标签归档:centos7

[centos7]DenyHosts安装配置

Linux

DenyHosts是Python语言写的一个程序软件,运行于Linux上预防SSH暴力破解的,它会分析sshd的日志文件(/var/log/secure),当发现重复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP的功能。

下载地址
https://sourceforge.net/projects/denyhosts/files/
#安装DenyHosts
tar xvzf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
注:测试指定安装目录没用

#默认安装目录
/usr/share/denyhosts
#配置文件
cd /usr/share/denyhosts/
cp denyhosts.cfg-dist denyhosts.cfg
cp daemon-control-dist daemon-control
#启动服务
/usr/share/denyhosts/daemon-control start

[centos7]haproxy安装及配置

Linux

一、下载安装
http://pkgs.fedoraproject.org/repo/pkgs/haproxy/

tar xvzf haproxy-1.5.8.tar.gz
cd haproxy-1.5.8
uname -a //查看linux内核版本
make TARGET=linux26 PREFIX=/usr/local/haproxy
make install PREFIX=/usr/local/haproxy

二、配置haproxy

vim /usr/local/haproxy/haproxy.cfg
global
maxconn 5120
chroot /usr/local/haproxy
uid 99
gid 99
daemon
quiet
nbproc 2
pidfile /usr/local/haproxy/haproxy.pid
defaults
log global
mode http
option httplog
option dontlognull
log 127.0.0.1 local3
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000

listen webinfo :1080
mode http
balance roundrobin
option httpclose
option forwardfor
server phpinfo1 127.0.0.1:1337 check weight 1 minconn 1 maxconn 3 check inter 40000
server phpinfo2 127.0.0.1:80 check weight 1 minconn 1 maxconn 3 check inter 40000

listen webmb :1081
mode http
balance roundrobin
option httpclose
option forwardfor
server webmb1 127.0.0.1:1337 weight 1 minconn 1 maxconn 3 check inter 40000
server webmb2 127.0.0.1:10000 weight 1 minconn 1 maxconn 3 check inter 40000

listen stats :8888
mode http
transparent
stats uri / haproxy-stats
stats realm Haproxy \ statistic
stats auth admin:admin

三,启动haproxy

#启动haproxy
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg

#查看是否启动
[zhangy@BlackGhost haproxy]$ ps -e|grep haproxy
1829 ? 00:00:00 haproxy
1830 ? 00:00:00 haproxy

四,压力测试

[root@BlackGhost haproxy]# /usr/local/bin/webbench -c 100 -t 30 http://localhost:1080/phpinfo.php
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://localhost:1080/phpinfo.php
100 clients, running 30 sec.

Speed=26508 pages/min, 20929384 bytes/sec.
Requests: 13254 susceed, 0 failed.

说明:haproxy监听的端口是1080,代理192.168.18.2:10000,127.0.0.1:10000

统计监听的是8888端口 http://localhost:8888/haproxy-stats

[centos7]postgresql安装、初始化密码、允许远程连接设置

Linux
tar xvzf postgresql-9.6.3.tar.gz
cd postgresql-9.6.3
./configure –prefix=/usr/local/pgsql
make
make install
adduser postgres
mkdir /usr/local/pgsql/data
chown postgres /usr/local/pgsql/data
su – postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
#用户postgres启动
/usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data >logfile 2>&1 &
/usr/local/pgsql/bin/createdb test
/usr/local/pgsql/bin/psql test
#设置初始化密码
bin/psql postgres
\password postgres
#密码登录
./psql -h localhost -U postgres -W
#允许外网ip访问
防火墙增加5432端口访问
vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state –state NEW -m tcp –dport 5432 -j ACCEPT
重启iptables
vim postgresql.conf
listen_addresses = ‘*’
vim pg_hba.conf
增加一行规则
host all all 0.0.0.0/0 trust
#查看版本
select VERSION();
PostgreSQL 9.6.3 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-11), 64-bit

[centos7]yum安装所需软件

Linux

个人习惯:公共软件采用yum安装,其他服务(nginx、php、mysql等)采用自己编译安装!

#安装iptables
yum -y install iptables-services
#安装git(用于下载github上的东西)
yum install git
#nodejs安装异常Node.js configure error: No acceptable C compiler found!

yum install gcc-c++

[centos7]关闭默认防火墙启用iptables防火墙

Linux
CentOS 7.0默认使用的是firewall作为防火墙,使用iptables必须重新设置一下
1、直接关闭防火墙
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
2、设置 iptables service
yum -y install iptables-services
如果要修改防火墙配置,如增加防火墙端口9200
vim /etc/sysconfig/iptables
增加规则
-A INPUT -p tcp -m state –state NEW -m tcp –dport 9200 -j ACCEPT
保存退出后
systemctl restart iptables.service #重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动
最后重启系统使设置生效即可。

[centos7]网络配置及开机启动

Linux
#配置网络
#!/bin/bash
ifconfig ens33 192.168.1.122 netmask 255.255.255.0
ifconfig ens33 up | down //激活,关闭设备ens33
route add default gw 192.168.1.1
将上述命令保存成脚本
/home/yugang/bin/setnet.sh
vim /etc/rc.local
加入/home/yugang/bin/setnet.sh重启
#配置公共域名解析服务DNS
echo “nameserver 8.8.8.8”>> /etc/resolv.conf
ping外网可通即可