首先，调整网络方面的参数：

[root@banping mysql-5.5.10]# yum install libaio-devel

Loaded plugins: rhnplugin, security

This system is not registered with RHN.

RHN support will be disabled.

Setting up Install Process

No package libaio-devel available.

Nothing to do

意思是这套RH没有在官网上注册，不能下载RH的软件包。后来我把yum替换成了CentOS的版本，过程如下：

首先看看有哪些yum包，然后卸载掉：

[root@banping mysql-5.5.10]# rpm -qa|grep yum

yum-rhn-plugin-0.5.4-13.el5

yum-3.2.22-20.el5

yum-metadata-parser-1.1.2-3.el5

yum-security-1.1.16-13.el5

yum-updatesd-0.9-2.el5

卸载要使用nodeps参数，否则由于依赖关系是无法卸载成功的：

rpm -e --nodeps yum-rhn-plugin-0.5.4-13.el5

......

然后可以从163的镜像下载CentOS的yum包：

[root@banping [...]]]> 最近弄了一台阿里云服务器，安装的是RedHat5.4 64位的系统。有点奇怪的是阿里云只提供CentOS 32位的系统，RH才有64位的。但是在使用yum的过程中报错：

[root@banping mysql-5.5.10]# yum install libaio-devel

Loaded plugins: rhnplugin, security

This system is not registered with RHN.

RHN support will be disabled.

Setting up Install Process

No package libaio-devel available.

Nothing to do

意思是这套RH没有在官网上注册，不能下载RH的软件包。后来我把yum替换成了CentOS的版本，过程如下：

首先看看有哪些yum包，然后卸载掉：

[root@banping mysql-5.5.10]# rpm -qa|grep yum

yum-rhn-plugin-0.5.4-13.el5

yum-3.2.22-20.el5

yum-metadata-parser-1.1.2-3.el5

yum-security-1.1.16-13.el5

yum-updatesd-0.9-2.el5

卸载要使用nodeps参数，否则由于依赖关系是无法卸载成功的：

rpm -e --nodeps yum-rhn-plugin-0.5.4-13.el5

......

然后可以从163的镜像下载CentOS的yum包：

[root@banping centos]# wget http://mirrors.163.com/centos/5/os/x86_64/CentOS/yum-3.2.22-37.el5.centos.noarch.rpm

[root@banping centos]# wget http://mirrors.163.com/centos/5/os/x86_64/CentOS/yum-fastestmirror-1.1.16-16.el5.centos.noarch.rpm

[root@banping centos]# wget http://mirrors.163.com/centos/5/os/x86_64/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.x86_64.rpm

安装新下载的包：

[root@banping centos]# rpm -ivh yum-*

找一个CentOS的包资源配置库,名为CentOS-Base.repo，放到/etc/yum.repos.d/路径：

wget http://www.linuxidc.com/files/2011/05/06/CentOS-Base.repo

生成缓存文件到/var/cache/yum路径：

[root@banping yum.repos.d]# yum makecache

这样就可以使用CentOS的yum了。

[root@localhost banping]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
首先查看一下现有的防火墙配置：

[root@localhost banping]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

查看现有的策略：

[root@localhost banping]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8000
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:23
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

如果要重新配置，先清空之前的策略：

[root@localhost banping]# iptables -F
[root@localhost banping]# iptables -X
[root@localhost banping]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

先配置开放22端口，否则如果是远程登入的，会把自己关在外面：

[root@localhost banping]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT

然后丢弃所有的input，根据需要配置开放的就行了：

[root@localhost banping]# iptables -P INPUT DROP
[root@localhost banping]# iptables -P OUTPUT ACCEPT
[root@localhost banping]# iptables -P FORWARD ACCEPT

然后要保存一下：

[root@localhost banping]# /etc/rc.d/init.d/iptables save
将当前规则保存到 /etc/sysconfig/iptables：[确定]

重启防火墙服务：

[root@localhost banping]# service iptables restart
清除防火墙规则：[确定]
把 chains 设置为 ACCEPT 策略：filter [确定]
正在卸载 Iiptables 模块：[确定]
应用 iptables 防火墙规则：[确定]
载入额外 iptables 模块：ip_conntrack_netbios_ns [确定]

除了用iptables命令，也可以直接编辑/etc/sysconfig/iptables文件，最终的配置结果可能如下，：

[root@localhost banping]# vi /etc/sysconfig/iptables

# Generated by iptables-save v1.3.5 on Thu Apr 29 17:28:08 2010
*filter
:INPUT DROP [3:349]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5585:947488]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 172.16.0.1 -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 172.16.0.2 -i eth0 -j ACCEPT
-A INPUT -s 172.16.0.3 -i eth0 -j ACCEPT
COMMIT
# Completed on Thu Apr 29 17:28:08 2010

可见，这里的配置允许指定的IP访问22端口，开放80端口，不限制下边的两个IP进行连接。

首先去下载软件，地址分别是

http://java.sun.com/javase/downloads/index.jsp

和

http://tomcat.apache.org/

注意选择自己需要的合适的版本，比如我下载的是apache-tomcat-5.5.23.tar.gz和jdk-6u18-linux-x64-rpm.bin.gz，然后上传到/tmp目录下。

安装JDK：

[root@tomcat1 tmp]# sh jdk-6u18-linux-x64-rpm.bin

Sun Microsystems, Inc. Binary Code License Agreement

for the JAVA SE DEVELOPMENT KIT (JDK), VERSION 6

......

Do you agree to the above license terms? [yes or no]
           yes
Unpacking...
Checksumming...
Extracting...

......

Press Enter [...]]]> 在Linux 安装JDK和Tomcat 很简单，简要介绍如下：

首先去下载软件，地址分别是

http://java.sun.com/javase/downloads/index.jsp

和

http://tomcat.apache.org/

注意选择自己需要的合适的版本，比如我下载的是apache-tomcat-5.5.23.tar.gz和jdk-6u18-linux-x64-rpm.bin.gz，然后上传到/tmp目录下。

安装JDK：

[root@tomcat1 tmp]# sh jdk-6u18-linux-x64-rpm.bin

Sun Microsystems, Inc. Binary Code License Agreement

for the JAVA SE DEVELOPMENT KIT (JDK), VERSION 6

......

Do you agree to the above license terms? [yes or no]
           yes
Unpacking...
Checksumming...
Extracting...

......

Press Enter to continue.....
Done.

安装完成后，JDK被安装在/usr/java目录下。这个版本会在当前路径下安装javaDB，以前的版本不会。

安装tomcat ：

[root@tomcat1 tmp]# tar -zxvf apache-tomcat-5.5.23.tar.gz

然后会在当前路径下生成apache-tomcat-5.5.23文件夹，把它mv或cp到你想要的路径即可。

[root@tomcat1 tmp]# cp -a apache-tomcat-5.5.23 /usr/local/

然后配置环境变量：

[root@tomcat1 tmp]# vi /etc/profile

#set java environment
JAVA_HOME=/usr/java/jdk1.6.0_18
export TOMCAT_HOME=/usr/local/apache-tomcat-5.5.23

CLASSPATH=.:$JAVA_HOME/lib/tools.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH

[root@tomcat1 tmp]# source /etc/profile

查看java的版本号已经生效了：

[root@tomcat1 tmp]# java -version
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)

测试tomcat ：

[root@tomcat1 tmp]# cd /usr/local/apache-tomcat-5.5.23/bin/

[root@tomcat1 bin]# ./startup.sh
Using CATALINA_BASE:   /usr/local/apache-tomcat-5.5.23
Using CATALINA_HOME:   /usr/local/apache-tomcat-5.5.23
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-5.5.23/temp
Using JRE_HOME:       /usr/java/jdk1.6.0_18

打开网页查看8080端口就能看到可爱的猫了。

p5a1@/#snap -r

The following directories and files will be deleted:
-----------------------------------------------------------
/tmp/ibmsupt/general (directory)
/tmp/ibmsupt/other (directory)
/tmp/ibmsupt/testcase (directory)
/tmp/ibmsupt/ssa (directory)
/tmp/ibmsupt/pcixscsi (directory)
/tmp/ibmsupt/snap.pax.Z (file)

Do you want me to remove these directories (y/n)? y
Removing... done.

如果以前未做过snap，会提示：

nothing to clean up

清理完成后可以开始收集：

p5a1@/#snap -gbLc
/var/adm/ras/trcfile: No [...]]]> 用root用户登录，首先清除原来的snap信息：

p5a1@/#snap -r

The following directories and files will be deleted:
-----------------------------------------------------------
/tmp/ibmsupt/general (directory)
/tmp/ibmsupt/other (directory)
/tmp/ibmsupt/testcase (directory)
/tmp/ibmsupt/ssa (directory)
/tmp/ibmsupt/pcixscsi (directory)
/tmp/ibmsupt/snap.pax.Z (file)

Do you want me to remove these directories (y/n)? y
Removing... done.

如果以前未做过snap，会提示：

nothing to clean up

清理完成后可以开始收集：

p5a1@/#snap -gbLc
/var/adm/ras/trcfile: No such file or directory
Checking space requirement for general information.... done.
.********Checking and initializing directory structure
Creating /tmp/ibmsupt/svCollect directory tree... done.
Creating /tmp/ibmsupt/client_collect directory tree... done.
Creating /tmp/ibmsupt/lvm directory tree... done.
Creating /tmp/ibmsupt/ssa directory tree... done.
Creating /tmp/ibmsupt/general directory tree... done.
Creating /tmp/ibmsupt/general/diagnostics directory tree... done.
Creating /tmp/ibmsupt/pcixscsi directory tree... done.
Creating /tmp/ibmsupt/testcase directory tree... done.
Creating /tmp/ibmsupt/other directory tree... done.
********Finished setting up directory /tmp/ibmsupt

Checking Space requirement for svCollect
The script svCollect is not executable in /usr/lib/ras/snapscripts
Checking Space requirement for client_collect
Checking space requirement for ssa information.......... done.
Checking space requirement for logical volume manager information......
Checking space requirement for Enhanced CLVM information..../tmp/ch.log.* not found
done.
Checking for enough free space in filesystem... done.

/var/adm/ras/trcfile: No such file or directory
Gathering general system information............ done.
Gathering platform/scanout information.done.
Gathering svCollect data
The script svCollect is not executable in /usr/lib/ras/snapscripts
Gathering client_collect data
Gathering pcixscsi system information........... done.
Gathering ssa system information.......... done.
Gathering logical volume manager information..........
Gathering Enhanced CLVM information..../tmp/ch.log.* not found
done.

Creating compressed pax file...
Starting pax/compress process... Please wait... done.

-rw-------   1 0        0           1259857 Jan 20 09:24 snap.pax.Z

可以根据需要指定不同的参数，b是收集 SSA 信息，f是收集文件系统信息：

p5a1@/#snap -gLfc
/var/adm/ras/trcfile: No such file or directory
Checking space requirement for general information.................................. done.
.********Checking and initializing directory structure
Creating /tmp/ibmsupt/svCollect directory tree... done.
Creating /tmp/ibmsupt/client_collect directory tree... done.
Creating /tmp/ibmsupt/lvm directory tree... done.
Creating /tmp/ibmsupt/filesys directory tree... done.
Creating /tmp/ibmsupt/general directory tree... done.
Creating /tmp/ibmsupt/general/diagnostics directory tree... done.
Creating /tmp/ibmsupt/pcixscsi directory tree... done.
Creating /tmp/ibmsupt/testcase directory tree... done.
Creating /tmp/ibmsupt/other directory tree... done.
********Finished setting up directory /tmp/ibmsupt

Checking Space requirement for svCollect
The script svCollect is not executable in /usr/lib/ras/snapscripts
Checking Space requirement for client_collect
Checking space requirement for filesys information................done.
Checking space requirement for logical volume manager information.....................
Checking space requirement for Enhanced CLVM information..../tmp/ch.log.* not found
done.
Checking for enough free space in filesystem... done.

/var/adm/ras/trcfile: No such file or directory
Gathering general system information......................done.
Gathering platform/scanout information.done.
Gathering svCollect data
The script svCollect is not executable in /usr/lib/ras/snapscripts
Gathering client_collect data
Gathering pcixscsi system information...........................
Gathering filesys system information........done.
Gathering logical volume manager information...............
Gathering Enhanced CLVM information..../tmp/ch.log.* not found
done.

Creating compressed pax file...
Starting pax/compress process... Please wait... done.

-rw-------   1 0        0           1383719 Jun 17 10:29 snap.pax.Z

收集完成后，通过ftp就可以拿下这个文件了：

Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\banping>ftp 172.16.0.62
Connected to 172.16.0.62.
220 p5a1 FTP server (Version 4.2 Thu Jul 12 13:39:06 CDT 2007) ready.
User (172.16.0.62:(none)): root
331 Password required for root.
Password:
230-Last unsuccessful login: Sat Jan 16 09:43:39 BEIST 2010 on /dev/pts/0 from i
user.banping.com
230-Last login: Tue Jan 19 09:10:37 BEIST 2010 on ftp from user.banping.com
230 User root logged in.
ftp> bin
200 Type set to I.
ftp> get /tmp/ibmsupt/snap.pax.Z
200 PORT command successful.
150 Opening data connection for /tmp/ibmsupt/snap.pax.Z (1259857 bytes).
226 Transfer complete.
ftp: 收到 1259857 字节，用时 0.09Seconds 13402.73Kbytes/sec.

去user用户的document目录下就能拿到这个文件了。

[root@linux local]# cd /etc/xinetd.d
[root@linux xinetd.d]# ls
chargen cups-lpd daytime-udp echo-udp gssftp krb5-telnet rsync time-udp
chargen-udp daytime echo eklogin klogin kshell time

编辑gssftp文件，将server_args改为-l，将disable改为no：

[root@linux xinetd.d]# vi gssftp

# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
[...]]]> RedHat和CentOS都自带了一个gssftp服务，使用方式如下：

[root@linux local]# cd /etc/xinetd.d
[root@linux xinetd.d]# ls
chargen cups-lpd daytime-udp echo-udp gssftp krb5-telnet rsync time-udp
chargen-udp daytime echo eklogin klogin kshell time

编辑gssftp文件，将server_args改为-l，将disable改为no：

[root@linux xinetd.d]# vi gssftp

# default: off
# description: The kerberized FTP server accepts FTP connections \
# that can be authenticated with Kerberos 5.
service ftp
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/kerberos/sbin/ftpd
#server_args = -l -a
server_args = -l
log_on_failure += USERID
#disable = yes
disable = no
}

重启xinetd服务：

[root@linux xinetd.d]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

这时查看21端口已经打开：

[root@linux xinetd.d]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 22543/xinetd

如果防火墙没有打开端口，则开放21端口并重启防火墙服务：

[root@linux xinetd.d]# vi /etc/sysconfig/iptables

[root@linux xinetd.d]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

这样ftp服务就可用了，可以使用linux系统用户登录，不过gssftp不够安全，临时应急或内部使用可以，稳定的FTP服务还是建议使用vsftp来搭建。

首先在用户的profile文件中开启记录功能：

[banping@linux ~]$ cd /home/banping/
[banping@linux ~]$ vi .bash_profile
# write log
exec /usr/bin/script -a -f -q /tmp/test/script-`date +%Y%m%d%k%M`.lst

这行脚本的意思是在/tmp/test目录下以时间为文件名来记录操作信息，由于是写在了.bash_profile文件中，用户登入到Linux系统的时候就会触发执行。

然后我们在/tmp下建立test目录存放操作日志信息即可：

[banping@linux tmp]# mkdir test

这样就实现了记录的功能，而要防止用户自行修改，我们可以设置这些文件只能被附加，不能被修改或删除：

[root@linux banping]# chattr +a .bash_profile

[root@linux tmp]# chattr +a -R test

这样登录用户就无法修改这些信息了，以下是一个简单的测试：

[root@tomcat tmp]# cd test
[root@tomcat test]# touch 1.txt
[root@tomcat test]# rm [...]]]> 有时候我们需要记录Linux用户的操作记录用于审计，因此就要避免用户可以自行清除操作日志，一个简单的方式是使用script功能。

首先在用户的profile文件中开启记录功能：

[banping@linux ~]$ cd /home/banping/
[banping@linux ~]$ vi .bash_profile
# write log
exec /usr/bin/script -a -f -q /tmp/test/script-`date +%Y%m%d%k%M`.lst

这行脚本的意思是在/tmp/test目录下以时间为文件名来记录操作信息，由于是写在了.bash_profile文件中，用户登入到Linux系统的时候就会触发执行。

然后我们在/tmp下建立test目录存放操作日志信息即可：

[banping@linux tmp]# mkdir test

这样就实现了记录的功能，而要防止用户自行修改，我们可以设置这些文件只能被附加，不能被修改或删除：

[root@linux banping]# chattr +a .bash_profile

[root@linux tmp]# chattr +a -R test

这样登录用户就无法修改这些信息了，以下是一个简单的测试：

[root@tomcat tmp]# cd test
[root@tomcat test]# touch 1.txt
[root@tomcat test]# rm 1.txt
rm: remove regular empty file `1.txt'? y
rm: cannot remove `1.txt': Operation not permitted
[root@tomcat test]# cd ..
[root@tomcat tmp]# chattr -a -R test
[root@tomcat tmp]# cd test
[root@tomcat test]# rm 1.txt
rm: remove regular empty file `1.txt'? y

结合登录文件的安全保存和防火墙功能，可以实现一个简单而完整的安全审计解决方案。

查看网卡是否被内核识别：

[root@linux ~]# dmesg|grep -in eth
150:divert: not allocating divert_blk for non-ethernet device lo
239:divert: allocating divert_blk for eth0
240:e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
366:divert: not allocating divert_blk for non-ethernet device sit0
389:ADDRCONF(NETDEV_UP): eth0: link is not ready
390:e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 [...]]]> Linux的网络相关配置记录在了很多文件中，记录一下。

查看网卡是否被内核识别：

[root@linux ~]# dmesg|grep -in eth
150:divert: not allocating divert_blk for non-ethernet device lo
239:divert: allocating divert_blk for eth0
240:e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
366:divert: not allocating divert_blk for non-ethernet device sit0
389:ADDRCONF(NETDEV_UP): eth0: link is not ready
390:e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
391:ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
394:eth0: no IPv6 routers present

主机名称：

[root@linux ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linux.banping.com

网卡参数：

[root@linux ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=172.16.0.255
HWADDR=00:50:56:82:2F:49
IPADDR=172.16.0.157
NETMASK=255.255.255.0
NETWORK=172.16.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=172.16.0.254

开机加载网卡模块：

[root@linux ~]# cat /etc/modprobe.conf
alias eth0 e1000
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptscsi
alias scsi_hostadapter2 mptspi
alias scsi_hostadapter3 mptsas
alias scsi_hostadapter4 mptscsih
alias scsi_hostadapter5 ata_piix

DNS服务器：

[root@linux ~]# cat /etc/resolv.conf
search banping.com
nameserver 172.16.0.1
nameserver 172.16.0.3
nameserver 172.16.0.5

IP与主机对应：

[root@linux ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
172.16.0.157    linux.banping.com      localhost

TCP/IP协议与端口的对应

[root@linux ~]# cat /etc/services

重启所有网络参数：

[root@linux ~]# /etc/init.d/network restart
Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
Setting network parameters:  [  OK  ]
Bringing up loopback interface:  [  OK  ]
Bringing up interface eth0:  [  OK  ]

启用网卡：

[root@linux ~]# ifup eth0

停用网卡（慎用，否则可能导致你再也连不上了）：

[root@linux ~]# ifdown eth0

测试网卡：

[root@linux ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:50:56:82:2F:49
inet addr:172.16.0.157  Bcast:172.16.0.255  Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe82:2f49/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:506414 errors:0 dropped:0 overruns:0 frame:0
TX packets:1691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:140448492 (133.9 MiB)  TX bytes:200009 (195.3 KiB)

设置IP地址：

[root@linux ~]# ifconfig eth0 172.16.0.157