放置pubkey
mkdir -p ~/.ssh/
touch ~/.ssh/authorized_keys
cat <<'EOF'> ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsFITm4ITWJPBvnD4pzVQQ7+gumY//IjWo2V8ciU+1Rzfv4IjYh25yPv0K6pf06JGtHyOGTkPzIWx85wtuNZ96cst6hjfzw7pp2IVy31DBPae6lMLhylZxrYmg8KAZE6msR1QKE4J3d8qFvyQWhOVcOF6gv5d5NPKR0vcQbOFtdAxoLGZE1/x3BXjCeb4IXA+bnXPgwB01a+cNEg8kLnt74DvoJU+aS2iX90hKOrMQ1yLzpoA0gHE38yJ9E2DfA5b6NiNcJU8r5wonWz9U08ztYTjsK1SAHSgXd5xgUlW2ImYASuxTznXIF9ehInCPxk/Khw6zKp2TaDnZUWojS1D5iEug0e+wVeuBtIMQdnHtNQtolKBzPmcSyr+SAGKdUU+y1oF6L9N4Ilu/Y1xUYfRP8s/qPUr8NBVkTyPiKslZKUeSVtn3hw5+FFR9ieKpvDinLizhkP/KWN2fKlQOjWHyB1ln4c00BjMc7HHCBioV+fN5YecFbIF82Wdr6p/XMVU= jacky
EOF
查看版本
cat /etc/redhat-release
设置本地编码
要将 CentOS 的本地区域设置更改为 zh_CN.UTF-8(中文简体UTF-8编码),你可以执行以下步骤:
- 打开终端并以超级用户(root)权限登录,或者使用 sudo 进行操作。
- 首先,查看可用的语言和区域设置:
localectl list-locales
确保zh_CN.UTF-8在列表中。 - 设置系统的语言和区域设置为
zh_CN.UTF-8:
localectl set-locale LANG=zh_CN.UTF-8 - 更新系统的区域设置配置:
source /etc/locale.conf - 重启系统以使更改生效:
reboot
在系统重新启动后,你的本地区域设置应该已经更改为zh_CN.UTF-8。这将影响系统的界面语言、日期格式和其他相关设置。请注意,这仅更改系统级别的区域设置。对于特定用户的区域设置,可以使用~/.bashrc或~/.bash_profile文件进行自定义。
修改主机名
hostnamectl set-hostname master
#reboot
修改hosts
vim /etc/hosts
# 添加如下内容
10.0.1.9 master
10.0.1.5 node1
修改时区
rm -f /etc/localtime ; ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
时间同步
yum install -y chrony
systemctl restart chronyd
systemctl enable chronyd
systemctl status chronyd
关闭selinux
# 临时关闭selinux
setenforce 0
# 设置永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
关闭交换分区
# 临时关闭交换分区
swapoff -a
# 永久关闭交换分区
sed -i '/ swap / s/^/#/' /etc/fstab
关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
iptables -t filter -F
修改更新源
cd /etc/yum.repos.d/ && mkdir bak && mv * bak/
cat <<EOF>/etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-
enabled=1
failovermethod=priority
baseurl=https://repo.huaweicloud.com/centos/7/os/x86_64
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-
enabled=1
failovermethod=priority
baseurl=https://repo.huaweicloud.com/centos/7/updates/x86_64/
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-
enabled=1
failovermethod=priority
baseurl=https://repo.huaweicloud.com/centos/7/extras/x86_64/
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-7
EOF
cat <<EOF>/etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo \$basearch
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://repo.huaweicloud.com/docker-ce/linux/centos/\$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/docker-ce/linux/centos/gpg
EOF
cat <<EOF>epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 -
enabled=1
failovermethod=priority
baseurl=https://repo.huaweicloud.com/epel/7/x86_64/
gpgcheck=0
gpgkey=https://repo.huaweicloud.com/epel/RPM-GPG-KEY-EPEL-7
EOF
参数优化
cat <<'EOF'>/etc/sysctl.conf
kernel.shmall = 4294967296
net.netfilter.nf_conntrack_max = 1000000
kernel.unknown_nmi_panic = 0
kernel.sysrq = 0
fs.file-max = 1000000
vm.swappiness = 10
fs.inotify.max_user_watches = 10000000
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
fs.notify.max_queued_events = 3276792
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
vm.overcommit_memory=1
net.core.somaxconn = 512
vm.max_map_count = 262144
kernel.pid_max=1000000
net.ipv6.conf.all.disable_ipv6 = 1
EOF
安装基础软件
yum install -y tar curl wget telnet rsync iftop dstat sysstat lrzsz net-tools traceroute tcpdump tshark bind-utils
proxychains
#1. 下载
#2. so文件放在/usr/lib64/proxychains-ng
#3. conf文件放在/etc/proxychains.conf
#4. proxychains文件放在/bin/或者别的地方也可以
mkdir -p /usr/lib64/proxychains-ng
cd /tmp
wget https://vip.123pan.cn/1815238395/download/proxychains/proxychains.tar.gz
tar xzvf proxychains.tar.gz
mv libproxychains4.so /usr/lib64/proxychains-ng
mv proxychains.conf /etc/
mv proxychains /bin/
tcping
typing
cd /bin
wget https://vip.123pan.cn/1815238395/download/tcping/amd64/tcping_Linux_static%202.0.0.tar.gz
tar xzvf tcping_Linux_static\ 2.0.0.tar.gz
nali
cd /bin
wget https://vip.123pan.cn/1815238395/download/nali/nali-linux-amd64-v0.7.3.gz
gunzip nali-linux-amd64-v0.7.3.gz
mv nali-linux-amd64-v0.7.3 nali
chmod a+x nali
mkdir -p ~/.local/share/nali
cd ~/.local/share/nali/
wget https://vip.123pan.cn/1815238395/download/nali/nali.share.tar.gz
tar xzvf nali.share.tar.gz
cd ~/.local/share/nali
wget https://vip.123pan.cn/1815238395/download/nali/qqwry.dat
python
# 使用本镜像站来升级 pip
pip install -i https://mirrors.ustc.edu.cn/pypi/web/simple pip -U
pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple"
golang "export all_proxy=socks5://120.224.58.239:47891
wget https://golang.google.cn/dl/go1.21.1.linux-amd64.tar.gz
sudo tar xfz go1.21.1.linux-amd64.tar.gz -C /usr/local
cat <<'EOF'>> /etc/profile
export GOROOT=/usr/local/go
export GOPATH=$HOME/gowork
export GOBIN=$GOPATH/bin
export PATH=$GOPATH:$GOBIN:$GOROOT/bin:$PATH
EOF
source /etc/profile"
conda "cd /root
wget https://mirrors.tuna.tsinghua.edu.cn/anaconda/archive//Anaconda3-2022.10-Linux-x86_64.sh
bash Anaconda3-2022.10-Linux-x86_64.sh -p /opt/anaconda3 -b -p /opt/conda -u
source ~/.bashrc
source /etc/bashrc
conda init bash
conda create --name test python=3.9
conda activate test
ip
# 显示网络接口信息
ip a
# 显示路由表
ip route
# 配置IP地址和子网掩码
ip addr add <IP地址>/<子网掩码位数> dev <接口名>
ip addr add 192.168.1.2/24 dev eth0
# 启用或禁用接口
ip link set <接口名> up
ip link set <接口名> down
# 添加静态路由
ip route add <目标网络> via <网关IP>
ip route add 192.168.2.0/24 via 192.168.1.1
# 删除静态路由
ip route del <目标网络>
firewalld
# 启动firewalld服务
sudo systemctl start firewalld
# 停止firewalld服务
sudo systemctl stop firewalld
# 重启firewalld服务
sudo systemctl restart firewalld
# 查看firewalld服务状态
sudo systemctl status firewalld
# 启用firewalld服务开机自启动
sudo systemctl enable firewalld
# 禁用firewalld服务开机自启动
sudo systemctl disable firewalld
# 查看防火墙规则列表
sudo firewall-cmd --list-all
# 查看已启用的防火墙服务
sudo firewall-cmd --list-services
# 开放端口(例如,打开SSH端口 22)
sudo firewall-cmd --add-port=22/tcp --permanent
sudo firewall-cmd --reload
# 开放服务(例如,打开HTTP服务)
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload
# 移除端口或服务规则(例如,移除SSH端口规则)
sudo firewall-cmd --remove-port=22/tcp --permanent
sudo firewall-cmd --reload
# 显示防火墙状态(运行时信息)
sudo firewall-cmd --state
# 查看firewalld的版本信息
sudo firewall-cmd --version
ipsec
# 需求
Intranet subnets: 172.17.165.249/32
Public network address: 1.222.209.74
密码:XXX
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
uniqueids=never
conn %default
authby=psk
type=tunnel
conn To-Unitel-FirtiGate500E
keyexchange=ikev1
left=%any
leftsubnet=172.17.165.249/32
leftid=1.222.209.74
right=2.182.106.164
rightsubnet=10.120.54.115/32
rightid=2.182.106.164
auto=start
ike=aes256-sha256-modp1024
ikelifetime=28800s
esp=aes256-sha256
lifetime=3600
type=tunnel
closeaction=restart
dpdaction=restart
keyingtries=%forever
conn To-Unitel-FirtiGate100F
keyexchange=ikev1
left=%any
leftsubnet=172.17.165.249/32
leftid=8.222.209.74
right=183.182.100.130
rightsubnet=10.78.3.234/32
rightid=183.182.100.130
auto=start
ike=aes256-sha256-modp1024
ikelifetime=28800s
esp=aes256-sha256
lifetime=3600
type=tunnel
closeaction=restart
dpdaction=restart
keyingtries=%forever
# 密码文件
# ipsec.secrets - strongSwan IPsec secrets file
1.222.209.74 2.182.106.164 : PSK ""xxx""
# 测试命令
## 查看状态
strongswan statusall
strongswan up xxx
strongswan down xxx
## 查看路由
ip xfrm policy
## 链路测试
traceroute -w 1 -d -n 1.62.111.200
docker
yum install -y docker
cat <<'EOF'>/etc/docker/daemon.json
{
""debug"": false,
""experimental"": true,
""registry-mirrors"": [ ""https://harbor.test.stesh.cn"",""https://r1qjm8hm.mirror.aliyuncs.com"" ],
""log-opts"":{""max-size"":""100m"",""max-file"":""1""}
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker"
docker-compose "wget ""https://ghproxy.com/https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64"" -O /bin/docker-compose
chmod a+x /bin/docker-compose
wireguard
brew "# 安装brew
export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""
export HOMEBREW_CORE_GIT_REMOTE=""https://mirrors.ustc.edu.cn/homebrew-core.git""
export HOMEBREW_BOTTLE_DOMAIN=""https://mirrors.ustc.edu.cn/homebrew-bottles""
export HOMEBREW_API_DOMAIN=""https://mirrors.ustc.edu.cn/homebrew-bottles/api""
#/bin/bash -c ""$(curl -fsSL https://github.com/Homebrew/install/raw/HEAD/install.sh)""
/bin/bash -c ""$(curl -fsSL https://mirrors.ustc.edu.cn/misc/brew-install.sh)""
# 更换源
##临时使用
export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""
brew update
## 对于 bash 用户
echo 'export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""' >> ~/.bash_profile
## 对于 zsh 用户
echo 'export HOMEBREW_BREW_GIT_REMOTE=""https://mirrors.ustc.edu.cn/brew.git""' >> ~/.zshrc"
tcpdump "tcpdump -i ens33 src host 1.1.1.1
tcpdump -i ens33 icmp
tcpdump -i ens33 icmp -w /www
safeline
# 安装
bash -c ""$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)""
# cd /path/to/safeline
mv compose.yaml compose.yaml.old.`date ""+%Y-%m-%d %H:%M:%S""`
wget ""https://waf-ce.chaitin.cn/release/latest/compose.yaml"" --no-check-certificate -O compose.yaml
wget ""https://waf-ce.chaitin.cn/release/latest/seccomp.json"" --no-check-certificate -O seccomp.json
sed -i ""s/IMAGE_TAG=.*/IMAGE_TAG=latest/g"" "".env""
grep ""SAFELINE_DIR"" "".env"" > /dev/null || echo ""SAFELINE_DIR=$(pwd)"" >> "".env""
grep ""IMAGE_TAG"" "".env"" > /dev/null || echo ""IMAGE_TAG=latest"" >> "".env""
grep ""MGT_PORT"" "".env"" > /dev/null || echo ""MGT_PORT=9443"" >> "".env""
grep ""POSTGRES_PASSWORD"" "".env"" > /dev/null || echo ""POSTGRES_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"" >> "".env""
grep ""REDIS_PASSWORD"" "".env"" > /dev/null || echo ""REDIS_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"" >> "".env""
grep ""SUBNET_PREFIX"" "".env"" > /dev/null || echo ""SUBNET_PREFIX=172.22.222"" >> "".env""
cd /tmp;rm -f image.tar.gz;wget https://demo.waf-ce.chaitin.cn/image.tar.gz --no-check-certificate -O image.tar.gz;docker load -i image.tar.gz
docker compose down
docker compose up -d
iterm
1panel
curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sh quick_start.sh
bt面板
yum install -y wget && wget -O install.sh https://download.bt.cn/install/install_6.0.sh && sh install.sh ed8484bec
halo
rustdesk
nxshell
rinetd
wget https://vip.123pan.cn/1815238395/download/rinetd/rinetd -O /usr/local/bin/rinetd
wget https://vip.123pan.cn/1815238395/download/rinetd/rinetd.service -O /etc/systemd/system/rinetd.service
chmod a+x /bin/rinetd
systemctl daemon-reload
systemctl restart rinetd
# 用法
echo '0.0.0.0 46781 127.0.0.1 7891' >> /etc/rinetd.conf"
ddnsgo
#wget https://ghproxy.com/https://github.com/jeessy2/ddns-go/releases/download/v5.6.1/ddns-go_5.6.1_linux_x86_64.tar.gz
wget https://vip.123pan.cn/1815238395/download/ddns-go/ddns-go_5.6.1_linux_x86_64.tar.gz
tar xzvf ddns-go_5.6.1_linux_x86_64.tar.gz
mv ddns-go /bin/
ddns-go -s install
# 配置文件
dnsconf:
- ipv4:
enable: true
gettype: url
url: https://myip4.ipip.net,https://ddns.oray.com/checkip,https://ip.3322.net,https://4.ipw.cn
netinterface: """"
cmd: """"
domains:
- raspberrypi.hlab.sddts.cn
ipv6:
enable: true
gettype: netInterface
url: https://speed.neu6.edu.cn/getIP.php,https://v6.ident.me,https://6.ipw.cn
netinterface: eth0
cmd: """"
ipv6reg: """"
domains:
- raspberrypi.hlab.sddts.cn
dns:
name: dnspod
id: ""438041""
secret: 42c2006d3cf452bcb2ec632123456559
ttl: """"
user:
username: admin
password: 123123
webhook:
webhookurl: """"
webhookrequestbody: """"
webhookheaders: """"
notallowwanaccess: false
icmptunnel
# 下载
https://vip.123pan.cn/1815238395/download/icmptunnel/icmptunnel-1.0.0.tar.gz
# 用法
./icmptunnel -s 240e:345:4070:1200:20c:29ff:fefb:9724
jumpserver
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
webstart
version: '3.3'
services:
web-start:
ports:
- '2000:2000'
image: 'dockerproxy.com/luode0320/web-start:1.0'
volumes:
- ./index-95ea9c5d.js:/app/dist/assets/index-95ea9c5d.js"
文件系统扩容
# xfs扩容sda1
yum install -y cloud-utils-growpart
LANG=en_US.UTF-8
growpart /dev/sda 1 -v
lsblk
xfs_growfs
xfs_growfs -d /dev/sda1
df -h
# xfs扩容vda1
LANG=en_US.UTF-8
growpart /dev/vda 1 -v
lsblk
xfs_growfs
xfs_growfs -d /dev/vda1
df -h
# xfs扩容vdb
LANG=en_US.UTF-8
growpart /dev/vdb 1 -v
lsblk
xfs_growfs
xfs_growfs -d /dev/vdb
df -h
# 扩容ext4
yum install cloud-utils-growpart -y
# 1是分区编号
growpart /dev/sda 1
resize2fs /dev/sda1
tailsacle
nginx "upstream xxx {
server xxx:10001 weight=1 max_fails=3 fail_timeout=20s;
server xxx:10001 weight=1 max_fails=3 fail_timeout=20s;
}
server{
listen 80;
server_name xxx;
location / {
proxy_pass http://xxx;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-remoteip $http_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name xxx;
ssl_certificate /usr/local/nginx/sslkey/xxx.crt;
ssl_certificate_key /usr/local/nginx/sslkey/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://xxx;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-remoteip $http_x_forwarded_for;
}
}