====== CentOS+基本服務安裝程序 ====== ===== 安裝 CentOS 作業系統 ===== * 適用 5.x / 6.x / 7.x x86_64 版本啟用 SELinux : **警告** 並非預設值, 所以常常會出現這部份沒設正確的狀況!!! ==== 確認 CentOS 安裝完成 ==== - 建立備援 root 帳號(Exp. misadm) - 建立登入帳號 (Exp. jonathan) - 網路可否正常運作 (ssh 到外部主機, 然後再 ssh 回來) ==== 更新 CentOS 版本作業 ==== - 使用 root 身分登入主機 - 安裝 yum 更新套件 - 使用 yum 更新到最新版本 - 重新啟動電腦讓新版的 kernel 生效


su - root
yum update; sync; sync; sync; reboot

==== 安裝 EPEL 程序 ==== **CentOS7** * 64 bits 環境 : rpm -Uvh http://mirror01.idc.hinet.net/EPEL/7/x86_64/e/epel-release-7-2.noarch.rpm **CentOS6** * 64 bits 環境 : rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm * 32 bits 環境 : rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm **CentOS5** * 64 bits 環境 : rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/x86_64/epel-release-5-4.noarch.rpm * 32 bits 環境 : rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/i386/epel-release-5-4.noarch.rpm ==== 安裝其餘系統管理套件 ==== yum install -y iptraf sysstat net-snmp mrtg ===== 設定 snmp agent =====


cd /etc/snmp
vi snmpd.conf

com2sec notConfigUser default public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.2 view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view systemview included .1.3.6.1.2.1.2.2.1 access notConfigGroup "" any noauth exact systemview none none syslocation Taipei syscontact Root * 啟動 snmpd 並設定開機可自動啟動


service snmpd start
chkconfig snmpd on
chkconfig --list | grep snmpd

[root@ed2 snmp]# chkconfig --list | grep snmpd snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ===== 安裝與設定 ntpd ===== yum -y install ntp * 如果要自己編輯 ntp server


cd /etc
vi ntp.conf

: : # --- OUR TIMESERVERS ----- server 210.59.157.30 server tick.stdtime.gov.tw prefer server mizbeaver.udel.edu prefer server ntps1-0.cs.tu-berlin.de server ntps1.pads.ufrj.br server time1.one4vision.de server watch.stdtime.gov.tw server time.stdtime.gov.tw server tock.stdtime.gov.tw server clock.stdtime.gov.tw server 192.43.244.18 # time.nist.gov (ACTS) server 192.5.41.40 # tick.usno.navy.mil : : * 第一次網路校時 ntpdate -u tick.stdtime.gov.tw [root@tryboxap1 etc]# ntpdate -u tick.stdtime.gov.tw 23 Mar 17:22:58 ntpdate[3552]: adjust time server 220.130.158.51 offset -0.225961 sec [root@tryboxap1 etc]# date Thu Mar 23 17:23:33 CST 2006 * 啟動 ntpd


service ntpd start
chkconfig ntpd on
chkconfig --list | grep ntpd
ntpq -p

[root@tryboxap1 etc]# chkconfig --list | grep ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@tryboxap1 etc]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 210.59.157.30 .INIT. 16 u - 64 0 0.000 0.000 4000.00 220-130-158-51. 220.130.158.50 2 u 30 64 1 16.261 -104.84 0.001 mizbeaver.udel. .GPS. 1 u 29 64 1 228.213 -109.85 0.001 ntps1-0.cs.tu-b .PPS. 1 u 32 64 1 371.710 -142.98 0.001 ns2.pads.ufrj.b .GPS. 1 u 31 64 1 471.069 -166.67 0.001 212-82-32-15.ip .PPS. 1 u 31 64 1 456.025 -158.71 0.001 210.241.22.10 .INIT. 16 u - 64 0 0.000 0.000 4000.00 220-130-158-54. 220.130.158.50 2 u 30 64 1 159.259 -168.66 0.001 220-130-158-52. 220.130.158.50 2 u 29 64 1 161.984 -169.12 0.001 220-130-158-71. 220.130.158.50 2 u 28 64 1 146.384 -164.47 0.001 220-130-158-72. 220.130.158.50 2 u 27 64 1 226.089 -205.19 0.001 time.nist.gov .ACTS. 1 u 25 64 1 577.621 -231.61 0.001 ntp0.usno.navy. .USNO. 1 u 24 64 1 520.448 -175.86 0.001 LOCAL(0) LOCAL(0) 10 l 24 64 1 0.000 0.000 0.001 ===== 安裝與設定 apache ===== yum -y install httpd mod_ssl * 依據實際狀況設定 httpd.conf 參數檔


cd /etc/httpd/conf
vi httpd.conf

: KeepAlive Off : ServerAdmin tryweb@ichiayi.com : ServerName tryboxap.ichiayi.com:80 : DocumentRoot "/var/www/html" : Alias /icons/ "/var/www/icons/" # Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all : # End of proxy directives. DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE js css ### Section 3: Virtual Hosts : * 啟動 httpdservice httpd start * 設定每次開機自動啟動 httpd


chkconfig httpd on
chkconfig --list | grep httpd

===== 安裝與設定 MySQL ===== yum -y install mysql-server mysql-devel * 第一次啟動 MySQL 並設定自動啟動


service mysqld start
chkconfig mysqld on
chkconfig --list | grep mysqld

* 設定與確認 MySQL 內的 root 密碼


/usr/bin/mysqladmin -u root password 'newpassword'
mysql -u root -p

* 如果要建立一個資料庫 testdb 與帳號 testuser 可以在本機連上管理這個資料庫的權限可以參考以下與法


CREATE DATABASE testdb;
CREATE USER 'testuser'@'localhost' IDENTIFIED BY '**password**';
GRANT ALL ON testdb.* TO 'testuser'@'localhost';
FLUSH PRIVILEGES;

* 如果要關閉 MySQL 對連線來源的 IP 反查, 可在 /etc/my.cnf 內 [mysqld] 增加 skip-name-resolve [mysqld] : # Skip reverse DNS lookup of clients skip-name-resolve : * 然後重新啟動 mysqld 即可 * 參考資料 : http://developers.sugarcrm.com/wordpress/2012/01/10/howto-turn-off-mysql-reverse-dns-lookup-to-speed-up-response-times/ ===== 安裝與設定 PostgreSQL ===== yum install postgresql-server postgresql-devel * 第一次建立 PostgreSQL 資料目錄service postgresql initdb * 檢查 PostgreSQL 參數檔是否已產生


cd /var/lib/pgsql/data
ls -lt

* 看結果內容 [root@tryboxap07 data]# ls -lt total 116 drwx------ 5 postgres postgres 4096 Jan 25 03:29 base drwx------ 2 postgres postgres 4096 Jan 25 03:29 global drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_log drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_clog -rw------- 1 postgres postgres 3200 Jan 25 03:29 pg_hba.conf -rw------- 1 postgres postgres 1460 Jan 25 03:29 pg_ident.conf drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_subtrans drwx------ 3 postgres postgres 4096 Jan 25 03:29 pg_xlog -rw------- 1 postgres postgres 15201 Jan 25 03:29 postgresql.conf drwx------ 4 postgres postgres 4096 Jan 25 03:29 pg_multixact drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_tblspc drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_twophase -rw------- 1 postgres postgres 4 Jan 25 03:29 PG_VERSION * 設定 PostgreSQL 參數檔 postgresql.conf 內容 vi postgresql.conf : listen_addresses = '*' port = 5432 max_connections = 750 : shared_buffers = 24MB : stats_start_collector = on stats_command_string = on stats_block_level = on stats_row_level = on : autovacuum = on : * 依據實際需要來修改 postgresql 登入權限檔 pg_hba.conf vi pg_hba.conf # IPv4 local connections: local all all ident sameuser host all all 127.0.0.1/32 md5 * 啟動 PostgreSQL service postgresql start * **如果無法成功啟動, 可能需要調整 Kernel 的參數** vi /etc/sysctl.conf kernel.shmmax = 536870912 kernel.shmmni = 4096 kernel.shmall = 2097152 # semaphores: semmsl, semmns, semopm, semmni kernel.sem = 250 32000 100 128 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default=262144 net.core.rmem_max=262144 net.core.wmem_default=262144 net.core.wmem_max=262144 * /sbin/sysctl -p * 設定每次開機自動啟動 postgresql


su - root
chkconfig postgresql on
chkconfig --list | grep postgresql

[root@trybox-03 data]# chkconfig --list | grep postgresql postgresql 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@trybox-03 data]# ===== 安裝 php ===== * 安裝 php 與 php-mysql / php-pgsql 模組 yum install -y php php-mbstring php-mysql php-pgsql * 原則上 php 已經隨 apache 安裝上去, 所以只要驗證是否沒問題


cd /var/www/html/
vi php.php


service httpd restart

* 然後輸入網址, 應該可以看到 php 資訊網頁http://your-server-url/php.php ===== 安裝 perl Module ===== * 透過 EPEL 安裝


yum install -y perl-Text-Iconv perl-Mail-Sendmail perl-DBI perl-DBD-Pg perl-DBD-mysql perl-Digest-Perl-MD5

===== 安裝 phpMyAdmin ===== * 至 https://www.phpmyadmin.net/downloads/ 找 phpMyAdmin 最新版


cd /var/www/html
wget https://files.phpmyadmin.net/phpMyAdmin/4.9.1/phpMyAdmin-4.9.1-all-languages.tar.gz
tar -zxvf phpMyAdmin-*.tar.gz
rm -rf phpMyAdmin-*.tar.gz
mv phpMyAdmin-*-all-languages phpMyAdmin

* 設定 config.inc.php 參數檔


cd /var/www/html/phpMyAdmin
mkdir tmp
chown apache:apache tmp
cp config.sample.inc.php config.inc.php 
vi config.inc.php

: $cfg['blowfish_secret'] = '1234567890qwertyuiopasdfghjklzxc'; : /* Authentication type */ $cfg['Servers'][$i]['auth_type'] = 'cookie'; /* Server parameters */ : : * 這樣設定之後，連上 phpMyAdmin 網頁就會談出輸入帳號密碼的視窗，輸入 root 與建立 MySQL 或 MariaDB 的密碼就可以登入 * 參考網址 - http://benjr.tw/97998 ===== 安裝 phpPgAdmin ===== * 至 www.sf.net 找 phpPgAdmin * 網址 : http://sourceforge.net/projects/phppgadmin


cd /var/www/html
wget http://nchc.dl.sourceforge.net/sourceforge/phppgadmin/phpPgAdmin-3.5.6.tar.gz
tar -zxvf phpPgAdmin-3.5.6.tar.gz
rm -rf phpPgAdmin-3.5.6.tar.gz

* 設定參數檔 conf/config.inc.php


cd phpPgAdmin/conf
cp config.inc.php-dist config.inc.php
vi config.inc.php

: // Hostname or IP address for server. Use '' for UNIX domain socket. $conf['servers'][0]['desc'] = 'PostgreSQL'; $conf['servers'][0]['host'] = 'localhost'; : * 驗證 phpPgAdmin 安裝是否正確 * 網址 : http://your-server-url/phpPgAdmin/ * 可以使用之前建立的帳號密碼登入 * 建立 Reports 資料庫


su - postgres
export LANG=C
cd /var/www/html/phpPgAdmin/sql
psql template1 < reports-pgsql.sql

-bash-3.00$ psql template1 < reports-pgsql.sql CREATE DATABASE You are now connected to database "phppgadmin". NOTICE: CREATE TABLE will create implicit sequence "ppa_reports_report_id_seq" for "serial" column "ppa_reports.report_id" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "ppa_reports_pkey" for table "ppa_reports" CREATE TABLE GRANT GRANT -bash-3.00$ ===== 安裝 SubVersion(svn) ===== ==== 安裝 SubVersion rpm ==== 壓力測試發現在同時 svnadmin export 與 svn update 時會出現 db 異常問題, 導致無法運作, 必須執行 svnadmin recover svndir 修復, 以下就是針對 trybox 所修復的範例: \\ \\ cd /var/www/svn svnadmin recover trybox chown -R apache:apache trybox yum install -y subversion mod_dav_svn ==== 編輯設定檔 subversion.conf ====


cd /etc/httpd/conf.d/
vi subversion.conf

# Needed to do Subversion Apache server. LoadModule dav_svn_module modules/mod_dav_svn.so # Only needed if you decide to do "per-directory" access control. #LoadModule authz_svn_module modules/mod_authz_svn.so : : : DAV svn SVNParentPath /var/www/svn # Order deny,allow # Deny from all # Allow from 127.0.0.1 # Allow from ::1 # Allow from .ichiayi.com AuthzSVNAccessFile /var/www/control # Satisfy Any # Limit write permission to list of valid users. # # Require SSL connection for password protection. SSLRequireSSL AuthType Basic AuthName "Authorization Realm" AuthUserFile /var/www/passwdfile Require valid-user # * 如果 svn 要改用 http:／／沒有加密傳送方式, 就在 SSLRequireSSL 前加上 # 拿掉 SSLRequireSSL 功能 * 如果不需要設定特定使用者權限，就在 AuthzSVNAccessFile 前加上 # 拿掉指定權限功能, 也不用編輯 /var/www/control * 如果拿掉 Satisfy Any 前 #, 以下的限制 SSLRequireSSL / Deny from / Allow from 都會失效 ==== 依實際需要建立 svn 目錄與專案 ====


mkdir /var/www/svn
cd /var/www/svn
svnadmin create trybox
chown -R apache:apache trybox

==== 設定存取 subversion 用戶帳號密碼 ====


htpasswd -c /var/www/passwdfile jonathan
htpasswd /var/www/passwdfile trybox

[root@tryboxap1 svn]# htpasswd -c /var/www/passwdfile jonathan New password: Re-type new password: Adding password for user jonathan [root@tryboxap1 svn]# htpasswd /var/www/passwdfile trybox New password: Re-type new password: Adding password for user trybox ==== 設定每個使用者在每個 repos 內的權限 ==== vi /var/www/control [trybox:/] jonathan = rw trybox = r ==== 重起 apache 讓 subversion 生效 ==== service httpd restart ===== 安裝 cronolog 讓 log 檔可自動依日期分檔 ===== yum install -y cronolog * 透過下載原始碼安裝


wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
tar -zxvf cronolog-1.6.2.tar.gz
cd cronolog-1.6.2
./configure
make
make install
cd ..
rm -rf cronolog-1.6.2*

===== 安裝 RRDTool ===== * RRD Tools 官方網站 : http://oss.oetiker.ch/rrdtool/ * RRD Tools 官方下載網站 : http://dag.wieers.com/rpm/packages/rrdtool/


yum install rrdtool

===== 設定 iptables ===== * 依實際需要設定, 預設只有開放 tcp port 22


vi /etc/sysconfig/iptables

*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT


service iptables restart

===== 設定 yum-cron 自動升級 ===== * 適用 : CentOS7 * 參考 : * https://www.opencli.com/linux/rhel-centos-7-auto-update-packages * https://linux.cn/article-9455-1.html * ++看設定語法|


yum install yum-cron -y
systemctl start yum-cron
systemctl enable yum-cron
預設會更新所有安裝套件, 更新紀錄會寫入 /var/log/cron , 如果有特殊需求, 可以更改設定檔 /etc/yum/yum-cron.conf
vi /etc/yum/yum-cron.conf

: apply_updates = yes :


systemctl restart yum-cron

++ {{tag>linux centos 安裝 snmp ntpd apache httpd mysql postgresql php perl phpmyadmin phppgadmin svn subversion rrdtool cronolog iptables 置頂}}