CentOS 6.x防火墙

service iptables status #查看防火墙状态
chkconfig iptables off #关闭防火墙

docker

uname -r
sudo yum update
yum -y install docker 或 curl -fsSL https://get.docker.com | bash -s docker --mirror aliyun
sudo systemctl start docker
sudo systemctl enable docker
docker version

docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
mkdir -p /usr/local/docker

MySQL8.0

useradd mysql
passwd mysql
#卸载mariadb
rpm -qa | grep mariadb
rpm -e --nodeps mariadb-libs-5.5.68-1.el7.x86_64
#安装依赖包
yum install libaio

cd /usr/local/
tar -zxvf mysql-8.0.31-el7-x86_64.tar.gz
mv /usr/local/mysql-8.0.31-el7-x86_64 /usr/local/mysql

mkdir -p /usr/local/mysql/data
chmod -R 777 /usr/local/mysql
chmod -R 777 /usr/local/mysql/data/
chown -R mysql:mysql /usr/local/mysql

/etc/my.cnf

cd /usr/local/mysql/bin
./mysqld --initialize --console
A temporary password is generated for root@localhost: sOOiI3.DmjXb
cd /usr/local/mysql/support-files
./mysql.server start
# ERROR! The server quit without updating PID file
#chmod -R 777 /usr/local/mysql
#chmod -R 777 /usr/local/mysql/data/
#./mysql.server start

cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
service mysqld restart #systemctl restart mysql.service
service mysqld status #systemctl status mysql.service

cd /usr/local/mysql/bin
./mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123456';
use mysql;
update user set user.Host='%' where user.User='root';
flush privileges;

quit
service mysqld restart #systemctl restart mysql.service

#ln -s /usr/local/mysql/bin/mysql /usr/bin

#开机自启
chkconfig --add mysqld
chkconfig --list
#chkconfig --level 345 mysqld on
reboot

#systemctl start mysql.service

SNMP

1、sudo yum install -y net-snmp，安装snmp；
2、sudo systemctl enable snmpd， 添加服务开机启动；
3、sudo systemctl start snmpd，启动服务；
4、sudo systemctl status snmpd，查看服务状态；
5、sudo vim /etc/snmp/snmpd.conf，编辑snmpd服务配置，
com2sec notConfigUser default public
改为
com2sec notConfigUser 192.168.20.32 public，允许ip为192.168.20.32的 管理主机如zabbix 访问 社区名称为 public
com2sec notConfigUser 127.0.0.1 public，允许本机访问用于测试 社区名称为 public

#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
view    systemview    included   .1

6、sudo systemctl restart snmpd，重启snmpd服务；
7、开放161端口并重载防火墙
sudo firewall-cmd --add-port=161/udp --permanent
sudo firewall-cmd --reload
8、sudo yum install -y net-snmp-utils，安装snmp工具；
9、snmpwalk -v 2c -c public 127.0.0.1 system，测试；

安装ss

cd usr/local/ss
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh
chmod +x shadowsocks.sh
./shadowsocks.sh 2>&1 | tee shadowsocks.log
加密方式：aes-256-cfb

安装tor

yum -y install tor

vi /etc/tor/torrc
SOCKSPort 0.0.0.0:89
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:81

systemctl start tor
/var/lib/tor/hidden_service/hostname为域名

curl ipinfo.io #本机实际IP
torsocks curl ipinfo.io #变化IP

安装keepalived

systemctl start chronyd #时钟同步
ip link set multicast on dev ens33 #网卡开启多播
--------------------------
apt-get install keepalived
yum install -y keepalived #据说1.3.5有坑
yum remove keepalived
rpm -qa|grep keepalived
keepalived -v
--------------------------
yum install -y curl gcc openssl-devel libnl3-devel net-snmp-devel libnfnetlink-devel

#https://www.keepalived.org/download.html
#wget https://www.keepalived.org/software/keepalived-2.2.4.tar.gz
cd /usr/local/keepalived
tar -zxvf keepalived-2.2.4.tar.gz
cd /usr/local/keepalived/keepalived-2.2.4
./configure --prefix=/usr/local/keepalived
make && make install

/usr/local/keepalived/etc/keepalived/keepalived.conf #配置修改
router_id=srv01/srv02
state=MASTER/BACKUP
interface=enp0s3
priority=100/90

chmod +x /usr/local/keepalived/check_nginx.sh
chmod +x /usr/local/keepalived/check_keepalived.sh

cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived

cd /usr/local/keepalived/sbin
./keepalived
ps -ef|grep keepalived
--------------------------
防火墙开启vrrp
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload
--------------------------
/var/log/message #日志文件