2016年11月5日 星期六

CentOS7 /Redhat 7 hostname

之前都在用就6的方法設定
功課沒做好
沒想到7改版為使用 hostnamectl

#查看目前主機名稱
hostname
=====
ha1
=====
#查看目前主機名稱與相關資訊
hostnamectl
=====
  Static hostname: ha1
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 7388e3dc145c47b6ad2a6cacb9cd0449
           Boot ID: 753e2ba612894b5b87fbb7125ab21690
    Virtualization: vmware
  Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.2:GA:server
            Kernel: Linux 3.10.0-327.el7.x86_64
      Architecture: x86-64
=====

變更主機名稱指令為:

#hostnamectl set-hostname XXXXXXX

之後可再用hostnamectl檢查


其設定檔位於

/proc/sys/kernel/hostname


當然,你也可以透過 nmtui 的模式去更改。

2016年8月22日 星期一

Switch Syslog Setup(temp)

#en
#config t
#logging 192.168.1.1   //(log主機)
#logging trap 4 //等級預設7(全部)
#end

#sh run



Configuring the UNIX System Logging Facility

When sending system log messages to an external device, you can cause the switch to identify its messages as originating from any of the UNIX syslog facilities.
Beginning in privileged EXEC mode, follow these steps to configure UNIX system facility message logging. This procedure is optional.








Command



Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
logging host
Log messages to a UNIX syslog server host by entering its IP address.
To build a list of syslog servers that receive logging messages, enter this command more than once.
Step 3
logging trap level
Limit messages logged to the syslog servers.
Be default, syslog servers receive informational messages and lower. See Table 1-3 for level keywords.
Step 4
logging facility facility-type
Configure the syslog facility. See Table 1-4 for facility-type keywords.
The default is local7.
Step 5
end
Return to privileged EXEC mode.
Step 6
show running-config
Verify your entries.
Step 7
copy running-config startup-config
(Optional) Save your entries in the configuration file.

To remove a syslog server, use the no logging host global configuration command, and specify the syslog server IP address. To disable logging to syslog servers, enter the no logging trap global configuration command.
Table 1-4 lists the UNIX system facilities supported by the software. For more information about these facilities, consult the operator’s manual for your UNIX operating system.



Table 1-3Message Logging Level Keywords
Level Keyword
Level
Description
Syslog Definition
emergencies
0
System unstable
LOG_EMERG
alerts
1
Immediate action needed
LOG_ALERT
critical
2
Critical conditions
LOG_CRIT
errors
3
Error conditions
LOG_ERR
warnings
4
Warning conditions
LOG_WARNING
notifications
5
Normal but significant condition
LOG_NOTICE
informational
6
Informational messages only
LOG_INFO
debugging
7
Debugging messages
LOG_DEBUG

2016年8月10日 星期三

How to install Oracle Java 1.8 on Redhat 7

Oracle 的安裝方式比較瑣碎,故再重發一篇

Oracle java 1.8


cd /tmp

#下載安裝檔或是可預先下載檔案複製到 /opt
#其版本網址就自行依需求再調整
======
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.tar.gz"
======


tar xzf jdk-8u101-linux-x64.tar.gz
cd /opt/jdk1.8.0_101/

alternatives --install /usr/bin/java java /opt/jdk1.8.0_101/bin/java 2
alternatives --config java
java -version

How to install Tomcat 8 on Redhat 7.2

=================
tomcat install
https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7
=================
環境前提,安裝JAVA 與設定環境
請參考http://yccitman.blogspot.tw/2016/08/how-to-install-oracle-java-18-on-redhat.html
===

mkdir /opt/tomcat

sudo groupadd tomcat

sudo useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat


wget http://ftp.twaren.net/Unix/Web/apache/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.tar.gz


sudo mkdir /opt/tomcat
sudo tar xvf apache-tomcat-8*tar.gz -C /opt/tomcat --strip-components=1

cd tomcat
sudo chgrp -R tomcat conf
sudo chmod g+rwx conf
sudo chmod g+r conf/*
sudo chown -R tomcat webapps/ work/ temp/ logs/


sudo vi /etc/systemd/system/tomcat.service

=======

# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

#Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=JAVA_HOME=/opt/jdk1.8.0_101/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target


==============
sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat

=============
sudo vi /opt/tomcat/conf/tomcat-users.xml
=====
tomcat-users.xml — Admin User
<tomcat-users>
    <user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>

====

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --permanent --zone=public --add-port=8009/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
====

2016年7月20日 星期三

movemenoreg.vbs

--------解決方法----------

電腦處理方式(請先拔除usb之後再做)

開始-->(所有程式or按搜尋)-->執行-->填入 shell:startup 後按Enter 檢查系統啟動目錄是否有”helper”捷徑,若有代表該電腦已被植入程式

在捷徑上按右鍵查詢捷徑的路徑(win10叫做開啟檔案位置),
會找到一個WindowsServices的資料夾,裡面會有3個vbs所寫的檔案,將檔案刪除即可

重開機後再去啟動目錄(上述的方法)砍掉”helper”捷徑

PS.若看不到檔案請開啟顯示隱藏檔

隨身碟處理方式

開啟顯示隱藏檔

至隨身碟找到叫做 _ 的資料夾,將裡面資料搬出即可(若找不到請開啟顯示隱藏檔)

格式化隨身碟

4.再將原本的資料放回隨身碟即可

2016年7月18日 星期一

CentOS 7 Cacti plugin Syslog

前情提要:
此情境視為將安裝client 端rsyslog server
並安裝 rsyslog-mysql套件將其syslog透過3306port 寫入至db

故需要再/etc/rsyslog.conf 寫入設定,

而主機名稱會以hostname決定呈現名稱。



安裝監控


cd /var/www/html/cacti/plugins
wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz
mv  plugin:syslog-v1.22-2.tgz syslog-v1.22-2.tgz
tar -zxvf syslog-v1.22-2.tgz
==
mysql -u root -p

Enter password:

mysql> create database syslog;

mysql> show databases;

mysql> quit
===
cd /var/www/html/cacti/plugins/syslog
mysql -u root -p -A syslog < syslog.sql

mysql -u root -p

 grant all on syslog.* to 'cactiuser'@'' identified by "cacti";
 flush privileges;
==
cd /var/www/html/cacti/plugins/syslog/
vi config.php

$use_cacti_db = false; '將 ture 改為 false

$syslogdb_username = 'cactiuser'; '改成您所設定的帳號

$syslogdb_password = 'cactipassword'; '改成您所設定的密碼

=cacti office=
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;
==

log server 主機防火牆設定


sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

service rsyslog status






=========
client
==================
yum install rsyslog-mysql
vi /etc/rsyslog.conf
==
#cacti 20160716 edwin.chen

$ModLoad ommysql.so

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL

*.* :ommysql:192.168.1.10,syslog,cactiuser,cactipassword;cacti_syslog

$ModLoad imudp.so

$ModLoad imtcp.so

$UDPServerRun 514

$InputTCPServerRun 514



==
*.*      :ommysql:資料庫所在的主機, 所用的資料庫,資料庫的使用者帳號,密碼;SyslogInsert(自定義)

==
service rsyslog restart
chkconfig rsyslog on
======
於switch設定

R1(config)# logging trap
R1(config)# logging 192.168.10
R1(config)# logging on

CentOS 7 Cacti 架設

系統監控相關的程式不少
像是CA、Zabbix、What's Up等

但用過這麼多套後Cacti還是相當容易上手安裝的一套

Cacti需要的相關套件為 MySQLPHPRRDToolnet-snmp,Apache.

但mysql不一定要與cacti裝在一起,故將步驟分開說明。
========
1.安裝相關套件(root only)
yum install httpd*
yum install php*
yum install net-snmp*
yum install rrdtool*
yum install freetype-devel libpng-devel libart_lgpl-devel 

========
2. php 設定

vi /etc/php.ini

原來為

;date.timezone =

改為
[Date]
date.timezone = Asia/Taipei
========
3.下載安裝cacti至目錄位置 

yum install cacti

或是自行至網站下載新版(http://www.cacti.net/downloads/)

cd /tmp
wget http://www.cacti.net/downloads/cacti-0.8.tar.gz

tar -xzvf cacti-0.8.tar.gz
cp cacti /var/www/html/

(依不同設定也有可能在 /usr/share/)
若是yum大概都沒甚麼問題
==========
4.config html
vi /etc/httpd/conf.d/cacti.conf
Alias /cacti /var/www/cacti
<Directory /var/www/cacti>
        DirectoryIndex index.php
        order deny,allow
        Addtype application/x-httpd-php .php
        php_flag magic_quotes_gcp on
        php_flag track_vars on
</Directory>

==========
5. service httpd restart
service httpd restart
==========
5.modify cacti/include/config.php
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost"; //也可填寫ip如"192.168.1.99"
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;

#
/*
   Edit this to point to the default URL of your Cacti install
   ex: if your cacti install as at http://serverip/cacti/ this
   would be set to /cacti/
*/
//$url_path = "/cacti/"; <======將註解去除
$url_path = "/cacti/";

==========
6. crontab –e
*/5 * * * *     root   php /var/www/cacti/poller.php &>/dev/null
==========
7.SNMP設定

修改/etc/snmp/snmpd.conf
#com2sec notConfigUser  default       public
#group   notConfigGroup v1           notConfigUser
#group   notConfigGroup v2c          notConfigUser
新增下列設定
com2sec local     localhost       public
com2sec mynetwork 192.168.3.0/24  public
group   notConfigGroup v1         local
group   notConfigGroup v2c        local
group   notConfigGroup v1        mynetwork
group   notConfigGroup v2c       mynetwork
view all    included  .1         80
view    systemview    included   .1.3.6.1.2.1.2
access  notConfigGroup ""      any       noauth    prefix  all  none none
access  notConfigGroup ""      any       noauth    prefix  all  all all
===========
至此Cacti http端設定完畢
如果開啟網頁設定應該會顯示無法連結mysql
http://ServerIP/cacti/
接下來則是開始設定mysql端
看安裝於哪裡做決定
===========
安裝
1.yum install mariadb* 
初始化設定
2.mysql

systemctl start mariadb

 mysql_secure_installation

(該設定的設一設)

3.建立資料庫
mysql -u root -p

create database cacti ;

//GRANT cacti 資料庫權限給Cacti 資料庫使用者,密碼為cacti
//GRANT ALL ON '資料庫'.* TO '帳號'@'IP/hostname' IDENTIFIED BY '密碼';

//@後之IP或是HOSTNAME為限定其主機與IP可連結,留空白則為都開放。

grant all on cacti.* to 'cactiuser'@'localhost' identified by "cactipassword";
flush privileges;

FLUSH privileges;     //刷新

4.將欄位設定匯入mysql

如果都安裝在同一台則
cd /var/www/cacti/
mysql -u root -p -A cacti < cacti.sql

如果不同台則要看root有無開放給其他主機登入(通常不會....)
如果無則需複製檔案至mysql主機上在執行此指令。

================
防火牆設定:
http 80
如果需查看SNMP須開啟udp 161 , 162
sudo firewall-cmd --permanent --zone=public --add-port=161/udp
sudo firewall-cmd --permanent --zone=public --add-port=162/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
=====
SELINUX需設定為permissive
# vim /etc/selinux/config
SELINUX=permissive