1 . 编写resolv.conf(dns) 文件
[root@node1 ~]# cat /srv/salt/system/dns/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://system/dns/resolv.conf
- user: root
- group: root
- mode: 644
2 . 给历史命令(history)添加时间
[root@node1 ~]# cat /srv/salt/system/history/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
3 . 编写命令审计功能
[root@node1 ~]# cat audit.sls
/etc/bashrc
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
4 .更改内核参数
[root@node1 ~]# cat sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 100000
5.集中管理上面4个配置文件
[root@node1 ~]# cat /srv/salt/system/init.sls
include:
- system.dns
- system.history
- system.audit
- system.sysctl
6.执行salt
[root@node1 ~]# salt '*' state.sls system.dns system.history system.audit system.sysctl
7.查看minion端是否执行成功
[root@node1 init]# salt '*' cmd.run 'cat /etc/resolv.conf'
salt-minion:
nameserver 8.8.8.8