Archive for 十一月, 2016


ubuntu下安装配置nagios

安装必要模块功能
apt-get install openssl perl make php5-gd libgd2-xpm-dev libapache2-mod-php5 libperl-dev libssl-dev daemon wget apache2-utils unzip

建立用户
useradd nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd www-data

安装Nagios
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.1.1.tar.gz
tar -zxvf /tmp/nagios-4.1.1.tar.gz
cd nagios-4.1.1/
./configure –with-nagios-group=nagios –with-command-group=nagcmd –with-httpd_conf=/etc/apache2/sites-enabled/
make all
make install
make install-init
make install-config
make install-commandmode
sudo /usr/bin/install -c -m 644 sample-config/httpd.conf /etc/apache2/sites-enabled/nagios.conf

安装Nagios扩展功能
wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
tar xzf nagios-plugins-2.1.1.tar.gz
cd nagios-plugins-2.1.1
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make
make install

编辑Nagios配置文件
vi /usr/local/nagios/etc/objects/contacts.cfg
email admin@idroot.net ;
更改为自己的email地址
email x@y.com;

vi /etc/apache2/sites-enabled/nagios.conf
AuthName “Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

开启apache的rewrite和cgi模块
sudo a2enmod rewrite
sudo a2enmod cgi

vi /usr/local/nagios/etc/cgi.cfg
use_authentication=1
更改为
use_authentication=0

重启apache服务
systemctl restart apache2

生成要监控的服务器配置信息:
echo “cfg_file=/usr/local/nagios/etc/objects/newhost.cfg " >> /usr/local/nagios/etc/nagios.cfg

define host{
use linux-server
host_name newhost
alias newhost
address X.X.X.X
}

define service{
use local-service
host_name newhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

参考:https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/configmain.html

校验配置文件:
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

重启nagios服务:
systemctl start nagios
http://x.x.x.x/nagios/

rhel6.5下安装gcc4.6.3

下载gcc
ftp://gcc.gnu.org/pub/gcc/releases/

下载相关倚赖
ftp://gcc.gnu.org/pub/gcc/infrastructure/

若编译安装时直接报编译路径错误,那么就要先安装个默认版本的gcc
yum install gcc

安装GMP4.3.2:
./configure –prefix=/usr/local/gmp && make && make install

安装MPFR2.4.2
./configure –prefix=/usr/local/mpfr –with-gmp=/usr/local/gmp && make && make install

安装MPC0.8.1
./configure –prefix=/usr/local/mpc –with-mpfr=/usr/local/mpfr –with-gmp=/usr/local/gmp && make && make install

安装GCC4.6.3
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/mpc/lib:/usr/local/gmp/lib:/usr/local/mpfr/lib/

./configure –prefix=/usr/local/gcc –enable-threads=posix –disable-checking –disable-multilib –enable-languages=c,c++ –with-gmp=/usr/local/gmp –with-mpfr=/usr/local/mpfr/ –with-mpc=/usr/local/mpc/ && make && make install

至此,安装gcc4.6.3完毕.

————————–
下面设置环境变量:
vi /etc/profile
export GCC_HOME=/usr/local/gcc
export CPLUS_INCLUDE_PATH=$GCC_HOME/include:$GCC_HOME/include/c++/4.6.3
export LIBRARY_PATH=/usr/local/gmp/lib:/usr/local/mpfr/lib:/usr/local/mpc/lib:$GCC_HOME/lib64:$GCC_HOME/lib:$GCC_HOME/lib/gcc/x86_64-unknown-linux-gnu/4.6.3
export LD_LIBRARY_PATH=/usr/local/gmp/lib:/usr/local/mpfr/lib:/usr/local/mpc/lib:$GCC_HOME/lib64:$GCC_HOME/lib:$GCC_HOME/lib/gcc/x86_64-unknown-linux-gnu/4.6.3
export PATH=$GCC_HOME/bin:$PATH

或者(不推荐)
mv /usr/bin/gcc /usr/bin/gcc.bak
ln -s /usr/local/gcc/bin/gcc /usr/bin/gcc
mv /usr/bin/g++ /usr/bin/g++.bak
ln -s /usr/local/gcc/bin/g++ /usr/bin/g++
mv /usr/bin/c++ /usr/bin/c++.bak
ln -s /usr/local/gcc/bin/c++ /usr/bin/c++
mv /usr/bin/cpp /usr/bin/cpp.bak
ln -s /usr/local/gcc/bin/cpp /usr/bin/cpp
mv /usr/bin/gcov /usr/bin/gcov.bak
ln -s /usr/local/gcc/bin/gcov /usr/bin/gcov

或者
alternatives –install <link> <name> <path> <priority>
其中,
install表示安装
link是符号链接
name则是标识符
path是执行文件的路径
priority则表示优先级

alternatives –install /usr/bin/gcc gcc /usr/local/gcc/bin/gcc 2
alternatives –config gcc
选择2

安全加固mysql小常识

yum install mysql-server
mysql_secure_installation

vi /etc/mysql/my.cnf
#不让外部IP访问mysql
bind-address = 127.0.0.1
#服务器端禁用所有LOAD DATA LOCAL命令
local-infile=0
#添加额外的log日志记录信息
log=/var/log/mylog

更改root用户名
rename user ‘root’@’localhost’ to ‘newAdmin’@’localhost’;

查看用户信息
select user,host,password from mysql.user;

在退出之前执行以下命令
FLUSH PRIVILEGES;

每个应用建立各自的MySQL用户,用户只具有所需的最小权限
create database newDb;
CREATE USER ‘newuser’@’localhost’ IDENTIFIED BY ‘password’;
GRANT SELECT,UPDATE,DELETE ON newDb.* TO ‘newuser’@’localhost’;
FLUSH PRIVILEGES;

移除某用户权限
REVOKE UPDATE ON newDb.* FROM ‘newuser’@’localhost’;

赋予用户所有权限
GRANT ALL ON newDb.* TO ‘newuser’@’localhost’;

yum install ejabberd

vi /etc/ejabberd/ejabberd.cfg
修改此行
{hosts, [“localhost"]}.
若按域名访问,修改为
{hosts, [“localhost","yourdomain.com"]}.
若按IP访问,修改为
{hosts, [“localhost","x.x.x.x"]}.

修改此行
{acl, admin, {user, “", “localhost"}}.
若按域名访问,修改为
{acl, admin, {user, “admin “, “yourdomain.com"}}.
若按IP访问,修改为
{hosts, [“localhost","x.x.x.x"]}.

重启服务后生效
/etc/init.d/ejabberd restart

给admin管理员设置密码
若按域名访问,修改为
ejabberdctl register admin yourdomain.com password
若按IP访问,修改为
ejabberdctl register admin x.x.x.x password

访问地址为:
若按域名访问,修改为
http://yourdomain.com:5280/admin
若按IP访问,修改为
http://x.x.x.x:5280/admin

建立新用户,并设置密码
若按域名访问,修改为
ejabberdctl register user1 yourdomain.com password1
若按IP访问,修改为
ejabberdctl register user1 x.x.x.x password1
基于XMPP协议比较流行的客户端有Adium、Pidgin。使用刚才建立的用户登录即可。

一、生成自己client端的ras证书(linux/mac,win就用PuTTY Gen)
ssh-keygen -t rsa -C “GitLab" -b 4096

二、服务器端linux安装git
useradd git
passwd git
yum install git
su – git
cd ~/.ssh
scp id_rsa.pub git@x.x.x.x:/home/git/id_rsa.pub

如果是win,就用
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
cat ~/id_ras.pub >> .ssh/authorized_keys

三、建立git库
git init –bare new-repo.git

四、若已有本地库,迁移去新建的远端服务器
git remote set-url origin git@x.x.x.x:new-repo.git

五、如果远端是个新建库,用以下命令来新建远端库
git init && git remote add origin git@x.x.x.x:new-repo.git

六、若是克隆远程仓库
git clone git@x.x.x.x:/path/repo.git

话说回来,自己用私密的东东bitbucket不错,混搭就是gitlab了,公开的还是GitHub比较好。

一、生成证书登录
ssh-keygen -b 2048 -t rsa
cat .ssh/id_rsa.pub | ssh account@x.x.x.x ‘cat >> .ssh/authorized_keys’
chmod 600 ~/.ssh/authorized_keys
ssh -i ~/.ssh/id_rsa account@x.x.x.x

二、禁用root登录,禁用密码登录,更改ssh对外服务端口号为22222
# vi /etc/ssh/sshd_config
PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication no
Port 22222

service sshd restart

三、配置防火墙,只允许ping、213213/80/443端口对外开放
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 213213 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP

四、给自己丢个后门,放通自己IP的连接
iptables -A INPUT -p tcp -m tcp –s xx.xx.xx.xx –dport 22222 -j ACCEPT

五、保存防火墙配置,并加载规则到启动项
iptables-save > /root/iptables-rules
echo “iptables-restore < /root/iptables-rules" >> /etc/rc.local

麒麟?呵呵

nklicadm
licmanager
nkuc*