頭城國小資訊組

在 CentOS 7.x 使用內建的套件庫安裝的 MariaDB SQL Server 版本是 5.x
# /usr/bin/mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 16
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

MariaDB [(none)]> quit
Bye

安裝 10.x 版本
1. 使用 MariaDB 網站上的設定網頁
MariaDB – Setting up MariaDB Repositories – MariaDB

[@more@]2. 移除舊版套件
# systemctl disable mariadb.service
Removed symlink /etc/systemd/system/multi-user.target.wants/mariadb.service.
# systemctl stop mariadb.service
# yum remove mariadb mariadb-server mariadb-libs

3. 建立 mariadb.repo
# vim /etc/yum.repos.d/mariadb.repo
# MariaDB 10.1 CentOS repository list – created 2017-03-12 06:10 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

4. 更新套件庫
# yum update

5. 進行安裝
# yum install MariaDB-server MariaDB-client

6. 啟動 MariaDB SQL Server
# systemctl enable mariadb.service
# systemctl start mariadb.service

7. 版本
# /usr/bin/mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.21-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

MariaDB [(none)]> quit
Bye

FTP Server 在傳輸資料時都是使用明碼，沒有加密傳輸，使用 SSL/TLS 加密傳輸，可以使 FTP Server 在傳輸資料時更加安全。
參考網頁：
Vsftpd Over SSL/TLS使用加密傳輸:::iThome Download-你要的軟體在這裡:::

1. 安裝 openssl / vsftpd 套件
# yum install openssl vsftpd

2. 建立憑證
# openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
Generating a 1024 bit RSA private key
..++++++
…..++++++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [TW]:
State or Province Name (full name) [Yilan]:
Locality Name (eg, city) [TouCheng]:
Organization Name (eg, company) [Elementary School]:
Organizational Unit Name (eg, section) [Proxy Server]:FTP Server
Common Name (eg, your name or your server’s hostname) []:xxx.tces.ilc.edu.tw
Email Address []:xxx@gmail.com

[@more@]3. 更改檔案權限
# chmod 600 /etc/pki/tls/certs/vsftpd.pem

4. 修改 vsftp FTP Server 設定檔 /etc/vsftpd/vsftpd.conf
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.$(date +%F)
# vim /etc/vsftpd/vsftpd.conf
在設定檔的最後面加上
# 憑證存放路徑
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
# 啟動 SSL
ssl_enable=YES
# 強制傳輸時使用 SSL
force_local_data_ssl=YES
# 登入時強制使用 SSL
force_local_logins_ssl=YES

可以使用的參數
ssl_enable=yes/no //是否啟用 SSL，預設為 no
allow_anon_ssl=yes/no //是否允許匿名使用者使用 SSL，預設為 no
rsa_cert_file=/path/to/file //rsa 證書的位置
dsa_cert_file=/path/to/file //dsa 證書的位置
force_local_logins_ssl=yes/no //非匿名使用者登陸時是否加密，預設為 yes
force_local_data_ssl=yes/no //非匿名使用者傳輸資料時是否加密，預設為 yes
force_anon_logins_ssl=yes/no //匿名使用者登錄時是否加密，預設為 no
force_anon_data_ssl=yes/no //匿名使用者資料傳輸時是否加密，預設為 no
ssl_sslv2=yes/no //是否啟動 ssl v2 加密，預設 no
ssl_sslv3=yes/no //是否啟動 ssl v3 加密，預設 no
ssl_tlsv1=yes/no //是否啟動 tls v1 加密，預設 yes
ssl_ciphers=HIGH //預設是 DES-CBC3-SHA

5. 重新啟動 vsftpd FTP Server
# systemctl restart vsftpd.service

6. 使用 FileZilla 進行測試

cpio 是一個在 Linux 上用來備份或是還原的工具，個人只有在客製化  initrd.img  時用過。
1. 解開
# /bin/cpio -idv < initrd.img
-i 解開檔案
-d 在需要時自動建立目錄
-v 將操作過程顯示在螢幕上

2. 壓縮
# find . | cpio -cov | gzip -9 > ../initrd.img
-c 相同於 -H newc，使用新的 SVR4 portable 格式，如果要使用舊版的 (ASCII) 壓縮格式，可以使用  “-H odc”
-o 建立檔案
-v 將操作過程顯示在螢幕上

3. 更多用法
# cpio –help

1. 新增使用者 testuser
# useradd testuser -d /home/testuser

2. 建立網頁目錄及測試網頁
# mkdir /home/testuser/www
# echo “<h2> Testuser’ Nginx UserDir Test Page</h2>” > /home/testuser/www/test.html

3. 更改目錄及檔案擁有者及群組
# chown -R testuser:testuser /home/testuser
# chmod 711 /home/testuser[@more@]
4. 加入設定
# vim /etc/nginx/conf.d/default.conf
     location ~ ^/~(.+?)(/.*)?$ {
         alias /home/$1/www$2;
         index  index.php index.html index.htm;
         autoindex on;
     }

5. 重新啟動 Nginx Web Server
# systemctl restart nginx.service

6. 觀看成果 http://Server’IP/~testuser/test.html

參考網頁：
Linux ． 無限: 在 CentOS7/RHEL7上，使用 Nginx 設定基本 Web 帳號密碼

1. 安裝 httpd-tools 套件
# yum install httpd-tools

2. 建立目錄及測試檔
# mkdir /usr/share/nginx/html/admin
# echo “<h2>This is a secure file</h2>” > /usr/share/nginx/html/admin/test.html

3. 建立密碼檔
# /bin/htpasswd -c /usr/share/nginx/html/admin/.htpasswd test
New password:
Re-type new password:
Adding password for user test[@more@]
4. 俢改 /etc/nginx/conf.d/default.conf 設定檔
# vim /etc/nginx/conf.d/default.conf
    location ~ ^/admin/.* {
        root /usr/share/nginx/html;
        index index.php index.html index.htm;
        location ~ .php$ {
           try_files $uri = 404;
           fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
        }
        auth_basic “Administrator Login”;
        auth_basic_user_file /usr/share/nginx/html/admin/.htpasswd;
    }
或
    location ~ ^/admin/.* {
        root /usr/share/nginx/html;
        index index.php index.html index.htm;
            auth_basic            “Administrator Login“;
            auth_basic_user_file  “/usr/share/nginx/html/admin/.htpasswd“;
        }

5. 重新啟動 Nginx Web Server
# systemctl restart nginx.service

6. 觀看成果 http://Server’IP/admin/test.html

參考網站：
Linux ． 無限: 在 CentOS7/RHEL7 上安裝 Memcached 套件
Linux ． 無限: 在 CentOS7/RHEL7 上架設 Nginx Web Server(一)

1. 安裝 memcache 相關套件 
# yum install memcached php-pecl-memcache

2. 查看 /etc/sysconfig/memcached 設定檔
# cat /etc/sysconfig/memcached
# 連線 Port
PORT=”11211″
# 執行身份
USER=”memcached”
# 最多連線
MAXCONN=”1024″
# 使用 Cache 容量
CACHESIZE=”64″

3. 啟動 memcached 服務
# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
# systemctl start memcached.service[@more@]
4. 檢查服務是否有正常啟動
# systemctl status memcached.service
● memcached.service – Memcached
   Loaded: loaded (/usr/lib/systemd/system/memcached.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-03-11 15:02:39 CST; 10s ago
 Main PID: 1107 (memcached)
   CGroup: /system.slice/memcached.service
           mq1107 /usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024

Mar 11 15:02:39 mis systemd[1]: Started Memcached.
Mar 11 15:02:39 mis systemd[1]: Starting Memcached…

# ss -tnl | grep 11211
LISTEN     0      128          *:11211                    *:*
LISTEN     0      128         :::11211                   :::*

5. 重新啟動 Web Server
for Apache Web Server
# systemctl restart httpd.service

for Nginx Web Server
# vim /etc/nginx/conf.d/default.conf
    location ^~ /cache/ {
        set            $memcached_key $request_uri;
        memcached_pass 127.0.0.1:11211;
    }
# systemctl restart nginx.service
# systemctl restart php-fpm

觀看成果 http://Server’IP/info.php

改成 Socket 的使用方式
# cat /etc/sysconfig/memcached
PORT=”11211″
USER=”memcached”
MAXCONN=”1024″
CACHESIZE=”64″
OPTIONS=”-s /tmp/memcached.sock -a 666″

# vim /etc/php.d/memcache.ini
;  Use memcache as a session handler
session.save_handler=memcache
;  Defines a comma separated of server urls to use for session storage
session.save_path=”/tmp/memcached.sock”

# vim /etc/nginx/conf.d/default.conf
    location ^~ /cache/ {
        set            $memcached_key $request_uri;
        memcached_pass unix:/tmp/memcached.sock;
    }

# systemctl restart memcached.service
# systemctl restart nginx.service
# systemctl restart php-fpm

# ls -l /tmp/memcached.sock
srw-rw-rw- 1 memcached memcached 0 Mar 11 16:00 /tmp/memcached.sock

參考網頁：
Linux ． 無限: 在 CentOS7/RHEL7 上架設 Nginx Web Server(一)
CentOS 7 : Nginx : PHP-FPM : Server World
[CentOS 7] 整合 Nginx、MariaDB、PHP 7 組成 LEMP Server | IT 技術家

1. 安裝 php-fpm 套件
# yum install php-fpm php-mbstring php-pear

2. 修改 /etc/php-fpm.d/www.conf 設定檔，改變執行者及群組
# vim /etc/php-fpm.d/www.conf
user = apache
group = apache

3. 啟動php-fpm 服務
# systemctl enable php-fpm.service
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
# systemctl start php-fpm.service[@more@]
4. 修改 /etc/nginx/conf.d/default.conf 設定檔
# cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.$(date +%F)
# vim /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    charset utf-8;
    access_log  /var/log/nginx/access.log  main;
    error_log /var/log/nginx/error.log warn;

    location / {
        root   /usr/share/nginx/html;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;

    location ~ .php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
    location ~ /.ht {
        deny  all;
    }
}

5. 修改 /etc/php.ini
# sed -i ‘s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/’ /etc/php.ini

6. 重新啟動 Nginx Web Server
# systemctl restart nginx.service
# systemctl status nginx.service

7. 編輯 php 測試檔
# echo “<?php phpinfo(); ?>” > /usr/share/nginx/html/info.php

8. SELinux 設定
# chcon -R -t httpd_sys_rw_content_t /usr/share/nginx/html

9. 開啟瀏覽器 http://Server’IP/info.php

或
修改 /etc/php-fpm.d/www.conf 設定檔，改變執行者及群組
# vim /etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0666

# vim /etc/nginx/conf.d/default.conf
    location ~ .php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

使用 nginx 套件庫安裝
1. 建立 nginx 套件庫
# vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. 套件庫更新
# yum update

3. 安裝 Nginx Web Server
# yum install nginx

4. 安裝的版本
# /sbin/nginx -V
nginx version: nginx/1.10.3[@more@]或使用 epel 套件庫安裝
1. 安裝 Nginx Web Server
# yum install nginx –enablerepo=epel

2. 安裝的版本
# /sbin/nginx -V
nginx version: nginx/1.10.2

二者差別
1. 用 nginx 套件庫安裝的版本比較新 1.10.3 > 1.10.2
2. 用 epel 套件庫安裝的套件數比較多 25 > 3

設定開機時啟動
# systemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# systemctl start nginx.service

防火牆上設定
# firewall-cmd –add-service=http –permanent
# firewall-cmd –add-service=https –permanent
# firewall-cmd –reload
或
# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 80 -j ACCEPT
# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 443 -j ACCEPT

觀看成果 http://Server’IP
Nginx 套件庫

EPEL 套件庫

參考網頁：
CentOS 7 : MRTG : Install : Server World

mrtg Server : 192.168.1.10
1. 安裝 mrtg
# yum install net-snmp net-snmp-utils mrtg

2. 設定 snmp
# echo ‘rocommunity public’ > /etc/snmp/snmpd.conf
# systemctl enable snmpd.service
# systemctl start snmpd.service[@more@]
3. 防火牆設定
# firewall-cmd –add-rich-rule=”rule family=”ipv4″ source address=”192.168.1.0/24″ service name=”snmpd” accept” –permanent
或
# iptables -A INPUT  -p udp -s 192.168.1.0/24 -m state –state NEW –dport 161 -j ACCEPT

4. 測試
# /bin/snmpwalk -v2c -c public 127.0.0.1

5. 建立 mrtg /etc/mrtg/mrtg.cfg 設定檔
# /bin/cfgmaker –snmp-options=:::::2 –ifref=descr –ifdesc=descr 192.168.1.10 > /etc/mrtg/mrtg.cfg

6. 修改 mrtg 設定檔 /etc/mrtg/mrtg.cfg
# cp /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.$(date +%F)
# vim /etc/mrtg/mrtg.cfg
### Global Config Options

#  for UNIX
# WorkDir: /home/http/mrtg
WorkDir: /var/www/mrtg

### Global Defaults

#  to get bits instead of bytes and graphs growing to the right
Options[_]: growright, bits

7. 執行三次，不用理會警告，因為一剛開始沒有資料，所以會出現，再執行一次就會沒有
# for (( i=1 ; i <= 3 ; i++ )); do env LANG=C mrtg /etc/mrtg/mrtg.cfg; done
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup could not read the primary log file for 192.168.1.10_eth0
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup The backup log file for 192.168.1.10_eth0 was invalid as well
2017-03-11 11:57:18, Rateup WARNING: /usr/bin/rateup Can’t rename 192.168.1.10_eth0.log to 192.168.1.10_eth0.old updating log file

8. 產生 index 檔
# /bin/indexmaker –columns=1 /etc/mrtg/mrtg.cfg > /var/www/mrtg/index.html

9. 建立 mrtg cron
# vim /etc/cron.d/mrtg
*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg –lock-file /var/lock/mrtg/mrtg_l –confcache-file /var/lib/mrtg/mrtg.ok

10. 修改 /etc/httpd/conf.d/mrtg.conf
# vim /etc/httpd/conf.d/mrtg.conf
Alias /mrtg /var/www/mrtg

<Location /mrtg>
    Require local
    Require ip 192.168.1.0/24
    # Require ip 10.1.2.3
    # Require host example.org
</Location>

11. 重新啟動 Web Server
# systemctl restart httpd.service

12. 觀看成果 http://Server’IP/mrtg

主要是更新 KB4020102
[@more@]檔案不在 Microsoft Update Catalog 網站：
直接下載
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/05/windows10.0-kb4020102-x86_ad90b5bc48387b6332dcf4d9ab3c8e639f936d4b.cab

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/05/windows10.0-kb4020102-x64_5ee8874a880b6976a1fdc935e969047822e1e5c6.cab

cab 更新檔安裝可以參考：
Win10技巧：如何手動安裝CAB和MSU格式更新包？ – 每日頭條

補上 msu 連結
x86
http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/05/windows10.0-kb4020102-x86_ddad7b48020dc02a7b0f9b059eaa248a95c9cd70.msu

x64
http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/05/windows10.0-kb4020102-x64_9d406340d67caa80a55bc056e50cf87a2e7647ce.msu