-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
升级jun_linux整体打包构建到docker系,后续大部分统一在docker部署构建打通环境
- Loading branch information
Showing
4,218 changed files
with
47,298 additions
and
1,712,297 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
Binary file not shown.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Binary file removed
BIN
-58.4 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第一讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-113 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第七讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-84 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第三讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-118 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第九讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-63.4 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第二讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-96.2 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第五讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-118 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第八讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-101 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第六讲源码及文档.zip
Binary file not shown.
Binary file removed
BIN
-85.6 KB
CentOS/[www.java1234.com]一头扎进Centos7视频教程/[www.java1234.com]《一头扎进Centos7》第四讲源码及文档.zip
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| rpm -Uhv http://www.percona.com/redir/downloads/percona-release/percona-release-0.0-1.x86_64.rpm | ||
|
|
||
|
|
||
| yum install Percona-Server-shared-56 Percona-Server-client-56 Percona-Server-server-56 -y | ||
|
|
||
|
|
||
| /etc/my.cnf | ||
|
|
||
|
|
||
| # Generated by Percona Configuration Wizard (http://tools.percona.com/) version REL5-20120208 | ||
| # Configuration name server-3 generated for w123dog@gmail.com at 2014-01-03 08:40:38 | ||
|
|
||
| [client] | ||
| default-character-set = utf8 | ||
|
|
||
| [mysql] | ||
|
|
||
| # CLIENT # | ||
| port = 3306 | ||
| socket = /var/lib/mysql/mysql.sock | ||
| default-character-set = utf8 | ||
|
|
||
| [mysqld] | ||
|
|
||
| # GENERAL # | ||
| user = mysql | ||
| default-storage-engine = InnoDB | ||
| socket = /var/lib/mysql/mysql.sock | ||
| pid-file = /var/lib/mysql/mysql.pid | ||
| character-set-server = utf8 | ||
|
|
||
| # MyISAM # | ||
| key-buffer-size = 32M | ||
| myisam-recover = FORCE,BACKUP | ||
|
|
||
| # SAFETY # | ||
| max-allowed-packet = 16M | ||
| max-connect-errors = 1000000 | ||
| skip-name-resolve | ||
| #sql-mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY | ||
| sysdate-is-now = 1 | ||
| innodb = FORCE | ||
| innodb-strict-mode = 1 | ||
|
|
||
| # DATA STORAGE # | ||
| datadir = /var/lib/mysql/ | ||
|
|
||
| # BINARY LOGGING # | ||
| log-bin = /var/lib/mysql/mysql-bin | ||
| expire-logs-days = 14 | ||
| sync-binlog = 1 | ||
|
|
||
| # CACHES AND LIMITS # | ||
| tmp-table-size = 32M | ||
| max-heap-table-size = 32M | ||
| query-cache-type = 0 | ||
| query-cache-size = 0 | ||
| max-connections = 500 | ||
| thread-cache-size = 50 | ||
| open-files-limit = 65535 | ||
| table-definition-cache = 1024 | ||
| table-open-cache = 2048 | ||
|
|
||
| # INNODB # | ||
| innodb-flush-method = O_DIRECT | ||
| innodb-log-files-in-group = 2 | ||
| innodb-log-file-size = 64M | ||
| innodb-flush-log-at-trx-commit = 1 | ||
| innodb-file-per-table = 1 | ||
| innodb-buffer-pool-size = 128M | ||
|
|
||
| # LOGGING # | ||
| log-error = /var/lib/mysql/mysql-error.log | ||
| log-queries-not-using-indexes = 1 | ||
| slow-query-log = 1 | ||
| slow-query-log-file = /var/lib/mysql/mysql-slow.log | ||
|
|
||
|
|
||
|
|
||
| service mysql start | ||
|
|
||
| mysql_secure_installation | ||
|
|
||
|
|
||
| 如果需要升级,可以直接执行如下命令: | ||
|
|
||
| yum update -y Percona-Server-shared-56 Percona-Server-client-56 Percona-Server-server-56 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| #!/bin/sh | ||
|
|
||
| # install epel | ||
| su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm' | ||
| rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 | ||
|
|
||
| # install rpmfusion | ||
| su -c 'yum localinstall -y --nogpgcheck http://download1.rpmfusion.org/free/el/updates/6/x86_64/rpmfusion-free-release-6-1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/6/x86_64/rpmfusion-nonfree-release-6-1.noarch.rpm' | ||
|
|
||
| # update base repo | ||
| mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup | ||
| wget http://mirrors.163.com/.help/CentOS6-Base-163.repo | ||
| mv CentOS6-Base-163.repo /etc/yum.repos.d/CentOS-Base.repo | ||
|
|
||
| yum install -y yum-priorities | ||
|
|
||
| yum makecache | ||
|
|
||
| # update | ||
| yum update -y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| 1、yum install fail2ban | ||
|
|
||
|
|
||
| 2、fail2ban.conf说明 | ||
|
|
||
| vim /etc/fail2ban/fail2ban.conf | ||
|
|
||
| 内有三行定义内容: | ||
|
|
||
| [Definition] | ||
| loglevel = 3 #定义日志输出级别 | ||
| logtarget = SYSLOG #定义日志目标,由syslog服务管理 | ||
| socket = /var/run/fail2ban/fail2ban.sock #设置socket文件,用于和后台的守护进程通讯 | ||
|
|
||
| 修改: | ||
|
|
||
| logtarget = /var/log/fail2ban.log | ||
|
|
||
|
|
||
| 4、编辑全局配置文件 | ||
| 这里设置为,如果同一个IP在10分钟内登录错误5次就ban IP一个星期。 | ||
|
|
||
| vim /etc/fail2ban/jail.conf | ||
|
|
||
| 找到[DEFAULT]区块,修改以下内容: | ||
|
|
||
| bantime = 86400 #设置IP禁止时间(秒),值为-1,代表永远禁止 | ||
| findtime = 600 #设置在多少时间(秒)范围内达到最大尝试次数 | ||
|
|
||
| 找到[ssh-iptables]区块,修改以下内容: | ||
|
|
||
| maxretry = 5 #设置ssh允许尝试次数 | ||
|
|
||
| 5、启动fail2ban | ||
|
|
||
| service fail2ban start | ||
|
|
||
| 6、设置开机自启动 | ||
|
|
||
| chkconfig fail2ban on | ||
|
|
||
|
|
||
| PS:除了iptables,还有其它可以用于fail2ban的软件 | ||
| shorewall:iptables防火墙配置工具 | ||
| TCP Wrapper:限制连接来源的工具 | ||
| Gamin:实时监视文件或文件夹变动的工具 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| yum install git | ||
|
|
||
| http://code.google.com/p/go/downloads/list | ||
|
|
||
| ��ѹ���� /usr/local/go | ||
|
|
||
| mkdir /usr/local/golib | ||
|
|
||
| ���û�������: | ||
| vi ~/.bashrc | ||
|
|
||
| export GOROOT=/usr/local/go | ||
| export GOPATH=/usr/local/golib | ||
| export GOOS=linux | ||
| export GOARCH=amd64 | ||
| export GOBIN=$GOROOT/bin | ||
| export PATH=$GOBIN:$PATH | ||
|
|
||
| source ~/.bashrc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| #!/bin/sh | ||
| # | ||
| # A shell script used to setup rules for iptables. Rules gleened from | ||
| # various websites. | ||
| # | ||
| # References: | ||
| # http://www.newartisans.com/blog_files/tricks.with.iptables.php | ||
|
|
||
| # Wipe the tables clean | ||
| iptables -F | ||
|
|
||
|
|
||
| # INPUT SIDE | ||
| # Accept all loopback input | ||
| iptables -A INPUT -i lo -p all -j ACCEPT | ||
|
|
||
| # Allow the three way handshake | ||
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
|
|
||
| # Reject spoofed packets | ||
| iptables -A INPUT -s 10.0.0.0/8 -j DROP | ||
| iptables -A INPUT -s 169.254.0.0/16 -j DROP | ||
| iptables -A INPUT -s 172.16.0.0/12 -j DROP | ||
| iptables -A INPUT -s 127.0.0.0/8 -j DROP | ||
|
|
||
| iptables -A INPUT -s 224.0.0.0/4 -j DROP | ||
| iptables -A INPUT -d 224.0.0.0/4 -j DROP | ||
| iptables -A INPUT -s 240.0.0.0/5 -j DROP | ||
| iptables -A INPUT -d 240.0.0.0/5 -j DROP | ||
| iptables -A INPUT -s 0.0.0.0/8 -j DROP | ||
| iptables -A INPUT -d 0.0.0.0/8 -j DROP | ||
| iptables -A INPUT -d 239.255.255.0/24 -j DROP | ||
| iptables -A INPUT -d 255.255.255.255 -j DROP | ||
|
|
||
| # Stop smurf attacks | ||
| iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP | ||
| iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP | ||
| iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT | ||
|
|
||
| # Drop all invalid packets | ||
| iptables -A INPUT -m state --state INVALID -j DROP | ||
| iptables -A FORWARD -m state --state INVALID -j DROP | ||
| iptables -A OUTPUT -m state --state INVALID -j DROP | ||
|
|
||
| # Drop excessive RST packets to avoid smurf attacks | ||
| iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT | ||
|
|
||
| # Attempt to block portscans | ||
| # Anyone who tried to portscan us is locked out for an entire day. | ||
| iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP | ||
| iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP | ||
|
|
||
| # Once the day has passed, remove them from the portscan list | ||
| iptables -A INPUT -m recent --name portscan --remove | ||
| iptables -A FORWARD -m recent --name portscan --remove | ||
|
|
||
| # These rules add scanners to the portscan list, and log the attempt. | ||
| iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" | ||
| iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP | ||
|
|
||
| iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" | ||
| iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP | ||
|
|
||
| # Allow the following ports through from outside | ||
| # smtp | ||
| iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT | ||
| # http | ||
| iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | ||
| # pop3 | ||
| iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT | ||
| # imap | ||
| iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT | ||
| # https | ||
| iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT | ||
| # imaps | ||
| iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT | ||
| # pop3s | ||
| iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT | ||
| # ssh & sftp | ||
| iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | ||
| # ntpdate | ||
| iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPT | ||
| # mysql | ||
| iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT | ||
|
|
||
| # Allow pings through | ||
| iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | ||
|
|
||
| # Kill all other input | ||
| iptables -A INPUT -j REJECT | ||
|
|
||
|
|
||
| # Output side | ||
| iptables -A OUTPUT -o lo -j ACCEPT | ||
| iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
|
|
||
| # Allow the following ports through from outside | ||
| # smtp | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT | ||
| # DNS requests | ||
| iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT | ||
| # DHCP/Bootstrap Protocol Server | ||
| iptables -A OUTPUT -p udp -m udp --dport 67 -j ACCEPT | ||
| # http | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT | ||
| # pop3 | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT | ||
| # imap | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT | ||
| # https | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT | ||
| # imaps | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT | ||
| # pop3s | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 995 -j ACCEPT | ||
| # ssh & sftp | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT | ||
| # ntpdate | ||
| iptables -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT | ||
| # mysql | ||
| iptables -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT | ||
|
|
||
| # Allout pings out | ||
| iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | ||
|
|
||
| # Kill all other output | ||
| iptables -A OUTPUT -j REJECT | ||
|
|
||
|
|
||
| # FORWARD SIDE | ||
| iptables -A FORWARD -j REJECT | ||
|
|
||
| # Save | ||
| service iptables save | ||
|
|
||
| # Restart | ||
| service iptables restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| ����������Linode VPS�ϵ�Centos 6.4ϵͳ�ķ���ǽ��ʱ���������´��� | ||
|
|
||
| service iptables restart | ||
| Setting chains to policy ACCEPT: security raw nat[FAILED]filter | ||
|
|
||
| ����������������Linode�ٷ���iptables�����һ��security�Ĺ���������Centos��֧�֡� | ||
|
|
||
| ���ҵ��Ľ�������ǣ��༭/etc/init.d/iptables���ҵ��� | ||
|
|
||
| for i in $tables; do | ||
| echo -n "$i " | ||
| case "$i" in | ||
| raw) | ||
| $IPTABLES -t raw -P PREROUTING $policy \ | ||
| && $IPTABLES -t raw -P OUTPUT $policy \ | ||
| || let ret+=1 | ||
| ;; | ||
| �����������ݵ���case "$i" in�����棺 | ||
|
|
||
|
|
||
| security) | ||
| $IPTABLES -t filter -P INPUT $policy \ | ||
| && $IPTABLES -t filter -P OUTPUT $policy \ | ||
| && $IPTABLES -t filter -P FORWARD $policy \ | ||
| || let ret+=1 | ||
| ;; | ||
|
|
||
| ���հ汾���ƣ� | ||
|
|
||
|
|
||
| for i in $tables; do | ||
| echo -n "$i " | ||
| case "$i" in | ||
| security) | ||
| $IPTABLES -t filter -P INPUT $policy \ | ||
| && $IPTABLES -t filter -P OUTPUT $policy \ | ||
| && $IPTABLES -t filter -P FORWARD $policy \ | ||
| || let ret+=1 | ||
| ;; | ||
| raw) | ||
| $IPTABLES -t raw -P PREROUTING $policy \ | ||
| && $IPTABLES -t raw -P OUTPUT $policy \ | ||
| || let ret+=1 | ||
| ;; | ||
| ������������ | ||
|
|
||
|
|
||
| service iptables restart |
Oops, something went wrong.