麒麟系统V10系统安全加固
<p>一、安装clamav杀毒软件</p><p>1.在clamav官网下载:https://www.clamav.net/downloads</p>
<p>也可以在github上下载早一点的版本:https://github.com/Cisco-Talos/clamav/releases</p>
<p>我这里安装clamav-1.1.2</p>
<div class="cnblogs_code">
<pre>rpm -ivh clamav-<span style="color: rgba(128, 0, 128, 1)">1.1</span>.<span style="color: rgba(128, 0, 128, 1)">2</span>.linux.x86_64.rpm</pre>
</div>
<p>2.下载病毒库:</p>
<p>https://database.clamav.net/main.cvd</p>
<p>https://database.clamav.net/daily.cvd</p>
<p>https://database.clamav.net/bytecode.cvd</p>
<p>将三个病毒库放在目录中,然后使用nginx代理,</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">server {
listen </span><span style="color: rgba(128, 0, 128, 1)">80</span><span style="color: rgba(0, 0, 0, 1)">;
server_namelocalhost;
root </span>/project/clamav-<span style="color: rgba(0, 0, 0, 1)">mirror;
index index.html;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
autoindex on;
}
error_page </span><span style="color: rgba(128, 0, 128, 1)">500</span> <span style="color: rgba(128, 0, 128, 1)">502</span> <span style="color: rgba(128, 0, 128, 1)">503</span> <span style="color: rgba(128, 0, 128, 1)">504</span>/<span style="color: rgba(0, 0, 0, 1)">50x.html;
location </span>= /<span style="color: rgba(0, 0, 0, 1)">50x.html {
root html;
}
}
#</span>/project/clamav-mirror/下就是三个病毒库文件</pre>
</div>
<p><img src="https://img2024.cnblogs.com/blog/2012956/202503/2012956-20250320150734252-625537128.png"></p>
<p> 把/usr/local/etc/下的clamd.conf.sample和freshclam.conf.sample 复制为clamd.conf和freshclam.conf</p>
<p>修改以下内容:</p>
<div class="cnblogs_code">
<pre>egrep -v <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^#|^$</span><span style="color: rgba(128, 0, 0, 1)">"</span> /usr/local/etc/<span style="color: rgba(0, 0, 0, 1)">clamd.conf
DatabaseDirectory </span>/<span style="color: rgba(0, 0, 255, 1)">var</span>/lib/<span style="color: rgba(0, 0, 0, 1)">clamav #病毒库存放目录
TCPSocket </span><span style="color: rgba(128, 0, 128, 1)">3310</span><span style="color: rgba(0, 0, 0, 1)">
TCPAddr </span><span style="color: rgba(128, 0, 128, 1)">0.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.0</span></pre>
</div>
<p>修改以下内容:</p>
<div class="cnblogs_code">
<pre># egrep -v <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^#|^$</span><span style="color: rgba(128, 0, 0, 1)">"</span> /usr/local/etc/<span style="color: rgba(0, 0, 0, 1)">freshclam.conf
DatabaseDirectory </span>/<span style="color: rgba(0, 0, 255, 1)">var</span>/lib/<span style="color: rgba(0, 0, 0, 1)">clamav
DatabaseOwner root
DatabaseMirror </span><span style="color: rgba(128, 0, 128, 1)">10.110</span>.<span style="color: rgba(128, 0, 128, 1)">55.11 #本地病毒库地址,就是上面配置的nginx地址</span><span style="color: rgba(0, 0, 0, 1)">
ScriptedUpdates yes
PrivateMirror </span><span style="color: rgba(128, 0, 128, 1)">10.110</span>.<span style="color: rgba(128, 0, 128, 1)">55.11 </span>#本地病毒库地址,就是上面配置的nginx地址<br> Checks <span style="color: rgba(128, 0, 128, 1)">12</span></pre>
</div>
<p> </p>
<p>执行:/usr/local/bin/freshclam 加载病毒库</p>
<div class="cnblogs_code">
<pre># /usr/local/bin/<span style="color: rgba(0, 0, 0, 1)">freshclam
ClamAV update process started at Thu Mar </span><span style="color: rgba(128, 0, 128, 1)">20</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">29</span> <span style="color: rgba(128, 0, 128, 1)">2025</span><span style="color: rgba(0, 0, 0, 1)">
WARNING: DNS Update Info disabled. Falling back to HTTP mode.
Trying to retrieve CVD header </span><span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/daily.cld</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 146B/<span style="color: rgba(0, 0, 0, 1)">146B
WARNING: remote_cvdhead: file not found: http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/daily.cld</span>
Trying to retrieve CVD header <span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/daily.cvd</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 512B/<span style="color: rgba(0, 0, 0, 1)">512B
OK
daily.cvd database </span><span style="color: rgba(0, 0, 255, 1)">is</span> up-to-date (version: <span style="color: rgba(128, 0, 128, 1)">27580</span>, sigs: <span style="color: rgba(128, 0, 128, 1)">2073246</span>, f-level: <span style="color: rgba(128, 0, 128, 1)">90</span><span style="color: rgba(0, 0, 0, 1)">, builder: raynman)
Trying to retrieve CVD header </span><span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/main.cld</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 146B/<span style="color: rgba(0, 0, 0, 1)">146B
WARNING: remote_cvdhead: file not found: http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/main.cld</span>
Trying to retrieve CVD header <span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/main.cvd</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 512B/<span style="color: rgba(0, 0, 0, 1)">512B
OK
main.cvd database </span><span style="color: rgba(0, 0, 255, 1)">is</span> up-to-date (version: <span style="color: rgba(128, 0, 128, 1)">62</span>, sigs: <span style="color: rgba(128, 0, 128, 1)">6647427</span>, f-level: <span style="color: rgba(128, 0, 128, 1)">90</span><span style="color: rgba(0, 0, 0, 1)">, builder: sigmgr)
Trying to retrieve CVD header </span><span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/bytecode.cld</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 146B/<span style="color: rgba(0, 0, 0, 1)">146B
WARNING: remote_cvdhead: file not found: http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/bytecode.cld</span>
Trying to retrieve CVD header <span style="color: rgba(0, 0, 255, 1)">from</span> http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">10.110.55.11/bytecode.cvd</span>
Time: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s, ETA: <span style="color: rgba(128, 0, 128, 1)">0</span>.0s [========================>] 512B/<span style="color: rgba(0, 0, 0, 1)">512B
OK
bytecode.cvd database </span><span style="color: rgba(0, 0, 255, 1)">is</span> up-to-date (version: <span style="color: rgba(128, 0, 128, 1)">335</span>, sigs: <span style="color: rgba(128, 0, 128, 1)">86</span>, f-level: <span style="color: rgba(128, 0, 128, 1)">90</span>, builder: raynman)</pre>
</div>
<p>启动病毒库:clamd --config-file=/usr/local/etc/clamd.conf #服务端口为3310</p>
<p> </p>
<p>扫描/project/nginx/conf/Virtaul/目录:</p>
<div class="cnblogs_code">
<pre># /usr/local/bin/clamscan -r -i /project/nginx/conf/Virtaul/
----------- SCAN SUMMARY -----------<span style="color: rgba(0, 0, 0, 1)">
Known viruses: </span><span style="color: rgba(128, 0, 128, 1)">8705025</span><span style="color: rgba(0, 0, 0, 1)">
Engine version: </span><span style="color: rgba(128, 0, 128, 1)">1.1</span>.<span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">
Scanned directories: </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
Scanned files: </span><span style="color: rgba(128, 0, 128, 1)">3</span><span style="color: rgba(0, 0, 0, 1)">
Infected files: </span><span style="color: rgba(128, 0, 128, 1)">0</span><span style="color: rgba(0, 0, 0, 1)">
Data scanned: </span><span style="color: rgba(128, 0, 128, 1)">0.01</span><span style="color: rgba(0, 0, 0, 1)"> MB
Data read: </span><span style="color: rgba(128, 0, 128, 1)">0.00</span> MB (ratio <span style="color: rgba(128, 0, 128, 1)">2.00</span>:<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">)
Time: </span><span style="color: rgba(128, 0, 128, 1)">55.487</span> sec (<span style="color: rgba(128, 0, 128, 1)">0</span> m <span style="color: rgba(128, 0, 128, 1)">55</span><span style="color: rgba(0, 0, 0, 1)"> s)
Start Date: </span><span style="color: rgba(128, 0, 128, 1)">2025</span>:<span style="color: rgba(128, 0, 128, 1)">03</span>:<span style="color: rgba(128, 0, 128, 1)">20</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">17</span>:<span style="color: rgba(128, 0, 128, 1)">06</span><span style="color: rgba(0, 0, 0, 1)">
End Date: </span><span style="color: rgba(128, 0, 128, 1)">2025</span>:<span style="color: rgba(128, 0, 128, 1)">03</span>:<span style="color: rgba(128, 0, 128, 1)">20</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">18</span>:<span style="color: rgba(128, 0, 128, 1)">02</span></pre>
</div>
<p> </p>
<p>二、配置rsyslog服务<br>1.在日志服务器开启监听514端口,且配置不同客户端主机日志存放路径</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">添加:
$ModLoad imudp
$UDPServerRun </span><span style="color: rgba(128, 0, 128, 1)">514</span><span style="color: rgba(0, 0, 0, 1)">
$ModLoad imtcp
$InputTCPServerRun </span><span style="color: rgba(128, 0, 128, 1)">514</span>
<span style="color: rgba(0, 0, 255, 1)">if</span> ($fromhost-ip == <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">10.110.55.106</span><span style="color: rgba(128, 0, 0, 1)">'</span>) then /project/client_logs/<span style="color: rgba(128, 0, 128, 1)">10.110</span>.<span style="color: rgba(128, 0, 128, 1)">55.106</span><span style="color: rgba(0, 0, 0, 1)">.log #指定10.110.55.106这台主机发过来额日志,存放路径,需要先创建日志所在的目录</span></pre>
<pre>/project/client_logs/</pre>
<pre><span style="color: rgba(0, 0, 0, 1)">。 </span>&<span style="color: rgba(0, 0, 0, 1)"> stop </span><span style="color: rgba(0, 0, 255, 1)">if</span> ($fromhost-ip == <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">10.110.55.105</span><span style="color: rgba(128, 0, 0, 1)">'</span>) then /project/client_logs/<span style="color: rgba(128, 0, 128, 1)">10.110</span>.<span style="color: rgba(128, 0, 128, 1)">55.105</span><span style="color: rgba(0, 0, 0, 1)">.log #同上 </span>&<span style="color: rgba(0, 0, 0, 1)"> stop </span><span style="color: rgba(0, 0, 255, 1)">if</span> ($fromhost-ip == <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">10.110.55.104</span><span style="color: rgba(128, 0, 0, 1)">'</span>) then /project/client_logs/<span style="color: rgba(128, 0, 128, 1)">10.110</span>.<span style="color: rgba(128, 0, 128, 1)">55.104</span><span style="color: rgba(0, 0, 0, 1)">.log </span>& stop</pre>
</div>
<p>2.在客户端服务器上的/etc/rsyslog.conf中添加:</p>
<p>*.* @10.110.55.38:514<br>*.* @@10.110.55.38:514</p>
<p>3.然后重启systemctl restart rsyslog</p>
<p> 三、修改用户登录策略。</p>
<p>1./etc/security/limits.conf<br>添加:最大登录两个用户</p>
<p>cat >>/etc/security/limits.conf <<EOF<br>* hard maxlogins 4<br>* hard maxsyslogins 2<br>root hard maxsyslogins 2<br>root hard maxlogins 2<br>EOF</p>
<p>2./etc/profile<br>添加:不操作超时退出,以及umask改为077</p>
<p>cat >>/etc/profile << EOF<br>TMOUT=900<br>export TMOUT<br>umask 077<br>EOF</p>
<p>3./etc/pam.d/sshd.pam<br>添加:<br>cat >> /etc/pam.d/sshd.pam << EOF<br>auth required pam_limits.so<br>EOF</p>
<p>4./etc/ssh/sshd_config</p>
<p>sed -i "/^#UsePAM yes/s/#UsePAM yes/UsePAM yes/g" /etc/ssh/sshd_config</p>
<p><br>5./etc/pam.d/login<br>cat >> /etc/pam.d/login << EOF<br>account required pam_limits.so<br>EOF</p>
<p> </p>
<p>6./etc/login.defs #密码过期时间为90天,最小密码长度为16位<br>修改为:<br>sed -i "/^PASS_MAX_DAYS/s/99999/90/g" /etc/login.defs<br>sed -i "/^PASS_MIN_DAYS/s/0/1/g" /etc/login.defs<br>sed -i "/^PASS_MIN_LEN/s/5/16/g" /etc/login.defs</p>
<p><br>7./etc/pam.d/sshd #如果系统/etc/pam.d/sshd中有以下配置,则不添加,如果没有,添加下面配置。</p>
<p><br>cat >> /etc/pam.d/sshd << EOF<br>#%PAM-1.0<br>auth substack password-auth<br>auth include postlogin<br>account required pam_sepermit.so<br>account required pam_nologin.so<br>account include password-auth<br>password include password-auth<br># pam_selinux.so close should be the first session rule<br>session required pam_selinux.so close<br>session required pam_loginuid.so<br># pam_selinux.so open should only be followed by sessions to be executed in the user context<br>session required pam_selinux.so open env_params<br>session required pam_namespace.so<br>session optional pam_keyinit.so force revoke<br>session optional pam_motd.so<br>session include password-auth<br>session include postlogin<br>EOF</p>
<p>10./etc/security/pwquality.conf #密码复杂度,必须包含大小写,数字,特殊字符,且最小长度为16位<br>修改密码策略:<br>sed -i "/^minlen =/s/minlen = 8/minlen = 16/g" /etc/security/pwquality.conf<br>sed -i "/^dcredit =/s/dcredit = 0/dcredit = -1/g" /etc/security/pwquality.conf<br>sed -i "/^ucredit =/s/ucredit = 0/ucredit = -1/g" /etc/security/pwquality.conf<br>sed -i "/^lcredit =/s/lcredit = 0/lcredit = -1/g" /etc/security/pwquality.conf<br>sed -i "/^ocredit =/s/ocredit = 0/ocredit = -1/g" /etc/security/pwquality.conf</p>
<p>修改:<br>sed -i "/^password requisite/s/password requisite pam_pwquality.so try_first_pass local_users_only/password requisite pam_pwquality.so try_first_pass local_users_only retry=3/g" /etc/pam.d/system-auth<br>sed -i "/^password requisite/s/password requisite pam_pwquality.so try_first_pass local_users_only/password requisite pam_pwquality.so try_first_pass local_users_only retry=3/g" /etc/pam.d/password-auth</p>
<p><br>11./etc/ssh/sshd_config<br>设置最大连接用户数为2个,且最大错误认证次数为3:<br>cat >>/etc/ssh/sshd_config << EOF</p>
<p>MaxSessions 2<br>MaxStartups 2:30:2<br>MaxAuthTries 3<br>UsePAM yes</p>
<p>EOF</p>
<p>四、三员分类</p>
<p>1.创建三权账号<br>#新建管理员<br>useradd sysadmin<br>echo Clouddeep@admin8890 |passwd --stdin sysadmin<br> <br>#新建操作员<br>useradd sysoperator<br>echo Clouddeep@operator8890 |passwd --stdin sysoperator<br> <br>#新建审计员<br>useradd sysaudit<br>echo Clouddeep@audit8890 |passwd --stdin sysaudit<br> <br>2.修改visudo配置<br>visudo<br> <br>#管理员<br>Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum<br>Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable<br>Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount<br>sysadmin ALL=(root) SOFTWARE,SERVICES,STORAGE<br> <br>#操作员<br>Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp<br>Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall<br>Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool<br>sysoperator ALL=(root) DELEGATING,PROCESSES,NETWORKING<br> <br>#审计员 #可以根据具体情况添加审计员可以查看的目录<br>sysaudit ALL=(root) NOPASSWD:/usr/bin/cat,/usr/bin/less,/usr/bin/more,/usr/bin/tail ,/usr/bin/head,/usr/bin/ls /project/logs/*<br> <br>3.测试配置是否正确<br>visudo -c</p>
<p> </p>
<p>五、升级当前OpenSSH_9.7p1版本为OpenSSH_9.9p1<br><span style="color: rgba(255, 0, 0, 1)">升级前一定要安装telnet服务,不然出现问题无法登录恢复:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"><span style="color: rgba(0, 0, 0, 1)">安装telnet服务略......</span></span></p>
<p><span style="color: rgba(255, 0, 0, 1)"><span style="color: rgba(0, 0, 0, 1)">下载最新的openssh版本:</span></span></p>
<p><span style="color: rgba(255, 0, 0, 1)"><span style="color: rgba(0, 0, 0, 1)">下载地址:https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz</span></span></p>
<p>解压:</p>
<p>执行:tar xf openssh-9.9p1.tar.gz<br>执行:cd openssh-9.9p1<br>执行:./configure --prefix=/usr/local/openssh--with-zlib --with-pam <span style="color: rgba(255, 0, 0, 1)"> #编译时必须添加--with-pam,表示开启支持PAM认证,不然升级后的sshd不支持PAM密码策略。</span></p>
<p><span style="color: rgba(255, 0, 0, 1)">注意:如果报这个错:</span><br> checking for openssl... /usr/bin/openssl<br> checking for openssl/opensslv.h... no<br> configure: error: *** OpenSSL headers missing - please install first or check config.log ***<br>需要安装:</p>
<p>执行:yum install -y openssl-devel (通过搭建本地yum源安装,搭建步骤看最后面)</p>
<p><span style="color: rgba(255, 0, 0, 1)">注意:如果报这个错:</span><br> checking if getpgrp accepts zero args... yes<br> checking for openssl... /usr/bin/openssl<br> configure: error: *** working libcrypto not found, check config.log<br>需要执行:</p>
<p>执行:ln -s/usr/lib64/libcrypto.so.1.1.1f /usr/lib64/libcrypto.so</p>
<p>然后执行:</p>
<p>执行:make && make install</p>
<p>执行:mv /usr/sbin/sshd /usr/sbin/sshd.bak</p>
<p>执行:mv /usr/bin/ssh /usr/bin/ssh.bak<br>执行:mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak<br>执行:cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd<br>执行:cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh<br>执行:cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen<em id="__mceDel"><br></em>然后重启sshd,验证服务是否正常:</p>
<p><span style="color: rgba(255, 0, 0, 1)">注意:升级后的sshd会默认加载使用/usr/local/openssh/etc/sshd_config配置文件,如果要指定配置文件为/etc/ssh/sshd_config,需要再编译时使用--sysconfdir=/etc/ssh,指定配置文件的默认位置为/etc/ssh,那么会把之前的配置文件覆盖。</span></p>
<p>执行:systemctl restart sshd</p>
<p> </p>
<p>制作本地镜像源:</p>
<p><span style="font-family: 宋体">1.</span><span style="font-family: 宋体">在</span><span style="font-family: 宋体">/mnt下新建目录ios为本地挂载做准备(可根据自身规划调整存放位置),以下为命令:</span><span style="font-family: 宋体">mkdir /mnt/ios/</span></p>
<p> </p>
<p>2.修改配置文件</p>
<p> </p>
<p><span style="font-family: 宋体">1)</span><span style="font-family: 宋体">进入存放</span><span style="font-family: 宋体">yum源配置文件夹:</span>cd /etc/yum.repos.d/</p>
<p> </p>
<p><span style="font-family: 宋体">2)将原配置文件备份(此步骤也可将原配置文件删除或将原配置文件</span><span style="font-family: 宋体">enabled参数改为0):</span><span style="font-family: 宋体">mv kylin_x86_64.repo kylin_x86_6</span><span style="font-family: 宋体">4.repo.bak</span></p>
<p> </p>
<p>3)重写配置文件:<span style="font-family: 宋体">vim local.repo</span><span style="font-family: 宋体">(</span><span style="font-family: 宋体">vim使用不了使用vi),写下以下内容(注意baseurl参数需与上面新建目录一致):</span></p>
<p> </p>
<p></span></p>
<p>name = local</p>
<p>baseurl = file:///mnt/ios</p>
<p>gpgcheck = 0</p>
<p>enabled = 1</p>
<p>4)</p>
<p><span style="font-family: 宋体">挂载</span><span style="font-family: 宋体">yum源镜像(注意此处镜像上传存放位置与新建目录位置要与上面一直):</span><span style="font-family: 宋体">mount /home/Kylin-Server-10-SP2-x86-Release-Build09-20210524.iso /mnt/ios</span></p>
<p><span style="font-family: 宋体">5)</span><span style="font-family: 宋体">清理</span><span style="font-family: 宋体">yum缓存 </span><span style="font-family: 宋体">yum clean all</span></p>
<p> 然后就可以使用yum -y install xxxx 安装镜像源中的软件包了</p>
<p> </p><br><br>
来源:https://www.cnblogs.com/wutao-007/p/18783343
頁:
[1]