Обслуживание и восстановление баз MySQL
May 25th, 2009
Проверка и восстановление всех баз:
mysqlcheck --repair --analyze --all-databases --auto-repair
Оптимизация всех таблиц всех баз:
mysqlcheck --all-databases --optimize
Archive
Archive for May, 2009
Скрипт создания mysql-баз по списку из файла
May 18th, 2009
Скрипт читает построчно из файла и создает базы с таким именем и юзером. Пароли к ним генерит.
Внимание к длине имени базы! (не больше 16 символов)
#!/bin/bash
SQLUSER=root
SQLPASS=password
cat /home/admin/bases | while read base; do
PASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
echo "CREATE DATABASE $base;"|mysql --password=$SQLPASS
echo "GRANT ALL PRIVILEGES ON $base.* TO "$base"@"localhost" IDENTIFIED BY \"$PASS\";"|mysql --password=$SQLPASS
echo "User: $base Password: $PASS"
done
echo "FLUSH PRIVILEGES;" | mysql --password=$SQLPASS
SQLUSER=root
SQLPASS=password
cat /home/admin/bases | while read base; do
PASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
echo "CREATE DATABASE $base;"|mysql --password=$SQLPASS
echo "GRANT ALL PRIVILEGES ON $base.* TO "$base"@"localhost" IDENTIFIED BY \"$PASS\";"|mysql --password=$SQLPASS
echo "User: $base Password: $PASS"
done
echo "FLUSH PRIVILEGES;" | mysql --password=$SQLPASS
Установка Pear PHP GeoIP расширения на Linux
May 15th, 2009
К сожалению, данного расширения нет в RPM-ках поэтому будем ставить его из сорцов:
yum --enablerepo=remi install GeoIP-devel php-devel
cd /usr/local/src
wget http://pecl.php.net/get/geoip
tar zxvf ./geoip-1.0.7.tgz
cd geoip-1.0.7
phpize
./configure
make
make install
cd /usr/local/src
wget http://pecl.php.net/get/geoip
tar zxvf ./geoip-1.0.7.tgz
cd geoip-1.0.7
phpize
./configure
make
make install
Создаем /etc/php.d/geoip.ini:
extension=geoip.so
Рестартим апач:
service httpd reload
Скрипт установки типового веб-сервера на Linux (CentOS)
May 13th, 2009
Задача: в автоматическом режиме установить основное ПО необходимое для работы веб-сервер: nginx/Apache/PHP/MySQL/vsftpd.
Скачать скрипт целиком
#!/bin/bash
### ver. 0.98 from 11.10.2010
os=`cat /etc/issue |grep -c CentOS`
if [ $os = "0" ]; then
echo "This script work only on CentOS. Exit."
exit
fi
echo "Enter username to create (default, admin):"
read USER
echo "This host is VPS? (yes/no. Default, no):"
read thisvps
echo "Use Remi repos? (yes/no. Default, yes):"
read useremi
if [ -z $USER ]; then
USER=admin
fi
if [ -z $thisvps ]; then
thisvps=no
fi
if [ -z $useremi ]; then
useremi=yes
fi
confighost=unix-notes.ru
USERPASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
SQLPASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
thiswebazilla=`uname -a | grep -c "webazilla"`
sestat=`sestatus|grep -c enabled`
if [ $sestat = "1" ]; then
sed -i 's/enforcing/disabled/gi' /etc/selinux/config
sed -i 's/permissive/disabled/gi' /etc/selinux/config
chkconfig sshd on
echo "Need reboot to SELinux disable ... After reboot run script again"
exit
fi
checkarch=`uname -a | grep -c "i386"`
if [ $checkarch = "1" ]; then
PL=i386
else
PL=x86_64
fi
# check to exist homedir
if [ ! -d /home ]; then
echo "/home is no exist! setup canceled."
exit
fi
iptables -F
iptables -X
/etc/init.d/iptables save
# add additional dns servers, OpenDNS
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
mkdir /root/.ssh
cd /root/.ssh
chown -R root /root
chmod -R 400 /root
if [ $thisvps = "no" ]; then
cd /etc
rm -f /etc/sysctl.conf
wget http://$confighost/config/linux/sysctl.conf
sysctl -p
ln -fs /usr/share/zoneinfo/Europe/Moscow /etc/localtime
yum --noplugins -y install ntp
ntpdate pool.ntp.org
echo "1 1 * * * root ntpdate pool.ntp.org" >> /etc/crontab
fi
if [ $thisvps = "yes" ]; then
ln -fs /usr/share/zoneinfo/Europe/Moscow /etc/localtime
fi
if [ $PL = x86_64 ]; then
cd /root
rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ihv /root/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
if [ $useremi = yes ]; then
rpm -ihv http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
fi
fi
if [ $PL = i386 ]; then
cd /root
rpm -ihv http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ihv /root/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
if [ $useremi = yes ]; then
rpm -ihv http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
fi
fi
if [ $useremi = yes ]; then
yum --noplugins --enablerepo=remi install mc.$PL vsftpd.$PL httpd.$PL httpd-devel.$PL php.$PL mysql-server.$PL php-mysql.$PL nginx.$PL mod_geoip.$PL php-mbstring.$PL php-gd.$PL php-mcrypt.$PL make.$PL which.$PL
else yum --noplugins install mc.$PL vsftpd.$PL httpd.$PL httpd-devel.$PL php.$PL mysql-server.$PL php-mysql.$PL nginx.$PL mod_geoip.$PL php-mbstring.$PL php-gd.$PL php-mcrypt.$PL make.$PL which.$PL
fi
chkconfig --level 2345 mysqld on
chkconfig --level 2345 httpd on
chkconfig --level 2345 vsftpd on
chkconfig --level 2345 nginx on
chkconfig --level 2345 cups off
chkconfig --level 2345 sendmail on
chkconfig --level 2345 sshd on
cd /etc/vsftpd
rm -f /etc/vsftpd/vsftpd.conf
wget http://$confighost/config/linux/vsftpd.conf
chmod 400 /etc/vsftpd/vsftpd.conf
cd /usr/local/src
wget http://$confighost/config/mod_rpaf-0.6.tar.gz
tar xzf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
ln -s /usr/sbin/apxs /usr/sbin/apxs2
make rpaf-2.0
make install-2.0
cd /etc/httpd/conf.d
wget http://$confighost/config/linux/mod_rpaf.conf
iplist=`ifconfig | grep inet | awk '{print $2}' | awk -F: '{print $2}' | grep -v '^$' | tr "\n" " "`
sed -i "s/127.0.0.1/$iplist/g" /etc/httpd/conf.d/mod_rpaf.conf
# Create user and setup user folders
adduser -d /home/$USER -m -s /sbin/nologin $USER
echo "$USER:$USERPASS" |chpasswd
mkdir /home/$USER/domains
chmod -R 755 /home/$USER
cd /home/$USER
wget http://$confighost/config/linux/create_domain.sh
sed -i "s/testuser/$USER/g" /home/$USER/create_domain.sh
chmod +x /home/$USER/create_domain.sh
mkdir /etc/httpd/vhosts
cd /etc/httpd/vhosts
wget http://$confighost/config/linux/sample
cd /home/$USER
wget http://$confighost/config/linux/create_base.sh
sed -i "s/INSERTPASSHERE/$SQLPASS/g" /home/$USER/create_base.sh
chmod +x /home/$USER/create_base.sh
cd /home/$USER
wget http://$confighost/config/linux/create_multi_bases.sh
sed -i "s/INSERTPASSHERE/$SQLPASS/g" /home/$USER/create_multi_bases.sh
sed -i "s/username/$USER/g" /home/$USER/create_multi_bases.sh
chmod +x /home/$USER/create_multi_bases.sh
cd /etc/httpd/conf/
rm -f /etc/httpd/conf/httpd.conf
wget http://$confighost/config/linux/httpd.conf
rm -f /etc/httpd/conf.d/proxy_ajp.conf
rm -f /etc/httpd/conf.d/welcome.conf
cd /etc/nginx/
rm -f /etc/nginx/nginx.conf
wget http://$confighost/config/linux/nginx.conf
iplist2=`ifconfig | grep inet | awk '{print $2}' | awk -F: '{print $2}' | grep -v '^$'|grep -v 127.0.0.1 | sed 's/\(.*\)/listen \1;/'`
sed -i "s/user_name/$USER/gi" /etc/nginx/nginx.conf
sed -i "s/IPADDR/$iplist2/gi" /etc/nginx/nginx.conf
mkdir /home/mysql
mkdir /home/mysql/tmp
chown -R mysql /home/mysql/
chmod -R 755 /home/mysql/
cd /etc
rm -f /etc/my.cnf
if [ $thisvps = "no" ]; then
wget http://$confighost/config/linux/my.cnf
fi
if [ $thisvps = "yes" ]; then
wget http://$confighost/config/linux/vps/my.cnf
fi
service mysqld start
mysqladmin password $SQLPASS
echo "DELETE FROM mysql.user WHERE Password=''" | mysql --password=$SQLPASS
service vsftpd start
service httpd start
service nginx start
service cups stop
if [ $PL = x86_64 ]; then
cd /root
wget http://$confighost/config/linux/ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
tar zxvf /root/ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
cd /root/ZendOptimizer-3.3.3-linux-glibc23-x86_64
./install.sh
fi
if [ $PL = i386 ]; then
cd /root
wget http://$confighost/config/linux/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
tar zxvf /root/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install.sh
fi
echo "##############################"
echo "Setup ready!"
echo "FTP username: $USER"
echo "FTP password: $USERPASS"
echo "MySQL root password: $SQLPASS"
echo "##############################"
### ver. 0.98 from 11.10.2010
os=`cat /etc/issue |grep -c CentOS`
if [ $os = "0" ]; then
echo "This script work only on CentOS. Exit."
exit
fi
echo "Enter username to create (default, admin):"
read USER
echo "This host is VPS? (yes/no. Default, no):"
read thisvps
echo "Use Remi repos? (yes/no. Default, yes):"
read useremi
if [ -z $USER ]; then
USER=admin
fi
if [ -z $thisvps ]; then
thisvps=no
fi
if [ -z $useremi ]; then
useremi=yes
fi
confighost=unix-notes.ru
USERPASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
SQLPASS=`< /dev/urandom tr -dc A-Za-z0-9 | head -c15`
thiswebazilla=`uname -a | grep -c "webazilla"`
sestat=`sestatus|grep -c enabled`
if [ $sestat = "1" ]; then
sed -i 's/enforcing/disabled/gi' /etc/selinux/config
sed -i 's/permissive/disabled/gi' /etc/selinux/config
chkconfig sshd on
echo "Need reboot to SELinux disable ... After reboot run script again"
exit
fi
checkarch=`uname -a | grep -c "i386"`
if [ $checkarch = "1" ]; then
PL=i386
else
PL=x86_64
fi
# check to exist homedir
if [ ! -d /home ]; then
echo "/home is no exist! setup canceled."
exit
fi
iptables -F
iptables -X
/etc/init.d/iptables save
# add additional dns servers, OpenDNS
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
mkdir /root/.ssh
cd /root/.ssh
chown -R root /root
chmod -R 400 /root
if [ $thisvps = "no" ]; then
cd /etc
rm -f /etc/sysctl.conf
wget http://$confighost/config/linux/sysctl.conf
sysctl -p
ln -fs /usr/share/zoneinfo/Europe/Moscow /etc/localtime
yum --noplugins -y install ntp
ntpdate pool.ntp.org
echo "1 1 * * * root ntpdate pool.ntp.org" >> /etc/crontab
fi
if [ $thisvps = "yes" ]; then
ln -fs /usr/share/zoneinfo/Europe/Moscow /etc/localtime
fi
if [ $PL = x86_64 ]; then
cd /root
rpm -ihv http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ihv /root/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
if [ $useremi = yes ]; then
rpm -ihv http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
fi
fi
if [ $PL = i386 ]; then
cd /root
rpm -ihv http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ihv /root/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
if [ $useremi = yes ]; then
rpm -ihv http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
fi
fi
if [ $useremi = yes ]; then
yum --noplugins --enablerepo=remi install mc.$PL vsftpd.$PL httpd.$PL httpd-devel.$PL php.$PL mysql-server.$PL php-mysql.$PL nginx.$PL mod_geoip.$PL php-mbstring.$PL php-gd.$PL php-mcrypt.$PL make.$PL which.$PL
else yum --noplugins install mc.$PL vsftpd.$PL httpd.$PL httpd-devel.$PL php.$PL mysql-server.$PL php-mysql.$PL nginx.$PL mod_geoip.$PL php-mbstring.$PL php-gd.$PL php-mcrypt.$PL make.$PL which.$PL
fi
chkconfig --level 2345 mysqld on
chkconfig --level 2345 httpd on
chkconfig --level 2345 vsftpd on
chkconfig --level 2345 nginx on
chkconfig --level 2345 cups off
chkconfig --level 2345 sendmail on
chkconfig --level 2345 sshd on
cd /etc/vsftpd
rm -f /etc/vsftpd/vsftpd.conf
wget http://$confighost/config/linux/vsftpd.conf
chmod 400 /etc/vsftpd/vsftpd.conf
cd /usr/local/src
wget http://$confighost/config/mod_rpaf-0.6.tar.gz
tar xzf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
ln -s /usr/sbin/apxs /usr/sbin/apxs2
make rpaf-2.0
make install-2.0
cd /etc/httpd/conf.d
wget http://$confighost/config/linux/mod_rpaf.conf
iplist=`ifconfig | grep inet | awk '{print $2}' | awk -F: '{print $2}' | grep -v '^$' | tr "\n" " "`
sed -i "s/127.0.0.1/$iplist/g" /etc/httpd/conf.d/mod_rpaf.conf
# Create user and setup user folders
adduser -d /home/$USER -m -s /sbin/nologin $USER
echo "$USER:$USERPASS" |chpasswd
mkdir /home/$USER/domains
chmod -R 755 /home/$USER
cd /home/$USER
wget http://$confighost/config/linux/create_domain.sh
sed -i "s/testuser/$USER/g" /home/$USER/create_domain.sh
chmod +x /home/$USER/create_domain.sh
mkdir /etc/httpd/vhosts
cd /etc/httpd/vhosts
wget http://$confighost/config/linux/sample
cd /home/$USER
wget http://$confighost/config/linux/create_base.sh
sed -i "s/INSERTPASSHERE/$SQLPASS/g" /home/$USER/create_base.sh
chmod +x /home/$USER/create_base.sh
cd /home/$USER
wget http://$confighost/config/linux/create_multi_bases.sh
sed -i "s/INSERTPASSHERE/$SQLPASS/g" /home/$USER/create_multi_bases.sh
sed -i "s/username/$USER/g" /home/$USER/create_multi_bases.sh
chmod +x /home/$USER/create_multi_bases.sh
cd /etc/httpd/conf/
rm -f /etc/httpd/conf/httpd.conf
wget http://$confighost/config/linux/httpd.conf
rm -f /etc/httpd/conf.d/proxy_ajp.conf
rm -f /etc/httpd/conf.d/welcome.conf
cd /etc/nginx/
rm -f /etc/nginx/nginx.conf
wget http://$confighost/config/linux/nginx.conf
iplist2=`ifconfig | grep inet | awk '{print $2}' | awk -F: '{print $2}' | grep -v '^$'|grep -v 127.0.0.1 | sed 's/\(.*\)/listen \1;/'`
sed -i "s/user_name/$USER/gi" /etc/nginx/nginx.conf
sed -i "s/IPADDR/$iplist2/gi" /etc/nginx/nginx.conf
mkdir /home/mysql
mkdir /home/mysql/tmp
chown -R mysql /home/mysql/
chmod -R 755 /home/mysql/
cd /etc
rm -f /etc/my.cnf
if [ $thisvps = "no" ]; then
wget http://$confighost/config/linux/my.cnf
fi
if [ $thisvps = "yes" ]; then
wget http://$confighost/config/linux/vps/my.cnf
fi
service mysqld start
mysqladmin password $SQLPASS
echo "DELETE FROM mysql.user WHERE Password=''" | mysql --password=$SQLPASS
service vsftpd start
service httpd start
service nginx start
service cups stop
if [ $PL = x86_64 ]; then
cd /root
wget http://$confighost/config/linux/ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
tar zxvf /root/ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
cd /root/ZendOptimizer-3.3.3-linux-glibc23-x86_64
./install.sh
fi
if [ $PL = i386 ]; then
cd /root
wget http://$confighost/config/linux/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
tar zxvf /root/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
cd ZendOptimizer-3.3.3-linux-glibc23-i386
./install.sh
fi
echo "##############################"
echo "Setup ready!"
echo "FTP username: $USER"
echo "FTP password: $USERPASS"
echo "MySQL root password: $SQLPASS"
echo "##############################"
Базовые вещи в iptables
May 5th, 2009
Применяется первое правило удовлетворяющее критерию. Для действий ACCEPT, DROP, REJECT обработка правил приостанавливается.
Примеры правил:
Посмотреть полный список всех актуальных правил:
iptables-save
ставить в конец цепочки правило блокирующее трафик с IP
iptables -A INPUT -i eth0 -s 1.2.3.1 -j DROP
вставить первым разрешающее правило для подсети
iptables -I INPUT 1 -i eth0 -s 192.168.0.0/24 -j ACCEPT
разрешить весь входящий трафик по loopback
iptables -I INPUT 1 -i lo -j ACCEPT
пример исп-я указания протокола (tcp,udp,icmp,all), адреса назначения, порта источника/назначения
iptables -A INPUT -p tcp -d 1.2.3.1 --sport 3389 --dport 22 -j DROP
разрешить входящие подключения на веб-сервер
iptables -A INPUT -i eth0 -p TCP -m multiport --dports 80,443 -j ACCEPT
разрешить трафик по уже установленным соединениям
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
разрешаем входящие эхо-запросы
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
удаляем правило по критерю
iptables -D INPUT --dport 80 -j DROP
Листинг правил с номерами:
iptables -L POSTROUTING -t nat -n -v --line-numbers
iptables -L FORWARD -n -v --line-numbers
iptables -L FORWARD -n -v --line-numbers
удаляем правило по номеру (нумеруются с 1, цепочку надо указывать)
iptables -D INPUT 1
iptables -D FORWARD 55
iptables -t nat -D POSTROUTING 15
iptables -D FORWARD 55
iptables -t nat -D POSTROUTING 15
листинг всех правил во всех цепочках без резолва
iptables -L -n
листинг правил из цепочки
iptables -L INPUT
очистка всех правил
iptables -F
очистка правил в цепочке
iptables -F INPUT
добавление новой цепочки
iptables -N samplechain
удаление заданной цепочки
iptables -X samplechain
Политика по умолчанию для цепочки INPUT устанавливается в ACCEPT
iptables -P INPUT ACCEPT
