#!/bin/bash
# Install Python 2.7.2 alternatively
zypper install -t pattern sdk_c_c++ -y
zypper install readline-devel openssl-devel gmp-devel ncurses-devel gdbm-devel zlib-devel expat-devel libGL-devel tk tix gcc-c++ libX11-devel glibc-devel bzip2 tar tcl-devel tk-devel pkgconfig tix-devel bzip2-devel sqlite-devel autoconf db4-devel libffi-devel valgrind-devel -y
mkdir tmp
cd tmp
wget http://python.org/ftp/python/2.7.2/Python-2.7.2.tgz
tar xvfz Python-2.7.2.tgz
cd Python-2.7.2
./configure --prefix=/opt/python2.7 --enable-shared
make
make altinstall
echo "/opt/python2.7/lib" >> /etc/ld.so.conf.d/opt-python2.7.conf
ldconfig
cd ..
cd ..
rm -rf tmp
# source: https://stackoverflow.com/questions/10940296/installing-python-2-7-on-sles-11
系统安装
vm-ubuntu-fe安装过程
vm-ubuntu-fe安装过程
记录时间:2011-03-20
虚拟系统配置
- CPU:1
- 内存:512MB
- 硬盘:系统:2GB
- 服务:Apache2 + WordPress
提供服务
添加vm-ubuntu-fe虚拟机
在vmhost-ubuntu-vbox上初始化及设置虚拟机
mount /dev/sdb1 /mnt/backup/ su - vbox VBoxManage createvm --name vm-ubuntu-fe --register VBoxManage modifyvm vm-ubuntu-fe --cpus 1 --memory 512 --vram 8 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75 VBoxManage sharedfolder add vm-ubuntu-fe --name vbox-shared --hostpath /opt/vbox-shared --automount VBoxManage createhd --filename /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi --size 2000 --variant fixed VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-fe/vm-ubuntu-fe-system.vdi VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/ubuntu- 10.04 . 2 -server-amd64.iso VBoxManage showvminfo vm-ubuntu-fe VBoxHeadless -s vm-ubuntu-fe |
远程VRDP安装
使用Windows上的远程管理工具
- mstsc <vmhost-ubuntu-vbox-ip>:3389
- 选项:640*400, 16bit
- Installer boot menu
- Language: English
- <F6>: noacpi=on, nomodeset=on
- Install Ubuntu Server 10.04 (Rescue mode)
- Ubuntu installer main menu
- Choose language: English
- Location: other, Europe, Germany
- Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
- Configure the network
- DHCP: Auto
- hostname: vm-ubuntu-fe
- Partition disks
- GParted, manage entire disk
- Install the base system
- Set up users and passwords
- Fullname: admin 2cn.de
- Username: r
- Password: <password>
- Encrypt your home directory: No
- Configure the package manager
- HTTP proxy: 无
- Select and install software: No automatic updates
- Software selection
- OpenSSH Server
- Configuring grub-pc
- Install the GRUB boot loader to the MBR: Yes
- Restart
开启代理,更新系统,安装常用软件,删除不需要的软件包
sudo su export http_proxy=http: //www-cache.uni-mannheim.de:3128 apt-get update apt-get dist-upgrade apt-get autoremove apt-get install rcconf apt-get install python-software-properties add-apt-repository "deb http://archive.canonical.com/ lucid partner" apt-get remove ubuntu-docs apt-get remove mysql-common apt-get remove samba-common apt-get clean apt-get autoclean apt-get autoremove cat /etc/issue vi /etc/hosts |
127.0 . 0.1 vm-ubuntu-fe 10.20 . 18.104 vmhost-ubuntu-vbox |
为r和root用户设置top
添加nagios远程监测
apt-get install nagios-nrpe-server vi /etc/nagios/nrpe.cfg |
修改/添加
allowed_hosts=vmhost-ubuntu-vbox command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20 % -c 10 % -e |
/etc/init.d/nagios-nrpe-server restart |
避免意外删除文件等错误
vi /etc/bash.bashrc |
在vi里添加以下几行:
confirm() { echo -n "Please confirm $*? [N/y] " read -N 1 REPLY echo if test "$REPLY" = "y" -o "$REPLY" = "Y" ; then "$@" else echo "Cancelled by user" fi } alias rm= "rm -i" alias cp= "cp -i" alias mv= "mv -i" alias halt= "confirm halt" alias reboot= "confirm reboot" alias shutdown= "confirm shutdown" |
SSH设置
用PAM限制SSH用户
vi /etc/pam.d/sshd |
在vi里写入
auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail |
添加允许SSH的用户
vi /etc/ssh/ssh.allow |
在vi里写入
r |
10分钟后自动关闭空闲的SSH链接
vi /etc/ssh/sshd_config |
添加以下几行:
ClientAliveInterval 300 ClientAliveCountMax 2 UseDNS no |
安装VirtualBox Additions增强功能
在vmhost-ubuntu-vbox上:
su - vbox VBoxManage storageattach vm-ubuntu-fe --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso |
在vm-ubuntu-fe上:
sudo su mkdir /media/cdrom mount /dev/cdrom1 /media/cdrom apt-get install dkms /media/cdrom/VBoxLinuxAdditions.run --nox11 # 忽略没有视窗的错误:Installing the Window System drivers ...fail! addgroup r vboxrf |
安装apache2
apt-get install apache2 vi /etc/apache2/apache2.conf |
添加/修改行:
ServerName localhost Timeout 60 |
vi /etc/apache2/conf.d/security |
添加/修改行:
# Disable access, directory indexing and .htaccess files by default <Directory /> Options -Indexes AllowOverride None Order Deny,Allow Deny from all </Directory> # Disable system information be included in the HTTP responses ServerTokens Prod # Disable system information to be included in server-generated pages ServerSignature Off # Disable HTTP TRACE requests TraceEnable Off |
groupadd log usermod -a -G log www-data usermod -a -G log r mkdir /opt/logs mkdir /opt/logs/apache2 rm -R /var/log/apache2 ln -s /opt/logs/apache2 /var/log/apache2 chown -R www-data.log /opt/logs chmod -R g+w /opt/logs chmod -R o-r /opt/logs chmod -R o-x /opt/logs |
安装WordPress
apt-get install mysql-server apt-get install php5 phpmyadmin adduser --system --shell /bin/sh --gecos 'wordpress admin' --group --disabled-password --home /opt/wordpress wpadmin usermod -a -G log wpadmin usermod -a -G wpadmin www-data mkdir /opt/wordpress cd /opt/wordpress wget http: //wordpress.org/latest.tar.gz tar -zxvf latest.tar.gz chown -R www-data.www-data wordpress ln -s /opt/wordpress/wordpress /var/www/wordpress mysql -u root -p |
CREATE DATABASE wordpress; CREATE USER wpadmin; SET PASSWORD FOR wpadmin = PASSWORD( "<PASSWORD>" ); GRANT ALL PRIVILEGES ON wordpress.* TO "wpadmin" @ "localhost" IDENTIFIED BY "<PASSWORD>" ; FLUSH PRIVILEGES; EXIT |
cp /opt/wordpress/wordpress/wp-config-sample.php /opt/wordpress/wordpress/wp-config.php vi /opt/wordpress/wordpress/wp-config.php |
define( 'DB_NAME' , 'wordpress' ); define( 'DB_USER' , 'wpadmin' ); define( 'DB_PASSWORD' , '<PASSWORD>' ); # https: //api.wordpress.org/secret-key/1.1/salt/ <SALT> |
- http://vm-ubuntu-fe/wordpress
- Site Title: wordpress@2cn.de
- Username: admin
- Your E-mail: china-portal@gmx.net
设置固定IP
vi /etc/network/interfaces |
删除以下dhcp的设置
auto eth0 iface eth0 inet dhcp |
添加IP设置
auto eth0 iface eth0 inet static address 192.168 . 178.111 netmask 255.255 . 255.0 network 192.168 . 178.0 broadcast 192.168 . 178.255 gateway 192.168 . 178.1 |
vi /etc/resolv.conf |
search vm.2cn.de domain vm.2cn.de nameserver 192.168 . 178.1 nameserver 134.155 . 96.53 |
vi /etc/hosts |
127.0 . 0.1 vm-ubuntu-fe 127.0 . 0.1 vm-ubuntu-fe.vm.2cn.de 192.168 . 168.11 vmhost-ubuntu-vbox 192.168 . 168.11 vmhost-ubuntu-vbox.2cn.de |
/etc/init.d/networking restart |
卸载dhcp
apt-get remove dhcp-client3 |
TODOs
- http://maketecheasier.com/shrink-your-virtualbox-vm/2009/04/06 (jobs: cleanup, backup)
- ftp server / webdav
- Website
- http://www.uploadify.com/documentation/
- http://www.plupload.com/example_all_runtimes.php (http://min.us)
- http://mediaelementjs.com/
- http://tympanus.net/codrops/2010/09/08/full-page-image-gallery/
- http://www.net-and-law.de/de/netlaw/webimpressum/assistent.php
- http://serverfault.com/questions/25423/apache-virtualhost-with-mod-proxy-and-ssl
- http://blog.janjonas.net/2010-09-25/ubuntu-10_04-setup-apc-php_5_3-apache2
- caching
- mod_expires – generates content expiration and cache control headers
- mod_deflate – compresses content before it is delivered to the client
- mod_mime – associates the requested file with its type and behavior
- mod_dir–serves directory index files
- mod_rewrite–is used to support Search Engine Friendly URL’s
- mod_authz_host–is required to limit access to specific files
- mod_authz_user–might be required in a staging environment to setup password authentication, but on a live site it is not necessary
vm-winxp-work虚拟机安装
vm-winxp-work虚拟机安装
记录时间:2011-02-19
虚拟系统配置
- CPU:1
- 内存:512MB
- 显卡:32MB
- 硬盘:系统:2GB
- 服务:Apache2 + WordPress
提供服务
- 迅雷下载:HTTP, FTP, BT, eMule
- Team Viewer远程控制
在vmhost-ubuntu-vbox上初始化及虚拟机配置
su - vbox VBoxManage createvm --name vm-winxp-work --register VBoxManage modifyvm vm-winxp-work --cpus 1 --memory 512 --vram 32 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75 VBoxManage sharedfolder add vm-winxp-work --name vbox-shared --hostpath /opt/vbox-shared --automount VBoxManage createhd --filename /opt/vbox/vm-winxp-work/vm-winxp-work-system.vdi --size 5000 --variant fixed VBoxManage storagectl vm-winxp-work --name "IDE Controller" --add ide VBoxManage storageattach vm-winxp-work --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-winxp-work/vm-winxp-work-system.vdi VBoxManage storageattach vm-winxp-work --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/windows_xp_x86_sp3 .iso VBoxManage showvminfo vm-winxp-work VBoxHeadless -s vm-winxp-work |
安装系统
- 按光盘安装步骤正常安装
- 控制面板 – 切换到经典模式 – 用户账户
- 选择Administrator
- 添加密码
- 添加账户:r
- 添加密码
- 换r账户登录
- 显示 – 屏保 – 墙纸 – 电源
- 声音 – 静音
- 系统属性 – 计算机名
- 系统属性 – 高级 – 性能
- 系统属性 – 远程 – 系统还原
- 资源管理器 – 文件夹选项
- 任务管理器
- 安装360
- 用360优化系统:软件 – 开启 – 服务 – 插件 – 系统更新
- 安装搜狗拼音
加速NTFS
fsutil behavior set disable8dot3 1 fsutil behavior set disablelastaccess 1 fsutil behavior set mftzone 2 |
转化成SATA
su - vbox VBoxManage createhd --filename /opt/vbox/vm-winxp-work/vm-winxp-work-data.vdi --size 50000 --variant fixed VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 1 --device 0 --type hdd --medium /opt/vbox/vm-winxp-work/vm-winxp-work-data.vdi |
在vm-winxp-work里安装Intel Matrix Storage Manager驱动 (ICH8M-E/M SATA AHCI)
su - vbox vi /opt/vbox/vm-winxp-work/vm-winxp-work.vbox |
删除IDE信息
VBoxManage storageattach vm-winxp-work --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-winxp-work/vm-winxp-work-system.vdi |
把vm-winxp-work-data.vdi盘格式化成NTFS(64KB)D盘
安装VirtualBox Additions增强功能
VBoxManage storageattach vm-winxp-work --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso |
在vm-winxp-work通过DVD安装
(手动添加共享文件夹):在资源管理器里把vbox-shared映射到Z盘上
net use z: \\vboxsvr\vbox-shared /PERSISTENT:yes |
删除IDE Controller
VBoxManage storagectl vm-winxp-work --name "IDE Controller" --remove |
安装软件
- 迅雷5绿色免安装版
- WinRAR绿色版
- 安装Liberkey
- 安装Teamviewer
- 设置CCleaner v3.04.1348
- 选择CCleaner里的所有选项
- 安装Firefox插件
- user agent switcher
- http resource test
- easylink
设置任务计划
- 设置CCleaner
- 设置任务计划为:每天02:00
- 设置运行为:C:\WINDOWS\sdelete.exe -c c:/
- 设置Defraggler
- 设置任务计划为:每天03:00
- 设置运行为:df.exe C: /large . 20
TODOs
- 压缩下载完的文件并移到vbox-shared文件夹里
for
/d %X in (*)
do
“c:\Program Files\
7
-Zip\7z.exe” a “%X.7z” “%X\” -mx=
9
-ms=on -md=32m -mfb=
64
-m0=lzma
vm-ubuntu-build安装过程
vm-ubuntu-build安装过程
记录时间:2011-02-16
虚拟系统配置
- CPU:1
- 内存:1024MB
- 硬盘:系统:2GB, 软件+数据: 50GB
提供服务
服务器 | 服务 | 软件 | 网址 |
---|---|---|---|
Apache2 | 前端,http代理,ssl代理 | Apache2 2.2.14 (ssl, proxy, proxy-http) | |
Apache2 | 软件配置管理 | Subversion 2.3.0, Apache2 2.2.14 (dav), WebSVN 2.3.0 | https://vm-ubuntu-build/svn/2cn.de, |
Tomcat6 | 仓库管理 | Sonatype Nexus 1.9.0.1 | http://vm-ubuntu-build/nexus |
Tomcat6 | 持续集成 | Oracle Hudson 1.3.96 | http://vm-ubuntu-build/hudson |
在vmhost-ubuntu-vbox添加vm-ubuntu-build虚拟机
绑定优盘,配置,初始化,启动虚拟机
mount /dev/sdb1 /mnt/backup/ su - vbox VBoxManage createvm --name vm-ubuntu-build --register VBoxManage modifyvm vm-ubuntu-build --cpus 1 --memory 1024 --vram 8 --acpi on --boot1 dvd --boot2 disk --audio alsa --audiocontroller ac97 --usb on --usbehci on --nic1 bridged --bridgeadapter1 eth0 --vrde on --vrdevideochannel on --vrdevideochannelquality 75 VBoxManage sharedfolder add vm-ubuntu-build --name vbox-shared --hostpath /opt/vbox-shared --automount VBoxManage createhd --filename /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-system.vdi --size 2000 --variant fixed VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-system.vdi VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 1 --device 0 --type dvddrive --medium /mnt/backup/setup/system/ubuntu- 10.04 . 2 -server-amd64.iso VBoxManage showvminfo vm-ubuntu-build VBoxHeadless -s vm-ubuntu-build |
远程VRDP安装
使用Windows上的远程管理工具
- mstsc <vmhost-ubuntu-vbox-ip>:3389
- 选项:640*400, 16bit
安装ubuntu,硬盘分区,安装OpenSSH
- Installer boot menu
- Language: English
- <F6>: noacpi=on, nomodeset=on
- Install Ubuntu Server 10.04 (Rescue mode)
- Ubuntu installer main menu
- Choose language: English
- Location: other, Europe, Germany
- Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
- Configure the network
- DHCP: Auto
- hostname: vm-ubuntu-build
- Partition disks
- GParted, manage entire disk
- Install the base system
- Set up users and passwords
- Fullname: admin vm-ubuntu-build
- Username: r
- Password: <password>
- Encrypt your home directory: No
- Configure the package manager
- HTTP proxy: 无
- Select and install software: No automatic updates
- Software selection
- OpenSSH Server
- Configuring grub-pc
- Install the GRUB boot loader to the MBR: Yes
- Restart
开启代理,更新系统,安装常用软件,删除不需要的软件包
sudo su export http_proxy=http: //www-cache.uni-mannheim.de:3128 apt-get update apt-get dist-upgrade apt-get autoremove apt-get install rcconf apt-get install python-software-properties add-apt-repository "deb http://archive.canonical.com/ lucid partner" aptitude install sun-java6-jdk apt-get remove ubuntu-docs apt-get remove mysql-common apt-get remove samba-common apt-get clean apt-get autoclean apt-get autoremove cat /etc/issue vi /etc/hosts |
在vi里添加设置
127.0 . 0.1 vm-ubuntu-build |
为r和root用户配置top命令
top |
添加nagios远程监测
apt-get install nagios-nrpe-server vi /etc/nagios/nrpe.cfg |
修改/添加
allowed_hosts=vmhost-ubuntu-vbox command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20 % -c 10 % -e |
/etc/init.d/nagios-nrpe-server restart |
避免意外删除文件等错误
vi /etc/bash.bashrc |
在vi里添加以下几行:
confirm() { echo -n "Please confirm $*? [N/y] " read -N 1 REPLY echo if test "$REPLY" = "y" -o "$REPLY" = "Y" ; then "$@" else echo "Cancelled by user" fi } alias rm= "rm -i" alias cp= "cp -i" alias mv= "mv -i" alias halt= "confirm halt" alias reboot= "confirm reboot" alias shutdown= "confirm shutdown" |
SSH设置
用PAM限制SSH用户
vi /etc/pam.d/sshd |
在vi里写入
auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail |
添加允许SSH的用户
vi /etc/ssh/ssh.allow |
在vi里写入
r vbox |
设置10分钟后自动关闭空闲的SSH链接
vi /etc/ssh/sshd_config |
添加以下几行:
ClientAliveInterval 300 ClientAliveCountMax 2 UseDNS no |
为vm-ubuntu-build添加data盘
添加data盘(vmhost-ubuntu-vbox)
VBoxManage createhd --filename /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-data.vdi --size 50000 VBoxManage storageattach vm-ubuntu-build --storagectl "SATA Controller" --port 1 --device 0 --type hdd --medium /opt/vbox/vm-ubuntu-build/vm-ubuntu-build-data.vdi VBoxHeadless startvm vm-ubuntu-build |
创建ext4分区
sudo su parted -a optimal /dev/sdb (parted) mklabel (parted) mkpart primary ext4 1 100 % (parted) print (parted) quit mkfs.ext4 /dev/sdb1 |
添加到虚拟机的fstab里
ls -l /dev/disk/by-uuid # uuid sdb1: e42e6040-0f94- 4694 -88cc-1a1d687cc48e vi /etc/fstab # add line: UUID=e42e6040-0f94- 4694 -88cc-1a1d687cc48e /opt ext4 defaults 0 0 mount -a |
安装VirtualBox Additions增强功能
在vmhost-ubuntu-vbox上绑定VBoxGuestAdditions.iso:
su - vbox VBoxManage storagectl vm-ubuntu-build --name "IDE Controller" --add ide VBoxManage storageattach vm-ubuntu-build --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium /usr/share/virtualbox/VBoxGuestAdditions.iso |
在vm-ubuntu-build上安装:
sudo su mkdir /media/cdrom mount /dev/cdrom1 /media/cdrom apt-get install dkms /media/cdrom/VBoxLinuxAdditions.run --nox11 # 忽略视窗错误:Installing the Window System drivers ...fail! addgroup r vboxrf |
(手动添加共享文件夹)
mkdir /media/vbox-shared mount -t vboxsf vbox-shared /media/vbox-shared |
删除IDE Controller
VBoxManage storagectl vm-ubuntu-build --name "IDE Controller" --remove |
安装subversion
安装subversion
安装apache2,配置apache2
sudo su apt-get install apache2 a2enmod proxy a2enmod proxy_http vi /etc/apache2/apache2.conf |
添加/修改行:
ServerName localhost Timeout 60 MaxKeepAliveRequests 10 StartServers 1 MinSpareServers 1 MaxSpareServers 1 MaxClients 10 |
vi /etc/apache2/conf.d/security |
添加/修改行:
<Directory /> Options -Indexes AllowOverride None Order Deny,Allow Deny from all </Directory> ServerTokens Prod ServerSignature Off TraceEnable Off |
安装subversion
addgroup subversion usermod -a -G subversion www-data usermod -a -G subversion r apt-get install subversion libapache2-svn svnadmin create --fs-type fsfs /opt/svn/2cn.de chown -R www-data.subversion /opt/svn chmod -R 770 /opt/svn htpasswd -c /etc/subversion/passwd kley |
修改/etc/subversion/authz文件
[groups] admins = kley developers = kley guests = kley [/] @admins = rw @developers = r [2cn.de:/] @admins = rw @developers = rw |
修改/etc/apache2/mods-available/dav_svn.conf文件
<Location /svn> DAV svn SVNPath /opt/svn AuthType Basic AuthName "2cn.de repository" AuthUserFile /etc/subversion/passwd AuthzSVNAccessFile /etc/subversion/authz Require valid-user </Location> |
配置记录文件
groupadd log usermod -a -G log www-data usermod -a -G log r mkdir /opt/logs mkdir /opt/logs/build mkdir /opt/logs/apache2 mkdir /opt/logs/svn rm -R /var/log/apache2 ln -s /opt/logs/apache2 /var/log/apache2 chown -R build.log /opt/logs chmod -R g+w /opt/logs chmod -R o-r /opt/logs chmod -R o-x /opt/logs vi /etc/logrotate.d/svn |
/opt/logs/svn/*.log { weekly missingok rotate 52 compress delaycompress notifempty create 640 root adm sharedscripts postrotate if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then /etc/init.d/apache2 reload > /dev/ null fi endscript } |
配置ssl
a2enmod ssl |
在/etc/apache2/ports.conf里加入以下行
<IfModule mod_ssl.c> NameVirtualHost *: 443 Listen 443 </IfModule> |
apt-get install ssl-cert mkdir /etc/apache2/ssl chmod 600 /etc/apache2/ssl vi /usr/share/ssl-cert/ssleay.cnf |
修改default_bits值
default_bits = 8192 |
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/vm-ubuntu-build_apache.pem |
安装websvn
apt-get install websvn # 选择apache2作为服务器 # svn文件夹:/opt/svn/2cn.de |
清空/etc/apache2/mods-available/dav_svn.conf里的内容
添加到/etc/apache2/sites-available/websvn文件里
<VirtualHost *: 443 > ServerAdmin webmaster @localhost Alias /websvn /usr/share/websvn <Directory /usr/share/websvn> DirectoryIndex index.php Options FollowSymLinks Order allow,deny Allow from all AuthType Basic AuthName "2cn.de WebSVN Subversion Repository" Require valid-user AuthUserFile /etc/subversion/passwd <IfModule mod_php4.c> php_flag magic_quotes_gpc Off php_flag track_vars On </IfModule> </Directory> <Location /svn/2cn.de> Order allow,deny Allow from all DAV svn SVNPath /opt/svn/2cn.de AuthType Basic AuthName "2cn.de repository" AuthUserFile /etc/subversion/passwd AuthzSVNAccessFile /etc/subversion/authz Require valid-user </Location> SSLEngine on SSLCertificateFile /etc/apache2/ssl/vm-ubuntu-build_apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM ErrorLog /opt/logs/svn/error.log LogLevel error CustomLog /opt/logs/svn/access.log combined </VirtualHost> |
清除/etc/websvn/apache.conf里的所有行
在/etc/websvn/svn_deb_conf.inc里更改2cn.de的标题
a2ensite websvn |
SVN备份
创建备份文件夹,配置备份脚本
mkdir /opt/backup mkdir /opt/build/scripts vi /opt/build/scripts/svn_2cnde_full-backup.sh |
#! /bin/sh svnadmin dump /opt/svn/2cn.de > /tmp/svn_2cnde_full-backup.dump rm -f /opt/backup/svn_2cnde_full-backup.dump cp /tmp/svn_2cnde_full-backup.dump /opt/backup/svn_2cnde_full-backup.dump |
chmod +x svn_2cnde_full-backup.sh vi /opt/build/scripts/svn_2cnde_inc-backup.sh |
#!/usr/bin/perl use strict; use warnings; my $repo = '/opt/svn/2cn.de' ; my $local_dir = '/tmp' ; my $savedir = '/opt/backup' ; my $last_saved_file = $savedir. '/last_saved.txt' ; open(LAST_SAVED, '<' , $last_saved_file); my $last_saved = <LAST_SAVED>; chomp $last_saved; close(LAST_SAVED); my $head = `svnlook youngest $repo`; chomp $head; if ($last_saved == $head) { exit(); } my $from = $last_saved + 1 ; my $to = $head; my $dumpfile = sprintf( '/svn-%05u_%05u.svndump' , $from, $to ); my $local_dump_file = $local_dir.$dumpfile; my $command = sprintf( 'svnadmin dump -q -r%u:%u --incremental %s > %s' , $from, $to, $repo, $local_dump_file ); system($command); if (grep /^Revision-number: $to/, `grep --text ^Revision-number: $local_dump_file`) { open(LAST_SAVED, '>' , $last_saved_file); print LAST_SAVED $to, "\n" ; close(LAST_SAVED); system( 'gzip ' .$local_dump_file); chdir($local_dir); use File::Basename; system( 'md5sum ' .basename($local_dump_file). '.gz >> ' .$savedir. '/MD5SUMS' ); } my $mv_command = sprintf( 'mv %s %s' , $local_dump_file. '.gz' , $savedir.$dumpfile. '.gz' ); system($mv_command); |
chmod +x /opt/build/scripts/svn_2cnde_inc-backup.sh crontab -e |
0 1 * * * /opt/build/scripts/svn_2cnde_inc-backup.sh 0 2 1 * * /opt/build/scripts/svn_2cnde_full-backup.sh |
安装tomcat
apt-get install tomcat6 tomcat6-user apt-get install libtcnative- 1 apt-get install sun-java6-jdk update-alternatives --config java update-alternatives --config javac # 选择/usr/lib/jvm/java- 6 -sun/jre/bin/java apt-get remove openjdk- 6 -jdk apt-get remove openjdk- 6 -jre apt-get remove openjdk- 6 -jre-headless apt-get remove openjdk- 6 -jre-lib update-rc.d -f tomcat6 remove adduser --system --shell /bin/sh --gecos 'build user' --group --disabled-password --home /opt/build build cd /opt/build su - -c "tomcat6-instance-create tomcat" build usermod -a -G build tomcat6 usermod -a -G log tomcat6 usermod -a -G log build usermod -a -G build r rm -R /var/log/tomcat6 ln -s /opt/logs/build /var/log/tomcat6 ln -s /etc/tomcat6/policy.d /opt/build/tomcat/conf/policy.d |
vi /etc/logrotate.d/build |
/var/log/tomcat6/*.log { copytruncate daily missingok rotate 30 compress delaycompress missingok size 10M } |
chown -R build.build /opt/build |
修改/etc/default/tomcat6
TOMCAT6_USER=build TOMCAT6_GROUP=build JAVA_HOME=/usr/lib/jvm/java- 6 -sun CATALINA_BASE=/opt/build/tomcat JAVA_OPTS= "${JAVA_OPTS} -server -DHUDSON_HOME=/opt/build/hudson-work -Djava.awt.headless=true -Xmx512M -Xms512M -XX:MaxPermSize=128m -XX:+UseParallelOldGC -XX:+DisableExplicitGC -XX:+UseCompressedOops -XX:+AggressiveOpts -XX:NewRatio=2 -XX:+UseCompressedStrings -XX:+UseStringCache -XX:+OptimizeStringConcat" JAVA_OPTS= "${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false" export LD_LIBRARY_PATH=/usr/lib:$LD_LIBRARY_PATH |
修改/opt/build/tomcat/conf/server.xml
<Connector port= "8080" protocol= "HTTP/1.1" connectionTimeout= "20000" URIEncoding= "UTF-8" redirectPort= "8443" compression= "off" acceptCount= "10" maxKeepAliveRequests= "10" minSpareThreads= "4" maxSpareThreads= "4" maxThreads= "4" /> |
添加到/etc/tomcat6/policy.d/04webapps.policy里
grant codeBase "file:/opt/build/hudson-work/-" { permission java.security.AllPermission; permission java.io.FilePermission "/opt/build/hudson-work/-" , "read,write,delete" ; permission java.io.FilePermission "/opt/build/tomcat/webapps/hudson/-" , "read,write,delete" ; }; grant codeBase "file:/opt/build/tomcat/webapps/hudson/-" { permission java.security.AllPermission; permission java.io.FilePermission "/opt/build/hudson-work/-" , "read,write,delete" ; }; grant codeBase "file:/opt/build/sonatype-work/-" { permission java.security.AllPermission; permission java.io.FilePermission "/opt/build/sonatype-work/-" , "read,write,delete" ; permission java.io.FilePermission "/opt/build/tomcat/webapps/nexus/-" , "read,write,delete" ; }; grant codeBase "file:/opt/build/tomcat/webapps/nexus/-" { permission java.security.AllPermission; permission java.io.FilePermission "/opt/build/sonatype-work/-" , "read,write,delete" ; }; |
update-rc.d tomcat6 defaults mkdir /opt/build/webapps chown -R build.log /opt/logs chown -R build.build /opt/build chmod -R o-r /opt/build chmod -R o-x /opt/build chmod -R g+w /opt/build chmod -R g+w /opt/logs chmod -R o-r /opt/logs chmod -R o-x /opt/logs |
安装nexus
cd /opt/build/webapps wget http: //nexus.sonatype.org/downloads/nexus-webapp-1.9.0.1.war ln -s /opt/build/webapps/nexus-webapp- 1.9 . 0.1 .war /opt/build/tomcat/webapps/nexus.war su - build mkdir /opt/build/.m2 vi /opt/build/.m2/settings.xml |
< settings > < mirrors > < mirror > <!--This sends everything else to /public --> < id >nexus</ id > < mirrorOf >*</ mirrorOf > < url ></ url> </ mirror > </ mirrors > < profiles > < profile > < id >nexus</ id > <!--Enable snapshots for the built in central repo to direct --> <!--all requests to nexus via the mirror --> < repositories > < repository > < id >central</ id > < url ></ url> < releases >< enabled >true</ enabled ></ releases > < snapshots >< enabled >true</ enabled ></ snapshots > </ repository > </ repositories > < pluginRepositories > < pluginRepository > < id >central</ id > < url ></ url> < releases >< enabled >true</ enabled ></ releases > < snapshots >< enabled >true</ enabled ></ snapshots > </ pluginRepository > </ pluginRepositories > </ profile > </ profiles > < activeProfiles > <!--make the profile active all the time --> < activeProfile >nexus</ activeProfile > </ activeProfiles > </ settings > |
- 在浏览器里键入http://<vm-ubuntu-build>:8080/nexus
- 登录admin账户:用户名:admin,密码:admin123
- 在Security里修改admin和deployment用户的密码,邮件及其他信息
- 创建索引:
- 选择Repositories
- 在Maven Central的Configuration里把Download Remote Indexes改为True, 在Mirrors里添加http://uk.maven.org/maven2
- 在Google Code, Codehaus Snapshots和java.net的Configuration里把Download Remote Indexes改为True
- nexus配置
- SMTP Settings
- SMTP Settings: mail.gmx.net:465, SSL/TLS, Normal Password
- SMTP Settings
安装hudson
apt-get install maven2 apt-get install ant ant-optional junit cd /opt/build/webapps wget http: //java.net/projects/hudson/downloads/download/war/hudson-1.396.war ln -s /opt/build/webapps/hudson- 1.396 .war /opt/build/tomcat/webapps/hudson.war vi /opt/build/tomcat/bin/setenv.sh |
export HUDSON_HOME=/opt/build/hudson-work export MAVEN_HOME=/usr/share/maven2 export ANT_HOME=/usr/share/ant |
- hudson设置
- sign up => 创建*admin*用户
- Manage Hudson => Configure System => # of executors = 1
- Manage Hudson => Configure System => Enable Security
- 取消*Allow users to sign up*
- Security Realm => Hudson’s own user database
- Authorization => Matrix-based security
- 加入admin => 为admin加入所有权限
- 取消Anonymous的所有权限
- 取消Help make Hudson better by …
安装Apache2代理
a2enmod proxy a2enmod proxy_http vi /etc/apache2/sites-available/ default |
添入以下行:
<IfModule mod_proxy.c> ProxyPreserveHost On ProxyPass /hudson http: //localhost:8080/hudson ProxyPassReverse /hudson http: //localhost:8080/hudson <Proxy http: //localhost:8080/hudson/*> Order deny,allow Allow from all </Proxy> <Location /hudson> Order deny,allow Allow from all </Location> ProxyPass /nexus http: //localhost:8080/nexus ProxyPassReverse /nexus http: //localhost:8080/nexus <Proxy http: //localhost:8080/nexus/*> Order deny,allow Allow from all </Proxy> <Location /nexus> Order deny,allow Allow from all </Location> </IfModule> |
设置固定IP
vi /etc/network/interfaces |
删除dhcp设置
auto eth0 iface eth0 inet dhcp |
添加IP设置
auto eth0 iface eth0 inet static address 192.168 . 178.111 netmask 255.255 . 255.0 network 192.168 . 178.0 broadcast 192.168 . 178.255 gateway 192.168 . 178.1 |
vi /etc/resolv.conf |
search vm.2cn.de domain vm.2cn.de nameserver 192.168 . 178.1 nameserver 134.155 . 96.53 |
vi /etc/hosts |
127.0 . 0.1 vm-ubuntu-build 127.0 . 0.1 vm-ubuntu-build.vm.2cn.de 192.168 . 168.11 vmhost-ubuntu-vbox 192.168 . 168.11 vmhost-ubuntu-vbox.2cn.de |
/etc/init.d/networking restart |
卸载dhcp
apt-get remove dhcp-client3 |
TODOs
- Apache https -> tomcat http (nexus)
- http://mondotech.blogspot.com/2010/11/ufw-block-outgoing-traffic.html
- http://wrapper.tanukisoftware.com/doc/english/integrate-start-stop-nix.html
- http://maketecheasier.com/shrink-your-virtualbox-vm/2009/04/06 (jobs: cleanup, backup)
Java编程环境安装(win32)
Java编程环境安装(win32)
- 注意:以下软件中必须使用相同的svn版本(如:TortoiseSVN, svn, Subversive)
Oracle JDK
- 下载网站:http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
- Java SE Development Kit 6u24 (Windows)
- 安装JDK
- 设置JAVA_HOME环境函数:例如JAVA_HOME=%ProgramFiles%\Java\jdk<VERSION>
Subversion Client
- TortoiseSVN下载网站:http://tortoisesvn.net/downloads.html
- 下载TortoiseSVN-1.6.12.20536-win32-svn-1.6.15.msi
- 安装TortoiseSVN
- SVN下载网站:
- 安装SVN并把SVN的位置加入进PATH环境函数中
SpringSource Tool Suite (Eclipse)
- 下载网站:http://www.springsource.com/downloads/sts
- 下载http://download.springsource.com/release/STS/2.5.2/dist/e3.6/springsource-tool-suite-2.5.2.RELEASE-e3.6.1-win32.zip
- 设置JAVA_DEV_ENV环境函数:JAVA_DEV_ENV=D:\java-dev-env
- 把SpringSource工具集里的maven, tc Server, sts, spring roo等文件夹解压缩到D:\java-dev-env
- 把%JAVA_DEV_ENV%\maven-<VERISON>\bin加入进PATH环境函数中
- 在maven里的settings.xml文件里加入nexus-repo的地址
STS-Eclipse设置
- 添加以下插件
- Help => Install new software => Eclipse Marketplace
- Help => Eclipse Marketplace
- Subclipse
- FindBugs Eclipse Plugin
- EclEmma Java Code Coverage
- Checkstyle Plug-in
- Jadclipse
- dot4zest
- (WikiText)
- 设置
- General => 选择*Show heap status*
- General => Content Types => Text => Default encoding = UTF-8 => 点击 Update
- General => Editors => Text Editors => Undo history size = 2000
- General => Editors => Text Editors => 选择 Insert spaces for tabs
- General => Editors => Text Editors => 选择 Show line numbers
- General => Editors => Text Editors => Spelling => 关闭 Enable spell checking
- General => Startup and Shutdown => 关闭 Atlassian Connector, Roo Integration, Mylyn Tasks, Mylyn Team
- General => Workspace => 关闭 Build automatically
- General => Workspace => Text file encoding => Other = UTF-8
- General => Workspace => New text file line delimiter => Other = Unix
- General => Workspace => Days to keep files = 28
- General => Workspace => Maximum entries per file = 1500
- General => Workspace => Maximum file size (MB) = 32
- Ant => Editor => Formatter => 关闭 Use tab character instead of spaces
- Ant => Editor => Formatter => Maximum line width (characters) = 160
- Ant => Editor => Formatter => 选择 Wrap long element tags
- Data Management => SQL Development => Execution Plan View Options => Export encoding = UTF-8
- Install/Update => 选择 Show all versions of available software
- Java => Code Style => Clean Up => 导入 %SCM%/etc/conf/eclipse/java_code-style_clean-up_profile.xml
- Java => Code Style => Code Templates => 导入 %SCM%/etc/conf/eclipse/java_code-style_code-templates.xml
- Java => Code Style => Formatter => 导入 %SCM%/etc/conf/eclipse/java_code-style_formatter_profile.xml
- Java => Code Style => Organize Imports => 导入 %SCM%/etc/conf/eclipse/java_code-style_import-order.importorder
- Java => Compiler => Errors/Warnings
- Code style: 把除Non-externalized strings以外所有的选项设置为 Warning
- Potential programming problems: 把所有的选项设置为 Warning
- Name shadowing and conflicts: 把所有的选项设置为 Warning
- Java => Compiler => Javadoc => 把所有的选项设置为 Warning
- Java => Debug => Debugger timout = 30000
- Java => Debug => Launch timout = 60000
- Java => Editor => 选择 Light bulb for quick assists
- Java => Editor => Save Actions => 启用 Perform the selected actions on save*并选择 *Organize imports
- Java => Editor => Typing => 选择 Semicolons, Braces*和 *Escape text when pasting into a string literal
- JavaScript => Code Style => 选择 Automatically add comments for new functions and types
- JavaScript => Code Style => Clean Up => 导入 %SCM%/etc/conf/eclipse/javascript_code-style_clean-up_profile.xml
- JavaScript => Code Style => Code Templates => 导入 %SCM%/etc/conf/eclipse/javascript_code-style_code-templates.xml
- JavaScript => Code Style => Formatter => 导入 %SCM%/etc/conf/eclipse/javascript_code-style_formatter_profile.xml
- JavaScript => Editor => 选择 Light bulb for quick assist
- JavaScript => Editor => Typing => 选择 Semicolons, Braces*和 *Escape text when pasting into a string literal
- JavaScript => Validator => Errors/Warinings => 启用 Enable JavaScript semantic validation
- Maven => 选择 Debug Output, Download Artifact Sources, Download Artifact JavaDoc
- Maven => Installations => 添加 %JAVA_DEV_ENV%\maven-<VERSION>
- Maven => Installations => 设置 Global settings = %SCM%/etc/conf/eclipse/maven_global_settings.xml
- Maven => POM Editor => 选择 Show advanced tabs in the POM Editor
- Remote Systems => Files => 选择 Show hidden files
- Run/Debug => Console
- Fixed width console = 160
- Console buffer size = 1000000
- Displayed tab width = 4
- Run/Debug => Launching
- 取消 Remove terminated launches when a new launch is created
- 选择 Always launch the previously launched application
- Server => Launching => 取消 Automatically publish when starting servers
- Spring => Dashboard => 取消 Show Dashboard On Startup
- Spring => User Agent Analysis => 选择 Disable UAA
- Tasks => Synchronization => 取消 Synchronize with repositories
- Team => 选择 Show all synchronization information
- Team => SVN => 选择 show revision comparisons
- Java => FindBugs => analysis effort = maximum
- Terminal
- Terminal buffer lines = 1000000
- Serial timeout = 30
- Network timeout = 30
- Web => CSS Files => Encoding = UTF-8
- Web => CSS Files => Editor
- Line width = 160
- 选择 Indent using spaces
- Indentation size = 4
- Web => HTML Files => Encoding = UTF-8
- Web => HTML Files => Editor
- Line width = 160
- 选择 Align final bracket
- 选择 Indent using spaces
- Indentation size = 4
- Web => JSP Files => Encoding = UTF-8
- XML => XML Files => Editor
- Line width = 160
- 取消 Join lines
- 选择 Indent using spaces
- Indentation size = 4
- XML => XML Files => Validation => 选择 Enable markup validations
vmhost-ubuntu-vbox虚拟主机安装
vmhost-ubuntu-vbox虚拟主机安装
记录时间:2011-02-13
硬件
- Samsung R540 i3-380M JA05
- Intel Core i3-380M 2x 2,53GHz
- 4096MB DDR3 Ram PC3 8500 (1066 MHz)
- 320GB S-ATA HDD, 5400rpm
- Ethernet: 10/100/1000-MBit/s
- Wireless LAN 802.11 B/G/N
- 15,6″, 39cm, 1366 x 768 Pixel (WXGA TFT)
- Intel® HD Graphics, ~1023MB
- 3xUSB2.0, VGA, HDMI, MMC, SDHC, SDXC, SD
- Webcam u. int. Mikro, DVD Brenner
- Windows 7 Home Premium 64 Bit
软件
- 系统:Ubuntu 10.04.2 Lucid LTS 64bit
- 下载地址:ubuntu-10.04.2
- USB安装盘制作:Universal-USB-Installer-1.8.3.3.exe ***
color: Color value is invalidUSB启动安装错误
=> 用CD-ROM安装盘安装
分区
电脑启动时在Samsung恢复系统里选择高级选项:
- 把硬盘参照以下列表分区
- sda1: RECOVERY (ntfs): 21.5GB
- sda2: SYSTEM (ntfs): 104.9MB (B)
- sda3: WINDOWS (ntfs): 62.7GB
- 预留给ubuntu系统:220GB
- sda5: UBUNTU (ext4): 10GB
- sda7: DATA (ext4): 200GB
- sda6: swap (swap): 9,6GB
安装ubuntu
放入ubuntu安装光盘,在BIOS里选择从光盘启动:
- Installer boot menu
- Language: English
- <F6>: noacpi=on, nomodeset=on
- Install Ubuntu Server 10.04 (Rescue mode)
- Ubuntu installer main menu
- Choose language: English
- Location: other, Europe, Germany
- Detect keyboard layout: yes, + y <ENTER> => de:nodeadkeys
- Configure the network
- DHCP: Auto
- hostname: vmhost-ubuntu-vbox
- Partition disks
- Manual, Guided partitioning
- / 226.2GB (分区应该分为10GB+200GB,见下文)
- swap 9.6GB
- Manual, Guided partitioning
- Install the base system
- Set up users and passwords
- Fullname: admin 2cn.de
- Username: r
- Password: <password>
- Encrypt your home directory: No
- Configure the package manager
- HTTP proxy: 无
- Select and install software: No automatic updates
- Software selection
- OpenSSH Server
- Configuring grub-pc
- Install the GRUB boot loader to the MBR: Yes
- Restart
- 用SystemRescueCD纠正分区
- gparted resize sda5 to 10GB
- gparted add sda7 ext4 partition 200GB
sudo su
ls -l /dev/disk/by-uuid
vi /etc/fstab |
添加以下几行
UUID=<partition-by-uuid> /opt ext4 defaults 0 0 |
mount -a |
设置系统
安装软件,基本设置
设置代理,更新系统
sudo su export http_proxy=http: //www-cache.uni-mannheim.de:3128 apt-get update apt-get dist-upgrade apt-get autoremove apt-get install python-software-properties apt-get install rcconf apt-get install p7zip-full apt-get remove ubuntu-docs apt-get remove mysql-common apt-get remove samba-common apt-get clean apt-get autoclean apt-get autoremove cat /etc/issue vi /etc/hosts |
127.0 . 0.1 vmhost-ubuntu-vbox |
为r和root用户设置top
为r和root添加screen显示设置
vi ~/.screenrc |
添加以下几行
caption always "%{Wb} %H %{Bk}| %{Ck}%-w%50>%{Cb} %n %t %-%+w%<%{- Wk}% |{Bk} | %=%{Wb} %C " |
避免意外删除文件等错误
vi /etc/bash.bashrc |
添加以下行
alias rm= "rm -i" alias cp= "cp -i" alias mv= "mv -i" alias halt= "confirm halt" alias reboot= "confirm reboot" alias shutdown= "confirm shutdown" |
SSH设置
用PAM限制SSH用户
vi /etc/pam.d/sshd |
在vi里写入
auth required pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail |
添加允许SSH的用户
vi /etc/ssh/ssh.allow |
在vi里写入
r |
10分钟后自动关闭空闲的SSH链接
vi /etc/ssh/sshd_config |
添加以下几行:
ClientAliveInterval 300 ClientAliveCountMax 2 UseDNS no |
Postfix设置
dpkg-reconfigure postfix |
Satellite System: 只通过smarthost发送,不接受邮件
vi /etc/postfix/main.cf |
添加以下行
smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_password sender_canonical_maps = hash:/etc/postfix/sender_canonical message_size_limit = 25600000 |
vi /etc/postfix/sasl_password |
添加以下几行
smtp.gmx.net china-portal @gmx .net:<password> |
chmod 600 /etc/postfix/sasl_password postmap /etc/postfix/sasl_password |
vi /etc/postfix/sender_canonical |
添加以下几行
r china-portal @gmx .net root china-portal @gmx .net vbox china-portal @gmx .net nagios china-portal @gmx .net |
postmap /etc/postfix/sender_canonical /etc/init.d/postfix restart |
安装监测程序
监测网卡流量
apt-get install iftop apt-get install jnettop |
监测电脑硬件配置
apt-get install hwinfo |
监测其他电脑数据
apt-get install iotop apt-get install apachetop |
安装Nagios
安装Nagios 3.2.0
apt-get install nagios3 apt-get install nagios-nrpe-plugin |
- Configuring nagios3-cgi
- nagiosadmin password: <password>
htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin
htpasswd -c /etc/nagios3/htpasswd.users nagios
- nagiosadmin password: <password>
设置权限
vi /etc/nagios3/cgi.cfg |
在vi里修改行
authorized_for_read_only=nagios |
设置apache2
vi /etc/apache2/apache2.conf |
在vi里修改以下几行
ServerName localhost Timeout 60 MaxKeepAliveRequests 10 StartServers 1 MinSpareServers 1 MaxSpareServers 1 MaxClients 10 |
vi /etc/apache2/conf.d/security |
添加/修改行:
<Directory /> Options -Indexes AllowOverride None Order Deny,Allow Deny from all </Directory> ServerTokens Prod ServerSignature Off TraceEnable Off |
vi /var/www/index.html |
<html><body></body></html> |
groupadd log usermod -a -G log vbox usermod -a -G log www-data usermod -a -G log r mkdir /opt/logs mkdir /opt/logs/apache2 rm -R /var/log/apache2 ln -s /opt/logs/apache2 /var/log/apache2 chown -R www-data.log /opt/logs chmod -R g+w /opt/logs chmod -R o-r /opt/logs chmod -R o-x /opt/logs |
配置nagios
vm-ubuntu-build
vi /etc/nagios3/conf.d/vm-ubuntu-build.cfg |
define host{ use generic-host host_name vm-ubuntu-build alias vm-ubuntu-build address 192.168 . 178.111 } define service{ use generic-service host_name vm-ubuntu-build service_description DNS check_command check_dns! 192.168 . 178.111 } define service { use generic-service host_name vm-ubuntu-build service_description NRPE Disk Usage check_command check_nrpe_1arg!check_all_disks!vm-ubuntu-build } define service{ use generic-service host_name vm-ubuntu-build service_description NRPE Current Users check_command check_nrpe_1arg!check_users!vm-ubuntu-build } define service{ use generic-service host_name vm-ubuntu-build service_description NRPE Zombie Processes check_command check_nrpe_1arg!check_zombie_procs!vm-ubuntu-build } define service{ use generic-service host_name vm-ubuntu-build service_description NRPE Total Processes check_command check_nrpe_1arg!check_total_procs!vm-ubuntu-build } |
/etc/init.d/nagios3 restart |
安装VirtualBox
安装VirtualBox4.0.2
add-apt-repository "deb [http://download.virtualbox.org/virtualbox/debian] lucid contrib" add-apt-repository "deb [http://download.virtualbox.org/virtualbox/debian] lucid non-free" wget -q- -[http: //download.virtualbox.org/virtualbox/debian/oracle_vbox.asc]- --O- | sudo apt-key add - apt-get update apt-get install libqtcore4 apt-get install libqtgui4 apt-get install libssl0. 9.8 apt-get install virtualbox- 4.0 apt-get install dkms wget [http: //download.virtualbox.org/virtualbox/4.0.2/Oracle_VM_VirtualBox_Extension_Pack-4.0.2-69518.vbox-extpack] VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack- 4.0 . 2 - 69518 .vbox-extpack useradd -m -s /bin/bash vbox passwd vbox adduser vbox vboxusers mkdir /opt/vbox mkdir /opt/vbox-shared chown -R vbox.vboxusers /opt/vbox chown -R vbox.vboxusers /opt/vbox-shared su - vbox vi ~.VirtualBox/VirtualBox.xml |
把defaultMachineFolder改为/opt/vbox
安装PhpVirtualBox
vi /etc/ default /virtualbox |
VBOXWEB_USER=vbox VBOXWEB_HOST=localhost VBOXWEB_PORT= 18083 VBOXWEB_TIMEOUT= 60 VBOXWEB_CHECK_INTERVAL= 5 VBOXWEB_THREADS= 2 VBOXWEB_KEEPALIVE= 2 VBOXWEB_LOGFILE=/var/log/virtualbox.log INSTALL_DIR=/usr/lib/virtualbox |
mkdir /var/log/virtualbox update-rc.d vboxweb-service defaults apt-get install libapache2-mod-php5 mkdir /opt/phpvirtualbox cd /opt/phpvirtualbox wget `wget -q -O - [http: //phpvirtualbox.googlecode.com/files/LATEST.txt]` -O phpvirtualbox-latest.zip 7z x phpvirtualbox-latest.zip ln -s /opt/phpvirtualbox/phpvirtualbox- 4.0 -4b/ /var/www/vbox mkdir /opt/phpvirtualbox/conf vi /opt/phpvirtualbox/conf/config.php |
<?php class phpVBoxConfig { var $username = 'vbox' ; var $password = '<密码>' ; var $language = 'en_us' ; var $previewUpdateInterval = 600 ; var $enableAdvancedConfig = true ; } |
ln -s /opt/phpvirtualbox/conf/config.php /opt/phpvirtualbox/phpvirtualbox- 4.0 -4b/config.php vi /etc/apache2/sites-available/vbox |
<VirtualHost *: 80 > Alias /vbox /opt/phpvirtualbox/phpvirtualbox <Directory /opt/phpvirtualbox/phpvirtualbox> Options None AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/apache2/vbox-error.log * Possible values include: debug, info, notice, warn, error, crit, * alert, emerg. LogLevel warn CustomLog /var/log/apache2/vbox-access.log combined </VirtualHost> |
a2ensite vbox chown -R vbox.www-data /opt/phpvirtualbox/ chmod -R o-r /opt/phpvirtualbox chmod -R o-x /opt/phpvirtualbox /etc/init.d/apache2 restart |
- 在浏览器里打开http://<vmhost-ubuntu-vbox>/vbox网页
- 用户admin,密码admin
- File – Preferences – 修改admin密码
安装vboxMgr
mkdir /opt/vboxmgr cd /opt/vboxmgr wget http: //vboxmgr.svn.sourceforge.net/viewvc/vboxmgr/trunk/vboxmgr-init wget http: //vboxmgr.svn.sourceforge.net/viewvc/vboxmgr/trunk/vboxmgr wget http: //vboxmgr.svn.sourceforge.net/viewvc/vboxmgr/trunk/autostart.conf.README chmod 754 /opt/vboxmgr/vboxmgr ln -s /opt/vboxmgr/vboxmgr /usr/local/bin/vboxmgr chmod 754 /opt/vboxmgr/vboxmgr-init ln -s /opt/vboxmgr/vboxmgr-init /etc/init.d/vboxmgr-init mkdir /opt/vboxmgr/conf mv /opt/vboxmgr/autostart.conf.README /opt/vboxmgr/conf ln -s /opt/vboxmgr/conf/ /etc/vboxmgr chown -R vbox.vboxusers /opt/vboxmgr update-rc.d vboxmgr-init defaults 99 20 vi /opt/vboxmgr/conf/autostart.conf |
添入以下几行
"vm-ubuntu-build" 0 "vm-winxp-work" 0 |
virtualbox备份
创建备份文件夹
mkdir /opt/backup chown -R vbox.vbox /opt/backup mkdir /opt/scripts chown -R vbox.vbox /opt/scripts vi /opt/scripts/vbox_backup.sh |
添入以下备份脚本
!/bin/bash BACKUP_TARGET= "/opt/backup" KEEP_DAYS= 1 BACKUP_VMS=( "vm-ubuntu-fe" "vm-ubuntu-build" ) HOST=`hostname` LAST_BACKUP=`/bin/date +%G%m%d` AVAILABLE_VMS=`VBoxManage list vms | grep '"' | cut -d '"' -f2 2 >/dev/ null ` function suspendVM { VM_STATE=`VBoxManage showvminfo "${CURRENT_VM}" --machinereadable | grep "^\(VM_STATE=\)" | cut -d '"' -f2 2 >/dev/ null ` if [ "${VM_STATE}" = "running" ]; then echo "Suspending ${CURRENT_VM} ..." VBoxManage controlvm ${CURRENT_VM} savestate fi } function backupVM { vbox_cfg_file=`VBoxManage showvminfo "${CURRENT_VM}" --machinereadable | grep "^\(CfgFile=\)" | cut -d '"' -f2 2 >/dev/ null ` vbox_vdi_files=`VBoxManage showvminfo "${CURRENT_VM}" --machinereadable | grep ".vdi" | cut -d '"' -f4 2 >/dev/ null ` mkdir "${BACKUP_TARGET}/${CURRENT_VM}" echo "Backing up ${CURRENT_VM} ..." rsync -aP --stats "${vbox_cfg_file}" "${BACKUP_TARGET}/${CURRENT_VM}/" for current_vdi in ${vbox_vdi_files}; do rsync -aP --stats "${current_vdi}" "${BACKUP_TARGET}/${CURRENT_VM}/" done } function resumeVM { if [ "${VM_STATE}" = "running" ]; then echo "Resuming ${CURRENT_VM} . . ." VBoxHeadless -s ${CURRENT_VM} fi } function compressBackup { backup_file= "${CURRENT_VM}_${LAST_BACKUP}.tar.gz" echo "Compressing ${CURRENT_VM} backup ..." tar -cf "${BACKUP_TARGET}/${backup_file}" -C "${BACKUP_TARGET}/${CURRENT_VM}" } function deleteOldBackups { echo "Deleting older than ${KEEP_DAYS} day(s)" find "${BACKUP_TARGET}" -name "${CURRENT_VM}_*.tar.gz" -mtime ${KEEP_DAYS} -exec rm -vf {} \; } for backup_vm in "${BACKUP_VMS[@]}" ; do for CURRENT_VM in ${AVAILABLE_VMS}; do if [ "${backup_vm}" = "${CURRENT_VM}" ]; then echo "Start backup: ${CURRENT_VM} (`date`)" suspendVM sleep 3 backupVM resumeVM sleep 3 compressBackup deleteOldBackups echo "Finished backup: ${CURRENT_VM} (`date`)" fi done done |
chmod 750 /opt/scripts/vbox_backup.sh |
设置固定IP
vi /etc/network/interfaces |
删除以下dhcp的设置
auto eth0 iface eth0 inet dhcp |
添加IP设置
auto eth0 iface eth0 inet static address 192.168 . 178.11 netmask 255.255 . 255.0 network 192.168 . 178.0 broadcast 192.168 . 178.255 gateway 192.168 . 178.1 |
vi /etc/resolv.conf |
search 2cn.de domain 2cn.de nameserver 192.168 . 178.1 nameserver 134.155 . 96.53 |
vi /etc/hosts |
127.0 . 0.1 vmhost-ubuntu-vbox 127.0 . 0.1 vmhost-ubuntu-vbox.2cn.de 192.168 . 178.111 vm-ubuntu-build 192.168 . 178.111 vm-ubuntu-build.vm.2cn.de 192.168 . 178.112 vm-winxp-work 192.168 . 178.112 vm-winxp-work.vm.2cn.de |
/etc/init.d/networking restart |
删除不需要的软件包
apt-get remove telnet |
卸载dhcp
apt-get remove dhcp-client3 |
设置grub-reboot
把/etc/default/grub里的GRUB_DEFAULT函数改为saved
GRUB_DEFAULT=saved |
grub-set- default 0 update-grub |
vi /etc/bash.bashrc |
添加使用Windows7重启指令
alias reboot2win= "grub-reboot \"Windows 7 (loader) (on /dev/sda2)\" && reboot" |
TODOs
- SSHhttp://www.debuntu.org/ssh-key-based-authenticationhttps://help.ubuntu.com/community/SSH/OpenSSH/Keys
- Nagios
- check-host-alive
- check_nrpe_1arg!check_disk
- check_nrpe_1arg!check_load
- nagios contactgroup
- DHCP, DNS, Proxy etc.
- Firewall, Security
- UFW
- Fail2Ban
- Root account access warning
- Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.
echo -e
"Root Shell Access on `tty` \n `w`"
| mail -s
"Alert: Root Access"
samiux
@gmail
.com
- You are also required to add the captioned line at the sudoers’ .bashrc file.
echo -e
"Sudoer Shell Access on `tty` \n `w`"
| mail -s
"Alert: Sudoer Access"
samiux
@gmail
.com
- Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.
- apparmor
- To disable the reboot action taken by pressing the Ctrl+Alt+Delete key combination, comment out the following line in the file /etc/init/control-alt-delete.conf.
*exec shutdown -r now
"Control-Alt-Delete pressed"
[http:
//mondotech.blogspot.com/2010/11/ufw-block-outgoing-traffic.html]
- Backup