SVN代码管理服务

JMN。

已于 2024-08-16 18:37:11 修改

阅读量913

点赞数 11

文章标签： svn centos linux

于 2024-08-16 17:23:01 首次发布

本文链接：https://blog.csdn.net/weixin_42860258/article/details/141264496

版权

       此项目为学习过程记录环境，涉及软件为DHCP、PXE、SSH、VSFTP、DNS、WebMail、LAMP、OPENVAS、CACTI、以及SVN代码管理软件。
        注意一键安装的应用，#!/bin/bash开头的脚本和结束位置，不要多复制也别落下内容。
        当年自测过，都可以执行通过，系统为红帽6，系统比较老，有兴趣的小伙伴可以升级下对应的操作系统和软件版本。

1、一键安装配置DHCP

#在GATEWAY上进行如下设置：

#!/bin/bash

systemctl stop firewalld

cat << EOF > /etc/selinux/config

SELINUX=disabled

SELINUXTYPE=targeted

EOF

#配置YUM源

if [ ! -e /etc/yum.repos.d/myyum.repo ] ; then

rm -rf /etc/yum.repos.d/*

cat << EOF > /etc/yum.repos.d/myyum.repo

[myyum]

name=myyum

baseurl=file:///mnt/cdrom

enabled=1

gpgcheck=0

EOF

#挂载

if [ ! -e /mnt/cdrom ] ; then

mkdir /mnt/cdrom

cat << EOF > /etc/fstab

/dev/cdrom /mnt/cdrom iso9660 defaults 0 0

EOF

mount -a

#设定IP地址

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eno16777736

BOOTPROTO=none

DEVICE=eno16777736

HWADDR=00:0c:29:70:6f:4e

ONBOOT=yes

IPADDR=192.168.100.1

PREFIX=24

EOF

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eno33554992

BOOTPROTO=none

DEVICE=eno33554992

HWADDR=00:0c:29:70:6f:58

ONBOOT=yes

IPADDR=192.168.200.1

PREFIX=24

EOF

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eno50332216

BOOTPROTO=none

DEVICE=eno50332216

HWADDR=00:0c:29:70:6f:62

ONBOOT=yes

IPADDR=202.106.195.1

PREFIX=24

EOF

systemctl restart network

#DHCP

rpm -q dhcp &> /dev/null

if [ $? -ne 0 ] ; then

yum install dhcp -y

cat << EOF > /etc/dhcp/dhcpd.conf

option domain-name "jz.com";

option domain-name-servers 192.168.200.100;

default-lease-time 432000;

max-lease-time 864000

log-facility local7;

#IP地址规划

subnet 192.168.100.0 netmask 255.255.255.0 {

range 192.168.100.100 192.168.100.200;

option routers 192.168.100.1;

option broadcast-address 192.168.100.255;

}

subnet 192.168.200.0 netmask 255.255.255.0 {

range 192.168.200.100 192.168.200.200;

option routers 192.168.200.1;

option broadcast-address 192.168.200.255;

}

host LAN {

hardware ethernet 00:0c:29:91:1a:32; #指定客户端MAC地址

fixed-address 192.168.100.100; #指定客户端IP地址

}

host DMZ {

hardware ethernet 00:0c:29:60:73:e2; #指定客户端MAC地址

fixed-address 192.168.200.100; #指定客户端IP地址

}

EOF

#开启路由转发

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

sysctl -p

#重启服务配置

systemctl restart dhcpd

systemctl enable dhcpd

2、一键安装配置PXE

#!/bin/bash

#RHEL 32位6.5(DMZ)

#PXE批量装机

yum install -y xinetd tftp-server &>/dev/null

sed -i '14c \disable = no' /etc/xinetd.d/tftp # 启动TFTP

service xinetd start&>/dev/null

chkconfig xinetd on&>/dev/null

#安装syslinux

#启动文件拷贝到tfpboot里引导

yum -y install syslinux &>/dev/null

cp /usr/share/syslinux/pxelinux.0/ /var/lib/tftpboot &>/dev/null

cp /mnt/cdrom/isolinux/initrd.img vmlinuz /var/lib/tftpboot &>/dev/null

mkdri /var/lib/tftpdboot/pxelinux.cfg&>/dev/null

cat << EOF > /var/lib/tftpboot/pxelinux.cfg/default

default auto #默认启动

prompt 0 #取消用户等待时间

label auto

kernel vmlinuz

append initrd=initrd.img devfs=nomount

ramdisk_size=8192

label linux text

kernel vmlinuz

append text initrd=initrd.img

devfs=nomount ramdisk_size=8192

label linux rescue

kernel vmlinuz

append rescue initrd=initrd.img

devfs=nomount ramdisk_size=8192

service xinetd restart &>/dev/null

#RHEL 7.2 (GTW)

#安装DHCP服务

yum install dhcp -y&>/dev/null

cat <<EOF >/etc/dhcp/dhcpd.conf

default-lease-time 864000;

max-lease-time 432000;

log-facility local7;

subnet 192.168.200.0 netmask 255.255.255.0 {

range 192.168.200.10 192.168.200.20;

option routers 192.168.200.1;

option broadcast-address 192.168.200.255;

next-server 192.168.200.20;#指向TFTP服务器地址

filename "pxelinux.0";#名称

}

host service {

hardware ethernet 00:0C:29:ED:4D:BF;

fixed-address 192.168.200.20;

}

subnet 192.168.100.0 netmask 255.255.255.0 {

range 192.168.100.10 192.168.100.20;

option routers 192.168.100.1;

option broadcast-address 192.168.100.255;

}

host lan {

hardware ethernet 00:0c:29:e5:a3:74;

fixed-address 192.168.100.20;

}

systemctl start dhcpd&>/dev/null

chkconfig dhcpd on&>/dev/null

yum install vsftpd -y&>/dev/null

cp -r /mnt/cdrom/* /var/ftp/pub

systemctl restart vsftpd &>/dev/null

chkconfig vsftpd on&>/dev/null

#RHEL 32位 6.5（DMZ）

#安装VSFTPD

yum install -y vsftpd &>/dev/null

cp -r /mnt/cdrom/* /var/ftp/pub

service vsftpd restart

chkconfig vsftpd on&>/dev/null

#修改BOOT启动顺序为NETWORK

#DMZ无人值守自动安装kickstart（没有桌面环境实现不了）

yum install -Y system-config-kickstart &>dev/null

system-config-kickstart

cp ks.cfg /var/ftp/pub/ks.cfg

a=var/lib/tftpboot/pxelinux.cfg/default

sed -i "5s/ append initrd=initrd.img devfs=nomount

ramdisk_size=8192/append ks=ftp://192.168.200.20/pub/ks.cfg repo=ftp://192.168.200.20/pub initrd=initnomount ramdisk_size=8192/g" $a

service xinetd restart &>/dev/null

3、SSH互信

cat<< EOF> /etc/ssh/sshl_config

Port 22

Protocol 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

HostKey /etc/ssh/ssh_host_ed25519_key

SyslogFacility AUTHPRIV

LoginGraceTime 2m

MaxAuthTries 6

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

PermitEmptyPasswords no

PasswordAuthentication yes

ChallengeResponseAuthentication no

GSSAPIAuthentication yes

GSSAPICleanupCredentials no

UsePAM yes

X11Forwarding yes

UseDNS no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

AcceptEnv XMODIFIERS

Subsystem sftp /usr/libexec/openssh/sftp-server

#AllowUsers jerry admin@61.23.32.23 #指定用户在哪可以登录服务器

#DenyUsers zhangsan lisi #拒绝那些用户登录

EOF

#重新启动ssh服务

Systemctl restart sshd

开启端口

netstat -anput |grep 22

4、一键安装配置VSFTP

#！/bin/bash

rpm -q vsftpd &>/dev/null

if [ $? -ne 0 ] ;

then yum install vsftpd -y &>/dev/null

echo "vsftpd install succseefully..."

else echo "vsftpd already install..."

cat << EOF > /etc/vsftpd/vuser.list

tom

123

jerry

123

mary

123

EOF

db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db #转化为伯克利格式

chmod 600 /etc/vsftpd/vuser*

useradd -d /var/vftp -s /sbin/nologin vuser #建立虚拟用户映射的系统用户及根目录

chmod 755 /var/vftp

#建立虚拟用户的PAM认证文件

cp /etc/pam.d/vsftpd /etc/pam.d/vupam

cat << EOF > /etc/pam.d/vupam

#%PAM-1.0

auth required pam_userdb.so db=/etc/vsftpd/vuser

account required pam_userdb.so db=/etc/vsftpd/vuser

EOF

mkdir /etc/vsftpd/vuconf

touch /etc/vsftpd/vuconf/tom

touch /etc/vsftpd/vuconf/jerry

touch /etc/vsftpd/vuconf/mary

cat << EOF > /etc/vsftpd/vuconf/jerry #虚拟用户权限

anon_upload_enable=YES

EOF

cat << EOF > /etc/vsftpd/vuconf/mary #虚拟用户权限

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

EOF

#创建文档目录

cd /var/vftp/

mkdir a b c

touch 1 2 3

cat << EOF > /etc/vsftpd/vsftpd.conf

listen=YES #开启侦听

listen_address=192.168.200.100 #地址

listen_port=21 #指令端口

connect_from_port_20=YES #数据端口

pasv_min_port=2222

pasv_max_port=2225

#pasv_addr_resolve=yes

#pasv_address=202.106.195.1

write_enable=YES #是否允许写入

xferlog_enable=YES #是否允许记录日志

xferlog_std_format=YES #日志格式，标准

xferlog_file=/var/log/xferlog

dual_log_enable=YES

vsftpd_log_file=/var/log/vsftpd.log

#pam_service_name=vsftpd

userlist_enable=YES

#userlist_deny=NO tcp_wrappers=YES

#max_clients=0

#max_per_ip=0

#匿名用户配置

anonymous_enable=YES

anon_umask=022

#anon_root=/var/ftp

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

#anon_other_write_enable=YES

#anon_max_rate=0

#认证用户配置

local_enable=YES

local_umask=022

#local_root=/var/ftp

allow_writeable_chroot=YES

chroot_local_user=YES # 锁定认证用户FTP根

#local_max_rate=0

guest_enable=YES

guest_username=vuser

pam_service_name=vupam

user_config_dir=/etc/vsftpd/vuconf

EOF

#启动vsftpd服务

systemctl restart vsftpd

systemctl enable vsftpd

netstat -antup | grep vsftpd &>/dev/null

if [ $? -eq 0 ]

then echo "VSFTPD start successfully..."

else echo "VSFTPD start failured..."

5、一键安装配置DNS

#!/bin/bash

rpm -q bind &>/dev/null

if [ $? -ne 0 ] ;

then yum install bind -y &>/dev/null

echo "dns install succseefully..."

else echo "dns already install..."

#改权限

chown named.named /etc/named.conf

chown named.named /var/named/*.zone

cat << EOF > /etc/named.conf

options {

listen-on port 53 { 127.0.0.1;any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursion yes;

allow-query { localhost;any; };

allow-query-cache { localhost;any; };

# allow-transfer {192.168.100.100;};

# forwarders {202.106.195.68;202.106.46.151;};

};

zone "jz.com"{ #定义区域名

type master; #定义区域类型（主要的）

file "jz.zone"; #定义区域数据文件名

};

#反向区域

zone "200.168.192.in-addr.arpa"{

type master;

file "192.168.200.zone";

};

EOF

#配置区域数据文件

echo '$TTL 86400

@ IN SOA lan.com. root.jz.com. (

2014032610 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS server.jz.com.

IN NS server1.jz.com.

IN MX 5 mail.jz.com.

server IN A 192.168.200.100

server1 IN A 192.168.200.101

www IN A 192.168.200.100

ftp IN A 192.168.200.100

mail IN A 192.168.200.100

' > /var/named/jz.zone

#配置反向区域数据文件

echo '$TTL 86400

@ IN SOA jz.com. root.jz.com. (

1997022710 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS server.jz.com.

IN NS server1.jz.com.

100 IN PTR server.jz.com.

101 IN PTR server1.jz.com.

100 IN PTR www.jz.com.

100 IN PTR ftp.jz.com.

100 IN PTR mail.jz.com.

' > /var/named/192.168.200.zone

#重启服务

systemctl restart named

systemctl enable named

netstat -antup | grep named &>/dev/null

if [ $? -eq 0 ]

thenecho "DNS start successfully..."

else echo "DNS start failured..."

6、一键安装配置WebMail

#!/bin/bash

rpm -q postfix dovecot &>/dev/null

if [ $? -ne 0 ] ;

then yum install postfix dovecot -y

echo "postfix dovecot install succseefully..."

else echo "postfix dovecot already install...

postfix=/etc/postfix/main.cf

dovecot=/etc/dovecot/dovecot.conf

auth=/etc/dovecot/conf.d/10-auth.conf

mail=/etc/dovecot/conf.d/10-mail.conf

ssl=/etc/dovecot/conf.d/10-ssl.conf

eno1=/etc/sysconfig/network-scripts/ifcfg-eno16777728

sed -i '76c myhostname = mail.jz.com' $postfix

sed -i '83c mydomain = jz.com' $postfix

sed -i '99c myorigin = $mydomain' $postfix

sed -i '113c inet_interfaces = all' $postfix

sed -i '116c #inet_interfaces = localhost' $postfix

sed -i '119c #inet_protocols = all' $postfix

sed -i '164c #mydestination = $myhostname, localhost.$mydomain, localhost' $postfix

sed -i '165c mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain' $postfix

sed -i '419c home_mailbox = Maildir/' $postfix

sed -i '24c protocols = imap pop3 lmtp' $dovecot

sed -i '10c disable_plaintext_auth = no' $auth

sed -i '24c mail_location = maildir:~/Maildir' $mail

sed -i '8c ssl = no' $ssl

systemctl restart postfix & > /dev/null

systemctl restart dovecot & > /dev/null

systemctl enable postfix & > /dev/null

ysytemctl enable dovecot & > /dev/null

#创建用户及密码

useradd jgh && echo "123"|passwd --stdin jgh

useradd lyq && echo "123"|passwd --stdin lyq

7、一键安装配置分布式LAMP平台

#!/bin/bash

Systemctl stop firewalld &>/dev/null #关闭防火墙

#LAMP平台

#L:linux A:apache M:mysql P:php

yum install http* mariadb* php* -y

#一、AWSTATS日志分析工具

awstats-7.6.tar.gz

通过网盘分享的文件：awstats-7.3.tar.gz
链接: https://pan.baidu.com/s/1iXWAjve1BSc7ZEXpdOMGAQ?pwd=awst 提取码: awst

tar zxvf awstats-7.0.tar.gz

cp -r awstats-awstats-7.6 /usr/local/awstats

mkdir /var/www/htm/jz

echo "www.jz.com" > /var/www/html/jz/index.html

vim /etc/httpd/conf.d/vhost.conf

DocumentRoot /var/www/html/jz

ServerName www.jz.com

</VirtualHost>

cd /usr/local/awstats/tools

./awstats_configure.pl

Need to create a new config file? #创建配置文件

/etc/httpd/conf/httpd.conf

#Your web site, virtual server or profile name: 输入

网站名

www.jz.com

Directory path to store config file(s) 保存配置文件的

路径，默认是/etc/awstats

Press ENTER to continue... 继续

Press ENTER to finish... 完成

vim /etc/awstats/awstats.www.jz.com.conf

LogFile="/var/log/httpd/access_log"

DirData="/var/lib/awstats"

mkdir /var/lib/awstats

cd /usr/local/awstats/wwwroot/cgi-bin

perl awstats.pl -update -config=www.jz.com

vim /etc/httpd/conf/httpd.conf

#配置文件的尾部

Options None

AllowOverride None

Order allow,deny

Allow from all

Require all granted #添加这一条

</Directory>

http://192.168.200.100/awstats/awstats.pl?

config=www.jz.com #验证

9、crontab -e

* */5 * * * perl /usr/local/awstats/wwwroot/cgi-

bin/awstats.pl -update -config=www.jz.com

二、phpMyAdmin 图形化数据库管理工具

包：phpMyAdmin-3.4.9-all-languages.tar.bz2

通过网盘分享的文件：phpMyAdmin-3.4.9-all-languages.tar.bz2
链接: https://pan.baidu.com/s/1pRHbiZVKMt3SlTNO3zufxA?pwd=phpm 提取码: phpm

cp -r phpMyAdmin-3.4.9-all-languages

/var/www/html/phpmyadmin

vim /etc/httpd/conf.d/vhost.conf

NameVirtualHost 192.168.200.100:80

DocumentRoot /var/www/html/jz

ServerName www.jz.com

</VirtualHost>

DocumentRoot /var/www/html/phpmyadmin

ServerName www.phpmyadmin.com

</VirtualHost>

systemctl restart httpd

cd /var/www/html/phpmyadmin

cp config.sample.inc.php config.inc.php #生成一个

配置文件

vim config.inc.php

$cfg['blowfish_secret'] = '123456' #密码

4.systemctl start mariadb

mysqladmin -u root password 123

#客户机验证

网站输入：www.phpmyadmin.com

三、discuz 论坛

包：Discuz_X3.4_SC_GBK.zip

#建立数据库及用户

mysql -u root -p123

create database bbsdb

grant all on bbsdb.* to bbsroot@localhost

identified by '123456'

#上传目录，调整权限

cp -r Discuz_X3.4_SC_GBK/upload/

/var/www/html/discuz

cd /var/www/html/discuz/

chown -R apache.apache config/ data/ uc_*

#编辑vhost.conf文件

vim /etc/httpd/conf.d/vhost.conf

NameVirtualHost 192.168.200.100:80

DocumentRoot /var/www/html/jz

ServerName www.jz.com

</VirtualHost>

DocumentRoot /var/www/html/phpmyadmin

ServerName www.phpmyadmin.com

</VirtualHost>

DocumentRoot /var/www/html/discuz

ServerName www.discuz.com

</VirtualHost>

systemctl restart httpd

#客户机安装

www.discuz.com

#为了安全给文件改名

cd /var/www/html/discuz

mv install/ woqutouta

8、一键加固系统安全

#!/bin/bash

for a in `cat /etc/passwd |grep "/bin/bash" |grep -v "root" |awk

-F: '{print $1}'`

do passwd -l $a

done

A=1

while [ $A -lt 4 ]

do useradd test$A

echo "CentOS" | passwd --stdin test$A

A=`expr $A + 1`

done

chattr +i /etc/{passwd,shadow,inittab,fstab}

echo "history -c" >> /root/.bash_logout

sed -i '55i TMOUT=20' /etc/profile

sed -i '56s/$/& TMOUT/g' /etc/profile /etc/profile && source /etc/profile

sed -i '1a test1 ALL=/sbin/*,!/sbin/ifconfig' /etc/sudoers

sed -i '/PASS_MAX_DAYS/cPASS_MAX_DAYS 30' /etc/login.defs

sed -i '/required/cauth required pam_wheel.so use_uid' /etc/pam.d/su

gpasswd -a test1 wheel

sed -i '14a password --md5 $1$ZdV4I$NRZ31c0MXd9F1u5yrDIf81' /boot/grub/grub.conf

touch /etc/nologin

sed -i '2,12s/^/#&/g' /etc/securetty

sed -i '14,23s/^/#&/g' /etc/securetty

echo "Welcome to !!!" > /etc/issue

echo "Welcome to !!!" > /etc/issue.net

9、一键配置IPTABLES+SQUID

主机防火墙脚本

#!/bin/bash

Yum install iptables-services –y &>/dev/null

service iptables start &>/dev/null

chkconfig iptables on

/sbin/sysctl -w net.ipv4.ip_default_ttl=111 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_syncookies=1 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_syn_retries=3 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_synack_retries=3 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_fin_timeout=60 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_max_syn_backlog=3200 &>/dev/null

/sbin/iptables -F

/sbin/iptables -X

/sbin/iptables -t nat -F

/sbin/iptables -t raw -F

/sbin/iptables -t mangle -F

/sbin/iptables -t filter –F

/sbin/iptables -P INPUT DROP

/sbin/iptables -A INPUT -p tcp -m multiport --dport 139,445,53,20,21,2222:2225,80,25,110,143 -j ACCEPT

/sbin/iptables -A INPUT -p udp -m multiport --dport 137,138,53 -j ACCEPT

service iptables save &>/dev/null

网络防火墙脚本

#!/bin/bash

Yum install iptables-services –y &>/dev/null

service iptables start &>/dev/null

chkconfig iptables on

/sbin/sysctl -w net.ipv4.ip_forward=1

/sbin/sysctl -w net.ipv4.icmp_echo_ignore_all=1

/sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1

/sbin/sysctl -w net.ipv4.ip_default_ttl=128 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_syncookies=1 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_syn_retries=3 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_synack_retries=3 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_fin_timeout=60 &>/dev/null

/sbin/sysctl -w net.ipv4.tcp_max_syn_backlog=3200 &>/dev/null

modprobe ip_nat_ftp

modprobe ip_conntrack_ftp

/sbin/iptables -F

/sbin/iptables -X

/sbin/iptables -t nat -F

/sbin/iptables -t raw -F

/sbin/iptables -t filter -F

/sbin/iptables -t mangle -F

/sbin/iptables -t nat -A POSTROUTING -o eno50332216 -j MASQUERADE

/sbin/iptables -t nat -A PREROUTING -i eno50332216 -p tcp -d 202.106.195.1 --dport 80 -j DNAT --to-destination 192.168.200.100

for ip in `cat /root/iplist`

do /sbin/iptables -t nat -I POSTROUTING -s $ip -j DROP

done

service iptables save &>/dev/null

SQUID 透明代理

#! /bin/bash

yum install squid -y &>/dev/null

echo "

#http_port 3128

cache_mem 64 MB

maximum_object_size 4096 KB

access_log /var/log/squid/access.log squid

cache_dir ufs /var/spool/squid 100 16 256

reply_body_max_size 10 MB all

http_port 192.168.100.1:3128 transparent

#http_port 202.106.195.1:80 vhost

#cache_peer 192.168.100.100 parent 80 0 originserver weight=5 max-conn=30

#cache_peer 192.168.100.101 parent 80 0 originserver weight=1 max-conn=8

acl lan src 192.168.100.0/24

#acl qqip dst 61.135.167.36

#acl qqname dstdomain .qq.com

#acl ipblock dst "/etc/squid/ipblock"

#acl dmblock dstdomain "/etc/squid/domainlock"

#acl work time MTWHFAS 8:30-17:30

#acl conn maxconn 20

#acl block1 url_regex -i ^rtsp:// ^mms://

#acl block2 urlpath_regex -i sex

#acl block3 urlpath_regex -i \.rmvb$ \.rm$ \.mp3$

#http_access deny lan qqip

#http_access deny lan qqname

#http_access deny lan ipblock

#http_access deny lan dmblock

#http_access deny lan conn

#http_access deny lan block1

#http_access deny lan block2

#http_access deny lan block3

#http_access allow lan work

http_access allow lan

#http_access allow all

http_access deny all" >/etc/squid/squid.conf

在IPTABLES中添加规则

/sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp -s 192.168.100.0/24 --dport 80 -j REDIRECT --to-ports 3128

service iptables save &>/dev/null

10、一键安装配置OPENVAS

为openvas软件包创建依赖关系

vim /etc/yum.repos.d/rhel-source.repo

[yum]

name=yum

baseurl=file:///mnt/cdrom

enabled=1

gpgcheck=0

#[openvas]

#name=openvas

#baseurl=file:///root/openvas

#enabled=1

#gpgcheck=0

yum install createrepo –y

createrepo openvas

打开上面yum配置文件然后取消里面的注释

Yum clean all

Yum list

openvas-manager #//负责与客户端Greebone程序通信，完成扫描任务、检测报告的提交等工作，默认端口为9390

openvas-scanner #//实际执行扫描的主服务，默认端口为9391

gsad #//负责提供Web访问界面，默认监听地址为127.0.0.1，端口为9392

openvas-administrator #//负责与openvas-manager、gsad通信，完成用户和配置管理等操作，默认监听地址为127.0.0.1，端口为9393

安装openvas服务的依赖包

yum install tcl-devel tk-devel graphviz* -y

rpm -ivh wordnet-3.0-13.el6.i686.rpm

rpm -ivh wordnet-devel-3.0-13.el6.i686.rpm

rpm -ivh --force --nodeps graphviz-python-2.26.0-7.el6.i686.rpm

rpm -ivh libksba8-1.0.3-17.el6.i686.rpm

安装openvas

yum install openvas –y

netstat -antup | grep 939*

启动openvas-scanner

通过网盘分享的文件：openvas-plugins-dfsg_20100705.orig.tar.gz
链接: https://pan.baidu.com/s/1zizVaLNScGI-JVYr7h00Zw?pwd=q747 提取码: q747

不知道能不能用，tar.bz2包没找到。

tar jxvf openvas-plugins.tar.bz2 -C /var/lib/openvas/

service openvas-scanner start

netstat -antup | grep 9391

启动openvas-manager

openvas-mkcert-client -n om –i

openvasmd --rebuild

yum install gsd –y

service openvas-manager start

netstat -antup |grep 9390

启动gsad

vim /etc/sysconfig/gsad（编辑这个配置文件）

将里面的GSA_ADDRESS=127.0.0.0更改为GSA_ADDRESS=0.0.0.0

service gsad restart（重新启动服务）

启动openvas-administrator

service openvas-administrator start

创建扫描用户、管理员用户

openvas-adduser

touch /var/lib/openvas/users/wcg/isadmin

11、一键安装配置CACTI

11.1、配置被监测端

yum install lm_sensors net-snmp –y

vim /etc/snmp/snmpd.conf

更改为com2sec notConfigUser 192.168.100.1 publicserver

更改为access notConfigGroup "" any noauth exact all none none

取消注释view all included .1 80

systemctl start snmpd / systemctl enable snmpd.service

11.2、配置监测端（RHEL6）

yum install lm_sensors net-snmp net-snmp-utils –y

service snmpd start

chkconfig snmpd on

yum install http* mysql* php* -y

service httpd start / chkconfig httpd on

service mysqld start / chkconfig mysqld on

yum install gcc libxml2-devel pango-devel libart_lgpl-devel –y

cd rrdtool-1.2.27

./configure --prefix=/usr/local&&make&&make install

11.3、安装cacti和APACHE

通过网盘分享的文件：cacti-0.8.7e-cn-utf8.tar.gz
链接: https://pan.baidu.com/s/124ffWhfEdGiGrtBVgQ7iJA?pwd=dmrc 提取码: dmrc

cacti-0.8.7b-cn-utf8.tar.gz

cp -r cacti-0.8.7b-cn-utf8 /var/www/html/cacti

vim /etc/httpd/conf/httpd.conf

DocumentRoot /var/www/html/cacti

ServerName www.cacti.com

</VirtualHost>

useradd -M -s /sbin/nologin cactiuser

cd /var/www/html/cacti

chown -R cactiuser.cactiuser rra log

11.4、配置mysql

mysql -u root –p

create database cactidb default character set utf8;

grant all on cactidb.* to cactiuser@localhost identified by '123456';

flush privileges;

quit

cd /var/www/html/cacti

mysql -u cactiuser -p123456 cactidb <cacti.sql

11.5、修改CACTI配置文件

vim /var/www/html/cacti/include/config.php

更改为$database_default = "cacti";

更改为$database_password = "cactiuser";

service mysqld restart / service httpd restart

11.6、安装cacti插件

通过网盘分享的文件：cacti-0.8.7e-cn-utf8.tar.gz
链接: https://pan.baidu.com/s/1uqW1DJMNSY0iocovm1hbLg?pwd=gwg6 提取码: gwg6

版本有点不同，可以试试。

复制这个软件包cacti-0.8.7b-cn-utf8.tar.gz到linux系统中

cd cacti-plugin-arch

mysql -u root -p123456 cactidb <pa.sql

复制这个文件cacti-plugin-0.8.7b-PA-v2.0-cn-utf8.diff 到linux系统中

Cd /var/www/html/cacti

patch -p1 -N </root/cacti-plugin-0.8.7b-PA-v2.0-cn-utf8.diff

复制monitor-0.8.2.tar、settings-0.5.tar、thold-0.3.9.tar这三个软件包到linux系统中

cd /var/www/html/cacti/plugins

tar zxvf /root/settings-0.5.tar.gz / tar zxvf /root/thold-0.3.9.tar.gz / tar zxvf /root/monitor-0.8.2.tar.gz

cd thold/

mysql -u root -p cactidb<thold.sql

cd ..

cd monitor/

mysql -u root -p cactidb<monitor.sql

vim /var/www/html/cacti/include/config.php

在?>的上面添加

$plugins = array( );

$plugins[ ] = "settings";

$plugins[ ] = "thold";

$plugins[ ] = "monitor";

service httpd restart

11.7、邮件预警功能

yum install postfix dovecot –y

cd /etc/postfix

vim main.cf

将注释取消并更改为myhostname =mail.md.com

将注释取消并更改为mydomain = md.com

取消注释myorigin = $mydomain

添加注释#inet_interfaces = localhost

取消注释inet_interfaces = all

取消注释home_mailbox = Maildir/

添加注释#mydestination = $myhostname, localhost.$mydomain, localhost

取消注释mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

service postfix start / service postfix restart

chkconfig postfix on

vim /etc/dovecot/dovecot.conf

取消注释protocols = imap pop3 lmtp

cd /etc/dovecot

cd conf.d

vim 10-auth.conf

取消注释并更改为disable_plaintext_auth = no

vim 10-mail.conf

取消注释mail_location = maildir:~/Maildir

vim 10-ssl.conf

取消注释并更改为ssl = no

service dovecot start

chkconfig dovecot on

useradd zxy

12、SVN（代码管理）

12.1、安装

yum install subversion -y #yum安装SVN

mkdir -p /opt/svn/repos #创建SVN版本库

svnadmin create /opt/svn/repos #生成SVN配置文件

12.2、编辑配置文件

vim /opt/svn/repos/conf/passwd

[users]

# harry = harryssecret

# sally = sallyssecret

myj= 123456 #添加一个SVN用户

#格式：用户名=密码

vim /opt/svn/repos/conf/authz

[/]

myj= rw #给用户myj在SVN根下读写权限

vim /opt/svn/repos/conf/svnserve.conf

#去掉以下几行前面的注释

anon-access = none #不改成none，windows下的SVN没有更新记录

auth-access = write #使授权用户有写权限

password-db = passwd #帐号和密码配置文件

authz-db = authz #访问控制文件

realm = /opt/svn/repos #认证命名空间。

12.3、配置完之后启动SVN

svnserve -d -r /opt/svn/repos

12.4、测试SVN是否能检出

客户机LAN

打开TortoiseSVN工具

在URL中输入svn://svn服务器的IP地址，然后点击“确定”

JMN。

关注

11
点赞
踩
28

收藏

觉得还不错? 一键收藏
0
评论
SVN代码管理服务

linux系统安装SVN服务
复制链接

扫一扫

SVN代码管理服务

3、SSH互信

5、一键安装配置DNS

7、一键安装配置分布式LAMP平台

11、一键安装配置CACTI

11.2、配置监测端（RHEL6）

11.3、安装cacti和APACHE

11.4、配置mysql

11.5、修改CACTI配置文件

11.6、安装cacti插件

11.7、邮件预警功能

12、SVN（代码管理）

12.1、安装

12.2、编辑配置文件

​​​​​​​ 12.3、配置完之后启动SVN

12.4、测试SVN是否能检出

12.3、配置完之后启动SVN