echo "flow8" > /etc/hostname hostname -F /etc/hostname
echo "106.187.35.226 flow8.net flow8" >> /etc/hosts
sudo apt-get install -y exim4 gem install bundler
[apc] apc.enabled = 1 apc.shm_segments = 1 apc.shm_size = 64M apc.optimization = 0 apc.num_files_hint = 1000 apc.ttl = 0 apc.gc_ttl = 3600 apc.cache_by_default = On apc.slam_defense = 0 apc.file_update_protection = 2 apc.enable_cli = 0 apc.stat=0
vi /etc/ssh/sshd_config PasswordAuthentication no PermitRootLogin no
dpkg-reconfigure tzdata
apt-get update apt-get upgrade --show-upgraded
apt-get install language-pack-en language-pack-en-base language-pack-zh-hans language-pack-zh-hans-base language-selector language-selector-common -y
sudo nano /etc/environment 在文件PATH后添加以下内容
LC_CTYPE="zh_CN.UTF-8" LANG="zh_CN.UTF-8" LC_ALL=C
sudo dpkg-reconfigure locales
apt-get install module-assistant build-essential fakeroot dh-make debconf linux-libc-dev dkms libpcre3-dev libbz2-dev libreadline-dev libssl-dev gettext libaio-dev libncurses5-dev libaio-dev libaio1 libaio1-dbg libsnmp-dev autoconf snmp snmpd libsasl2-dev curl git-core python-software-properties libssl-dev libreadline6-dev libyaml-dev libpng++-dev libjpeg62-dev libfreetype6-dev libmcrypt-dev libxml2-dev libmhash-dev mcrypt libopenipmi-dev libgsnmp0-dev libssl-dev zlib1g-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev checkinstall libicu-dev python-setuptools libxslt-dev liblua5.1-0-dev libcurl4-openssl-dev liblua5.1-orbit-dev software-properties-common dstat iftop nmap sysstat cmake vim python-docutils zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev openssh-server redis-server checkinstall libxml2-dev libxslt1-dev libcurl4-openssl-dev libicu-dev libxpm-dev unzip perl alien lsof wget curl htop sysstat tree vnstat iptraf iperf nload ipcalc dstat iftop ntp valgrind -y
wget http://www.canonware.com/download/jemalloc/jemalloc-3.6.0.tar.bz2
wget http://ftp.exim.llorien.org/pcre/pcre-8.35.tar.gz
wget https://git-core.googlecode.com/files/git-1.8.5.tar.gz
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz
scons sun-java6-bin
aptitude install ntp ntpudate # install ntp, ntpudate
ntpudate 3.cn.pool.ntp.org \ # set time
2.cn.pool.ntp.org
1.cn.pool.ntp.org
adduser --system --no-create-home --disabled-login --disabled-password --group www
adduser --system --no-create-home --disabled-login --disabled-password --group mysql
adduser --system --group --shell /bin/bash --home /home/fire9 fire9
wget -O init-deb.sh http://library.linode.com/assets/1131-init-deb.shmv init-deb.sh /etc/init.d/nginxchmod +x /etc/init.d/nginx /usr/sbin/update-rc.d -f nginx defaults
/etc/iptables.firewall.rules
*filter# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0-A INPUT -i lo -j ACCEPT-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT# Accept all established inbound connections-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT# Allow all outbound traffic - you can modify this to only allow certain traffic-A OUTPUT -j ACCEPT# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).-A INPUT -p tcp --dport 80 -j ACCEPT-A INPUT -p tcp --dport 443 -j ACCEPT# Allow SSH connections## The -dport number should be the same port number you set in sshd_config#-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT# Allow ping-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT# Log iptables denied calls-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7# Reject all other inbound - default deny unless explicitly allowed policy-A INPUT -j REJECT -A FORWARD -j REJECT
COMMIT
iptables-restore < /etc/iptables.firewall.rules
iptables -L
vi /etc/network/if-pre-up.d/firewall
#!/bin/sh /sbin/iptables-restore < /etc/iptables.firewall.rules
Fail2Ban is an application that prevents dictionary attacks on your server. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker's IP address. Attempted logins can be monitored on a variety of protocols, including SSH, HTTP, and SMTP. By default, Fail2Ban monitors SSH only. Here's how to install and configure Fail2Ban:
Install Fail2Ban by entering the following command: sudo apt-get install fail2ban 2. Configure the Fail2Ban preferences by entering the following command: sudo nano /etc/fail2ban/jail.conf 3. If you have a static IP address in your home or office, enter it next to the ignoreip variable so Fail2Ban knows to ignore it. You can enter multiple IP addresses separated by spaces. 4. Set the bantime variable to specify how long (in seconds) bans should last. 5. Set the maxretry variable to specify the default number of tries a connection may be attempted before an attacker's IP address is banned. 6. Press Control-x and then press y to save the changes to the Fail2Ban configuration file.
Fail2Ban is now installed and running on your Linode. It will monitor your log files for failed login attempts. After an IP address has exceeded the maximum number of authentication attempts, it will be blocked at the network level and the event will be logged in /var/log/fail2ban.log
.
/etc/network/if-pre-up.d/firewall /etc/network/if-pre-up.d/firewall /etc/network/if-pre-up.d/firewall
update-alternatives --install /usr/bin/java java /data/apps/jdk1.6.0_32/bin/java 300
update-alternatives --install /usr/bin/javac javac /data/apps/jdk1.6.0_32/bin/javac 300 update-alternatives --config java
export JAVA_HOME=/opt/jdk1.6.0_41 export PATH=$PATH:/opt/jdk1.6.0_41bin:/opt/jdk1.6.0_41/jre/bin export CLASSPATH="./:/opt/jdk1.6.0_41/lib:/opt/jdk1.6.0_41/jre/lib" export LD_LIBRARY_PATH=/opt/jdk1.6.0_41/jre/lib/amd64:/opt/jdk1.6.0_41/jre/lib/amd64/server
update-alternatives --install /usr/bin/java java /opt/jdk1.6.0_32/bin/java 300 update-alternatives --install /usr/bin/javac javac /opt/jdk1.6.0_32/bin/javac 300 update-alternatives --config java
$ sudo vi /etc/modprobe.d/aliases 注释 alias net-pf-10 ipv6 $ sudo vi /etc/modprobe.d/blacklist 加入 blacklist ipv6
cat /proc/modules
lsmod modinfo raid0
modprobe -c modprobe -l modprobe -r rmmod insmod
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu precise main'
sudo apt-get update sudo apt-get install mariadb-server-5.5 mariadb-client-5.5 libmariadbclient-dev
dpkg-reconfigure mysql-server-5.0
dpkg-reconfigure exim4-config
sudo apt-add-repository ppa:chris-lea/node.js sudo apt-get update sudo apt-get install nodejs
sudo ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /lib/libssl.so.6 sudo ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /lib/libcrypto.so.6
easy_install ipython bpython pexpect MySQL-python requests
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p484.tar.gz tar zxvf ruby-1.9.3-p484.tar.gz cd ruby-1.9.3-p484 ./configure make make install
gem update --system
gem install bundler
wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.1.tar.gz tar zxvf libunwind-1.1.tar.gz cd libunwind-1.1 CFLAGS=-fPIC ./configure make CLFAGS=-fPIC make CLFAGS=-fPIC install cd ..
wget http://gperftools.googlecode.com/files/gperftools-2.1.tar.gz tar zxvf gperftools-2.1.tar.gz cd gperftools-2.1 ./configure --enable-frame-pointers make && make install cd .. echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf /sbin/ldconfig
mkdir /tmp/tcmalloc chmod 0777 /tmp/tcmalloc 修改/usr/local/nginx/conf/ncing.conf
tar zxvf php-5.3.22.tar.gz cd php-5.3.22 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-fpm --with-snmp --with-gettext --enable-zend-multibyte --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-snmp --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gd make make install cp php.ini-production /usr/local/php/etc/php.ini cd ..
./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-fpm --with-snmp --with-gettext --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-snmp --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gd --enable-mysqlnd --enable-zip --with-zend-vm=CALL
--with-zend-vm=TYPE --enable-mysqlnd --enable-zip
apt-get install libcloog-ppl0
apt-get install libmagickwand-dev wget http://pecl.php.net/get/imagick-3.0.1.tgz tar zxvf imagick-3.1.2.tgz cd imagick-3.1.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-imagick=/usr/local/imagemagick make make install cd ../
wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz tar zxvf libevent-2.0.21-stable.tar.gz cd libevent-2.0.21-stable/ ./configure make make install
wget http://memcached.googlecode.com/files/memcached-1.4.15.tar.gz tar zxvf memcached-1.4.15.tar.gz cd memcached-1.4.15/ ./configure --enable-64bit --enable-sasl --with-libevent make sudo make install cd ..
tar zxvf libmemecached-1.0.16.tar.gz cd libmemcached-1.0.16 ./configure --prefix=/usr/local/libmemcached --enable-silent-rules --enable-libmemcachedprotocol --enable-memaslap --with-mysql=/usr/local/mysql/bin/mysql_config --with-memcached make -j2 make install cd ../
tar zxvf memcache-2.2.7.gz cd memcache-2.2.7 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcache make make install
apt-get install libmemcached-dev libmemcached-tools
tar zxvf memcached-2.1.0.tar.gz cd memcached-2.1.0 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcached --enable-memcached-json --with-libmemcached-dir=/usr/local/libmemcached/
git clone https://github.com/redis/hiredis.git cd hiredis make make install cd ../
git clone https://github.com/nicolasff/php-hiredis.git cd php-hiredis /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-hiredis make make install cd ../
wget https://github.com/eaccelerator/eaccelerator/tarball/master mv master eaccelerator.tar.gz tar zxvf eaccelerator.tar.gz cd eaccelerator/ /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config make && make install
wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz tar -zxvf PDO_MYSQL-1.0.2.tgz cd PDO_MYSQL-1.0.2 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql make make install cd ../
tar zxvf taint-1.2.2.tgz cd taint-1.2.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../
apt-get install libcloog-ppl0 tar zxvf libmemcached-1.0.17.tar.gz cd libmemcached-1.0.17/ ./configure --enable-assert --enable-silent-rules --enable-libmemcachedprotocol --enable-hsieh_hash --enable-memaslap --with-mysql=/usr/local/mysql --with-memcached make make install cd ../
./configure --user=www-data --group=www-data --with-rtsig_module --with-poll_module --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_slice_module --with-http_mp4_module --with-http_gzip_static_module --with-http_concat_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_sysguard_module --with-pcre=/opt/pcre-8.33 --with-http_lua_module --with-http_stub_status_module --with-http_ssl_module --with-jemalloc --add-module=/opt/Modules/ngx_pagespeed --add-module=/opt/Modules/nginx-rtmp-module
#pid logs/nginx.pid; google_perftools_profiles /tmp/tcmalloc;
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db sduo vi /etc/apt/sources.list
deb http://download.nus.edu.sg/mirror/mariadb/repo/5.5/ubuntu precise main deb-src http://download.nus.edu.sg/mirror/mariadb/repo/5.5/ubuntu precise main
sudo apt-get update sudo apt-get install mariadb-server-5.5 mariadb-test.5.5 mariadb-common mariadb-client-5.5 libmariadbclient-dev libmariadbclient18 libmysqlclient18
sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A sduo gpg -a --export CD2EFD2A | sudo apt-key add - sudo vi /etc/apt/source.list deb http://repo.percona.com/apt lucid main deb-src http://repo.percona.com/apt lucid main deb http://repo.percona.com/apt precise main deb-src http://repo.percona.com/apt precise main sudo apt-get install percona-server-client-5.5 percona-server-common-5.5 percona-server-server-5.5 percona-server-test-5.5 percona-toolkit percona-xtrabackup percona-xtrabackup-test xtrabackup
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo vi /etc/apt/sources.list deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen sudo apt-get update sudo apt-get install mongodb-10gen
memory_limit = 256M post_max_size = 32M upload_max_filesize = 16M max_execution_time = 600 max_input_time = 600 date.timezone = UTC
apt-get install python-software-properties apt-get install software-properties-common add-apt-repository ppa:pitti/postgresql apt-get update apt-get -y install postgresql libpq-dev
sudo -u postgres psql # \password # create user blog with password 'secret'; # create database blog_production owner blog; # \q
./configure --enable-libmemcachedprotocol --enable-memaslap --enable-hsieh_hash --with-mysql --with-memcached --with-gearmand
#set java environment
export JAVA_HOME=/opt/jdk1.6.0_41
export CLASSPATH=.:$CLASSPATH:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin
./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcached --enable-memcached-json
./configure --prefix=/usr/local/pureftpd --with-pam --with-cookie --with-throttling --with-ratios --with-ftpwho --with-welcomemsg --with-uploadscript --with-virtualhosts --with-virtualchroot --with-diraliases --with-peruserlimits --with-everything --with-language= english, simplified-chinese, traditional-chinese --with-mysql --with-bonjour
netstat -n | awk '/^tcp/ {++State[$NF]} END { for(i in State) print i, State[i]}' vi /etc/sysctl.conf net.ipv4.tcp_tw_resuse=1 net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_fin_timeout=30 net.ipv4.tcp_keepalive_time=1800 net.ivp4.tcp_max_syn_backlog=8192
netstat -na | grep "SYN_RECV" | wc -l
while [ 1 ];do dd if=/dev/zero of=test_file bs=4k count=20 seek=$RANDOM oflag=sync;done
blktrace /dev/sdb 有IO压力的时候一会儿就可以了,通过ctrl+c停止抓取。 blktrace是需要debugfs支持的,如果系统提示debugfs没有mount,需要先mount上 mount -t debugfs none /sys/kernel/debug 再执行blktrace命令
kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm ppp-2.4.5-23.0.rhel6.x86_64.rpm ppp-devel-2.4.5-23.0.rhel6.x86_64.rpm pptpd-1.3.4-2.el6.x86_64.rpm pptp-release-4-6.rhel6.noarch.rpm
mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock discuz > discuz.sql
mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock wordpress > wordpress.sql
mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock zabbix > zabbix.sql
flush tables; flush logs; reset master; FLUSH TABLES WITH READ LOCK;
slave stop;
change master to master_user='repadmin', master_password='repadmin', master_host='10.147.140.11', master_port = 3320, master_log_file='mysql-bin.000069', master_log_pos=107;
CHANGE MASTER TO MASTER_HOST='localhost', MASTER_PORT=3306, MASTER_USER='repl', MASTER_PASSWORD='1q2w3e4r', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=107; slave start; show slave status\G
sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /usr/local/php/etc/php.ini sed -i 's#output_buffering = Off#output_buffering = On#' /usr/local/php/etc/php.ini sed -i "s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /usr/local/php/etc/php.ini sed -i "s#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g" /usr/local/php/etc/php.ini
mkdir /usr/local/eaccelerator_cache vi /usr/local/php/etc/php.ini
mv /usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.old vi /usr/local/php/etc/php-fpm.conf
fastcgi_param REDIRECT_STATUS 200;
/usr/local/nginx/sbin/nginx
vi /etc/rc.local
ulimit -SHn 65535 /usr/local/php/sbin/php-fpm /usr/local/nginx/sbin/nginx
- ** vi /etc/sysctl.conf **
net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535
- ** /sbin/sysctl -p **
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
#!/bin/bash
logs_path="/usr/local/nginx/logs/"
mkdir -p cat /usr/local/nginx/nginx.pid
crontab -e
00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh
easy_install pygments # support python synatx highilighter
curl -L https://raw.github.com/fesplugas/rbenv-installer/master/bin/rbenv-installer | bash vim .bashrc # add rbenv to the top . .bashrc rbenv bootstrap-ubuntu-12-04 rbenv install 1.9.3-p385 rbenv global 1.9.3-p385 gem install bundler gem install charlock_holmes --version '0.6.9' gem install rake rbenv rehash
add-apt-repository ppa:nginx/stable apt-get update apt-get -y install nginx service nginx start
add-apt-repository ppa:pitti/postgresql apt-get -y update apt-get -y install postgresql libpq-dev sudo -u postgres psql # \password # create user gitlab with password 'dinghao'; # n # \q
sudo adduser \ --system \ --shell /bin/sh \ --gecos 'Git Version Control' \ --group \ --disabled-password \ --home /home/git \ git sudo adduser --disabled-login --gecos 'GitLab' gitlab # Add it to the git group sudo usermod -a -G git gitlab # Generate the SSH key sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
cd /home/git sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite sudo -u gitlab -H ssh git@localhost sudo -u gitlab -H ssh git@gitlab sudo -u gitlab -H bundle install --deployment --without development test mysql git config --global user.name "GitLab" git config --global user.email "gitlab@GitLab"