R语言运行环境及Rstudio安装配置

 未分类  No Responses »
9 月 282017
 

为CentOS 7服务器安装GNOME图形桌面

# yum groupinstall "GNOME Desktop"
# systemctl set-default graphical.target
# init 6

安装RealVNC远程桌面服务器端,启动并注册系统服务

# yum -y install VNC-Server-6.2.0-Linux-x64.rpm
# vnclicense -add X4FS7-483JZ-C8HVQ-DJE9J-HG4DA
# systemctl start vncserver-x11-serviced.service
# systemctl enable vncserver-x11-serviced.service

使用EPEL源安装R version 3.4.1

# yum install -y R-\*

下载并安装Microsoft R Open 3.4.1

# wget -c https://mran.revolutionanalytics.com/install/mro/3.4.1/microsoft-r-open-3.4.1.tar.gz
# tar xzf microsoft-r-open-3.4.1.tar.gz
# cd microsoft-r-open/
# ./install.sh

下载并安装RStudio Desktop(Open Source License)

# wget -c https://download1.rstudio.org/rstudio-1.0.153-x86_64.rpm
# yum install -y rstudio-1.0.153-x86_64.rpm

在GNOME桌面下运行RStudio客户端

 

Linux及Windows基于工具的端口转发

 未分类  No Responses »
9 月 222017
 

Linux及Windows基于工具和命令的端口转发配置

 

wget http://www.boutell.com/rinetd/http/rinetd.tar.gz&&tar -xvf rinetd.tar.gz&&cd rinetd
sed -i ‘s/65536/65535/g’ rinetd.c (修改端口范围)
mkdir /usr/man&&make&&make install

 

vi /etc/rinetd.conf
0.0.0.0 3306 MongoDB的链接地址 3306
logfile /var/log/rinetd.log

 

启动
rinetd

加入开机启动
echo rinetd >>/etc/rc.local

 

新增转发配置
netsh interface portproxy add v4tov4 listenaddress=服务器的公网IP地址 listenport=3306 connectaddress=服务的连接地址 connectport=3306

删除转发配置
netsh interface portproxy delete v4tov4 listenaddress=服务器的公网IP地址 listenport=3306

查看转发配置
netsh interface portproxy show all

Apache Tomcat非root权限加固配置

 未分类  No Responses »
7 月 222017
 

Apache Tomcat非root权限加固配置

[root@www_cluster1 ~]# cd /data/
[root@www_cluster1 data]# chown -R root.opsuser apache-tomcat-7.0.79/
[root@www_cluster1 data]# cd apache-tomcat-7.0.79/
[root@www_cluster1 apache-tomcat-7.0.79]# chmod -R g+w logs/ temp/ work/ webapps/
[root@www_cluster1 apache-tomcat-7.0.79]# chmod -R g+r conf/*
[root@www_cluster1 apache-tomcat-7.0.79]#

启用出站规则后cloudmonitor无法启动

 未分类  No Responses »
6 月 192017
 

启用严格出站规则后cloudmonitor无法启动处理

 

# iptables -I OUTPUT -p all -d 127.0.0.1 -j ACCEPT
# iptables -I INPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

 

# /usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh start
Starting cloudmonitor…
Waiting for cloudmonitor….
running: PID:7856
#

安装ntfs-3g使Linux支持NTFS分区挂载

 未分类  No Responses »
5 月 272017
 


https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

[harveymei@ops ~]$ sudo mount -t ntfs /dev/sda5 D/
 mount: unknown filesystem type 'ntfs'
[harveymei@ops ~]$

[harveymei@ops ~]$ sudo yum install ntfs-3g

[harveymei@ops ~]$ sudo mount -t ntfs /dev/sda5 D/
[harveymei@ops ~]$

使用iptables设置严格的系统出站规则

 未分类  No Responses »
5 月 182017
 

 

因CentOS 7 firewalld未支持出站规则,必要时仍需使用iptables进行防火墙管理

CentOS默认iptables规则

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

添加出站规则(先禁止,后允许)

iptables -I OUTPUT -j REJECT
iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -I OUTPUT -p icmp -j ACCEPT
iptables -I OUTPUT -p udp --dport 53 -j ACCEPT

添加出站规则(先允许,后禁止)

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -j REJECT

添加默认禁止出站规则后,所有已配置的允许入站规则,都需要配置相应的允许出站规则

 Older Entries  Newer Entries