Category Archives: Linux

CentOS7にfirewalld の使い方

Firewallのインストール
#yum install firewalld firewalld-config

Firewallでポートを許可
#firewall-cmd –zone=public –add-port=80/tcp –permanent
#firewall-cmd –zone=public –add-port=443/tcp –permanent
#firewall-cmd –zone=public –add-port=22/tcp –permanent
#firewall-cmd –zone=public –add-port=21/tcp –permanent
#firewall-cmd –zone=public –add-port=53/udp –permanent

Firewallでポートを閉じる
#firewall-cmd –zone=public –remove-port=80/tcp –permanent
#firewall-cmd –zone=public –remove-port=443/tcp –permanent
#firewall-cmd –zone=public –remove-port=22/tcp –permanent
#firewall-cmd –zone=public –remove-port=21/tcp –permanent
#firewall-cmd –zone=public –remove-port=53/udp –permanent

Firewallで複数ポートを追加
#firewall-cmd –zone=public –add-port=4400-4600/udp –permanent
#firewall-cmd –zone=public –add-port=4400-4600/tcp –permanent

Firewallを有効する
#systemctl start firewalld.service

Firewallを再起動する
#firewall-cmd –reload 或者 service firewalld restart

ポートリストを確認する
#firewall-cmd –permanent –list-port

ポートを禁止
#systemctl stop firewalld

自動起動を有効
#systemctl enable firewalld

自動起動を無効
sytemctl disable firewalld

ステータスを確認
systemctl status firewalld
firewall-cmd –state

CentOS7にgo1.8.1をインストールするメモ

1.go1.8.1をインストール
$ cd /usr/local/src
$ sudo tar -C /usr/local -xzf go1.8.1.linux-amd64.tar.gz

2.PATHを設定
~/.bash_profile
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
export PATH=$PATH:/usr/local/go/bin

3.hello.go
package main
import “fmt”

func main() {
fmt.Printf(“hello, world\n”)
}

CentOS7にL2TP1.3.6/ipsec3.15 vpn環境を構築するメモ

1.依存パッケージをインストール
#yum install -y make gcc gmp-devel xmlto bison flex xmlto libpcap-devel lsof vim-enhanced man
#yum install xl2tpd
#yum install libreswan

2.ipsec.confの設定
#cat /etc/ipsec.conf
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xxx.xxx.xxx.xxx
#xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

3.l2tp_psk.confを作成
#vi /etc/ipsec.d/l2tp_psk.conf
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
dpddelay=30
dpdtimeout=120
dpdaction=clear
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xxx.xxx.xxx.xxx
#xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

4.ipsec.secretsの作成
# cat /etc/ipsec.secrets
#include /etc/ipsec.d/*.secrets
xxx.xxx.xxx.xxx %any: PSK “123456789”
#xxx.xxx.xxx.xxx

5.sysctl.confの修正
# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_source_route = 0

#sysctl -p

6.ipsecのチェック
# ipsec setup start
# ipsec verify

Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.15 (netkey) on 3.10.0-514.el7.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ens160/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/ens192/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking ‘ip’ command [OK]
Checking ‘iptables’ command [OK]
Checking ‘prelink’ command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]

ipsec verify: encountered 5 errors – see ‘man ipsec_verify’ for help

7.ipsecを起動
# systemctl start ipsec
# systemctl enable ipsec

8.xl2tpd.confを修正
# cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = xxx.xxx.xxx.xxx
ipsec saref = yes
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

9.options.xl2tpdの修正
# cat /etc/ppp/options.xl2tpd
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
#dns
ms-dns xxx.xxx.88.10
ms-dns xxx.xxx.1.10
#ms-dns 8.8.8.8
ipcp-accept-local
ipcp-accept-remote
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

10.xl2tpdに接続するユーザを作成
# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
lancer * 123 *
#ログインユーザとパスワード

11.xl2tpdの起動
# systemctl start xl2tpd
# systemctl status xl2tpd

CentOS 7.3にMariaDB10.2.8をインストールするメモ

インストールコマンド
#tar xvf mariadb-10.2.8-linux-x86_64.tar.gz -C /usr/local
#cd /usr/local
#ln -s mariadb-10.2.8-linux-x86_64.tar.gz/ mysql

設定ファイルの作成
#cd /usr/local/mysql/support-files
#mkdir /etc/mysql/
#cp my-huge.cnf /etc/mysql/my.cnf /
#vim /etc/mysql/my.cnf
[mysqld]
datadir = /app/mysqldb
innodb_file_per_table = on
skip_name_resolve = on

dbファイルの作成
#cd /usr/local/mysql/
#scripts/mysql_install_db –user=mysql –datadir=/app/mysqldb
#ls /app/mysqldb

logファイルの作成
#mkdir /var/log/mariadb/
#chown mysql /var/log/mariadb/

サービス起動
#cp support-files/mysql.server /etc/init.d/mysqld
#chkconfig –add mysqld
#service mysqld start
#ss -nutl

PATH環境変数を設定
#vim /etc/profile.d/mysql.sh
PATH=/usr/local/mysql/bin:$PATH
# . /etc/profile.d/mysql.sh

mysqlセキュリティスクリプトの実行
#cd /usr/local/mysql
#mysql_secure_installation

#mysql -uroot -ppassword

CentOS7 に nginxをインストールする方法

リポジトリを追加
$ sudo vi /etc/yum.repos.d/nginx.repo
追加内容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=0
enabled=1

nginxをインストール
$ sudo yum install nginx
$ nginx -v
$ sudo systemctl enable nginx
起動
$ sudo systemctl start nginx

プロセス管理ツールSupervisorのインストール方法

1.supervisorのインストール
#wget https://pypi.python.org/packages/80/37/964c0d53cbd328796b1aeb7abea4c0f7b0e8c7197ea9b0b9967b7d004def/supervisor-3.3.1.tar.gz

#tar zxf supervisor-3.3.1.tar.gz
#cd supervisor-3.3.1
#python setup.py install

2.supervisorの設定
#mkdir /etc/supervisor
#echo_supervisord_conf > /etc/supervisor/supervisord.conf

[unix_http_server]
file=/tmp/supervisor.sock
;chmod=0700
;chown=nobody:nogroup
;[inet_http_server]
;port=127.0.0.1:9001
;username=user
;password=123

[supervisord]
logfile=/tmp/supervisord.log
logfile_maxbytes=50MB
logfile_backups=10
loglevel=info
pidfile=/tmp/supervisord.pid
nodaemon=false
minfds=1024
minprocs=200

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock
;serverurl=http://127.0.0.1:9001

[program:xx]
command=/opt/apache-tomcat-8.0.35/bin/catalina.sh run
autostart=true
startsecs=10
autorestart=true
startretries=3
user=tomcat
priority=999
redirect_stderr=true
stdout_logfile_maxbytes=20MB
stdout_logfile_backups = 20

stdout_logfile=/opt/apache-tomcat-8.0.35/logs/catalina.out
stopasgroup=false
killasgroup=false
[include]
files = relative/directory/*.ini

3.管理プロセス
#mkdir /etc/supervisor/config.d
#vim /etc/supervisor/supervisord.conf
例 [include]
files = /etc/supervisor/config.d/*.ini

[program:tomcat]
command=/opt/apache-tomcat-8.0.35/bin/catalina.sh run
stdout_logfile=/opt/apache-tomcat-8.0.35/logs/catalina.out
autostart=true
autorestart=true
startsecs=5
priority=1
stopasgroup=true
killasgroup=true

4.Supervisorの起動
#supervisord -c /etc/supervisor/supervisord.conf

CentOS7にMongoDBをインストールするメモ

#vim /etc/yum.repos.d/mongodb-org-3.0.repo
追記
[mongodb-org-3.0]
name=MongoDB Repository
baseurl=http://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1

インストール
#yum install mongodb-org

起動
#systemctl start mongod

停止
#systemctl stop mongod

自動起動
#chkconfig mongod on

CentOS7にphp7をインストールする方法

1.yumのリポジトリにepelとremiを追加
$ sudo yum -y install epel-release

$ wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
$ sudo rpm -ivh ./remi-release-7.rpm

2.php7のインストール
$ sudo yum install –enablerepo=remi,remi-php70 php php-devel php-mbstring php-pdo php-gd

$ sudo yum install –enablerepo=remi,remi-php70 php-mysqlnd

CentOS 7にMariaDBをインストールする方法

1.リポジトリを追加
/etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

2.MariaDBのインストール
$ sudo yum install MariaDB-server MariaDB-client

3.MariaDBを起動
$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb

4.文字コードutf8を設定
$ sudo cp -p /usr/share/mysql/my-small.cnf /etc/my.cnf.d/server.cnf
/etc/my.cnf.d/server.cnf
[client]
default-character-set = utf8

[mysqld]
character-set-server = utf8

5.初期設定
$ sudo /usr/bin/mysql_secure_installation

CentOS6.xにnginxをインストールするメモ

1.リポジトリファイルの設定
# touch /etc/yum.repos.d/nginx.repo
# vim /etc/yum.repos.d/nginx.repo

設定内容
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2.yumでインストール
# yum install nginx
# /etc/init.d/nginx start