echo "Clean system"
/sbin/service rsyslog stop
/sbin/service auditd stop
/usr/bin/package-cleanup --oldkernels --count=1 -y
/usr/bin/yum clean all -y
/usr/sbin/logrotate -f /etc/logrotate.conf
/bin/rm -f /var/log/*-???????? /var/log/*.gz
/bin/rm -f /var/log/dmesg.old
/bin/rm -rf /var/log/anaconda
/bin/cat /dev/null > /var/log/audit/audit.log
/bin/cat /dev/null > /var/log/wtmp
/bin/cat /dev/null > /var/log/lastlog
/bin/cat /dev/null > /var/log/grubby
/bin/rm -f /etc/udev/rules.d/70*
/bin/sed -i '/^HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
/bin/sed -i '/^UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
/bin/rm -rf /tmp/*
/bin/rm -rf /var/tmp/*
/bin/rm -f /etc/ssh/*key*
/bin/rm -f ~root/.bash_history
unset HISTFILE
/bin/rm -rf ~root/.ssh/
/bin/rm -f ~root/anaconda-ks.cfg
2015/11/13
2015/11/11
CentOS 6 install ClamAV via yum
yum -y install epel-release
yum -y install clamav clamd
# setup & start
chkconfig clamd on
service clamd start
# update
/usr/bin/freshclam
# auto update
echo '#!/bin/bash' >> /etc/cron.hourly/update
echo '/usr/bin/freshclam' >> /etc/cron.hourly/update
chmod +x /etc/cron.hourly/update
# daily scan
echo '#!/bin/bash' >> /etc/cron.daily/manual_clamscan
echo 'SCAN_DIR="/" ' >> /etc/cron.daily/manual_clamscan
echo 'LOG_FILE="/var/log/clamav/manual_clamscan.log" ' >> /etc/cron.daily/manual_clamscan
echo '/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE ' >> /etc/cron.daily/manual_clamscan
chmod +x /etc/cron.daily/manual_clamscan
2015/04/16
Cisco Switch Port Mirror setting
monitor session 1 source interface Gi0/2 - 4
monitor session 1 destination interface Gi0/7
monitor session 1 destination interface Gi0/7
SJ2000 time setup
add text file and rename as time.txt
add date and time with this format
Note: there has a space between data and time .
2014.05.07 09:26:00
add date and time with this format
Note: there has a space between data and time .
2014.05.07 09:26:00
2015/03/17
vsftp install on CentOS 7
# install on CentOS 7 without iptables and seLinux
# install something we need yum install vsftpd gcc pam-devel unzip php -y # Setup for virtual user curl 'https://codeload.github.com/tiwe-de/libpam-pwdfile/zip/master' > master.zip
unzip master.zip
cd libpam-pwdfile-master/
make
cp pam_pwdfile.so /lib64/security/ mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.org echo "auth required /lib64/security/pam_pwdfile.so pwdfile /etc/vsftpd/users" "" >> /etc/pam.d/vsftpd account required /lib64/security/pam_permit.so" "" >> /etc/pam.d/vsftpd echo " # backup config mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
# Setup vsftpd main config
echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "virtual_use_local_privs=YES" >> /etc/vsftpd/vsftpd.conf echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf echo "secure_chroot_dir=/var/run/vsftpd" >> /etc/vsftpd/vsftpd.conf echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf echo "guest_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "user_sub_token=$USER" >> /etc/vsftpd/vsftpd.conf echo "local_root=/data/ftp/$USER" >> /etc/vsftpd/vsftpd.conf echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf echo "hide_ids=YES" >> /etc/vsftpd/vsftpd.conf echo "user_config_dir=/etc/vsftpd/user_config" >> /etc/vsftpd/vsftpd.conf echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
# Setup up for vsftpd running folder
mkdir -p /var/run/vsftpd
mkdir -p /etc/vsftpd/user_config
# Setup up for ftp user
# Setup up for ftp user
mkdir -p /ftp/users
chown -Rf ftp:ftp /ftp/users
# Note: this command must turn on "short tag"
sed -i "s/short_open_tag = .*/short_open_tag = On/" /etc/php.ini
# ftp user config
mkdir -p /etc/vsftpd/user_config/
# ftp user account add
echo "<?php echo 'username:' . crypt('passwd'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
echo "local_root=/ftp/users/username_home""" >> /etc/vsftpd/user_config/username
# Create ftp user home
mkdir -p /ftp/users/username_home
chown -Rf ftp:ftp /ftp/users/username_home
# Note: this command must turn on "short tag"
sed -i "s/short_open_tag = .*/short_open_tag = On/" /etc/php.ini
# ftp user config
mkdir -p /etc/vsftpd/user_config/
# ftp user account add
echo "<?php echo 'username:' . crypt('passwd'); ?>"| php >> /etc/vsftpd/users
echo "" >> /etc/vsftpd/users
echo "local_root=/ftp/users/username_home""" >> /etc/vsftpd/user_config/username
# Create ftp user home
mkdir -p /ftp/users/username_home
chown -Rf ftp:ftp /ftp/users/username_home
echo "" >> /etc/vsftpd/users
#mkdir -p /etc/vsftpd/user_config/
echo "local_root=/ftp/users/$1" "" >> /etc/vsftpd/user_config/$1
mkdir -p /ftp/users/$1
chown -Rf ftp:ftp /ftp/users/$1
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-service=ftp
Restart firewall:firewall-cmd --reload
Restart firewall:firewall-cmd --reload
2015/03/13
CentOS 7 Samba 4 Clamav
# install Centos 7
# update os
yum -y update
yum install samba samba-common
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
cat /etc/samba/smb.conf.org |grep -v '#' | grep -v ';'|grep -v '^$' > /etc/samba/smb.conf
vi /etc/samba/smb.conf
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest = Bad User
load printers = no
[ftp_upload]
comment = FTP upload
path = /ftp
browseable = yes
writable = yes
public = yes
readonly = no
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
--
# install clamav
vi /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1
# update os
yum -y update
yum install samba samba-common
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
cat /etc/samba/smb.conf.org |grep -v '#' | grep -v ';'|grep -v '^$' > /etc/samba/smb.conf
vi /etc/samba/smb.conf
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest = Bad User
load printers = no
[ftp_upload]
comment = FTP upload
path = /ftp
browseable = yes
writable = yes
public = yes
readonly = no
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
--
# install clamav
vi /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag/
gpgcheck=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
enabled=1
yum install clamd
# Update virus database
freshclam
systemctl enable clamd.service
# Update virus database
freshclam
systemctl enable clamd.service
2015/02/11
2015/02/05
MySQL Backup / mysqldump
-- 備份某個資料庫
# mysqldump -u root -p db > db.sql;
-- 備份資料庫中的某個資料表
# mysqldump -u root -p db table > backup.sql;
-- 備份所有資料庫
# mysqldump -u root -p --all-databases > backup.sql;
-- 復原一個資料庫 (需先建好db_name 這個資料庫, 若沒建立請先執行 mysqladmin create db_name 建立即可)
# mysql -u root -p db < backup.sql
-- 復原多個資料庫 ( 因為backup.sql 內已有 CREATE DATABASE指令,因此不需先建DB)
# mysql -u root -p < backup.sql
注意:
因為新版mysqldump預設會使用UTF8,所以還原較沒問題, 若為舊版的mysqldump, 則需要使用--default-character-set 指定字集
# mysql -u root -p --default-character-set=latin1 db_name < backup.sql
只輸出MySQL DB Schema
mysqldump 資料庫名稱 --no-data > 輸出檔名
# mysqldump -u root -p db > db.sql;
-- 備份資料庫中的某個資料表
# mysqldump -u root -p db table > backup.sql;
-- 備份所有資料庫
# mysqldump -u root -p --all-databases > backup.sql;
-- 復原一個資料庫 (需先建好db_name 這個資料庫, 若沒建立請先執行 mysqladmin create db_name 建立即可)
# mysql -u root -p db < backup.sql
-- 復原多個資料庫 ( 因為backup.sql 內已有 CREATE DATABASE指令,因此不需先建DB)
# mysql -u root -p < backup.sql
注意:
因為新版mysqldump預設會使用UTF8,所以還原較沒問題, 若為舊版的mysqldump, 則需要使用--default-character-set 指定字集
# mysql -u root -p --default-character-set=latin1 db_name < backup.sql
只輸出MySQL DB Schema
mysqldump 資料庫名稱 --no-data > 輸出檔名
Subscribe to:
Posts (Atom)