2023-08-05 第五周

一、SUDO,PAM配置規(guī)范說(shuō)明

SUDO

在suduers配置文件下修改,或者是在suduers.d的文件夾下修改
-r--r----- 1 root root 4463 Aug 5 10:37 sudoers
drwxr-x---. 2 root root 6 Apr 20 2022 sudoers.d

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:                 #suduers文件下的配置修改
##
##             user        MACHINE =   (runas)    COMMANDS            
##       #執(zhí)行權(quán)限的用戶(hù)名  登入的主機(jī) =(代表的用戶(hù)) 要執(zhí)行的命令
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL
ma      ALL=(root)      /usr/bin/mount /dev/cdrom /mnt/,/usr/bin/umount /mnt
ma      ALL=            /bin/cat /var/log/vmware-network*

PAM

type control module-path arguments
type:指模塊類(lèi)型,即功能
control :PAM庫(kù)該如何處理與該服務(wù)相關(guān)的PAM模塊的成功或失敗情況,一個(gè)關(guān)健詞實(shí)現(xiàn)
module-path: 用來(lái)指明本模塊對(duì)應(yīng)的程序文件的路徑名
Arguments: 用來(lái)傳遞給該模塊的參數(shù)

[11:04:07 root@rocky8 ~]#ls /lib64/security/*.so     #模塊文件
/lib64/security/pam_access.so                /lib64/security/pam_group.so       /lib64/security/pam_pwhistory.so       /lib64/security/pam_timestamp.so
/lib64/security/pam_cap.so                   /lib64/security/pam_issue.so       /lib64/security/pam_pwquality.so       /lib64/security/pam_tty_audit.so
/lib64/security/pam_chroot.so                /lib64/security/pam_keyinit.so     /lib64/security/pam_rhosts.so          /lib64/security/pam_umask.so
/lib64/security/pam_console.so               /lib64/security/pam_lastlog.so     /lib64/security/pam_rootok.so          /lib64/security/pam_unix_acct.so
/lib64/security/pam_cracklib.so              /lib64/security/pam_limits.so      /lib64/security/pam_securetty.so       /lib64/security/pam_unix_auth.so
/lib64/security/pam_debug.so                 /lib64/security/pam_listfile.so    /lib64/security/pam_selinux_permit.so  /lib64/security/pam_unix_passwd.so
/lib64/security/pam_deny.so                  /lib64/security/pam_localuser.so   /lib64/security/pam_selinux.so         /lib64/security/pam_unix_session.so
/lib64/security/pam_echo.so                  /lib64/security/pam_loginuid.so    /lib64/security/pam_sepermit.so        /lib64/security/pam_unix.so
/lib64/security/pam_env.so                   /lib64/security/pam_mail.so        /lib64/security/pam_shells.so          /lib64/security/pam_userdb.so
/lib64/security/pam_exec.so                  /lib64/security/pam_mkhomedir.so   /lib64/security/pam_sss_gss.so         /lib64/security/pam_usertype.so
/lib64/security/pam_faildelay.so             /lib64/security/pam_motd.so        /lib64/security/pam_sss.so             /lib64/security/pam_warn.so
/lib64/security/pam_faillock.so              /lib64/security/pam_namespace.so   /lib64/security/pam_stress.so          /lib64/security/pam_wheel.so
/lib64/security/pam_filter.so                /lib64/security/pam_nologin.so     /lib64/security/pam_succeed_if.so      /lib64/security/pam_xauth.so
/lib64/security/pam_ftp.so                   /lib64/security/pam_permit.so      /lib64/security/pam_systemd.so
/lib64/security/pam_google_authenticator.so  /lib64/security/pam_postgresok.so  /lib64/security/pam_time.so
[11:04:23 root@rocky8 ~]#ls /etc/pam.d/         #系統(tǒng)程序調(diào)用的專(zhuān)有模塊配置文件
atd   chsh         crond             login  passwd         polkit-1   remote   runuser-l       smtp          sshd              su    sudo-i  system-auth   vlock
chfn  config-util  fingerprint-auth  other  password-auth  postlogin  runuser  smartcard-auth  smtp.postfix  sssd-shadowutils  sudo  su-l    systemd-user  vmtoolsd
[11:09:53 root@rocky8 ~]#ls /etc/security/      #模塊的專(zhuān)有配置文件
access.conf  console.apps      console.perms    faillock.conf  limits.conf  namespace.conf  namespace.init  pam_env.conf    pwquality.conf.d  time.conf
chroot.conf  console.handlers  console.perms.d  group.conf     limits.d     namespace.d     opasswd         pwquality.conf  sepermit.conf
[11:11:51 root@rocky8 ~]#vim /etc/pam.d/sshd   #配置模塊詳細(xì)內(nèi)容
#%PAM-1.0
#type      control         module-path        arguments            模塊類(lèi)型     模塊控制   模塊路徑   參數(shù)
auth       substack     password-auth          
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin

二、chrony搭建私有ntp服務(wù)

[11:41:42 root@rocky8 ~]#yum -y install chrony                    #先安裝chrony服務(wù)
Last metadata expiration check: 2:25:24 ago on Sat 05 Aug 2023 09:16:32 AM CST.
Package chrony-4.1-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
#服務(wù)器端
[11:41:57 root@rocky8 ~]#vim /etc/chrony.conf                      #設(shè)置服務(wù)器的同步功能
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.pool.ntp.org iburst
server ntp.aliyun.com iburst
server time1-5.cloud.tencent.com iburst
server ntp1-7.aliyun.com iburst

# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 10.0.0.0/24                                                    #允許與服務(wù)器同步的網(wǎng)段

# Serve time even if not synchronized to a time source.
local stratum 10                                                     #在互聯(lián)網(wǎng)無(wú)法連接時(shí),仍然能為客戶(hù)端提供時(shí)間同步服務(wù)

[11:50:11 root@rocky8 ~]#systemctl restart chronyd                   #重啟服務(wù)


#客戶(hù)端
[11:51:17 root@rocky8 ~]#vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.pool.ntp.org iburst                                      
server 10.0.0.8 iburst                                                #客戶(hù)機(jī)以服務(wù)器地址為時(shí)間同步的目標(biāo)地址

[11:56:10 root@rocky8 ~]#systemctl restart chronyd                    #重啟服務(wù)

[11:56:27 root@rocky8 ~]#chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 10.0.0.8                      3   6    17     6   -955ns[  -43us] +/-   30ms                   #^*表示同步成功

三、說(shuō)明CDN原理

本質(zhì)上就是提供就近服務(wù)器的域名和轉(zhuǎn)發(fā)
1.給瀏覽器輸入一個(gè)域名,瀏覽器第一次發(fā)現(xiàn)本地沒(méi)有DNS緩存,則向網(wǎng)站的DNS服務(wù)器請(qǐng)求。
2.網(wǎng)站的DNS域名解析設(shè)置了CNAME,請(qǐng)求指向了CDN網(wǎng)絡(luò)中的只能DNS負(fù)載均衡系統(tǒng)。
3.只能DNS負(fù)載均衡系統(tǒng)解析域名,把用戶(hù)響應(yīng)速度最快的IP節(jié)點(diǎn)返回給用戶(hù)。
4.用戶(hù)向該IP節(jié)點(diǎn)(CDN服務(wù)器)發(fā)出請(qǐng)求
5.由于是第一次訪問(wèn),CDN服務(wù)器會(huì)通過(guò)Cache內(nèi)部專(zhuān)用DNS解析得到此域名的原web站點(diǎn)IP,向原站點(diǎn)服務(wù)器發(fā)起請(qǐng)求,并在CDN服務(wù)器上緩存內(nèi)容。
6.請(qǐng)求結(jié)果發(fā)給用戶(hù)。

四、搭建智能DNS,實(shí)現(xiàn)不同地域客戶(hù)端解析到不同主機(jī)

#每個(gè)機(jī)器配置好IP
[13:20:11 root@rocky8 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:92:cf:ce brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:92:cf:d8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute eth1

[13:06:07 root@centos7 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:e9:e6:bc brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute eth0

[13:19:44 root@rocky8 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:7f:6a:1b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.7/24 brd 192.168.10.255 scope global noprefixroute eth0

#在DNS服務(wù)器端配置
[13:23:43 root@rocky8 ~]#vim /etc/named.conf 
acl beijingnet {
       10.0.0.0/24;
};
acl shanghainet {
       192.168.10.0/24;
}; 
acl  othernet {
       any;
};

 //      listen-on port 53 { 127.0.0.1; };                                               #注釋
        listen-on-v6 port 53 { ::1; };  
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };                                                   #注釋

view beijingview {           
           match-clients { beijingnet;};
           include "/etc/named.rfc1912.zones.bj";
};

view shanghaiview {
           match-clients { shanghainet;};
           include "/etc/named.rfc1912.zones.sh";
};

view otherview {
           match-clients { othernet;};
           include "/etc/named.rfc1912.zones.other";
};

#有view視圖的情況下不能有zone所以把下方的znoe挪到對(duì)應(yīng)的/etc/named.rfc1912.zones數(shù)據(jù)文件下。

#配置對(duì)應(yīng)的區(qū)域文件
[13:46:01 root@rocky8 ~]#vim /etc/named.rfc1912.zones.bj         
zone "." IN {
        type hint;
        file "named.ca";
};
zone "mazhuobo.com" IN {
        type master;
        file "mazhuobo.com.zone.bj";
};

[13:49:18 root@rocky8 ~]#vim /etc/named.rfc1912.zones.sh
zone "." IN {
        type hint;
        file "named.ca";
};      
zone "mazhuobo.com" IN {
        type master; 
        file "mazhuobo.com.zone.sh";
};

[13:52:24 root@rocky8 ~]#vim /etc/named.rfc1912.zones.other 
zone "." IN {
        type hint;
        file "named.ca";
};
zone "mazhuobo.com" IN {
        type master;
        file "mazhuobo.com.zone.other";
};

[13:53:52 root@rocky8 ~]#ll /etc/named.rfc1912.zones.*
-rw-r----- 1 root root 1177 Aug  5 13:49 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root root 1186 Aug  5 13:53 /etc/named.rfc1912.zones.other
-rw-r----- 1 root root 1176 Aug  5 13:52 /etc/named.rfc1912.zones.sh
                                                             #更改他們的所有組 chgrp named /etc/named.rfc1912.zones.*
[13:54:46 root@rocky8 ~]#ll /etc/named.rfc1912.zones.*
-rw-r----- 1 root named 1177 Aug  5 13:49 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 1186 Aug  5 13:53 /etc/named.rfc1912.zones.other
-rw-r----- 1 root named 1176 Aug  5 13:52 /etc/named.rfc1912.zones.sh
#配置區(qū)域數(shù)據(jù)庫(kù)文件
[13:54:48 root@rocky8 ~]#vim /var/named/mazhuobo.com.zone.bj
$TTL 1D
@   IN SOA master admin.mazhuobo.com. (
                    2023080510 ; serial
                   1D ; refresh
                   1H ; retry
                   1W ; expire
                   3H )   ; minimum
           NS   master
master     A    10.0.0.8
websrv     A    10.0.0.7                          
www       CNAME websrv
[14:00:57 root@rocky8 ~]#vim /var/named/mazhuobo.com.zone.sh
$TTL 1D
@   IN SOA master admin.mazhuobo.com. ( 2023080510  ; serial 1D ; refresh 1H ; retry1W ; expire3H )   ; minimum
           NS   master
master     A    10.0.0.8
websrv     A    192.168.10.7
www       CNAME websrv

[14:08:18 root@rocky8 ~]#vim /var/named/mazhuobo.com.zone.other
$TTL 1D
@   IN SOA master admin.mazhuobo.com. (
                    2023080510  ; serial
                   1D ; refresh
                   1H ; retry
                   1W ; expire
                   3H )   ; minimum
           NS   master
master     A    10.0.0.8
websrv     A    127.0.0.1
www       CNAME websrv

[14:07:17 root@rocky8 ~]#ll /var/named/mazhuobo.com.zone.*
-rw-r--r-- 1 root root 340 Aug  5 13:59 /var/named/mazhuobo.com.zone.bj
-rw-r--r-- 1 root root 338 Aug  5 14:06 /var/named/mazhuobo.com.zone.other
-rw-r--r-- 1 root root 212 Aug  5 14:05 /var/named/mazhuobo.com.zone.sh
                                                               #更改他們的所有組chgrp named /var/named/mazhuobo.com.zone.*
[14:09:35 root@rocky8 ~]#ll /var/named/mazhuobo.com.zone.*
-rw-r--r-- 1 root named 340 Aug  5 13:59 /var/named/mazhuobo.com.zone.bj
-rw-r--r-- 1 root named 340 Aug  5 14:08 /var/named/mazhuobo.com.zone.other
-rw-r--r-- 1 root named 212 Aug  5 14:05 /var/named/mazhuobo.com.zone.sh

#重啟服務(wù)器
systemctl restart named

#web服務(wù)器上安裝http 
[14:51:25 root@rocky8 ~]#yum install httpd -y
#分別寫(xiě)入數(shù)據(jù)
echo www.mazhuobo.com in * > /var/www/html/index.html
#重啟服務(wù)
systemctl restart httpd

#測(cè)試確保網(wǎng)關(guān)正確
# 10.0.0.8
[15:03:35 root@rocky8 ~]#cat /etc/resolv.conf 
# Generated by NetworkManager
search mazhuobo
nameserver 192.168.10.2
[15:03:37 root@rocky8 ~]#curl www.mazhuobo.com
www.mazhuobo.com in Other

#10.0.0.28
[15:00:47 root@rocky8 ~]#cat /etc/resolv.conf;
# Generated by NetworkManager
search mazhuobo
nameserver 10.0.0.8
[15:00:51 root@rocky8 ~]#curl www.mazhuobo.com
www.mazhuobo.com in Beijing

#192.168.10.6
[15:01:27 root@rocky8 ~]#cat /etc/resolv.conf 
# Generated by NetworkManager
search mazhuobo
nameserver 192.168.10.8
[15:01:46 root@rocky8 ~]#curl www.mazhuobo.com
www.mazhuobo.com in Shanghai

五、解釋DNS解析流程

迭代查詢(xún):查詢(xún)目標(biāo)地址先訪問(wèn)DNS代理解析服務(wù)器,代理服務(wù)器也沒(méi)有地址去訪問(wèn)>>.根服務(wù)器,根沒(méi)有去訪問(wèn)>>.com域名服務(wù)器,.com域名服務(wù)器沒(méi)有去訪問(wèn)>>二級(jí)域名服務(wù)器>>依次迭代>>返回域名
遞歸查詢(xún):訪問(wèn)DNS代理解析查找到緩存有地址直接返回

DNS原理

六、.iptables 5表5鏈解釋

5鏈

INPUT,OUTPUT,FORWARD,PREROUTING,POSTROUTING

三種報(bào)文流向

流入本機(jī):PREROUTING --> INPUT-->用戶(hù)空間進(jìn)程
流出本機(jī):用戶(hù)空間進(jìn)程 -->OUTPUT--> POSTROUTING
轉(zhuǎn)發(fā):PREROUTING --> FORWARD --> POSTROUTING

5鏈

5表5鏈的搭配

5表

五個(gè)表table:filter、nat、mangle、raw、security

filter:過(guò)濾規(guī)則表,根據(jù)預(yù)定義的規(guī)則過(guò)濾符合條件的數(shù)據(jù)包,默認(rèn)表
nat:network address translation 地址轉(zhuǎn)換規(guī)則表
mangle:修改數(shù)據(jù)標(biāo)記位規(guī)則表
raw:關(guān)閉啟用的連接跟蹤機(jī)制,加快封包穿越防火墻速度
security:用于強(qiáng)制訪問(wèn)控制(MAC)網(wǎng)絡(luò)規(guī)則,由Linux安全模塊(如SELinux)實(shí)現(xiàn)

優(yōu)先級(jí)從高到底排序

security -->raw-->mangle-->nat-->filter

七、iptables/firewalld/nftable 實(shí)現(xiàn)主機(jī)防火墻。5000-6000端口僅192.168.0.0/24網(wǎng)段內(nèi)的主機(jī)訪間

iptables

[09:44:45 root@rocky8 ~]#iptables -A INPUT ! -s 192.168.0.0/24 -p tcp --dport 5000:6000 -j REJECT

firewalld

[10:15:36 root@rocky8 ~]#firewall-cmd  --add-port=5000-6000/tcp
success
[10:15:49 root@rocky8 ~]#firewall-cmd --list-port
5000-6000/tcp
[10:16:37 root@rocky8 ~]#firewall-cmd  --add-source=192.168.0.0/24 
success
[10:16:42 root@rocky8 ~]#firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 192.168.0.0/24
  services: cockpit dhcpv6-client ssh
  ports: 5000-6000/tcp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

[10:22:43 root@rocky8 ~]#firewall-cmd  --add-rich-rule='rule family=ipv4 source address=192.168.0.0/24 port port=5000-6000 protocol=tcp accept'
success

nftable

#先創(chuàng)建一個(gè)表
[10:33:47 root@rocky8 ~]#nft add table inet test_table           
#在表中創(chuàng)建一個(gè)鏈
[10:36:40 root@rocky8 ~]#nft add chain inet test_table test_filter_input_chain {type filter hook input priority 0 \; } 
#添加規(guī)則
[10:46:50 root@rocky8 ~]#nft add rule inet test_table test_filter_input_chain  ip saddr 10.0.0.1 accept
[10:53:16 root@rocky8 ~]#nft add rule inet test_table test_filter_input_chain  ip saddr 192.168.0.0/24 tcp dport  5000-6000 accept
[10:53:24 root@rocky8 ~]#nft add rule inet test_table test_filter_input_chain  ip saddr 0.0.0.0/24 tcp dport  5000-6000 reject
#查看規(guī)則
[10:55:39 root@rocky8 ~]#nft list ruleset
table inet test_table {
    chain test_filter_input_chain {
        type filter hook input priority filter; policy accept;
        ip saddr 10.0.0.1 accept
        ip saddr 192.168.0.0/24 tcp dport 5000-6000 accept
        ip saddr 0.0.0.0/24 tcp dport 5000-6000 reject
    }
}

八、mysql的各發(fā)行版有哪些 ?

關(guān)系型數(shù)據(jù)庫(kù)和非關(guān)系型數(shù)據(jù)庫(kù)

關(guān)系型數(shù)據(jù)庫(kù)常見(jiàn)的有
MySQL: MySQL, MariaDB, Percona Server
PostgreSQL: 簡(jiǎn)稱(chēng)為pgsql,EnterpriseDB
Oracle
MSSQL Server
DB2

非關(guān)系型數(shù)據(jù)庫(kù)常見(jiàn)的
redis

mysql有MySQL Enterprise Edition(企業(yè)版)、MySQL Cluster CGE(集群)、MySQL Community(社區(qū)版)

MySQL 的三大主要分支
MySQL
Mariadb
Percona Server

版本的演變
MySQL:5.1 --> 5.5 --> 5.6 --> 5.7 -->8.0
MariaDB:5.1 -->5.5 -->10.0--> 10.1 --> 10.2 --> 10.3 --> 10.4 --> 10.5

九、mysql索引的作用

索引是幫助 MySQL 高效獲取數(shù)據(jù)數(shù)據(jù)結(jié)構(gòu)(有序)。在數(shù)據(jù)之外,數(shù)據(jù)庫(kù)系統(tǒng)還維護(hù)著滿(mǎn)足特定查找算法的數(shù)據(jù)結(jié)構(gòu),這些數(shù)據(jù)結(jié)構(gòu)以某種方式引用(指向)數(shù)據(jù),這樣就可以在這些數(shù)據(jù)結(jié)構(gòu)上實(shí)現(xiàn)高級(jí)查詢(xún)算法,這種數(shù)據(jù)結(jié)構(gòu)就是索引。

優(yōu)缺點(diǎn):

優(yōu)點(diǎn):

  • 提高數(shù)據(jù)檢索效率,降低數(shù)據(jù)庫(kù)的IO成本
  • 通過(guò)索引列對(duì)數(shù)據(jù)進(jìn)行排序,降低數(shù)據(jù)排序的成本,降低CPU的消耗

缺點(diǎn):

  • 索引列也是要占用空間的
  • 索引大大提高了查詢(xún)效率,但降低了更新的速度,比如 INSERT、UPDATE、DELETE

十、mysql btree索引的原理

B-tree
就是每一個(gè)節(jié)點(diǎn)上都有指針和數(shù)據(jù),通過(guò)判斷插入key的大小,來(lái)確定一個(gè)數(shù)據(jù)插入的位置,比如一個(gè)5階B-tree,那就是每個(gè)節(jié)點(diǎn)最多有4key,5個(gè)指針

B-tree

B-tree的動(dòng)畫(huà)演示 B-Tree Visualization (usfca.edu)

B+tree
就是只有葉子節(jié)點(diǎn)才有數(shù)據(jù),而且所有葉子節(jié)點(diǎn)形成一個(gè)單向鏈表

B+tree

B+tree的動(dòng)畫(huà)演示 B+ Tree Visualization (usfca.edu)

十一、mysql安全加固?

mysql的安全加固腳本主要針對(duì)于MySQL5.6之前的版本

運(yùn)行mysql_secure_installation腳本
MySQL5.6之前
設(shè)置數(shù)據(jù)庫(kù)管理員root口令
禁止root遠(yuǎn)程登錄
刪除anonymous用戶(hù)帳號(hào)
刪除test數(shù)據(jù)庫(kù)

在5.6版本之后可以不用執(zhí)行安全加固腳本

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • ● 請(qǐng)你講解一下數(shù)據(jù)連接池的工作機(jī)制? 考察點(diǎn):連接池參考回答: J2EE 服務(wù)器啟動(dòng)時(shí)會(huì)建立一定數(shù)量的池連接,并...
    le_u閱讀 554評(píng)論 0 0
  • 問(wèn)題導(dǎo)讀: 1.如何構(gòu)建高并發(fā)電商平臺(tái)架構(gòu) 2.哈希、B樹(shù)、倒排、bitmap的作用是什么? 3.作為軟件工程師,...
    MaLiang閱讀 5,265評(píng)論 1 70
  • 1.一些開(kāi)放性題目 1.自我介紹:除了基本個(gè)人信息以外,面試官更想聽(tīng)的是你與眾不同的地方和你的優(yōu)勢(shì)。 2.項(xiàng)目介紹...
    55lover閱讀 712評(píng)論 0 6
  • 前言 自學(xué)/學(xué)習(xí)路線這樣的一期我想寫(xiě)很久了,因?yàn)橐恢毕雽?xiě)的全一點(diǎn)硬核一點(diǎn)所以拖到了現(xiàn)在,我相信這一期對(duì)不管是還在學(xué)...
    薇薇細(xì)雨閱讀 484評(píng)論 0 3
  • 前端中高級(jí)工程師必備技能 本文旨在加深對(duì)前端知識(shí)點(diǎn)的理解,資料來(lái)源于網(wǎng)絡(luò)。 一些開(kāi)放性題目 position的值,...
    lwz4070閱讀 199評(píng)論 0 1

友情鏈接更多精彩內(nèi)容