CentOS 6.x防火墻

service iptables status #查看防火墻狀態(tài)
chkconfig iptables off #關(guān)閉防火墻

docker

uname -r
sudo yum update
yum -y install docker 或 curl -fsSL https://get.docker.com | bash -s docker --mirror aliyun
sudo systemctl start docker
sudo systemctl enable docker
docker version

docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
mkdir -p /usr/local/docker

MySQL8.0

useradd mysql
passwd mysql
#卸載mariadb
rpm -qa | grep mariadb
rpm -e --nodeps mariadb-libs-5.5.68-1.el7.x86_64
#安裝依賴包
yum install libaio

cd /usr/local/
tar -zxvf mysql-8.0.31-el7-x86_64.tar.gz
mv /usr/local/mysql-8.0.31-el7-x86_64 /usr/local/mysql

mkdir -p /usr/local/mysql/data
chmod -R 777 /usr/local/mysql
chmod -R 777 /usr/local/mysql/data/
chown -R mysql:mysql /usr/local/mysql

/etc/my.cnf

cd /usr/local/mysql/bin
./mysqld --initialize --console
A temporary password is generated for root@localhost: sOOiI3.DmjXb
cd /usr/local/mysql/support-files
./mysql.server start
# ERROR! The server quit without updating PID file
#chmod -R 777 /usr/local/mysql
#chmod -R 777 /usr/local/mysql/data/
#./mysql.server start

cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
service mysqld restart #systemctl restart mysql.service
service mysqld status #systemctl status mysql.service

cd /usr/local/mysql/bin
./mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123456';
use mysql;
update user set user.Host='%' where user.User='root';
flush privileges;

quit
service mysqld restart #systemctl restart mysql.service

#ln -s /usr/local/mysql/bin/mysql /usr/bin

#開機(jī)自啟
chkconfig --add mysqld
chkconfig --list
#chkconfig --level 345 mysqld on
reboot

#systemctl start mysql.service

SNMP

1噩斟、sudo yum install -y net-snmp曹锨，安裝snmp；
2剃允、sudo systemctl enable snmpd， 添加服務(wù)開機(jī)啟動(dòng)；
3斥废、sudo systemctl start snmpd椒楣，啟動(dòng)服務(wù)；
4牡肉、sudo systemctl status snmpd捧灰，查看服務(wù)狀態(tài)；
5统锤、sudo vim /etc/snmp/snmpd.conf毛俏，編輯snmpd服務(wù)配置，
com2sec notConfigUser default public
改為
com2sec notConfigUser 192.168.20.32 public饲窿，允許ip為192.168.20.32的 管理主機(jī)如zabbix 訪問 社區(qū)名稱為 public
com2sec notConfigUser 127.0.0.1 public煌寇，允許本機(jī)訪問用于測試 社區(qū)名稱為 public

#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included   .1

6、sudo systemctl restart snmpd逾雄，重啟snmpd服務(wù)阀溶；
7、開放161端口并重載防火墻
sudo firewall-cmd --add-port=161/udp --permanent
sudo firewall-cmd --reload
8鸦泳、sudo yum install -y net-snmp-utils银锻，安裝snmp工具；
9做鹰、snmpwalk -v 2c -c public 127.0.0.1 system击纬，測試；

安裝ss

cd usr/local/ss
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh
chmod +x shadowsocks.sh
./shadowsocks.sh 2>&1 | tee shadowsocks.log
加密方式：aes-256-cfb

安裝tor

yum -y install tor

vi /etc/tor/torrc
SOCKSPort 0.0.0.0:89
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:81

systemctl start tor
/var/lib/tor/hidden_service/hostname為域名

curl ipinfo.io #本機(jī)實(shí)際IP
torsocks curl ipinfo.io #變化IP

安裝keepalived

systemctl start chronyd #時(shí)鐘同步
ip link set multicast on dev ens33 #網(wǎng)卡開啟多播
--------------------------
apt-get install keepalived
yum install -y keepalived #據(jù)說1.3.5有坑
yum remove keepalived
rpm -qa|grep keepalived
keepalived -v
--------------------------
yum install -y curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel

#https://www.keepalived.org/download.html
#wget https://www.keepalived.org/software/keepalived-2.2.4.tar.gz
cd /usr/local/keepalived
tar -zxvf keepalived-2.2.4.tar.gz
cd /usr/local/keepalived/keepalived-2.2.4
./configure --prefix=/usr/local/keepalived
make && make install

/usr/local/keepalived/etc/keepalived/keepalived.conf #配置修改
router_id=srv01/srv02
state=MASTER/BACKUP
interface=enp0s3
priority=100/90

chmod +x /usr/local/keepalived/check_nginx.sh
chmod +x /usr/local/keepalived/check_keepalived.sh

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived

cd /usr/local/keepalived/sbin
./keepalived
ps -ef|grep keepalived
--------------------------
防火墻開啟vrrp
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload
--------------------------
/var/log/message #日志文件