27
Oct
fail2ban centos 7
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]
action = %(action_)s
rm jail.d/00-firewalld*
Archive for the ‘Linúc ếch bợt’ Category
28
Mar
linux folder monitoring
yum -y install inotify-tools
[root@worker-3 ~]# cat watch.sh
#!/bin/bash
TARGET=/var/log/pods/
inotifywait -m -e create -e moved_to --format "%f" $TARGET \
| while read FILENAME
do
echo Detected path $TARGET file $FILENAME
sleep 5
SUBDIR="`ls ${TARGET}${FILENAME}`"
POD="`echo $FILENAME | cut -d'_' -f 2`"
tail -f ${TARGET}$FILENAME/$SUBDIR/0.log | logger -t "$POD" &
done
[root@worker-3 ~]# cat dwatch.sh
#!/bin/bash
TARGET=/var/log/pods/
inotifywait -m -e delete –format “%f” $TARGET \
| while read FILENAME
do
echo Deleted path $TARGET file $FILENAME
kill `ps ax | grep tail | grep $FILENAME | cut -b 1-6`
done
[root@worker-3 ~]#
18
May
SYS02 setup env
# yum groupinstall “Development tools”
# yum install epel-release
mariadb.repo
https://downloads.mariadb.org/mariadb/repositories/#mirror=nethub&distro=CentOS&distro_release=centos6-amd64–centos6&version=10.2
#yum install MariaDB-server MariaDB-client MariaDB-devel
# mysql_secure_installation
# For CentOS/RHEL/Scientific Linux 6 i386 or x86_64 #wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm# rpm -ivh remi-release-6.rpm
#yum remove php #yum remove php-common
yum-config-manager --enable remi-php54
#yum install php php-mysql php-dom php-devel php-snmp re2c
download https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.13
unzip cphalcon-master.zip
#cd build
#./install
===================== radius OTP perl ====================
====================== Devtools2 for CentOS ======================
PHP-CPP
https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY
#wget 'https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY/archive/master.zip' #unzip php-cpp-master.zip #cd PHP-CPP-LEGACY-master/
#make; make install
LibSSH
#wget 'https://git.libssh.org/projects/libssh.git/snapshot/master.zip'
download v0.7.5 at https://git.libssh.org/projects/libssh.git/
#mv master.zip libssh-master.zip #unzip libssh-master.zip #cd master/build
#cmake -DCMAKE_INSTALL_PREFIX=/usr ..
#make ; make install
CNetconf
https://github.com/CESNET/libnetconf
#wget 'https://github.com/CESNET/libnetconf/archive/master.zip'
https://github.com/CESNET/libnetconf/tree/0.10.x
#mv master.zip netconf-master.zip #unzip netconf-master.zip
#yum install libxml2-devel libxslt-devel curl-devel
# ./configure --prefix=/usr
#vi src/ssh.c
int strict=0;
ssh_options_set(retval->ssh_sess, SSH_OPTIONS_STRICTHOSTKEYCHECK, &strict);
case NC_SSH_AUTH_INTERACTIVE:
VERB("Keyboard-interactive authentication");
break;
#make ; make install
=========== CENTOS 7 ============
install mariadb 5.5 , remi php70 , php-cpp
cnetconf branch 0.10.x not the latest one
========== CENTOS 6 ===============
cd /root/
yum -y install epel-release
yum -y install centos-release-scl
yum -y install devtoolset-6
yum -y install MariaDB-server MariaDB-client MariaDB-devel
/etc/init.d/mysql start
mysql_secure_installation
export http_proxy=http://10.103.19.251:3128
export https_proxy=http://10.103.19.251:3128
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -ivh remi-release-6.rpm
yum remove php
yum remove php-common
yum-config-manager --enable remi-php54
yum -y install php php-mysql php-dom php-devel php-snmp re2c
wget https://github.com/phalcon/cphalcon/archive/phalcon-v2.0.13.tar.gz
tar -xvf phalcon-v2.0.13.tar.gz
cd cphalcon-phalcon-v2.0.13/
cd build/
./install
cd /root/
wget 'https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY/archive/master.zip'
mv master.zip PHP-CPP-LEGACY.zip
unzip PHP-CPP-LEGACY.zip
cd PHP-CPP-LEGACY-master/
make
make install
ldconfig
cd /root/
wget https://git.libssh.org/projects/libssh.git/snapshot/libssh-0.7.5.tar.gz
tar -xvf libssh-0.7.5.tar.gz
cd libssh-0.7.5
mkdir build
cd build/
yum -y install cmake
cmake -DCMAKE_INSTALL_PREFIX=/usr ..
make
make install
ldconfig
cd /root/
wget https://github.com/CESNET/libnetconf/archive/0.10.x.zip
unzip 0.10.x.zip
cd libnetconf-0.10.x/
yum -y install libxml2-devel libxslt-devel curl-devel
./configure --prefix=/usr
make
make install
11
Jan
iscsi multipath
change some settings in /etc/iscsi/iscsid.conf:
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 10
node.session.timeo.replacement_timeout = 15
/etc/init.d/iscsi start
iscsiadm -m iface -I iface0 –op=new
iscsiadm -m iface -I iface1 –op=new
iscsiadm -m iface -I iface0 –op=update -n iface.hwaddress -v 00:11:22:33:44:55
iscsiadm -m iface -I iface1 –op=update -n iface.hwaddress -v 66:77:88:99:AA:BB
iscsiadm -m discovery -t st -p 10.X.X.X
iscsiadm -m node –loginall=all
iscsiadm -m session
The configuration file (/etc/multipath.conf) is set up by default
devnode_blacklist {
devnode "^sda$"
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z]"
devnode "^cciss!c[0-9]d[0-9]*"
}
multipaths { multipath {#get wwid by #multipath -ll wwid 360a9800043336a414c3a3954725a7869 alias my-lun0 } }devices { device { vendor "NETAPP" product "LUN" path_grouping_policy group_by_prio getuid_callout "/sbin/scsi_id -g -u -s /block/%n" #prio_callout "/opt/netapp/santools/mpath_prio_ontap /dev/%n" features "1 queue_if_no_path" path_checker readsector0 failback immediate } }/etc/init.d/multipathd start
multipath -ll
restart multipathd
restart iscsi
fdisk /dev/mpath/my-lun0
mkfs.ext3 /dev/mpath/my-lun0p1
mount /dev/mpath/my-lun0p1 /mnt
Testing :
modprobe bonding mode=4 miion=100 xmit_hash_policy=1
ifconfig bond0 192.168.253.101/24 up
ifconfig eth0 down
ifenslave bond0 eth0
ifenslave bond0 eth1
——— sh run ——-
!
interface Port-channel1
description Port channel for RHEL5-Server
switchport access vlan 105
switchport mode access
!
!
interface GigabitEthernet1/0/15
description This port is reversed for RHEL5-Server
switchport access vlan 105
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/16
description This port is reversed for RHEL5-Server
switchport access vlan 105
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
Finalizing :
put in your /etc/modules.conf :
alias bond0 bonding options bond0 mode=4 miimon=100 xmit_hash_policy=1
create ifcfg-bond0 file in /etc/sysconfig/network-scripts directory that looks like this:
DEVICE=bond0
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
All interfaces that are part of the trunk, should have SLAVE and MASTER definitions. For example, in the case of RedHat, if you wish to make eth0 and eth1 (or other interfaces) a part of the bonding interface bond0, their config files (ifcfg-eth0, ifcfg-eth1, etc.) should look like this:
DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
29
Mar
radius - ldap
install freeradius
cd /etc/freeradius - etc/raddb
vi radiusd.conf
ldap {
server = “demo1″
identity = “myaccount”
password = “mypassword”
basedn = “OU=Users,OU=Production,DC=demo,DC=com,DC=vn”
filter = “(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(memberOf=OU=Groups,OU=Production,DC=demo,DC=com,DC=vn))”
#password_attribute = userPassword
# set this to ‘yes’ to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile = /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = “demand”
# default_profile = “cn=radprofile,ou=dialup,o=My Org,c=UA”
# profile_attribute = “radiusProfileDn”
#access_attr = “dialupAccess” <<——– comment this line
# Mapping of RADIUS dictionary attributes to LDAP
Uncomment ldap in authorize and authenticate sessions
vi clients.conf
client 10.100.0.0/24 {
secret = mypassword
shortname = hcm-network-vl100
}
vi users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
radtest user pass 127.0.0.1 0 testing123
29
Mar
httpd - ldap
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
AuthType Basic
AuthBasicProvider ldap
AuthName “DEMO”
AuthLDAPURL “ldap://demo1.demo.com.vn:3268 demo2:3268/DC=demo,DC=com,DC=vn?samAccountName?sub?(objectCategory=person)”
AuthLDAPBindDN demo\myaccount
AuthLDAPBindPassword mypassword
Require ldap-group OU=Groups,OU=Production,DC=demo,DC=com,DC=vn