作者: 方舟笔记

方舟笔记

方舟笔记

在CentOS6.x或CentOS7.x上安装EPEL Repo,Extra Packages for Enterprise Linux (EPEL)

CentOS 评论关闭

在CentOS6.x或CentOS7.x上安装EPEL Repo,Extra Packages for Enterprise Linux (EPEL)
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
Repo
repository,资源库,源的意思。RHEL EPEL(Extra Packages for Enterprise Linux) Repo是Linux发行版中最大的软件仓库之一,免费,丰富的软件包更新。

介绍:
http://fedoraproject.org/wiki/EPEL
Support Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

安装步骤:
CentOS 6.x
sudo rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 //导入GPG key
yum-config-manager epel | grep gpgkey
gpgkey = /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 //检查GPG key
sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm //安装

CentOS 7.x

sudo rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 //导入GPG key
yum-config-manager epel | grep gpgkey
gpgkey = /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 //检查GPG key
sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm //安装

或者
yum install epel-release -y

NOTE for CentOS users
You can install EPEL by running yum install epel-release. The package is included in the CentOS Extras repository, enabled by default.

可能出现的问题:
运行yum报错:
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

解决办法:
vim /etc/yum.repos.d/epel.repo
编辑[epel]下的baseurl前的#号去掉,mirrorlist前添加#号。
正确配置如下:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

再运行
yum clean all
yum makecache

yum repolist //确认EPEL状态
repo id repo name status
base CentOS-6 - Base 6518
epel Extra Packages for Enterprise Linux 6 - x86_64 11628
extras CentOS-6 - Extras 38
rpmforge RHEL 6 - RPMforge.net - dag 245
updates CentOS-6 - Updates 1199
repolist: 19628
完成
另外:有的时候EPEL需要手动开启
yum install yum* //为了安装yum-config-manager
或者
yum install yum-utils.noarch

sudo yum-config-manager --enable epel //开启EPEL Repository,有的时候无法自动开启
或者
sudo yum-config-manager --enable epel*
epel Extra Packages for Enterprise Linux 6 - x86_64 11,746
epel-debuginfo Extra Packages for Enterprise Linux 6 - x86_64 - D 2,207
epel-source Extra Packages for Enterprise Linux 6 - x86_64 - S 0
epel-testing Extra Packages for Enterprise Linux 6 - Testing - 950
epel-testing-debuginfo Extra Packages for Enterprise Linux 6 - Testing - 78
epel-testing-source Extra Packages for Enterprise Linux 6 - Testing - 0

LVM(logical volume manager)逻辑卷管理(创建、挂载、扩容、缩小、删除)

Linux 评论关闭

LVM(logical volume manager)逻辑卷管理(创建、挂载、扩容、缩小、删除)

LVM(logical volume manager)逻辑卷管理
PE physical extend 默认每个大小4M
PV physical volume
VG volume group
LV logical volume

1:将物理设备初始化为物理卷
# fdisk -l
/dev/sdc
/dev/sdd
#pvcreate /dev/sdc /dev/sdd
Physical volume "/dev/sdc" successfully created
Physical volume "/dev/sdd" successfully created

( pvcreate /dev/sdd /dev/sde
Device /dev/sdd not found (or ignored by filtering).
Physical volume "/dev/sde" successfully created
/dev/sde 提前使用过fdisk分区

#fdisk -l /dev/sde
Disk /dev/sde: 1098.4 GB, 1098437885952 bytes
255 heads, 63 sectors/track, 133544 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Erase the partition table (格式化)
# dd if=/dev/zero of=/dev/sdd bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.009214 s, 55.6 kB/s

#pvcreate /dev/sdd /dev/sde
Physical volume "/dev/sdd" successfully created
Physical volume "/dev/sde" successfully created

#vgextend ark /dev/sdf
Volume group "ark" successfully extended

#vgs
VG #PV #LV #SN Attr VSize VFree
ark 3 0 0 wz--n- 3.00t 3.00t
)

查看物理卷信息
#pvdisplay (详细)
#pvs

2:创建卷组,并将PV加入卷组中
#vgcreate ark /dev/sdc /dev/sdd
Volume group "ark" successfully created

追加新的PV到已存在的VG
#vgextend ark /dev/sdf
Volume group "ark" successfully extended

查看卷组信息
#vgdisplay (详细)
#vgs

3:基于卷组创建逻辑卷(是PE的整数倍)
#lvcreate -n mylv -L 3G ark
Logical volume "mylv" created

查看逻辑卷信息
#lvdisplay (详细)
#lvs

4:为创建好的逻辑卷创建文件系统
(如果逻辑卷较大的话,建议先使用screen
screen -S zhang
screen -r zhang)

#mkfs.ext4 /dev/ark/mylv

5:将格式化好的逻辑卷挂载使用
#mount /dev/ark/mylv /m

6:自动挂载
#vim /etc/fstab
-----------------
删除LVM
1:删除LV
#lvremove /dev/ark/mylv

2:删除VG
#vgremove ark

3:删除物理卷
#pvremove /dev/sdc /dev/sdd

------------------
LVM逻辑卷的拉伸与缩小

逻辑卷的拉伸可以在线执行,不需要卸载逻辑卷
1:保证VG中有足够的空闲空间
#vgs

2:扩充逻辑卷
#lvextend -L +1G /dev/ark/mylv
Extending logical volume mylv to 4.00 GiB
Logical volume mylv successfully resized

3:查看扩充后LV大小
#lvs

4:更新文件系统
#resize2fs /dev/ark/mylv

5:查看更新后文件系统
#df -h
------
拉伸一个卷组
1:将要添加到VG的硬盘格式化为PV
#pvcreate /dev/sde
2:将新的PV添加到指定卷组中
#vgextend ark /dev/sde
3:查看扩充后VG大小
#vgs
---------
缩小一个逻辑卷

逻辑卷的缩小必须离线执行,要卸载逻辑卷
1:卸载已挂载的逻辑卷
#umount /dev/ark/mylv
2:缩小文件系统 (会提示需要运行fsck检查文件系统)
#resize2fs /dev/ark/mylv 2G
Please run 'e2fsck -f /dev/ark/mylv' first.

#e2fsck -f /dev/ark/mylv'
#resize2fs /dev/ark/mylv 2G

3:缩小LV (缩小的LV必须小于等于缩小文件系统的大小,否则会损毁文件)
#lvreduce -L 2G /dev/ark/mylv

WARNING: Reducing active logical volume to 2.00 GiB
THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce mylv? [y/n]: y
Reducing logical volume mylv to 2.00 GiB
Logical volume mylv successfully resized

4:查看缩小后的LV
#lvs
5:挂载
#mount /dev/ark/mylv /m
------------
缩小卷组
1:将一个PV从指定卷组中移出 (要保证VG的空间要大于移走的物理卷)
#vgreduce ark /dev/sdc
Removed "/dev/sdc" from volume group "ark"
2:查看缩小后的卷组大小
#vgs
3:#pvs
pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup lvm2 a-- 19.51g 0
/dev/sdc lvm2 a-- 2.00g 2.00g
/dev/sdd ark lvm2 a-- 4.00g 2.00g

#pvremove /dev/sdc
Labels on physical volume "/dev/sdc" successfully wiped
4:可以移出硬盘/dev/sdc

LVM (1)

LVM (2)

LVM (3)

LVM (4)

LVM (5)

LVM (6)

LVM (7)

LVM (8)

LVM (9)

LVM (10)

LVM (11)

LVM (12)

IIS7.5、IIS8、IIS8.5文件上传大小限制30M修改方法

Windows Server 评论关闭


IIS7.5、IIS8、IIS8.5文件上传大小限制30M修改方法

虽然可以直接更改配置文件,即C:\Windows\System32\inetsrv\config\schema\下的IIS_schema.xml文件,但是考虑到安全等问题,而且这个文件默认是只读的,所以不建议直接修改这

个配置文件。
而应该在iis的管理器里修改:打开某一个网站或者点击根节点,在最下方的“管理”部分,选择“配置编辑器”然后找到节点system.webServer/security/requestFiltering将里面的

requestlimits下的maxAllowedContentLength的值(原本为30000000,即30M)修改为1024000000,即1G即可,这样修改直接就能生效,无需重启iis或者服务器。


IIS30M

配置单个IPV6地址和批量配置多个IPv6地址

Linux 评论关闭


配置单个IPV6地址和批量配置多个IPv6地址

IPv6(Internet Protocol Version 6)
IPv6为128位二进位制,为方便表示规定以16位二进制为一组,每组以冒号":"隔开,可以分为8组,每组以4位十六进制方式表示。
16位二进制 * 8 128位二进制 1111 1111 1111 1111::
4位十六进制 *8 32位十六进制 1 1 1 1::
如果几个连续段位的值都是0,那么这些0就可以简单的以::来表示,在一个IPv6地址中只能用一次。
2604:a880:1:20::48:c001/64
2604:a880:1:20:0000:0000:48:c001/64
2604:a880:0001:0020:0000:0000:0048:c001/64

#cat ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
HWADDR=04:01:42:a0:03:01
IPADDR=104.131.158.120
NETMASK=255.255.240.0
GATEWAY=104.131.144.1
NM_CONTROLLED='yes'
IPV6INIT=yes
IPV6ADDR=2604:A880:0001:0020:0000:0000:0048:C001/64
IPV6_DEFAULTGW=2604:A880:0001:0020:0000:0000:0000:0001
IPV6_AUTOCONF=no
DNS1=2001:4860:4860::8844
DNS2=2001:4860:4860::8888
DNS3=8.8.8.8

为CentOS/Redhat/Fedora批量添加多个IPv6地址
IPV6ADDR_SECONDARIES="2604:a880:1:20:0000:0000:48:c002/64 \
2604:a880:1:20:0000:0000:48:c003/64 \
2604:a880:1:20:0000:0000:48:c004/64 \
2604:a880:1:20:0000:0000:48:c005/64"
IPV6_DEFAULTGW=2604:A880:0001:0020:0000:0000:0000:0001
----------------------
SHELL 批量配置多个IPv6地址

#!/bin/bash
INETP="2607:f0d0:1002:11::"
PRE="64"
START=2
END=200
INT_IF="eth0"
IFCONFIG=/sbin/ifconfig
echo -n "Adding IPv6 Alias..."
for i in {$START..$END}
do
$IFCONFIG $INT_IF inet6 add ${INETP}${i}/${PRE}
done
echo "Done!"
------------------
2001:19f0:7000:8de2:5400:ff:fe1a:2ca/64 这是一个ipv6地址,/64主要是用于路由网段,路由的路径选择。
------------------
IP Information

IP Type IPv6
CIDR 2604:a880:1:20::/64
Network Bits 64
Minimum IP 2604:a880:1:20::
Gateway 2604:a880:1:20::1
Primary IP 2604:a880:1:20::2
Last Usable IP 2604:a880:1:20:ffff:ffff:ffff:fffe
Maximum IP 2604:a880:1:20:ffff:ffff:ffff:ffff
Number of Usable IPs 18446744073709551615
------------------
6TO4 Adapter:

连接特定的 DNS 后缀 . . . . . . . :
IPv6 地址 . . . . . . . . . . . . : 2002:7b0b:ca39::7b0b:ca39
默认网关. . . . . . . . . . . . . : 2002:c058:6301::c058:6301

Internet Protocol Version 6 (1)

Internet Protocol Version 6 (2)

Internet Protocol Version 6 (3)


2001:19f0:7000:8de2:5400:ff:fe1a:2ca/64 这是个ipv6地址,/64主要是用于路由网段,路由的路径选择。

Linux服务器采用密钥认证登录

Linux 评论关闭

Linux(Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).)
第一种 在客户端生成密钥对,并将公钥上传到服务器端
一、客户端操作:
#ssh-keygen -t rsa -b 2048 //生成公钥和私钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): //可输入私钥保护密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

#scp -P 22 .ssh/id_rsa.pub root@122.112.84.50: //将公钥上传到服务器的username目录

二、服务器端操作:(需要被连接的)
使用username登录
#mkdir -p .ssh
#chmod 700 .ssh
#cat .ssh/id_rsa.pub>>.ssh/authorized_keys
#chmod 600 .ssh/authorized_keys

#ssh root@122.112.84.50 //客户端登录服务端
--------------------

第二种 使用PUTTY或Xshell或SecureCRT生成密钥对
1:使用username登录
#mkdir -p .ssh
#chmod 700 .ssh
2:使用puttygen生成公钥和私钥,将公钥上传到服务器端username的.ssh目录下
3:#cat .ssh/id_rsa.pub>>.ssh/authorized_keys
#chmod 600 .ssh/authorized_keys
3:用putty私钥登陆出现server refused our key //打开sshd_config找到StrictModes yes修改为StrictModes no
#/etc/init.d/sshd reload 重新加载下即可 //修改验证文件,不推荐
--------------------

第三种 在服务器端生成密钥对,把私钥下载下来使用
1:在目标服务器生成公钥和私钥对(这里以root,也可以使用其他username)
#ssh-keygen -t rsa -b 2048 //生成公钥和私钥
#ssh-keygen -t rsa -b 4096
#ssh-keygen -t rsa -b 16384 //key bits exceeds maximum 16384
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): //可输入私钥保护密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

2:#chmod 700 .ssh
#cat .ssh/id_rsa.pub>>.ssh/authorized_keys
#chmod 600 .ssh/authorized_keys
3:下载id_rsa(私钥)文件,使用puttygen保存为PUTTY能识别的文件(*.ppk),(Xshell 能直接使用id_rsa文件)登录服务器。
--------------------

第四种 已经生成好的公钥和私钥对
1:把公钥文件(id_rsa.pub)放到目标服务器/root/.ssh/中
2:#cat .ssh/id_rsa.pub>>.ssh/authorized_keys
chmod 600 .ssh/authorized_keys
3:把私钥文件(id_rsa)放到客户服务器/root/.ssh/中
chmod 600 ./ssh/id_rsa //否则提示 Permissions 0644 for '/root/.ssh/id_rsa' are too open.
//It is required that your private key files are NOT accessible by others.
//This private key will be ignored.
4:客户服务器登录目标服务器 ssh root@195.154.128.169 -p 4096

最后
修改服务器(或目标服务器)sshd服务配置只允许使用私钥文件登录 //先用密钥测试是否能正常登录服务器,然后再修改。
#vim /etc/ssh/sshd_config
将PasswordAuthentication yes 修改成 PasswordAuthentication no

重启sshd服务
Debian/Ubuntu执行/etc/init.d/ssh restart
CentOS执行:/etc/init.d/sshd restart

服务器拒绝接受我们的密钥 (server refused our key)
这样需要修改安全上下文的配置或者修改为正确的上下文
#getenforce (查看是否开启)

#vi /etc/sysconfig/selinux
SELINUX=enforcing
修改SELINUX=enforcing 为 SELINUX=disabled

#reboot //必须重启才生效

ls -Z 查看上下文

restorecon -R -v .ssh 恢复文件默认上下文

改变文件的上下文
chcon -R --reference=/etc/ssh/ssh_host_key.pub /root/.ssh/authorized_keys /root/.ssh/authorized_keys 参照文件/etc/ssh/ssh_host_key.pub 的上下文

安全上下文的错误信息日志
cat /var/log/audit/audit.log

type=AVC msg=audit(1467157590.251:90): avc: denied { read } for pid=1477 comm="sshd" name="authorized_keys" dev=sda3 ino=392460 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=file


完成
2015.9.18

加载更多