错误率 - 服务日志 3. 应用监控 - 应用功能 - 应用性能 - 应用错误 - 应用日志 EOF
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
