su - root yum update; sync; sync; sync; reboot
CentOS7
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/7/x86_64/e/epel-release-7-2.noarch.rpm
CentOS6
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm
CentOS5
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/x86_64/epel-release-5-4.noarch.rpm
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/5/i386/epel-release-5-4.noarch.rpm
yum install -y iptraf sysstat net-snmp mrtg
cd /etc/snmp vi snmpd.conf
com2sec notConfigUser default public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.2 view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view systemview included .1.3.6.1.2.1.2.2.1 access notConfigGroup "" any noauth exact systemview none none syslocation Taipei syscontact Root <root@localhost>
service snmpd start chkconfig snmpd on chkconfig --list | grep snmpd
[root@ed2 snmp]# chkconfig --list | grep snmpd snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
yum -y install ntp
cd /etc vi ntp.conf
: : # --- OUR TIMESERVERS ----- server 210.59.157.30 server tick.stdtime.gov.tw prefer server mizbeaver.udel.edu prefer server ntps1-0.cs.tu-berlin.de server ntps1.pads.ufrj.br server time1.one4vision.de server watch.stdtime.gov.tw server time.stdtime.gov.tw server tock.stdtime.gov.tw server clock.stdtime.gov.tw server 192.43.244.18 # time.nist.gov (ACTS) server 192.5.41.40 # tick.usno.navy.mil : :
ntpdate -u tick.stdtime.gov.tw
[root@tryboxap1 etc]# ntpdate -u tick.stdtime.gov.tw 23 Mar 17:22:58 ntpdate[3552]: adjust time server 220.130.158.51 offset -0.225961 sec [root@tryboxap1 etc]# date Thu Mar 23 17:23:33 CST 2006
service ntpd start chkconfig ntpd on chkconfig --list | grep ntpd ntpq -p
[root@tryboxap1 etc]# chkconfig --list | grep ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@tryboxap1 etc]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 210.59.157.30 .INIT. 16 u - 64 0 0.000 0.000 4000.00 220-130-158-51. 220.130.158.50 2 u 30 64 1 16.261 -104.84 0.001 mizbeaver.udel. .GPS. 1 u 29 64 1 228.213 -109.85 0.001 ntps1-0.cs.tu-b .PPS. 1 u 32 64 1 371.710 -142.98 0.001 ns2.pads.ufrj.b .GPS. 1 u 31 64 1 471.069 -166.67 0.001 212-82-32-15.ip .PPS. 1 u 31 64 1 456.025 -158.71 0.001 210.241.22.10 .INIT. 16 u - 64 0 0.000 0.000 4000.00 220-130-158-54. 220.130.158.50 2 u 30 64 1 159.259 -168.66 0.001 220-130-158-52. 220.130.158.50 2 u 29 64 1 161.984 -169.12 0.001 220-130-158-71. 220.130.158.50 2 u 28 64 1 146.384 -164.47 0.001 220-130-158-72. 220.130.158.50 2 u 27 64 1 226.089 -205.19 0.001 time.nist.gov .ACTS. 1 u 25 64 1 577.621 -231.61 0.001 ntp0.usno.navy. .USNO. 1 u 24 64 1 520.448 -175.86 0.001 LOCAL(0) LOCAL(0) 10 l 24 64 1 0.000 0.000 0.001
yum -y install httpd mod_ssl
cd /etc/httpd/conf vi httpd.conf
: KeepAlive Off : ServerAdmin [email protected] : ServerName tryboxap.ichiayi.com:80 : DocumentRoot "/var/www/html" : Alias /icons/ "/var/www/icons/" <Directory "/var/www/icons"> # Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> : # End of proxy directives. <ifmodule mod_deflate.c> DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE js css </ifmodule> ### Section 3: Virtual Hosts :
service httpd start
chkconfig httpd on chkconfig --list | grep httpd
yum -y install mysql-server mysql-devel
service mysqld start chkconfig mysqld on chkconfig --list | grep mysqld
/usr/bin/mysqladmin -u root password 'newpassword' mysql -u root -p
CREATE DATABASE testdb; CREATE USER 'testuser'@'localhost' IDENTIFIED BY '**password**'; GRANT ALL ON testdb.* TO 'testuser'@'localhost'; FLUSH PRIVILEGES;
[mysqld] : # Skip reverse DNS lookup of clients skip-name-resolve :
yum install postgresql-server postgresql-devel
service postgresql initdb
cd /var/lib/pgsql/data ls -lt
[root@tryboxap07 data]# ls -lt total 116 drwx------ 5 postgres postgres 4096 Jan 25 03:29 base drwx------ 2 postgres postgres 4096 Jan 25 03:29 global drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_log drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_clog -rw------- 1 postgres postgres 3200 Jan 25 03:29 pg_hba.conf -rw------- 1 postgres postgres 1460 Jan 25 03:29 pg_ident.conf drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_subtrans drwx------ 3 postgres postgres 4096 Jan 25 03:29 pg_xlog -rw------- 1 postgres postgres 15201 Jan 25 03:29 postgresql.conf drwx------ 4 postgres postgres 4096 Jan 25 03:29 pg_multixact drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_tblspc drwx------ 2 postgres postgres 4096 Jan 25 03:29 pg_twophase -rw------- 1 postgres postgres 4 Jan 25 03:29 PG_VERSION
vi postgresql.conf
: listen_addresses = '*' port = 5432 max_connections = 750 : shared_buffers = 24MB : stats_start_collector = on stats_command_string = on stats_block_level = on stats_row_level = on : autovacuum = on :
vi pg_hba.conf
# IPv4 local connections: local all all ident sameuser host all all 127.0.0.1/32 md5
service postgresql start
vi /etc/sysctl.conf
kernel.shmmax = 536870912 kernel.shmmni = 4096 kernel.shmall = 2097152 # semaphores: semmsl, semmns, semopm, semmni kernel.sem = 250 32000 100 128 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default=262144 net.core.rmem_max=262144 net.core.wmem_default=262144 net.core.wmem_max=262144
/sbin/sysctl -p
su - root chkconfig postgresql on chkconfig --list | grep postgresql
[root@trybox-03 data]# chkconfig --list | grep postgresql postgresql 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@trybox-03 data]#
yum install -y php php-mbstring php-mysql php-pgsql
cd /var/www/html/ vi php.php
<?php phpinfo(); ?>
service httpd restart
http://your-server-url/php.php
yum install -y perl-Text-Iconv perl-Mail-Sendmail perl-DBI perl-DBD-Pg perl-DBD-mysql perl-Digest-Perl-MD5
cd /var/www/html wget https://files.phpmyadmin.net/phpMyAdmin/4.9.1/phpMyAdmin-4.9.1-all-languages.tar.gz tar -zxvf phpMyAdmin-*.tar.gz rm -rf phpMyAdmin-*.tar.gz mv phpMyAdmin-*-all-languages phpMyAdmin
cd /var/www/html/phpMyAdmin mkdir tmp chown apache:apache tmp cp config.sample.inc.php config.inc.php vi config.inc.php
: $cfg['blowfish_secret'] = '1234567890qwertyuiopasdfghjklzxc'; : /* Authentication type */ $cfg['Servers'][$i]['auth_type'] = 'cookie'; /* Server parameters */ : :
cd /var/www/html wget http://nchc.dl.sourceforge.net/sourceforge/phppgadmin/phpPgAdmin-3.5.6.tar.gz tar -zxvf phpPgAdmin-3.5.6.tar.gz rm -rf phpPgAdmin-3.5.6.tar.gz
cd phpPgAdmin/conf cp config.inc.php-dist config.inc.php vi config.inc.php
: // Hostname or IP address for server. Use '' for UNIX domain socket. $conf['servers'][0]['desc'] = 'PostgreSQL'; $conf['servers'][0]['host'] = 'localhost'; :
su - postgres export LANG=C cd /var/www/html/phpPgAdmin/sql psql template1 < reports-pgsql.sql
-bash-3.00$ psql template1 < reports-pgsql.sql CREATE DATABASE You are now connected to database "phppgadmin". NOTICE: CREATE TABLE will create implicit sequence "ppa_reports_report_id_seq" for "serial" column "ppa_reports.report_id" NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "ppa_reports_pkey" for table "ppa_reports" CREATE TABLE GRANT GRANT -bash-3.00$
cd /var/www/svn svnadmin recover trybox chown -R apache:apache trybox
yum install -y subversion mod_dav_svn
cd /etc/httpd/conf.d/ vi subversion.conf
# Needed to do Subversion Apache server. LoadModule dav_svn_module modules/mod_dav_svn.so # Only needed if you decide to do "per-directory" access control. #LoadModule authz_svn_module modules/mod_authz_svn.so : : : <Location /repos> DAV svn SVNParentPath /var/www/svn # Order deny,allow # Deny from all # Allow from 127.0.0.1 # Allow from ::1 # Allow from .ichiayi.com AuthzSVNAccessFile /var/www/control # Satisfy Any # Limit write permission to list of valid users. # <LimitExcept GET PROPFIND OPTIONS REPORT> # Require SSL connection for password protection. SSLRequireSSL AuthType Basic AuthName "Authorization Realm" AuthUserFile /var/www/passwdfile Require valid-user # </LimitExcept> </Location>
mkdir /var/www/svn cd /var/www/svn svnadmin create trybox chown -R apache:apache trybox
htpasswd -c /var/www/passwdfile jonathan htpasswd /var/www/passwdfile trybox
[root@tryboxap1 svn]# htpasswd -c /var/www/passwdfile jonathan New password: Re-type new password: Adding password for user jonathan [root@tryboxap1 svn]# htpasswd /var/www/passwdfile trybox New password: Re-type new password: Adding password for user trybox
vi /var/www/control
[trybox:/] jonathan = rw trybox = r
service httpd restart
yum install -y cronolog
wget http://cronolog.org/download/cronolog-1.6.2.tar.gz tar -zxvf cronolog-1.6.2.tar.gz cd cronolog-1.6.2 ./configure make make install cd .. rm -rf cronolog-1.6.2*
yum install rrdtool
vi /etc/sysconfig/iptables
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
service iptables restart