10. 네트워크 상태 확인
- 서버의 기본 사용 포트를 유지하며, ProjYj Web 서버는 8070 포트를 사용하도록 함
- 포트 확인 :
netstat -ltnp | grep 8070 - 포트 죽이기 :
kill -9 [PID]
10-1. 네트워크 상태 확인
netstat> 모든 수신 소켓과 연결을 확인lsof> TCP port 접속 정보 확인 및 요약 보기
[root@localhost home]# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:44321 0.0.0.0:* LISTEN 2195/pmcd
tcp 0 0 127.0.0.1:5910 0.0.0.0:* LISTEN 349956/Xvnc
tcp 0 0 127.0.0.1:4330 0.0.0.0:* LISTEN 3175/pmlogger
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 351164/sshd: /usr/s
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1324/cupsd
tcp6 0 0 :::9090 :::* LISTEN 1/systemd
tcp6 0 0 ::1:44321 :::* LISTEN 2195/pmcd
tcp6 0 0 ::1:4330 :::* LISTEN 3175/pmlogger
tcp6 0 0 ::1:5910 :::* LISTEN 349956/Xvnc
tcp6 0 0 :::33060 :::* LISTEN 549541/mysqld
tcp6 0 0 :::22 :::* LISTEN 351164/sshd: /usr/s
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::3389 :::* LISTEN 345161/xrdp
tcp6 0 0 :::3306 :::* LISTEN 549541/mysqld
tcp6 0 0 ::1:631 :::* LISTEN 1324/cupsd
tcp6 0 0 ::1:3350 :::* LISTEN 345160/xrdp-sesman
[root@localhost home]# sudo lsof -i TCP -P |grep LISTEN
systemd 1 root 80u IPv4 777988 0t0 TCP *:111 (LISTEN)
systemd 1 root 84u IPv6 777019 0t0 TCP *:111 (LISTEN)
systemd 1 root 248u IPv6 802458 0t0 TCP *:9090 (LISTEN)
cupsd 1324 root 6u IPv6 20817 0t0 TCP localhost:631 (LISTEN)
cupsd 1324 root 7u IPv4 20818 0t0 TCP localhost:631 (LISTEN)
pmcd 2195 pcp 0u IPv4 17264 0t0 TCP localhost:44321 (LISTEN)
pmcd 2195 pcp 3u IPv6 17265 0t0 TCP localhost:44321 (LISTEN)
pmlogger 3175 pcp 7u IPv4 1337160 0t0 TCP localhost:4330 (LISTEN)
pmlogger 3175 pcp 8u IPv6 1337161 0t0 TCP localhost:4330 (LISTEN)
xrdp-sesm 345160 root 11u IPv6 742974 0t0 TCP localhost:3350 (LISTEN)
xrdp 345161 root 11u IPv6 746744 0t0 TCP *:3389 (LISTEN)
Xvnc 349956 root 6u IPv4 760993 0t0 TCP localhost:5910 (LISTEN)
Xvnc 349956 root 7u IPv6 760994 0t0 TCP localhost:5910 (LISTEN)
sshd 351164 root 3u IPv4 763481 0t0 TCP *:22 (LISTEN)
sshd 351164 root 4u IPv6 763483 0t0 TCP *:22 (LISTEN)
mysqld 549541 mysql 21u IPv6 1688602 0t0 TCP *:33060 (LISTEN)
mysqld 549541 mysql 24u IPv6 1684797 0t0 TCP *:3306 (LISTEN)
[root@localhost home]# sudo lsof -i -nP | grep LISTEN | awk '{print $(NF-1)" "$1}' | sort
*:111 systemd
*:111 systemd
127.0.0.1:4330 pmlogger
127.0.0.1:44321 pmcd
127.0.0.1:5910 Xvnc
127.0.0.1:631 cupsd
[::1]:3350 xrdp-sesm
[::1]:4330 pmlogger
[::1]:44321 pmcd
[::1]:5910 Xvnc
[::1]:631 cupsd
*:22 sshd
*:22 sshd
*:33060 mysqld
*:3306 mysqld
*:3389 xrdp
*:9090 systemd11. Tomcat 설치
- 8.0.36 버전을 기준으로 설치
- rpm 배포 파일이 없고, 압축 파일로만 제공됨 > wget 으로 다운로드 진행
# 디렉토리 생성
[root@localhost /]# mkdir projyjengine
[root@localhost /]# mkdir tomcat
# wget 으로 다운로드
[root@localhost Downloads]# pwd
/root/Downloads
[root@localhost Downloads]# wget https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.tar.gz
--2024-03-28 09:45:52-- https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.tar.gz
Resolving archive.apache.org (archive.apache.org)... 65.108.204.189, 2a01:4f9:1a:a084::2
Connecting to archive.apache.org (archive.apache.org)|65.108.204.189|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9277365 (8.8M) [application/x-gzip]
Saving to: ‘apache-tomcat-8.0.36.tar.gz’
apache-tomcat-8.0.36.tar.gz 100%[============================================================================>] 8.85M 939KB/s in 11s
2024-03-28 09:46:04 (831 KB/s) - ‘apache-tomcat-8.0.36.tar.gz’ saved [9277365/9277365]/tomcat경로에 압축 풀기
[root@localhost Downloads]# tar -xvf apache-tomcat-8.0.36.tar.gz -C /tomcat/
apache-tomcat-8.0.36/bin/catalina.sh
apache-tomcat-8.0.36/bin/configtest.sh
apache-tomcat-8.0.36/bin/daemon.sh11-1. Tomcat 설정
server.xml: 8080 포트를 8070 로 변경하고 저장
[root@localhost conf]# pwd
/tomcat/apache-tomcat-8.0.36/conf
[root@localhost conf]# vi server.xml
<Connector port="8070" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />- Time zone 확인
[root@localhost conf]# timedatectl
Local time: Thu 2024-03-28 09:51:11 KST
Universal time: Thu 2024-03-28 00:51:11 UTC
RTC time: Thu 2024-03-28 09:51:11
Time zone: Asia/Seoul (KST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: yes- 방화벽 8070 포트 열기 (8888 이었다가 변경함)
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=8070/tcp
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-port
3306/tcp 3389/tcp 8070/tcp 8888/tcp- Java Version 확인 :
openjdk version "1.8.0_362"
[root@localhost conf]# java -version
openjdk version "1.8.0_362"
OpenJDK Runtime Environment (build 1.8.0_362-b08)
OpenJDK 64-Bit Server VM (build 25.362-b08, mixed mode)🔶 환경변수 설정
- 환경변수 설정 진행하진 않았으나, 일단 기록해둔 것임
/etc/profile을 직접 수정
[root@localhost etc]# cd /etc
[root@localhost etc]# vi profile
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.362.b09-4.el9.x86_64/jre
CATALINA_HOME=/tomcat/apache-tomcat-8.0.3611-2. Tomcat 구동
- http://192.168.1.999:8070/ 정상 접속되는 것 확인
[root@localhost bin]# pwd
/tomcat/apache-tomcat-8.0.36/bin
[root@localhost bin]# ./startup.sh
Using CATALINA_BASE: /tomcat/apache-tomcat-8.0.36
Using CATALINA_HOME: /tomcat/apache-tomcat-8.0.36
Using CATALINA_TMPDIR: /tomcat/apache-tomcat-8.0.36/temp
Using JRE_HOME: /usr
Using CLASSPATH: /tomcat/apache-tomcat-8.0.36/bin/bootstrap.jar:/tomcat/apache-tomcat-8.0.36/bin/tomcat-juli.jar
Tomcat started.12. CentOS IP 변경
- 참고 : 네트워크 설정 - IP 변경 / CentOS7 IP 변경하기 / CentOS 에서 IP 설정 및 변경하기 / CentOS 7 고정 IP 설정
- 이 방법으로 되지 않아서 아래 명령어 수행 후, 13. CentOS IP 변경 으로 넘어감
[root@localhost network-scripts]# rm -rf ifcfg-eno112-1. 이더넷 세팅
- 네트워크 인터페이스 name 확인 :
eno1inet 192.168.1.999을 확인
[root@localhost bin]# ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.999 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::dabb:c1ff:fe4d:c443 prefixlen 64 scopeid 0x20<link>
ether d8:bb:c1:4d:c4:43 txqueuelen 1000 (Ethernet)
RX packets 480472 bytes 169286658 (161.4 MiB)
RX errors 0 dropped 32337 overruns 0 frame 0
TX packets 249470 bytes 258333052 (246.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xa1200000-a1220000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 62902 bytes 3802084 (3.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62902 bytes 3802084 (3.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 아래 방법으로도 확인 가능
[root@localhost bin]# ls /sys/class/net
eno1 loifcfg-eno1파일이 없어서 새로 생성BOOTPROTO: dhcp 대신 static 으로 설정 (dhcp: 자동할당 / static: 수동으로 설정)IPADDR: 설정할 IP 주소NETMASK: 서브넷 마스크 주소GATEWAY: 게이트웨이 주소DNS: DNS주소 (웹 사이트 연결하지 않을 경우 필요 없음)ONBOOT: no일 경우 yes로 바꾸기 (부팅할 때 자동 네트워크 활성화 설정하는 것)DEVICE: 위의 name 값eno1
[root@localhost network-scripts]# cd /etc/sysconfig/network-scripts
[root@localhost network-scripts]# touch ifcfg-eno1
[root@localhost network-scripts]# vi ifcfg-eno1
# 내용 확인
[root@seob network-scripts]# cat ifcfg-eno1
TYPE=Ethernet
PROXY_METHOD=none
BOOTPROTO=static
IPADDR=192.168.1.111
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
ONBOOT=yes
DEVICE=eno1
NAME=eno1
#USERCTL=no12-2. Network Server 재시작
service network restart,systemctl restart network명령어로 재시작- CentOS 8 이상에서는 서비스 명칭이
Network대신NetworkManager로 변경됨
- CentOS 8 이상에서는 서비스 명칭이
[root@localhost ~]# service network restart
Redirecting to /bin/systemctl restart network.service
Failed to restart network.service: Unit network.service not found.service NetworkManager restart명령어로 재시작
[root@localhost network-scripts]# service NetworkManager restart
Redirecting to /bin/systemctl restart NetworkManager.service12-3. 재시작 전후로 상태 확인
- dmesg 시스템 부팅 로그 확인
[root@localhost network-scripts]# dmesg | grep eth
[ 1.524205] e1000e 0000:00:1f.6 eth0: (PCI Express:2.5GT/s:Width x1) d8:bb:c1:4d:c4:43
[ 1.524207] e1000e 0000:00:1f.6 eth0: Intel(R) PRO/1000 Network Connection
[ 1.524356] e1000e 0000:00:1f.6 eth0: MAC: 13, PHY: 12, PBA No: FFFFFF-0FF
[ 1.719672] e1000e 0000:00:1f.6 eno1: renamed from eth0
[root@localhost network-scripts]# dmesg | grep eno1
[ 1.719672] e1000e 0000:00:1f.6 eno1: renamed from eth0
[ 25.238976] e1000e 0000:00:1f.6 eno1: NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx
[ 25.239153] IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready- PCI 드라이버 확인
[root@localhost network-scripts]# lspci | grep Ethernet
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (10) I219-V (rev 11)- systemctl status 서비스
[root@localhost ~]# systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-03-28 10:57:46 KST; 45s ago
Docs: man:NetworkManager(8)
Main PID: 118424 (NetworkManager)
Tasks: 3 (limit: 202236)
Memory: 5.4M
CPU: 39ms
CGroup: /system.slice/NetworkManager.service
└─118424 /usr/sbin/NetworkManager --no-daemon
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7788] device (lo): Activation: successful, device activated.
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7792] policy: set 'eno1' (eno1) as default for IPv4 routing and DNS
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7804] device (eno1): state change: ip-config -> ip-check (reason 'none', s>
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7863] device (eno1): state change: ip-check -> secondaries (reason 'none',>
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7864] device (eno1): state change: secondaries -> activated (reason 'none'>
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7866] manager: NetworkManager state is now CONNECTED_SITE
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7869] device (eno1): Activation: successful, device activated.
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7873] manager: NetworkManager state is now CONNECTED_GLOBAL
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7874] manager: startup complete
Mar 28 10:57:46 localhost.localdomain NetworkManager[118424]: <info> [1711591066.7921] policy: set-hostname: set hostname to 'localhost.localdomain' (no ho>
...skipping...- IP 주소 확인하기
[root@localhost network-scripts]# ip addr show eno1
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether d8:bb:c1:4d:c4:43 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.1.999/24 brd 192.168.1.255 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 fe80::dabb:c1ff:fe4d:c443/64 scope link noprefixroute
valid_lft forever preferred_lft forever- 사용 가능한 모든 장치의 상태 표시 :
nmcli dev status/ 사용 가능한 모든 연결의 상태를 표시 :nmcli con show
[root@localhost network-scripts]# nmcli dev status
DEVICE TYPE STATE CONNECTION
eno1 ethernet connected eno1
lo loopback connected (externally) lo- 네트워크 정보 확인 (IP 주소만 보기) :
ifconfig eno1 | grep inet
🔶 기타 작업
- 네트워크 재시작 후에도 IP 주소가 변경되지 않아 장치 비활성화 시도
eno1장치 활성화/비활성화 :ifup eno1,ifdown eno1
[root@localhost network-scripts]# ifdown eno1
bash: ifdown: command not found...
Install package 'NetworkManager-initscripts-updown' to provide command 'ifdown'? [N/y] y
* Waiting in queue...
* Loading list of packages....
The following packages have to be installed:
NetworkManager-initscripts-updown-1:1.47.2-1.el9.noarch Legacy ifup/ifdown scripts for NetworkManager that replace initscripts (network-scripts)
Proceed with changes? [N/y] y- 설치하라는 문구가 나와 설치 진행
- 아래와 같은 오류 발생
[root@localhost network-scripts]# ifdown eno1
Error: '/etc/sysconfig/network-scripts/ifcfg-eno1' is not an active connection.
Error: no active connection provided.
Failure to deactivate file "eno1"!
See all profiles with `nmcli connection`.
Reload files from disk with `nmcli connection reload`
Deactivate the desired profile with `nmcli connection down \"$NAME\"`13. CentOS IP 변경
eno1.nmconnection파일 > IP 주소 변경
[root@localhost system-connections]# cd /etc/NetworkManager/system-connections/
[root@localhost system-connections]# ls
eno1.nmconnection
[root@localhost system-connections]# vi eno1.nmconnection
# 내용 수정
[ipv4]
address1=192.168.1.111/24,192.168.1.1
dns=210.94.0.73;210.220.163.82;
ignore-auto-dns=true
method=manual- Network Server 재시작
[root@localhost system-connections]# service NetworkManager restart
Redirecting to /bin/systemctl restart NetworkManager.service- IP 주소 확인하기 (
inet 192.168.1.111가 추가됨)
[root@localhost network-scripts]# ip addr show eno1
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether d8:bb:c1:4d:c4:43 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.1.999/24 brd 192.168.1.255 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet 192.168.1.111/24 brd 192.168.1.255 scope global secondary noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 fe80::dabb:c1ff:fe4d:c443/64 scope link noprefixroute
valid_lft forever preferred_lft forever- 접속도 잘 되는 것으로 확인됨
14. 계정 생성
projyj추가로 생성adduser: 사용자 홈 디렉토리를 포함한 사용자 관련 설정을 자동 생성 / 사용자가 설정한 기본 쉘을 사용자의 쉘로 지정useradd: 사용자 홈 디렉토리를 포함한 사용자 관련 설정을 자동생성 하지 않음 / 홈 디렉토리와 패스워드 그 외에도 여러가지 설정을 따로 해줘야 함 / 기본 쉘인 sh가 할당됨
[root@localhost ~]# whoami
root
[root@localhost home]# adduser projyj -p password$$
[root@localhost projyj]# id projyj # 정보 조회
uid=1001(projyj) gid=1001(projyj) groups=1001(projyj)- 패스워드 변경
[root@localhost home]# passwd projyj
Changing password for user projyj.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.🔶 생성 계정 확인
- 설정된 계정 ID 확인
[root@localhost home]# grep /bin/bash /etc/passwd | cut -f1 -d:
root
projyj🔶 계정 삭제
-r: 계정의 home directory 등을 포함한 완전 삭제
userdel [user] // 사용자 계정만 삭제
userdel -r [user] // home directory 등을 포함한 완전 삭제14-1. 계정 권한 부여
visudo또는vi /etc/sudoers로 해당 파일 확인- sudoers 수정 시에는
visudo사용을 권고하고 있음
- sudoers 수정 시에는
[root@localhost home]# visudo
visudo: /etc/sudoers.tmp unchanged
[root@localhost home]# vi /etc/sudoersprojyj계정도 root 권한 주기
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
projyj ALL=(ALL) ALL
개린이