linux 相关配置操作 待总结

chmod 755 jdk-6u45-linux-x64.bin
./ jdk-6u45-linux-x64.bin
vi /etc/profile
export JAVA_HOME=/usr/java/jdk1.6.0_45
export JRE_HOME=/usr/java/jdk1.6.0_45/jre
export JAVA_BIN=/usr/java/jdk1.6.0_45/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export JAVA_HOME JAVA_BIN PATH CLASSPATH
. /etc/profile
java –version

出现以下错误

[root@LVS /]# java -version
java version "1.5.0"
gij (GNU libgcj) version 4.4.7 20120313 (Red Hat 4.4.7-16)

Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[root@LVS /]# which java
/usr/bin/java
[root@LVS /]# ls /usr/bin/java -l
lrwxrwxrwx. 1 root root 22 Aug 10 23:39 /usr/bin/java -> /etc/alternatives/java
[root@LVS /]# /etc/alternatives/java
Usage: gij [OPTION] ... CLASS [ARGS] ...
to invoke CLASS.main, or
gij -jar [OPTION] ... JARFILE [ARGS] ...
to execute a jar file
Try `gij --help' for more information.
[root@LVS /]# ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 35 Aug 10 23:39 /etc/alternatives/java -> /usr/lib/jvm/jre-1.5.0-gcj/bin/java
[root@LVS /]# alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_72/jre/bin/java 300
[root@LVS /]# java -version
java version "1.5.0"
gij (GNU libgcj) version 4.4.7 20120313 (Red Hat 4.4.7-16)

Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[root@LVS /]# alternatives --config java

There are 2 programs which provide 'java'.

Selection    Command
-----------------------------------------------
*+ 1           /usr/lib/jvm/jre-1.5.0-gcj/bin/java
2           /usr/java/jdk1.7.0_72/jre/bin/java

Enter to keep the current selection[+], or type selection number: 2
[root@LVS /]# java -version
java version "1.7.0_72"
Java(TM) SE Runtime Environment (build 1.7.0_72-b14)
Java HotSpot(TM) 64-Bit Server VM (build 24.72-b04, mixed mode)

tomcat配置

tar –zxvf apache-tomcat-7.0.47.tar.gz
vi catalina.sh
JAVA_OPTS="-Xms1024m  -Xmx1024m  -XX:MaxNewSize=512m -XX:MaxPermSize=512m  -Djava.awt.headless=true  -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8"
cygwin=false

server.xml

<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8"  />
<Context path="" reloadable="true" docBase="/opt/java/webapp" crossContext="true"/>

并发优化配置

<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"  enableLookups="false" maxThreads="1024" minSpareThreads="25"  maxSpareThreads="75"  acceptCount="100"
redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8"  />

二级域名session共享配置

<Context useHttpOnly="true" sessionCookiePath="/" sessionCookieDomain=".XXXX.com" />

利用cronolog 分割Tomcat日志

#tar -xvzf cronolog.tar.gz
#cd cronolog
#./configure --prefix=/usr/local/cronolog
#make
#make install
# which cronolog
/usr/local/sbin/cronolog
# vi bin/catalina.sh

1.找到 touch "CATALINA_BASE"/logs/catalina.out 并注释掉

2.找到（注意：有两处）

org.apache.catalina.startup.Bootstrap "$@" start /

>> "$CATALINA_BASE"/logs/catalina.out 2&1 &

替换为

org.apache.catalina.startup.Bootstrap "$@" start 2>&1 | /usr/local/sbin/cronolog "$CATALINA_BASE"/logs/catalina.%Y-%m-%d.out >> /dev/null &

# >> "$CATALINA_OUT" 2>&1 &

服务安装配置

1. 将$Tomcat_HOME/bin目录下的catalina.sh脚本复制到目录/etc/init.d中，重命名为tomcat

2. 修改刚才复制的tomcat脚本：

　　在脚本的第三行后面插入下面两行

　　# chkconfig: 2345 10 90

　　# description:Tomcat service

　　第一行是服务的配置：第一个数字是服务的运行级，2345表明这个服务的运行级是2、3、4和5级（Linux的运行级为0到6）；第二个数字是启动优先级，数值从0到99；第三个数是停止优先级，数值也是从0到99。

　 第二行是对服务的描述

在脚本中设置　CATALINA_HOME　和　JAVA_HOME　这两个脚本必需的环境变量，如：

　　　　CATALINA_HOME=/usr/share/tomcat

　　　　JAVA_HOME=/usr/share/java/jdk

chmod a+x /etc/init.d/tomcat

3. chkconfig --add tomcat

Mysql安装配置

rpm -qa|grep-i mysql
rpm -e mysql-libs --nodeps
rpm -ivh MySQL-server- 5.5.36-1.linux2.6.x86_64.rpm --nodeps --force
rpm -ivh MySQL-client- 5.5.36-1.linux2.6.x86_64.rpm
cp/usr/share/mysql/ my-innodb-heavy-4G.cnf /etc/my.cnf
vi /etc/my.cnf
[client]
default-character-set= utf8
[mysqld]
character_set_server=utf8
init_connect='SET NAMES utf8'

log_bin_trust_function_creators=true

update user set host = '%' where user = 'root';    //这个命令执行错误时可略过
update user set    `Select_priv` = 'Y',  `Insert_priv` = 'Y',  `Update_priv` = 'Y',  `Delete_priv` = 'Y',  `Create_priv` = 'Y',  `Drop_priv` = 'Y',  `Reload_priv` = 'Y',  `Shutdown_priv` = 'Y',  `Process_priv` = 'Y',  `File_priv` = 'Y',  `Grant_priv` = 'Y',  `References_priv` = 'Y',  `Index_priv` = 'Y',  `Alter_priv` = 'Y',  `Show_db_priv` = 'Y',  `Super_priv` = 'Y',  `Create_tmp_table_priv` = 'Y',  `Lock_tables_priv` = 'Y',  `Execute_priv` = 'Y',  `Repl_slave_priv` = 'Y',  `Repl_client_priv` = 'Y',  `Create_view_priv` = 'Y',  `Show_view_priv` = 'Y',  `Create_routine_priv` = 'Y',  `Alter_routine_priv` = 'Y',  `Create_user_priv` = 'Y',  `Event_priv` = 'Y',  `Trigger_priv` = 'Y',  `Create_tablespace_priv` = 'Y'  where user='root' and host='localhost'
flush privileges;
UPDATE user SET password=PASSWORD("new password") WHERE user='root';

忘记密码

vi /etc/my.cnf
[mysqld]
skip-grant-tables
# /etc/init.d/mysql restart
mysql> USE mysql ;
mysql> UPDATE user SET Password = password ( 'new-password' ) WHERE User = 'root' ;
mysql> flush privileges ;
vi /etc/my.cnf

将刚才在[mysqld]的段中加上的skip-grant-tables删除

转移数据库目录

# /etc/init.d/mysql stop
mv /var/lib/mysql　/data/
vi /etc/my.cnf
[client]
#socket　 = /var/lib/mysql/mysql.sock
socket　 = /data/mysql/mysql.sock
[mysqld]
#socket　 = /var/lib/mysql/mysql.sock
socket　 = /data/mysql/mysql.sock
vi　/etc/init.d/mysql
#datadir=/var/lib/mysql
datadir=/data/mysql
chown -R mysql:mysql /data/mysql/
ln -s /data/mysql/mysql.sock /var/lib/mysql/mysql.sock

Mysql Error：1018：can't read dir of ‘./dbname’ <errno:13>

chown -R mysql:mysql /data/mysql/

定时任务添加

yum -y install vixie-cron
yum -y install crontabs
vi /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
0 */2 * * * root /opt/scripts/DBDailyBak.sh
service crond start

Mysql数据备份，删除10天前数据，DBDailyBak.sh

filename=$(date +%Y%m%d%H)
/usr/bin/mysqldump -uroot -pron --quick --all-databases --flush-logs --single-transaction>/mnt/data/backup/daily/$filename.sql
tar czvf /mnt/data/backup/daily/$filename.tar.gz /mnt/data/backup/daily/$filename.sql
rm -f /mnt/data/backup/daily/*.sql
find /data/backup/daily  -type f -mtime +10 | xargs rm -f

mysql数据库是否开启了InnoDB引擎

mysql>SHOW ENGINES;
mysql>SHOW VARIABLES LIKE "have_%";
mysql>SHOW VARIABLES LIKE 'plugin_dir';
mysql>SHOW PLUGINS;
mysql>INSTALL PLUGIN InnoDB SONAME 'ha_innodb.so';

删除MySQL目录下的ib_logfile0和ib_logfile1相关文件，修改my.cnf 下default-storage-engine = InnoDB重启数据库；注意数据备份，防止万一出错

如果是InnoDB: memory with malloc! Total allocated memory这个原因，系统内存不足

修改配置文件里innodb_buffer_pool_size=2G

开启linux端口

vi /etc/sysconfig/iptables

重启

/etc/init.d/iptables restart

linux 优化及安全配置：

#iptables 只开启80对外，SSH只允许内网连接
[root@LVS /]#Iptables –t filter –A RH-Firewall-1-INPUT –s 192.168.1.0/24 –p tcp –dport 22 –j ACCEPT
[root@LVS /]#Iptables –t filter -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#防SYN 防止同步包洪水（Sync Flood）
[root@LVS /]# iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#也有人写作
[root@LVS /]#iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
#--limit 1/s 限制syn并发数每秒1次，可以根据自己的需要修改
#防止各种端口扫描
[root@LVS /]# iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#Ping洪水攻击（Ping of Death）
[root@LVS /]# iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

<pre name="code" class="html">#修改sysctl.conf
[root@LVS /]# vi /etc/sysctl.conf
#打开SYN COOKIE功能：
[root@LVS /]# sysctl -w net.ipv4.tcp_syncookies=1
#降低重试次数：
[root@LVS /]# sysctl -w net.ipv4.tcp_synack_retries=3
[root@LVS /]# sysctl -w net.ipv4.tcp_syn_retries=3
[root@LVS /]# sysctl -w net.core.netdev_max_backlog = 32768
[root@LVS /]# sysctl -w net.core.somaxconn = 32768
[root@LVS /]# sysctl -w net.core.wmem_default = 8388608
[root@LVS /]# sysctl -w net.core.rmem_default = 8388608
[root@LVS /]# sysctl -w net.core.rmem_max = 16777216
[root@LVS /]# sysctl -w net.core.wmem_max = 16777216
[root@LVS /]# sysctl -w net.ipv4.ip_local_port_range = 1024 65000
[root@LVS /]# sysctl -w net.ipv4.route.gc_timeout = 100
[root@LVS /]# sysctl -w net.ipv4.tcp_fin_timeout = 30
[root@LVS /]# sysctl -w net.ipv4.tcp_keepalive_time = 1200
[root@LVS /]# sysctl -w net.ipv4.tcp_timestamps = 0
[root@LVS /]# sysctl -w net.ipv4.tcp_tw_recycle = 1
[root@LVS /]# sysctl -w net.ipv4.tcp_tw_reuse = 1
[root@LVS /]# sysctl -w net.ipv4.tcp_mem = 94500000 915000000 927000000
[root@LVS /]# sysctl -w net.ipv4.tcp_max_orphans = 3276800
[root@LVS /]# sysctl -w net.ipv4.tcp_max_syn_backlog = 65536

linux时间设置

cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

linux系统FTP服务器配置与管理

[root@iZ23s2nhlomZ ~]# rpm -qa|grep vsftpd
[root@iZ23s2nhlomZ ~]# yum install vsftpd
[root@iZ23s2nhlomZ ~]# lsb_release -a
[root@iZ23s2nhlomZ ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[root@iZ23s2nhlomZ ~]# yum install vsftpd
[root@iZ23s2nhlomZ ~]# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO  #禁止匿名访问
ascii_upload_enable #允许使用ascii码上传
ascii_download_enable #允许使用ascii码下载
userlist_deny=NO #（这条需手动添加到最后）使用FTP用户表，表里没有的用户需要添加才能登录
[root@iZ23s2nhlomZ ~]# /etc/init.d/vsftpd start
[root@iZ23s2nhlomZ ~]# chkconfig vsftpd on
[root@iZ23s2nhlomZ ~]# vi /etc/vsftpd/user_list
[root@iZ23s2nhlomZ ~]# useradd vip.com
[root@iZ23s2nhlomZ ~]# passwd vip.com
[root@iZ23s2nhlomZ ~]# vi /etc/vsftpd/ftpusers #root 开启root的ftp