Category Archives: Linux

ubuntu17.10にdocker-ceをインストールするメモ

インストール手順
#sudo apt-get update
#sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
#sudo apt-key fingerprint 0EBFCD88

#sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu zesty stable”

#sudo apt-get update
#sudo apt-get install docker-ce

CentOSに自動マウント(mount)を設定する方法

1./etc/rc.local
mount -o acl,grpquota,usrquota,rw,sync /dev/sda5 /mnt/

2./etc/fstab
/dev/sda6 /opt ext3 defaults,rw,acl 0 0
mount -a

3.autofs
1) vim /etc/auto.master
/test /etc/auto.test

2) mkdir /test
touch /etc/auto.test

3) vim /etc/auto.test
disk7 -fstype=ext3,rw :/dev/sda7

4)service autofs restart

テスト
cd /test/disk7
ls /test/disk7
mount
watch -n 1 mount

「CentOS7入門」SSH公開鍵・秘密鍵の作成、転送のコマンド

1.SSH接続
#ssh root@xxx.xxx.xxx.xxx

2.ユーザー追加とパスワード設定
# useradd yamada_user
# passwd yamada_pwd
# usermod -G wheel yamada_user

3.SELinuxをOffに設定
#vim /etc/selinux/config
/etc/selinux/config
SELINUX=enforcing
↓ 修正
SELINUX=disabled

4.sudo権限付与
# visudo
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
↓ コメントアウト外す
%wheel ALL=(ALL) ALL

5.sshdの設定
$ sudo vi /etc/ssh/sshd_config
sshd設定項目
/etc/ssh/sshd_config
#ポート設定
Port 40198

#rootログイン設定
PermitRootLogin no

#鍵認証
RSAAuthentication yes
PubkeyAuthentication yes

PasswordAuthentication yes

6.公開鍵・秘密鍵の作成、転送
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ scp -i /usr/local/src/publickey/ yamada_user@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

「CentOS入門」shell圧縮·解凍コマンド(tar、lha、bz2)のメモ

.tar
書庫化:tar xvf FileName.tar
展開:tar cvf FileName.tar DemoName

.gz
解凍1:gunzip FileName.gz
解凍2:gzip -d FileName.gz
圧縮:gzip FileName

.tar.gz 和 .tgz
解凍:tar zxvf FileName.tar.gz
圧縮:tar zcvf FileName.tar.gz DemoName

.bz2
解凍1:bzip2 -d FileName.bz2
解凍2:bunzip2 FileName.bz2
圧縮: bzip2 -z FileName

.tar.bz2
解凍:tar jxvf FileName.tar.bz2
圧縮:tar jcvf FileName.tar.bz2 DemoName

.Z
解凍:uncompress FileName.Z
圧縮:compress FileName
.tar.Z

解凍:tar Zxvf FileName.tar.Z
圧縮:tar Zcvf FileName.tar.Z DemoName

.zip
解凍:unzip FileName.zip
圧縮:zip FileName.zip DemoName

.rar
解凍:rar x FileName.rar
圧縮:rar a FileName.rar DemoName

.lha
解凍:lha -e FileName.lha
圧縮:lha -a FileName.lha FileName

.rpm
書庫化:rpm2cpio FileName.rpm | cpio -div

.deb
書庫化:ar p FileName.deb data.tar.gz | tar zxf –

ubuntuにmysql pycharm sublimeをインストールするメモ

1.ubuntuにmysqlのインストール
sudo netstat -tap|grep mysql
sudo apt-get install mysql-server
apt-get update

MySQLにログイン
MySQL -u root -p

2.Ubuntuにpycharmのインストール
ダウンロード:
http://www.jetbrains.com/pycharm/download/#section=linux,,
ファイル:pycharm-community-2017.3.3.tar.gz

tar -xvzf pycharm-community-2017.2.3.tar.gz -C~
sh pycharm.sh

3.Ubuntuにsublimeのインストール
sudo add-apt-repository ppa:webupd8team/sublime-text-3
sudo apt-get update
sudo apt-get install sublime-text-installer

sublime起動
subl

sublimeアンインストール
sudo apt-get remove sublime-text-installer

CentOS7にfirewalld の使い方

Firewallのインストール
#yum install firewalld firewalld-config

Firewallでポートを許可
#firewall-cmd –zone=public –add-port=80/tcp –permanent
#firewall-cmd –zone=public –add-port=443/tcp –permanent
#firewall-cmd –zone=public –add-port=22/tcp –permanent
#firewall-cmd –zone=public –add-port=21/tcp –permanent
#firewall-cmd –zone=public –add-port=53/udp –permanent

Firewallでポートを閉じる
#firewall-cmd –zone=public –remove-port=80/tcp –permanent
#firewall-cmd –zone=public –remove-port=443/tcp –permanent
#firewall-cmd –zone=public –remove-port=22/tcp –permanent
#firewall-cmd –zone=public –remove-port=21/tcp –permanent
#firewall-cmd –zone=public –remove-port=53/udp –permanent

Firewallで複数ポートを追加
#firewall-cmd –zone=public –add-port=4400-4600/udp –permanent
#firewall-cmd –zone=public –add-port=4400-4600/tcp –permanent

Firewallを有効する
#systemctl start firewalld.service

Firewallを再起動する
#firewall-cmd –reload 或者 service firewalld restart

ポートリストを確認する
#firewall-cmd –permanent –list-port

ポートを禁止
#systemctl stop firewalld

自動起動を有効
#systemctl enable firewalld

自動起動を無効
sytemctl disable firewalld

ステータスを確認
systemctl status firewalld
firewall-cmd –state

CentOS7にgo1.8.1をインストールするメモ

1.go1.8.1をインストール
$ cd /usr/local/src
$ sudo tar -C /usr/local -xzf go1.8.1.linux-amd64.tar.gz

2.PATHを設定
~/.bash_profile
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
export PATH=$PATH:/usr/local/go/bin

3.hello.go
package main
import “fmt”

func main() {
fmt.Printf(“hello, world\n”)
}

CentOS7にL2TP1.3.6/ipsec3.15 vpn環境を構築するメモ

1.依存パッケージをインストール
#yum install -y make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced man
#yum install xl2tpd
#yum install libreswan

2.ipsec.confの設定
#cat /etc/ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xxx.xxx.xxx.xxx
#xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

3.l2tp_psk.confを作成
#vi /etc/ipsec.d/l2tp_psk.conf
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xxx.xxx.xxx.xxx
#xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

4.ipsec.secretsの作成
# cat /etc/ipsec.secrets
#include /etc/ipsec.d/*.secrets
xxx.xxx.xxx.xxx %any: PSK “123456789”
#xxx.xxx.xxx.xxx

5.sysctl.confの修正
# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_source_route = 0

#sysctl -p

6.ipsecのチェック
# ipsec setup start
# ipsec verify

Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 3.10.0-514.el7.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ens160/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ens192/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking ‘ip’ command [OK]
Checking ‘iptables’ command [OK]
Checking ‘prelink’ command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]

ipsec verify: encountered 5 errors – see ‘man ipsec_verify’ for help

7.ipsecを起動
# systemctl start ipsec
# systemctl enable ipsec

8.xl2tpd.confを修正
# cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = xxx.xxx.xxx.xxx
ipsec saref = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

9.options.xl2tpdの修正
# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
#dns
ms-dns xxx.xxx.88.10
ms-dns xxx.xxx.1.10
#ms-dns 8.8.8.8
ipcp-accept-local
ipcp-accept-remote
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

10.xl2tpdに接続するユーザを作成
# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
lancer * 123 *
#ログインユーザとパスワード

11.xl2tpdの起動
# systemctl start xl2tpd
# systemctl status xl2tpd

CentOS 7.3にMariaDB10.2.8をインストールするメモ

インストールコマンド
#tar xvf mariadb-10.2.8-linux-x86_64.tar.gz -C /usr/local
#cd /usr/local
#ln -s mariadb-10.2.8-linux-x86_64.tar.gz/ mysql

設定ファイルの作成
#cd /usr/local/mysql/support-files
#mkdir /etc/mysql/
#cp my-huge.cnf /etc/mysql/my.cnf /
#vim /etc/mysql/my.cnf
[mysqld]
datadir = /app/mysqldb
innodb_file_per_table = on
skip_name_resolve = on

dbファイルの作成
#cd /usr/local/mysql/
#scripts/mysql_install_db –user=mysql –datadir=/app/mysqldb
#ls /app/mysqldb

logファイルの作成
#mkdir /var/log/mariadb/
#chown mysql /var/log/mariadb/

サービス起動
#cp support-files/mysql.server /etc/init.d/mysqld
#chkconfig –add mysqld
#service mysqld start
#ss -nutl

PATH環境変数を設定
#vim /etc/profile.d/mysql.sh
PATH=/usr/local/mysql/bin:$PATH
# . /etc/profile.d/mysql.sh

mysqlセキュリティスクリプトの実行
#cd /usr/local/mysql
#mysql_secure_installation

#mysql -uroot -ppassword

CentOS7 に nginxをインストールする方法

リポジトリを追加
$ sudo vi /etc/yum.repos.d/nginx.repo
追加内容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=0
enabled=1

nginxをインストール
$ sudo yum install nginx
$ nginx -v
$ sudo systemctl enable nginx
起動
$ sudo systemctl start nginx