├── chapter_04
├── 4.5.4_passwd
├── 4.5.4_authz
├── 4.3.5_本地FTP账户vsftpd.conf
├── 4.5.4_svnserve.conf
├── 4.3.5_虚拟账户FTP_vsftpd.conf
├── 4.8.4_172.16.zone
├── 4.8.4_abc.com.zone
├── 4.9.4_httpd-vhosts.conf
├── 4.7.3_dhcpd.conf
├── 4.8.4_named.conf
├── 4.10_安装Nginx
├── 4.6.3_notify_rsync.sh
├── 4.4.2_proftpd.conf
├── 4.5.6_subversion.conf
├── 4.10.5_nginx.conf
├── 4.2.4_smb.conf
├── 4.9.2_Apache安装
├── 4.9.5_http-ssl.conf
├── 4.8.6_named.conf
├── 4.7.2_dhcpd.conf
├── 4.6.2_rsync.conf
├── 4.10.4_nginx.conf
├── 4.4.4_proftpd.conf
├── 4.6.1_iscsi操作指南
├── 4.2.3_smb.conf
└── 4.10.3_nginx.conf
├── chapter_05
├── 5.2.2_nagios.cfg
├── 5.2.2_nrpe.cfg
├── 5.2.2_cgi.cfg
├── 5.2.2_localhost.cfg
├── 5.1.2_snmpd.conf
├── 5.2.2_templates.cfg
├── 5.2.2_contacts.cfg
├── 5.2.2_commands.cfg
├── 5.2.2_web1.cfg
└── 5.2.2_安装Nagios
├── chapter_03
├── 3.9.8_test_password
├── 3.9.5_example(3)
├── 3.9.8_proftpd
├── 3.9.8_dhcp
└── 3.9.7_function_demo
├── chapter_01
├── 1.2.5_tftp
├── 1.2.5_default
└── 1.2.5_dhcpd.conf
├── chapter_06
├── 6.1.1_防火墙操作
└── 6.1.4_firewalld
├── chapter_08
├── 8.2.5_keepalived.conf
├── 8.4.3_haproxy.cfg
├── 8.5.2_nginx.conf
└── 8.3.5_squid.conf
├── chapter_07
└── 7.2.4_demo.xml
└── LICENSE
/chapter_04/4.5.4_passwd:
--------------------------------------------------------------------------------
1 | ...
2 | [users]
3 | harry = harryssecret #用户名为harry,密码为harryssecret
4 | sally = sallyssecret #用户名为sally,密码为sallyssecret
5 |
--------------------------------------------------------------------------------
/chapter_04/4.5.4_authz:
--------------------------------------------------------------------------------
1 | ...
2 | [groups]
3 | admins = harry,sally #定义组,组成员有harry与sally
4 | [/] #对版本库根路径设置权限,可以设置为需要控制的路径
5 | @admins = rw #admins组中的用户可读、可写权限
6 | * = r #其他所有的人只读,权限可以设置为只读('r')、读写('rw')、无权限('')
7 |
--------------------------------------------------------------------------------
/chapter_04/4.3.5_本地FTP账户vsftpd.conf:
--------------------------------------------------------------------------------
1 | anonymous_enable=NO
2 | local_enable=YES
3 | write_enable=YES
4 | local_umask=022
5 | dirmessage_enable=YES
6 | xferlog_enable=YES
7 | xferlog_std_format=YES
8 | chroot_local_user=YES
9 | listen=YES
10 | pam_service_name=vsftpd
11 | userlist_enable=YES
12 | tcp_wrappers=YES
13 |
--------------------------------------------------------------------------------
/chapter_04/4.5.4_svnserve.conf:
--------------------------------------------------------------------------------
1 | …
2 | [general]
3 | anon-access = none #设置拒绝匿名账户访问,此处可以设置为none、read、write
4 | auth-access = write #经过认证的账户权限为可写
5 | password-db = passwd #指定账户名称与密码的存放文件名,该文件在conf目录下
6 | authz-db = authz #指定基于路径的访问控制文件名(可以对文件或目录设置权限)
7 | real = My First Repository #设置版本库域,如果两个版本库的认证域相同,它们将使用相同的密码数据
8 |
--------------------------------------------------------------------------------
/chapter_04/4.3.5_虚拟账户FTP_vsftpd.conf:
--------------------------------------------------------------------------------
1 | anonymous_enable=NO
2 | local_enable=YES
3 | write_enable=YES
4 | anon_upload_enable=YES
5 | anon_mkdir_write_enable=NO
6 | anon_other_write_enable=NO
7 | chroot_local_user=YES
8 | guest_enable=YES
9 | guest_username=virtual
10 | listen=YES
11 | listen_port=21
12 | pasv_enable=YES
13 | pasv_min_port=30000
14 | pasv_max_port=30999
15 | pam_service_name=vsftpd.pam
16 | user_config_dir=/etc/vsftpd_user_conf
17 | user_sub_token=$USER
18 |
--------------------------------------------------------------------------------
/chapter_04/4.8.4_172.16.zone:
--------------------------------------------------------------------------------
1 | $TTL 1D
2 | @ IN SOA dns1.abc.com. jacob.abc.com. (
3 | 10 ; serial
4 | 1D ; refresh
5 | 1H ; retry
6 | 1W ; expire
7 | 3H ) ; minimum
8 | NS dns1.abc.com.
9 | NS dns2.abc.com.
10 | 254.0 IN PTR dns1.abc.com.
11 | 253.0 IN PTR dns2.abc.com.
12 | 22.0 IN PTR ntp.abc.com.
13 | 25.0 IN PTR mail.abc.com.
14 | 100.0 IN PTR fileserver.abc.com.
15 | 101.0 IN PTR printserver.abc.com.
16 | 200.0 IN PTR www.abc.com.
17 | 201.0 IN PTR www.abc.com.
18 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_nagios.cfg:
--------------------------------------------------------------------------------
1 | #Nagios主配置文件主要是设置全局配置与调用其他配置文件,这里需要确保以下配置文件会被
2 | #调用
3 | cfg_file=/usr/local/nagios/etc/objects/commands.cfg
4 | cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
5 | cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
6 | cfg_file=/usr/local/nagios/etc/objects/templates.cfg
7 | cfg_file=/usr/local/nagios/etc/objects/localhost.cfg
8 | #下面两个配置文件需要手动创建出来,用于监控两台Web服务器
9 | cfg_dir=/usr/local/nagios/etc/web1.cfg
10 | cfg_dir=/usr/local/nagios/etc/web2.cfg
11 | … …其余部分省略… …
12 |
--------------------------------------------------------------------------------
/chapter_04/4.8.4_abc.com.zone:
--------------------------------------------------------------------------------
1 | $TTL 1D
2 | @ IN SOA dns1.abc.com. jacob.abc.com. (
3 | 10 ; serial
4 | 1D ; refresh
5 | 1H ; retry
6 | 1W ; expire
7 | 3H ) ; minimum
8 | NS dns1.abc.com.
9 | NS dns2.abc.com.
10 | MX 10 mail.abc.com.
11 | dns1 IN A 172.16.0.254
12 | dns2 IN A 172.16.0.253
13 | ntp.abc.com.IN A 172.16.0.22
14 | mail.abc.com.IN A 172.16.0.25
15 | fileserver IN A 172.16.0.100
16 | printserver IN A 172.16.0.101
17 | www IN A 172.16.0.200
18 | IN A 172.16.0.201
19 |
--------------------------------------------------------------------------------
/chapter_03/3.9.8_test_password:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Check user password, set the number can be retrying.
3 | NUM=3 #密码最多尝试次数
4 | PASSWD=Jacob #初始密码
5 | SUM=0 #计数器
6 | while true
7 | do
8 | read -p "Please input your password:" pass #读取用户输入
9 | SUM=$((SUM+1)) #计数器加1
10 | if [ $pass == $PASSWD ] ; then #判断密码是否正确
11 | echo "Your Are Right, OK"
12 | exit
13 | elif [ $SUM -lt 3 ] ; then #判断密码尝试次数
14 | continue
15 | else
16 | exit
17 | fi
18 | done
19 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_nrpe.cfg:
--------------------------------------------------------------------------------
1 | #NRPE远程监控所需的具体监控指令
2 | allowed_hosts=127.0.0.1,192.168.0.10
3 | command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
4 | command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20
5 | command[check_hda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda
6 | command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z
7 | command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200
8 | command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10%
9 | …其余部分省略…
10 |
--------------------------------------------------------------------------------
/chapter_01/1.2.5_tftp:
--------------------------------------------------------------------------------
1 | # default: off
2 | # description: The tftp server serves files using the trivial file transfer \
3 | # protocol. The tftp protocol is often used to boot diskless \
4 | # workstations, download configuration files to network-aware printers, \
5 | # and to start the installation process for some operating systems.
6 | service tftp
7 | {
8 | socket_type = dgram
9 | protocol = udp
10 | wait = yes
11 | user = root
12 | server = /usr/sbin/in.tftpd
13 | server_args = -s /var/lib/tftpboot
14 | disable = no
15 | per_source = 11
16 | cps = 100 2
17 | flags = IPv4
18 | }
19 |
--------------------------------------------------------------------------------
/chapter_04/4.9.4_httpd-vhosts.conf:
--------------------------------------------------------------------------------
1 |
2 | ServerAdmin Jacob_test@gmail.com
3 | DocumentRoot "/usr/local/apache2/htdocs/example"
4 | ServerName www.example.com
5 | ServerAlias web.example.com
6 | ErrorLog "logs/www.example.com-error_log"
7 | CustomLog "logs/www.example.com-access_log" common
8 |
9 |
10 |
11 | ServerAdmin Jacob_test@gmail.com
12 | DocumentRoot "/usr/local/apache2/htdocs/test"
13 | ServerName www.test.com
14 | ErrorLog "logs/test. com-error_log"
15 | CustomLog "logs/test.com-access_log" common
16 |
17 |
--------------------------------------------------------------------------------
/chapter_04/4.7.3_dhcpd.conf:
--------------------------------------------------------------------------------
1 | #dhcpd.conf
2 | default-lease-time 600;
3 | max-lease-time 7200;
4 | subnet 172.16.0.0 netmask 255.255.0.0 {
5 | range 172.16.0.100 172.16.0.200;
6 | option domain-name-servers 202.106.0.20, 202.106.46.151;
7 | option domain-name "abc.com";
8 | option routers 172.16.0.1;
9 | option broadcast-address 172.16.255.255;
10 | }
11 | host fileserver {
12 | hardware ethernet 00:0C:5D:71:C4:3F;
13 | fixed-address 172.16.0.10;
14 | }
15 | host printserver {
16 | hardware ethernet 00:0C:5D:71:C4:3E;
17 | fixed-address 172.16.0.20;
18 | }
19 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_cgi.cfg:
--------------------------------------------------------------------------------
1 | #要求必须经过验证的用户才可以使用CGI程序,由于已经使用htpasswd创建了tomcat账
2 | #户,所以下面所有的验证账户都赋予tomcat账户
3 | use_authentication=1
4 | #设置允许通过CGI查看Nagios进程信息的账户名称
5 | authorized_for_system_information=nagiosadmin,tomcat
6 | #设置可以查看所有配置信息的账户名称
7 | authorized_for_configuration_information=nagiosadmin,tomcat
8 | #设置可以关闭或重启Nagios的账户名称
9 | authorized_for_system_commands=nagiosadmin,tomcat
10 | #设置可以查看所有服务信息的账户名称
11 | authorized_for_all_services=nagiosadmin,tomcat
12 | #设置可以查看所有主机信息的账户名称
13 | authorized_for_all_hosts=nagiosadmin,tomcat
14 | #设置允许执行服务相关命令的账户名称
15 | authorized_for_all_service_commands=nagiosadmin,tomcat
16 | #设置允许执行主机相关命令的账户名称
17 | authorized_for_all_host_commands=nagiosadmin,tomcat
18 | … …其余部分省略… …
19 |
--------------------------------------------------------------------------------
/chapter_04/4.8.4_named.conf:
--------------------------------------------------------------------------------
1 | options
2 | {
3 | directory "/var/named"; // "Working" directory
4 | dump-file "data/cache_dump.db";
5 | statistics-file "data/named_stats.txt";
6 | memstatistics-file "data/named_mem_stats.txt";
7 | listen-on port 53 { any; };
8 | allow-query { any; };
9 | allow-query-cache { any; };
10 | recursion yes;
11 | };
12 | acl secondserver {
13 | 172.16.0.253;
14 | };
15 | zone "." IN {
16 | type hint;
17 | file "named.ca";
18 | };
19 | zone "abc.com" IN {
20 | type master;
21 | allow-transfer { secondserver; };
22 | file "abc.com.zone";
23 | };
24 | zone "16.172.in-addr.arpa" IN {
25 | type master;
26 | allow-transfer { secondserver; };
27 | file "172.16.zone";
28 | };
29 |
--------------------------------------------------------------------------------
/chapter_04/4.10_安装Nginx:
--------------------------------------------------------------------------------
1 | [root@centos7 ~]# wget http://nginx.org/download/nginx-1.8.1.tar.gz
2 | [root@centos7 ~]# tar –xzf nginx-1.8.1.tar.gz –C /usr/src/
3 | [root@centos7 ~]# yum –y install gcc pcre pcre-devel openssl \
4 | >openssl-devel zlib-devel gd gd-devel perl perl-ExtUtils-Embed
5 | [root@centos7 ~]# cd /usr/src/ nginx-1.8.1/
6 | [root@centos7 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx \
7 | >--with-ipv6 \
8 | >--with-http_ssl_module \
9 | >--with-http_realip_module \
10 | >--with-http_addition_module \
11 | >--with-http_dav_module \
12 | >--with-http_flv_module \
13 | >--with-http_mp4_module \
14 | >--with-http_gzip_static_module \
15 | >--with-http_perl_module \
16 | >--with-mail \
17 | >--with-mail_ssl_module
18 | [root@centos7 nginx-1.8.1]# make && make install
19 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_localhost.cfg:
--------------------------------------------------------------------------------
1 | define host{
2 | #调用templates.cfg文件中定义的linux-server,主要定义检查周期、频率以及通知时间段
3 | use linux-server
4 | host_name localhost
5 | alias localhost
6 | address 127.0.0.1
7 | }
8 | define service{
9 | #调用templates.cfg文件中定义的loal-service,主要定义检查周期、频率以及通知时间段
10 | use local-service
11 | host_name localhost
12 | service_description PING
13 | check_command check_ping!100.0,20%!500.0,60%
14 | }
15 | define service{
16 | use local-service
17 | host_name localhost
18 | service_description HTTP
19 | check_command check_http
20 | notifications_enabled 1
21 | }
22 | … …其余部分省略… …
23 |
--------------------------------------------------------------------------------
/chapter_05/5.1.2_snmpd.conf:
--------------------------------------------------------------------------------
1 | # First, map the community name "public" into a "security name".
2 | com2sec notConfigUser default rose0011
3 | # Second, map the security name into a group name.
4 | group notConfigGroup v1 notConfigUser
5 | group notConfigGroup v2c notConfigUser
6 | # Third, create a view for us to let the group have rights to.
7 | view systemview included .1.3.6.1.2.1.1
8 | view systemview included .1.3.6.1.2.1.25.1.1
9 | # Finally, grant the group read-only access to the all view.
10 | access notConfigGroup "" any noauth exact all none none
11 | view all included .1 80
12 | syslocation Unknown (edit /etc/snmp/snmpd.conf)
13 | syscontact Root (configure /etc/snmp/snmp.local.conf)
14 | dontLogTCPWrappersConnects yes
15 | #备注,以上黑色加粗部分为需要修改的内容
16 |
--------------------------------------------------------------------------------
/chapter_04/4.6.3_notify_rsync.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #This Rsync script based on inotify.
3 | #Date:2012-10-1
4 | #Version:1.0 beta
5 | #
6 | export PATH=/bin:/usr/bin:/usr/local/bin
7 | SRC=/web_data/
8 | DEST1=web1
9 | DEST2=web2
10 | Client1=192.168.0.102
11 | Client2=192.168.0.103
12 | User=tom
13 | #password file must not be other-accessible.
14 | Passfile=/root/rsync.pass
15 | [ ! -e $Passfile ] && exit 2
16 | #Wait for change
17 | inotifywait -mrq --timefmt '%y-%m-%d %H:%M' --format '%T %w%f %e' \
18 | --event modify,create,move,delete,attrib $SRC|while read line
19 | do
20 | echo "$line" > /var/log/inotify_web 2>&1
21 | /usr/bin/rsync -avz --delete --progress --password-file=$Passfile $SRC \ ${User}@$Client1::$DEST1 >>/var/log/sync_web1 2>&1
22 | /usr/bin/rsync -avz --delete --progress --password-file=$Passfile $SRC \ ${User}@$Client2::$DEST2 >>/var/log/sync_web2 2>&1
23 | done &
24 |
--------------------------------------------------------------------------------
/chapter_03/3.9.5_example(3):
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | while true #无限循环while
3 | do
4 | clear
5 | echo "---------------------------------"
6 | echo "1. Display CPU info:"
7 | echo "2. Display system load:"
8 | echo "3. Display Mem and swap info:"
9 | echo "4. Display filesystem mount info:"
10 | echo "5. Exit Program:"
11 | echo "---------------------------------"
12 | read -p "Please select an iterm(1-5):" U_SELECT
13 | case $U_SELECT in
14 | 1)
15 | echo $(cat /proc/cpuinfo)
16 | read -p "Press Enter to continue:"
17 | ;;
18 | 2)
19 | echo $(uptime)
20 | read -p "Press Enter to continue:"
21 | ;;
22 | 3)
23 | echo $(free)
24 | read -p "Press Enter to continue:"
25 | ;;
26 | 4)
27 | echo "$(df -h)"
28 | read -p "Press Enter to continue:"
29 | ;;
30 | 5)
31 | exit
32 | ;;
33 |
34 | *)
35 | read -p "Please Select 1-5, Press Enter to continue:"
36 | esac
37 | done
38 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_templates.cfg:
--------------------------------------------------------------------------------
1 | define contact{
2 | name generic-contact
3 | service_notification_period 24x7
4 | host_notification_period 24x7
5 | service_notification_options w,u,c,r,f,s
6 | host_notification_options d,u,r,f,s
7 | service_notification_commands notify-service-by-email
8 | host_notification_commands notify-host-by-email
9 | register 0
10 | }
11 | define host{
12 | name generic-host
13 | notifications_enabled 1
14 | event_handler_enabled 1
15 | flap_detection_enabled 1
16 | failure_prediction_enabled 1
17 | process_perf_data 1
18 | retain_status_information 1
19 | retain_nonstatus_information 1
20 | notification_period 24x7
21 | register 0
22 | }
23 | …其余部分省略…
24 |
--------------------------------------------------------------------------------
/chapter_06/6.1.1_防火墙操作:
--------------------------------------------------------------------------------
1 | 查看filter表的所有规则:
2 | [root@centos7 ~]# iptables -nL
3 | 查看nat表的所有规则:
4 | [root@centos7 ~]# iptables -t nat -nL
5 | 清空filter表中的所有规则:
6 | [root@centos7 ~]# iptables -F
7 | 往filter表添加一条新的入站规则,丢弃192.168.0.1主机发送给防火墙本机的所有数据包。
8 | [root@centos7 ~]# iptables -A INPUT -s 192.168.0.1 -j DROP
9 | 往filter表插入一条新的入站规则,拒绝192.168.0.22 ping防火墙本机:
10 | [root@centos7 ~]# iptables -I INPUT -s 192.168.0.22 -p icmp -j REJECT
11 | 查看filter表中防火墙规则并显示规则编号:
12 | [root@centos7 ~]# iptables -nL --line-number
13 | 删除filter表中INPUT链的第一条规则:
14 | [root@centos7 ~]# iptables -D INPUT 1
15 | 替换filter表中INPUT链的第二条规则,拒绝192.168.0.254之外的任何主机连接防火墙本机:
16 | [root@centos7 ~]# iptables -R INPUT 2 ! -s 192.168.0.254 -j REJECT
17 | 修改filter表中INPUT链的默认规则为接收数据包:
18 | [root@centos7 ~]# iptables -t filter -P INPUT ACCEPT
19 | 将192.168.0.10主机发送给防火墙本机22端口的所有数据包信息记录到messages日志:
20 | [root@centos7 ~]# iptables -I INPUT -s 192.168.0.10 -p tcp --dport 22 -j LOG
21 | 允许任何主机从eno16777736网络接口访问防火墙本机的80端口:
22 | [root@centos7 ~]# iptables -I INPUT -i eno16777736 --p tcp --dport 80 -j ACCEPT
23 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_contacts.cfg:
--------------------------------------------------------------------------------
1 | define contact{
2 | #联系人姓名
3 | contact_name nagiosadmin
4 | #调用templates.cfg文件中定义的generic-contact
5 | use generic-contact
6 | #定义联系人别名
7 | alias Nagios Admin
8 | #定义联系人邮箱
9 | email nagios@test.com
10 | }
11 | define contactgroup{
12 | #定义联系人组admins
13 | contactgroup_name admins
14 | #定义组别名
15 | alias Nagios Administrators
16 | #定义组成员,多个成员用分号隔开
17 | members nagiosadmin
18 | }
19 | … …其余部分省略… …
20 |
21 | 修改时间定义配置文件,文件名为timeperiods.cfg,用于定义报警时间周期。
22 | [root@nagios ~]# vim /usr/local/nagios/etc/objects/timeperiods.cfg
23 |
24 | define timeperiod{
25 | #定义报警时间为7×24小时
26 | timeperiod_name 24x7
27 | alias 24 Hours A Day, 7 Days A Week
28 | Sunday 00:00-24:00
29 | Monday 00:00-24:00
30 | Tuesday 00:00-24:00
31 | Wednesday 00:00-24:00
32 | Thursday 00:00-24:00
33 | Friday 00:00-24:00
34 | Saturday 00:00-24:00
35 | }
36 | … …其余部分省略… …
37 |
--------------------------------------------------------------------------------
/chapter_04/4.4.2_proftpd.conf:
--------------------------------------------------------------------------------
1 | ServerName "ProFTPD Default Installation" #客户端连接后显示的提示字符
2 | ServerType standalone #服务器启动模式,独立后台进程
3 | DefaultServer on #作为默认服务器
4 | Port 21 #默认监听21端口
5 | UseIPv6 off #禁用IPv6
6 | Umask 022 #权限掩码
7 | MaxInstances 30 #最大并发连接为30
8 | User nobody #启动服务器的账户
9 | Group nogroup #启动服务器的组账户
10 | AllowRetrieveRestart on #允许断点继传(上传)
11 | AllowStoreRestart on #允许断点继传(下载)
12 | UseEncoding UTF-8 CP936 #支持的编码格式(中文)
13 | RootLogin off #禁止root登录ftp
14 | SystemLog /var/log/proftp.log #产生独立的日志文件
15 | TransferLog /var/log/proftp.log #记录用户下载的日志信息
16 |
17 | #DefaultRoot ~ #默认共享路径的根路径
18 |
19 | AllowOverwrite on #是否允许使用文件覆盖权限
20 | #权限设置
21 | DenyAll
22 |
23 | #匿名访问设置,默认为匿名访问
24 | User ftp
25 | Group ftp
26 | UserAlias anonymous ftp
27 | MaxClients 10
28 | DisplayLogin welcome.msg
29 | DisplayChdir .message
30 |
31 | DenyAll
32 |
33 |
34 |
--------------------------------------------------------------------------------
/chapter_04/4.5.6_subversion.conf:
--------------------------------------------------------------------------------
1 | LoadModule dav_svn_module modules/mod_dav_svn.so #加载dav_svn模块
2 | LoadModule authz_svn_module modules/mod_authz_svn.so #加载权限设置模块
3 | #除了这两个模块,还要确保/etc/httpd/conf/httpd.conf文件中dav_module模块也会被加载
4 | #• a) readable and writable by the 'apache' user, and
5 | #默认Apache的启动用户为apache,所以需要apache用户对版本库有读写权限
6 | # b) labelled with the 'httpd_sys_content_t' context if using SELinux
7 | #如果开启了SELinux,则版本库目录需要有httpd_sys_content_t安全上下文标签
8 | # To create a new repository "http://localhost/repos/stuff" using
9 | # this configuration, run as root:
10 |
11 | #以下内容是配置文件提供的操作步骤模板
12 | # # cd /var/www/svn
13 | # # svnadmin create stuff
14 | # # chown -R apache.apache stuff
15 | # # chcon -R -t httpd_sys_content_t stuff
16 | #
17 |
18 | #当用户的URL是以/svn开始(http://hostname/svn/...),Apache会将控制权交于DAV处理
19 | DAV svn
20 | SVNParentPath /var/svn
21 | #通过SVNParentPath指定所有版本库的主目录(发布所有的版本库)
22 | #也可以通过SVNPath指定某个特定版本库的路径(发布特定的版本库)
23 | AuthType Basic #Apache认证方式
24 | AuthName "Please input password" #提示字符
25 | AuthUserFile /var/svn/.pass #账户文件路径,为了安全,应隐藏该文件
26 | Require valid-user #设置仅为有效用户可以访问
27 |
28 |
--------------------------------------------------------------------------------
/chapter_04/4.10.5_nginx.conf:
--------------------------------------------------------------------------------
1 | worker_processes 1;
2 | error_log logs/error.log info;
3 | pid logs/nginx.pid;
4 | events {
5 | worker_connections 1024;
6 | }
7 | http {
8 | include mime.types;
9 | default_type application/octet-stream;
10 | log_format main '$remote_addr - $remote_user [$time_local] "$request" '
11 | '$status $body_bytes_sent "$http_referer" '
12 | '"$http_user_agent" "$http_x_forwarded_for"';
13 | access_log logs/access.log main;
14 | sendfile on;
15 | keepalive_timeout 65;
16 | gzip on;
17 | error_page 404 /404.html;
18 | error_page 500 502 503 504 /50x.html;
19 | server {
20 | listen 443 ssl;
21 | server_name www.abc.com;
22 | ssl_certificate cert.pem;
23 | ssl_certificate_key cert.key;
24 | ssl_session_timeout 5m;
25 | ssl_protocols SSLv2 SSLv3 TLSv1;
26 | ssl_ciphers HIGH:!aNULL:!MD5;
27 | ssl_prefer_server_ciphers on;
28 | location / {
29 | root html;
30 | index index.html index.htm;
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/chapter_04/4.2.4_smb.conf:
--------------------------------------------------------------------------------
1 | #==================== Global Settings =================================
2 | [global]
3 | workgroup = STAFF
4 | server string = ABC.corp share
5 | log file = /var/log/samba/log.%m
6 | max log size = 50
7 | security = user
8 | passdb backend = tdbsam
9 | load printers = yes
10 | cups options = raw
11 | #========================= Share Definitions ==========================
12 | [homes]
13 | comment = Home Directories
14 | browseable = no
15 | writable = yes
16 | [sales]
17 | comment = sales share
18 | path = /ABC/sales
19 | browseable = yes
20 | guest ok = no
21 | writable = no
22 | write list = @sales
23 | [design]
24 | comment = design share
25 | path = /ABC/design
26 | browseable = yes
27 | guest ok = no
28 | writable = no
29 | write list = @design
30 | [develop]
31 | comment = develop share
32 | path = /ABC/develop
33 | browseable = yes
34 | guest ok = no
35 | writable = no
36 | write list = @develop
37 | [ops]
38 | comment = ops share
39 | path = /ABC/ops
40 | browseable = yes
41 | guest ok = no
42 | writable = no
43 | write list = @ops
44 | [share]
45 | comment = common share
46 | path = /ABC/share
47 | browseable = yes
48 | guest ok = no
49 | writable = yes
50 |
--------------------------------------------------------------------------------
/chapter_04/4.9.2_Apache安装:
--------------------------------------------------------------------------------
1 | [root@centos7 ~]# wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.4.20.tar.gz
2 | [root@centos7 ~]# wget http://mirror.bjtu.edu.cn/apache/apr/apr-1.5.2.tar.gz
3 | [root@centos7 ~]# wget http://mirror.bjtu.edu.cn/apache/apr/apr-util-1.5.4.tar.gz
4 | [root@centos7 ~]# yum -y install gcc autoconf automake make \
5 | > pcre pcre-devel openssl openssl-devel
6 | [root@centos7 ~]# tar -xzf httpd-2.4.20.tar.gz -C /usr/src/
7 | [root@centos7 ~]# tar -xzf apr-1.5.2.tar.gz -C /usr/src/
8 | [root@centos7 ~]# tar -xzf apr-util-1.5.4.tar.gz -C /usr/src/
9 | [root@centos7 ~]# cd /usr/src/ apr-1.5.2/
10 | [root@centos7 apr-1.4.6]# ./configure
11 | [root@centos7 apr-1.4.6]# make && make install
12 | [root@centos7 apr-1.4.6]# cd /usr/src/apr-util-1.5.4/
13 | [root@centos7 apr-util-1.5.2]# ./configure --with-apr=/usr/local/apr/
14 | [root@centos7 apr-util-1.5.2]# make && make install
15 | [root@centos7 apr-util-1.5.2]# cd /usr/src/httpd-2.4.20/
16 | [root@centos7 httpd-2.4.4]# ./configure --prefix=/usr/local/apache2 --enable-so \
17 | > --enable-ssl --enable-rewrite --with-mpm=worker --with-suexec-bin \
18 | > --with-apr=/usr/local/apr/
19 | [root@centos7 httpd-2.4.4]# make && make install
20 |
--------------------------------------------------------------------------------
/chapter_04/4.9.5_http-ssl.conf:
--------------------------------------------------------------------------------
1 | Listen 443 #监听端口
2 | SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
3 | SSLPassPhraseDialog builtin
4 | SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" #缓存
5 | SSLSessionCacheTimeout 300 #超时时间
6 | #设置虚拟主机
7 | DocumentRoot "/usr/local/apache2/htdocs/secret" #设置网站根目录
8 | ServerName www.abc.com:443 #设置域名及端口
9 | ServerAdmin you@example.com #设置管理员邮箱
10 | ErrorLog "/usr/local/apache2/logs/error_log" #设置错误日志
11 | TransferLog "/usr/local/apache2/logs/access_log" #设置访问日志
12 | SSLEngine on #开启SSL引擎
13 | SSLCertificateFile "/usr/local/apache2/conf/server.crt" #设置证书文件
14 | SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" #设置私钥文件
15 |
16 | SSLOptions +StdEnvVars
17 |
18 |
19 | SSLOptions +StdEnvVars
20 |
21 | BrowserMatch "MSIE [2-5]" \
22 | nokeepalive ssl-unclean-shutdown \
23 | downgrade-1.0 force-response-1.0
24 | CustomLog "/usr/local/apache2/logs/ssl_request_log" \
25 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
26 |
27 |
--------------------------------------------------------------------------------
/chapter_04/4.8.6_named.conf:
--------------------------------------------------------------------------------
1 | options
2 | {
3 | directory "/var/named"; // "Working" directory
4 | dump-file "data/cache_dump.db";
5 | statistics-file "data/named_stats.txt";
6 | memstatistics-file "data/named_mem_stats.txt";
7 | listen-on port 53 { any; };
8 | allow-query { any; };
9 | allow-query-cache { any; };
10 | recursion yes;
11 | };
12 | acl secondserver {
13 | 192.168.0.102;
14 | };
15 | view "developnet" {
16 | match-clients { 172.16.0.88; };
17 | zone "abc.com" IN {
18 | type master;
19 | allow-transfer { 192.168.0.102; };
20 | file "abc.com.zone.develop";
21 | };
22 | zone "16.172.in-addr.arpa" IN {
23 | type master;
24 | allow-transfer { 192.168.0.102; };
25 | file "172.16.zone.develop";
26 | };
27 | };
28 | view "technet" {
29 | match-clients { 172.16.0.89; };
30 | zone "abc.com" IN {
31 | type master;
32 | allow-transfer { 192.168.0.102; };
33 | file "abc.com.zone.tech";
34 | };
35 | zone "16.172.in-addr.arpa" IN {
36 | type master;
37 | allow-transfer { 192.168.0.102; };
38 | file "172.16.zone.tech";
39 | };
40 | };
41 | view "root" {
42 | match-clients { any; };
43 | zone "." IN {
44 | type hint;
45 | file "named.ca";
46 | };
47 | };
48 |
--------------------------------------------------------------------------------
/chapter_08/8.2.5_keepalived.conf:
--------------------------------------------------------------------------------
1 | ! Configuration File for keepalived
2 |
3 | global_defs {
4 | notification_email {
5 | test@gmail.com
6 | }
7 | notification_email_from root@localhost
8 | smtp_server 127.0.0.1
9 | smtp_connect_timeout 30
10 | router_id lvs_1
11 | }
12 |
13 | vrrp_instance LVS_HA {
14 | state MASTER #lvs_2为BACKUP
15 | interface eno33554984
16 | virtual_router_id 60 #lvs_2的VRID必须与lvs_1相同
17 | priority 100 #在相同的VRID组中优先级高者为主设备
18 | advert_int 1
19 | authentication {
20 | auth_type PASS
21 | auth_pass 1111
22 | }
23 | virtual_ipaddress {
24 | 192.168.0.253/24
25 | }
26 | }
27 |
28 | virtual_server 192.168.0.253 80 {
29 | delay_loop 6
30 | lb_algo rr
31 | lb_kind DR
32 | nat_mask 255.255.255.0
33 | persistence_timeout 50
34 | protocol TCP
35 |
36 | real_server 192.168.0.1 80 {
37 | weight 1
38 | TCP_CHECK {
39 | connect_timeout 20
40 | connect_port 80
41 | nb_get_retry 3
42 | }
43 | }
44 | real_server 192.168.0.2 80 {
45 | weight 1
46 | TCP_CHECK {
47 | connect_timeout 20
48 | connect_port 80
49 | nb_get_retry 3
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/chapter_04/4.7.2_dhcpd.conf:
--------------------------------------------------------------------------------
1 | #dhcpd.conf
2 | #定义全局参数:默认搜索域
3 | option domain-name "example.org";
4 | #定义全局参数:域名服务器,多个DNS服务器使用逗号隔开
5 | option domain-name-server ns1.example.org, ns2.example.org;
6 | #定义全局参数:默认租期,单位为秒
7 | default-lease-time 600;
8 | #定义全局参数:最大租期,单位为秒
9 | max-lease-time 7200;
10 | #定义10.152.187.0/255.255.255.0子网,但没有为该子网设置任何参数,花括号内为空
11 | subnet 10.152.187.0 netmask 255.255.255.0{
12 | }
13 | #定义10.254.239.0/255.255.255.224子网,IP地址池为10.254.239.10至19.254.239.20,
14 | #默认网关为rtr-239-0-1.example.org, rtr-239-0-2.example.org
15 | subnet 10.254.239.0 netmask 255.255.255.224 {
16 | range 10.254.239.10 10.254.239.20;
17 | option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
18 | }
19 | #定义10.5.5.0/255.255.255.224子网,IP地址池为10.5.5.26至10.5.5.30,
20 | #DNS服务器为ns1.internal.example.org,默认网关为10.5.5.1,广播地址为10.5.5.31,
21 | #默认租期为600s,最大租期为7200s,子网定义中的参数与全局参数有冲突时以子网定义参数
22 | #为准
23 | subnet 10.5.5.0 netmask 255.255.255.224 {
24 | range 10.5.5.26 10.5.5.30;
25 | option domain-name-servers ns1.internal.example.org;
26 | option domain-name "internal.example.org";
27 | option routers 10.5.5.1;
28 | option broadcast-address 10.5.5.31;
29 | default-lease-time 600;
30 | max-lease-time 7200;
31 | }
32 | #主机定义项:定义主机fantasia,通过该主机的MAC地址,绑定固定IP给该客户端,
33 | #以后该主机每次向服务器请求IP后,获得的将是fixed-address指定的固定IP地址。
34 | #当定义多个主机时,host后的主机名称要求是唯一的
35 | host fantasia {
36 | hardware ethernet 08:00:07:26:c0:a5;
37 | fixed-address fantasia.fugue.com;
38 | }
39 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_commands.cfg:
--------------------------------------------------------------------------------
1 | #定义命令,命令名称为notify-host-by-email,该命令的作用是当主机发生问题时通过mail
2 | #命令发送报错信息给联系人配置文件中定义的联系人电子邮箱
3 | define command{
4 | command_name notify-host-by-email
5 | command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
6 | }
7 | #定义命令,命令名称为notify-service-by-email,该命令的作用是当服务发送问题时通过
8 | #mail命令发送报错信息给联系人配置文件中定义的联系人电子邮箱
9 | define command{
10 | command_name notify-service-by-email
11 | command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
12 | }
13 | #定义命令check-host-alive,用于ping检查指定主机是否存活
14 | define command{
15 | command_name check-host-alive
16 | command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
17 | }
18 | … …其余部分省略… …
19 | #以下内容需要手动添加,用于进行远程主机监控,需要安装NRPE软件包
20 | define command{
21 | command_name check_nrpe
22 | command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
23 | }
24 |
--------------------------------------------------------------------------------
/chapter_04/4.6.2_rsync.conf:
--------------------------------------------------------------------------------
1 | #/etc/rsyncd.conf
2 | #设置服务器信息提示文件名称,在该文件中编写提示信息
3 | motd file = /etc/rsyncd.motd
4 | #开启Rsync数据传输日志功能
5 | transfer logging = yes
6 | #设置日志文件名称,可以通过log format参数设置日志格式
7 | log file = /var/log/rsyncd.log
8 | #设置Rsync进程号保存文件名称
9 | pid file = /var/run/rsyncd.pid
10 | #设置锁文件名称
11 | lock file = /var/run/rsync.lock
12 | #设置服务器监听的端口号,默认为873
13 | port = 873
14 | #设置服务器所监听网卡接口的IP地址,这里服务器IP地址为192.168.0.254
15 | address = 192.168.0.254
16 | #设置进行数据传输时所使用的账户名称或ID号,默认使用nobody
17 | uid = nobody
18 | #设置进行数据传输时所使用的组名称或GID号,默认使用nobody
19 | gid = nobody
20 | #设置user chroot为yes后,rsync会首先进行chroot设置,将根映射到path参数路径下,对客户
21 | #端而言,系统的根就是path参数所指定的路径。但这样做需要root权限,并且在同步符号
22 | #连接资料时仅会同步名称,而内容将不会同步。
23 | use chroot = no
24 | #是否允许客户端上传数据,这里设置为只读。
25 | read only = yes
26 | #设置并发连接数,0代表无限制。超出并发数后,如果依然有客户端连接请求,则将会收
27 | #到稍后重试的提示消息
28 | max connections = 10
29 | #模块,Rsync通过模块定义同步的目录,模块以[name]的形式定义,这与Samba定义共
30 | #享目录是一样的效果。在Rsync中也可以定义多个模块
31 | [common]
32 | #comment定义注释说明字串
33 | comment = Web content
34 | #同步目录的真实路径通过path指定
35 | path = /common
36 | #忽略一些IO错误
37 | ignore errors
38 | #exclude可以指定例外的目录,即将common目录下的某个目录设置为不同步数据
39 | #exclude = test/
40 | #设置允许连接服务器的账户,账户可以是系统中不存在的用户
41 | auth users = tom,jerry
42 | #设置密码验证文件名称,注意该文件的权限要求为只读,建议权限为600,仅在设置auth users
43 | #参数后有效
44 | secrets file = /etc/rsyncd.secrets
45 | #设置允许哪些主机可以同步数据,可以是单个IP,也可以是网段,多个IP与网段之间使用空
46 | #格分隔
47 | hosts allow=192.168.0.0/255.255.255.0
48 | #设置拒绝所有(除hosts allow定义的主机外)
49 | hosts deny=*
50 | #客户端请求显示模块列表时,本模块名称是否显示,默认为true
51 | list = false
52 |
--------------------------------------------------------------------------------
/chapter_03/3.9.8_proftpd:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #Startup script for proftpd
4 | #chkconfig: - 89 77
5 | #Description:Proftpd is a secure and configurable FTP Server.
6 | #Program:/usr/local/proftpd/sbin/proftpd
7 | #Configure file:/etc/proftpd.conf
8 |
9 | #Synopsis:
10 | # proftpd --help {start|stop|restart|status}
11 |
12 | #Define variable
13 | Proftpd=/usr/local/proftpd/sbin/proftpd
14 | Pidfile=/usr/local/proftpd/var/proftpd.pid
15 | Program=$(basename $0)
16 | Hint_color="echo -en \\033[1;32m"
17 | Orig_color="echo -e \\033[0m"
18 | Tab="\t\t\t\t\t\t\t"
19 | #Functions
20 |
21 | usage(){
22 | echo "Usage:$Program [--help] {start|stop|restart|status}"
23 | }
24 |
25 | start(){
26 | if [ -e $Pidfile ];then
27 | echo "Proftpd alread running..."
28 | else
29 | echo -en "Starting Proftpd:${Tab}[ "
30 | /usr/local/proftpd/sbin/proftpd
31 | ${Hint_color}OK;${Orig_color}" ]"
32 | fi
33 | }
34 | stop(){
35 | if [ -e $Pidfile ];then
36 | echo -en "Stopping Proftpd:${Tab}[ "
37 | kill -TERM $(cat ${Pidfile})
38 | ${Hint_color}OK;${Orig_color}" ]"
39 | else
40 | echo "Proftpd already stopped."
41 | fi
42 | }
43 | status(){
44 | if [ -e $Pidfile ];then
45 | echo "Proftpd ($(cat $Pidfile)) is running..."
46 | else
47 | echo "Proftpd is stopped."
48 | fi
49 | }
50 | if [ $# -gt 0 ];then
51 | case $1 in
52 | start)
53 | start
54 | ;;
55 | stop)
56 | stop
57 | ;;
58 | restart)
59 | stop
60 | sleep 0.2
61 | start
62 | ;;
63 | status)
64 | status
65 | ;;
66 | --help|*)
67 | usage
68 | esac
69 | else
70 | usage
71 | fi
72 |
--------------------------------------------------------------------------------
/chapter_04/4.10.4_nginx.conf:
--------------------------------------------------------------------------------
1 | user nobody;
2 | worker_processes 1;
3 | error_log logs/error.log info;
4 | pid logs/nginx.pid;
5 | events {
6 | worker_connections 4;
7 | }
8 | http {
9 | include mime.types;
10 | default_type application/octet-stream;
11 | log_format main '$remote_addr - $remote_user [$time_local] "$request" '
12 | '$status $body_bytes_sent "$http_referer" '
13 | '"$http_user_agent" "$http_x_forwarded_for"';
14 | sendfile on;
15 | keepalive_timeout 65;
16 | gzip on;
17 |
18 | server {
19 | listen 80;
20 | server_name www.domain.com *.domain.com;
21 | access_log logs/www.domain.com.access.log main;
22 | location / {
23 | root html/domain;
24 | index index.html index.htm;
25 | }
26 | error_page 500 502 503 504 /50x.html;
27 | location = /50x.html {
28 | root html;
29 | }
30 | location ~ /\.ht {
31 | deny all;
32 | }
33 | }
34 | server {
35 | listen 80;
36 | server_name web.domain.com;
37 | location / {
38 | root html/web;
39 | index index.html index.htm;
40 | }
41 | }
42 | server {
43 | listen 80;
44 | server_name www.example.com;
45 | location / {
46 | root html/example;
47 | index index.html index.htm;
48 | }
49 | }
50 | server {
51 | listen 80 default_server;
52 | location / {
53 | root html/default;
54 | index index.html index.htm;
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_web1.cfg:
--------------------------------------------------------------------------------
1 | define host{
2 | use linux-server
3 | host_name web1
4 | alias web1.example.com
5 | address 192.168.0.104
6 | }
7 | define hostgroup{
8 | hostgroup_name webs
9 | alias Linux Servers
10 | members web1
11 | }
12 | define service{
13 | use generic-service
14 | host_name web1
15 | service_description PING
16 | check_command check_ping!100.0,20%!500.0,60%
17 | notifications_enabled 1
18 | }
19 | define service{
20 | use generic-service
21 | host_name web1
22 | service_description Sys_Load
23 | check_command check_nrpe!check_load
24 | notifications_enabled 1
25 | }
26 | define service{
27 | use generic-service
28 | host_name web1
29 | service_description Current Users
30 | check_command check_nrpe!check_users
31 | notifications_enabled 1
32 | }
33 | define service{
34 | use generic-service
35 | host_name web1
36 | service_description Total Processes
37 | check_command check_nrpe!check_total_procs
38 | notifications_enabled 1
39 | }
40 | define service{
41 | use generic-service
42 | host_name web1
43 | service_description SSH
44 | check_command check_ssh
45 | notifications_enabled 1
46 | }
47 | define service{
48 | use generic-service
49 | host_name web1
50 | service_description HTTP
51 | check_command check_http
52 | notifications_enabled 1
53 | }
54 |
--------------------------------------------------------------------------------
/chapter_03/3.9.8_dhcp:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Auto deploy DHCP Server for 192.168.0.0/24 network
3 | #This script need you have yum repository.
4 | #Author: Jacob
5 | #变量定义,主要包括网络、子网、地址池等信息
6 | NET=192.168.0.0
7 | MASK=255.255.255.0
8 | RANGE="192.168.0.10 192.168.0.50"
9 | DNS=202.106.0.20
10 | DOMAIN_NAME="example.com"
11 | ROUTER=192.168.0.254
12 | #函数定义,测试yum源
13 | test_yum(){
14 | yum list dhcp >/dev/null 2&>1
15 | if [ $? -ne 0 ] ; then
16 | echo
17 | echo "There was an error to connect to Yum repository."
18 | echo "Please verify your yum repository settings and try again."
19 | echo
20 | exit
21 | fi
22 | }
23 | #保存原有的配置文件
24 | test_conf(){
25 | if [ -f /etc/dhcp/dhcpd.conf ];then
26 | mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcp.conf.save
27 | fi
28 | }
29 | #创建新的配置文件
30 | create_conf(){
31 | cat > /etc/dhcp/dhcpd.conf </dev/null 2&>1
55 | if [ $? -ne 0 ] ; then
56 | test_yum
57 | yum -y install dhcp >/dev/null 2&>1
58 | fi
59 | test_conf
60 | create_conf
61 | systemctl start dhcpd #启动服务
62 | systemctl enable dhcpd #开机启动
63 |
--------------------------------------------------------------------------------
/chapter_08/8.4.3_haproxy.cfg:
--------------------------------------------------------------------------------
1 | global
2 | maxconn 4096
3 | log 127.0.0.1 local3 info
4 | chroot /var/haproxy
5 | uid 99
6 | gid 99
7 | daemon
8 | nbproc 1
9 | pidfile /var/run/haproxy.pid
10 | ulimit-n 65535
11 | stats socket /var/tmp/stats
12 | defaults
13 | log global
14 | mode http
15 | maxconn 20480
16 | option httplog
17 | option httpclose
18 | option dontlognull
19 | option forwardfor
20 | option redispatch
21 | option abortonclose
22 | stats refresh 30
23 | retries 3
24 | balance roundrobin
25 | cookie SRV
26 | timeout check 2000ms
27 | timeout connect 5000ms
28 | timeout server 50000ms
29 | timeout client 50000ms
30 | listen admin_status #定义HAProxy的监控界面
31 | bind 0.0.0.0:6553
32 | mode http
33 | log 127.0.0.1 local3 info
34 | stats enable
35 | stats refresh 5s #监控统计页面自动刷新时间为5s
36 | stats realm Haproxy\ Statistics #登录监控统计页面提示符
37 | stats uri /admin?stats #监控页面URL路径
38 | stats auth admin1:AdMiN123 #查看HAProxy监控页面的账户与密码
39 | stats hide-version #隐藏HAProxy版本信息
40 |
41 | frontend web_serivce #定义终端用户访问的前端服务器
42 | bind 0.0.0.0:80
43 | mode http
44 | log global
45 | option httplog
46 | option httpclose
47 | option forwardfor
48 | acl inside_src src 192.168.0.0/24 #定义ACL
49 | #use_backend调用ACL定义,如果源地址为192.168.0.0/24,则代理服务器将会把请求
50 | #转发给inside_servers服务器组
51 | use_backend inside_servers if inside_src
52 | default_backend external_servers
53 | backend external_servers
54 | mode http
55 | balance roundrobin #轮询真实服务器
56 | #检查真实服务器的index.html文件,以此判断服务器的健康状态
57 | option httpchk GET /index.html
58 | #定义后端真实服务器,向cookie信息中插入web1信息,check代表允许对服务器进行
59 | #健康检查,健康检查的时间间隔为2000ms,连续两次健康检查成功则认为服务器是
60 | #有效开启的,连续三次健康检查失败后,认为服务器已经宕机,服务器权重为1
61 | server web1 192.168.0.1:80 cookie web1 check inter 2000 rise 2 fall 3 weight 1
62 | server web2 192.168.0.2:80 cookie web2 check inter 2000 rise 2 fall 3 weight 1
63 | backend inside_servers
64 | mode http
65 | balance roundrobin
66 | option httpchk GET /index.html
67 | server web1 192.168.0.3:80 cookie web3 check inter 1500 rise 3 fall 3 weight 1
68 |
--------------------------------------------------------------------------------
/chapter_03/3.9.7_function_demo:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Simple function demo.
3 | HINT(){ #打印提示符
4 | read -p "Press Enter tocontinue:"
5 | }
6 | CPU_INFO(){ #查看CPU信息
7 | echo
8 | echo -e "\033[4;31mPrint the CPU info:\033[0m"
9 | cat /proc/cpuinfo |awk 'BEGIN {FS=":"} /model name/{print "CPU Model:" $2}'
10 | cat /proc/cpuinfo |awk 'BEGIN {FS=":"} /cpu MHz/{print "CPU Speed:" $2"MHz"}'
11 | grep -Eq 'svm|vmx' /proc/cpuinfo && echo "Virtualization: Support" || \
12 | echo "Virtualization: No support"
13 | echo
14 | }
15 | LOAD_INFO(){ #查看系统负载
16 | echo
17 | echo -e "\033[4;31mPrint the system load:\033[0m"
18 | uptime |awk 'BEGIN{FS=":"}{print $5}'|awk 'BEGIN{FS=","}\ #\为转义换行
19 | {print "Last 1 minutes system load:"$1"\n""Last 5 minutes system load:"$2"\n"\
20 | "Last 15 minutes system load:"$3}'
21 | echo
22 | }
23 | MEM_INFO(){ #查看内存与交换分区信息
24 | echo
25 | echo -e "\033[4;31mPrint the Memory and Swap info:\033[0m"
26 | free |grep buffers/cache|awk '{print "Mem free:"$4" Bytes"}'
27 | free |grep Swap|awk '{print "Swap free:"$4" Bytes"}'
28 | echo
29 | }
30 | DISK_INFO(){ #查看磁盘挂载信息
31 | echo
32 | echo -e "\033[4;31mPrint system disk space usage:\033[0m"
33 | df -h
34 | echo
35 | }
36 | while true
37 | do
38 | clear
39 | echo "---------------------------------"
40 | echo "1. Display CPU info:"
41 | echo "2. Display system load:"
42 | echo "3. Display Mem and swap info:"
43 | echo "4. Display filesystem mount info:"
44 | echo "5. Exit Script:"
45 | echo "---------------------------------"
46 | read -p "Please select an iterm(1-4):" U_SELECT
47 | case $U_SELECT in
48 | 1)
49 | CPU_INFO #通过函数名称调用函数
50 | HINT
51 | ;;
52 | 2)
53 | LOAD_INFO
54 | HINT
55 | ;;
56 | 3)
57 | MEM_INFO
58 | HINT
59 | ;;
60 | 4)
61 | DISK_INFO
62 | HINT
63 | ;;
64 | 5)
65 | exit
66 | ;;
67 | *)
68 | read -p "Please Select 1-4, Press Enter to continue:"
69 | esac
70 | done
71 |
--------------------------------------------------------------------------------
/chapter_04/4.4.4_proftpd.conf:
--------------------------------------------------------------------------------
1 | ServerName "ProFTPD Default Installation"
2 | ServerType standalone
3 | DefaultServer on
4 | UseEncoding UTF-8 CP936
5 | Port 21
6 | AllowRetrieveRestart on
7 | AllowStoreRestart on
8 | UseIPv6 off
9 | Umask 022
10 | RootLogin off
11 | MaxInstances 30
12 | SystemLog /var/log/proftp.log
13 | TransferLog /var/log/proftp.log
14 | User proftp
15 | Group proftp
16 | DefaultRoot /var/ftp
17 | AllowOverwrite on
18 | #下面的匿名共享部分全部使用#注释,取消匿名访问功能
19 | #
20 | # User ftp
21 | # Group ftp
22 | # UserAlias anonymous ftp
23 | # MaxClients 10
24 | # DisplayLogin welcome.msg
25 | # DisplayChdir .message
26 | #
27 | # DenyAll
28 | #
29 | #
30 | #用户登录是否需要shell(对虚拟用户很重要)
31 | RequireValidShell off
32 | #通过文件认证用户登录,需要使用ftpasswd命令创建该文件
33 | AuthUserFile /usr/local/proftpd/ftpd.passwd
34 |
35 | #允许所有的人可以查看根目录
36 | AllowAll
37 |
38 |
39 |
40 |
41 | #拒绝所有的人往该目录下执行Limit后的操作指令
42 | DenyAll
43 |
44 |
45 | #禁止任何人在该目录下删除文件
46 | DenyAll
47 |
48 |
49 | #仅允许tomcat用户可以执行Limit后的所有指令
50 | AllowUser tomcat
51 |
52 |
53 |
54 |
55 | DenyAll
56 |
57 |
58 | DenyAll
59 |
60 |
61 | AllowUser jacob,jack
62 |
63 |
64 |
65 |
66 | DenyAll
67 |
68 |
69 | DenyAll
70 |
71 |
72 | AllowUser sales1
73 |
74 |
75 |
76 |
77 | DenyAll
78 |
79 |
80 | DenyAll
81 |
82 |
83 | AllowUser design1
84 |
85 |
86 |
--------------------------------------------------------------------------------
/chapter_08/8.5.2_nginx.conf:
--------------------------------------------------------------------------------
1 | user nobody;
2 | worker_processes 1;
3 | error_log logs/error.log notice;
4 | pid logs/nginx.pid;
5 |
6 | events {
7 | worker_connections 5024;
8 | }
9 |
10 | http {
11 | include mime.types;
12 | default_type application/octet-stream;
13 | log_format main '$remote_addr - $remote_user [$time_local] "$request" '
14 | '$status $body_bytes_sent "$http_referer" '
15 | '"$http_user_agent" "$http_x_forwarded_for" ';
16 | sendfile on;
17 | tcp_nopush on;
18 | server_tokens off;
19 | keepalive_timeout 65;
20 | keepalive_requests 100;
21 | #启动网页压缩功能
22 | gzip on;
23 | #容量小于1000B的内容不压缩
24 | gzip_min_length 1000;
25 | #压缩缓存的个数与容量
26 | gzip_buffers 16 32k;
27 | #指定压缩文件类型
28 | gzip_types text/plain application/xml;
29 | #压缩级别,可以是1至9之间的数字,数字越大,压缩效果越好,速度也越慢
30 | gzip_comp_level 2;
31 | #设置客户端请求的缓存大小
32 | client_body_buffer_size 128K;
33 | #设置客户端请求所允许的最大文件容量
34 | client_max_body_size 100m;
35 | #客户端请求的Header缓存大小
36 | large_client_header_buffers 4 8K;
37 | #启用代理缓冲功能
38 | proxy_buffering on;
39 | #从被代理服务器(真实服务器)所获取的第一部分响应数据的缓存大小
40 | proxy_buffer_size 8k;
41 | #从被代理服务器读取响应数据的缓存个数与容量
42 | proxy_buffers 8 128K;
43 | #设置缓存目录及其他缓存参数,缓存路径为/usr/local/nginx/cache,levels用来设置子
44 | #目录个数,keys_zone定义缓冲名称及容量(名称为one,容量为100MB),inactive定义
45 | #缓存的存活时间为1天,max_size设置硬盘缓存容量为2GB。这里定义的缓存为one,将
46 | #在下面使用proxy_cache指令调用该缓存
47 | proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=one:100m inactive= 1d max_size=2G;
48 | #与后端服务器建立TCP握手的超时时间
49 | proxy_connect_timeout 60s;
50 | #设置后端服务器组,名称为servers
51 | upstream servers {
52 | #ip_hash使用IP哈希值确保相同IP的客户端使用相同的后端服务器,不使用该参数调
53 | #度器将采用轮询的方式进行数据转发
54 | #ip_hash;
55 | #max_fails设置连接后端服务器3次失败则认为服务器处于无效状态,fail_timeout设置
56 | #连接后端服务器超时时间为30s,weight设置权重为2
57 | server 192.168.0.1:80 max_fails=3 fail_timeout=30s weight=2;
58 | server 192.168.0.2:80 max_fails=3 fail_timeout=30s weight=2;
59 | }
60 | server {
61 | listen 80;
62 | server_name www.example.com;
63 | access_log logs/host.access.log main;
64 | location / {
65 | proxy_pass http://servers;
66 | proxy_cache one;
67 | proxy_set_header X-Forwarded-For $remote_addr;
68 | }
69 | }
70 | }
71 |
--------------------------------------------------------------------------------
/chapter_04/4.6.1_iscsi操作指南:
--------------------------------------------------------------------------------
1 | [root@centos7 ~]# yum -y install targetcli
2 | [root@centos7 ~]# fdisk -l |grep /dev/sd
3 | Disk /dev/sda: 128.8 GB, 128849018880 bytes
4 | /dev/sda1 * 2048 1026047 512000 83 Linux
5 | /dev/sda2 1026048 251658239 125316096 8e Linux LVM
6 | Disk /dev/sdb: 107.4 GB, 107374182400 bytes
7 | Disk /dev/sdc: 107.4 GB, 107374182400 bytes
8 | /dev/sdc1 2048 41945087 20971520 83 Linux
9 | /dev/sdc2 41945088 83888127 20971520 83 Linux
10 | /dev/sdc3 83888128 125831167 20971520 83 Linux
11 | Disk /dev/sdd: 107.4 GB, 107374182400 bytes
12 | [root@centos7 ~]# targetcli #下面方框中粗体字需要自己输入
13 |
14 | Warning: Could not load preferences file /root/.targetcli/prefs.bin.
15 | targetcli shell version 2.1.fb41
16 | Copyright 2011-2013 by Datera, Inc and others.
17 | For help on commands, type 'help'.
18 | /> ls #查看配置
19 | o- /................................................[...]
20 | o-backstores.....................................[...]
21 | |o- block .......................................[Storage Objects: 0]
22 | |o- fileio......................................[Storage Objects: 0]
23 | |o- pscsi ......................................[Storage Objects: 0]
24 | |o- ramdisk.....................................[Storage Objects: 0]
25 | o-iscsi ........................................[Targets: 0]
26 | o-loopback......................................[Targets: 0]
27 | /> backstores/block create iscsi_store /dev/sdb
28 | #定义后端存储,这里我们准备用/dev/sdb做共享存储
29 | /> /iscsi create iqn.2016-06.com.example:server
30 | #定义共享名称(IQN)为:iqn.2016-06.com.example:server
31 | /> /iscsi/iqn.2016-06.com.example:server/tpg1/acls create iqn.2016-06com.example:desktop
32 | #设置访问控制权限,客户端配置文件需要配置iqn.2016-06.com.example:desktop,才可以访问iqn.2016-06com.example:server这个共享磁盘
33 | /> iscsi/iqn.2016-06.com.example:server/tpg1/luns create /backstores/block/iscsi_store
34 | #将IQN共享名称和前面定义的后端存储绑定在一起,客户端访问IQN将获取该存储空间
35 | /> iscsi/iqn.2016-06.com.example:server/tpg1/portals create 0.0.0.0
36 | #配置服务器监听的IP地址和端口,0.0.0.0为本机所有IP,默认端口为3260.
37 | /> exit #退出配置程序,该程序会自动保存所有操作
38 |
39 | [root@centos7 ~]# systemctl start target #启动服务
40 | [root@centos7 ~]# systemctl enable target #设置开机启动
41 | [root@centos7 ~]# firewall-cmd --permanent --add-port=3260/tcp [root@centos7 ~]# firewall-cmd --reload
42 |
--------------------------------------------------------------------------------
/chapter_07/7.2.4_demo.xml:
--------------------------------------------------------------------------------
1 |
2 | demo-dump
3 | b2a187e3-e17d-4551-9c19-bc7c38a8926d
4 | 2000049
5 | 2000896
6 | 1
7 |
8 | hvm
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 | destroy
18 | restart
19 | restart
20 |
21 | /usr/libexec/qemu-kvm
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 | system_u:object_r:svirt_image_t:s0:c368,c589
65 |
66 |
67 |
--------------------------------------------------------------------------------
/chapter_05/5.2.2_安装Nagios:
--------------------------------------------------------------------------------
1 | [root@nagios ~]# yum -y install gd gd-devel openssl openssl-devel \
2 | > httpd php gcc glibc glibc-common make net-snmp wget
3 | 安装Nagios主程序时,源码包软件可以从sourceforge.net网站下载。安装前需要为nagios创建账户与组,这样在配置nagios软件时就可以使--with-nagios-user和--with-nagios-group指定以普通账号的身份运行该软件。最后需要通过多个make install安装部署不用的监控配置文件与目录:
4 | [root@nagios ~]# wget http://prdownloads.sourceforge.net\
5 | >/sourceforge/nagios/nagios-3.5.0.tar.gz
6 | [root@nagios ~]# groupadd nagios
7 | [root@nagios ~]# useradd -g nagios nagios
8 | [root@nagios ~]# tar -xzf nagios-3.5.0.tar.gz -C /usr/src/
9 | [root@nagios ~]# cd /usr/src/nagios/
10 | [root@nagios nagios]# ./configure --with-nagios-user=nagios\
11 | >--with-nagios-group=nagios
12 | [root@nagios nagios]# make all
13 | [root@nagios nagios]# make install #安装主程序,CGI以及HTML文件
14 | [root@nagios nagios]# make install-init #安装启动脚本/etc/init.d/nagios
15 | [root@nagios nagios]# make install-commandmode #安装与配置目录权限
16 | [root@nagios nagios]# make install-config #安装配置文件模板
17 |
18 | 由于nagios最终将以Web的形式进行管理与监控,安装过程中使用make install-webconf命令将生成一个Web配置文件,install-webconf添加Apache附加配置文件/etc/httpd/conf.d/nagios.conf,该文件使得管理员可以通过访问Web管理与维护Nagios监控系统,安装Ngios插件:
19 | [root@nagios nagios]# make install-webconf
20 |
21 | Nagios的特色之一就是其拥有众多强大的插件,读者可以根据自己的实际需求有选择地安装部署这些插件,插件的具体功能介绍可以参考nagios官方网站,本书案例中将安装nagios-plugins和nrpe两个插件软件包。
22 | [root@nagios ~]# wget http://prdownloads.sourceforge.net/sourceforge\
23 | >/nagiosplug/nagios-plugins-1.4.16.tar.gz
24 | [root@nagios ~]# tar -xzf nagios-plugins-1.4.16.tar.gz -C /usr/src/
25 | [root@nagios ~]# cd /usr/src/nagios-plugins-1.4.16/
26 | [root@nagios nagios-plugins-1.4.16]# ./configure --prefix=/usr/local/nagios/
27 | [root@nagios nagios-plugins-1.4.16]# make
28 | [root@nagios nagios-plugins-1.4.16]# make install
29 | [root@nagios ~]# wget http://downloads.sourceforge.net\
30 | >/project/nagios/nrpe-2.x/nrpe-2.14/nrpe-2.14.tar.gz
31 | [root@nagios ~]# tar -xzf nrpe-2.14.tar.gz -C /usr/src/
32 | [root@nagios ~]# cd /usr/src/nrpe-2.14/
33 | [root@nagios ~]# ./configure
34 | [root@nagios ~]# make all
35 | [root@nagios ~]# make install-plugin
36 | [root@nagios ~]# make install-daemon
37 | [root@nagios ~]# make install-daemon-config
38 | [root@nagios ~]# chown -R nagios.nagios /usr/local/nagios
39 | [root@nagios ~]# setenforce 0
40 | [root@nagios ~]# sed –i 's/=enforcing/=permissive/' /etc/sysconfig/selinux
41 |
42 | 安装Nagios时已经复制了一份nagios.conf文件到Apache配置文件/etc/httpd/conf.d/目录下,用于设定访问权限。下面根据实际需要创建账户信息文件,系统会提示输入账户密码。
43 | [root@nagios ~]# htpasswd -c /usr/local/nagios/etc/htpasswd.users tomcat
44 |
--------------------------------------------------------------------------------
/chapter_04/4.2.3_smb.conf:
--------------------------------------------------------------------------------
1 | [global] #定义全局策略
2 | workgroup = MYGROUP #定义工作组
3 | server string = Samba Server Version %v
4 | #服务器提示字串,默认显示samba版本,建议修改默认值以防止针对版本的网络攻击
5 | ;interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
6 | #如果你的服务器有多个网络接口,可以通过interfaces选项指定Samba监听哪些网络接口
7 | ;hosts allow = 127. 192.168.12. 192.168.13. EXCEPT 192.168.13.13
8 | #hosts allow指定仅允许哪些主机有权访问Samba服务器资源,该参数可以放置在全局
9 | #段也可以放置在共享段。与此相反的选项是hosts deny,用来设置黑名单列表,这里可
10 | #以指定允许访问的主机名、IP地址或网段,当指定网段时可以使用192.168.12.或
11 | #192.168.12.0/255.255.255.0两种格式,使用EXCEPT可以指定例外的IP地址
12 | log file = /var/log/samba/log.%m
13 | #定义日志文件,因为使用了Samba变量%m,所以每个访问共享的主机会产生独立的
14 | #日志文件,%m会被替换为客户端的主机名
15 | max log size = 50
16 | #定义日志单个文件最大容量为50KB
17 | security = user
18 | #设置security选项将影响客户端访问samba的方式,是非常重要的设置选项之一。security
19 | #可以被设置为uesr、share、server或domain,user代表通过用户名、密码验证访问者的身份,
20 | #账户需要是服务器本机系统账户;share代表匿名访问;server代表基于验证身份的访问,
21 | #但账户信息保存在另一台SMB服务器上;domain同样是基于验证的访问,账户信息保存在活动目
22 | #录中
23 | passdb backend = tdbsam
24 | #账户与密码的存储方式,smbpasswd代表使用老的明文格式存储账户及密码;tdbsam代
25 | #表基于TDB的密文格式存储;ldapsam代表使用LDAP存储账户资料
26 | deadtime = 10
27 | #客户端在10分钟内没有打开任何Samba资源,服务器将自动关闭会话,在大量的并发访问环境中,
28 | #这样的设置可以提高服务器性能
29 | display charset = UTF8 #设置显示使用的字符集为UTF8
30 | max connections = 0
31 | #设置最大连接数,0代表无限制,若设置该规则超过此限制的连接请求服务器将拒绝连接
32 | guest account = nobody #设置匿名账号为nobody
33 | load printers = yes #是否共享打印机
34 | cups options = raw #打印属性
35 | [homes] #共享名称
36 | comment = Home Directories #注释,共享的描述信息
37 | browseable = no #共享目录是否可以被浏览
38 | writable = yes #共享目录是否可以进行写操作
39 | [printers] #打印机共享
40 | comment = All Printers
41 | path = /var/spool/samba #打印机共享池
42 | browseable = no
43 | guest ok = no
44 | writable = no
45 | printable = yes
46 | [common] #共享名称为common
47 | comment = Common share #注释,共享描述信息
48 | path = /common #重要,指定共享路径
49 | valid users =tom jerry #有效账户列表
50 | create mask = 0750 #客户端上传文件的默认权限,默认为0744
51 | directory mask = 0775 #客户端创建目录的默认权限,默认为0755
52 | browseable = yes #共享目录是否对所有的人可见(yes或no)
53 | writable = no
54 | write list = tom #写权限账户列表,这里设置tom可写
55 | admin users =tom #该共享的管理员,具有完全权限
56 | invalid users = root bin #禁止root与bin访问common共享
57 | guest ok = no #是否允许匿名访问,仅当全局设置security=share时有效(yes或no)
58 |
--------------------------------------------------------------------------------
/chapter_06/6.1.4_firewalld:
--------------------------------------------------------------------------------
1 | 查看默认zone,结果为trusted:
2 | [root@centos7 ~]# firewall-cmd --get-default-zone
3 | public
4 | 设置默认zone为trusted:
5 | [root@centos7 ~]# firewall-cmd --set-default-zone=trusted
6 | success
7 | 显示当前正在使用的zone信息:
8 | [root@centos7 ~]# firewall-cmd --get-active-zones
9 | trusted
10 | interfaces: eno16777736 eno33554984
11 | 显示系统预定义的zone,默认为九个zone:
12 | [root@centos7 ~]# firewall-cmd --get-zones
13 | block dmz drop external home internal public trusted work
14 | 显示系统预定义的服务名称:
15 | [root@centos7 ~]# firewall-cmd --get-services
16 | RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server wbem-https
17 | 查询eno16777736接口与哪个zone匹配,网卡与trusted匹配,则该网卡的流量执行eno16777736中定义的规则,默认将允许访问所有服务:
18 | [root@centos7 ~]# firewall-cmd --get-zone-of-interface=eno16777736
19 | Trusted
20 | 显示所有zone及其对应的规则信息:
21 | [root@centos7 ~]# firewall-cmd --list-all-zones
22 | block
23 | interfaces:
24 | sources:
25 | services:
26 | ports:
27 | masquerade: no
28 | forward-ports:
29 | icmp-blocks:
30 | rich rules:
31 |
32 | dmz
33 | interfaces:
34 | sources:
35 | services: ssh
36 | ports:
37 | masquerade: no
38 | 部分内容省略… …
39 | 在public这个zone中添加允许访问FTP服务的规则:
40 | [root@centos7 ~]# firewall-cmd --add-service=ftp --zone=public
41 | Success
42 | 从public这个zone中删除允许访问FTP服务的规则:
43 | [root@centos7 ~]# firewall-cmd --remove-service=ftp --zone=public
44 | Success
45 | 在public这个zone中添加允许访问3306端口的规则:
46 | [root@centos7 ~]# firewall-cmd --add-port=3306/tcp --zone=public
47 | Success
48 | 从public这个zone中删除允许访问3306端口的规则:
49 | [root@centos7 ~]# firewall-cmd --remove-port=3306/tcp --zone=public
50 | Success
51 | 将eno16777736网卡与public绑定,以后从该接口进入的流量,匹配public中的规则:
52 | [root@centos7 ~]# firewall-cmd --add-interface=eno16777736 --zone=public
53 | Success
54 | 将eno16777736网卡接口与public解除绑定:
55 | [root@centos7 ~]# firewall-cmd --remove-interface=eno33554984 --zone trusted
56 | 将源IP地址1.1.1.1与public绑定,以后该主机访问本机时匹配public中的规则:
57 | [root@centos7 ~]# firewall-cmd --add-source=1.1.1.1 --zone=public
58 | Success
59 | 查看默认zone的规则列表:
60 | [root@centos7 ~]# firewall-cmd --list-all
61 | 查看public这个zone的规则列表:
62 | [root@centos7 ~]# firewall-cmd --list-all --zone=public
63 | 在public这个zone中添加一条永久规则(允许访问3306端口),该规则再重启防火墙后依然有效:
64 | [root@centos7 ~]# firewall-cmd --permanent \
65 | > --add-port=3306/tcp --zone=public
66 | 重新加载读取防火墙规则:
67 | [root@centos7 ~]# firewall-cmd --reload
68 |
--------------------------------------------------------------------------------
/chapter_08/8.3.5_squid.conf:
--------------------------------------------------------------------------------
1 | acl manager proto cache_object #定义缓存管理ACL
2 | acl localhost src 127.0.0.1/32 ::1 #定义源地址为本地回环地址的ACL
3 | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 #定义目标地址的ACL
4 | acl localnet src 10.0.0.0/8 #定义源地址为10.0.0.0/8的ACL
5 | acl localnet src 172.16.0.0/12 #定义源地址ACL
6 | acl localnet src 192.168.0.0/16
7 | acl localnet src fc00::/7
8 | acl localnet src fe80::/10
9 | acl SSL_ports port 443 #定义安全端口为443的ACL
10 | acl Safe_ports port 80 #定义安全端口为80的ACL
11 | acl Safe_ports port 21 #定义安全端口为21的ACL
12 | acl Safe_ports port 443 # https
13 | acl Safe_ports port 70 # gopher
14 | acl Safe_ports port 210 # wais
15 | acl Safe_ports port 1025-65535 # unregistered ports
16 | acl Safe_ports port 280 # http-mgmt
17 | acl Safe_ports port 488 # gss-http
18 | acl Safe_ports port 591 # filemaker
19 | acl Safe_ports port 777 # multiling http
20 | acl CONNECT method CONNECT #定义连接方式为CONNECT的ACL
21 | http_access allow manager localhost #仅允许本机主机进行缓存管理
22 | http_access deny manager #拒绝其他主机的所有缓存管理
23 | #拒绝所有非Safe_ports的连接,Safe_ports为配置文件中所定义的若干端口
24 | http_access deny !Safe_ports
25 | http_access deny CONNECT !SSL_ports
26 | http_access allow localnet
27 | http_access allow localhost
28 | http_access allow all #允许所有
29 | visible_hostname squid.example.com #设置主机名称
30 | cache_mem 2048 MB #内存缓存总容量
31 | #内存可以缓存的单个文件最大容量为4MB
32 | maximum_object_size_in_memory 4096 KB
33 | #磁盘可以缓存的单个文件最大容量为4MB
34 | maximum_object_size 4096 KB
35 | #cache_dir定义硬盘缓冲目录为/var/spool/squid,缓存最大容量为800MB,Squid将在缓存
36 | #目录下创建16个一级子目录和256个二级子目录,这些目录用来分类管理缓存数据
37 | cache_dir ufs /var/spool/squid 800 16 256
38 | error_directory /usr/share/squid/errors/zh-cn #定义报错文件的存放目录
39 | cache_log /var/log/squid/cache.log #缓存日志文件
40 | cache_mgr admin@test.com #管理员邮箱
41 | #代理服务器监听的端口,accel设置squid为加速模式,vhost实现反向代理
42 | http_port 80 accel vhost
43 | #同时监听代理的3128端口,方便使用squidclient工具对缓存进行管理
44 | http_port 3128
45 | #配置后台源服务器,originserver模拟本机服务器为源服务器;80为HTTP端口;
46 | #设置ICP端口为0(源服务器不支持ICP查询);no-query表示禁止使用ICP对源服务器进
47 | #行查询;round-robin可以让代理轮询多台源服务器, 可以使用weigh=N为源服务器指定
48 | #权重;name用来设置源服务器的唯一名称,代理转发数据至相同主机的不同端口非常有用
49 | cache_peer 192.168.0.1 parent 80 0 no-query originserver round-robin name=server1
50 | cache_peer 192.168.0.2 parent 80 0 no-query originserver round-robin name=server1
51 | hierarchy_stoplist cgi-bin ? #禁止缓存CGI脚本
52 | #使用refresh_pattern应用在没有过期时间的数据,squid顺序检查refresh_pattern并
53 | #确定数据是否过期,格式如下:
54 | #refresh_pattern [-i] regexp min percent max [option]
55 | #refresh_pattern使用正则表达式匹配数据对象(-i选项表示不区分大小写)
56 | #min为过期的最低时间(单位为分钟),即对象在缓存中至少要存放的时间
57 | #max为最大时间
58 | #percent为百分比,如果squid最后修改系数算法低于该百分比则数据不过期
59 | refresh_pattern ^ftp: 1440 20% 10080
60 | refresh_pattern ^gopher: 1440 0% 1440
61 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
62 | refresh_pattern . 0 20% 4320
63 |
--------------------------------------------------------------------------------
/chapter_01/1.2.5_default:
--------------------------------------------------------------------------------
1 | default vesamenu.c32
2 | timeout 60
3 |
4 | display boot.msg
5 |
6 | # Clear the screen when exiting the menu, instead of leaving the menu displayed.
7 | # For vesamenu, this means the graphical background is still displayed without
8 | # the menu itself for as long as the screen remains in graphics mode.
9 | menu clear
10 | menu background splash.png
11 | menu title CentOS 7
12 | menu vshift 8
13 | menu rows 18
14 | menu margin 8
15 | #menu hidden
16 | menu helpmsgrow 15
17 | menu tabmsgrow 13
18 |
19 | # Border Area
20 | menu color border * #00000000 #00000000 none
21 |
22 | # Selected item
23 | menu color sel 0 #ffffffff #00000000 none
24 |
25 | # Title bar
26 | menu color title 0 #ff7ba3d0 #00000000 none
27 |
28 | # Press [Tab] message
29 | menu color tabmsg 0 #ff3a6496 #00000000 none
30 |
31 | # Unselected menu item
32 | menu color unsel 0 #84b8ffff #00000000 none
33 |
34 | # Selected hotkey
35 | menu color hotsel 0 #84b8ffff #00000000 none
36 |
37 | # Unselected hotkey
38 | menu color hotkey 0 #ffffffff #00000000 none
39 |
40 | # Help text
41 | menu color help 0 #ffffffff #00000000 none
42 |
43 | # A scrollbar of some type? Not sure.
44 | menu color scrollbar 0 #ffffffff #ff355594 none
45 |
46 | # Timeout msg
47 | menu color timeout 0 #ffffffff #00000000 none
48 | menu color timeout_msg 0 #ffffffff #00000000 none
49 |
50 | # Command prompt text
51 | menu color cmdmark 0 #84b8ffff #00000000 none
52 | menu color cmdline 0 #ffffffff #00000000 none
53 |
54 | # Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message.
55 |
56 | menu tabmsg Press Tab for full configuration options on menu items.
57 |
58 | menu separator # insert an empty line
59 | menu separator # insert an empty line
60 |
61 | label linux
62 | menu label ^Install CentOS 7
63 | menu default
64 | kernel vmlinuz
65 | append initrd=initrd.img inst.ks=ftp://172.16.0.254/ks.cfg quiet
66 |
67 | label check
68 | menu label Test this ^media & install CentOS 7
69 | kernel vmlinuz
70 | append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 rd.live.check quiet
71 |
72 | menu separator # insert an empty line
73 |
74 | # utilities submenu
75 | menu begin ^Troubleshooting
76 | menu title Troubleshooting
77 |
78 | label vesa
79 | menu indent count 5
80 | menu label Install CentOS 7 in ^basic graphics mode
81 | text help
82 | Try this option out if you're having trouble installing
83 | CentOS 7.
84 | endtext
85 | kernel vmlinuz
86 | append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 xdriver=vesa nomodeset quiet
87 |
88 | label rescue
89 | menu indent count 5
90 | menu label ^Rescue a CentOS system
91 | text help
92 | If the system will not boot, this lets you access files
93 | and edit config files to try to get it booting again.
94 | endtext
95 | kernel vmlinuz
96 | append initrd=initrd.img inst.stage2=hd:LABEL=CentOS\x207\x20x86_64 rescue quiet
97 |
98 | label memtest
99 | menu label Run a ^memory test
100 | text help
101 | If your system is having issues, a problem with your
102 | system's memory may be the cause. Use this utility to
103 | see if the memory is working correctly.
104 | endtext
105 | kernel memtest
106 |
107 | menu separator # insert an empty line
108 |
109 | label local
110 | menu label Boot from ^local drive
111 | localboot 0xffff
112 |
113 | menu separator # insert an empty line
114 | menu separator # insert an empty line
115 |
116 | label returntomain
117 | menu label Return to ^main menu
118 | menu exit
119 |
120 | menu end
121 |
--------------------------------------------------------------------------------
/chapter_04/4.10.3_nginx.conf:
--------------------------------------------------------------------------------
1 | #设置用户与组
2 | #user nobody;
3 | #启动子进程数,可以通过ps aux |grep nginx查看
4 | worker_processes 1;
5 | #错误日志文件,以及日志级别
6 | error_log logs/error.log info;
7 | #进程号保存文件
8 | pid logs/nginx.pid;
9 | events {
10 | #每个进程可以处理的连接数,受系统文件句柄的限制
11 | worker_connections 1024;
12 | }
13 | http {
14 | #mime.types为文件类型定义文件
15 | include mime.types;
16 | #默认文件类型
17 | default_type application/octet-stream;
18 | #使用log_format可以自定义日志格式,名称为main
19 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
20 | # '$status $body_bytes_sent "$http_referer" '
21 | # '"$http_user_agent" "$http_x_forwarded_for"';
22 | #创建访问日志,格式采用main定义的格式
23 | #access_log logs/access.log main;
24 | #是否调用sendfile()进行数据复制,sendfile()复制数据是在内核级别完成的,所以会比
25 | #一般的read、write更高效
26 | sendfile on;
27 | #开启后服务器的响应头部信息产生独立的数据包发送,即一个响应头信息一个包
28 | tcp_nopush on;
29 | #保持连接的超时时间
30 | keepalive_timeout 65;
31 | #是否采用压缩功能,将页面压缩后传输更节省流量
32 | gzip on;
33 | #使用server定义虚拟主机
34 | server {
35 | #服务器监听的端口
36 | listen 80;
37 | #访问域名
38 | server_name www.jacob.com;
39 | #编码格式,如果网页编码与此设置不同,则将被自动转码
40 | #charset koi8-r;
41 | #设置虚拟主机的访问日志
42 | #access_log logs/host.access.log main;
43 | #对URL进行匹配
44 | location / {
45 | #设置网页根路径,使用的是相对路径,html指的是处于Nginx安装路径下
46 | root html;
47 | #首页文件,先找index.html,若没有,再找index.htm
48 | index index.html index.htm;
49 | }
50 | #设置错误代码对应的错误页面
51 | #error_page 404 /404.html;
52 | # redirect server error pages to the static page /50x.html
53 | error_page 500 502 503 504 /50x.html;
54 | location = /50x.html {
55 | root html;
56 | }
57 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80
58 | #下面三行注释行表明,若用户访问URL以.php结尾,则自动将该请求转交给
59 | #127.0.0.1服务器,通过proxy_pass可以实现代理功能
60 | #location ~ \.php$ {
61 | # proxy_pass http://127.0.0.1;
62 | #}
63 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
64 | #location ~ \.php$ {
65 | # root html;
66 | # fastcgi_pass 127.0.0.1:9000;
67 | # fastcgi_index index.php;
68 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
69 | # include fastcgi_params;
70 | #}
71 | # deny access to .htaccess files, if Apache's document root
72 | # concurs with nginx's one
73 | #拒绝所有的人访问.ht页面
74 | #location ~ /\.ht {
75 | # deny all;
76 | #}
77 | }
78 | # another virtual host using mix of IP-, name-, and port-based configuration
79 | #定义虚拟主机
80 | #server {
81 | # listen 8000;
82 | # listen somename:8080;
83 | # server_name somename alias another.alias;
84 | # location / {
85 | # root html;
86 | # index index.html index.htm;
87 | # }
88 | #}
89 | # HTTPS server
90 | #server {
91 | #监听TLS使用的443端口
92 | # listen 443;
93 | # server_name localhost;
94 | #开启SSL功能
95 | # ssl on;
96 | #指定证书文件,使用相对路径证书需要存放在与nginx.conf同目录下
97 | # ssl_certificate cert.pem;
98 | #指定私钥文件,使用相对路径私钥需要存放在与nginx.conf同目录下
99 | # ssl_certificate_key cert.key;
100 | # ssl_session_timeout 5m;
101 | # ssl_protocols SSLv2 SSLv3 TLSv1;
102 | # ssl_ciphers HIGH:!aNULL:!MD5;
103 | # ssl_prefer_server_ciphers on;
104 | # location / {
105 | # root html;
106 | # index index.html index.htm;
107 | # }
108 | #}
109 | }
110 |
--------------------------------------------------------------------------------
/chapter_01/1.2.5_dhcpd.conf:
--------------------------------------------------------------------------------
1 | # dhcpd.conf
2 | #
3 | # Sample configuration file for ISC dhcpd
4 | #
5 |
6 | # option definitions common to all supported networks...
7 | option domain-name "example.org";
8 | option domain-name-servers ns1.example.org, ns2.example.org;
9 |
10 | default-lease-time 600;
11 | max-lease-time 7200;
12 |
13 | # Use this to enble / disable dynamic dns updates globally.
14 | #ddns-update-style none;
15 |
16 | # If this DHCP server is the official DHCP server for the local
17 | # network, the authoritative directive should be uncommented.
18 | #authoritative;
19 |
20 | # Use this to send dhcp log messages to a different log file (you also
21 | # have to hack syslog.conf to complete the redirection).
22 | log-facility local7;
23 |
24 | # No service will be given on this subnet, but declaring it helps the
25 | # DHCP server to understand the network topology.
26 | subnet 172.16.0.0 netmask 255.255.0.0 {
27 | range 172.16.0.100 172.16.0.200;
28 | option domain-name-servers 202.106.0.20;
29 | option routers 172.16.0.254;
30 | default-lease-time 600;
31 | max-lease-time 7200;
32 | next-server 172.16.0.254;
33 | filename "pxelinux.0";
34 | }
35 |
36 |
37 | subnet 10.152.187.0 netmask 255.255.255.0 {
38 | }
39 |
40 | # This is a very basic subnet declaration.
41 |
42 | subnet 10.254.239.0 netmask 255.255.255.224 {
43 | range 10.254.239.10 10.254.239.20;
44 | option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
45 | }
46 |
47 | # This declaration allows BOOTP clients to get dynamic addresses,
48 | # which we don't really recommend.
49 |
50 | subnet 10.254.239.32 netmask 255.255.255.224 {
51 | range dynamic-bootp 10.254.239.40 10.254.239.60;
52 | option broadcast-address 10.254.239.31;
53 | option routers rtr-239-32-1.example.org;
54 | }
55 |
56 | # A slightly different configuration for an internal subnet.
57 | subnet 10.5.5.0 netmask 255.255.255.224 {
58 | range 10.5.5.26 10.5.5.30;
59 | option domain-name-servers ns1.internal.example.org;
60 | option domain-name "internal.example.org";
61 | option routers 10.5.5.1;
62 | option broadcast-address 10.5.5.31;
63 | default-lease-time 600;
64 | max-lease-time 7200;
65 | }
66 |
67 | # Hosts which require special configuration options can be listed in
68 | # host statements. If no address is specified, the address will be
69 | # allocated dynamically (if possible), but the host-specific information
70 | # will still come from the host declaration.
71 |
72 | host passacaglia {
73 | hardware ethernet 0:0:c0:5d:bd:95;
74 | filename "vmunix.passacaglia";
75 | server-name "toccata.fugue.com";
76 | }
77 |
78 | # Fixed IP addresses can also be specified for hosts. These addresses
79 | # should not also be listed as being available for dynamic assignment.
80 | # Hosts for which fixed IP addresses have been specified can boot using
81 | # BOOTP or DHCP. Hosts for which no fixed address is specified can only
82 | # be booted with DHCP, unless there is an address range on the subnet
83 | # to which a BOOTP client is connected which has the dynamic-bootp flag
84 | # set.
85 | host fantasia {
86 | hardware ethernet 08:00:07:26:c0:a5;
87 | fixed-address fantasia.fugue.com;
88 | }
89 |
90 | # You can declare a class of clients and then do address allocation
91 | # based on that. The example below shows a case where all clients
92 | # in a certain class get addresses on the 10.17.224/24 subnet, and all
93 | # other clients get addresses on the 10.0.29/24 subnet.
94 |
95 | class "foo" {
96 | match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
97 | }
98 |
99 | shared-network 224-29 {
100 | subnet 10.17.224.0 netmask 255.255.255.0 {
101 | option routers rtr-224.example.org;
102 | }
103 | subnet 10.0.29.0 netmask 255.255.255.0 {
104 | option routers rtr-29.example.org;
105 | }
106 | pool {
107 | allow members of "foo";
108 | range 10.17.224.10 10.17.224.250;
109 | }
110 | pool {
111 | deny members of "foo";
112 | range 10.0.29.10 10.0.29.230;
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright {yyyy} {name of copyright owner}
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------