From 03ec3575a74078e7a93306d1cb5a54e3ce6e9485 Mon Sep 17 00:00:00 2001 From: ppabc Date: Fri, 7 Jul 2017 17:54:19 +0800 Subject: [PATCH] update --- cobbler/cobbler.sh | 121 ++++++++++++++++++ {disk => fdisk}/auto_fdisk.sh | 0 {disk => fdisk}/auto_fdisk_aliyun.sh | 0 {disk => fdisk}/auto_fdisk_lvm.sh | 0 {disk => fdisk}/auto_fdisk_ssd.sh | 0 {disk => fdisk}/auto_fdisk_ssd_aliyun.sh | 0 keepalive/keepalive.sh | 53 ++++++++ mysql/mariadb.sh | 97 ++++++++++++++ {https => nginx/https}/nghttp2/nghttp.sh | 0 {https => nginx/https}/siege/siege.sh | 0 .../https}/www.aqzt.com_https_A+.conf | 0 .../https}/www.aqzt.com_https_A.conf | 0 redis/redis3.x.sh | 71 ++++++++++ shell/{awk => }/awk.sh | 0 {backup => shell/backup}/backup.sh | 0 {backup => shell/backup}/ftp1.sh | 0 {backup => shell/backup}/ftp2.sh | 0 shell/{dd => }/dd.sh | 0 shell/{find => }/find.sh | 0 {monitor => shell/monitor}/iftop.sh | 0 {monitor => shell/monitor}/net.sh | 0 {monitor => shell/monitor}/ports.py | 0 {monitor => shell/monitor}/sendmail.sh | 0 {monitor => shell/monitor}/sendmail_u.sh | 0 .../monitor}/ssh_user_monitor.sh | 0 {monitor => shell/monitor}/sshdns.sh | 0 shell/{rpm => }/rpm.sh | 0 {safe => shell/safe}/boyurl.sh | 0 {safe => shell/safe}/cc_ddos.sh | 0 shell/{ => safe}/hacker_check.sh | 0 {safe => shell/safe}/security_check.sh | 0 {safe => shell/safe}/sso.sh | 0 {proxy => ss5}/dnsmasq.sh | 0 {proxy => ss5}/ss5.sh | 0 {proxy => ss5}/ss5_pam.sh | 0 {proxy => ss5}/ss5_pam_mysql.sh | 0 {proxy => ss5}/vpn-pptpd.sh | 0 37 files changed, 342 insertions(+) create mode 100644 cobbler/cobbler.sh rename {disk => fdisk}/auto_fdisk.sh (100%) rename {disk => fdisk}/auto_fdisk_aliyun.sh (100%) rename {disk => fdisk}/auto_fdisk_lvm.sh (100%) rename {disk => fdisk}/auto_fdisk_ssd.sh (100%) rename {disk => fdisk}/auto_fdisk_ssd_aliyun.sh (100%) create mode 100644 keepalive/keepalive.sh create mode 100644 mysql/mariadb.sh rename {https => nginx/https}/nghttp2/nghttp.sh (100%) rename {https => nginx/https}/siege/siege.sh (100%) rename {https => nginx/https}/www.aqzt.com_https_A+.conf (100%) rename {https => nginx/https}/www.aqzt.com_https_A.conf (100%) create mode 100644 redis/redis3.x.sh rename shell/{awk => }/awk.sh (100%) rename {backup => shell/backup}/backup.sh (100%) rename {backup => shell/backup}/ftp1.sh (100%) rename {backup => shell/backup}/ftp2.sh (100%) rename shell/{dd => }/dd.sh (100%) rename shell/{find => }/find.sh (100%) rename {monitor => shell/monitor}/iftop.sh (100%) rename {monitor => shell/monitor}/net.sh (100%) rename {monitor => shell/monitor}/ports.py (100%) rename {monitor => shell/monitor}/sendmail.sh (100%) rename {monitor => shell/monitor}/sendmail_u.sh (100%) rename {monitor => shell/monitor}/ssh_user_monitor.sh (100%) rename {monitor => shell/monitor}/sshdns.sh (100%) rename shell/{rpm => }/rpm.sh (100%) rename {safe => shell/safe}/boyurl.sh (100%) rename {safe => shell/safe}/cc_ddos.sh (100%) rename shell/{ => safe}/hacker_check.sh (100%) rename {safe => shell/safe}/security_check.sh (100%) rename {safe => shell/safe}/sso.sh (100%) rename {proxy => ss5}/dnsmasq.sh (100%) rename {proxy => ss5}/ss5.sh (100%) rename {proxy => ss5}/ss5_pam.sh (100%) rename {proxy => ss5}/ss5_pam_mysql.sh (100%) rename {proxy => ss5}/vpn-pptpd.sh (100%) diff --git a/cobbler/cobbler.sh b/cobbler/cobbler.sh new file mode 100644 index 0000000..679d6fb --- /dev/null +++ b/cobbler/cobbler.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# +### +# Filename: install_cobbler.el6.sh +# Author: roguo.wei - roguo.wei@gmail.com +# Description: +# Last Modified: 2017-04-07 10:20 +# Version: 1.0 +### + +server_ip=10.10.2.100 + +# install epel +echo "install epel..." +#yum list |grep -E '^epel' +rpm -qa |grep -i epel &> /dev/null +if [ $? -eq 0 ];then + echo "epel alread installed" +else + rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm + if [ $? -eq 0 ];then + echo "epel install successfully" + else + echo "epel install faild" + exit 1 + fi +fi + +# disable selinux +echo "disable selinux..." +sed -i '/^SELINUX=/ s/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config +setenforce 0 +#getenforce +sestatus + +# disable iptables +echo "disable iptables..." +service iptables stop +chkconfig iptables off + +# install cobbler +for i in cobbler cobbler-web tftp tftp-server xinetd dhcp httpd mod_wsgi mod_ssl rsync +do + rpm -qc ${i} &> /dev/null + if [ $? -ne 0 ];then + echo -n "install ${i}..." + yum install -y ${i} &> /dev/null + if [ $? -eq 0 ];then + echo "ok" + else + echo "faild" + fi + else + echo "${i} alread installed" + fi +done + +# install packages what cobbler needs +for i in pykickstart debmirror python-ctypes python-cheetah python-netaddr python-simplejson python-urlgrabber PyYAML syslinux cman fence-agents createrepo mkisofs yum-utils +do + rpm -qc ${i} &> /dev/null + if [ $? -ne 0 ];then + echo -n "install ${i}..." + yum install -y ${i} &> /dev/null + if [ $? -eq 0 ];then + echo "ok" + else + echo "faild" + fi + else + echo "${i} alread installed" + fi +done + +echo -n "configing cobbler..." +# config httpd +sed -i "s/#ServerName www.example.com:80/ServerName ${server_ip}:80/" /etc/httpd/conf/httpd.conf +sed -i 's/#LoadModule/LoadModule/g' /etc/httpd/conf.d/wsgi.conf + +# config tftp +sed -i '/disable/c disable = no' /etc/xinetd.d/tftp +#sed -i '/disable/c disable = no' /etc/cobbler/tftpd.template + +# config rsysnc +sed -i -e 's/= yes/= no/g' /etc/xinetd.d/rsync + +# config debmirror +sed -i -e 's/@dists=.*/#@dists=/' /etc/debmirror.conf +sed -i -e 's/@arches=.*/#@arches=/' /etc/debmirror.conf + +# config cobbler +pwd=$(openssl passwd -1 -salt 'random-phrase-here' '111111') +sed -i "s@default_password_crypted: .*@default_password_crypted: ${pwd}@" /etc/cobbler/settings +sed -i "s/server: 127.0.0.1/server: ${server_ip}/g" /etc/cobbler/settings +sed -i "s/next_server: 127.0.0.1/next_server: ${server_ip}/g" /etc/cobbler/settings +# pxe安装 只允许一次,防止误操作( 在正式环境有用。实际测试来,这个功能可以屏蔽掉 ) +sed -i 's/pxe_just_once: 0/pxe_just_once: 1/g' /etc/cobbler/settings +sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings +sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings + +# config dhcp +cp /etc/cobbler/dhcp.template{,.ori} +sed -i 's/DHCPDARGS=.*/DHCPDARGS=eth0/' /etc/sysconfig/dhcpd +cat dhcp.template > /etc/cobbler/dhcp.template + +echo "ok" + +chkconfig httpd on +chkconfig xinetd on +chkconfig cobblerd on +chkconfig dhcpd on +/etc/init.d/httpd restart +/etc/init.d/xinetd restart +/etc/init.d/cobblerd restart +echo -e "\ncobbler get-loaders..." +cobbler get-loaders +echo -e "\ncobbler sync..." +cobbler sync +echo -e "\ncobbler check..." +cobbler check +/etc/init.d/dhcpd restart \ No newline at end of file diff --git a/disk/auto_fdisk.sh b/fdisk/auto_fdisk.sh similarity index 100% rename from disk/auto_fdisk.sh rename to fdisk/auto_fdisk.sh diff --git a/disk/auto_fdisk_aliyun.sh b/fdisk/auto_fdisk_aliyun.sh similarity index 100% rename from disk/auto_fdisk_aliyun.sh rename to fdisk/auto_fdisk_aliyun.sh diff --git a/disk/auto_fdisk_lvm.sh b/fdisk/auto_fdisk_lvm.sh similarity index 100% rename from disk/auto_fdisk_lvm.sh rename to fdisk/auto_fdisk_lvm.sh diff --git a/disk/auto_fdisk_ssd.sh b/fdisk/auto_fdisk_ssd.sh similarity index 100% rename from disk/auto_fdisk_ssd.sh rename to fdisk/auto_fdisk_ssd.sh diff --git a/disk/auto_fdisk_ssd_aliyun.sh b/fdisk/auto_fdisk_ssd_aliyun.sh similarity index 100% rename from disk/auto_fdisk_ssd_aliyun.sh rename to fdisk/auto_fdisk_ssd_aliyun.sh diff --git a/keepalive/keepalive.sh b/keepalive/keepalive.sh new file mode 100644 index 0000000..2065394 --- /dev/null +++ b/keepalive/keepalive.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# +### +# Filename: install_keepalived.sh +# Author: roguo.wei - roguo.wei@gmail.com +# Description: +# Last Modified: 2016-11-09 00:57 +# Version: 1.0 +### + +KEEPALIVED_USER="keepalived" +KEEPALIVED_VERSION="1.2.24" +KEEPALIVED_INSTALL_DIR="/usr/local" + +yum install -y kernel-devel openssl openssl-devel &> /dev/null +ln -s /usr/src/kernels/`uname -r`/ /usr/src/linux + +# check keepalived user +id -u ${KEEPALIVED_USER=} &> /dev/null +[ $? -ne 0 ] && useradd -M -s /bin/bash ${KEEPALIVED_USER} + +# check tar file +if [ ! -f keepalived-${KEEPALIVED_VERSION}.tar.gz ];then + echo "keepalived tar file not exists." + echo "download from offical website..." + wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz +else + tar xf keepalived-${KEEPALIVED_VERSION}.tar.gz +fi + +# comline keepalived +pushd keepalived-${KEEPALIVED_VERSION} +./configure --sysconf=/etc &> /dev/null +make &> /dev/null +make install &> /dev/null +popd +/bin/cp /usr/local/sbin/keepalived /usr/bin/ + +# config log +sed -i 's@^KEEPALIVED_OPTIONS=.*@KEEPALIVED_OPTIONS="-D -d -S 0"@' /etc/sysconfig/keepalived +#cat >> "local0.* /var/log/keepalived/keepalived.log" /etc/rsyslog.conf +cat > /etc/rsyslog.d/keepalived.conf << EOF +local0.* /var/log/keepalived.log +&~ +EOF +/etc/init.d/rsyslog restart &> /dev/null + +# man config + +# +/etc/init.d/keepalived start +chmod +x /etc/init.d/keepalived +chkconfig keepalived on \ No newline at end of file diff --git a/mysql/mariadb.sh b/mysql/mariadb.sh new file mode 100644 index 0000000..c58936b --- /dev/null +++ b/mysql/mariadb.sh @@ -0,0 +1,97 @@ +#!/bin/bash +# +### +# Filename: install_mariadb.sh +# Author: roguo.wei - roguo.wei@gmail.com +# Description: +# Last Modified: 2017-01-17 00:31 +# Version: 1.0 +### + +INSTALL_DIR="/opt/app" +DATA_DIR="/opt/data" +MARIADB_GROUP="mysql" +MARIADB_USER="mysql" +MARIADB_VERSION="10.1.20" +ROOT_PASSWD="root" +#mariadb-10.1.20-linux-x86_64.tar.gz +TAR_NAME="mariadb-${MARIADB_VERSION}-linux-x86_64.tar.gz" +UNTAR_NAME="mariadb-${MARIADB_VERSION}-linux-x86_64" + +# check mariadb user +echo -n "check MariaDB user... " +id -u ${MARIADB_USER} &> /dev/null +if [ $? -ne 0 ];then + groupadd ${MARIADB_GROUP} + useradd -g ${MARIADB_GROUP} ${MARIADB_USER} +fi +echo "ok" + +# check install dir +[ ! -d "${INSTALL_DIR}" ] && mkdir -p ${INSTALL_DIR} +[ ! -d "${DATA_DIR}" ] && mkdir -p ${DATA_DIR} + +# check mariadb file +if [ ! -f ${TAR_NAME} ];then + wget http://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-${MARIADB_VERSION}/bintar-linux-x86_64/mariadb-${MARIADB_VERSION}-linux-x86_64.tar.gz +fi + +# untar file +echo -n "untar file ..." +tar -xf ${TAR_NAME} -C ${INSTALL_DIR} +ln -s ${INSTALL_DIR}/${UNTAR_NAME} ${INSTALL_DIR}/mysql +ln -s ${INSTALL_DIR}/${UNTAR_NAME} /usr/local/mysql +echo "ok" + +# init db and config +echo -n "init db..." +${INSTALL_DIR}/mysql/scripts/mysql_install_db --user=${MARIADB_USER} --basedir=${INSTALL_DIR}/mysql --datadir=${DATA_DIR} +[ $? -ne 0 ] && exit 1 +cp ${INSTALL_DIR}/mysql/support-files/mysql.server /etc/init.d/mysqld +echo "ok" + +[ -f /etc/my.cnf ] && mv /etc/my.cnf{,.ori} +\cp -rf $(cd `dirname $0` && pwd)/my.cnf /etc/my.cnf + +# set server id +IPADDR=$(/sbin/ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F":" '{print $2}') +SERVER_ID=$(echo $IPADDR|awk -F"." '{print $4}') +sed -i "s#server-id = .*#server-id = ${SERVER_ID}#g" /etc/my.cnf +sed -i "s#datadir = .*#datadir = ${DATA_DIR}#g" /etc/my.cnf + +# set purview +chown -R root ${INSTALL_DIR}/${UNTAR_NAME} +chown -R ${MARIADB_USER} ${DATA_DIR} +chmod +x /etc/init.d/mysqld + +# start mariadb +${INSTALL_DIR}/mysql/bin/mysqld_safe --user=${MARIADB_USER} & &> /dev/null +[ $? -ne 0 ] && exit 1 || echo "mariadb started ok" + +# set root passwd +sleep 10 +${INSTALL_DIR}/mysql/bin/mysqladmin -uroot password "${ROOT_PASSWD}" +if [ $? -ne 0 ];then + echo "change password for root failed!" + exit 1 +else + echo "change password for root to :${ROOT_PASSWD}" +fi + +# +chkconfig mysqld on +ln -sv ${INSTALL_DIR}/mysql/include /usr/include/mysql +echo '/${INSTALL_DIR}/mysql/lib' > /etc/ld.so.conf.d/mysql.conf +ldconfig + +# set path +echo -n "set path... " +cat >> /etc/profile << EOF +# mariadb path +PATH=\$PATH:${INSTALL_DIR}/mysql/bin +export PATH +EOF +echo "ok" +. /etc/profile + +echo "mariadb installed successfully!" \ No newline at end of file diff --git a/https/nghttp2/nghttp.sh b/nginx/https/nghttp2/nghttp.sh similarity index 100% rename from https/nghttp2/nghttp.sh rename to nginx/https/nghttp2/nghttp.sh diff --git a/https/siege/siege.sh b/nginx/https/siege/siege.sh similarity index 100% rename from https/siege/siege.sh rename to nginx/https/siege/siege.sh diff --git a/https/www.aqzt.com_https_A+.conf b/nginx/https/www.aqzt.com_https_A+.conf similarity index 100% rename from https/www.aqzt.com_https_A+.conf rename to nginx/https/www.aqzt.com_https_A+.conf diff --git a/https/www.aqzt.com_https_A.conf b/nginx/https/www.aqzt.com_https_A.conf similarity index 100% rename from https/www.aqzt.com_https_A.conf rename to nginx/https/www.aqzt.com_https_A.conf diff --git a/redis/redis3.x.sh b/redis/redis3.x.sh new file mode 100644 index 0000000..332e632 --- /dev/null +++ b/redis/redis3.x.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# +### +# Filename: install_redis.sh +# Author: roguo.wei - roguo.wei@gmail.com +# Description: +# Last Modified: 2016-12-09 15:39 +# Version: 1.0 +### + +REDIS_VERSION="3.2.3" +REDIS_USER="" +REDIS_AUTH="123456" + +REDIS_INSTALL_DIR="" +REDIS_PORT="6379" +REDIS_CONF="/etc/redis/6379.conf" +REDIS_LOG="/var/log/redis_6379.log" +REDIS_DATA="/var/lib/redis/6379" +REDIS_EXEC="/usr/local/bin/redis-server" + + +# install needed packages +for P in gcc gcc-c++ tcl +do + rpm -qa $P &> /dev/null + if [ $? -ne 0 ];then + echo -n "install $P..." + yum install -y $P &> /dev/null + echo "ok" + else + echo "$P already installed." + fi +done + +# check tar file +if [ ! -e redis-${REDIS_VERSION}.tar.gz ];then + echo "downloading redis..." + wget -c http://download.redis.io/releases/redis-${REDIS_VERSION}.tar.gz +fi + +tar xf redis-${REDIS_VERSION}.tar.gz +pushd redis-${REDIS_VERSION} +echo -n "install redis..." +make install &> /dev/null +if [ $? -eq 0 ];then + make test &> /dev/null + [ $? -eq 0 ] && echo "ok" || echo "failed" +else + echo "instal redis-${REDIS_VERSION} failed." + exit 1 +fi + +# init redis server +echo "${REDIS_PORT} +${REDIS_CONF} +${REDIS_LOG} +${REDIS_DATA} +${REDIS_EXEC} + +" | utils/install_server.sh + +popd + + +# config redis server +sed -i 's@bind 127.0.0.1@bind 0.0.0.0@' /etc/redis/6379.conf +sed -i "s@^# requirepass foobared@requirepass ${REDIS_AUTH}@" /etc/redis/6379.conf + +# start redis service +/etc/init.d/redis_6379 restart \ No newline at end of file diff --git a/shell/awk/awk.sh b/shell/awk.sh similarity index 100% rename from shell/awk/awk.sh rename to shell/awk.sh diff --git a/backup/backup.sh b/shell/backup/backup.sh similarity index 100% rename from backup/backup.sh rename to shell/backup/backup.sh diff --git a/backup/ftp1.sh b/shell/backup/ftp1.sh similarity index 100% rename from backup/ftp1.sh rename to shell/backup/ftp1.sh diff --git a/backup/ftp2.sh b/shell/backup/ftp2.sh similarity index 100% rename from backup/ftp2.sh rename to shell/backup/ftp2.sh diff --git a/shell/dd/dd.sh b/shell/dd.sh similarity index 100% rename from shell/dd/dd.sh rename to shell/dd.sh diff --git a/shell/find/find.sh b/shell/find.sh similarity index 100% rename from shell/find/find.sh rename to shell/find.sh diff --git a/monitor/iftop.sh b/shell/monitor/iftop.sh similarity index 100% rename from monitor/iftop.sh rename to shell/monitor/iftop.sh diff --git a/monitor/net.sh b/shell/monitor/net.sh similarity index 100% rename from monitor/net.sh rename to shell/monitor/net.sh diff --git a/monitor/ports.py b/shell/monitor/ports.py similarity index 100% rename from monitor/ports.py rename to shell/monitor/ports.py diff --git a/monitor/sendmail.sh b/shell/monitor/sendmail.sh similarity index 100% rename from monitor/sendmail.sh rename to shell/monitor/sendmail.sh diff --git a/monitor/sendmail_u.sh b/shell/monitor/sendmail_u.sh similarity index 100% rename from monitor/sendmail_u.sh rename to shell/monitor/sendmail_u.sh diff --git a/monitor/ssh_user_monitor.sh b/shell/monitor/ssh_user_monitor.sh similarity index 100% rename from monitor/ssh_user_monitor.sh rename to shell/monitor/ssh_user_monitor.sh diff --git a/monitor/sshdns.sh b/shell/monitor/sshdns.sh similarity index 100% rename from monitor/sshdns.sh rename to shell/monitor/sshdns.sh diff --git a/shell/rpm/rpm.sh b/shell/rpm.sh similarity index 100% rename from shell/rpm/rpm.sh rename to shell/rpm.sh diff --git a/safe/boyurl.sh b/shell/safe/boyurl.sh similarity index 100% rename from safe/boyurl.sh rename to shell/safe/boyurl.sh diff --git a/safe/cc_ddos.sh b/shell/safe/cc_ddos.sh similarity index 100% rename from safe/cc_ddos.sh rename to shell/safe/cc_ddos.sh diff --git a/shell/hacker_check.sh b/shell/safe/hacker_check.sh similarity index 100% rename from shell/hacker_check.sh rename to shell/safe/hacker_check.sh diff --git a/safe/security_check.sh b/shell/safe/security_check.sh similarity index 100% rename from safe/security_check.sh rename to shell/safe/security_check.sh diff --git a/safe/sso.sh b/shell/safe/sso.sh similarity index 100% rename from safe/sso.sh rename to shell/safe/sso.sh diff --git a/proxy/dnsmasq.sh b/ss5/dnsmasq.sh similarity index 100% rename from proxy/dnsmasq.sh rename to ss5/dnsmasq.sh diff --git a/proxy/ss5.sh b/ss5/ss5.sh similarity index 100% rename from proxy/ss5.sh rename to ss5/ss5.sh diff --git a/proxy/ss5_pam.sh b/ss5/ss5_pam.sh similarity index 100% rename from proxy/ss5_pam.sh rename to ss5/ss5_pam.sh diff --git a/proxy/ss5_pam_mysql.sh b/ss5/ss5_pam_mysql.sh similarity index 100% rename from proxy/ss5_pam_mysql.sh rename to ss5/ss5_pam_mysql.sh diff --git a/proxy/vpn-pptpd.sh b/ss5/vpn-pptpd.sh similarity index 100% rename from proxy/vpn-pptpd.sh rename to ss5/vpn-pptpd.sh