CentOS+基本服務安裝程序

• 適用 5.x / 6.x / 7.x x86_64 版本

1. 建立備援 root 帳號(Exp. misadm)
2. 建立登入帳號 (Exp. jonathan)
3. 網路可否正常運作 (ssh 到外部主機, 然後再 ssh 回來)

1. 使用 root 身分登入主機
2. 安裝 yum 更新套件
3. 使用 yum 更新到最新版本
4. 重新啟動電腦讓新版的 kernel 生效

su - root
yum update; sync; sync; sync; reboot

CentOS7

• 64 bits 環境 :

  rpm -Uvh http://mirror01.idc.hinet.net/EPEL/7/x86_64/e/epel-release-7-2.noarch.rpm

CentOS6

• 64 bits 環境 :

  rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm

• 32 bits 環境 :

  rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

CentOS5

• 64 bits 環境 :

  rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/x86_64/epel-release-5-4.noarch.rpm

• 32 bits 環境 :

  rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/i386/epel-release-5-4.noarch.rpm

yum install -y iptraf sysstat net-snmp mrtg

cd /etc/snmp
vi snmpd.conf

com2sec notConfigUser  default       public

group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

view    systemview    included   .1.3.6.1.2.1.2
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included   .1.3.6.1.2.1.2.2.1

access  notConfigGroup ""      any       noauth    exact  systemview none none

syslocation Taipei
syscontact Root <root@localhost>

• 啟動 snmpd 並設定開機可自動啟動

  service snmpd start
  chkconfig snmpd on
  chkconfig --list | grep snmpd

[root@ed2 snmp]# chkconfig --list | grep snmpd
snmpd           0:off   1:off   2:on 3:on       4:on    5:on    6:off

yum -y install ntp

• 如果要自己編輯 ntp server

  cd /etc
  vi ntp.conf

   :
   :
   # --- OUR TIMESERVERS -----
   server  210.59.157.30
   server  tick.stdtime.gov.tw prefer
   server  mizbeaver.udel.edu prefer
   server  ntps1-0.cs.tu-berlin.de
   server  ntps1.pads.ufrj.br
   server  time1.one4vision.de
   server  watch.stdtime.gov.tw
   server  time.stdtime.gov.tw
   server  tock.stdtime.gov.tw
   server  clock.stdtime.gov.tw
  
   server 192.43.244.18              # time.nist.gov (ACTS)
   server 192.5.41.40                # tick.usno.navy.mil
   :
   :

• 第一次網路校時

  ntpdate -u tick.stdtime.gov.tw

  [root@tryboxap1 etc]# ntpdate -u tick.stdtime.gov.tw
  23 Mar 17:22:58 ntpdate[3552]: adjust time server 220.130.158.51 offset -0.225961 sec
  [root@tryboxap1 etc]# date
  Thu Mar 23 17:23:33 CST 2006

• 啟動 ntpd

  service ntpd start
  chkconfig ntpd on
  chkconfig --list | grep ntpd
  ntpq -p

  [root@tryboxap1 etc]# chkconfig --list | grep ntpd
  ntpd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
  [root@tryboxap1 etc]# ntpq -p
       remote           refid      st t when poll reach   delay   offset  jitter
  ==============================================================================
   210.59.157.30   .INIT.          16 u    -   64    0    0.000    0.000 4000.00
   220-130-158-51. 220.130.158.50   2 u   30   64    1   16.261  -104.84   0.001
   mizbeaver.udel. .GPS.            1 u   29   64    1  228.213  -109.85   0.001
   ntps1-0.cs.tu-b .PPS.            1 u   32   64    1  371.710  -142.98   0.001
   ns2.pads.ufrj.b .GPS.            1 u   31   64    1  471.069  -166.67   0.001
   212-82-32-15.ip .PPS.            1 u   31   64    1  456.025  -158.71   0.001
   210.241.22.10   .INIT.          16 u    -   64    0    0.000    0.000 4000.00
   220-130-158-54. 220.130.158.50   2 u   30   64    1  159.259  -168.66   0.001
   220-130-158-52. 220.130.158.50   2 u   29   64    1  161.984  -169.12   0.001
   220-130-158-71. 220.130.158.50   2 u   28   64    1  146.384  -164.47   0.001
   220-130-158-72. 220.130.158.50   2 u   27   64    1  226.089  -205.19   0.001
   time.nist.gov   .ACTS.           1 u   25   64    1  577.621  -231.61   0.001
   ntp0.usno.navy. .USNO.           1 u   24   64    1  520.448  -175.86   0.001
   LOCAL(0)        LOCAL(0)        10 l   24   64    1    0.000    0.000   0.001

yum -y install httpd mod_ssl

• 依據實際狀況設定 httpd.conf 參數檔

  cd /etc/httpd/conf
  vi httpd.conf

  :
  KeepAlive Off
  :
  ServerAdmin [email protected]
  :
  ServerName tryboxap.ichiayi.com:80
  :
  DocumentRoot "/var/www/html"
  :
  Alias /icons/ "/var/www/icons/"
  
  <Directory "/var/www/icons">
  #    Options Indexes MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
  </Directory>
  :
  # End of proxy directives.
  
  <ifmodule mod_deflate.c>
      DeflateCompressionLevel 9
      AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
      AddOutputFilter DEFLATE js css
  </ifmodule>
  
  ### Section 3: Virtual Hosts
  :

• 啟動 httpd

  service httpd start

• 設定每次開機自動啟動 httpd

  chkconfig httpd on
  chkconfig --list | grep httpd

yum -y install mysql-server mysql-devel

• 第一次啟動 MySQL 並設定自動啟動

  service mysqld start
  chkconfig mysqld on
  chkconfig --list | grep mysqld

• 設定與確認 MySQL 內的 root 密碼

  /usr/bin/mysqladmin -u root password 'newpassword'
  mysql -u root -p

• 如果要建立一個資料庫 testdb 與帳號 testuser 可以在本機連上管理這個資料庫的權限可以參考以下與法

  CREATE DATABASE testdb;
  CREATE USER 'testuser'@'localhost' IDENTIFIED BY '**password**';
  GRANT ALL ON testdb.* TO 'testuser'@'localhost';
  FLUSH PRIVILEGES;

yum install postgresql-server postgresql-devel

• 第一次建立 PostgreSQL 資料目錄

  service postgresql initdb

• 檢查 PostgreSQL 參數檔是否已產生

  cd /var/lib/pgsql/data
  ls -lt

• 看結果內容

  [root@tryboxap07 data]# ls -lt
  total 116
  drwx------  5 postgres postgres  4096 Jan 25 03:29 base
  drwx------  2 postgres postgres  4096 Jan 25 03:29 global
  drwx------  2 postgres postgres  4096 Jan 25 03:29 pg_log
  drwx------  2 postgres postgres  4096 Jan 25 03:29 pg_clog
  -rw-------  1 postgres postgres  3200 Jan 25 03:29 pg_hba.conf
  -rw-------  1 postgres postgres  1460 Jan 25 03:29 pg_ident.conf
  drwx------  2 postgres postgres  4096 Jan 25 03:29 pg_subtrans
  drwx------  3 postgres postgres  4096 Jan 25 03:29 pg_xlog
  -rw-------  1 postgres postgres 15201 Jan 25 03:29 postgresql.conf
  drwx------  4 postgres postgres  4096 Jan 25 03:29 pg_multixact
  drwx------  2 postgres postgres  4096 Jan 25 03:29 pg_tblspc
  drwx------  2 postgres postgres  4096 Jan 25 03:29 pg_twophase
  -rw-------  1 postgres postgres     4 Jan 25 03:29 PG_VERSION

• 設定 PostgreSQL 參數檔 postgresql.conf 內容

  vi postgresql.conf

  :
  listen_addresses = '*'
  port = 5432
  max_connections = 750
  :
  shared_buffers = 24MB
  :
  stats_start_collector = on
  stats_command_string = on
  stats_block_level = on
  stats_row_level = on
  :
  autovacuum = on
  :

• 依據實際需要來修改 postgresql 登入權限檔 pg_hba.conf

  vi pg_hba.conf

  # IPv4 local connections:
  local    all         all                             ident sameuser
  host    all         all         127.0.0.1/32          md5

• 啟動 PostgreSQL

  service postgresql start

• 如果無法成功啟動, 可能需要調整 Kernel 的參數

  vi /etc/sysctl.conf

  kernel.shmmax = 536870912
  kernel.shmmni = 4096
  kernel.shmall = 2097152
  # semaphores: semmsl, semmns, semopm, semmni
  kernel.sem = 250 32000 100 128
  fs.file-max = 65536
  net.ipv4.ip_local_port_range = 1024 65000
  net.core.rmem_default=262144
  net.core.rmem_max=262144
  net.core.wmem_default=262144
  net.core.wmem_max=262144

• /sbin/sysctl -p

• 設定每次開機自動啟動 postgresql

  su - root
  chkconfig postgresql on
  chkconfig --list | grep postgresql

  [root@trybox-03 data]#  chkconfig --list | grep postgresql
  postgresql      0:off   1:off   2:on    3:on    4:on    5:on    6:off
  [root@trybox-03 data]# 

• 安裝 php 與 php-mysql / php-pgsql 模組

  yum install -y php php-mbstring php-mysql php-pgsql

• 原則上 php 已經隨 apache 安裝上去, 所以只要驗證是否沒問題

  cd /var/www/html/
  vi php.php

  <?php
  phpinfo();
  ?>

  service httpd restart

• 然後輸入網址, 應該可以看到 php 資訊網頁

  http://your-server-url/php.php

• 透過 EPEL 安裝

yum install -y perl-Text-Iconv perl-Mail-Sendmail perl-DBI perl-DBD-Pg perl-DBD-mysql perl-Digest-Perl-MD5

• 至 https://www.phpmyadmin.net/downloads/ 找 phpMyAdmin 最新版

  cd /var/www/html
  wget https://files.phpmyadmin.net/phpMyAdmin/4.9.1/phpMyAdmin-4.9.1-all-languages.tar.gz
  tar -zxvf phpMyAdmin-*.tar.gz
  rm -rf phpMyAdmin-*.tar.gz
  mv phpMyAdmin-*-all-languages phpMyAdmin

• 設定 config.inc.php 參數檔

  cd /var/www/html/phpMyAdmin
  mkdir tmp
  chown apache:apache tmp
  cp config.sample.inc.php config.inc.php 
  vi config.inc.php

  :
  $cfg['blowfish_secret'] = '1234567890qwertyuiopasdfghjklzxc';
  :
  /* Authentication type */
  $cfg['Servers'][$i]['auth_type'] = 'cookie';
  /* Server parameters */
  :
  :

• 這樣設定之後，連上 phpMyAdmin 網頁就會談出輸入帳號密碼的視窗，輸入 root 與建立 MySQL 或 MariaDB 的密碼就可以登入
• 參考網址 - http://benjr.tw/97998

• 至 www.sf.net 找 phpPgAdmin
• 網址 : http://sourceforge.net/projects/phppgadmin

  cd /var/www/html
  wget http://nchc.dl.sourceforge.net/sourceforge/phppgadmin/phpPgAdmin-3.5.6.tar.gz
  tar -zxvf phpPgAdmin-3.5.6.tar.gz
  rm -rf phpPgAdmin-3.5.6.tar.gz

• 設定參數檔 conf/config.inc.php

  cd phpPgAdmin/conf
  cp config.inc.php-dist config.inc.php
  vi config.inc.php

  :
          // Hostname or IP address for server.  Use '' for UNIX domain socket.
          $conf['servers'][0]['desc'] = 'PostgreSQL';
          $conf['servers'][0]['host'] = 'localhost';
  :

• 驗證 phpPgAdmin 安裝是否正確
• 網址 : http://your-server-url/phpPgAdmin/
• 可以使用之前建立的帳號密碼登入
• 建立 Reports 資料庫

  su - postgres
  export LANG=C
  cd /var/www/html/phpPgAdmin/sql
  psql template1 < reports-pgsql.sql

  -bash-3.00$ psql template1 < reports-pgsql.sql
  CREATE DATABASE
  You are now connected to database "phppgadmin".
  NOTICE:  CREATE TABLE will create implicit sequence "ppa_reports_report_id_seq" for "serial" column "ppa_reports.report_id"
  NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "ppa_reports_pkey" for table "ppa_reports"
  CREATE TABLE
  GRANT
  GRANT
  -bash-3.00$

cd /var/www/svn
svnadmin recover trybox
chown -R apache:apache trybox

yum install -y subversion mod_dav_svn

cd /etc/httpd/conf.d/
vi subversion.conf

# Needed to do Subversion Apache server.
LoadModule dav_svn_module     modules/mod_dav_svn.so

# Only needed if you decide to do "per-directory" access control.
#LoadModule authz_svn_module   modules/mod_authz_svn.so
:
:
:
<Location /repos>
   DAV svn
   SVNParentPath /var/www/svn

   # Order deny,allow
   # Deny from all
   # Allow from 127.0.0.1
   # Allow from ::1
   # Allow from .ichiayi.com

   AuthzSVNAccessFile /var/www/control
   # Satisfy Any

   # Limit write permission to list of valid users.
#   <LimitExcept GET PROPFIND OPTIONS REPORT>
      # Require SSL connection for password protection.
      SSLRequireSSL 

      AuthType Basic
      AuthName "Authorization Realm"
      AuthUserFile /var/www/passwdfile
      Require valid-user
#   </LimitExcept>
</Location>

mkdir /var/www/svn
cd /var/www/svn
svnadmin create trybox
chown -R apache:apache trybox

htpasswd -c /var/www/passwdfile jonathan
htpasswd /var/www/passwdfile trybox

[root@tryboxap1 svn]# htpasswd -c /var/www/passwdfile jonathan
New password:
Re-type new password:
Adding password for user jonathan

[root@tryboxap1 svn]# htpasswd /var/www/passwdfile trybox
New password:
Re-type new password:
Adding password for user trybox

vi /var/www/control

[trybox:/]
jonathan = rw
trybox = r

service httpd restart

yum install -y cronolog

• 透過下載原始碼安裝

  wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
  tar -zxvf cronolog-1.6.2.tar.gz
  cd cronolog-1.6.2
  ./configure
  make
  make install
  cd ..
  rm -rf cronolog-1.6.2*

yum install rrdtool

• 依實際需要設定, 預設只有開放 tcp port 22

vi /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

service iptables restart

• 適用 : CentOS7
• 參考 :
  • https://www.opencli.com/linux/rhel-centos-7-auto-update-packages
  • https://linux.cn/article-9455-1.html
• 看設定語法

  yum install yum-cron -y
  systemctl start yum-cron
  systemctl enable yum-cron
  預設會更新所有安裝套件, 更新紀錄會寫入 /var/log/cron , 如果有特殊需求, 可以更改設定檔 /etc/yum/yum-cron.conf
  vi /etc/yum/yum-cron.conf

  :
  apply_updates = yes
  :

  systemctl restart yum-cron