linux share anti complaints server

Yay, CentOS 6 still doesn’t by default include mcrypt in it’s distribution on repositories.

There is hope, EPEL to the rescue again:

You should see EPEL listed as the repos, then:

Also a few of you have mentioned you need to restart Apache. To do this:

Done.

If you want to do the same for CentOS 7 then simply use this instead:

**Please note the above download is for CentOS 6 x86_64 **

UPDATE 12/02/2013: Updated to Latest Link for EPEL 6.8
UPDATE 05/01/2015: Added the link for CentOS 7/EPEL 7.5

VMware virtual machine，Linux system to mount、Uninstall the new hard disk method
load：

1、Start vm，Select vm->Settings,Follow the wizard to add a SCSI disk。Into the Linux system。
2、 fdisk -l will see a new set,If you previously have a hard drive(sda1, sda3…),This should be added the new(/dev / sdb)。 (If you add a second hard drive is IDE hard disk,You should see hdb,If the SCSI hard disk,See is what should sdb)
[root@localhost ~]# fdisk -l

Disk / dev / sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev / sda1 * 1 13 104391 83 Linux
/dev / sda3 14 1044 8281507+ 83 Linux

Disk /dev/sdb: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdb doesn’t contain a valid partition table

3、Partition：
[root@localhost ~]# fdisk / dev / sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won’t be recoverable.

The number of cylinders for this disk is set to 1044.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS / 2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Command (m for help): m ## m press here ，Output will help；
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition ## which is to delete a partition action；
l list known partition types ##：l is to list the partition type，We set the type for the corresponding partition；
m print this menu
n add a new partition ## to add a partition；
o create a new empty DOS partition table
p print the partition table ## p listed in the partition table；
q quit without saving changes ##不保存退出；
s create a new empty Sun disklabel
t change a partition's system id ## t to change the partition type；
u change display/entry units
v verify the partition table
w write table to disk and exit ## of the partition table is written to disk and exit；
x extra functionality (experts only) ##Extended Application，Expert Features；

Command (m for help): n
Command action
e extended ## extended partition
p primary partition (1-4) ##Built selected p primary partition
p
Partition number (1-4): 1
First cylinder (1-17849, default 1): ##Note：This is the Start value partition；Here the best press enter，If you enter a non-default number，It will result in wasted space；
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-17849, default 17849): 8920
Using default value 500
##This is the definition of the size of the partition，+200M is the size of 200M ；Of course, you can also according to the size of the tip above the cylinder unit to count，Then specify the value End，In fdisk -l command can be seen in Units = cylinders of 16065 * 512 = 8225280 bytes，This unit is the size of the cylinder，I am here to choose the End value is 8920，Exactly half the total size，71G about

##Then come to build a primary partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (8921-17849, default 8921):8921
Using default value 8921
Last cylinder or +size or +sizeM or +sizeK (8921-17849, default 17849):17849
Using default value 17849
##Finally, save and exit，Remember，Be sure to save，Or will not take effect。
Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
##Use fdisk -l command to view disk status：
[root@localhost ~]# fdisk -l

Disk / dev / sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev / sda1 * 1 13 104391 83 Linux
/dev / sda3 14 1044 8281507+ 83 Linux

Disk /dev/sdb: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 1 8920 71649868+ 83 Linux
/dev/sdb2 8921 17849 71722192+ 83 Linux
##Disk / dev / sdb has been divided into two partitions，Each partition size is probably around 71G。

##Prior to mount the file system，You need to be / dev / sdb1 and / dev / sdb2 re-use mkfs -t ext3 formatted commands about，Otherwise the mount will complain。
4、Format the partition：Use mkfs.ext3 / dev / sdb command to format the disk Note：You can also use the mkfs -t ext3 / dev / sdb command
[root@localhost ~]# mkfs -t ext3 / dev / sdb1 ## refers to the disk formatted to ext3 file system
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
1048576 inodes, 2096474 blocks
104823 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2147483648
64 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

supplement:Mounting
Mounting File Systems，There are two methods：
First, through the mount to mount,Use mount mount system，Once the system is restarted will need to be remounted。
Second, through the / etc / fstab file to automatically mount the boot。
I put the / dev / sdb1 mount / test next
[root@localhost ~]# mkdir /test ## Firstly mounted directory test
(or[root@localhost ~]# cd /
[root@localhost ~]# mkdir test
)
[root@localhost ~]# df -h ## mounted in front of the partition
Filesystem Size Used Avail Use% Mounted on
/dev / mapper / VolGroup00-LogVol00
6.7G 5.8G 576M 92% /
/dev/sda1 99M 12M 82M 13% /boot
tmpfs 233M 0 233M 0% /dev/shm
[root@localhost ~]# mount /dev/sdb1 /test
[root@localhost ~]# Partition df -h ## mounted after
Filesystem Size Used Avail Use% Mounted on
/dev / mapper / VolGroup00-LogVol00
6.7G 5.8G 576M 92% /
/dev/sda1 99M 12M 82M 13% /boot
tmpfs 233M 0 233M 0% /dev/shm
/dev / sdb1 7.9G 147M 7.4G 2% /test
6、Via / etc / fstab file to automatically mount the boot(Otherwise, the system will not be saved after restart the computer before the mount operation):
[root@localhost ~]# vi / etc / fstab
/dev / VolGroup00 / LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/dev/sdb1 /test ext3 defaults 1 1
/dev/sdb2 /test ext3 defaults 1 1
# Beginning of the block added by the VMware software
.host:/ /mnt/hgfs vmhgfs defaults,ttl=5 0 0
# End of the block added by the VMware software
The first field：Equipment name，Here is the file system representation； Sometimes we mount a file system is also said to mount the partition；
The second field：File system mount point；
The third field：File System Types；
Fourth field：Mount command options，And the mount -o empathy；These options include defaults rw, south, dev, exec, auto, nouser, async；
Fifth field：Need to dump the file system backup，1Need，0 It is not required；
Sixth field： Whether at system startup，By fsck to check the file system disk detection tools，1Need，0It is not required，2Skip；

Uninstall：
[root@localhost ~]# umount /dev/sdb1
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev / mapper / VolGroup00-LogVol00
6.7G 5.8G 576M 92% /
/dev/sda1 99M 12M 82M 13% /boot
tmpfs 233M 0 233M 0% /dev/shm

Additional knowledge:
1. What can be used to mount the mount:
Different operating systems use different file system format。MS-DOS supports the FAT16 file system，Windows98 supports FAT16、FAT32 file system，WindowsNT支持FAT16、NTFS file system，Windows2000 supports FAT16、FAT32、NTFS three file system formats，Now xp supports FAT32, NTFS，The latest version now windows 7 It introduces a new WinFS file system。 The Linux support almost all file system format，But generally use ext2 or ext3 file system。Many users are using the windows operating system，If you want to access other file system resources to run under Linux if，We will use Linux mount command to achieve。
2. mount use format：
mount命令[-parameter] [Device Name] [Mount points]
Explanation：
[Mount points]It must be an existing directory，This directory can not be empty，But the latter mount the directory contents will not be available before，umount will return to normal after。
[Device Name] It can be a partition，A usb device，CD-ROM，floppy disk，Network sharing。
Common Parameter Description：
Mount Mount File System Help
Parameter Description
To mount the specified device type：adfs, affs, autofs, coda, coherent, cramfs,

devpts, efs, ext, ext2, ext3, hfs, hpfs, ISO9660, jfs, minix,

msdos, ncpfs, nfs, nfs4, ntfs, proc, qnx4, ramfs, reiserfs,

romfs, smbfs, sysv, tmpfs, perform, ufs, umsdos, vfat, xenix, xfs,

xiafs

General File Types，May not need to specify the same can be automatically detected (adfs, bfs,

cramfs, ext, ext2, ext3, hfs, hpfs, ISO9660, jfs, minix, ntfs,

qnx4, reiserfs, romfs, perform, ufs, vxfs, xfs, xiafs file system, etc.),Such as

If the probe fails，Will visit the / etc / filesystems ，Probe to the specified file system。Say

Bright：If you know the file system，Better to specify particular types。The catastrophic error detection

of。
Multiple file system can be used "，"Splitting off.

-t vfstype mount -a -t nomsdos,ext
Fstab file will mount all file systems specified，In addition to the type msdos and ext

That some of。
Common file types
1. ext2 linux file system currently used
2. msdos MS-DOS的fat，It is fat16 vfat
3. windows98 common fat32
4. nfs Network File System
5. smbfs windows sharing system
6. iso9660 CD-ROM disc standard file system
7. ntfs windows NT / 2000 / XP file system
8. auto automatic detection of the file system
Specifies the mount system options：Multiple options can be used”,”Segmentation. Some options only appear in the file / etc / fstab the only meaningful。The following options can be used to mount any file system(But not all file systems are concerned they，E.g，Today only option to sync ext2，ext3 and ufs effective)
Option Description
async all file system I / O operations must be done asynchronously。
Atime Update inode access times at each access。This is the default option。
auto can be mounted when using the -a option。
defaults contains the following options：rw, south, dev, exec, auto, nouser,async.
dev file system parsing character or block devices。
exec allow execution of binaries
_netdev file system residing on the need for network-connected devices,Avoid disconnection under，Consumption of resources continues to mount
noatime Do not update inode access time of the file system(Enhance the speed of the news server)
noauto only be explicitly mount,-You can not mount a
nodev not parse the file system of character or block devices
noexec not allowed to be loaded in the file system any binary file
nosuid Do not allow set-user-identifier or set-group-identifier bits to work
nouser prohibited ordinary mount a file system(default)
remount attempt to remount an already-mounted file system。Tag is used to change the mount，As indicated by the read-only mount into a read-write。
ro mounted read-only
rw mounted read-write
suid Allow set-user-identifier or set-group-identifier bits to work
-o options sync in a synchronized manner for I / O operations，A sudden power failure will not be lost data，But heavier burden disk
dirsync All directory updates within the file system should be done synchronously,Affects the following system calls：creat,link, unlink, symlink, mkdir, rmdir, mknod 以及 rename
user Allow an ordinary user to mount the file system,Mount's user name is written to mtab，So that he can unmount the file system again。This option implies the options noexec,nosuid, And nodev.
users allows each user to mount unmount the file system
codepage codepage = XXX code page
iocharset iocharset = XXX character set
loop maneuver mount devices are often used to mount iso file
username username = user access device user name
Password password password = pass access device
The following parameters are only useful for special file system：
uid / gid uid = value and gid = value to specific users and groups to mount system
Permissions mask ownmask ownmask = value owner rights
Permissions mask othmask othmask = value othmask rights
Different file systems supported by the system do not necessarily attribute。You can find relevant information
-a search / etc / fstab file in the file system to meet the conditions，Be mounted operation。
format： mount -a -t type -o options do not need to specify a device / directory
-f test mount system，Only check device and directory，Not really mount a file system
-n not to mount record，Recorded in the / etc / mtab file
-r The file system is mounted as read only，with(-a ro)
-w file systems mounted for read and write，with(-about rw)
-L label Mount the partition that has the specified label in the label
-w file systems mounted for read and write，with(-about rw)
-v display detailed progress mount
-l List system has a list of all mounted file

–bind the part of the file hierarchy remounted elsewhere. Only a single file system mount,
If there are other file system directory，Will not mount。If you need to mount all，Can use：–rbind parameters。
mount –bind olddir newdir 2 can access the system directory content
–move a directory moved to another place,mount –move olddir newdir
-h Display help
-V Display version

3. Common partition load method：
mount mount iso file：
#mkdir /mnt/iso1
#mount –o loop linuxsetup.iso /mnt/iso1
In linux virtual drive is not required，You can read the iso file directly。
mount to mount the CD system
Generally CDROM device file is / dev / hdc,how to use:
#mkdir /mnt/cdrom
#mount /dev/hdc /mnt/cdrom –o iocharset=cp936
The default does not specify the drive system，You can get automatic search,The coding is specified as Chinese
mount mount Floppy Drive
# mkdir /mnt/floppy
# mount /dev/fd0 /mnt/floppy
The default does not specify a file system，You can get automatic search
mount mount windows shared files(samba)
#mkdir /mnt/winshare
#mount -t smbfs -o username=w,password=w,codepage=936,iocharset=gb2312 //192.168.0.101/share /mnt/winshare
Specifies the user name to access the shared，password，codepage specifies the encoding and iocharset same meaning。Here windows system is Chinese Simplified。
codepage specifies the file system code page，Simplified Chinese Chinese code 936；iocharset specify the character set，Simplified Chinese ships with cp936 or gb2312
mount mount u disk
If your computer is under no other SCSI devices and peripherals usb case，Insert U disk device path is / dev / sda1，Command：
#mkdir / mnt / overlay
#mount / dev / sda1 / mnt / overlay
To mount。
mount nfs mount system
Connection windows share similar。We need to configure the nfs server service。Then the client：showmount -e 192.168.0.30 You can view the connection。
mount -t nfs 192.168.0.30:/tmp /mnt/nfs
umount unmount the file system
umount dir
As described above： umout / mnt / upan or umount / dev / sdb1

SSH login Xenserver。

1) Check the volume group information:
# vgdisplay

2) Write down VGname:
VG_XenStorage-a009e816-aa69-b507-71bf-b89409c63793

3) Create a logical volume allocation size and naming and formatting:
# lvcreate -L 20G -n iso VG_XenStorage-a009e816-aa69-b507-71bf-b89409c63793
# mkfs.ext3 /dev/VG_XenStorage-a009e816-aa69-b507-71bf-b89409c63793/iso

5) Create a local mount directory
# mkdir /iso

6) Edit / etc / fstab settings automatically mount the logical volume
# vi / etc / fstab

Add the following
/dev/VG_XenStorage-a009e816-aa69-b507-71bf-b89409c63793/iso /iso ext3 defaults 0 0

7) Mount the logical volume
# mount /iso

8) Create iso xenserver local library(SR store)
# xe sr-create name-label=iso type=iso device-config:location=/iso device-config:legacy_mode=true contente-type=iso

9) Xenserver mount iso
# xe-mount-iso-sr /iso -o bind

This process is completed，cd / iso wegt ISO file system，
After creating a virtual machine(VM)Time，In the process of installation media that you can choose to install to the corresponding mount iso。

#xe-toolstack-restart

Excuting an order：
# exim -bp | exiqgrep -i | xargs exim -Mrm
就可以删除 Exim 的邮件队列的所有邮件

查看所有邮件可使用命令：
# exim -bp

Panel cPanel server can also view and delete mail ConfigServer Mail Queues，More intuitive，But not as good as the high command when a large number of messages when efficiency。

purpose：In centos 5.4 system，Parted with the partition function 12T hard drive and formatted into ext4,12T divided into two partitions，A 7.5T,Another 4.5T.
In linux large disk partitions can not use the fdisk，2T only support MBR partition table disk，So more than 2T disk must use the GPT partition table。The following describes specific steps:
1.It is divided into two primary partitions

[root@localhost ~]# parted /dev/sdb # Using parted to GPT disks operation，Enter the interactive mode
GNU Parted 1.8.1 Using /dev/sdb Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted) mklabel gpt # The MBR disk to GPT format
(parted) print # print the current partition
(parted) mkpart primary 0 4.5TB # Points a 4.5T primary partition
(parted) mkpart primary 4.5TB 12TB # Points a 7.5T primary partition
(parted) print # print the current partition
(parted) quit 退出
Information: Don’t forget to update /etc/fstab, if necessary.

2.Then formatted into ext4,You need to install the package e4fsprogs.x86_64(yum install e4fsprogs.x86_64)To。

[root@localhost ~]# mkfs.ext4 /dev/sdb1
[root@localhost ~]# mkfs.ext4 /dev/sdb2

3.Then mount the partition with the mount

[root@localhost]# mount -t ext4 /dev/sdb1 /bk
[root@localhost]# mount -t ext4 /dev/sdb2 /mail
[root@localhost ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev / sda6 ext3 39G 9.4G 28G 26% /
/dev/sda1 ext3 122M 13M 103M 12% /boot
none tmpfs 1004M 0 1004M 0% /dev/shm
/dev/sdb1 ext4 4.1T 194M 3.9T 1% /bk
/dev / sdb2 ext4 6.8T 179M 6.4T 1% /mail

4.Last modified / etc / fstab，Add the following two lines，Let it boot automatically mount.

/dev/sdb1 /bk ext4 defaults,noatime 1 2
/dev/sdb2 /mail ext4 defaults,noatime 1 2

SSLv3 Vulnerability broke again，Google's new draft TLS_FALLBACK_SCSV Under yet unclear circumstances，SSLv3 is currently disabled Does not consider IE6 The workaround。

It does not show in the path in linux shell,Appears as -bash-4.1 # inconvenient to use them。

How to show the path of the shell it?

Proceed as follows:

vim ~/.bash_profile

(Do not bother .bash_profile This file has several，Their new one is also possible)

Add the final
export PS1='[\u@h W]\$’

And then do
source ~/.bash_profile

So you can show the path of the shell。

note:Maybe your server automatically update，See vulnerability. However, for security，Or if there is Recommendation testing.

This article is suitable for all VPS / dedicated server system update。

A few days agoLinuxOfficial Built Bash newly discovered a very seriousSafetyVulnerability (vulnerability Reference https://access.redhat.com/security/cve/CVE-2014-6271 ），Hackers could exploit the vulnerability Bash complete control of the target system and attack，To avoid having your Linux server Affected，SuggestAs soon as you complete the bug fixes，Repair methods are as follows，Please understand!

[Has been confirmed that the successful use of software andsystem】
All install GNU bash Less than or equal to version 4.3 of the Linux operating system。


[Vulnerability Description
The vulnerability stems from a special bash shell before you call createdsurroundingsvariable，These variables can contain code，SimultaneouslyBash will be executed。


[Vulnerability Detection]

SSH Run:

env t='() { :;}; echo You are vulnerable.’ bash -c “true”
Repair detected before:

If You are vulnerable，Unfortunately，Must be marked immediately security fixes

After use the patch program fixes
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
Special Note：The repair will not have any impact，If your script uses the above manner to define an environment variable，After repair your script execution error。

[Proposed] repair program

Please choose your in need of restoration order under Linux version， In order to prevent accidents from happening，We recommend that you execute the command before the first to make a snapshot of the Linux server system disk，If in case you are affected by upgradeserverUsage，You can roll back the system disk snapshot solve。

2.Fix the vulnerability approach

Ubuntu or Debian do

RedHat, CentOS or Fedora do

If there is no ftp prompt: -bash: ftp: command not found
Please install ftp application: yum install ftp
#ftp 127.0.0.1 21 Enter the remote space FTP IP and port number，Enter
Then follow the prompts to enter a user name and password!
ftp>lcd local working directory
ftp>cd remote directory
ftp>binary binary transmission
ftp> Byte counter tick the open transmission，Execute it again to close
ftp>mput file

FTP> bye (or by) the end and the remote computer linux ftp command parameters in linux in the ftp session and exit the command parameters。

FTP> cd change working directory on the remote computer。

FTP> get to use the current document conversion type remote document copy to the local computer。
format：get remote-file [local-file]

FTP >lcd change local working directory on your computer。by default，Working directory is the starting directory linux in the ftp command parameters。

format：lcd [directory]

FTP >ls display the remote directory files and subdirectories of the abbreviations list。

FTP >mdelete delete a document on the remote computer。
format：mdelete remote-files [ …]
Explanation：remote-files specified to delete the remote document。

FTP >mdir display a list of remote directory files and subdirectories。It can be used to specify multiple documents mdir。
format：mdir remote-files [ …] local-file
Explanation：remote-files you want to view a list of directories。必须指定 remote-files。Type - the current working directory on the remote computer。

1、Ftp server connection

format：ftp [hostname | ip-address]
a)Enter the command line in linux：ftp www.boluo.org
b)Ask your server user name and password，Enter the appropriate user name and password，It can be authenticated by。

2、download file

Download files usually get and mget two commands:

a) get format：get [remote-file] [local-file]
Transfer files from a remote host to the local host.
To get on the server /ftp/1.rar,then
ftp> get /ftp/1.rar 1.rar (Enter)

b) mget format：mget [remote-files]
A number of documents received from the remote host to the local host.
To get all the files on the server / ftp under,then
ftp> cd / ftp
ftp> mget *.* (Enter)

note：Files are downloaded to the current directory under linux host。

3、upload files

a) put format：put local-file [remote-file]
To transfer a local file to the remote host.
Should you local 1.zip sent to the remote host / ftp,And renamed 1.rar
ftp> put 1.zip /ftp1.rar (Enter)

b) mput format：mput local-files
Transferring a number of local host file to the remote host.
Should you local current directory rar files uploaded to the server / ftp under
ftp> cd / ftp (carriage return)
ftp> mput * .rar (Enter)

4、Disconnect

bye：Disconnected from the server。

Use iptables prevent php-ddos Foreign udp contract
Recently php-ddos flood，Especially weaving dreams bunch tunnel，you know，We can use iptables，Foreign prohibited php-ddos contract from the source。

Preferred need to allow UDP port services (such as DNS)

iptables -I OUTPUT -p udp –dport 53 -d 8.8.8.8 -j ACCEPT
iptables -I OUTPUT -p udp –dport 53 -d 8.8.4.4 -j ACCEPT

“53”，The desired UDP port DNS，"8.8.8.8" section of DNS IP，According to set up your server to set，If you do not know your current DNS IP server using，Get to execute the following command in the SSH：

cat /etc/resolv.conf |grep nameserver |awk 'NR == 1{print $2 }’

Inhibit the unit sends out a UDP packet

iptables -A OUTPUT -p udp -j DROP

When initial contact OpenVZ VPS is in the selection of，OpenVZ VPS is a lot cheaper than Xen。After getting to know the product found OpenVZ virtual operating system layer，And Xen、KVM、Huper-V and other virtualization products are two completely different levels。OpenVZ provides only a virtual environment (VE)，OpenVZ container called themselves (Container)，Xen、KVM to provide a virtual machine with the Hypervisor，OpenVZ for cheaper low-end VPS is indeed better，Xen and other virtualization products are generally used in the enterprise application center、Cloud computing platform。

Installation OpenVZ

surroundings：Use CentOS5.6_x86_64 operating system is installed on a single PC DELL。

 

Official website (http://wiki.openvz.org/) Gives a source yum to install on CentOS，We adjusted yum source，And for security issues，Support for OpenVZ kernel patch CentOS5 supported kernel version must be greater than or equal 2.6.18.308.8.2.el5，You can go here to see supported kernel versionhttp://wiki.openvz.org/Download/kernel。

[root@openvz yum.repos.d]# cd /etc/yum.repos.d
[root@openvz yum.repos.d]# wget http://download.openvz.org/openvz.repo
[root@openvz yum.repos.d]#uname -r
2.6.18-238.9.1.el5
[root@openvz yum.repos.d]#yum install kernel.x86_64 # upgrade the kernel to 2.6.18.308，
[root@openvz yum.repos.d]#uname -r
2.6.18-308.8.2.el5

[root@openvz yum.repos.d]#cat openvz.repo #修改openvz源，Ensure that the following are selected by default version 6.2

[openvz-utils]
name = OpenVZ utilities
# = Baseurl<a href="http://download.openvz.org/current/">http://download.openvz.org/current/</a>
mirrorlist=<a href="http://download.openvz.org/mirrors-current">http://download.openvz.org/mirrors-current</a>
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-rhel5]
name = OpenVZ kernel-based RHEL5
# = Http baseurl://download.openvz.org/kernel/branches/rhel5-2.6.18/current/
mirrorlist=http://download.openvz.org/kernel/mirrors-rhel5-2.6.18
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[root@openvz ~]# yum install ovzkernel -y # kernel installed openvz
[root@openvz ~]# Two common tools yum install vzctl vzquota # installation of openvz

Because we need to access the external network of VE，So here to open the packet forwarding，We will talk later。

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@openvz ~]#

See grub.conf default boot kernel settings

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title OpenVZ (2.6.18-308.8.2.el5.028stab101.1)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-308.8.2.el5.028stab101.1 ro root = LABEL = / selinux = 0 # already closed automatically set up selinux
        initrd /initrd-2.6.18-308.8.2.el5.028stab101.1.img
[root@openvz ~]# init 6

Ensure vz service boot

[root@openvz ~]# service vz status
OpenVZ is running...
[root@openvz ~]# chkconfig --list vz
vz                 0:off    1:off    2:on    3:on    4:on    5:on    6:off
[root@openvz ~]#

Installation Manager VE

OpenVZ is using to manage the VE vzctl，Let's look at the detailed command。

[root@openvz ~]# vzctl
vzctl version 3.3
Copyright (C) 2000-2012, Parallels, Inc.
This program may be distributed under the terms of the GNU GPL License.
Usage: vzctl [options] <command> <ctid> [parameters]
vzctl create <ctid> [--ostemplate <name>] [--config <name>]
   [--layout ploop|simfs] [--hostname <name>] [--name <name>] [--ipadd <addr>]
   [--diskspace <kbytes>] [--private <path>] [--root <path>]#创建VE
vzctl start <ctid> [--force] [--wait]#启动VE
vzctl destroy | mount | umount | stop | restart | status <ctid>#关闭VE
vzctl convert <ctid> [--layout ploop[:mode]] [--diskspace <kbytes>]
vzctl quotaon | quotaoff | quotainit <ctid>#Setting qutoa
vzctl console <ctid> [ttyno]#进入VE
vzctl enter <ctid> [--exec <command> [arg ...]]#进入VE
vzctl exec | exec2 <ctid> <command> [arg ...]#Do not enter under the command VE VE execution
vzctl runscript <ctid> <script>#Execute the script for the VE
vzctl chkpnt <ctid> [--dumpfile <name>]#Save the file to the state of VE
vzctl restore <ctid> [--dumpfile <name>]#Restore from file VE state
vzctl set <ctid> [--save] [--force] [--setmode restart|ignore]
   [--ram <bytes>[Transitional]] [--swap <bytes>[Transitional]]#Setting RAM
   [--ipadd <addr>] [--ipdel <addr>|all] [--hostname <name>]#Adding and deleting IP
   [--nameserver <addr>] [--searchdomain <name>]#指定nameserber和sercherdomain
   [--onboot yes|no] [--bootorder <N>]#Setting the boot
   [--userpasswd <user>:<passwd>]#Modify the user's password VE
   [--cpuunits <N>] [--cpulimit <N>] [--cpus <N>] [--cpumask <cpus>]
   [--diskspace <soft>[:<hard>]] [--diskinodes <soft>[:<hard>]]
   [--quotatime <N>] [--quotaugidlimit <N>]
   [--noatime yes|no] [--capability <name>:on|off ...]
   [--devices b|c:major:minor|all:r|w|rw]
   [--devnodes device:r|w|rw|none]
   [--netif_add <ifname[,mac,host_ifname,host_mac,bridge]]>]#Adding bridging device
   [--netif_del <ifname>]#Remove bridging device
   [--applyconfig <name>] [--applyconfig_map <name>]
   [--features <name:on|off>] [--name <remote>] [--ioprio <N>]
   [--pci_add [<domain>:]<bus>:<slot>.<func>] [--pci_del <d:b:s.f>]
   [--iptables <name>] [--disabled <yes|no>]#VE firewall settings
   [UBC parameters]

Install a Guest，OpenVZ official recommended installation method，Download its optimized operating system archive，To install。OpenVZ operating system stored on the archive location is / vz / template / cache /。OS archive download addresshttp://wiki.openvz.org/Download/template/precreated 。I am here to download the CentOS5_X84_64，For installation testing。

[root@openvz ~]# ll /vz/template/cache/
total 188092
-rw-r--r-- 1 root root 192411846 Jul 19 02:08 centos-5-x86_64.tar.gz
[root@openvz ~]# vzctl create 2 --ostemplate centos-5-x86_64 --hostname centos01
Creating container private area (centos-5-x86_64)
Performing postcreate actions
CT configuration saved to /etc/vz/conf/2.conf#配置文件保存为/etc/vz/下的2.conf
Container private area was created
[root@openvz ~]#

Use OS template centos-5-x86_64 installation ID of the VE 2，Host name centos01，After the installation is complete, you need to modify the default configuration file，Restart VE。

Setting VE boot from the start、Setting IP、DNS settings、RAM、Set the disk size

[root@openvz ~]# vzctl set 2 --onboot yes
WARNING: Settings were not saved to config (use --save flag) #Prompts to save the configuration files need --save
[root@openvz ~]# vzctl set 2 --onboot yes --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save#此时还不能使用
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --nameserver 10.20.1.6 --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl set 2 --ram 345 --save
Error: kernel does not support vswap, unable to use --ram/--swap parameters
Error parsing options  #内核不支持
[root@openvz ~]# vzctl set 2 --diskspace 3G:3G --save
CT configuration saved to /etc/vz/conf/2.conf
[root@openvz ~]# vzctl start 2 # to start the ID of VE 2
Starting container ...
Container is mounted
Adding IP address(is): 192.168.221.2
Setting CPU units: 1000
Container start in progress...
[root@openvz ~]#

Use vzlist View VE

[root@openvz ~]# vzlist 2
      CTID      NPROC STATUS    IP_ADDR         HOSTNAME
         2         12 running   192.168.221.2   centos01

Sign VE、退出 VE、Restart the VE、Start VE、Close VE、Off VE

[root@openvz ~]# vzctl enter 2
[root@centos01 /]# exit
[root@openvz ~]# vzctl restart 2
[root@openvz ~]# vzctl start 2
[root@openvz ~]# vzctl stop 2
[root@openvz ~]# vzctl destroy 2

Not landing VE，Excuting an order、Execute scripts

[root@openvz ~]# vzctl  exec 2  ifconfig # View card information without logging VE
[root@openvz ~]# vzctl  runscript 2 Scriptname # script on the server

Calculation of consumption VE

[root@openvz ~]# vzcalc -v 2

VE modify the root password

[root@openvz ~]# vzctl exec 2 passwd # enter the password twice
[root@openvz ~]# vzctl set 2  --userpasswd root:123456#Directly modify the password is 123456

 

VE Network

The method according to the direct addition of IP，VE access the Internet There are two ways to achieve。One is to open the base unit (the term used machine tools，Really better distinguish) packet forwarding function，VE and base unit using the same IP segment，In this way independent of VPS is the use of IP，VE has its own external network IP，Users can log in to manage your VPS；Another is to use the routing forwarding，Source NAT firewalls do snat，VE private IP，In this case，VE can access the Internet,However, the external network can not directly access the internal network VE。

method one：Public IP

Open packet forwarding

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1

To take effect

[root@openvz ~]# /sbin/sysctl -p
net.ipv4.ip_forward = 1

VE configure or modify the IP，This IP and machine tools in the same paragraph (VPS is used in public IP)。

[root@openvz ~]# ifconfig # IP machine tools
eth0 Link encap:Ethernet  HWaddr 00:0C:29:FD:E4:AA 
          inet addr:10.20.100.141  Bcast:10.20.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35535 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8399 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3534995 (3.3 MiB)  TX bytes:934525 (912.6 KiB)
          Interrupt:59 Base address:0x2000
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:784 (784.0 b)  TX bytes:784 (784.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:494 errors:0 dropped:0 overruns:0 frame:0
          TX packets:283 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:37807 (36.9 KiB)  TX bytes:23312 (22.7 KiB)
[root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save # modify or set of IP VE，

Test VE Network

[root@openvz ~]# vzctl exec 2 ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:224 errors:0 dropped:0 overruns:0 frame:0
          TX packets:292 errors:0 dropped:53 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18572 (18.1 KiB)  TX bytes:23106 (22.5 KiB)
venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.20.100.146  P-t-P:10.20.100.146  Bcast:10.20.100.146  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
[root@openvz ~]# vzctl exec 2 ping www.baidu.com
PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data.
64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.2 ms
64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 ms

Second way：Private IP，Sanat

Open packet forwarding

[root@openvz ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1

To take effect

[root@openvz ~]# /sbin/sysctl -p
net.ipv4.ip_forward = 1

VE modify the IP，This IP is private IP

[root@openvz ~]# vzctl set 2 --ipdel 10.20.100.146 --100 paragraph deleted before the IP save #
[root@openvz ~]# vzctl set 2 --ipadd 10.20.102.146 --save # modify or set the IP，Machine tools and IP segments different

Open SNAT

[root@openvz ~]# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

or

[root@openvz ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.20.100.141
[root@openvz ~]# iptables -t nat -L # Check NAT Policy
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
SNAT       all  --  anywhere             anywhere            to:10.20.100.141
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

View VE Network

[root@openvz ~]# vzctl exec 2 ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          Loopback UP RUNNING MAN:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:407 errors:0 dropped:53 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:26810 (26.1 KiB)  TX bytes:33397 (32.6 KiB)
venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:10.20.102.146  P-t-P:10.20.102.146  Bcast:10.20.102.146  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
[root@openvz ~]#

VE Network Testing

[root@openvz ~]# vzctl exec 2 ping www.baidu.com
PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data.
64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.0 ms
64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 ms
[root@openvz ~]#

If you are buying a US LINUX VPS Xen or Xen other countries LINUX VPS，Then，Preferred view and you need to set the time zone：

How to view Xen LINUX VPS time zone?
date -R

Get results similar to the following：
Mon, 05 Sep 2011 16:29:08 +0800

If the rearmost section is not +800，So what do you like to set the time zone，When setting up Xen LINUX district follows：

rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

So your Linux VPS time zone has been set to Chinese Shanghai - the 8th time zone。

sometimes，Buy Xen Linux VPS not only time zone，And the system time is also a big difference，Sometimes related hours。
How to modify Xen Linux VPS time? You need to use ntp time synchronization software to synchronize system time VPS。(If you are Xen VPS or dedicated server，Then you can modify，If OpenVZ VPS，You can not be modified,Modify the server room can only be called the mother of time。）

The method of command is as follows：

yum install -y ntp

vi /etc/sysctl.conf

xen.independent_wallclock = 1 # and the increase in the file save and exit

sysctl -p # we must remember that this step，Otherwise, do not take effect。

ntpdate us.pool.ntp.org

reuse

date -R confirm whether the time is corrected.

Such a good time synchronization。

CentOS iptables firewall configuration of a key
Hands several VPS too complicated to configure iptables，Zhu brother LNMP saw a script to automatically configure iptables firewall script，Borrowed changed a bit，To those who need to use；
Only common port settings，If you have special needs or simply add their own to reduce the corresponding port；

how to use：

wget -c http://ph4ntasy.googlecode.com/files/iptables.sh
chmod +x iptables.sh
./iptables.sh
Setting iptables at startup：

chkconfig –level 345 iptables on
Complete Shell：

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
function support_distro(){
if [ -from “`egrep -i “centos” /etc/issue`” ];then
echo “Sorry,iptables script only support centos system now.”
exit 1
be
}
support_distro
echo “============================iptables configure============================================”
# Created by Centos.bz Modified by ph4ntasy.com
# Only support CentOS system
# Get SSH port
if grep “^Port” /etc/ssh/sshd_config>/dev/null;then
sshdport=`grep “^Port” /etc/ssh/sshd_config | but “s/Ports//g” `
else
sshdport = 22
be
# Obtain DNS server IP
if [ -s /etc/resolv.conf ];then
nameserver1=`cat /etc/resolv.conf |grep nameserver |awk 'NR == 1{print $2 }’`
nameserver2=`cat /etc/resolv.conf |grep nameserver |awk 'NR == 2{print $2 }’`
be
IPT=”/sbin/iptables”
# Delete an existing rule
$IPT –delete-chain
$IPT –flush
# Feed ban,Allow the,Allow loopback adapter
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
# Allow the passage of established or related connections
$IPT -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
# Limit a single IP port 80 the maximum number of connections to 10
$IPT -I INPUT -p tcp –dport 80 -m connlimit –connlimit-above 10 -j DROP
# Allow 80(HTTP)/873(RSYNC)/443(HTTPS)/20,21(FTP)/25(SMTP)Connection port
$IPT -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp –dport 873 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp –dport 20 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp –dport 25 -j ACCEPT
# Allow SSH port connection,Script automatically detects the current SSH port,Otherwise, the default is 22 port
$IPT -A INPUT -p tcp -m tcp –dport $sshdport -j ACCEPT
# Allow ping
$IPT -A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
$IPT -A INPUT -p icmp -m icmp –icmp-type 11 -j ACCEPT
# Allow DNS
[ ! -from “$nameserver1” ] && $IPT -A OUTPUT -p udp -m udp -d $nameserver1 –dport 53 -j ACCEPT
[ ! -from “$nameserver2” ] && $IPT -A OUTPUT -p udp -m udp -d $nameserver2 –dport 53 -j ACCEPT
# Save the rule and restart IPTABLES
service iptables save
service iptables restart
echo “============================iptables configure completed============================================”

Use iptables prevent php-ddos Foreign udp contract
Recently php-ddos flood，Especially weaving dreams bunch tunnel，you know，We can use iptables，Foreign prohibited php-ddos contract from the source。

Preferred need to allow UDP port services (such as DNS)

iptables -I OUTPUT -p udp –dport 53 -d 8.8.8.8 -j ACCEPT
iptables -I OUTPUT -p udp –dport 53 -d 8.8.4.4 -j ACCEPT
“53”，The desired UDP port DNS，"8.8.8.8" section of DNS IP，According to set up your server to set，If you do not know your current DNS IP server using，Get to execute the following command in the SSH：

cat /etc/resolv.conf |grep nameserver |awk 'NR == 1{print $2 }’
Inhibit the unit sends out a UDP packet

iptables -A OUTPUT -p udp -j DROP