2012/11/24
clinet snmp install
CentOS
yum -y install net-snmp
#install tools
#yum -y install net-snmp-utils
# setup secret
echo 'rocommunity XXXXXX' >> /etc/snmp/snmpd.conf
# setup snmp proxy
# squid sample
# proxy -v 1 -c public 127.0.0.1:3401 .1.3.6.1.4.1.3495
chkconfig snmpd on
service snmpd start
Ubuntu Server
apt-get install snmpd
#mv /etc/snmp/snmpd.conf snmpd.conf.old
#vim /etc/snmp/snmpd.conf
#rocommunity XXXXXX "ip address" (from monitor)
echo 'rocommunity XXXXXX "ip address" (from monitor) ' >> /etc/snmp/snmpd.conf
sudo /etc/init.d/snmpd restart
2012/11/23
Cacti install note
0.
yum install -y httpd php php-mysql php-snmp php-xml mysql mysql-server cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel net-snmp-utils gcc wget man make perl-CPAN perl-ExtUtils-MakeMaker perl-ExtUtils-MakeMaker-Coverage crontabs xorg-x11-fonts-100dpi xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi ntp php-gd rrdtool
1.
fc-cache -vfs
mysqladmin --user=root password mypassword
mysqladmin --user=root --password reload
# Install and Configure Cacti
mkdir -p /var/www/html/cacti
cd /var/www/html/
wget http://www.cacti.net/downloads/cacti-0.8.8a.tar.gz
tar zxvf cacti-0.8.8a.tar.gz
mv cacti-0.8.8a cacti
cd cacti
cd /var/www/html/cacti/cacti-0.8.8a
2.
service mysqld start
chkconfig mysqld on
#import Cacti SQL
mysqladmin -u root -p mypassword create cacti
mysql -u root -pmypassword cacti < cacti.sql
mysql -u root -pmypassword
# MySQL command
mysql> GRANT ALL ON cacti.* TO admin@localhost IDENTIFIED BY 'adminpassword';
mysql> flush privileges;
yum install -y httpd php php-mysql php-snmp php-xml mysql mysql-server cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel net-snmp-utils gcc wget man make perl-CPAN perl-ExtUtils-MakeMaker perl-ExtUtils-MakeMaker-Coverage crontabs xorg-x11-fonts-100dpi xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi ntp php-gd rrdtool
1.
fc-cache -vfs
mysqladmin --user=root password mypassword
mysqladmin --user=root --password reload
# Install and Configure Cacti
mkdir -p /var/www/html/cacti
cd /var/www/html/
wget http://www.cacti.net/downloads/cacti-0.8.8a.tar.gz
tar zxvf cacti-0.8.8a.tar.gz
mv cacti-0.8.8a cacti
cd cacti
cd /var/www/html/cacti/cacti-0.8.8a
2.
service mysqld start
chkconfig mysqld on
#import Cacti SQL
mysqladmin -u root -p mypassword create cacti
mysql -u root -pmypassword cacti < cacti.sql
mysql -u root -pmypassword
# MySQL command
mysql> GRANT ALL ON cacti.* TO admin@localhost IDENTIFIED BY 'adminpassword';
mysql> flush privileges;
3.
更改config.php成我們MySQL的username, password與url path,如下:
vi include/config.php
$database_username = "admin";
$database_password = "adminpassword";
$url_path = "/cacti/";
4.
更改目錄權限
chown -R apache:apache /var/www/html/cacti
chown -R admin /var/www/html/cacti/rra/ /var/www/html/cacti/log/
5.
crontab -e
*/5 * * * * php /var/www/html/cacti/poller.php > /dev/null 2>&1
service crond restart
service httpd start
chkconfig httpd on
chkconfig httpd on
2012/10/13
[筆記]
[筆記]
ESXI RAM與其他SERVER RAM對調後
部分VM開不起來...
(開機到某些程序會卡住 進入single user mode後關閉該程序後可開機進入登入畫面但無法登入)
telnet server 22 通的
ESXI RAM與其他SERVER RAM對調後
部分VM開不起來...
(開機到某些程序會卡住 進入single user mode後關閉該程序後可開機進入登入畫面但無法登入)
telnet server 22 通的
ssh server 22 無回應
解法:關閉seLinux
解法:關閉seLinux
2012/08/24
dpkg: parse error, in file `/var/lib/dpkg/available'
dpkg: parse error, in file `/var/lib/dpkg/available'
重建available
sudo dpkg --clear-avail && sudo apt-get update
2012/07/27
5Ghz頻寬(WIFI)
台灣地區目前開放使用之5Ghz頻寬範圍如下
台灣開放的5Ghz頻道如下..(直接打去NCC問的)
5250-5350
5470-5725
5725-5825
5G的頻道有
Band1: CH36、CH40、CH44、CH48(5180MH
Band2: CH52、CH56、CH60、CH64(5260MH
Band3: CH100、CH104、CH108、CH112、CH
Band4: CH149、CH153、CH157、CH161、CH
台灣地區開放的頻道確實是Band2到4
(有也一說是1到4 但是NCC表示BAND1不開放 但是可透過FCC認證轉為NCC認證申請 不確定是否有業者用這方式申請來讓旗下裝置與AP支援B
然而Band3在相關的法規上有規範 必須能夠同時偵測到雷達並自動跳頻
因此有部分業者的網路卡/無線機器台 直接設定不支援Band3的頻道
附註:
Ruckus的AP在5Ghz頻道內支援Band
Netgear WNDA3100v2 支援Band1,Band4
Edimax的AP BR-6475nD支援Band 2 , 3 , 4的5Ghz...
台灣開放的5Ghz頻道如下..(直接打去NCC問的)
5250-5350
5470-5725
5725-5825
5G的頻道有
Band1: CH36、CH40、CH44、CH48(5180MH
Band2: CH52、CH56、CH60、CH64(5260MH
Band3: CH100、CH104、CH108、CH112、CH
Band4: CH149、CH153、CH157、CH161、CH
台灣地區開放的頻道確實是Band2到4
(有也一說是1到4 但是NCC表示BAND1不開放 但是可透過FCC認證轉為NCC認證申請 不確定是否有業者用這方式申請來讓旗下裝置與AP支援B
然而Band3在相關的法規上有規範 必須能夠同時偵測到雷達並自動跳頻
因此有部分業者的網路卡/無線機器台 直接設定不支援Band3的頻道
附註:
Ruckus的AP在5Ghz頻道內支援Band
Netgear WNDA3100v2 支援Band1,Band4
Edimax的AP BR-6475nD支援Band 2 , 3 , 4的5Ghz...
2012/07/16
HAproxy
設定檔
global
log 127.0.0.1 local0
#chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
#listen stats 184.82.2.32:808 ###查看状态的地址和端口http://184.82.2.32:808/haproxy?stats
#balance
# mode http
# stats enable
# stats auth taobao:Tao@2011
# timeout connect 10000 # default 10 second time out if a backend is not found
# timeout client 300000
# timeout server 300000
# maxconn 60000
# retries 3
listen smtp 192.168.0.111:25
mode tcp
log global
timeout connect 10000 # default 10 second time out if a backend is not found
timeout client 300000
timeout server 300000
maxconn 60000
retries 3
balance roundrobin ###负载策略
server smtpb 192.168.0.113:25 check ###后端真实服务器
server smtpb 192.168.0.114:25 check ###后端真实服务器
安裝
cd /tmp/
useradd haproxy
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.21.tar.gz
tar -xf haproxy-1.4.21.tar.gz
cd haproxy-1.4.21
make TARGET=linux26 PREFIX=/usr/local/haproxy
make install
vi /usr/local/haproxy/haproxy.cfg
haproxy -f /usr/local/haproxy/haproxy.cfg
啟動
/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg
停止
ps aux |grep haproxy
kill (pid number)
Postfix 綁上多個IP
vi /etc/postfix/main.cf
inet_interfaces = $myhostname, localhost
vi /etc/postfix/master.cf
#IP前面不能有任何空白
192.168.1.6:25 inet n - n - - smtpd -o content_filter=
192.168.1.7:25 inet n - n - - smtpd -o content_filter=
192.168.1.8:25 inet n - n - - smtpd -o content_filter=
#IP前面不能有任何空白
service postfix reload
netstat -tnlp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7008/master
tcp 0 0 192.168.1.6:25 0.0.0.0:* LISTEN 7008/master
tcp 0 0 192.168.1.7:25 0.0.0.0:* LISTEN 7008/master
tcp 0 0 192.168.1.8:25 0.0.0.0:* LISTEN 7008/master
Postfix install
yum -y update
yum -y install wget gcc make man db*-devel telnet
wget ftp://ftp.porcupine.org/mirrors/project-history/postfix/experimental/postfix-2.9-20110130.tar.gz
mv postfix-2.9-20110130.tar.gz /tmp
cd /tmp/
tar -xf postfix-2.9-20110130.tar.gz
cd postfix-2.9-20110130
chmod 755 postfix-install
make
make install
groupadd postfix -g 1000
groupadd postdrop
useradd postfix -u 1000 -g postfix -G postdrop
postalias hash:/etc/aliases
#這個aliases檔案有可能出現在/etc/postfix/aliases內
開機啟動
vi /etc/rc.d/rc.local
加上 /usr/sbin/postfix start
2012/07/10
CentOS 6.2同一張網卡綁兩個IP
cp /etc/sysconfig/network-scripts/ifcfg-em1 /etc/sysconfig/network-scripts/ifcfg-em1:1
vi /etc/sysconfig/network-scripts/ifcfg-em1:1
DEVICE="em1:1"
HWADDR="D4:AE:52:B8:5D:95"
NM_CONTROLLED="no"
ONBOOT="yes"
IPADDR="第二個IP"
NETMASK="255.255.255.0"
GATEWAY="192.168.0.1"
BOOTPROTO="static"
IPV6INIT="no"
ifup ifcfg-em1:1
如發生斷線
用新增的IP連入後啟動原先IP
ifcfg-em1
2012/04/30
iptables (參考
CentOS 7 install iptables
yum install iptables system-config-firewall-tui setuptool
iptables -I INPUT -i eth1 0.0.0.0/0 -j ACCEPT
## Block something
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
iptabels -I INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
Centos + httpd
yum -y install httpd
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
service iptables save
vi /etc/httpd/conf/httpd.conf
/ Listen
add
--
Listen *:443
--
netstat -tlunp | grep httpd
關於SSL部分設定參閱
http://www.twisu.com.tw/5/linset/www1.htm
http://docdb.fnal.gov/doc/sslconf.html
http://www.twbsd.org/cht/book/ch14.htm
http://www.apache-ssl.org/httpd.conf.example
關於SSL部分設定參閱
http://www.twisu.com.tw/5/linset/www1.htm
http://docdb.fnal.gov/doc/sslconf.html
http://www.twbsd.org/cht/book/ch14.htm
http://www.apache-ssl.org/httpd.conf.example
2012/04/27
Linux 變更 Hostname
uname -a (VIEW HOSTNAME now)
hostname newname
vi /etc/sysconfig/network
HOSTNAME=newname
vi etc/hosts
127.0.0.1 localhost newname
uname -a (VIEW HOSTNAME now)
hostname newname
vi /etc/sysconfig/network
HOSTNAME=newname
vi etc/hosts
127.0.0.1 localhost newname
uname -a (VIEW HOSTNAME now)
2012/04/21
2012/04/15
NTP server (TW)
NTP server
220.130.158.52 time.stdtime.gov.tw
140.109.1.10 stdtime.sinica.edu.tw
tock.stdtime.gov.tw watch.stdtime.gov.tw time.stdtime.gov.tw clock.stdtime.gov.tw tick.stdtime.gov.tw
2012/04/09
Spamassassin
vi /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
whitelist_from *@watchdata.com
whitelist_from *@watchdata.com.cn
#whitelist_from *@gmail.com
header LOCAL_RCVD From =~ /(119.255.1.60|watchdata|.watchdata\.com.cn)/(mail.domain.com|ip address)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -1000
service spamassassin restart
service postfix restart
2012/04/03
traceroute (centos)
yum -y install
traceroute
~
traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
1 router.corp.*.* (192.168.0.1) 0.673 ms 0.697 ms 0.785 ms
2012/04/02
2012/03/19
2012/03/07
VM creat
df -k
cd /vmfs/volumes/datastore1
mkdir test
ls -la
vmkfstools -i web-centos6.2/web-centos6.2.vmdk -d thin test/test.vmdk
///
cd /vmfs/volumes/datastore1
mkdir proxy
vmkfstools -i web-centos6.2/web-centos6.2.vmdk -d thin proxy/proxy.vmdk
///
cd /vmfs/volumes/datastore1
mkdir proxy
vmkfstools -i web-centos6.2/web-centos6.2.vmdk -d thin proxy/proxy.vmdk
///
--exit--
2012/02/14
2012/02/13
CP 排除特定檔案
find . ! -name "a.dat" ! -name "rem.txt" -name "*.dat" |xargs -i cp {} DEST
find 來源目標 ! -name "檔案名稱.ABC" ! -name "檔名B.txt" -name "*.AVI" |xargs -i cp {} 目的地位置
find 來源目標 ! -name "檔案名稱.ABC" ! -name "檔名B.txt" -name "*.AVI" |xargs -i cp {} 目的地位置
2012/01/19
mount 傳真 掃描 資料夾(透過網路芳鄰、SMB)
yum -y install cifs-utils
cd /samba-disk/復合機的產物/
mkdir fax
mkdir scanner
mount -t cifs //192.168.0.11/fax /samba-disk/復合機的產物/fax/
mount -t cifs //192.168.0.11/scan /samba-disk/復合機的產物/scanner/
mount -t cifs -o username=administrator,password=password //192.168.1.5/資料夾/ /本機掛
2012/01/18
Client host [209.85.214.172] blocked using bl.spamcop.net; Blocked
vi /etc/postfix/main.cf:
/
reject_rbl_client
remove list
/
reject_rbl_client
remove list
2012/01/17
2012/01/13
2012/01/05
rsyslog 設定
Firewall UDP 514
vi /etc/rsyslog.conf
$ModLoad imudp.so
$UDPServerRun 514
:fromhost-ip, isequal, "xxx.xxx.xxx.xxx" /var/log/xxx/xxxlog
Subscribe to:
Posts (Atom)