Category Archives: Linux

UbuntuでSSHサービスをインストールする

コマンド:
$sudo apt-get install openssh-server

「ubuntu入門」ubuntu 12.04でSVN(Subversion)サーバーをインストール

1.インストールコマンド
sudo apt-get update
sudo apt-get install subversion

2.プロジェクトディレクトリを作成
sudo mkdir /home/svn
sudo mkdir /home/svn/project_startnews24
sudo chmod -R 777 /home/svn/project_startnews24/

3.svn倉庫を作成
sudo svnadmin create /home/svn/project_startnews24

4.svnサーバーを起動
svnserve -d -r /home/svn
-d デーモンプロセスモデルで実行
-r ルートファイルシステムの場所を指定

5.テスト
svn://serverP/project_startnews24

「ubuntu入門」Ubuntuでファイアウォールufwをインストール、設定する

1.インストール
$ sudo apt-get install ufw

2.ファイアウォール有効
$ sudo ufw enable

3.デフォルトのポリシーを設定
$ sudo ufw default allow|deny

操作コマンド:
$ sudo ufw enable
$ sudo ufw default deny

4.ログオプションを切り替える
$ sudo ufw logging on|off

5.ファイアウォールとポートのリスナーステートフルを表示
$ sudo ufw status
devadm@startnews24:~$ sudo ufw status
Status: active
To Action From
— —— —-
22/tcp ALLOW Anywhere
139/tcp ALLOW Anywhere
445/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere (v6)
139/tcp ALLOW Anywhere (v6)
445/tcp ALLOW Anywhere (v6)
devadm@startnews24:~$

6.外部IPからアクセスの許可/遮断
$ sudo ufw allow|deny [サービス]
または
$ sudo ufw allow|deny [ポート/プロトコル]

$ sudo ufw allow smtp すべての外部IPからローカルsmtpを訪問するのを許可(ポート25)
$ sudo ufw allow 22/tcp すべての外部IPからローカルtcpを訪問するのを許可(SSH)
$ sudo ufw allow 53  すべての外部IPからローカルtcp/udポート53を訪問するのを許可(DNS)
$ sudo ufw deny smtp 外部IPからローカルsmtpを訪問するのを拒否
$ sudo ufw deny 80/tcp 外部IPからローカルtcp80を訪問するのを拒否(wwwサービス)
$ sudo ufw delete allow smtp allow smtpのルールを削除
$ sudo ufw allow from 192.168.1.100 特定IPからローカルのポートを訪問するのを許可
$ sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53

ディスク競合を避けるためにdatafileの「I/O」問題をクエリする

クエリ方法1:
col File_Name format a40
select
df.name File_Name,
fs.phyrds Reads,
fs.phywrts Writes,
(fs.readtim/decode(fs.phyrds,0,-1,fs.phyrds)) Read_Time,
(fs.writetim/decode(fs.phywrts,0,-1,fs.phywrts)) Write_Time
from
v$datafile df,
v$filestat fs
where df.file#=fs.file#
order by df.name;

クエリ方法2:
col NAME for a50
select name,phyrds,phywrts,readtim,writetim
from v$filestat a,v$dbfile b
where a.file# = b.file#
order by readtim desc;

Linuxでvimコマンドまとめ

コマンド アクション Notes
vim file +54 open file and go to line 54 any : command can be run using + on command line
vim -O file1 file2 open file1 and file2 side by side
Insert enter insert mode so you can start typing. Alternatively one can use i ora.
Esc leave insert mode so you can issue commands. Note in VIM the cursor keys & {Home, End, Page{up,down}} and Delete and Backspace work as expected in any mode, so you don’t need to go back to command mode nearly as much as the origonal vi. Note even Ctrl+{left,right} jumps words like most other editors. Note also Ctrl+[ and Ctrl+c are equivalent to Esc and may be easier to type. Also Ctrl+o in insert mode will switch to normal mode for one command only and automatically switch back.
:command runs named command
:help word shows help on word Typing Ctrl+d after word shows all entries containing word
:echo &word shows value of word
windows
:e set buffer for current window you can optionally specify a new file or existing buffer number (#3 for e.g.). Note if you specify a directory a file browser is started. E.g. :e . will start the browser in the current directory (which can be changed with the :cd command).
:sp new window above ditto
:vs new window to left ditto
:q close current window
:qa close all windows add trailing ! to force
Ctrl+w {left,right,up,down} move to window
Ctrl+w Ctrl+w toggle window focus
Ctrl+w = autosize windows to new terminal size for e.g.
:ba new window for all buffers “:vert ba” tiles windows vertically
buffers
:ls list buffers
gf open file under cursor
:bd delete buffer and any associated windows
:w save file Note :up[date] only writes file if changes made, but it’s more awkward to type
:sav filename save file as filename Note :w filename doesn’t switch to new file. Subsequent edits/saves happen to existing file
undo/redo
u undo
Ctrl+r redo
. repeat
navigation
gg Goto start of file
G Goto end of file
:54 Goto line 54
80| Goto column 80
Ctrl+g Show file info including your position in the file
ga Show character info g8 shows UTF8 encoding
Ctrl+e scroll up Ctrl+x needed first for insert mode
Ctrl+y scroll down Ctrl+x needed first for insert mode
zt scroll current line to top of window
w Goto next word Note Ctrl+{right} in newer vims (which work also in insert mode)
b Goto previous word Note Ctrl+{left} in newer vims
[{ Goto previous { of current scope
% Goto matching #if #else,{},(),[],/* */ must be one on line
zi toggle folds on/off
bookmarks
m {a-z} mark position as {a-z} E.g. m a
‘ {a-z} move to position {a-z} E.g. ‘ a
‘ ‘ move to previous position
‘0 open previous file handy after starting vim
selection/whitespace
v select visually use cursor keys, home, end etc.
Shift+v line select CTRL+v = column select
Delete cut selection
“_x delete selection without updating the clipboard or yank buffer. I remap x to this in my .vimrc
y copy selection
p paste (after cursor) P is paste before cursor
“Ay append selected lines to register a use lowercase a to initialise register
“ap paste contents of a
gq reformat selection justifies text and is useful with :set textwidth=70 (80 is default)
= reindent selection very useful to fix indentation for c code
> indent section useful with Shift+v%
< unindent section remember . to repeat and u to undo
:set list! toggle visible whitespace See also listchars in my .vimrc
clipboard shortcuts
dd cut current line
yy copy current line
D cut to end of line
y$ copy to end of line
search/replace
/regexp searches forwards for regexp ? reverses direction
n repeat previous search N reverses direction
* searches forward for word under cursor # reverses direction
:%s/1/2/gc search for regexp 1 and replace with 2 in file c = confirm change
:s/1/2/g search for regexp 1 and replace with 2 in (visual) selection
programming
K lookup word under cursor in man pages 2K means lookup in section 2
:make run make in current directory
Ctrl+] jump to tag Ctrl+t to jump back levels. I map these to Alt+⇦⇨ in my .vimrc
vim -t name Start editing where name is defined
Ctrl+{n,p} scroll forward,back through autocompletions for word before cursor uses words in current file (and included files) by default. You can change to a dictionary for e.g: set complete=k/usr/share/dicts/words Note only works in insert mode
Ctrl+x Ctrl+o scroll through language specific completions for text before cursor “Intellisense” for vim (7 & later). :help compl-omni for more info. Useful for python, css, javascript, ctags, … Note only works in insert mode
external filters
:%!filter put whole file through filter
:!filter put (visual) selection through filter
:,!command replace current line with command output
map <f9> :w<CR>:!python %<CR> run current file with external program

転載元 http://www.pixelbeat.org/vim.tips.html

「”can’t initialize iptables table `nat’: Table does not exist」の対策

1.OpenVZ vzctl 4.7をインストールする時、下記のメッセージが表示される
エラーメッセージ:
iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do
Perhaps iptables or your kernel needs to be upgraded.

2.lsmodeで確認
[root@localhost ~]# lsmod | grep nat
nf_nat_ftp 3523 0
nf_conntrack_ftp 12929 1 nf_nat_ftp
iptable_nat 6302 0
nf_nat 23213 4 vzrst,ipt_REDIRECT,nf_nat_ftp,iptable_nat
nf_conntrack_ipv4 9946 4 iptable_nat,nf_nat
nf_conntrack 80281 8 vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
ip_tables 18119 3 iptable_mangle,iptable_filter,iptable_nat
3.解決対策:
vim /etc/modprobe.d/openvz.conf
修正前
options nf_conntrack ip_conntrack_disable_ve0=0
4.システム起動
[root@localhost ~]# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

LinuxでHostNameとDNSDomainを操作する

1.RHEL OS
vim /etc/sysconfig/network
HOSTNAME=server.domain.com

/etc/hosts
IP server.domain.com server

hostname server.domain.com
service network restart
2.Debian OS
vim /etc/hostname
server

vim /etc/hosts
IP server.domain.com server

/etc/init.d/hostname.sh

Linux サーバー管理の注意事項まとめ

1.システム再起動
shutdown -h now NG
reboot OK
2. rm -rf を出来る限りに使わない

3.iptablesを有効

/sbin/iptables -A INPUT -m state –stateNEW -m tcp -p tcp –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -m state –stateNEW -m tcp -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state –stateNEW -m tcp -p tcp –dport 3306 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
/etc/init.d/iptables status
iptables –L –n  //ファイアウォールルールを確認

4.selinuxを無効にする
getenforce
vim /etc/sysconfig/selinux
変更:
SELINUX=disabled
SELINUXTYPE=targeted

5.「getconf LONG_BIT」と「lsb_release -a」
[root@ip-172-31-27-223 ~]# lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final

[root@ip-172-31-27-223 ~]# getconf LONG_BIT
64
6.「mysql,nginx,php」などHost名として保存することNG
例 ps –ef|grep nginxで実行したら誤操作をする可能性がある

7.サーバー時間同期
yum install ntp
/etc/rc.d/init.d/ntpd start
ntpdate 133.100.8.2
crontab –e:
*/1 * * * root /usr/sbin/ntpdate 133.100.8.2 >/dev/null 2>&1
/etc/init.d/crond restart

8.ファイアウォールUDPポート123を開放してiptableサービスを動いている

9.設定ファイルを修正する前に必ずバックアップしてください

 

zabbixを利用して、複数のnginxのアクティブコネクション数を監視する方法

1.システム要件:
lnmp環境 3台nginx

2.nginx serverの設定ファイルにstatusモジュールを配置

location /ngst{
stub_status on;
access_log off;
allow 127.0.0.1;
allow xxx.xxx.xxx.xxx;
deny all;
}
3.nginx-statusの値を取得するスクリプト
#!/bin/bash
#HOST=ifconfig eth0 | sed -n '/inet /{s/.*addr://;s/ .*//;p}'
HOST=”192.168.103.2″
PORT=”8898″
function active {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| grep ‘Active’ | awk
‘{print $NF}’
}
function reading {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| grep ‘Reading’ |
awk ‘{print $2}’
}
function writing {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| grep ‘Writing’ |
awk ‘{print $4}’
}
function waiting {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| grep ‘Waiting’ |
awk ‘{print $6}’
}
function accepts {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| awk NR==3 | awk
‘{print $1}’
}
function handled {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| awk NR==3 | awk
‘{print $2}’
}
function requests {
/usr/bin/curl “http://$HOST:$PORT/nginx-status/” 2>/dev/null| awk NR==3 | awk
‘{print $3}’
}
# Run the requested function
$1

4.nginx-statusのテスト
/usr/bin/curl “http://192.168.103.2:8898/nginx-status/”
Active connections: 2
server accepts handled requests
1968 1968 3907
Reading: 0 Writing: 1 Waiting: 1

5.「zabbix_agentd.conf」の設定を変更
/etc/zabbix/zabbix_agentd.conf
UserParameter=nginx.accepts,/home/zabbix/nginx-status.sh accepts
UserParameter=nginx.handled,/home/zabbix/nginx-status.sh handled
UserParameter=nginx.requests,/home/zabbix/nginx-status.sh requests
UserParameter=nginx.connections.active,/home/zabbix/nginx-status.sh active
UserParameter=nginx.connections.reading,/home/zabbix/nginx-status.sh reading
UserParameter=nginx.connections.writing,/home/zabbix/nginx-status.sh writing
UserParameter=nginx.connections.waiting,/home/zabbix/nginx-status.sh waiting

iptablesの設定練習 第四章 ローカルPing許可、外部ping拒否

1.説明:
ローカルから別のホストをping操作許可、他のホストからpingを拒否

コマンド:
# iptables -A INPUT -d 172.16.103.1 -p icmp –icmp-type 0 -j ACCEPT
# iptables -A OUTPUT -s 172.16.103.1 -p icmp –icmp-type 8 -j ACCEPT

2.説明:
すべてのTCPフラグ1および0のパケットがローカルにアクセスを拒否
コマンド
# iptables -A INPUT -d 172.16.103.1 -p tcp –tcp-flags all all -j DROP
# iptables -A INPUT -d 172.16.103.1 -p tcp –tcp-flags all none -j DROP

3.デフォルトのポリシーを設定
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP