Home | Mirror | Search

第 17 章 常用工具

目錄

1. 自動化腳本
1.1. Install Script
1.2. FTP User Script
1.3. SVN User Script

1. 自動化腳本

1.1. Install Script

			
#!/bin/bash
#================================================================================
# LAMP Installing script by Neo <openunix@163.com>
# http://netkiller.sourceforge.net/
# $Id: chapter.operations.utility.xml 500 2012-12-04 09:01:55Z netkiller $
#================================================================================
SRC_DIR=$(pwd)
PREFIX_DIR=/srv
HTTPD_SRC=httpd-2.2.17.tar.gz
PHP_SRC=php-5.3.5.tar.gz
MYSQL_SRC='mysql-5.5.9.tar.gz'
MYSQL_LIBS_SRC='mysql-5.1.50.tar.gz'
MYSQL_BIN='mysql-5.1.50-linux-x86_64-glibc23.tar.gz'
JAVA_BIN='jdk-6u20-linux-x64.bin'
#================================================================================
HTTPD_DIR=${HTTPD_SRC%%.tar.gz}
PHP_DIR=${PHP_SRC%%.tar.*}
MYSQL_DIR=${MYSQL_SRC%%.tar.*}
MYSQL_LIBS_DIR=${MYSQL_LIBS_SRC%%.tar.*}

#================================================================================

if [ -z "$( egrep "CentOS|Redhat" /etc/issue)" ]; then
	echo 'Only for Redhat or CentOS'
	exit
fi

function clean(){
        rm -rf $HTTPD_DIR
        rm -rf $PHP_DIR
        rm -rf $MYSQL_DIR
        rm -rf $MYSQL_LIBS_DIR
}

function tools(){
	yum install wget telnet tcpdump -y
}
function ntp(){
	yum install ntp -y

vim /etc/ntp.conf <<VIM > /dev/null 2>&1
:17,17s/^/server 172.16.1.10\r/
:wq
VIM

	service ntpd start
	chkconfig ntpd on
}
function snmp (){
	yum install net-snmp -y

vim /etc/snmp/snmpd.conf <<VIM > /dev/null 2>&1
:62,62s/systemview/all/
:85,85s/^#//
:wq
VIM

	service snmpd start
	chkconfig snmpd on
}
function depend(){
        yum install gcc gcc-c++ make autoconf -y
        yum install curl-devel libmcrypt-devel gd-devel libjpeg-devel libpng-devel libXpm-devel libxml2-devel libxslt-devel openldap-devel -y
        yum install ncurses-devel -y
#        yum install mysql-devel -y
        yum install libevent-devel -y

	yum install e4fsprogs -y
	yum install net-snmp-devel -y
	yum install setuptool ntsysv system-config-network-tui -y
	rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
}

function mysql(){
rm -rf $MYSQL_DIR
tar zxf $MYSQL_SRC
cd $MYSQL_DIR
./configure \
--prefix=$PREFIX_DIR/$MYSQL_DIR \
--with-mysqld-user=mysql \
--with-unix-socket-path=/tmp/mysql.sock \
--with-charset=utf8 \
--with-collation=utf8_general_ci
--with-extra-charsets=complex \
--with-big-tables \
--with-readline \
--with-ssl \
--with-embedded-server \
--with-plugins=innobase \
--with-mysqld-user=mysql \
--without-ndb-debug \
--without-debug \
--without-bench
--without-docs \
--localstatedir=/data/mysql/data \
--enable-assembler \
--enable-thread-safe-client \
--enable-local-infile \

make clean
make && make install
cd ..

ln -s $PREFIX_DIR/$MYSQL_DIR $PREFIX_DIR/mysql
$PREFIX_DIR/$MYSQL_DIR/bin/mysql_install_db --user=mysql
chown mysql.mysql -R $PREFIX_DIR/$MYSQL_DIR
cp $PREFIX_DIR/src/$MYSQL_DIR/support-files/mysql.server /etc/init.d/mysql
/etc/init.d/mysql start
$PREFIX_DIR/$MYSQL_DIR/bin/mysqladmin -u root password '9S5wxCVPMY'
}
function httpd(){
rm -rf $HTTPD_DIR
tar zxf $HTTPD_SRC
cd $HTTPD_DIR
./configure --prefix=$PREFIX_DIR/$HTTPD_DIR \
--with-mpm=worker \
--enable-modules="so dir mime rewrite deflate vhost_alias include" \
--enable-mods-shared="alias filter expires headers  setenvif status info ssl usertrack cache mem-cache file-cache disk-cache version mod_unique_id " \
--disable-authn_file \
--disable-authn_default \
--disable-authz_groupfile \
--disable-authz_user \
--disable-authz_default \
--disable-auth_basic \
--disable-version \
--disable-env \
--disable-autoindex \
--disable-asis \
--disable-cgid \
--disable-cgi \
--disable-negotiation \
--disable-actions \
--disable-userdir \
--enable-so \
--enable-file-cache \
--enable-cache \
--enable-disk-cache \
--enable-mem-cache \
--enable-expires \
--enable-headers \
--enable-ssl \
--enable-info \
--enable-rewrite

#--with-mpm=worker \
#--enable-so \
#--enable-mods-shared=all \
#--disable-alias
#--disable-include \
#--disable-status \

make clean
make && make install
cd ..
ln -s $PREFIX_DIR/$HTTPD_DIR $PREFIX_DIR/httpd
ln -s $PREFIX_DIR/httpd $PREFIX_DIR/apache

cp $PREFIX_DIR/httpd/conf/httpd.conf  $PREFIX_DIR/httpd/conf/httpd.conf.old

vim $PREFIX_DIR/httpd/conf/httpd.conf <<end > /dev/null 2>&1
:%s/User daemon/User nobody/
:%s/Group daemon/Group nobody/
:%s!#ServerName www.example.com:80!#ServerName www.example.com:80\rServerName *!
:%s#$PREFIX_DIR/httpd-2.2.16/htdocs#/www#g
:%s/#\n    AllowOverride None/#\r    AllowOverride All/
:%s#    DirectoryIndex index.html#    DirectoryIndex index.html index.php#
:%s=    #AddType text/html .shtml=    AddType text/html .shtml=
:%s=    #AddOutputFilter INCLUDES .shtml=    AddOutputFilter INCLUDES .shtml=
:%s=AddOutputFilter INCLUDES .shtml=AddOutputFilter INCLUDES .shtml\r\r    AddType application/x-httpd-php .php .phtml\r    AddType application/x-httpd-php-source .phps\r=
:%s=#Include conf/extra/httpd-mpm.conf=Include conf/extra/httpd-mpm.conf=
:%s=#Include conf/extra/httpd-languages.conf=Include conf/extra/httpd-languages.conf=
:%s=#Include conf/extra/httpd-vhosts.conf=Include conf/extra/httpd-vhosts.conf=
:wq
end

vim $PREFIX_DIR/httpd/conf/extra/httpd-mpm.conf <<end > /dev/null 2>&1
:%s/<IfModule mpm_worker_module>/<IfModule mpm_worker_module>\r    ServerLimit         16\r    ThreadLimit         128/
:%s/StartServers          2/StartServers        8/
:%s/MaxClients          150/MaxClients          2048/
:%s/MinSpareThreads      25/MinSpareThreads     64/
:%s/MaxSpareThreads      75/MaxSpareThreads     128/
:%s/ThreadsPerChild      25/ThreadsPerChild     128/
:%s/MaxRequestsPerChild   0/MaxRequestsPerChild 10000/
:wq
end


#vim $PREFIX_DIR/httpd/conf/extra/httpd-mpm.conf <<end > /dev/null 2>&1
#:%s/<IfModule mpm_worker_module>/<IfModule mpm_worker_module>\r    ServerLimit         16\r    ThreadLimit         256/
#:%s/StartServers          2/StartServers        8/
#:%s/MaxClients          150/MaxClients          4096/
#:%s/MinSpareThreads      25/MinSpareThreads     64/
#:%s/MaxSpareThreads      75/MaxSpareThreads     256/
#:%s/ThreadsPerChild      25/ThreadsPerChild     256/
#:%s/MaxRequestsPerChild   0/MaxRequestsPerChild 10000/
#:wq
#end

vim $PREFIX_DIR/httpd/conf/extra/httpd-languages.conf <<end > /dev/null 2>&1
:%s/LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW/#LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW/
:%s/ForceLanguagePriority Prefer Fallback/#ForceLanguagePriority Prefer Fallback/
:wq
end

echo -ne "
AddDefaultCharset UTF-8
" >> $PREFIX_DIR/httpd/conf/extra/httpd-languages.conf

echo -ne "
$PREFIX_DIR/httpd/bin/apachectl start
" >> /etc/rc.local

}
function php(){
#configure: error: Cannot find MySQL header files under
#ln -s $PREFIX_DIR/mysql-5.1.45/bin/mysql_config $PREFIX_DIR/bin/
#rm -rf $MYSQL_LIBS_DIR
#tar zxf $MYSQL_LIBS_SRC
# or
# rpm -ivh MySQL-devel-5.1.50-1.glibc23.x86_64.rpm
# rpm -ivh MySQL-shared-5.1.50-1.glibc23.x86_64.rpm

#ln -s /usr/lib64/mysql/* /usr/lib64/
rm -rf $PHP_DIR
tar zxf $PHP_SRC
cd $PHP_DIR

./configure --prefix=$PREFIX_DIR/$PHP_DIR \
--with-config-file-path=$PREFIX_DIR/$PHP_DIR/etc \
--with-config-file-scan-dir=$PREFIX_DIR/$PHP_DIR/etc/conf.d \
--with-apxs2=$PREFIX_DIR/$HTTPD_DIR/bin/apxs \
--with-curl \
--with-gd \
--with-jpeg-dir=/usr/lib64 \
--with-png-dir \
--with-freetype-dir \
--with-xpm-dir \
--with-iconv \
--with-zlib-dir \
--with-xmlrpc \
--with-ldap \
--with-openssl \
--with-mcrypt \
--with-mhash \
--with-mysql=/srv/mysql-5.5.9-linux2.6-x86_64 \
--with-mysqli \
--with-pdo-mysql=/srv/mysql-5.5.9-linux2.6-x86_64 \
--with-snmp \
--with-xsl \
--with-pear \
--enable-sockets \
--enable-soap \
--enable-mbstring \
--enable-magic-quotes \
--enable-inline-optimization \
--enable-gd-native-ttf \
--enable-zip \
--enable-xml \
--enable-ftp

#--enable-fpm \
#--with-fpm-user=nobody \
#--with-fpm-group=nobody \


#make && make test && make install
make &&  make install
cp $PREFIX_DIR/src/$PHP_DIR/php.ini-production $PREFIX_DIR/$PHP_DIR/etc/php.ini
ln -s $PREFIX_DIR/$PHP_DIR $PREFIX_DIR/php

cp $PREFIX_DIR/$PHP_DIR/etc/php.ini $PREFIX_DIR/$PHP_DIR/etc/php.ini.old

vim $PREFIX_DIR/php/etc/php.ini <<EOF > /dev/null 2>&1
:%s!;include_path = ".:/php/includes"!;include_path = ".:/php/includes"\rinclude_path = ".:$PREFIX_DIR/$PHP_DIR/lib/php"!
:%s:extension_dir = "./":extension_dir = "$PREFIX_DIR/$PHP_DIR/lib/php/extensions":
:%s/output_buffering = Off/output_buffering = On/
:%s/memory_limit = 16M/memory_limit = 1/
:%s/display_errors = On/display_errors = Off/
:%s/log_errors = Off/log_errors = On/
:%s#;error_log = php_errors.log#error_log = /www/logs/php_errors.log#
:%s/register_long_arrays = On/register_long_arrays = Off/
:%s#;open_basedir = #open_basedir = /www/:/tmp/#
:%s/upload_max_filesize = 2M/upload_max_filesize = 8M/
:%s/mysql.allow_persistent = On/mysql.allow_persistent = Off/
:wq
EOF
#:%s/allow_call_time_pass_reference = On/allow_call_time_pass_reference = Off/



    read -p "php memcache module? [y/n]" -n 1 key
    echo
    if [ $key = 'y' ]; then
$PREFIX_DIR/php/bin/pecl install memcache
cp $PREFIX_DIR/$PHP_DIR/lib/php/extensions/no-debug-zts-*/memcache.so $PREFIX_DIR/$PHP_DIR/lib/php/extensions/
vim $PREFIX_DIR/php/etc/php.ini <<EOF > /dev/null 2>&1
:%s#;extension=php_zip.dll#;extension=php_zip.dll\rextension=memcache.so#
:wq
EOF
	echo 'memcache.default_timeout_ms=30' >> $PREFIX_DIR/php/etc/php.ini
    fi

    read -p "php APC module? [y/n]" -n 1 key
    echo
    if [ $key = 'y' ]; then
$PREFIX_DIR/php/bin/pecl install apc
cp $PREFIX_DIR/$PHP_DIR/lib/php/extensions/no-debug-zts-*/apc.so $PREFIX_DIR/$PHP_DIR/lib/php/extensions/
vim $PREFIX_DIR/php/etc/php.ini <<EOF > /dev/null 2>&1
:%s#;extension=php_zip.dll#;extension=php_zip.dll\rextension=apc.so#
:wq
EOF

    fi


}

function java(){
	JAVA_DIR=${JAVA_BIN%%.bin}
        #yum install java-1.6.0-openjdk -y
        chmod +x $JAVA_BIN
        ./$JAVA_BIN
        mv $JAVA_DIR ..
        ln -s $PREFIX_DIR/$JAVA_DIR $PREFIX_DIR/java
echo -ne '
export JAVA_HOME=$PREFIX_DIR/java
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$HOMR/bin:$PATH
export PATH=$PATH:$PREFIX_DIR/httpd/bin:$PREFIX_DIR/php/bin:$PREFIX_DIR/mysql/bin:$PREFIX_DIR/resin/bin:$PREFIX_DIR/python/bin
' >> /etc/profile

}
function resin(){
        tar zxf resin-4.0.6.tar.gz
        mv resin-4.0.6 $PREFIX_DIR/
	echo 'export RESIN_HOME=$PREFIX_DIR/resin' >> /etc/profile
}
function memcache(){
        MEMCACHED_PKG=memcached-1.4.5.tar.gz
        MEMCACHED_SRC=memcached-1.4.5
        rm -rf $MEMCACHED_SRC
        tar zxf $MEMCACHED_PKG
        cd $MEMCACHED_SRC
        ./configure --prefix=$PREFIX_DIR/memcached-1.4.5
        make && make install
}

function optimization(){
        #echo >> /etc/profile
        #echo "export JAVA_HOME=$PREFIX_DIR/java" >> /etc/profile

#vim /etc/profile <<EOF > /dev/null 2>&1
#:31,31s:^:ulimit -SHn 20480 > /dev/null 2>&1\r:
#:wq
#EOF


cat >> /etc/security/limits.conf <<EOF
root 	soft nofile 20480
root 	hard nofile 65536
nobody 	soft nofile 20480
nobody 	hard nofile 65536
EOF

cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_local_port_range = 1024 65500
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 4096
EOF
/sbin/sysctl -p

1.net.ipv4.tcp_syncookies = 1
2.net.ipv4.tcp_tw_reuse = 1
3.net.ipv4.tcp_tw_recycle = 1
4.net.ipv4.tcp_fin_timeout = 30

#:54,88s/^/#/
#:57,57s/^#//
#:65,65s/^#//
#:68,68s/^#//
#:74,75s/^#//
#:80,80s/^#//
#:83,84s/^#//
#:85,87s/^#//
#:58,58s/^#//

}

function nagios(){
	yum install nagios
}

function nrpe(){
	yum install nrpe -y
	yum install -y nagios-plugins-disk nagios-plugins-load nagios-plugins-ping nagios-plugins-procs nagios-plugins-swap nagios-plugins-users

	chkconfig nrpe on

	cat >> /etc/nagios/nrpe.cfg <<EOF

#command[check_http]=/usr/lib64/nagios/plugins/check_http -I 127.0.0.1 -p 80 -u http://www.example.com/index.html
command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w 20% -c 10%
command[check_all_disks]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -e
EOF

	service nrpe start
}


security(){

vim /etc/ssh/sshd_config <<VIM > /dev/null 2>&1
:%s/#PermitRootLogin yes/PermitRootLogin no/
:%s/#AuthorizedKeysFile/AuthorizedKeysFile/
:wq
VIM
/etc/init.d/sshd restart

vim /etc/sudoers <<VIM > /dev/null 2>&1
:86,86s/^# //
:wq!
VIM

vim /etc/group <<VIM > /dev/null 2>&1
:11,11s/$/,neo/
:wq
VIM

}

function sshkey(){

mkdir .ssh
chmod 755 .ssh

cat >> .ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAABI/BtYR65XoC0B41uyK/ZvPqkS4y8JNYnRGZ8aav5aaYj6xO+/dRATaL2S/soo+i05AFCYtD7xUMKhHrhJ02oLJSEl44WncaHBZig8ballQCX3ug0AS/O0wmmZDdYFw6WSxOL44NC0ZTttsAkXCYhxiKCWWFa0Iq8W/gilBxY8PTNsdz/FoKun9oFdmCh8dMhBOg7qPz+Mumr7cdOro8/kXqXjx8b1l4cieyambYZyam5KFZAv4wKn2Arcga1X4NpVlCLGbCzan8b5vMXcXaAZ+MDMpH3fNRQdUpdFYnC4rKr7ORDhKZGKsev5N1tefPn5BEWYj6Fg2hoWxr0Htw== neo.chen@example.com
EOF
chmod 644 .ssh/authorized_keys

}

function vsftpd(){
	yum install -y vsftpd
	adduser --home-dir /www/target/logs/ --shell /sbin/nologin --password your_passwd logs
	echo logs >> /etc/vsftpd/chroot_list
	vim /etc/vsftpd/vsftpd.conf <<VIM > /dev/null 2>&1
:%s/#chroot_list_enable=YES/chroot_list_enable=YES/
:%s/#chroot_list_file/chroot_list_file/
VIM
	chkconfig vsftpd on
	service vsftpd start
}


# See how we were called.
case "$1" in
  clean)
        clean
        ;;
  httpd)
        httpd
        ;;
  php)
        php
        ;;
  mysql)
        if [ -f $0 ] ; then
                mysql
        fi
        ;;
  depend)
        depend
	snmp
	nrpe
	ntp
	optimization
        ;;
  java)
        java
        ;;
  resin)
        resin
        ;;
  profile)
        profile
        ;;
  memcache)
        memcache
        ;;
  lamp)
        clean

        echo ##################################################
        echo # $MYSQL_DIR Installing...
        echo ##################################################
        mysql

        echo ##################################################
        echo # $HTTPD_DIR Installing...
        echo ##################################################
        httpd

        echo ##################################################
        echo # $PHP_DIR Installing...
        echo ##################################################
        php

        clean
        ;;
  vsftpd)
	vsftpd
	;;
  optimization)
	optimization
	;;
  ntpd)
	ntpd
	;;
  snmp)
	snmp
	;;
  nrpe)
	nrpe
	;;
  *)
        echo $"Usage: $0 {depend|clean}"
        echo "		{httpd|php|mysql|vsftpd}"
        echo "		{java|resin}"
        echo "		{memcache}"
        echo "		{optimization}"
        echo "		{ntp|snmp|nrpe}"
        RETVAL=2
        ;;
esac

exit $RETVAL


			
			

1.2. FTP User Script

			
#!/bin/bash
#####################################
# Netkiller series tools
# Home: http://netkiller.sf.net
# Author: Neo Chen<openunix@163.com>
#####################################

HOME_DIR=/www
shell=/sbin/nologin
uid=$(id -u nobody)
gid=$(id -g nobody)
group='nobody'



addftpuser(){
    if [ -z $2 ]; then
        usage
    else
        local HOME_DIR=$2
    fi
    if [ -z $3 ]; then
        usage
    else
        local user=$3
    fi

    if [ -z $4 ]; then
        local passwd=$(cat /dev/urandom | tr -dc [:alnum:] | head -c 20)
    else
        local passwd=$4
    fi

    adduser -o --home "$HOME_DIR" --shell "$shell" --uid "$uid" --gid "$gid" --group "$group" $user
    echo "$user:$passwd" | chpasswd

    echo $user >> /etc/vsftpd/chroot_list
    echo "ftp://$user:$passwd@$(hostname)"
}
delftpuser(){
    local user=$1
    if [ -z $user ]; then
        usage
    else
        userdel $user
    fi
}
listftpuser(){
    cat /etc/passwd | grep `id -u nobody`
}
chroot_list(){
    cat /etc/vsftpd/chroot_list
}
usage(){
    echo $"Usage: $0 add <directory> <username>"
    echo $"       $0 {list|del} <username>"
    echo $"       $0 chroot_list"
    echo "Example:"
    echo "    $0 add /home/test test"
    echo "    $0 add /home/test test testpassword"
    echo "    $0 list test"
    echo "    $0 del test"

    echo "E-mail bug reports to: <openunix@163.com>."
    echo "Be sure to include the word ``ftpuser'' somewhere in te ``Subject:'' field."

    exit 2
}
case "$1" in
    list)
        listftpuser
        ;;
    add)
        addftpuser $@
        ;;
    del)
        delftpuser $2
        ;;
    chroot_list)
        chroot_list
        ;;

    *)
        usage
        exit 1
esac

			
			

1.3. SVN User Script

			
#!/bin/bash
#####################################
# Netkiller series tools
# Home: http://netkiller.sf.net
# Author: Neo Chen<openunix@163.com>
#####################################
SVNROOT=/srv/svnroot/example
adduser(){
    if [ -z $1 ]; then
        usage
    else
        local user=$1
    fi
    if [ -z $2 ]; then
        passwd=$(cat /dev/urandom | tr -dc [:alnum:] | head -c 10)
    else
        local passwd=$2
    fi

    echo $user = $passwd
    echo "$user = $passwd" >> $SVNROOT/conf/passwd
}
deluser(){
    local user=$1
    if [ -z $user ]; then
        usage
    else
        ed -s $SVNROOT/conf/passwd <<EOF
/^$user = /
d
wq
EOF
    fi
}
list(){
    cat $SVNROOT/conf/passwd
}
usage(){
    echo $"Usage: $0 {list|add|del} username"
    exit 2
}
case "$1" in
    list)
        list
        ;;
    add)
        adduser $2 $3
        ;;
    del)
        deluser $2
        ;;
    restart)
        stop
        start
        ;;
    condrestart)
        condrestart
        ;;

    *)
        usage
        exit 1
esac
			
			
comments powered by Disqus