- CD install add tab scssi
hpsa.hpsa_simple_mode=1 hpsa.hpsa_allow_any=1 - CD rescue option
rescue hpsa.hpsa_simple_mode=1 hpsa.hpsa_allow_any=1 - chroot /mnt/sysimage
# /etc/default/grub
GRUB_CMDLINE_LINUX=”………. rhgb quiet hpsa.hpsa_simple_mode=1 hpsa.hpsa_allow_any=1″
# grub2-mkconfig -o /boot/grub2/grub.cfg - exit to reboot
- # yum check-update
- # yum update
vi /etc/bashrc
alias vi=vim
source /etc/bashrc
wget -O /usr/share/vim/vim74/colors/molokai.vim https://raw.github.com/tomasr/molokai/master/colors/molokai.vim
vi /etc/vimrc
:colorscheme molokai
noop 스케줄러사용 SSD 혹은 RAID
echo noop > /sys/block/sda/queue/scheduler
cat /sys/block/sda/queue/scheduler
vi /etc/logrotate.conf
daily
- ssh enable
# systemctl status sshd
서비스 소켓타입변경 sshd.service disable sshd.socket enable
# vi /etc/ssh/sshd_config – root로긴제한 permit no 반드시추가
GSSAPIAuthentication no
UseDNS no
런레벨 확인 systemctl get-default
런레벨 3으로 변경 systemctl set-default multi-user.target
3레벨 바로 변경 systemctl isolate multi-user.target
ssh pam.d 설정
# vi /etc/pam.d/login
session required pam_limits.so 추가
# vi /etc/security/limits.conf – 터미널 하나만- hard maxlogins 1 탭으로띄우기
# vi /etc/pam.d/su – su 제한
auth required pam_wheel.so user_uid 주석제거
# vi /etc/security/access.conf – 로그인제한
-:ALL except root user1 : ALL 추가
pam.d/login , pam.d/sshd -> account required pam_access.so 추가
- hard maxlogins 1 탭으로띄우기
- firewall
서비스확인 # firewall-cmd –permanent –list-all - fail2ban
# yum install epel-release – 에펠저장소설치
# yum install fail2ban
vi /etc/fail2ban/jail.d/local.conf
systemctl enable, start fail2ban
스왑사용 막기echo 0 > /proc/sys/vm/swappiness
semanageyum install policycoreutils-python
- mariadb 10.1 repo 추가
vi /etc/yum.repos.d/MariaDB.repo
mysql_secure_installation
my.cnf.d/* 설정
systemctl status mariadb.service
grant all privileges on wp_gldigital.* to ‘phobe’@’localhost’ identified by ”;
grant all privileges on wp_gldigital.* to ‘phobe’@’localhost’;
systemctl enable mariadb.service
semanage 확인 80 443 9000
semanage port -l | grep 9000
http 컨텍스트 확인
semanage fcontext -l | grep httpd_sys_content_t
chcon -R -t httpd_sys_content_t /usr/share/nginx/html
http 메일확인 및 활성
getsebool httpd_can_sendmail
setsebool httpd_can_sendmail true
http포트확인
semanage port -l | grep http_port_t
포트추가 및 제거
semanage port -a -p tcp -t http_port_t 800
semanage port -d -p tcp 800
파일컨텍스트추가 및 삭제 및 확인
semanage fcontext -a -t httpd_sys_content_t “/www(/.)?” semanage fcontext -d “/www(/.)?”
semanage fcontext -l | grep httpd_sys_content_t
semanage fcontext -a -t httpd_sys_content_t "/www(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/www(/.*)?/public_html/wp-content(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/www(/.*)?/public_html/wp-config\.php"- Nginx repo
vi /etc/nginx/nginx.conf
vi /etc/nginx/conf.d/default.conf
ln -s /usr/share/nginx/html /etc/nginx/html
/var/run/nginx root.root -> chown nginx.root /var/run/nginx/ - php-fpm
wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm -Uhv remi-release-7.rpm
yum –enablerepo=remi-php70 install php70-php-pear php70-php-bcmath php70-php-pecl-jsond-devel php70-php-mysqlnd php70-php-gd php70-php-common php70-php-fpm php70-php-intl php70-php-cli php70-php php70-php-xml php70-php-opcache php70-php-pecl-apcu php70-php-pecl-jsond php70-php-pdo php70-php-gmp php70-php-process php70-php-pecl-imagick php70-php-devel php70-php-mbstring php70-php-mcrypt php70-php-suhoshin php70-php-pecl-memcached.x86_64 php70-php-soap ln -s /opt/remi/php70/root/usr/bin/php /usr/bin/php
ln -s /etc/opt/remi/php70/php.ini /etc/php.ini
ln -s /etc/opt/remi/php70/php.d /etc/php.d
ln -s /etc/opt/remi/php70/php-fpm.d /etc/php-fpm.d
ln -s /etc/opt/remi/php70/php-fpm.conf /etc/php-fpm.conf /etc/php-fpm.conf /var/run/php-fpm 위치변경 –> pid socket 생성위치변경 /var/run
/etc/logrotate.d/php70-php-fpm 로그로테이트 pid위치변경 /var/opt/remi/php70/run/php-fpm/php-fpm.pid –> /var/run/php-fpm.pid
logrotate nginx rotate 52 변경 rotate 52 –> rotate 4 ?ln -s /var/opt/remi/php70/run/php-fpm /var/run/php-fpm
?chown nginx.root /var/opt/remi/php70/run/php-fpm (root:root 755)
?chmod 775 /var/opt/remi/php70/run/php-fpm ln -s /var/opt/remi/php70/log/php-fpm /var/log/php-fpm
ln -s /var/opt/remi/php70/lib/php /var/lib/php
chown root.nginx /var/opt/remi/php70/lib/php/* (root:apache 770)
chown phobe.root /var/opt/remi/php70/log/php-fpm 770 (apache:root 770) vi /etc/php.d/40-suhoshin.ini
PHP에서 서브도메인간 세션 값이 지워지는 문제
suhosin.cookie.cryptdocroot=Off
suhosin.session.cryptdocroot=Off
opcache 비활성
opcache.enable=0
opcache.enable_cli=0 yum install memcached
vi /etc/sysconfig/memcached
CACHESIZE=”256″
systemctl start memcached.service
systemctl enable memcached.service
memcached-tool 127.0.0.1:11211 stats
? Add the following entry to allow the incoming connection on port no 11211
firewall-cmd –permanent –zone=public –add-port=11211/tcp
echo stats | nc [memcache_host_name_or_ip] 11211 memcached 설정
save_handler and save_path are defined
; for mod_php, in /etc/httpd/conf.d/php.conf
; for php-fpm, in /etc/opt/remi/php70/php-fpm.d/*conf
session.save_handler=memcached
session.save_path = “127.0.0.1:11211″ or session.save_path=”localhost:11211”
? firewall-cmd –permanent –zone=trusted –add-interface=lo
? firewall-cmd –permanent –zone=trusted –add-port=11211/tcp
? firewall-cmd –reload vi /etc/php.ini
sort_tag on
session.save_handler = memcached 추가
[Date]절에 date.timezone = “Asia/Seoul”
cgi.fix_pathinfo=0
php.ini파일에서 용량과 관련하여 설정해 주어야 하는 부분은 5부분
file_uploads = On
upload_max_filesize = 20M
post_max_size = 20M
max_execution_time = 300 ( 0 무한대)
memory_limit = ?M (128?)
memory_limit > post_max_size > upload_man_filesize
vi /etc/php-fpm.d/*.conf LimitRequestBody 값조정 - logrotate daily 변경
cron /etc/security/access.conf 수정 - tmp 파일 tmpfs처리 -> 램마운트
systemctl enable tmp.mount - samba 설정
semanage fcontext -l | grep samba_share_t
httpd랑 겹칩디렉도리
setsebool samba_export_all_rw on <–OS이외디렉터리
