發佈於

在 CentOS 7.x 利用 gmail 來寄送 Log 檔

參考網頁:
建立只發送Mail的Mail Server – iT 邦幫忙::一起幫忙解決難題,拯救 IT 人的一天

因為需要查看系統的 Log ,所以想要利用 gmail,將系統產生的 Log 檔,寄送到指定的信箱。

1. 安裝 ssmtp 套件
# yum install ssmtp

2.備份原設定檔 /etc/ssmtp/ssmtp.conf
# cp /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf.$(date +%F)[@more@]3. 修改 /etc/ssmtp/ssmtp.conf 設定檔
# egrep -v ‘^$|^#’ /etc/ssmtp/ssmtp.conf
root=postmaster
mailhub=smtp.gmail.com:587
Hostname=xxxxx.sytes.net
AuthUser=xxxxx@gmail.com
AuthPass=xxxxx
FromLineOverride=YES
UseTLS=YES
UseSTARTTLS=Yes
TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt

4. 更改檔案權限
# chmod 600 /etc/ssmtp/ssmtp.conf

5. 測試是否可以正常使用
# echo “Testing” | mail -s “Test Email” yourname@gmail.com

6. 如果還有安裝其它的 Mail Server,就要設定系統使用的 MTA
# alternatives –config mta

有 2 個程式提供「mta」。

  選擇        指令
  ———————————————–
  *+ 1           /usr/sbin/sendmail.postfix
     2           /usr/sbin/sendmail.ssmtp

     請輸入以保留目前的選擇[+],或輸入選擇號碼:2

表單使用 Gmail 當 SMTP
啟用「安全性較低的應用程式存取權限」
https://www.google.com/settings/security/lesssecureapps

啟用後,信箱會收到

發佈於

解決出現 warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol 的錯誤訊息

執行 logwatch 時出現如下的錯誤訊息
# logwatch –output stdout
logwatch: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol
logwatch: warning: inet_protocols: configuring for IPv4 support only

看起來問題似乎是 IPv6 被取消了,這是因為在家裡用不到。[@more@]解決方式:
參考網站:
email – “IPv6 support is disabled” warnings – Unix & Linux Stack Exchange

1. 備份原設定檔
# cp /etc/postfix/main.cf /etc/postfix/main.cf.$(date +%F)

2. 將 inet_protocols = all 改成 inet_protocols = ipv4
# sed -i ‘s/^(inet_protocols = ).*$/1”ipv4/’ /etc/postfix/main.cf

3. 重新啟動 postfix 服務
# systemctl restart postfix

4. 檢查一下
# logwatch –output stdout

發佈於

在 CentOS 7.x 上使用 OpenVPN

參考網站:
CentOS 7 install OpenVPN @ 回憶……! :: 痞客邦 PIXNET ::
CentOS 7 安裝 OpenVPN Server – Linux 技術手札

1. 安裝 epel 套件庫
# yum install epel-release

2. 安裝 OpenVPN 套件
# yum install openvpn

3. 安裝 Easy RSA 套件,之後要產生 Key 的
# yum install easy-rsa[@more@]4. 複製 server.conf 的範例檔至 openvpn 設定檔目錄
# cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

5. 備份原設定檔
# cp /etc/openvpn/server.conf /etc/openvpn/server.conf.$(date +%F)

6. 修改 /etc/openvpn/server.conf 設定檔
# egrep -v “^#|^$|^;” /etc/openvpn/server.conf
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “route 10.8.0.0 255.255.255.0”
push “redirect-gateway def1 bypass-dhcp”
push “dhcp-option DNS 168.95.1.1”
push “dhcp-option DNS 8.8.8.8”
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

7. 建立 Easy RSA 要產生 Key 的目錄
# mkdir -p /etc/openvpn/easy-rsa/keys

8. 複製 Easy RSA 範例檔至 Easy RSA 設定檔目錄
# cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

9. 請情況修改 /etc/openvpn/easy-rsa/vars 中的變數
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”me@myhost.mydomain”
export KEY_OU=”MyOrganizationalUnit”

# X509 Subject Field
export KEY_NAME=”EasyRSA”

10. 以下為開始做建立憑證的動作:
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
# cd /etc/openvpn/easy-rsa
# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys

# ./clean-all
# ./build-ca
# ./build-key-server server

# ./build-dh
# cd /etc/openvpn/easy-rsa/keys
# cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
# cd /etc/openvpn/easy-rsa
# ./build-key client

11. 產生 ta.key
# cd /etc/openvpn/
# openvpn –genkey –secret ta.key

12. 安裝 iptables 的相關 packages 與設定 iptables
# yum install iptables-services -y
# systemctl mask firewalld
# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
# systemctl stop firewalld
# systemctl start iptables
# iptables –flush

13. iptables 防火牆上的設定
將 Source IP range 為 10.8.0.0/24 的 IP 做 NAT 後,並由 ppp0 出去
# iptables -A FORWARD -i tun0 -s 10.8.0.0/24 -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ppp0 -j MASQUERADE
# iptables-save > /etc/sysconfig/iptables
# systemctl restart iptables

14. 修改 /etc/sysctl.conf 設定
# vim /etc/sysctl.conf
—————————————–
......
net.ipv4.ip_forward = 1
......
—————————————–

15. 啟動 OpenVPN 服務,並設定開機時啟動
# systemctl start openvpn@server.service
# systemctl enable openvpn@server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /usr/lib/systemd/system/openvpn@.service.

16. 檢查 OpenVPN 服務狀態
# systemctl status openvpn@server.service
● openvpn@server.service – OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2016-08-14 15:13:07 CST; 9s ago
  Process: 2294 ExecStart=/usr/sbin/openvpn –daemon –writepid /var/run/openvpn/%i.pid –cd /etc/openvpn/ –config %i.conf (code=exited, status=0/SUCCESS)
 Main PID: 2295 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           mq2295 /usr/sbin/openvpn –daemon –writepid /var/run/openvpn/server.pid –cd /etc/openvpn/ –config server.conf

17. 檢查 OpenVPN 是否有正常啟動
# netstat -antulp | grep :1194
tcp        0      0 0.0.0.0:1194            0.0.0.0:*               LISTEN      1039/openvpn

發佈於

在 CentOS 7.x 上使用 snmpd 服務

參考網站:
八克里: 在 CentOS 7 安裝 snmpd 服務(CentOS 7 SNMP install)
How To Install and Configure SNMP on RHEL 7 or CentOS 7

為了使用 cacti 和 nagios 來監測系統主機,隨時掌握主機及服務的存活狀態,所以加裝 snmpd 服務。
1. 安裝 snmpd 所需套件
# yum install net-snmp net-snmp-utils

2. 備份原設定檔 /etc/snmp/snmpd.conf
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.$(date +%F)[@more@]
3. 修改 /etc/snmp/snmpd.conf 設定檔
# grep -v “^$” /etc/snmp/snmpd.conf | grep -v ‘^ *#’
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
access  notConfigGroup “”      any       noauth    exact  systemview none none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
dontLogTCPWrappersConnects yes


將 41/47/48/55/56/62 行註解
# sed -i ’41s/^/#/’ /etc/snmp/snmpd.conf
# sed -i ’47s/^/#/’ /etc/snmp/snmpd.conf
# sed -i ’48s/^/#/’ /etc/snmp/snmpd.conf
# sed -i ’55s/^/#/’ /etc/snmp/snmpd.conf
# sed -i ’56s/^/#/’ /etc/snmp/snmpd.conf
# sed -i ’62s/^/#/’ /etc/snmp/snmpd.conf

取消  112,116~117,122~126,129~130,141~145,147 前面的註解
# sed -i ‘112s/^#//’ /etc/snmp/snmpd.conf
# sed -i ‘116,117s/^#//’ /etc/snmp/snmpd.conf
# sed -i ‘122,126s/^#//’ /etc/snmp/snmpd.conf
# sed -i ‘129,130s/^#//’ /etc/snmp/snmpd.conf
# sed -i ‘141,145s/^#//’ /etc/snmp/snmpd.conf
# sed -i ‘147s/^#//’ /etc/snmp/snmpd.conf
取消 151 行前面註解,並將rwview 改成 none
# sed -i -e ‘151s/^#//’ -e ‘s/rwview/none/’ /etc/snmp/snmpd.conf

4. 啟動 snmpd 服務及設定開機時啟動
# systemctl start snmpd.service
# systemctl enable snmpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.

5. 檢查 snmpd 是否有正常啟動
# netstat -auntp | grep snmp
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN      1822/snmpd
udp        0      0 0.0.0.0:161             0.0.0.0:*                           1822/snmpd

6. 防火牆上的設定,最好要設定可以連線的範圍
# firewall-cmd –permanent –add-port=161/udp
success

# firewall-cmd –reload
success

# firewall-cmd –list-all
public (default, active)
  interfaces: eno16777736
  sources:
  services: dhcpv6-client ftp samba ssh
  ports: 21/tcp 161/udp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

7. 進行本機上的測試
# snmpwalk -v 1 -c public -O e 127.0.0.1
# snmpwalk -c public -v 2c 127.0.0.1

發佈於

在 CentOS 7.x 上使用 smartd 服務

為了能更精確掌握硬碟的健康狀態,免得最後硬碟出現問題,不能用時才做處理,所以使用 smartd 服務。
參考網頁:
Smartctl – Monitoring & Analysis tool for Hard drive
Install SMART on CentOS 6.4 | Zwiegnet Blog
Linux 下用 smartd 监测硬盘状况 | vpsee.com

1. 安裝 smartmontools 套件
# yum install smartmontools

2. 啟動 smartd 服務及設定開機時啟動
# systemctl start smartd.service
# systemctl enable smartd.service[@more@]3. 檢查 smartd 服務狀態
# systemctl status smartd.service
● smartd.service – Self Monitoring and Reporting Technology (SMART) Daemon
   Loaded: loaded (/usr/lib/systemd/system/smartd.service; enabled; vendor preset: enabled)
   Active: active (running) since 日 2016-08-14 13:45:13 CST; 33s ago
 Main PID: 2712 (smartd)
   CGroup: /system.slice/smartd.service
           mq2712 /usr/sbin/smartd -n -q never

 8月 14 13:45:13 localhost.localdomain systemd[1]: Starting Self Monitoring and Reporting Technology (SMART) Daemon…
 8月 14 13:45:13 localhost.localdomain smartd[2712]: smartd 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Opened configuration file /etc/smartmontools/smartd.conf
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Configuration file /etc/smartmontools/smartd.conf was parsed, found DEVICESCAN, scanning devices
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Device: /dev/sda, opened
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Device: /dev/sda, [VMware,  VMware Virtual S 1.0 ], 21.4 GB
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Device: /dev/sda, IE (SMART) not enabled, skip device
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Try ‘smartctl -s on /dev/sda’ to turn on SMART features
 8月 14 13:45:13 localhost.localdomain smartd[2712]: Monitoring 0 ATA and 0 SCSI devices

4. 檢查硬碟資訊
# smartctl -i /dev/sda
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Device Model:     TS128GSSD370S
Serial Number:    xxxxx
Firmware Version: xxxxx
User Capacity:    128,035,676,160 bytes [128 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   ACS-2 (minor revision not indicated)
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Sun Aug 14 13:49:10 2016 CST
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

5. 顯示更詳盡的硬碟資訊
# smartctl -a -d ata /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Device Model:     ST4000VN000-2AH166
Serial Number:    xxxxx
LU WWN Device Id: xxxxx
Firmware Version: xxxxx
User Capacity:    4,000,787,030,016 bytes [4.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Rotation Rate:    5980 rpm
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   ACS-3 (unknown minor revision code: 0x006d)
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Sun Aug 14 13:52:53 2016 CST
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
                                        was never started.
                                        Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                (  591) seconds.
Offline data collection
capabilities:                    (0x73) SMART execute Offline immediate.
                                        Auto Offline data collection on/off support.
                                        Suspend Offline collection upon new
                                        command.
                                        No Offline surface scan supported.
                                        Self-test supported.
                                        Conveyance Self-test supported.
                                        Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
                                        power-saving mode.
                                        Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                                        General Purpose Logging supported.
Short self-test routine
recommended polling time:        (   1) minutes.
Extended self-test routine
recommended polling time:        ( 637) minutes.
Conveyance self-test routine
recommended polling time:        (   2) minutes.
SCT capabilities:              (0x50bd) SCT Status supported.
                                        SCT Error Recovery Control supported.
                                        SCT Feature Control supported.
                                        SCT Data Table supported.

SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   073   070   044    Pre-fail  Always       –       20940518
  3 Spin_Up_Time            0x0003   095   095   000    Pre-fail  Always       –       0
  4 Start_Stop_Count        0x0032   100   100   020    Old_age   Always       –       6
  5 Reallocated_Sector_Ct   0x0033   100   100   010    Pre-fail  Always       –       0
  7 Seek_Error_Rate         0x000f   064   060   045    Pre-fail  Always       –       2719493
  9 Power_On_Hours          0x0032   100   100   000    Old_age   Always       –       14 (58 128 0)
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       –       0
 12 Power_Cycle_Count       0x0032   100   100   020    Old_age   Always       –       6
184 End-to-End_Error        0x0032   100   100   099    Old_age   Always       –       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       –       0
188 Command_Timeout         0x0032   100   100   000    Old_age   Always       –       0
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       –       0
190 Airflow_Temperature_Cel 0x0022   065   058   040    Old_age   Always       –       35 (Min/Max 29/35)
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       –       0
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       –       2
193 Load_Cycle_Count        0x0032   100   100   000    Old_age   Always       –       24
194 Temperature_Celsius     0x0022   035   042   000    Old_age   Always       –       35 (0 27 0 0 0)
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       –       0
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      –       0
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       –       0
240 Head_Flying_Hours       0x0000   100   253   000    Old_age   Offline      –       276698973077514
241 Total_LBAs_Written      0x0000   100   253   000    Old_age   Offline      –       6425312
242 Total_LBAs_Read         0x0000   100   253   000    Old_age   Offline      –       8038850139

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
No self-tests have been logged.  [To run self-tests, use: smartctl -t]

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

6. 檢查硬碟狀況
# smartctl -H  /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

7. 進行快速檢查
# smartctl -t short /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION ===
Sending command: “Execute SMART Short self-test routine immediately in off-line mode”.
Drive command “Execute SMART Short self-test routine immediately in off-line mode” successful.
Testing has begun.
Please wait 1 minutes for test to complete.
Test will complete after Sun Aug 14 13:59:57 2016

Use smartctl -X to abort test.

# smartctl -l selftest /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-327.28.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF READ SMART DATA SECTION ===
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%        14         –

設定檔
/etc/smartmontools/smartd.conf

發佈於

在 CentOS 7.x 上使用 No-IP 動態 DNS 服務

為了方便遠端連線,所以為主機申請 No-IP 動態 DNS 服務。

1. 下載 noip x64 rpm
# wget ftp://ftp.pbone.net/mirror/atrpms.net/el7-x86_64/atrpms/stable/noip-2.1.9-8.el7.x86_64.rpm

2. 進行安裝
# rpm -ivh noip-2.1.9-8.el7.x86_64.rpm[@more@]3. 在 no-ip 網站申請並註冊
http://www.noip.com/

4. 進行設定
# /usr/bin/noip2 -C

 Auto configuration for Linux client of no-ip.com.

 Multiple network devices have been detected.

 Please select the Internet interface from this list.

 By typing the number associated with it.
 0       eno16777736
 1       ppp0
 1 (要使用 no-ip 的網路介面)
 Please enter the login/email string for no-ip.com  xxxxx (在 no-ip 網站上註冊的帳號)
 Please enter the password for user ‘xxxxx’  ************ (在 no-ip 網站上註冊的密碼)

 Only one host [xxxxx.sytes.net] is registered to this account.
 It will be used.
 Please enter an update interval:[30]
 Do you wish to run something at successful update?[N] (y/N) N

 New configuration file ‘/etc/no-ip2.conf’ created.

5. 在 /etc/rc.d/rc.local 中加入下面一行
/usr/bin/noip2 &

# vim /etc/rc.d/rc.local
/usr/bin/noip2 &

發佈於

在 CentOS 7.x 安裝 PPPoE 撥接功能

參考網站:
在CentOS 7設定PPPoE撥接功能 | Kevin Linul 網路日記本

1. 安裝 rp-pppoe 套件
# yum install rp-pppoe

2. 停用及取消使用 NetworkManager 服務
# systemctl stop NetworkManager.service
# systemctl disable NetworkManager.service
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.[@more@]3. 進行設定
# /usr/sbin/pppoe-setup
Welcome to the PPPoE client setup.  First, I will run some checks on
your system to make sure the PPPoE client is installed properly…

LOGIN NAME

Enter your Login Name (default root): xxxxx@hinet.net

INTERFACE

Enter the Ethernet interface connected to the PPPoE modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where ‘X’ is a number.
(default eth0): eno16777736

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter ‘no’ (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You may have some problems with demand-activated links.
Enter the demand value (default no):

DNS

Please enter the IP address of your ISP’s primary DNS server.
If your ISP claims that ‘the server will provide dynamic DNS addresses’,
enter ‘server’ (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: 168.95.1.1
Please enter the IP address of your ISP’s secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
Enter the secondary DNS server address here: 8.8.8.8

PASSWORD

Please enter your Password:
Please re-enter your Password:

USERCTRL

Please enter ‘yes’ (three letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes):

FIREWALLING

Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose ‘NONE’ and
set up firewalling yourself.  Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 – NONE: This script will not set any firewall rules.  You are responsible
          for ensuring the security of your machine.  You are STRONGLY
          recommended to use some kind of firewall rules.
1 – STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 – MASQUERADE: Appropriate for a machine acting as an Internet gateway
                for a LAN
Choose a type of firewall (0-2): 0

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no):yes

** Summary of what you entered **

Ethernet Interface: eno16777736
User name:          xxxxx@hinet.net
Activate-on-demand: No
Primary DNS:        168.95.1.1
Secondary DNS:      8.8.8.8
Firewalling:        NONE
User Control:       yes
Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/resolv.conf
  (But first backing it up to /etc/resolv.conf.bak)
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
  (But first backing it up to /etc/ppp/chap-secrets.bak)
  (But first backing it up to /etc/ppp/pap-secrets.bak)

Congratulations, it should be all set up!

Type ‘/sbin/ifup ppp0’ to bring up your xDSL link and ‘/sbin/ifdown ppp0’
to bring it down.
Type ‘/sbin/pppoe-status /etc/sysconfig/network-scripts/ifcfg-ppp0’
to see the link status.

原本的網路設定
# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.15  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:feaf:d7df  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:2x:ax:dx:dx  txqueuelen 1000  (Ethernet)
        RX packets 2343  bytes 313808 (306.4 KiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 816  bytes 195933 (191.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

新增 ppp0
# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.15  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:feaf:d7df  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:2x:ax:dx:dx  txqueuelen 1000  (Ethernet)
        RX packets 2343  bytes 313808 (306.4 KiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 816  bytes 195933 (191.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492
        inet 1.162.11.63  netmask 255.255.255.255  destination 168.95.98.254
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 6  bytes 178 (178.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 269 (269.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

發佈於

在 CentOS 7.x 中使用 SSD

參考網頁:
RHEL7: Extend the life of a SSD. – CertDepot

1. 備份原檔
# cp /etc/fstab /etc/fstab.$(date +%F)
2. 停止每次存取檔案時寫入 timestamp
# vim  /etc/fstab

UUID=ba1f3566-d4af-4abc-93f7-2dde272f8006 /                       xfs     defaults        0 0
修改成
UUID=ba1f3566-d4af-4abc-93f7-2dde272f8006 /                       xfs     defaults,noatime        0 0[@more@]3. 在開機時執行 trim
# cp /etc/rc.d/rc.local /etc/rc.d/rc.local.$(date +%F)
# vim /etc/rc.d/rc.local
加入
# Trim the SSD at boot
/usr/sbin/fstrim /
/usr/sbin/fstrim /home
/usr/sbin/fstrim /boot

4. 修改 /etc/rc.d/rc.local 權限
# chmod 744 /etc/rc.d/rc.local

5. 設定開機時執行
# sed -i ‘$an[Install]nWantedBy=multi-user.target’ /usr/lib/systemd/system/rc-local.service
# systemctl enable rc-local
Created symlink from /etc/systemd/system/multi-user.target.wants/rc-local.service to /usr/lib/systemd/system/rc-local.service.

6. Limit swap use
修改 /etc/sysctl.conf 加入下面二行
vm.swappiness=1
vm.vfs_cache_pressure=50
# sed -i ‘$avm.swappiness=1nvm.vfs_cache_pressure=50’ /etc/sysctl.conf

7. 讓設定生效
# sysctl -p
vm.swappiness = 1
vm.vfs_cache_pressure = 50

8. Use a SSD-friendly I/O scheduler
修改 /etc/default/grub 在 GRUB_CMDLINE_LINUX 那一行的最後面加上 elevator=deadline
# vim /etc/default/grub
GRUB_CMDLINE_LINUX=”rhgb quiet ipv6.disable=1 net.ifnames=0 biosdevname=0 elevator=deadline

9. 產生新的 grub 設定檔
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file …
Found linux image: /boot/vmlinuz-3.10.0-327.28.2.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.28.2.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-327.22.2.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.22.2.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-d1ae217032434f8a908229e3c9aae7ae
Found initrd image: /boot/initramfs-0-rescue-d1ae217032434f8a908229e3c9aae7ae.img
done