-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCentOSnote
419 lines (357 loc) · 12.5 KB
/
CentOSnote
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
#after install
#Configure network
#ssh
#ssh security
$ nano /etc/ssh/sshd_config
ClientAliveInterval 360
ClientAliveCountMax 0
PermitEmptyPasswords no
AllowUsers user1 user2
PermitRootLogin no
Protocol 2
Port 2025 #Change me
sudo firewall-cmd --add-port=(ssh_port)/tcp --permanent
sudo firewall-cmd --reload
#SshMessage
$ nano /etc/motd
$ nano /etc/ssh/sshd_config
: Banner /etc/ssh-banner
$ nano /etc/profile.d/motd.sh
#!/bin/bash
echo -e "
####################################
Welcome to `hostname`, you are logged in as `whoami`
# This system is running `cat /etc/redhat-release`
# kernel is `uname -r`# Uptime is `uptime | sed 's/.*up ([^,]*), .*/1/'`
# Mem total `cat /proc/meminfo | grep MemTotal | awk {'print $2'}` kB
###################################"
$ systemctl restart sshd.service
User&management
$ useradd your_new_username
$ passwd your_new_username
$ groupadd your_new_group
$ usermod -G your_new_group your_new_username
$ id your_new_username
##CRONJONB
$ crontab -e
create the cron job
$ crontab -e
Usage:
crontab [options] file
crontab [options]
crontab -n [hostname]
Options:
-u <user> define user
-e edit user's crontab
-l list user's crontab
-r delete user's crontab
-i prompt before deleting
-n <host> set host in cluster to run users' crontabs
-c get host in cluster to run users' crontabs
-s selinux context
-x <mask> enable debugging
*/5 * * * * echo `date` "Hello world" >>$HOME/cron-helloworld.txt
<minute> <hour> <day of the month> <month of the year> <day of the week><command>
##YUM
yum check-update
yum search keyword_package_name
yum info package_name
yum deplist package_name
yum clean packages
yum clean metadata
yum clean dbcache
yum clean all
yum makecache
yum -y update --skip-broken
#yumPriorities
yum install yum-plugin-priorities
/etc/yum/pluginconf.d/priorities.conf
dnf install epel-release -y
$ nmtui
#Bonding two Ethernet devices to increase bandwidth and provide redundancy
Type of bonding
mode=0 (balance-rr) Round-robin : It the default mode. provides load balancing and fault tolerance.
mode=1 (active-backup) : Active-backup policy: only one slave in the bond is active when the active slave fails other one become active. This mode provides fault tolerance.
mode=2 (balance-xor) : XOR policy: This mode provides load balancing and fault tolerance.
mode=3 (broadcast) Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.
mode=4 (802.3ad) : IEEE 802.3ad Dynamic link aggregation that share the same speed and duplex settings.
mode=5 (balance-tlb) : Adaptive transmit load balancing
mode=6 (balance-alb) : Adaptive load balancing:
#install package groups
$ yum -y groupinstall "Base" "Development Libraries" "Development Tools"
#Add additional essential repositories.
$ yum -y install yum-plugin-priorities
$ yum -y install epel-release
$ cd /tmp
$ wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ ls *.rpm
$ yum repolist
$ yum -y install policycoreutils-python
#disable Selinux
-mode permissive
$ sudo setenforce 0
-disable
$ sudo vim /etc/selinux/config
#Config repo local
$ vi /etc/yum.repos.d/CentOS.repo
# Changing the time zone and updating the
hardware clock
$ yum install tzdata
$ tzselect
# install ntp
$ systemctl start ntpd
$ systemctl enable ntpd
- /etc/ntp.conf
server 0.id.pool.ntp.org
server 2.asia.pool.ntp.org
server 1.asia.pool.ntp.org
$ ntpq –p
#DNS server
$ yum -y install bind bind-utils
#ZoneDomain
zone “loadportas.net” IN {
type master;
file “/etc/named/fwd.local.db”;
allow-update { none; };
};
zone “0.168.192.in-addr.arpa” IN {
type master;
file “/etc/named/0.168.192.db”;
allow-update { none; };
};
#Named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.122.0 any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.122.0; any; };
allow-query-cache { localhost; 192.168.122.0; any; };
# /var/named/fwd.local.db
$TTL 86400
@ IN SOA loadportas.net. root.loadportas.net. (
2018092501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS ns1.loadportas.net.
@ IN NS ns2.loadportas.net.
@ IN A 192.168.122.120
ns1 IN A 192.168.122.120
ns2 IN A 192.168.122.120
www IN CNAME loadportas.net.
blog IN A 192.168.122.120
# /var/named/0.168.192.db
$TTL 86400
@ IN SOA loadportas.net. root.loadportas.net. (
2018092501 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS ns1.loadportas.net.
IN NS ns2.loadportas.net.
@ IN A 192.168.122.120
ns1 IN A 192.168.122.120
ns2 IN A 192.168.122.120
50 IN PTR loadportas.net.
50 IN PTR blog.loadportas.net.
#NGINX
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx
systemctl start nginx
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
$ /etc/nginx/nginx.conf
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
root /usr/share/nginx/html;
include fastcgi.conf;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm index.php
}
# systemctl start php-fpm
# systemctl enable php-fpm
# systemctl restart nginx
#MARIADB
yum -y install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
#PHP7
yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y --enablerepo=remi-php73 php php-fpm php-mysqlnd php-cli
nano /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
Make sure the following values are UN-commented.
[.More.]
pm.min_spare_servers = 5
[.More.]
pm.max_spare_servers = 35
[.More.]
$ /etc/php/php.ini
extension=pdo_mysql.so
extension=mysqli.so
$ pacman -S phpmyadmin
ln -s /usr/share/webapps/phpMyAdmin/ /usr/share/nginx/html/phpmyadmin
#Docker
$ dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
$ dnf install --nobest docker-ce
$ dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
$ systemctl enable --now docker
#Docker-compose
$ curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o docker-compose
$ mv docker-compose /usr/local/bin && sudo chmod +x /usr/local/bin/docker-compose
$ dnf install python3-pip
$ pip3.6 install docker-compose --user
$
==========
NAGIOS---
======--
$ useradd nagios && passwd nagios
$ groupadd nagcmd
$ usermod -a -G nagcmd nagios
$ usermod -a -G nagcmd apache
$ yum install httpd php gcc glibc glibc-comman gd gd-devel make net-snmp openssl-devel xinetd unzip -y
$ cd /opt
$ wget -c ---> nagios link
$ tar -zxvf
$ ./configure --with-command-group=nagcmd
$ make all
$ make install
$ make install-init
$ make install-commandmode
$ make install-config
$ make install-webconf
$ cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
$ chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
$ /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
$ htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
$ systemctl restart httpd && systemctl restart nagios
$ chkconfig --add nagios && chkconfig --level 35 nagios on
$ systemctl enable httpd
$ firewall-cmd --permanent --add-service=http
$ firewall-cmd --reload
$ yum install nagios-plugins-all nagios-plugins-nrpe
~~config
vi /usr/local/nagios/etc/resource.cfg.
# $USER1$=/usr/local/nagios/libexec
$USER1$=//usr/lib64/nagios/plugins
$
-------------------------------------------------
== Firewalld==
$ sudo systemctl enable firewalld
$ sudo systemctl start firewalld
$ firewall-cmd --zone=public --permanent --add-port=8080/tcp
$ firewall-cmd --reload
$ firewall-cmd --list-ports
$ firewall-cmd --list-services
$ sudo firewall-cmd --state //cek status firewalld
$ sudo systemctl firewalld status
$ firewall-cmd --list-all //Melihat daftar rules yang aktif
$ sudo firewall-cmd --get-services //Melihat semua nama services yang bisa ditambahkan ke rules
$ sudo firewall-cmd --add-service={http,https} --permanent //Mengijinkan trafik dari port web server
Mengijinkan port tertentu di protokol TCP
Contoh:
sudo firewall-cmd --add-port=1337/tcp --permanent
Mengijinkan port tertentu di protokol UDP
Contoh:
sudo firewall-cmd --add-port=666/udp --permanent
Memblokir trafik keluar dan masuk ke sistem (Panic Mode)
sudo firewall-cmd --panic-on
Untuk menonaktifkannya
sudo firewall-cmd --panic-off
Membuat zona baru di firewalld
Contoh
sudo firewall-cmd --new-zone=linuxseczone --permanent
Mengaktifkan service di zone tertentu
Contoh
sudo firewall-cmd --zone=linuxseczone --add-port=1337/tcp --permanent
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
Konfigurasi port forwarding di firewalld
Mengaktifkan Masquerading
sudo firewall-cmd --add-masquerade --permanent
Port forwarding ke beda port di server yang sama
Contoh
sudo firewall-cmd --add-forward-port=port=22:proto=tcp:toport=1337 --permanent
Port forwarding di port yang sama dari local ke remote server
Contoh
sudo firewall-cmd --add-forward-port=port=22:proto=tcp:toaddr=192.168.2.10 --permanent
Port forwarding dari beda port dari port 123 di local dan port 456 di remote server
sudo firewall-cmd --add-forward-port=port=123:proto=tcp:toport=456:toaddr=10.50.142.37 --permanent
Menghapus rule di firewalld
Untuk menghapus rule, tinggal ubah --add menjadi --remove
Sebagai tambahan, --permanent di akhiran rule artinya bahwa rule yang ditambahkan tersebut persistence, tidak akan hilang meski sistem operasi di reboot.
Mungkin itu saja beberapa perintah yang sering digunakan di firewalld. Untuk informasi lain bisa cek dengan perintah
firewalld --help
man firewalld
#Centos9
Epel :
https://www.cyberciti.biz/faq/how-to-enable-and-install-epel-repo-on-centos-8-x/
#java 7
#32bit library
yum install glibc.i686
#Tomcat Centos8
link : https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7
$ sudo groupadd tomcat
$ sudo useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat
$ wget https://www-eu.apache.org/dist/tomcat/
# /opt/tomcat directory. Create the directory
$ sudo mkdir /opt/tomcat
$ sudo tar xvf apache-tomcat-8*tar.gz -C /opt/tomcat --strip-components=1
# tomcat group ownership over the entire installation directory:
$ sudo chgrp -R tomcat /opt/tomcat
$ sudo chmod -R g+r conf
$ sudo chmod g+x conf
$ sudo chown -R tomcat webapps/ work/ temp/ logs/
# Install Systemd Unit File
$ sudo vi /etc/systemd/system/tomcat.service
# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/jre -> //jdk location
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat -> //tomcat location
Environment=CATALINA_BASE=/opt/tomcat -> //tomcat location
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
$ sudo systemctl daemon-reload
$ sudo systemctl start tomcat
$ sudo systemctl status tomcat
$ sudo systemctl enable tomcat
# Tomcat Web Management Interface
$ sudo vi /opt/tomcat/conf/tomcat-users.xml
<tomcat-users>
<user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>
# Tomcat restrict access to the Manager and Host Manager apps to connections coming from the server itself.
For the Manager app, type:
$ sudo vi /opt/tomcat/webapps/manager/META-INF/context.xml
For the Host Manager app, type:
$ sudo vi /opt/tomcat/webapps/host-manager/META-INF/context.xml
##context.xml files for Tomcat webapps
<Context antiResourceLocking="false" privileged="true" >
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>