Category Archives: Server

CentOS7.2にphp7をインストールする

1.依存パッケージのインストール
#yum install gcc make crul-devel libxslt-devel gd-devel libjpeg-devel libpng libpng-devel libxml2-devel bzip2-devel libcurl-devel –y
#yum -y install libmcrypt-devel mcytpt mhash libxslt-devel

2.libiconvのインストール
#tar xf libiconv-1.14.tar.gz
#cd libiconv-1.14
#./configure –prefix=/usr/lcoal/libiconv
#make && make install

3.php7のインストール
#tar xf php-7.0.0.tar.gz
#cd php-7.0.0/
./configure \
–prefix=/usr/local/php7 \
–with-fpm-user=nginx \
–with-fpm-group=nginx \
–with-bz2 \
–with-curl \
–with-gd \
–with-mcrypt \
–with-openssl \
–with-mhash \
–with-jpeg-dir \
–with-png-dir \
–with-freetype-dir \
–with-iconv-dir=/usr/local/libiconv \
–with-gettext \
–with-libxml-dir \
–with-zlib \
–with-xmlrpc \
–with-pcre-regex \
–with-pear \
–with-pdo-mysql=mysqlnd \
–with-mysql=mysqlnd \
–with-mysqli=mysqlnd \
–with-libdir=lib64 \
–enable-dom \
–enable-xml \
–enable-fpm \
–enable-bcmath \
–enable-ftp \
–enable-sockets \
–disable-ipv6 \
–enable-mbregex \
–enable-mbstring \
–enable-calendar \
–enable-gd-native-ttf \
–enable-static \
–enable-fpm \
–enable-bcmath \
–enable-libxml \
–enable-inline-optimization \
–enable-mbregex \
–enable-opcache \
–enable-pcntl \
–enable-shmop \
–enable-soap \
–enable-sockets \
–enable-sysvsem \

–enable-zip \
#make && make install
4.設定ファイルのコピー
#cp php.ini-production /usr/local/php7/lib/php.ini
#cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf

#cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf

CentOS7.2にWebVirtMgr(KVMをWebブラウザから管理ツール)をインストール

OS環境
CentOS Linux release 7.2.1511 (Core)

1.依存パッケージをインストール
#yum -y install http://dl.Fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
#yum -y install Git Python-pip libvirt-python libxml2-python python-websockify supervisor nginx
#yum -y install gcc python-devel
#pip install numpy

2.webvirtmgr.gitをダウンロード
#mkdir /application/
#cd /application/
#git clone git://github.com/retspen/webvirtmgr.git
#git clone https://github.com/retspen/webvirtmgr.git
3.sqliteのインストール
#cd /application/
#wget http://www.sqlite.org/sqlite-3.5.6.tar.gz
#cd sqlite-3.5.6/
#./configure –disable-tcl
#make
#make install

4.webvirtmgrのインストール
#cd /application/webvirtmgr

### 必要モジュールのインストール
#pip install -r requirements.txt
### 初期設定
./manage.py syncdb

5.webvirtmgrの設定
#mkdir -pv /var/www
#cp -Rv /application/webvirtmgr /var/www/webvirtmgr

###webvirtmgr.confを設定
#vim /etc/nginx/conf.d/webvirtmgr.conf
server {
listen 80 default_server;
server_name $hostname;
#access_log /var/log/nginx/webvirtmgr_access_log;
location /static/ {
root /var/www/webvirtmgr/webvirtmgr;
# or /srv instead of /var
expires max;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $remote_addr;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
client_max_body_size 1024M; # Set higher depending on your needs
}
}
#chown -R nginx:nginx /var/www/webvirtmgr
#vim /etc/supervisord.conf
[program:webvirtmgr]
command=/usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
logfile=/var/log/supervisor/webvirtmgr.log
log_stderr=true
user=nginx

[program:webvirtmgr-console]
command=/usr/bin/python2 /var/www/webvirtmgr/console/webvirtmgr-console
directory=/var/www/webvirtmgr
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/webvirtmgr-console.log
redirect_stderr=true
user=nginx

grep ‘^bind =’ /var/www/webvirtmgr/conf/gunicorn.conf.py
bind = ‘127.0.0.1:8000’

6.nginxの操作
###nginxを再起動
#systemctl restart nginx.service

#vi /etc/nginx/nginx.conf
### 下記部分をコメントアウトする
39 # listen 80 default_server;

#systemctl restart nginx.service
#systemctl start supervisord.service

###バックグラウンド動作する
#nohup /usr/bin/python2 /var/www/webvirtmgr/manage.py run_gunicorn -c /var/www/webvirtmgr/conf/gunicorn.conf.py &

iptablesコマンド–「filterテーブル」「natテーブル」「mangleテーブル」「rawテーブル」の使い方

1. Filterテーブル
パケットの通過や遮断といった制御をします。
# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. NATテーブル
送信先や送信元といったパケットの中身を書き換える際にNATを利用します。
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

3. Mangleテーブル
パケット処理の優先度付けを行い、通信品質を制御する際にMangleを利用します。
# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

4.Rawテーブル
特定の通信をファイアウォールで処理せずに他の機材へ通したりといった経路制御する際にRawを利用します。
# iptables -t raw -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

ubuntuにjdkをインストールするメモ

ファイル解凍
#sudo mkdir /usr/lib/jvm
#sudo tar zxvf jdkxxxxx -C /usr/lib/jvm

環境変数
#sudo gedit /etc/profile
下記を追加
export JAVA_HOME=/usr/lib/jvm/jdkxxx
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH
JDKを設定
#sudo update-alternatives –install /usr/bin/Java java /usr/lib/jvm/jdk1.7.0_67/bin/java 300

jdkコマンドを設定
#sudo update-alternatives –install /usr/bin/javac javac /usr/lib/jvm/jdk1.7.0_67/bin/javac 300

バージョンの確認
#java -version
root@ubuntu:/home/ubuntu/Public# java -version
java version “1.7.0_67”
Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode

検証
#cd home
#mkdir java/code/hello/src java/code/hello/bin
#cd java/code/hello/src
#vi Hello.java
public class Hello{
void static main(String[] args){
System.out.println(“hello”);
}
}

#javac -d ../bin Hello.java
#cd ../bin
java Hello.class
hello

CentOSにnginx起動スクリプトのサンプルコード

nginxコード:
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/nginx/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}

case “$1” in
start)
echo -n “Starting $DESC: ”
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n “$ULIMIT” ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon –start –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \
–exec $DAEMON — $DAEMON_OPTS || true
echo “$NAME.”
;;

stop)
echo -n “Stopping $DESC: ”
start-stop-daemon –stop –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \
–exec $DAEMON || true
echo “$NAME.”
;;

restart|force-reload)
echo -n “Restarting $DESC: ”
start-stop-daemon –stop –quiet –pidfile \
/usr/local/nginx/logs/$NAME.pid –exec $DAEMON || true
sleep 1
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n “$ULIMIT” ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon –start –quiet –pidfile \
/usr/local/nginx/logs/$NAME.pid –exec $DAEMON — $DAEMON_OPTS || true
echo “$NAME.”
;;

reload)
echo -n “Reloading $DESC configuration: ”
test_nginx_config
start-stop-daemon –stop –signal HUP –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \
–exec $DAEMON || true
echo “$NAME.”
;;
configtest|testconfig)
echo -n “Testing $DESC configuration: ”
if test_nginx_config; then
echo “$NAME.”
else
exit $?
fi
;;

status)
status_of_proc -p /usr/local/nginx/logs/$NAME.pid “$DAEMON” nginx && exit 0 || exit $?
;;
*)
echo “Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}” >&2
exit 1
;;
esac

exit 0

UbuntuでPHPをコンパイルする

1.依存パッケージのインストール
#sudo apt-get install libjpeg-dev
#sudo apt-get install libxml2-dev
#sudo apt-get -y install libjpeg-dev
#sudo apt-get install libmcrypt-dev
#sudo apt-get install libpng12-dev
#sudo apt-get -y install libfreetype6-dev
#sudo apt-get install curl libcurl3 libcurl3-dev

2.コンパイル
#sudo ./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php –enable-fpm –with-fpm-user=php-fpm –with-fpm-group=php-fpm –with-mysql=mysqlnd –with-pdo-mysql=mysqlnd –with-mysqli=mysqlnd –with-libxml-dir –with-gd –with-jpeg-dir –with-png-dir –with-freetype-dir –with-iconv-dir –with-zlib-dir –with-mcrypt –enable-soap –enable-gd-native-ttf –enable-ftp –enable-mbstring –enable-exif –disable-ipv6 –with-pear –with-curl –enable-bcmath –enable-mbstring –enable-sockets –with-gd –with-libxml-dir=/usr/local –with-gettext

3.php.iniの修正
#sudo cp php.ini-development /usr/local/php/php.ini
#sudo vim /usr/local/php/php.ini
data.timezone = PRC

4.php-fpmの修正
#cd /usr/local/php/etc
#sudo cp php-fpm.conf.default php-fpm.conf
#vim php-fpm.conf
#pidとエラーログの有効
pid = run/php-fpm.pid
error_log = log/php-fpm.log
user = ttuser
group = ttuser

5.php起動コマンド
#sudo cp -r /usr/local/src/php-5.6.26/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
#sudo mkdir -p /usr/local/php/etc/fpm.d
#sudo chmod +x /etc/init.d/php-fpm

6.php-fpmの起動
#sudo /etc/init.d/php-fpm (start|stop|force-quit|restart|reload|status)

php-fpm自動起動
#sudo apt-get install sysv-rc-conf
#sudo sysv-rc-conf php-fpm on

CentOS6.8にiptablesを使ってSSH(22)、Tomcat(8080)、MySQL(3306)を開放する

開放ポート
SSH(22)、Tomcat(8080)、MySQL(3306)

ファイアウォールの確定
# iptables -L
設定ファイル
/root/bin/iptables.sh
#!/bin/bash

#iptables
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F
iptables -X
iptables -Z

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
iptables -A INPUT -p tcp –dport 3306 -j ACCEPT

service iptables save
service iptables restart

#ip6tables
ip6tables -F INPUT
ip6tables -F OUTPUT
ip6tables -F FORWARD
ip6tables -F
ip6tables -X
ip6tables -Z

ip6tables -P INPUT DROP
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD DROP

ip6tables -A INPUT -p icmp -j ACCEPT
ip6tables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
iptables -A INPUT -p tcp –dport 3306 -j ACCEPT
service ip6tables save
service ip6tables restart
# chmod 755 /root/bin/iptables.sh
# /root/bin/iptables.sh
# vim /etc/sysconfig/iptables

設定ファイルの保存
# /sbin/iptables-save > /etc/sysconfig/iptables

Cacti 0.8.8cダウンロード、ネットワークトラフィックの検出ツール

ダウンロード

  • Gentoo Linux users install Cacti using:

    emerge cacti

  • Debian Linux users install Cacti using:

    apt-get install cacti

  • Fedora Linux users

    yum install cacti

  • SUSE Linux users

    Available in Yast or SUSE media.  Version may not be the latest.

重要なセキュリティ修正

  • CVE-2013-5588 – XSS issue via installer or device editing
  • CVE-2013-5589 – SQL injection vulnerability in device editing
  • CVE-2014-2326 – XSS issue via CDEF editing
  • CVE-2014-2327 – Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 – Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 – XSS issues in multiple files
  • CVE-2014-5025 – XSS issue via data source editing
  • CVE-2014-5026 – XSS issues in multiple files

重要な変更

  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere

releasenotes

WINDOWS でrabbitMQのインストール

1.rabbitMQのダウンロード
http://www.rabbitmq.com/download.html

2.erlangのダウンロード
http://www.erlang.org/download.html

3.RABBITMQのインストール
http://www.rabbitmq.com/install-windows.html

4.「RabbitMQ Service – start」で起動

5.rabbitmq管理ツールのインストール
http://www.rabbitmq.com/management.html

cd C:\RabbitMQ Server\rabbitmq_server-3.2.2\sbin
rabbitmq-plugins enable rabbitmq_management

6.http://localhost:15672でログインする
アカウント:guest
パスワード:guest

FTPサーバー(PureFTPd)でユーザがアップロード権限のみを与える

修正ファイル:

pure-ftpd.conf

修正前:

# Allow users to resume and upload files, but *NOT* to delete them.
KeepAllFiles no
# Set to ‘yes’ if you don’t want your users to rename files.
NoRename no

修正後:

# Allow users to resume and upload files, but *NOT* to delete them.
KeepAllFiles yes
# Set to ‘yes’ if you don’t want your users to rename files.
NoRename  yes

pure-ftpdが再起動する

1 / 612345...最後 »