分類: CentOS

參考網頁：
CentOS 7 : SSH Server : Use Parallel SSH : Server World

如果有多台 Server 要查看或進行設定，可以考慮使用 pssh。
使用限制：
這幾台 Server 的密碼要一樣，或是先好 頭城國小資訊組 | 免密碼登入 SSH Server 的設定。

1. 安裝 pssh
# yum install pssh –enablerepo=epel

2. 查看 192.168.1.9 / 192.168.1.10 的開機時間
-H 要操作的主機
-i 要執行的命令
# pssh -H “192.168.1.9 192.168.1.10” -i “uptime”
[1] 11:19:10 [FAILURE] 192.168.1.10 Exited with error code 255
Stderr: pssh error: SSH requested a password. Please create SSH keys or use
the -A option to provide a password.
Permission denied (publickey,password).
[2] 11:19:20 [FAILURE] 192.168.1.9 Exited with error code 255
Stderr: pssh error: SSH requested a password. Please create SSH keys or use
the -A option to provide a password.
Permission denied (publickey,password).

上面提示需要輸入密碼，可以使用 -A 參數[@more@]3. 加上 -A 參數
# pssh -A -H “192.168.1.9 192.168.1.10” -i “uptime”
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 11:24:20 [SUCCESS] 192.168.1.9
11:24:20 up 13 days, 16:43, 2 users, load average: 0.57, 0.48, 0.47
[2] 11:24:20 [SUCCESS] 192.168.1.10
11:24:20 up 4 days, 20:20, 0 users, load average: 0.02, 0.06, 0.07

4. 如果二台密碼不相同，就要使用 ssh key 的方式來處理
# pssh -A -H “192.168.1.99 192.168.1.8” -i “uptime”
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 11:26:18 [SUCCESS] 192.168.1.99
11:26:18 up 13 days, 16:45, 2 users, load average: 0.29, 0.39, 0.44
[2] 11:26:20 [FAILURE] 192.168.1.8 Exited with error code 255
Stderr: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

5. 將要連線的 Server 清單放在檔案之中
# cat pssh_hosts.txt
root@192.168.1.9
root@192.168.1.10
# pssh -A -h pssh_hosts.txt -i “uptime”
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 11:24:20 [SUCCESS] 192.168.1.9
11:24:20 up 13 days, 16:43, 2 users, load average: 0.57, 0.48, 0.47
[2] 11:24:20 [SUCCESS] 192.168.1.10
11:24:20 up 4 days, 20:20, 0 users, load average: 0.02, 0.06, 0.07

6. 更多的參數
# pssh –help
Usage: pssh [OPTIONS] command […]

Options:
–version show program’s version number and exit
–help show this help message and exit
-h HOST_FILE, –hosts=HOST_FILE
hosts file (each line “[user@]host[:port]”)
-H HOST_STRING, –host=HOST_STRING
additional host entries (“[user@]host[:port]”)
-l USER, –user=USER username (OPTIONAL)
-p PAR, –par=PAR max number of parallel threads (OPTIONAL)
-o OUTDIR, –outdir=OUTDIR
output directory for stdout files (OPTIONAL)
-e ERRDIR, –errdir=ERRDIR
output directory for stderr files (OPTIONAL)
-t TIMEOUT, –timeout=TIMEOUT
timeout (secs) (0 = no timeout) per host (OPTIONAL)
-O OPTION, –option=OPTION
SSH option (OPTIONAL)
-v, –verbose turn on warning and diagnostic messages (OPTIONAL)
-A, –askpass Ask for a password (OPTIONAL)
-x ARGS, –extra-args=ARGS
Extra command-line arguments, with processing for
spaces, quotes, and backslashes
-X ARG, –extra-arg=ARG
Extra command-line argument
-i, –inline inline aggregated output and error for each server
–inline-stdout inline standard output for each server
-I, –send-input read from standard input and send as input to ssh
-P, –print print output as we get it

Example: pssh -h hosts.txt -l irb2 -o /tmp/foo uptime

參考網站：
CentOS 7 : SSH Server : Use SSHPass : Server World

1. 安裝 sshpass 套件
# yum install sshpass –enablerepo=epel

2. 使用命令列來輸入密碼，登入成功之後執行 free 指令查看記憶體使用狀況
# sshpass -p 123456 ssh 192.168.1.101 free
             total       used       free     shared    buffers     cached
Mem:      16122192   15946676     175516     252788     914424   12375072
-/+ buffers/cache:    2657180   13465012
Swap:      7340028      30684    7309344
[@more@]3. 使用密碼檔
# echo ‘123456’ > sshpass.txt
# chmod 600 sshpass.txt
# sshpass -f sshpass.txt ssh 192.168.1.101 free

4. 使用環境變數
# export SSHPASS=123456
# sshpass -e ssh 192.168.1.101 free

5. 更多參數
# sshpass -help
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var “SSHPASS”
   With no parameters – password will be taken from stdin

   -P prompt     Which string should sshpass search for to detect a password prompt
   -v            Be verbose about what you’re doing
   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used

參考網站：
CentOS 7 : SSH Server : SFTP only + Chroot : Server World

以前的作法都是不開放一般使用者使用 ssh，讓使用者使用 ftp 來傳輸檔案，不過 FTP Server 算是比較不安全的通訊協定而且還要安裝建置 FTP Server，所以改用 SFTP，因為帳號密碼及傳輸資料都有經過加密，會比較安全。
以前的作法：
# useradd test -d /home/test -m -s /bin/nologin
改用 SFTP 的作法：
1. 建立 sftp 群組
# groupadd sftp_users
2. 新增使用者
# useradd test -G sftp_users -d /home/test -m
如果使用者已經建立完成
# usermod -G sftp_users test
3. 設定帳號密碼
# passwd test
Changing password for user test.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[@more@]4. 修改 SSH Server 設定
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
# vim /etc/ssh/sshd_config
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp

Match Group sftp_users
        X11Forwarding no
        AllowTcpForwarding no
        ChrootDirectory /home
        ForceCommand internal-sftp

5. 重新啟動 SSH Server
# systemctl restart sshd.service

6. 進行測試
# ssh test@192.168.1.17
test@192.168.1.17’s password:
Could not chdir to home directory /home/test: No such file or directory
This service allows sftp connections only.
Connection to 192.168.1.17 closed.

# sftp test@192.168.1.17
Connecting to 192.168.1.17…
test@192.168.1.17’s password:
sftp> ls -l
drwx–x–x    2 1000     1001         4096 Mar 11 02:05 test
sftp> bye

一般使用者可以使用 FileZilla 或是 WinSCP。

參考網頁：
Cacti 0.8.8b 安裝及設定Monitor & thold Plugin:::iThome Download-你要的軟體在這裡:::

1.0.x 版無法安裝，顯示 Plugin Not Compatible

Cacti monitor 下載網站：
http://docs.cacti.net/plugin:monitor#monitor
1. 下載 monitor plugin
# wget http://docs.cacti.net/_media/plugin:monitor-v1.3-1.tgz
2. 更改檔案名稱
# mv plugin:monitor-v1.3-1.tgz plugin_monitor-v1.3-1.tgz
3. 解壓縮
# tar xvzf plugin_monitor-v1.3-1.tgz -C /usr/share/cacti/plugins[@more@]
4. 登入 Cacti 後，選擇 Plugin Management

5. 選擇 Install Plugin

6. 選擇 Enable Plugin

7. 上方會出現 monitor 頁面

8. 選擇 Settings

9. 選擇 Misc 頁面

10. 進行設定

11. 觀看成果！

1. 安裝 epel 套件庫
# yum install epel-release
# yum update

2. 安裝 LAMP
# yum install httpd mariadb-server php php-mysql php-pear php-gd php-mbstring net-snmp net-snmp-utils rrdtool

3. 安裝 cacti
# yum install cacti[@more@]
4. 啟動相關服務並開機時啟動
# systemctl enable httpd.service
# systemctl enable mariadb.service
# systemctl start httpd.service
# systemctl start mariadb.service

5. 設定 MariaDB SQL Server
# /usr/bin/mysql_secure_installation

6. 建立資料庫並設定管理帳號及密碼
# /usr/bin/mysql -u root -p
MariaDB [(none)]> create database cacti;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on cacti.* to cacti@localhost identified by ‘password’;
Query OK, 0 rows affected (0.00 sec)

# For 1.0.x
MariaDB [(none)]> grant select on mysql.time_zone_name to cacti@localhost;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

7. 匯入資料 版本會變動
# /usr/bin/mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.8h/cacti.sql
# /usr/bin/mysql -u cacti -p cacti < /usr/share/doc/cacti-1.0.4/cacti.sql

8. 修改 /etc/httpd/conf.d/cacti.conf 限制瀏覽的 IP 來源
# sed -i “/# httpd 2.4/attRequire ip 192.168.1.0/24” /etc/httpd/conf.d/cacti.conf
# cat /etc/httpd/conf.d/cacti.conf
Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        <IfModule mod_authz_core.c>
                # httpd 2.4
                Require ip 192.168.1.0/24
                Require host localhost
        </IfModule>
        <IfModule !mod_authz_core.c>
                # httpd 2.2
                Order deny,allow
                Deny from all
                Allow from localhost
        </IfModule>
</Directory>

9. 重新啟動 Web Server
# systemctl restart httpd.service

10. 修改 cacti 資料庫設定  /etc/cacti/db.php
# sed -i -e ‘s/database_username = “cactiuser”/database_username = “cacti”/’ -e ‘s/database_password = “cactiuser”/database_password = “password”/’ /etc/cacti/db.php
For 1.0.x
# sed -i -e “s/database_username = ‘cactiuser’/database_username = ‘cacti’/” -e “s/database_password = ‘cactiuser’/database_password = ‘password’/” /etc/cacti/db.php

11. 修改 cacti 工作排程設定 /etc/cron.d/cacti
# sed -i -e ‘s/^#//’ /etc/cron.d/cacti

12. 進行安裝設定 http://Server’IP/cacti

13.安裝過程 0.8.8 版本

預設帳號密碼：admin / admin

安裝完成！

1.0.x 版

解決 ERROR: Your Cacti database login account does not have access to the MySQL TimeZone database. Please provide the Cacti database account “select” access to the “time_zone_name” table in the “mysql” database, and populate MySQL’s TimeZone information before proceeding.

# /usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /usr/bin/mysql -u root -p mysql
Enter password:

更改目錄擁有者及權限
# chown -R apache:apache /usr/share/cacti
# chmod -R 777 /usr/share/cacti/resource

進行安裝 http://Server’IP/cacti

有一些 Warn，先跳過

Next

程式路徑

目錄權限

安裝完成

預設帳號及密碼：admin / admin

重設密碼，密碼強度要求很高

按 Save 更改密碼

登入完成畫面

參考網頁：
CentOS 7 : Create SSL Certificates : Server World
CentOS 7 : OpenLDAP : LDAP over TLS : Server World

1. 切換目錄
# cd /etc/pki/tls/certs
2. 建立 server.key
# make server.key
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
…………….+++
…………………………………………………………+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying – Enter pass phrase:[@more@]
3. 去除密碼從 server.key
# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key

4. 建立 server.csr
# make server.csr
umask 77 ;
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [TW]:
State or Province Name (full name) [Yilan]:
Locality Name (eg, city) [TouCheng]:
Organization Name (eg, company) [Elementary School]:
Organizational Unit Name (eg, section) [LDAP Server]:
Common Name (eg, your name or your server’s hostname) []:xxxx.tces.ilc.edu.tw
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

5. 建立馮證
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=TW/ST=Yilan/L=TouCheng/O=Elementary School/OU=LDAP Server/CN=xxxx.tces.ilc.edu.tw
Getting Private key

6. 複製檔案到 /etc/openldap/certs 目錄
# cp /etc/pki/tls/certs/server.key /etc/pki/tls/certs/server.crt /etc/pki/tls/certs/ca-bundle.crt /etc/openldap/certs

7. 更改檔案擁有者及群組
# chown ldap:ldap /etc/openldap/certs/server.* /etc/openldap/certs/ca-bundle.crt

8. 建立 mod_ssl.ldif
# cat mod_ssl.ldif
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt
–
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/server.crt
–
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/server.key

9. 匯入
#  ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “cn=config”

10. 修改 /etc/sysconfig/slapd 加入 ldaps:///
# cp /etc/sysconfig/slapd /etc/sysconfig/slapd.$(date +%F)
# sed -i ‘/SLAPD_URLS/s@ldapi:/// ldap:///@ldapi:/// ldap:/// ldaps:///@’ /etc/sysconfig/slapd

11. 重新啟動 LDAP Server
# systemctl restart slapd.service

12. 檢查是否有正常執行
# netstat -antulp | egrep ‘389|636’
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN      1933/slapd
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      1933/slapd
tcp6       0      0 :::636                  :::*                    LISTEN      1933/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      1933/slapd

13. 防火牆設定
# firewall-cmd –permanent –add-service=ldap
# firewall-cmd –permanent –add-service=ldaps
# firewall-cmd –reload
或
# iptables -A INPUT -p tcp -s 192.168.1.0/24 –syn -m state –state NEW –dport 389 -j ACCEPT
# iptables -A INPUT -p tcp -s 192.168.1.0/24 –syn -m state –state NEW –dport 636 -j ACCEPT

為了安全的因素，LDAP 可以走 TLS/SSL 加密協定。
參考網頁：
Linux ． 無限: 在 CentOS7/RHEL7 上安裝設定 LDAP Server(一)

1. 安裝 openssl 套件
# yum install openssl

2. 修改 /etc/pki/tls/openssl.cnf
# cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.$(date +%F)
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = TW
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Yilan

localityName                    = Locality Name (eg, city)
localityName_default            = TouCheng

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Elementary School

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = LDAP Server[@more@]
3. 製作金鑰
# openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/priv.pem -days 3650
Generating a 2048 bit RSA private key
………+++
……………+++
writing new private key to ‘/etc/openldap/certs/priv.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [TW]:
State or Province Name (full name) [Yilan]:
Locality Name (eg, city) [TouCheng]:
Organization Name (eg, company) [Elementary School]:
Organizational Unit Name (eg, section) [LDAP Server]:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

4. 改變目錄擁有者及群組和檔案權限
# chown -R ldap:ldap /etc/openldap/certs
# chmod 600 /etc/openldap/certs/priv.pem
# ls -l /etc/openldap/certs/*
-rw-r–r– 1 ldap ldap 65536 Mar  8 17:46 /etc/openldap/certs/cert8.db
-rw-r–r– 1 ldap ldap  1391 Mar 10 14:14 /etc/openldap/certs/cert.pem
-rw-r–r– 1 ldap ldap 16384 Mar  8 17:46 /etc/openldap/certs/key3.db
-r–r—– 1 ldap ldap    45 Dec  7 10:22 /etc/openldap/certs/password
-rw——- 1 ldap ldap  1704 Mar 10 14:14 /etc/openldap/certs/priv.pem
-rw-r–r– 1 ldap ldap 16384 Dec  7 10:22 /etc/openldap/certs/secmod.db

5. 建立 tlsc.ldif
# cat tlsc.ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

6. 匯入
# /bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f tlsc.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “cn=config”

modifying entry “cn=config”

7. 重新啟動 LDAP Server
# systemctl restart slapd.service

似乎沒有成功，嘗試其它方法！

ss 的功能和 netstat 相近。
主要參數有：

[@more@]# ss -antulp
Netid State      Recv-Q Send-Q                                                          Local Address:Port                                                                         Peer Address:Port
udp   UNCONN     0      0                                                                           *:161                                                                                     *:*                   users:((“snmpd”,pid=52,fd=6))
tcp   LISTEN     0      128                                                                 127.0.0.1:199                                                                                     *:*                   users:((“snmpd”,pid=52,fd=7))
tcp   LISTEN     0      128                                                                         *:22                                                                                      *:*                   users:((“sshd”,pid=72,fd=3))
tcp   LISTEN     0      128                                                                        :::22                                                                                     :::*                   users:((“sshd”,pid=72,fd=4))

# netstat -antulp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      52/snmpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      72/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      72/sshd
udp        0      0 0.0.0.0:161             0.0.0.0:*                           52/snmpd

還是比較習慣使用 netstat

ip 指令和 ifconfig 的功能有些類似，但命令可以更加簡短

1. 列出所有網路介面 IP
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
112: eth0@if113: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 9e:5b:bb:11:35:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.17/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever[@more@]2. 單獨列出某一網路介面
# ip addr show eth0
# ip a s eth0
112: eth0@if113: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 9e:5b:bc:14:35:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.17/24 brd 192.168.1.255 scope global eth0

3. 列出網路路由
# ip route
# ip r
default via 192.168.1.254 dev eth0
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.17

取出 IP
# ip a s eth0 | grep ‘inet ‘ | awk ‘{print $2}’ | awk -F’/’ ‘{print $1}’
192.168.1.17
# ip r | grep src | awk ‘{print $9}’
192.168.1.17

取出 mac address
# ip a s eth0 | grep ‘link/ether’ | awk ‘{print $2}’
9e:5b:bb:11:35:a7

nmcli 是 CentOS 7.x 預設的網路管理工具，不過之前一直習慣使用 ifconfig，所以並沒有特別去研究。
# which nmcli
/usr/bin/nmcli

如果找不到，請安裝 NetworkManager 套件
# yum install NetworkManager
# systemctl start NetworkManager.service

參考網頁：
2.3. 使用 NetworkManager 命令行工具 nmcli
RHEL / CentOS 7 網路管理工具 — nmcli – Linux 技術手札[@more@]1 顯示所有連線:
# nmcli connection show
# nmcli c s
NAME     UUID                                  TYPE            DEVICE
enp0s25  d28b1a52-51d3-482c-b36e-37b7b80d7ded  802-3-ethernet  enp0s25
enp1s0   6d31aafd-1033-4853-ba71-e062608189b0  802-3-ethernet  enp1s0
enp1s1   6af9cc1f-4fac-40e8-80e6-6bda5b66886b  802-3-ethernet  enp1s1

只顯示 active 的連線:
# nmcli connection show –active
# nmcli connection show -a
# nmcli c s -a
NAME     UUID                                  TYPE            DEVICE
enp0s25  d28b1a52-51d3-482c-b36e-37b7b80d7ded  802-3-ethernet  enp0s25
enp1s0   6d31aafd-1033-4853-ba71-e062608189b0  802-3-ethernet  enp1s0
enp1s1   6af9cc1f-4fac-40e8-80e6-6bda5b66886b  802-3-ethernet  enp1s1

顯示所有 NetworkManager 辨識到的裝置及它們目前的狀態:
# nmcli device status
# nmcli d s
DEVICE   TYPE      STATE      CONNECTION
enp0s25  ethernet  connected  enp0s25
enp1s0   ethernet  connected  enp1s0
enp1s1   ethernet  connected  enp1s1
lo       loopback  unmanaged  —

停用網卡:
# nmcli device disconnect enp1s1
# nmcli d d enp1s1
Device ‘enp1s1’ successfully disconnected.

啟用網卡:
# nmcli device connect enp1s1
# nmcli d c enp1s1
Device ‘enp1s1’ successfully activated with ‘6af9cc1f-4fac-40e8-80e6-6bda5b66886b’.

加入固定 IP:
# nmcli connection add type ethernet con-name test-lab ifname enp1s1 ip4 10.10.10.10/24 gw4 10.10.10.254
# nmcli con add type ethernet con-name test-lab ifname enp1s1 ip4 10.10.10.10/24 gw4 10.10.10.254
Connection ‘test-lab’ (‘6af9cc1f-4fac-40e8-80e6-6bda5b66886b) successfully added.
# nmcli con add type ethernet con-name test-lab ifname enp1s1 ip4 10.10.10.10/24 gw4 10.10.10.254 ip6 abbe::cafe gw6 2001:db8::1

設定使用的 Dns Servers:
# nmcli connection modify test-labipv4.dns “168.95.1.1 140.111.66.1 8.8.8.8”
# nmcli con mod test-lab ipv4.dns “168.95.1.1 140.111.66.1 8.8.8.8”
# nmcli con mod test-lab ipv6.dns “2001:b000:168::2 2001:288:a201::66:1 2001:4860:4860::8888”

啟動新連結線:
# nmcli connection up  test-lab ifname enp1s1
# nmcli con up  test-lab ifname enp1s1