set firewall family inet filter local_acl term DenyICMP from protocol icmp
set firewall family inet filter local_acl term DenyICMP from icmp-type echo-request
set firewall family inet filter local_acl term DenyICMP from icmp-type echo-reply
set firewall family inet filter local_acl term DenyICMP from icmp-type time-exceeded
set firewall family inet filter local_acl term DenyICMP from icmp-type unreachable
set firewall family inet filter local_acl term DenyICMP then discard
set firewall family inet filter local_acl term terminal_access from source-prefix-list Trusted_IP
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol tcp
set firewall family inet filter local_acl term terminal_access_denied from destination-port ssh
set firewall family inet filter local_acl term terminal_access_denied from destination-port telnet
set firewall family inet filter local_acl term terminal_access_denied from destination-port http
set firewall family inet filter local_acl term terminal_access_denied from destination-port https
set firewall family inet filter local_acl term terminal_access_denied then discard
set firewall family inet filter local_acl term default-term then accept
none
dnf update --refresh -y
dnf install dnf-plugin-system-upgrade -y
dnf system-upgrade download --releasever=$((`awk '{ print $3 }' /etc/fedora-release` + 1 )) --allowerasing -y
dnf system-upgrade reboot -y
dnf --releasever $((`awk '{ print $3 }' /etc/fedora-release` + 1 )) upgrade -y
一路从23逐步升级到31
AddNginxHost(){
cat>>/etc/nginx/conf/$1.conf<<EOF
server {
listen 80;
listen 443;
server_name www.$1 $1;
access_log /var/log/httpd/$1.log;
location /{
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_pass http://$2;
}
}
EOF
}
function banip () {
cat>/etc/nginx/ip/$1<<EOF
deny $1;
if (\$remote_addr = "$1"){return 400;}
if (\$http_x_forwarded_for = "$1"){return 400;}
if (\$proxy_add_x_forwarded_for = "$1"){return 400;}
EOF
nginx -s reload
}
function add_stream() {
cat > /etc/nginx/stream/$1.conf << EOF
server {
listen $1:80 reuseport;
listen $1:443 reuseport;
listen $1:623 udp reuseport;
listen $1:5900 reuseport;
listen $1:5985 reuseport;
listen $1:7578 reuseport;
listen $1:5120 reuseport;
listen $1:5122 reuseport;
listen $1:5123 reuseport;
listen $1:7582 reuseport;
listen $1:5124 reuseport;
listen $1:5126 reuseport;
listen $1:5127 reuseport;
proxy_connect_timeout 5s;
proxy_timeout 20s;
proxy_pass $2:\$server_port;
}
EOF
nginx -s reload
}
add_stream 103.213.246.4 10.0.13.13
snap()
{
if [ ! -n $1 ]; then exit 0 ;fi
lvcreate -L 50G -s -n $1_snap /dev/vg0/$1_img
kpartx -av /dev/mapper/vg0-$1_snap
mount /dev/mapper/vg0-$1_snap1 /mnt
ls /mnt/root/.bash_history
}
none
mysqlrootpwd=`openssl rand 6 -base64`
yum -y install epel-releas
yum -y install mysql mysql-server pdns pdns-backend-mysql
yum -y install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash
yum -y install php-pear-DB php-pear-MDB2-Driver-mysql
chkconfig --levels 235 httpd on
chkconfig --levels 235 mysqld on
chkconfig --levels 235 pdns on
#mysqladmin -u root password $mysqlrootpwd
mysqladmin create powerdns
mysql -Bse "create user 'powerdns'@'localhost' identified by '$mysqlrootpwd'"
mysql -Bse "grant all privileges on powerdns.* to 'powerdns'@'localhost'"
mysql -Bse "GRANT ALL ON powerdns.* TO 'powerdns'@'108.171.205.98' IDENTIFIED BY '$mysqlrootpwd'"
wget http://files.soluslabs.com/solusvm/pdns/pdns.sql
mysql --user=powerdns --password=$mysqlrootpwd < pdns.sql
cat>/etc/pdns/pdns.conf<<EOF
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-password=$mysqlrootpwd
gmysql-dbname=powerdns
EOF
/etc/init.d/mysqld restart
/etc/init.d/httpd restart
/etc/init.d/httpd start
/etc/init.d/pdns restart
wget -c https://github.com/poweradmin/poweradmin/tarball/master -O poweradmin.tar.gz
tar zxf poweradmin.tar.gz
mv poweradmin-* /var/www/html/poweradmin
chown -R apache:apache /var/www/html/poweradmin/