Archive for the ‘Linúc ếch bợt’ Category

28
Mar

linux folder monitoring

   Posted by: admin


yum -y install inotify-tools

[root@worker-3 ~]# cat watch.sh

#!/bin/bash

TARGET=/var/log/pods/

inotifywait -m -e create -e moved_to --format "%f" $TARGET \

| while read FILENAME

do

echo Detected path $TARGET file $FILENAME

sleep 5

SUBDIR="`ls ${TARGET}${FILENAME}`"

POD="`echo $FILENAME | cut -d'_' -f 2`"

tail -f ${TARGET}$FILENAME/$SUBDIR/0.log | logger -t "$POD" &

done

[root@worker-3 ~]# cat dwatch.sh

#!/bin/bash

TARGET=/var/log/pods/

inotifywait -m -e delete –format “%f” $TARGET \

| while read FILENAME

do

echo Deleted path $TARGET file $FILENAME

kill `ps ax | grep tail | grep $FILENAME | cut -b 1-6`

done

[root@worker-3 ~]#

27
Oct

fail2ban centos 7

   Posted by: admin

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]

action = %(action_)s

rm jail.d/00-firewalld*

18
May

SYS02 setup env

   Posted by: admin

# yum groupinstall “Development tools”
# yum install epel-release
mariadb.repo
https://downloads.mariadb.org/mariadb/repositories/#mirror=nethub&distro=CentOS&distro_release=centos6-amd64–centos6&version=10.2

#yum install MariaDB-server MariaDB-client MariaDB-devel
# mysql_secure_installation
# For CentOS/RHEL/Scientific Linux 6 i386 or x86_64 #
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
# rpm -ivh remi-release-6.rpm
#yum remove php
#yum remove php-common
yum-config-manager --enable remi-php54
#yum install php php-mysql php-dom php-devel php-snmp re2c
download https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.13
unzip cphalcon-master.zip
#cd build
#./install
===================== radius OTP perl ====================
====================== Devtools2 for CentOS ======================
PHP-CPP
https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY
#wget 'https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY/archive/master.zip'
#unzip php-cpp-master.zip
#cd PHP-CPP-LEGACY-master/
#make; make install
LibSSH
#wget 'https://git.libssh.org/projects/libssh.git/snapshot/master.zip'
download v0.7.5 at https://git.libssh.org/projects/libssh.git/
#mv master.zip libssh-master.zip
#unzip libssh-master.zip
#cd master/build
#cmake -DCMAKE_INSTALL_PREFIX=/usr ..
#make ; make install
CNetconf
https://github.com/CESNET/libnetconf
#wget 'https://github.com/CESNET/libnetconf/archive/master.zip'
https://github.com/CESNET/libnetconf/tree/0.10.x
#mv master.zip netconf-master.zip
#unzip netconf-master.zip
#yum install libxml2-devel libxslt-devel curl-devel
# ./configure --prefix=/usr
#vi src/ssh.c

int strict=0;

ssh_options_set(retval->ssh_sess, SSH_OPTIONS_STRICTHOSTKEYCHECK, &strict);

 case NC_SSH_AUTH_INTERACTIVE:
                        VERB("Keyboard-interactive authentication");
                        break;
#make ; make install
=========== CENTOS 7 ============
install mariadb 5.5 , remi php70 , php-cpp
cnetconf branch 0.10.x not the latest one
========== CENTOS 6 ===============
     cd /root/
     yum -y install epel-release
     yum -y install centos-release-scl
     yum -y install devtoolset-6
     yum -y install MariaDB-server MariaDB-client MariaDB-devel
     /etc/init.d/mysql start
     mysql_secure_installation
     export http_proxy=http://10.103.19.251:3128
     export https_proxy=http://10.103.19.251:3128
     wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
     rpm -ivh remi-release-6.rpm
     yum remove php
     yum remove php-common
     yum-config-manager --enable remi-php54
     yum -y install php php-mysql php-dom php-devel php-snmp re2c
     wget https://github.com/phalcon/cphalcon/archive/phalcon-v2.0.13.tar.gz
     tar -xvf phalcon-v2.0.13.tar.gz
     cd cphalcon-phalcon-v2.0.13/
     cd build/
     ./install
     cd /root/
     wget 'https://github.com/CopernicaMarketingSoftware/PHP-CPP-LEGACY/archive/master.zip'
     mv master.zip PHP-CPP-LEGACY.zip
     unzip PHP-CPP-LEGACY.zip
     cd PHP-CPP-LEGACY-master/
     make
     make install
     ldconfig
     cd /root/
     wget https://git.libssh.org/projects/libssh.git/snapshot/libssh-0.7.5.tar.gz
     tar -xvf libssh-0.7.5.tar.gz
     cd libssh-0.7.5
     mkdir build
     cd build/
     yum -y install cmake
     cmake -DCMAKE_INSTALL_PREFIX=/usr ..
    make
    make install
    ldconfig
    cd /root/
    wget https://github.com/CESNET/libnetconf/archive/0.10.x.zip
    unzip 0.10.x.zip
    cd libnetconf-0.10.x/
    yum -y install libxml2-devel libxslt-devel curl-devel
    ./configure --prefix=/usr
    make
    make install
11
Jan

iscsi multipath

   Posted by: admin

change some settings in /etc/iscsi/iscsid.conf:

node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 10
node.session.timeo.replacement_timeout = 15

/etc/init.d/iscsi start

iscsiadm -m iface -I iface0 –op=new
iscsiadm -m iface -I iface1 –op=new
iscsiadm -m iface -I iface0 –op=update -n iface.hwaddress -v 00:11:22:33:44:55
iscsiadm -m iface -I iface1 –op=update -n iface.hwaddress -v 66:77:88:99:AA:BB

iscsiadm -m discovery -t st -p 10.X.X.X
iscsiadm -m node –loginall=all
iscsiadm -m session

The configuration file (/etc/multipath.conf) is set up by default

devnode_blacklist {
  devnode "^sda$"
  devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
  devnode "^hd[a-z]"
  devnode "^cciss!c[0-9]d[0-9]*"
}
multipaths {
  multipath {
    #get wwid by #multipath -ll
    wwid 360a9800043336a414c3a3954725a7869
    alias  my-lun0
  }

}
devices {
  device {
    vendor  "NETAPP"
    product  "LUN"
    path_grouping_policy  group_by_prio
    getuid_callout  "/sbin/scsi_id -g -u -s /block/%n"
    #prio_callout  "/opt/netapp/santools/mpath_prio_ontap /dev/%n"
    features  "1 queue_if_no_path"
    path_checker  readsector0
    failback  immediate
  }
}

/etc/init.d/multipathd start

multipath -ll
restart multipathd
restart iscsi
fdisk /dev/mpath/my-lun0
mkfs.ext3 /dev/mpath/my-lun0p1
mount /dev/mpath/my-lun0p1 /mnt
16
May

RHEL5 BONDING with 3750 802.3ad

   Posted by: admin

Testing :

modprobe bonding  mode=4 miion=100 xmit_hash_policy=1

ifconfig bond0 192.168.253.101/24 up

ifconfig eth0 down

ifenslave bond0 eth0

ifenslave bond0 eth1

——— sh run ——-

!

interface Port-channel1

description Port channel for RHEL5-Server

switchport access vlan 105

switchport mode access

!

!

interface GigabitEthernet1/0/15

description This port is reversed for RHEL5-Server

switchport access vlan 105

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet1/0/16

description This port is reversed for RHEL5-Server

switchport access vlan 105

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

Finalizing :

put in your /etc/modules.conf :

alias bond0 bonding options bond0 mode=4 miimon=100 xmit_hash_policy=1

create ifcfg-bond0 file in /etc/sysconfig/network-scripts directory that looks like this:
DEVICE=bond0
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
All interfaces that are part of the trunk, should have SLAVE and MASTER definitions. For example, in the case of RedHat, if you wish to make eth0 and eth1 (or other interfaces) a part of the bonding interface bond0, their config files (ifcfg-eth0, ifcfg-eth1, etc.) should look like this:
DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none 

 

29
Mar

radius - ldap

   Posted by: admin

install freeradius

cd /etc/freeradius - etc/raddb

vi radiusd.conf

ldap {

server = “demo1″

identity = “myaccount”

password = “mypassword”

basedn = “OU=Users,OU=Production,DC=demo,DC=com,DC=vn”

filter = “(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(memberOf=OU=Groups,OU=Production,DC=demo,DC=com,DC=vn))”

#password_attribute = userPassword

# set this to ‘yes’ to use TLS encrypted connections

# to the LDAP database by using the StartTLS extended

# operation.

# The StartTLS operation is supposed to be used with normal

# ldap connections instead of using ldaps (port 689) connections

start_tls = no

# tls_cacertfile        = /path/to/cacert.pem

# tls_cacertdir         = /path/to/ca/dir/

# tls_certfile          = /path/to/radius.crt

# tls_keyfile           = /path/to/radius.key

# tls_randfile          = /path/to/rnd

# tls_require_cert      = “demand”

# default_profile = “cn=radprofile,ou=dialup,o=My Org,c=UA”

# profile_attribute = “radiusProfileDn”

#access_attr = “dialupAccess” <<——– comment this line

# Mapping of RADIUS dictionary attributes to LDAP

Uncomment ldap in authorize and authenticate sessions
vi clients.conf
client 10.100.0.0/24 {
secret          = mypassword
shortname       = hcm-network-vl100
}
vi users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
radtest user pass 127.0.0.1 0 testing123
29
Mar

httpd - ldap

   Posted by: admin

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

AuthType Basic
AuthBasicProvider ldap
AuthName “DEMO”
AuthLDAPURL “ldap://demo1.demo.com.vn:3268 demo2:3268/DC=demo,DC=com,DC=vn?samAccountName?sub?(objectCategory=person)”

AuthLDAPBindDN demo\myaccount

AuthLDAPBindPassword mypassword

Require ldap-group OU=Groups,OU=Production,DC=demo,DC=com,DC=vn