By

web安全

Table of contents

You can insert a table of contents using the marker [TOC]:

[TOC]

使用iptables防护网站安全

只允许特定流量通过,禁用其他流量

  • permit ssh
1
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  • permit DNS
1
2
iptables -l INPUT 1 -p tcp --sport 53 -j ACCEPT
iptables -l INPUT 1 -p udp --sport 53 -j ACCEPT
  • permit service
1
iptables -l INPUT 1 -p tcp --dport 80 -j ACCEPT
  • forbid all others
1
iptables -A INPUT -j DROP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@toad ~]# netstat -tn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 192.168.199.231:61094       101.200.31.147:443          TIME_WAIT
tcp        0     64 192.168.199.231:22          60.186.174.98:61241         ESTABLISHED
tcp        0      0 192.168.199.231:41795       192.168.199.1:445           ESTABLISHED
tcp        0      0 192.168.199.231:22          60.186.174.98:50722         ESTABLISHED
tcp        0      0 ::1:19187                   ::1:10010                   TIME_WAIT

[root@toad ~]# netstat -tn|grep 192.168.199.231|awk '{print $5}'|awk -F ":" '{print $1}'|sort|uniq -c|sort -r -n
      2 60.186.174.98
      2 101.200.31.147
      1 192.168.199.1
[root@toad ~]# iptables -l INPUT 1 -s 60.186.174.98 -j DROP

AIDE入侵检测系统

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#install aide
yum install -y aide

#config aide
vim /etc/aide.conf

#init aide database
aide --init
mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

#check monitor file
aide --check

#update aide database
aide --update

#setup cron job
crontab -e
* 3 * * * /usr/sbin/aide --check|mail -s "AIDE report " sizemore@gmail.com

By

Setup Java Development Environment in Ubuntu

Ubuntu: ubuntu-16.04-desktop-amd64

Install Oracle Java on Ubuntu Linux

1
2
# apt-get upgrade -y
# apt-get install ssh -y

1. Check to see if your Ubuntu Linux operating system architecture is 32-bit or 64-bit

1
2
3
4
root@stan-virtual-machine:~# file /sbin/init
/sbin/init: symbolic link to /lib/systemd/systemd
root@stan-virtual-machine:~# file /lib/systemd/systemd
/lib/systemd/systemd: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=03b9d43299696aa6b67b92f1225fa6045b978cb2, stripped

2. Check if you have Java installed on your system

1
2
3
4
5
6
7
8
9
root@stan-virtual-machine:~# java -version
The program 'java' can be found in the following packages:
 * default-jre
 * gcj-5-jre-headless
 * openjdk-8-jre-headless
 * gcj-4.8-jre-headless
 * gcj-4.9-jre-headless
 * openjdk-9-jre-headless
Try: apt install <selected package>

3. Completely remove the OpenJDK/JRE from your system and create a directory to hold your Oracle Java JDK/JRE binaries.

1
2
root@stan-virtual-machine:~# apt-get purge openjdk-\*
root@stan-virtual-machine:~# mkdir -p /usr/local/java

Go to link: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
download http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.tar.gz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
root@stan-virtual-machine:/home/stan/Downloads# cp -r jdk-8u101-linux-x64.tar.gz /usr/local/java

# tar xvzf jdk-8u101-linux-x64.tar.gz
# vim /etc/profile     #add into end of the file
JAVA_HOME=/usr/local/java/jdk1.8.0_101
JRE_HOME=$JAVA_HOME/jre
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
export JAVA_HOME
export JRE_HOME
export PATH

# update-alternatives --install "/usr/bin/java" "java" "/usr/local/java/jdk1.8.0_101/jre/bin/java" 1
# update-alternatives --install "/usr/bin/javac" "javac" "/usr/local/java/jdk1.8.0_101/bin/javac" 1
# update-alternatives --set java /usr/local/java/jdk1.8.0_101/jre/bin/java
# update-alternatives --set javac /usr/local/java/jdk1.8.0_101/bin/javac
source /etc/profile

4.Check##

1
2
3
4
5
6
root@stan-virtual-machine:/usr/local/java# java -version
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
root@stan-virtual-machine:/usr/local/java# javac -version
javac 1.8.0_101

By

1. Install minion:

1
2
3
4
5
6
7
8
[root@chatswood ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
Retrieving http://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
warning: /var/tmp/rpm-tmp.nKEP1w: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
   
[root@chatswood ~]# yum install -y salt-minion
[root@chatswood ~]# chkconfig salt-minion on

2. Configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@chatswood ~]# sed -n 16p /etc/salt/minion
#master: salt
[root@chatswood ~]# sed -i '16s#\#master: salt#master: 192.168.0.100#' /etc/salt/minion
[root@chatswood ~]# sed -n 16p /etc/salt/minion
master: 192.168.0.100
[root@chatswood ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.100   toad
192.168.0.168   salt-minion01
192.168.0.80    macadamina
192.168.0.49    chatswood
[root@chatswood ~]# /etc/init.d/salt-minion start

On salt master side:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[root@toad tomcat-formula]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.100   toad
192.168.0.168   salt-minion01
192.168.0.80    macadamina
192.168.0.49    chatswood
[root@toad tomcat-formula]# service salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]
[root@toad tomcat-formula]# salt-key
Accepted Keys:
macadamina
salt-minion01
Denied Keys:
Unaccepted Keys:
chatswood
Rejected Keys:
[root@toad tomcat-formula]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
chatswood
Proceed? [n/Y] Y
Key for minion chatswood accepted.
[root@toad tomcat-formula]# salt-key
Accepted Keys:
chatswood
macadamina
salt-minion01
Denied Keys:
Unaccepted Keys:
Rejected Keys:

By

1. Get formulat:

1
2
3
[root@toad formulas]# cd /srv/formulas
    
[root@toad formulas]# git clone https://github.com/saltstack-formulas/nginx-formula

2. Setup top file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@toad salt]# cat top.sls
base:
   '*':
       - nginx
```       
Add the new directory to file_roots:
```sh
[root@toad salt]# vim /etc/salt/master
file_roots:
  base:
    - /srv/salt
    - /srv/formulas/tomcat-formula
    - /srv/formulas/mysql-formula
    - /srv/formulas/nginx-formula

Restart the Salt Master.

3. Run:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
[root@toad formulas]# salt 'macadamina' state.highstate
macadamina:
----------
          ID: nginx
    Function: pkg.installed
      Result: True
     Comment: Package nginx is already installed.
     Started: 11:45:55.019357
    Duration: 3498.284 ms
     Changes:
----------
          ID: /var/www
    Function: file.directory
      Result: True
     Comment: Directory /var/www is in the correct state
     Started: 11:45:58.518393
    Duration: 1.548 ms
     Changes:
----------
          ID: /usr/share/nginx
    Function: file.directory
      Result: True
     Comment: Directory /usr/share/nginx is in the correct state
     Started: 11:45:58.520140
    Duration: 0.699 ms
     Changes:
----------
          ID: /etc/nginx/conf.d/default.conf
    Function: file.absent
      Result: True
     Comment: File /etc/nginx/conf.d/default.conf is not present
     Started: 11:45:58.520983
    Duration: 0.554 ms
     Changes:
----------
          ID: /etc/nginx/conf.d/example_ssl.conf
    Function: file.absent
      Result: True
     Comment: File /etc/nginx/conf.d/example_ssl.conf is not present
     Started: 11:45:58.521693
    Duration: 0.486 ms
     Changes:
----------
          ID: /etc/nginx
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx is in the correct state
     Started: 11:45:58.522309
    Duration: 1.041 ms
     Changes:
----------
          ID: /etc/nginx/nginx.conf
    Function: file.managed
      Result: True
     Comment: File /etc/nginx/nginx.conf updated
     Started: 11:45:58.524655
    Duration: 132.936 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -41,15 +41,7 @@
                               allow 127.0.0.1;
                               deny all;
                           }
                  -     location / {
                  -             root html;
                  -             index index.jsp index.html index.htm;
                  -             proxy_pass http://web_server;
                  -     }
                       }
                  -    upstream web_server {
                  -     server 127.0.0.1:8080;
                  -     }


                       include /etc/nginx/conf.d/*.conf;
----------
          ID: /etc/nginx/sites-enabled
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx/sites-enabled is in the correct state
     Started: 11:45:58.657818
    Duration: 1.969 ms
     Changes:
----------
          ID: /etc/nginx/sites-available
    Function: file.directory
      Result: True
     Comment: Directory /etc/nginx/sites-available is in the correct state
     Started: 11:45:58.659985
    Duration: 1.662 ms
     Changes:
----------
          ID: /var/log/nginx/access.log
    Function: file.absent
      Result: True
     Comment: File /var/log/nginx/access.log is not present
     Started: 11:45:58.661843
    Duration: 0.709 ms
     Changes:
----------
          ID: nginx-logger-access
    Function: file.managed
        Name: /etc/init/nginx-logger-access.conf
      Result: True
     Comment: File /etc/init/nginx-logger-access.conf is in the correct state
     Started: 11:45:58.662778
    Duration: 26.583 ms
     Changes:
----------
          ID: nginx-logger-access
    Function: service.running
      Result: True
     Comment: Service nginx-logger-access is already enabled, and is running
     Started: 11:45:58.712813
    Duration: 32.548 ms
     Changes:
              ----------
              nginx-logger-access:
                  True
----------
          ID: /var/log/nginx/error.log
    Function: file.absent
      Result: True
     Comment: Removed file /var/log/nginx/error.log
     Started: 11:45:58.745946
    Duration: 2.21 ms
     Changes:
              ----------
              removed:
                  /var/log/nginx/error.log
----------
          ID: nginx-logger-error
    Function: file.managed
        Name: /etc/init/nginx-logger-error.conf
      Result: True
     Comment: File /etc/init/nginx-logger-error.conf is in the correct state
     Started: 11:45:58.748406
    Duration: 26.15 ms
     Changes:
----------
          ID: nginx-logger-error
    Function: service.running
      Result: True
     Comment: Service nginx-logger-error is already enabled, and is running
     Started: 11:45:58.776206
    Duration: 28.481 ms
     Changes:
              ----------
              nginx-logger-error:
                  True
----------
          ID: /etc/logrotate.d/nginx
    Function: file.absent
      Result: True
     Comment: File /etc/logrotate.d/nginx is not present
     Started: 11:45:58.805766
    Duration: 1.142 ms
     Changes:
----------
          ID: htpasswd
    Function: pkg.installed
        Name: httpd-tools
      Result: True
     Comment: Package httpd-tools is already installed.
     Started: 11:45:58.807193
    Duration: 1.447 ms
     Changes:
----------
          ID: nginx-old-init
    Function: file.rename
        Name: /usr/share/nginx/init.d
      Result: True
     Comment: Source file "/etc/init.d/nginx" has already been moved out of place
     Started: 11:45:58.809509
    Duration: 0.872 ms
     Changes:
----------
          ID: nginx-old-init-disable
    Function: cmd.run
        Name: chkconfig --del nginx
      Result: True
     Comment: onlyif execution failed
     Started: 11:45:58.822906
    Duration: 10.906 ms
     Changes:
----------
          ID: nginx-old-init
    Function: module.wait
        Name: cmd.run
      Result: True
     Comment:
     Started: 11:45:58.835556
    Duration: 1.147 ms
     Changes:
----------
          ID: nginx
    Function: file.managed
        Name: /etc/init/nginx.conf
      Result: True
     Comment: File /etc/init/nginx.conf is in the correct state
     Started: 11:45:58.839171
    Duration: 41.314 ms
     Changes:
----------
          ID: nginx
    Function: service.running
      Result: True
     Comment: Service nginx is already enabled, and is running
     Started: 11:45:58.886379
    Duration: 53.53 ms
     Changes:
              ----------
              nginx:
                  True

Summary
-------------
Succeeded: 22 (changed=5)
Failed:     0
-------------
Total states run:     22

```    
### 4. Test
``` sh
[root@macadamina ~]# /usr/share/nginx/init.d status
nginx (pid  2092) is running...
[root@macadamina ~]# lsof -i :80
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   2092  root    6u  IPv4  13922      0t0  TCP localhost:http (LISTEN)
nginx   2093 nginx    6u  IPv4  13922      0t0  TCP localhost:http (LISTEN)
[root@macadamina ~]# wget 127.0.0.1
--2016-09-18 14:19:32--  http://127.0.0.1/
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3698 (3.6K) [text/html]
Saving to: “index.html”

100%[========================================================================================================>] 3,698       --.-K/s   in 0.007s

2016-09-18 14:19:32 (545 KB/s) - “index.html” saved [3698/3698]
[root@macadamina ~]# curl 127.0.0.1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        <title>Test Page for the Nginx HTTP Server on EPEL</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <style type="text/css">
            /*<![CDATA[*/
            body {
                background-color: #fff;
                color: #000;
                font-size: 0.9em;
                font-family: sans-serif,helvetica;
                margin: 0;
                padding: 0;
            }
            :link {
                color: #c00;
            }
            :visited {
                color: #c00;
            }
            a:hover {
                color: #f50;
            }
            h1 {
                text-align: center;
                margin: 0;
                padding: 0.6em 2em 0.4em;
                background-color: #294172;
                color: #fff;
                font-weight: normal;
                font-size: 1.75em;
                border-bottom: 2px solid #000;
            }
            h1 strong {
                font-weight: bold;
                font-size: 1.5em;
            }
            h2 {
                text-align: center;
                background-color: #3C6EB4;
                font-size: 1.1em;
                font-weight: bold;
                color: #fff;
                margin: 0;
                padding: 0.5em;
                border-bottom: 2px solid #294172;
            }
            hr {
                display: none;
            }
            .content {
                padding: 1em 5em;
            }
            .alert {
                border: 2px solid #000;
            }

            img {
                border: 2px solid #fff;
                padding: 2px;
                margin: 2px;
            }
            a:hover img {
                border: 2px solid #294172;
            }
            .logos {
                margin: 1em;
                text-align: center;
            }
            /*]]>*/
        </style>
    </head>

    <body>
        <h1>Welcome to <strong>nginx</strong> on EPEL!</h1>

        <div class="content">
            <p>This page is used to test the proper operation of the
            <strong>nginx</strong> HTTP server after it has been
            installed. If you can read this page, it means that the
            web server installed at this site is working
            properly.</p>

            <div class="alert">
                <h2>Website Administrator</h2>
                <div class="content">
                    <p>This is the default <tt>index.html</tt> page that
                    is distributed with <strong>nginx</strong> on
                    EPEL.  It is located in
                    <tt>/usr/share/nginx/html</tt>.</p>

                    <p>You should now put your content in a location of
                    your choice and edit the <tt>root</tt> configuration
                    directive in the <strong>nginx</strong>
                    configuration file
                    <tt>/etc/nginx/nginx.conf</tt>.</p>

                </div>
            </div>

            <div class="logos">
                <a href="http://nginx.net/"><img
                    src="nginx-logo.png"
                    alt="[ Powered by nginx ]"
                    width="121" height="32" /></a>

                <a href="http://fedoraproject.org/"><img
                    src="poweredby.png"
                    alt="[ Powered by Fedora EPEL ]"
                    width="88" height="31" /></a>
            </div>
        </div>
    </body>
</html>

By

bug 01:

[root@toad salt]# salt '*' state.sls upload_data
salt-minion01:
Data failed to compile:
----------
Pillar failed to render with the following messages:
----------
Error encountered while render pillar top file.
macadamina:
Data failed to compile:
----------
Pillar failed to render with the following messages:
----------
Error encountered while render pillar top file.

Fix 01:

[root@toad salt]# salt "*" saltutil.refresh_pillar
macadamina:
True
salt-minion01:
True

copy the file to spe. location:

[root@toad salt]# tree
.
├── contab.sls
├── createdir.sls
├── createuser.sls
├── del_cron.sls
├── files
│   ├── hosts
│   ├── wgzy.sql
│   └── zfgtai.zip
├── host_file.sls
├── nginx_install.sls
├── top.sls
├── upload_data.sls
└── upload_mysql.sls

[root@toad salt]# cat upload_mysql.sls
/usr/share/tomcat/webapps/wgzy.sql:
  file.managed:
- source: salt://files/wgzy.sql
- user: root
- group: root
- mode: 644

[root@toad salt]# salt '*' state.sls upload_mysql
salt-minion01:
----------
  ID: /usr/share/tomcat/webapps/wgzy.sql
Function: file.managed
  Result: True
 Comment: File /usr/share/tomcat/webapps/wgzy.sql updated
 Started: 17:11:02.739156
Duration: 298.114 ms
 Changes:
  ----------
  diff:
  New file
  mode:
  0644

Summary
------------
Succeeded: 1 (changed=1)
Failed:0
------------
Total states run: 1
macadamina:
----------
  ID: /usr/share/tomcat/webapps/wgzy.sql
Function: file.managed
  Result: True
 Comment: File /usr/share/tomcat/webapps/wgzy.sql updated
 Started: 17:11:05.274496
Duration: 254.31 ms
 Changes:
  ----------
  diff:
  New file
  mode:
  0644

Summary
------------
Succeeded: 1 (changed=1)
Failed:0
------------
Total states run: 1

Modify /etc/tomcat/server.xml

to

saltstack run command:

[root@toad salt]# cat modscript.sls
sed -i '125s#appBase=".*"# appBase="/deploy/source/aofa_pro"#' /etc/tomcat/server.xml:
  cmd.run


[root@toad salt]# salt '*' state.sls modscript
macadamina:
----------
  ID: sed -i '125s#appBase=".*"# appBase="/deploy/source/aofa_pro"#' /etc/tomcat/server.xml
Function: cmd.run
  Result: True
 Comment: Command "sed -i '125s#appBase=".*"# appBase="/deploy/source/aofa_pro"#' /etc/tomcat/server.xml" run
 Started: 11:06:15.245454
Duration: 38.108 ms
 Changes:
  ----------
  pid:
  38516
  retcode:
  0
  stderr:
  stdout:

Summary
------------
Succeeded: 1 (changed=1)
Failed:0
------------
Total states run: 1
salt-minion01:
----------
  ID: sed -i '125s#appBase=".*"# appBase="/deploy/source/aofa_pro"#' /etc/tomcat/server.xml
Function: cmd.run
  Result: True
 Comment: Command "sed -i '125s#appBase=".*"# appBase="/deploy/source/aofa_pro"#' /etc/tomcat/server.xml" run
 Started: 11:06:16.505044
Duration: 28.841 ms
 Changes:
  ----------
  pid:
  37702
  retcode:
  0
  stderr:
  stdout:

Summary
------------
Succeeded: 1 (changed=1)
Failed:0
------------
Total states run: 1

check result:
[root@toad salt]# salt ‘*’ cmd.run ‘sed -n 125p /etc/tomcat/server.xml’
macadamina:
<Host name=”localhost” appBase=”/deploy/source/aofa_pro”
salt-minion01:
<Host name=”localhost” appBase=”/deploy/source/aofa_pro”

copy the file form master to minion:
[root@toad salt]# salt ‘macadamina’ cp.get_file salt://files/zfgtai.zip /deploy/source/aofa_pro/zfgtai.zip
macadamina:
/deploy/source/aofa_pro/zfgtai.zip

Append text into file:

[root@salt-minion01 ~]# sed -i '34 a<Valve className="com.orangefunction.tomcat.redissessions.RedisSessionHandlerValve" /> <Manager className="com.orangefunction.tomcat.redissessions.RedisSessionManager" host="localhost" port="6379" database="0" maxInactiveInterval="60" />' context.xml

By

PXE + kickstart unattend install centos 6

Step 1: Install and configure DNSMASQ Server
1. INSTALL DNSMASQ DEAMON
1
#yum install dnsmasq
2. Edit dnsmasq conf file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# mv /etc/dnsmasq.conf  /etc/dnsmasq.conf.backup
# vim /etc/dnsmasq.conf



interface=eth0,lo
#bind-interfaces
domain=centos6.lan
# DHCP range-leases
dhcp-range= eth0,192.168.0.3,192.168.0.253,255.255.255.0,1h
# PXE
dhcp-boot=pxelinux.0,pxeserver,192.168.0.132
# Gateway
dhcp-option=3,192.168.0.1
# DNS
dhcp-option=6,192.168.0.1, 8.8.8.8
server=8.8.4.4
# Broadcast Address
dhcp-option=28,192.168.0.255
# NTP Server
dhcp-option=42,0.0.0.0
pxe-prompt="Press F8 for menu.", 60
pxe-service=x86PC, "Install CentOS 6 from network server 192.168.0.132", pxelinux
enable-tftp
tftp-root=/var/lib/tftpboot

interface – Interfaces that the server should listen and provide services.

bind-interfaces – Uncomment to bind only on this interface.

domain – Replace it with your domain name.

dhcp-range – Replace it with IP range defined by your network mask on this segment.

dhcp-boot – Replace the IP statement with your interface IP Address.

dhcp-option=3,192.168.0.1 – Replace the IP Address with your network segment Gateway.

dhcp-option=6,92.168.0.1 – Replace the IP Address with your DNS Server IP – several DNS IPs can be defined.

server=8.8.4.4 – Put your DNS forwarders IPs Addresses.

dhcp-option=28,192.168.0.255 – Replace the IP Address with network broadcast address –optionally.

dhcp-option=42,0.0.0.0 – Put your network time servers – optionally (0.0.0.0 Address is for self-reference).

pxe-prompt – Leave it as default – means to hit F8 key for entering menu 60 with seconds wait time..

pxe=service – Use x86PC for 32-bit/64-bit architectures and enter a menu description prompt under string quotes. Other values types can be: PC98, IA64EFI, Alpha, Arcx86, IntelLeanClient, IA32EFI, BCEFI, XscaleEFI and X86-64EFI.

enable-tftp – Enables the build-in TFTP server.

tftp-root – Use /var/lib/tftpboot – the location for all netbooting files.

read more dnsmasq manual

STEP 2: INSTALL SYSLINUX BOOTLOADERS
1
2
# yum install syslinux
# ls /usr/share/syslinux
STEP 3: INSTALL TFTP-SERVER AND POPULATE IT WITH SYSLINUX BOOTLOADERS
1
2
# yum install tftp-server
# cp -r /usr/share/syslinux/* /var/lib/tftpboot
STEP 4: SETUP PXE SERVER CONFIGURATION FILE

Typically the PXE Server reads its configuration from a group of specific files (GUID files – first, MAC files – next, Default file – last) hosted in a folder called pxelinux.cfg, which must be located in the directory specified in tftp-root statement from DNSMASQ main configuration file.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# mkdir /var/lib/tftpboot/pxelinux.cfg
# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 300# 30 seconds
ONTIMEOUT local
menu title ########## PXE Boot Menu ##########
label 1
menu label ^1) Install or upgrade CentOS 6 x64 
kernel centos6/vmlinuz
append initrd=centos6/initrd.img ks=ftp://192.168.0.132/ks.cfg
label 2
menu label ^2) Install CentOS 6 x64 with http://mirror.centos.org Repo
kernel centos6/vmlinuz
append initrd=centos6/initrd.img method=http://mirror.centos.org/centos/6/os/x86_64/ devfs=nomount ip=dhcp
label 3
menu label ^3) Install CentOS 6 x64 with Local Repo using VNC
kernel centos6/vmlinuz
append  initrd=centos6/initrd.img method=ftp://192.168.0.132/pub devfs=nomount inst.vnc inst.vncpassword=password
label 4
menu label ^4) Boot from local drive
STEP 5: ADD CENTOS 7 BOOT IMAGES TO PXE SERVER
1
2
3
4
5
# mount -o loop /root/CentOS-6.8-x86-bin-DVD1.iso  /mnt
# ls /mnt
# mkdir /var/lib/tftpboot/centos6
# cp /mnt/images/pxeboot/vmlinuz  /var/lib/tftpboot/centos6
# cp /mnt/images/pxeboot/initrd.img  /var/lib/tftpboot/centos6
STEP 6: CREATE CENTOS 7 LOCAL MIRROR INSTALLATION SOURCE
1
2
3
4
# yum install vsftpd
# cp -r /mnt/*  /var/ftp/pub/
# chmod -R 755 /var/ftp/pub

Prepare local repo file

1
# wget -O /var/ftp/pub/Centos-6.repo http://mirrors.aliyun.com/repo/Centos-6.repo
STEP 7: CREATE KS.CFG FILE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# vim /var/ftp/ks.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="ftp://192.168.0.132/pub"
# Root password
rootpw --iscrypted $1$MzJZISZ7$wX0pW3sFy/5y80l2BAQD81
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
#graphical
text

%include /tmp/network.ks

firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# Reboot after installation
#reboot
# System timezone
timezone  Australia/Sydney
# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel 
# Disk partitioning information
part /boot --asprimary --fstype="ext4" --size=250
part swap --asprimary --fstype="swap" --size=1024
part / --asprimary --fstype="ext4" --grow --size=1

%packages
@base
@chinese-support
@compat-libraries
@debugging
@development


%pre
#!/bin/sh
exec < /dev/tty3 > /dev/tty3 2>&1
chvt 3
hn=""

while [ "$hn" == "" ]; do
 clear
 echo " *** Please enter the following details: *** "
 echo
 read -p "Hostname: " hn
done
clear
chvt 1
echo "network --device eth0 --bootproto dhcp --hostname ${hn}" > /tmp/network.ks

%post
sed -i 's#ONBOOT=no#ONEBOOT=yes#g' /etc/sysconfig/network-scripts/ifcfg-eth0
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old
wget -O /etc/yum.repos.d/CentOS-Base.repo ftp://192.168.0.132/pub/Centos-6.repo
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum update -y
sleep 30
runlevel
chkconfig --list|grep 3:on |grep -vE "crond|sshd|network|rsyslog|systat" |awk '{print "chkconfig " $1 " off"}'|bash
/etc/init.d/iptables stop
service ntpd stop
/usr/sbin/ntpdate au.pool.ntp.org
date
echo '#time sync by stan zhou' >> /var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate au.pool.ntp.org > /dev/null 2>&1' >> /var/spool/cron/root
crontab -l
echo "UseDNS no" >> /etc/ssh/sshd_config
echo '*        -    nofile        65535' >> /etc/security/limits.conf
echo "net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384" >> /etc/sysctl.conf
sysctl -p
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
%end

Read more about kickstart CentOS6

STEP 7: START AND ENABLE DAEMONS SYSTEM-WIDE
1
2
3
4
#service dnsmasq start
#service vsftpd start
#chkconfig dnsmasq on
#chkconfig vsftpd on
STEP 8: MYSQL INSTALL SCRIPT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#vim /var/ftp/pub/install_mysql
groupadd mysql
useradd -s /sbin/nologin -g mysql -M mysql
tail -1 /etc/passwd
id mysql
# setup the tar file download add
wget ftp://192.168.0.134/pub/mysql-5.5.50-linux2.6-x86_64.tar.gz
tar xf mysql-5.5.50-linux2.6-x86_64.tar.gz
mkdir -p /application/
mv mysql-5.5.50-linux2.6-x86_64 /application/mysql-5.5.50
ln -s /application/mysql-5.5.50/ /application/mysql
ls -l /application/
cd /application/mysql/
ls -l support-files/*.cnf
/bin/cp support-files/my-medium.cnf /etc/my.cnf
mkdir -p /application/mysql/data
chown -R mysql.mysql /application/mysql/
/application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data/ --user=mysql
/bin/cp support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld

/etc/init.d/mysqld start
netstat -lntup|grep mysql

chkconfig --add mysqld
chkconfig mysqld on
chkconfig --list mysqld

echo 'export PATH=/application/mysql/bin:$PATH' >> /etc/profile
tail -1 /etc/profile
source /etc/profile
echo $PATH
# after install run the following command
#/application/mysql/bin/mysql_secure_installation

By

CentOS quck start guide

Analyzing syslog entries

log file standard format

1. Stop and Start RHEL7 firewall

1
2
3
4
5
[root@rhel7 ~]# service firewalld stop
Redirecting to /bin/systemctl stop  firewalld.service

[root@rhel7 ~]# service firewalld start
Redirecting to /bin/systemctl start  firewalld.service

2. Disable and Enable RHEL7 firewall

1
2
3
4
5
6
7
8
[root@rhel7 ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'


[root@rhel7 ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.service'

3. Set hostname

1
2
3
[root@rhel7 ~]# hostnamectl

[root@rhel7 ~]# hostnamectl set-hostname nameyoulike

Signals

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@ip-172-31-5-191 ~]# kill -l
 1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX

SIGKILL signal

1
2
3
4
5
6
7
8
9
[root@ip-172-31-5-191 ~]# sleep 10000 &
[1] 19559
[root@ip-172-31-5-191 ~]# ps aux|grep sleep
root     19559  0.0  0.0 107952   356 pts/0    S    07:48   0:00 sleep 10000
root     19564  0.0  0.0 112708   976 pts/0    S+   07:48   0:00 grep --color=auto sleep
[root@ip-172-31-5-191 ~]# kill -9 19559
[1]+  Killed                  sleep 10000
[root@ip-172-31-5-191 ~]# ps aux|grep sleep
root     19596  0.0  0.0 112708   980 pts/0    S+   07:49   0:00 grep --color=auto sleep

SIGHUP signal

1
2
3
[root@ip-172-31-5-191 ~]# nohup sleep 1000 &
[1] 19786
[root@ip-172-31-5-191 ~]# nohup: ignoring input and appending output to ‘nohup.out’

Bash Shell Variables

Put variable into the file /etc/environment

Another very important rule is that a child process will never be able to change the parent’s environment variables, because the child and parent are independent from each other and the child only has a local copy of the parent’s environment:

1
2
3
4
5
6
7
8
[root@ip-172-31-5-191 ~]# mkdir ~/scripts
[root@ip-172-31-5-191 ~]# printf '#!/bin/bash\nexport CHILDVAR=Hello_from_child\n' > ~/scripts/child.sh
[root@ip-172-31-5-191 ~]# cat ~/scripts/child.sh
#!/bin/bash
export CHILDVAR=Hello_from_child
[root@ip-172-31-5-191 ~]# chmod +x ~/scripts/child.sh
[root@ip-172-31-5-191 ~]# ~/scripts/child.sh
[root@ip-172-31-5-191 ~]# echo $CHILDVAR

Bash Shell Scripting

Functions

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@ip-172-31-5-191 ~]# say_hello() {
> echo "My name is $1";
> }

[root@ip-172-31-5-191 ~]# say_hello Stan
My name is Stan
[root@ip-172-31-5-191 ~]# say_another_thing() {
> say_hello Stan
> echo "I like CentOS 7";
> }

[root@ip-172-31-5-191 ~]# say_another_thing
My name is Stan
I like CentOS 7
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@ip-172-31-5-191 ~]# cat run.sh
#!/bin/bash
echo "Hello world"
echo "-----------"
if [[ $# -lt 2 ]]
then
  echo "Usage $0 param1 param2"
  exit 1
fi
echo $1
echo $2
echo $0
echo $#
1
2
3
[root@ip-172-31-5-191 ~]# PASSWORD="tt4321"
[root@ip-172-31-5-191 ~]# if [[ $PASSWORD -eq "hello_world" || $PASSWORD -eq "tt4321" ]]; then echo "password correct"; fi
password correct

if

1
2
3
4
5
6
7
8
9
if [[ $EXIT -eq 0 ]]
if ! [[ $EXIT -eq 0 ]]
if [[ $PASSWORD == "Hello_world" ]]
if [[ $PASSWORD -eq "hello_world" || $PASSWORD -eq "tt4321" ]]

STRING="Lorem ipsum dolor sit"
if [[ $STRING =~ ^..rem ]]
if [[ $NUMBER -lt 10 ]]  ##-lt less than
if [[ $NUMBER -gt 10 ]]  ##-gt greater than

file or diri tests

1
2
if [[ -a $FILE ]]
if [[ -d $DIR ]]

for read the bash manual
man bash /CONDITIONAL EXPRESSIONS

else statement

1
2
3
4
5
6
if [[ $EXIT -eq 0 ]]
then
  echo "whatever"
else
  echo "cannot access the files"
fi

if elif statement

1
2
3
4
5
6
7
8
9
10
if [[ $VALUE -gt 5 ]]
then
  echo "value is bigger than 5"
elif [[ $VALUE -eq 5 ]]
then 
  echo "value is equal to 5"
elif [[ $VALUE -lt 5 ]]
then
  echo "value is less than 5"
fi

Loops statement

1
2
3
4
5
6
7
8
9
10
11
12
13
14
for count in 1 2 3 4
do
  echo $count
done

for number in $(seq 1 20)
do
 echo "This is $number"
done

for number in {1..20}
do
 echo "This is $number"
done

change multi file names

1
2
3
4
5
6
mkdir ~/stuff
touch ~/stuff/1.txt ~/stuff/2.txt ~/stuff/3.txt ~/stuff/4.txt ~/stuff/5.txt
for file in ~/stuff/*.txt
do
  mv $file ~/stuff/$(basename $file .txt).doc
done

Automate script execution

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
cat scripts/motd-commandlinefu-update.sh
#!/bin/bash
wget -O /etc/motd http://www.commandlinefu.com/commands/random/plaintext
ls /etc/cron* -d
/etc/cron.d  /etc/cron.daily  /etc/cron.hourly  /etc/cron.monthly  /etc/crontab  /etc/cron.weekly
root@stan-OptiPlex-380:~|⇒  cd /etc/cron.daily
root@stan-OptiPlex-380:/etc/cron.daily|
⇒  ln -s /root/scripts/motd-commandlinefu-update.sh
root@stan-OptiPlex-380:/etc/cron.daily|
⇒  ll
total 72
drwxr-xr-x   2 root root  4096 Jun 20 10:47 ./
drwxr-xr-x 150 root root 12288 Jun 20 10:44 ../
-rwxr-xr-x   1 root root   311 May 30  2017 0anacron*
-rwxr-xr-x   1 root root   539 Oct 11  2018 apache2*
-rwxr-xr-x   1 root root   376 Nov 21  2017 apport*
-rwxr-xr-x   1 root root  1478 Apr 20  2018 apt-compat*
-rwxr-xr-x   1 root root   314 Jan 17  2018 aptitude*
-rwxr-xr-x   1 root root   355 Dec 29  2017 bsdmainutils*
-rwxr-xr-x   1 root root   384 Dec 13  2012 cracklib-runtime*
-rwxr-xr-x   1 root root  1176 Nov  3  2017 dpkg*
-rwxr-xr-x   1 root root   372 Aug 22  2017 logrotate*
-rwxr-xr-x   1 root root  1065 Apr  7  2018 man-db*
-rwxr-xr-x   1 root root   538 Mar  2  2018 mlocate*
lrwxrwxrwx   1 root root    42 Jun 20 10:47 motd-commandlinefu-update.sh -> /root/scripts/motd-commandlinefu-update.sh*
-rwxr-xr-x   1 root root   249 Jan 26  2018 passwd*
-rw-r--r--   1 root root   102 Nov 16  2017 .placeholder
-rwxr-xr-x   1 root root   246 Mar 22  2018 ubuntu-advantage-tools*

Working in the shell efficiently

man bash /Commands for Moving

Command Editing Shortcuts

  • Ctrl + a – go to the start of the command line

  • Ctrl + e – go to the end of the command line

  • Ctrl + k – delete from cursor to the end of the command line

  • Ctrl + u – delete from cursor to the start of the command line

  • Ctrl + w – delete from cursor to start of word (i.e. delete backwards one word)

  • Ctrl + y – paste word or text that was cut using one of the deletion shortcuts (such as the one above) after the cursor

  • Ctrl + xx – move between start of command line and current cursor position (and back again)

  • Alt + b – move backward one word (or go to start of word the cursor is currently on)

  • Alt + f – move forward one word (or go to end of word the cursor is currently on)

  • Alt + d – delete to end of word starting at cursor (whole word if cursor is at the beginning of word)

  • Alt + c – capitalize to end of word starting at cursor (whole word if cursor is at the beginning of word)

  • Alt + u – make uppercase from cursor to end of word

  • Alt + l – make lowercase from cursor to end of word

  • Alt + t – swap current word with previous

  • Alt + . – print previous command’s argument

  • Ctrl + f – move forward one character

  • Ctrl + b – move backward one character

  • Ctrl + d – delete character under the cursor

  • Ctrl + h – delete character before the cursor

  • Ctrl + t – swap character under cursor with the previous one

    Command Recall Shortcuts

  • Ctrl + r – search the history backwards

  • Ctrl + g – escape from history searching mode

  • Ctrl + p – previous command in history (i.e. walk back through the command history)

  • Ctrl + n – next command in history (i.e. walk forward through the command history)

  • Alt + . – use the last word of the previous command

    Command Control Shortcuts

  • Ctrl + l – clear the screen

  • Ctrl + s – stops the output to the screen (for long running verbose command)

  • Ctrl + q – allow output to the screen (if previously stopped using command above)

  • Ctrl + c – terminate the command

  • Ctrl + z – suspend/stop the command

    for debuging purpose

  • Ctrl + Alt + e - $SHELL /bin/bash

    Bash Bang (!) Commands

    Bash also has some handy features that use the ! (bang) to allow you to do some funky stuff with bash commands.

  • !! – run last command

  • !blah – run the most recent command that starts with ‘blah’ (e.g. !ls)

  • !blah:p – print out the command that !blah would run (also adds it as the latest command in the command history)

  • !$ – the last word of the previous command (same as Alt + .)

  • !$:p – print out the word that !$ would substitute

  • !* – the previous command except for the last word (e.g. if you type ‘_find somefile.txt /’, then !* would give you ‘_find somefile.txt’)

  • !*:p – print out what !* would substitute

  • tail -f log_file | egrep -v 'ELB|Pingdom|Health' – filter out stuff has certain keywords

By

Let’s cut to the chase

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@aofa-staging tools]# cat mysql_backup.sh
#!/bin/sh
MYUSER=root
MYPASS=yourpasswd
SOCKET=/tmp/mysql.sock
MYLOGIN="mysql -u$MYUSER -p$MYPASS -S $SOCKET"
MYDUMP="mysqldump -u$MYUSER -p$MYPASS -S$SOCKET -B"
DATABASE="$($MYLOGIN -e "show databases;"|egrep -vi "Data|_schema|mysql")"

for dbname in $DATABASE
  do
   MYDIR=/backup/mysql/$dbname
   [ ! -d $MYDIR ] && mkdir -p $MYDIR
 $MYDUMP $dbname|gzip >$MYDIR/${dbname}_$(date +%F).sql.gz
done

Output:

1
2
3
4
5
6
7
8
9
10
[root@aofa-staging backup]# tree mysql
mysql
├── allyoubank
│   └── allyoubank_2016-08-28.sql.gz
├── test
│   └── test_2016-08-28.sql.gz
└── wgzy
    └── wgzy_2016-08-28.sql.gz

3 directories, 3 files
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@aofa-staging tools]# cat mysql_table.sh
#!/bin/sh
USER=root
PASSWD=xyz
SOCKET=/tmp/mysql.sock
MYLOGIN="mysql -u$USER -p$PASSWD -S$SOCKET"
MYDUMP="mysqldump -u$USER -p$PASSWD -S$SOCKET"
DATEBASE="$($MYLOGIN -e "show databases;"|egrep -vi "Data|_schema|mysql")"

for dbname in $DATEBASE
do
 TABLE="$($MYLOGIN -e "use $dbname;show tables;"|sed '1d')"
  for tname in $TABLE
   do
MYDIR=/backup/mysql02/$dbname/${dbname}_$(date +%F)
     [ ! -d $MYDIR ] && mkdir -p $MYDIR
 $MYDUMP $dbname $tname |gzip >$MYDIR/${dbname}_${tname}_$(date +%F).sql.gz
    done
done

Output:

1
2
3
4
5
6
7
8
9
10
11
[root@aofa-staging mysql02]# tree
.
├── allyoubank
│   └── allyoubank_2016-08-28
│       ├── allyoubank_account_2016-08-28.sql.gz
│       └── allyoubank_w_sign_in_2016-08-28.sql.gz
└── wgzy
    └── wgzy_2016-08-28
        ├── wgzy_account_2016-08-28.sql.gz
        └── wgzy_w_sign_in_2016-08-28.sql.gz
4 directories, 172 files

my.cnf file

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# cat /root/.my.cnf
[client]
host=hostname
user=foo
password=xxxxxxxxx



[client_replica]
host=hostname-replica
user=bar
password=xxxxxxxxxx

mysql -e 'show master status\G';
mysql --defaults-group-suffix=_replica -e 'show slave status\G'

By

weekly backup script

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# vim /etc/backup/backupwk.sh
#!/bin/bash
# ====================================================================
# user input backup location
# basedir=backup dir
basedir=/backup/weekly

# ====================================================================
#
PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH
export LANG=C

# backup folders
#named=$basedir/named
#postfixd=$basedir/postfix
#vsftpd=$basedir/vsftp
sshd=$basedir/ssh
#sambad=$basedir/samba
wwwd=$basedir/wwwd
#others=$basedir/others
userinfod=$basedir/userinfo
# check if the file exists, if didn't create a dir
for dirs in $sshd $wwwd $userinfod
do
        [ ! -d "$dirs" ] && mkdir -p $dirs
done

# 1. service config file
#cp -a /var/named/chroot/{etc,var}      $named
#cp -a /etc/postfix /etc/dovecot.conf   $postfixd
#cp -a /etc/vsftpd/*                    $vsftpd
cp -a /etc/ssh/*                        $sshd
#cp -a /etc/samba/*                     $sambad
cp -a /etc/my.cnf       $wwwd
cp -a /application/nginx/conf/nginx.conf        $wwwd

cd /application
  tar -jpc -f $wwwd/tomcat.tar.bz2     tomcat
  tar -jpc -f $wwwd/nginx.tar.bz2     nginx

# 2. about user par
cp -a /etc/{passwd,shadow,group}        $userinfod
cd /var/spool
  tar -jpc -f $userinfod/mail.tar.bz2   mail
cd /var/spool
  tar -jpc -f $userinfod/cron.tar.bz2   cron at

Every Sun 3.30 run weekly backup script:

1
2
# vim /etc/crontab
30 3 * * 0 root /backup/backupwk.sh

By

docker container with centos 6 and tomcat 7

# docker search centos
# docker pull centos

Download the Oracle JDK

wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/7u72-b14/jdk-7u72-linux-x64.tar.gz"

Create a working folder and place both Tomcat tarball and Oracle JDK files in the same folder.

[root@docker centos6]# ls
apache-tomcat-7.0.70.tar.gz  Dockerfile  jdk-7u72-linux-x64.tar.gz

[root@docker centos6]# cat Dockerfile
FROM centos:latest
MAINTAINER lreeder

#Helpful utils, but only sudo is required
#RUN yum -y install tar
#RUN yum -y install vim
#RUN yum -y install nc
RUN yum -y install sudo

######## JDK7

#Note that ADD uncompresses this tarball automatically
ADD jdk-7u72-linux-x64.tar.gz /opt
WORKDIR /opt/jdk1.7.0_72
RUN alternatives --install /usr/bin/java java /opt/jdk1.7.0_72/bin/java 1
RUN alternatives --install /usr/bin/jar jar /opt/jdk1.7.0_72/bin/jar 1
RUN alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_72/bin/javac 1
RUN echo "JAVA_HOME=/opt/jdk1.7.0_72" >> /etc/environment

######## TOMCAT

#Note that ADD uncompresses this tarball automatically
ADD apache-tomcat-7.0.70.tar.gz /usr/share
WORKDIR /usr/share/
RUN mv  apache-tomcat-7.0.70 tomcat7
RUN echo "JAVA_HOME=/opt/jdk1.7.0_72/" >> /etc/default/tomcat7
RUN groupadd tomcat
RUN useradd -s /bin/bash -g tomcat tomcat
RUN chown -Rf tomcat.tomcat /usr/share/tomcat7
EXPOSE 8080

Build image

# docker build --rm=true -t centos6/tomcat7 .

Setup port forwarding and start tomcat

[root@docker centos6]# docker run -p 80:8080 --rm=true -t -i --name tomcat7 centos6/tomcat7 /usr/bin/sudo -u tomcat /usr/share/tomcat7/bin/catalina.sh run

Find out the IP address for the running container:

[root@docker centos6]# docker inspect --format '{{ .NetworkSettings.IPAddress }}' tomcat7
172.17.0.22