08月03, 2017

linux的一些笔记(2)

接上一篇。

更新包软件

sudo yum update && sudo yum upgrade

说明:yum是apt-get的代替品,在centos 7里面不支持apt-get。

安装node

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash

退出,重新进入linux服务器,即可使用nvm

nvm install v6.11.1

当前node LTS的版本为v6.11.1

生成rsa密钥

比如用于代码clone,常见的有github、码云。码云可以建私有仓库,所以我这里就用了码云。

ssh-keygen -t rsa -C "xxxxx@xxxxx.com"

测试有没有成功:

alt

安装mysql

CentOS 7默认搭配的是MariaDB

wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
sudo rpm -ivh mysql-community-release-el7-5.noarch.rpm
#更新yum软件包
yum check-update  

#更新系统 
yum update
 #安装mysql
yum install mysql mysql-server
#启动
systemctl start mysqld

随后就可以用mysql -u root进去了,这里默认密码为空,所以我们最好设置一下密码:

mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpass');

安装mongodb

安装环境及配置yum

# more /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core)

# sudo vi /etc/yum.repos.d/mongodb-org-3.2.repo 
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

安装MongoDB

sudo yum install mongodb-org

启动

/etc/init.d/mongod start

访问

# mongo
MongoDB shell version: 3.2.10
connecting to: test
Server has startup warnings:
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten]
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten]
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-07-31T14:49:30.639+0800 I CONTROL  [initandlisten]
> db.version()
3.2.16

防火墙设置

centOS 7默认的防火墙是firewall,然而我发现它并不好用,一旦我开启它,然后想加port规则时,就会报:

Write failed: Broken pipe

幸好腾讯云有登录的功能(相当于后门),能让我把firewall stop,不然就坑爹了。所以决定试用iptables:

# 关闭firewall
service firewalld stop
systemctl disable firewalld.service #禁止firewall开机启动

# 安装iptables
yum install iptables-services

# 编辑iptables
sudo vi /etc/sysconfig/iptables

# 内容参考

*filter

# allow all connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# allow out traffic
-A OUTPUT -j ACCEPT

# allow http https
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

# allow ssh port login
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8777 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

# ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:" --log-level 7

# drop incoming sensitive connections
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60  --hitcount 15 -j DROP

# reject all other inbound
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# 保存

service iptables start #开启

systemctl enable iptables.service #设置防火墙开机启动

fail2ban

Fail2ban可以根据登录失败次数,自动在防火墙的iptables添加一条规则,防止恶意登录。

# 安装epel-release
yum install epel-release

# 安装Fail2ban
yum install fail2ban

# 启用启用Fail2ban
systemctl enable fail2ban

# 编辑文件
sudo  vim /etc/fail2ban/jail.local

# 内容参考

[DEFAULT]
# 禁止一个IP一小时
bantime = 3600

# 覆写 /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

# 重启fail2ban
systemctl restart fail2ban

参考资料:CentOS 7安装使用Fail2Ban保护SSH

查看文件前几行

head -n 1 a.js  #查看a.js的第一行

查看文件后几行

tail -n 2 a.js #查看a.js的后两行

搜索文件里面的内容

grep 'png' 404.html

压测

ab -n 300 -c 20 https://henry.my-fe.pub/

ab是apache的ab test开源项目

-n,请求数

-c,并发数

传输

scp -P 2463 ./weui.css 用户名@主机IP:~/test_https

-P是表示远程端口号

alt

本文链接:www.my-fe.pub/post/linux-note-2.html

-- EOF --

Comments

评论加载中...

注:如果长时间无法加载,请针对 disq.us | disquscdn.com | disqus.com 启用代理。