月份: 2018 年 8 月

發佈於

簡單的iptables規則

簡單的iptables規則

nano /etc/firewalld.service

# http port 80
iptables -A INPUT -i eth0 -p tcp –dport 80 -j ACCEPT

# https port 443
iptables -A INPUT -i eth0 -p tcp –dport 443 -j ACCEPT

# webmin port 10000
iptables -A INPUT -i eth0 -p tcp –dport 10000 -j ACCEPT

# vsftpd port 21
iptables -A INPUT -i eth0 -p tcp –dport 21 -j ACCEPT

# pptpd prot 1723
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT –to-source x.x.x.x
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

 

在/etc/rc.local建立開機執行

nano /etc/rc.local

sh /etc/firewalld.service

修改成可執行檔

chmod +x /etc/firewalld.service

發佈於

寶塔-BT-Linux 面板

寶塔-BT-Linux 面板

官網:https://www.bt.cn/

雖然官網宣稱128M的記憶體就可以安裝

但實際安裝過程卻會照成資料庫關閉

導致網站可能出現502錯誤

所以還是建議使用256M以上的記憶體比較好

操作系統:全新系統(支持CentOS、Debian、Ubuntu、Fedora、Deepin)

安裝方法:

使用root執行以下指令

CentOS:yum install -y wget && wget -O install.sh http://download.bt.cn/install/install.sh && sh install.sh

Debian:wget -O install.sh http://download.bt.cn/install/install-ubuntu.sh && bash install.sh

Ubuntu/Deepin:wget -O install.sh http://download.bt.cn/install/install-ubuntu.sh && sudo bash install.sh

Fedora:wget -O install.sh http://download.bt.cn/install/install.sh && bash install.sh

完成後依照畫面指示登入後台,預設後台連接埠為 :8888

發佈於

CentOS 7安裝fail2ban(iptables)

CentOS 7安裝fail2ban

1.yum

yum -y install fail2ban

2.setup

vi /etc/fail2ban/jail.conf

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
bantime = 86400

[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot, port=”pop3,pop3s,imap,imaps,smtp,smtps,submission,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時

[dovecot-auth]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-auth, port=”pop3,pop3s,imap,imaps,submission,465,sieve”, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
bantime = 36000 #單位為秒,這邊是10小時

[named-refused-udp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=udp]
logpath = /var/log/named/named_security.log
bantime = 30000000

[named-refused-tcp]
enabled = true
filter = named-refused
action = iptables-multiport[name=Named, port=”domain,953″, protocol=tcp]
logpath = /var/log/named/named_security.log
bantime = 30000000

fail2ban-client status 查看全部有幾組設定檔
fail2ban-client status dovecot 查看dovecot規則的狀態
查看目前防火牆阻擋的情況
iptables -L -n
iptables -S

誤判清除與開放:
若是某些原因造成誤鎖,可用iptables打開它

先查看規則鏈 iptables -n -L
Chain f2b-dovecot (1 references)
target prot opt source destination
REJECT all — 123.456.789.123 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all — 0.0.0.0/0 0.0.0.0/0

iptables -D f2b-dovecot -s 123.456.789.123 -j REJECT
這樣就移掉了

發佈於

CentOS 7安裝NGINX,PHP7,Mariadb

CentOS 7安裝NGINX,PHP7,Mariadb

1.add repo

vi /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2.

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

3. Update && Upgrade

yum -y update && yum -y upgrade

4.install

yum -y install nginx mariadb mariadb-server php-cli php-fpm php-gd php-curl php-mbstring php-mcrypt php-odbc php-mysqlnd php-xmlrpc php-xml php-pdo php-opcache tar bzip2

5.systemctrl enable

systemctl enable nginx && systemctl enable php-fpm && systemctl enable mariadb

6.systemctrl start

systemctl start nginx && systemctl start php-fpm && systemctl start mariadb

7.setup mariadb

/usr/bin/mysql_secure_installation

8.modify /etc/php-fpm.d/www.conf

vi /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

發佈於

CentOS 7安裝BBR

CentOS 7安裝BBR

rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum –enablerepo=elrepo-kernel install kernel-ml -y
awk -F\’ ‘$1==”menuentry ” {print i++ ” : ” $2}’ /etc/grub2.cfg

grub2-set-default 0

reboot

vi /etc/sysctl.conf
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

sysctl -p

lsmod | grep bbr

reboot