2017/09/18

CentOS 7

replace Firewalld to iptables

 systemctl mask firewalld
 systemctl stop firewalld
 yum install iptables-services
 systemctl enable iptables
 systemctl start iptables


install some tools

yum install net-tools telnet yum-utils

2016/01/20

CentOS 7 rename hostname

#!/usr/bin/env bash

OLD_HOSTNAME="$( cat /etc/hostname )"
NEW_HOSTNAME="$1"

if [ -z "$NEW_HOSTNAME" ]; then
 echo -n "Please enter new hostname: "
 read NEW_HOSTNAME < /dev/tty
fi

if [ -z "$NEW_HOSTNAME" ]; then
 echo "Error: no hostname entered. Exiting."
 exit 1
fi

echo "Changing hostname from $OLD_HOSTNAME to $NEW_HOSTNAME..."

hostname "$NEW_HOSTNAME"

echo $NEW_HOSTNAME > /etc/hostname

if [ -n "$( grep "$OLD_HOSTNAME" /etc/hosts )" ]; then
 sed -i "s/$OLD_HOSTNAME/$NEW_HOSTNAME/g" /etc/hosts
else
 echo -e "$( hostname -I | awk '{ print $1 }' )\t$NEW_HOSTNAME" >> /etc/hosts
fi

echo "Done."

Make CentOS 7 as template

echo "Clean system"
/sbin/service rsyslog stop
/sbin/service auditd stop
/usr/bin/package-cleanup --oldkernels --count=1 -y
/usr/bin/yum  clean all -y
/usr/sbin/logrotate -f /etc/logrotate.conf
/bin/rm -f /var/log/*-???????? /var/log/*.gz
/bin/rm -f /var/log/dmesg.old
/bin/rm -rf /var/log/anaconda
/bin/cat /dev/null > /var/log/audit/audit.log
/bin/cat /dev/null > /var/log/wtmp
/bin/cat /dev/null > /var/log/lastlog
/bin/cat /dev/null > /var/log/grubby
/bin/rm -f /etc/udev/rules.d/70*
/bin/sed -i '/^HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-*
/bin/sed -i '/^UUID=/d' /etc/sysconfig/network-scripts/ifcfg-*
/bin/sed -i 's/static/dhcp/g' /etc/sysconfig/network-scripts/ifcfg-*
/bin/sed -i '/^IPADDR=/d' /etc/sysconfig/network-scripts/ifcfg-*
/bin/sed -i '/^NATMASK=/d' /etc/sysconfig/network-scripts/ifcfg-*
/bin/sed -i '/^GATEWAY=/d' /etc/sysconfig/network-scripts/ifcfg-*
/bin/rm -rf /tmp/*
/bin/rm -rf /var/tmp/*
/bin/rm -f /etc/ssh/*key*
/bin/rm -f ~root/.bash_history
unset HISTFILE
/bin/rm -rf ~root/.ssh/
/bin/rm -f ~root/anaconda-ks.cfg
history -c

2015/11/13

Make CentOS 6 as template

echo "Clean system"
/sbin/service rsyslog stop
/sbin/service auditd stop
/usr/bin/package-cleanup --oldkernels --count=1 -y
/usr/bin/yum  clean all -y
/usr/sbin/logrotate -f /etc/logrotate.conf
/bin/rm -f /var/log/*-???????? /var/log/*.gz
/bin/rm -f /var/log/dmesg.old
/bin/rm -rf /var/log/anaconda
/bin/cat /dev/null > /var/log/audit/audit.log
/bin/cat /dev/null > /var/log/wtmp
/bin/cat /dev/null > /var/log/lastlog
/bin/cat /dev/null > /var/log/grubby
/bin/rm -f /etc/udev/rules.d/70*
/bin/sed -i '/^HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
/bin/sed -i '/^UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
/bin/rm -rf /tmp/*
/bin/rm -rf /var/tmp/*
/bin/rm -f /etc/ssh/*key*
/bin/rm -f ~root/.bash_history
unset HISTFILE
/bin/rm -rf ~root/.ssh/
/bin/rm -f ~root/anaconda-ks.cfg

2015/11/11

CentOS 6 install ClamAV via yum

yum -y install epel-release
yum -y install clamav clamd
# setup & start
chkconfig clamd on
service clamd start
# update
/usr/bin/freshclam
# auto update 
echo '#!/bin/bash' >> /etc/cron.hourly/update
echo '/usr/bin/freshclam' >> /etc/cron.hourly/update
chmod +x /etc/cron.hourly/update
# daily scan
echo '#!/bin/bash' >> /etc/cron.daily/manual_clamscan
echo 'SCAN_DIR="/" ' >> /etc/cron.daily/manual_clamscan
echo 'LOG_FILE="/var/log/clamav/manual_clamscan.log" ' >> /etc/cron.daily/manual_clamscan
echo '/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE ' >> /etc/cron.daily/manual_clamscan
chmod +x /etc/cron.daily/manual_clamscan

2015/04/16

Cisco Switch Port Mirror setting

monitor session 1 source interface Gi0/2 - 4
monitor session 1 destination interface Gi0/7

SJ2000 time setup

add text file and rename as time.txt

add date and time with this format
Note: there has a space between data and time .


2014.05.07 09:26:00

2015/03/17

vsftp install on CentOS 7

# install on CentOS 7 without iptables and seLinux 

# install something we need
 
yum install vsftpd gcc pam-devel unzip php -y 
 
# Setup for virtual user 
 
curl 'https://codeload.github.com/tiwe-de/libpam-pwdfile/zip/master' > master.zip 
unzip master.zip 
cd libpam-pwdfile-master/ 
make 
cp pam_pwdfile.so /lib64/security/
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.org
echo "auth required /lib64/security/pam_pwdfile.so pwdfile  /etc/vsftpd/users" "" >> /etc/pam.d/vsftpd 
echo  "account required /lib64/security/pam_permit.so" "" >>  /etc/pam.d/vsftpd 

# backup config mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org

# Setup vsftpd main config
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf
echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf
echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "virtual_use_local_privs=YES" >> /etc/vsftpd/vsftpd.conf
echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf
echo "secure_chroot_dir=/var/run/vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf
echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_sub_token=$USER" >> /etc/vsftpd/vsftpd.conf
echo "local_root=/data/ftp/$USER" >> /etc/vsftpd/vsftpd.conf
echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
echo "hide_ids=YES" >> /etc/vsftpd/vsftpd.conf
echo "user_config_dir=/etc/vsftpd/user_config" >> /etc/vsftpd/vsftpd.conf
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf

# Setup up for vsftpd running folder

mkdir -p /var/run/vsftpd
mkdir -p /etc/vsftpd/user_config

# Setup up for ftp user

mkdir -p /ftp/users
chown -Rf ftp:ftp /ftp/users

# Note: this command must turn on "short tag"
sed -i "s/short_open_tag = .*/short_open_tag = On/" /etc/php.ini
# ftp user config
mkdir -p  /etc/vsftpd/user_config/

# ftp user account add
echo "<?php echo 'username:' . crypt('passwd'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
echo "local_root=/ftp/users/username_home""" >> /etc/vsftpd/user_config/username

# Create ftp user home
mkdir -p /ftp/users/username_home
chown -Rf ftp:ftp /ftp/users/username_home

# setup 
systemctl enable vsftpd.service
systemctl start vsftpd.service

#BTW...... add ftp user shell

echo "<?php echo '$1:' . crypt('$2'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
#mkdir -p  /etc/vsftpd/user_config/
echo "local_root=/ftp/users/$1" "" >> /etc/vsftpd/user_config/$1
mkdir -p /ftp/users/$1

chown -Rf ftp:ftp /ftp/users/$1

##
firewall-cmd --permanent --add-port=21/tcp 
firewall-cmd --permanent --add-service=ftp
Restart firewall:firewall-cmd --reload

2015/03/13

CentOS 7 Samba 4 Clamav

# install Centos 7
# update os

yum -y update
yum install samba samba-common

mv /etc/samba/smb.conf /etc/samba/smb.conf.org
cat /etc/samba/smb.conf.org |grep -v '#' | grep -v ';'|grep -v '^$' > /etc/samba/smb.conf

vi /etc/samba/smb.conf

[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        map to guest = Bad User
        load printers = no

[ftp_upload]
        comment    = FTP upload
        path       = /ftp
        browseable = yes
        writable   = yes
        public     = yes
        readonly   = no


systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

--

# install clamav

vi /etc/yum.repos.d/dag.repo


[dag]

name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1



yum install clamd
# Update virus database
freshclam
systemctl enable clamd.service

2015/02/11

My ABP list (Ad Block Plus)

This summary is not available. Please click here to view the post.