# httpd -V | grep MPM Server MPM: prefork CentOS provide 3 way modules, need to select only one. prefork => default worker event Change prefork to worker # vi /etc/httpd/conf.modules.d/00-mpm.conf #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule mpm_worker_module modules/mod_mpm_worker.so #vi /etc/httpd/conf.modules.d/10-php.conf <IfModule prefork.c> LoadModule php5_module modules/libphp5.so </IfModule> <IfModule worker.c> LoadModule php5_module modules/libphp5-zts.so </IfModule> […]
centos7 : mod_evasive & mod_security for Apache DDOS Hint
# yum install mod_evasive mod_security # httpd -M | grep -E 'evasive|security' # vi /etc/httpd/conf.d/mod_security.conf # vi /etc/httpd/conf.d/mod_evasive.conf DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSBlockingPeriod 10 DOSWhitelist 127.0.0.1 DOSWhitelist 192.168.0.* # systemctl restart httpd.service
cenos7 : firewall-cmd, Lockdown, fail2ban-firewalld Hint
masquerade firewall-cmd --zone=external --query-masquerade firewall-cmd --zone=external --add-masquerade external port forward firewall-cmd --zone=external --list-all firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=2222:toaddr=192.168.0.11 Lockdown # vi /etc/firewalld/firewalld.conf Lockdown=yes # firewall-cmd --reload # firewall-cmd --query-lockdown # firewall-cmd --lockdown-on # firewall-cmd --lockdown-off Block IP # firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.41" accept' # firewall-cmd --list-all # firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.0.41" accept' # […]
centos7 : logtop hint
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm rpm -ivh epel-release-7-5.noarch.rpm yum install git ncurses-devel uthash-devel git clone https://github.com/JulienPalard/logtop.git cd logtop make make install tail -f /var/log/httpd/access_log | awk {'print $1; fflush();'} | logtop
centos7 : change / Set default java version
update-alternatives --config java
centos 7 : format over 4TB Hint
# yum install parted # lsblk fdisk -l /dev/sda Disk /dev/sda: 4000.8 GB, 4000787030016 bytes, 7814037168 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x4d1b22b4 Device Boot Start End Blocks Id System […]
named : master-slave notify Hint
master : in zone files masters ip : 192.168.0.10 2015122601; serial => must changed when zone file edited IN NS ns.owllab.org. IN NS ns1.owllab.org. slave : in named.conf file # vi /etc/named/named.conf zone "owllab.org" IN {type slave;masters […]
named : IPV4 Only Hint
# vi /etc/sysconfig/named OPTIONS="-4" systemctl restart named-chroot
Data recovery : TestDisk
http://www.cgsecurity.org/ [root@centos7 ~]# dumpe2fs /dev/mapper/vg_centos6-lv_root | grep superblock dumpe2fs 1.42.9 (28-Dec-2013) Primary superblock at 0, Group descriptors at 1-4 Backup superblock at 32768, Group descriptors at 32769-32772 Backup superblock at 98304, Group descriptors at 98305-98308 Backup superblock at 163840, Group descriptors at 163841-163844 Backup superblock at 229376, Group descriptors at […]
centos7 : epel-release, libnss-mysql hint
# yum install epel-release # yum install libnss-mysql vi /etc/libnss-mysql-root.cfg ------------------------------------ username nss-root password passwd ------------------------------------ vi /etc/libnss-mysql.cfg ------------------------------------ username nss-user password passwd ------------------------------------ vi /etc/nsswitch.conf ------------------------------------ # passwd: db files # shadow: db files # group: db files passwd: files sss […]