systemctl mask firewalld
systemctl stop firewalld
yum install iptables-services
systemctl enable iptables
systemctl start iptables
install some tools
yum install net-tools telnet yum-utils
yum -y install epel-release
yum -y install clamav clamd
# setup & start
chkconfig clamd on
service clamd start
# update
/usr/bin/freshclam
# auto update
echo '#!/bin/bash' >> /etc/cron.hourly/update
echo '/usr/bin/freshclam' >> /etc/cron.hourly/update
chmod +x /etc/cron.hourly/update
# daily scan
echo '#!/bin/bash' >> /etc/cron.daily/manual_clamscan
echo 'SCAN_DIR="/" ' >> /etc/cron.daily/manual_clamscan
echo 'LOG_FILE="/var/log/clamav/manual_clamscan.log" ' >> /etc/cron.daily/manual_clamscan
echo '/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE ' >> /etc/cron.daily/manual_clamscan
chmod +x /etc/cron.daily/manual_clamscan
# install on CentOS 7 without iptables and seLinux
# install something we need yum install vsftpd gcc pam-devel unzip php -y # Setup for virtual user curl 'https://codeload.github.com/tiwe-de/libpam-pwdfile/zip/master' > master.zip
unzip master.zip
cd libpam-pwdfile-master/
make
cp pam_pwdfile.so /lib64/security/ mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.org echo "auth required /lib64/security/pam_pwdfile.so pwdfile /etc/vsftpd/users" "" >> /etc/pam.d/vsftpd account required /lib64/security/pam_permit.so" "" >> /etc/pam.d/vsftpd echo " # backup config mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
# Setup vsftpd main config
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "virtual_use_local_privs=YES" >> /etc/vsftpd/vsftpd.conf echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf echo "secure_chroot_dir=/var/run/vsftpd" >> /etc/vsftpd/vsftpd.conf echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "user_sub_token=$USER" >> /etc/vsftpd/vsftpd.conf echo "local_root=/data/ftp/$USER" >> /etc/vsftpd/vsftpd.conf echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf echo "hide_ids=YES" >> /etc/vsftpd/vsftpd.conf echo "user_config_dir=/etc/vsftpd/user_config" >> /etc/vsftpd/vsftpd.conf echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf