使用脚本定时备份MongoDB指定数据库
[root@localhost ~]# mkdir -p /data/backup [root@localhost ~]# mkdir -p /data/backup/mongo [root@localhost ~]# cd /data/backup [root@localhost backup]# cat mbackup.sh # #!/bin/bash cd /data/backup mkdir -p risk.`date +%y%m%d` mongodump -uusername -p12345678 -d risk -o risk.`date +%y%m%d` sleep 2; tar czf mongo/risk.`date +%y%m%d`.tgz risk.`date +%y%m%d` sleep 2; rm -rf risk.`date +%y%m%d` exit 0; [root@localhost backup]#
使用脚本定时获取接口动态IP并处理保存
[root@localhost tmp]# cat listip.sh
#
#!/bin/bash
# run @ every 3 hour
cd /tmp/
#执行ping获取花生壳服务所返回的接口IP地址
/bin/ping ddns.domain.com -c 1 |grep 'time=' |awk {'print $4'} > listip.tmp
#处理IP地址后面的:符号
newip=$(sed -e 's/.$//' listip.tmp)
#将处理过的IP存入按日生成临时文件
echo $newip >> ip.`date +%y%m%d`.tmp
exit 0;
[root@localhost tmp]# cat getip.sh # #!/bin/bash # run @ everyday 23:50 cd /tmp/ #对按日生成临时文件中的IP地址进行排序并去除重复行导入按日保存文件 sort -k2n ip.`date +%y%m%d`.tmp |uniq > ip.`date +%y%m%d`.txt rm -f ip.`date +%y%m%d`.tmp exit 0; [root@localhost tmp]#
已启用iptables防火墙服务的主机,开放1099端口,启动服务,发现visualvm无法获取数据,jstatd日志无输出
[root@linuxcache bin]# ./jstatd -J-Djava.security.policy=jstatd.all.policy -J-Djava.rmi.server.logCalls=true -p 1099 Jun 28, 2016 3:06:04 PM sun.rmi.server.UnicastServerRef logCall FINER: RMI TCP Connection(1)-120.111.100.123: [120.111.100.123: sun.rmi.registry.RegistryImpl[0:0:0, 0]: void rebind(java.lang.String, java.rmi.Remote)] Jun 28, 2016 3:06:04 PM sun.rmi.server.UnicastServerRef logCall FINER: RMI TCP Connection(2)-120.111.100.123: [120.111.100.123: sun.rmi.transport.DGCImpl[0:0:0, 2]: java.rmi.dgc.Lease dirty(java.rmi.server.ObjID[], long, java.rmi.dgc.Lease)] Jun 28, 2016 3:06:13 PM sun.rmi.server.UnicastServerRef logCall FINER: RMI TCP Connection(3)-58.60.169.210: [58.60.169.210: sun.rmi.registry.RegistryImpl[0:0:0, 0]: java.rmi.Remote lookup(java.lang.String)]
通过查看jstatd进程端口监听,发现进程额外启用了一个随机端口。
[root@linuxcache ~]# netstat -lutnp |grep jstatd tcp 0 0 0.0.0.0:1099 0.0.0.0:* LISTEN 23209/./jstatd tcp 0 0 0.0.0.0:55941 0.0.0.0:* LISTEN 23209/./jstatd [root@linuxcache ~]#
在防火墙中放开随机监听端口后,jstatd日志正常输出,visualvm连接成功并显示数据。
[root@linuxcache ~]# iptables -I INPUT -p tcp --dport 55941 -j ACCEPT [root@linuxcache ~]#
MySQL Workbench
Failed to Connect to MySQL at xxx.xxx.xxx.xxx:3306 with user ssrdba Host '113.118.138.xxx' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
用于防止暴力猜解密码的安全设置。
同一IP在一段时间内产生超过系统参数指定的已断开数据库连接次数,系统强制不再接受任何连接请求。
系统默认参数值
解除锁定的方法
[root@iZ94ns7f32vZ ~]# mysqladmin -uroot -p flush-hosts
Enter password:
[root@iZ94ns7f32vZ ~]#
修改参数值
set global max_connect_errors = 100;
或修改my.cnf配置文件
max_connect_errors = 100
http://rockmongo.com/
RockMongo, a MongoDB administration tool, written in PHP5, is Best in PHP world, more like PHPMyAdmin.
https://robomongo.org/
Robomongo — native MongoDB management tool (Admin UI) 
内建角色
https://docs.mongodb.com/v2.6/reference/built-in-roles/
命令参考
https://docs.mongodb.com/v2.6/reference/method/
MongoDB 2.6.11 CentOS7.2.1511 EPEL
安全设置
以安全认证模式启动
启动时使用参数–auth或修改配置文件启用认证后重启服务
[root@localhost ~]# vi /etc/mongod.conf # Run with/without security (without by default) #auth = true #noauth = true auth = true
创建用户帐户及角色
> use admin
> db.createUser({"user":"admin","pwd":"adminpwd","roles":["root"]})
>
重新启动Mongodb服务
创建一个新数据库并设置用户帐户及角色
> use admin
> db.auth("admin","passwd")
1
> use abc123
switched to db abc123
> db.createUser({"user":"abc","pwd":"123","roles":["readWrite"]})
Successfully added user: { "user" : "abc", "roles" : [ "readWrite" ] }
>
查看系统内用户信息
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
再次增加用户
> use abc123
switched to db abc123
> db.createUser({"user":"abcd","pwd":"321","roles":["readWrite"]})
Successfully added user: { "user" : "abcd", "roles" : [ "readWrite" ] }
>
再次查看系统内用户信息
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
{ "_id" : "abc123.abcd", "user" : "abcd", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"10eb9fb6afcfb3e2b483e0d0c12f5b0a" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
删除用户
> use abc123
switched to db abc123
> db.dropUser("abcd")
true
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" :
"3187df44c217d30c29494785321f996f" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "abc123.abc", "user" : "abc", "db" : "abc123", "credentials" : { "MONGODB-CR" :
"ecd40369f09cd19405cba88d9cab93df" }, "roles" : [ { "role" : "readWrite", "db" : "abc123" } ]
}
>
查看当前使用数据库
> db abc123 >
查看当前数据库中所有用户信息
> show users
{
"_id" : "abc123.abc",
"user" : "abc",
"db" : "abc123",
"roles" : [
{
"role" : "readWrite",
"db" : "abc123"
}
]
}
>
查看当前数据库状态统计信息
> db.stats()
{
"db" : "abc123",
"collections" : 0,
"objects" : 0,
"avgObjSize" : 0,
"dataSize" : 0,
"storageSize" : 0,
"numExtents" : 0,
"indexes" : 0,
"indexSize" : 0,
"fileSize" : 0,
"dataFileVersion" : {
},
"ok" : 1
}
>
删除当前数据库(删除数据库前,应先删除数据库中的所有用户)
> use abc123
switched to db abc123
> db.dropUser("abc")
true
> db.dropDatabase()
{ "dropped" : "abc123", "ok" : 1 }
>
> use admin
switched to db admin
> show dbs
admin 0.078GB
local 0.078GB
test (empty)
>
查看mongodb版本信息
> db.version() 2.6.11 >
查看当前服务器连接对象
> db.getMongo() connection to 127.0.0.1 >
修复当前数据库
> db.repairDatabase()
{ "ok" : 1 }
>
数据库加锁,解锁,查看锁状态(适用于执行备份)
加锁
> use admin
switched to db admin
> db.runCommand({fsync:1,lock:1})
{
"info" : "now locked against writes, use db.fsyncUnlock() to unlock",
"seeAlso" : "http://dochub.mongodb.org/core/fsynccommand",
"ok" : 1
}
> db.currentOp()
{
"inprog" : [ ],
"fsyncLock" : true,
"info" : "use db.fsyncUnlock() to terminate the fsync write/snapshot lock"
}
>
解锁
> db.$cmd.sys.unlock.findOne()
{ "ok" : 1, "info" : "unlock completed" }
> db.currentOp()
{ "inprog" : [ ] }
>
备份恢复
备份全库
[root@localhost ~]# mkdir backup [root@localhost ~]# cd backup/ [root@localhost backup]# mongodump -u admin -p passwd connected to: 127.0.0.1 2016-06-17T23:15:08.195+0800 all dbs 2016-06-17T23:15:08.195+0800 DATABASE: admin to dump/admin 2016-06-17T23:15:08.195+0800 admin.system.indexes to dump/admin/system.indexes.bson 2016-06-17T23:15:08.204+0800 3 documents 2016-06-17T23:15:08.204+0800 admin.system.users to dump/admin/system.users.bson 2016-06-17T23:15:08.204+0800 3 documents 2016-06-17T23:15:08.204+0800 Metadata for admin.system.users to dump/admin/system.users.metadata.json 2016-06-17T23:15:08.204+0800 admin.system.version to dump/admin/system.version.bson 2016-06-17T23:15:08.205+0800 1 documents 2016-06-17T23:15:08.205+0800 Metadata for admin.system.version to dump/admin/system.version.metadata.json 2016-06-17T23:15:08.205+0800 DATABASE: abc123 to dump/abc123 2016-06-17T23:15:08.218+0800 DATABASE: ssr to dump/ssr [root@localhost backup]#
备份指定库
[root@localhost backup]# mongodump -u admin -p passwd -d abc123
恢复全库(进如备份目录)
[root@localhost backup]# mongorestore -u admin -p passwd --drop
恢复指定库(进入备份目录)
[root@localhost backup]# mongorestore -u admin -p passwd -d abc123 --drop
连接远程数据库命令参数和用法
mongo --username <username> --password <password> --host <host> --port 27017 mongo -u <username> -p <password> --host <host> --port 27017 mongo -u <username> -p <password> 192.168.2.222:27017/abc
安装
[root@localhost ~]# yum install memcached
查看安装路径
[root@localhost ~]# rpm -lq memcached /etc/rc.d/init.d/memcached /etc/sysconfig/memcached /usr/bin/memcached /usr/bin/memcached-tool /usr/share/doc/memcached-1.4.4 /usr/share/doc/memcached-1.4.4/AUTHORS /usr/share/doc/memcached-1.4.4/CONTRIBUTORS /usr/share/doc/memcached-1.4.4/COPYING /usr/share/doc/memcached-1.4.4/ChangeLog /usr/share/doc/memcached-1.4.4/NEWS /usr/share/doc/memcached-1.4.4/README /usr/share/doc/memcached-1.4.4/protocol.txt /usr/share/doc/memcached-1.4.4/readme.txt /usr/share/doc/memcached-1.4.4/threads.txt /usr/share/man/man1/memcached.1.gz /var/run/memcached [root@localhost ~]#
启动服务
查看端口监听
查看默认配置
[root@localhost ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="" [root@localhost ~]#
使用telnet登录验证服务
C:\Users\harveymei>telnet 192.168.2.44 11211 stats STAT pid 1207 STAT uptime 47 STAT time 1466062672 STAT version 1.4.4 STAT pointer_size 64 STAT rusage_user 0.000000 STAT rusage_system 0.002999 STAT curr_connections 10 STAT total_connections 11 STAT connection_structures 11 STAT cmd_get 0 STAT cmd_set 0 STAT cmd_flush 0 STAT get_hits 0 STAT get_misses 0 STAT delete_misses 0 STAT delete_hits 0 STAT incr_misses 0 STAT incr_hits 0 STAT decr_misses 0 STAT decr_hits 0 STAT cas_misses 0 STAT cas_hits 0 STAT cas_badval 0 STAT auth_cmds 0 STAT auth_errors 0 STAT bytes_read 7 STAT bytes_written 0 STAT limit_maxbytes 67108864 STAT accepting_conns 1 STAT listen_disabled_num 0 STAT threads 4 STAT conn_yields 0 STAT bytes 0 STAT curr_items 0 STAT total_items 0 STAT evictions 0 END quit 遗失对主机的连接。 C:\Users\harveymei>
下载源码包
[root@localhost ~]# curl -O http://www.memcached.org/files/memcached-1.4.25.tar.gz
安装依赖包
[root@localhost ~]# yum install gcc libevent-devel
编译安装
[root@localhost ~]# tar xzf memcached-1.4.25.tar.gz [root@localhost ~]# cd memcached-1.4.25 [root@localhost memcached-1.4.25]# ./configure --prefix=/usr/local/memcached [root@localhost memcached-1.4.25]# make [root@localhost memcached-1.4.25]# make install
启动服务
[root@localhost ~]# cd /usr/local/memcached/bin/ [root@localhost bin]# ./memcached -d -u nobody [root@localhost bin]#
查看运行进程和端口监听
使用防火墙限定可以访问memcached服务的服务器源地址
iptables -I INPUT -p tcp -s 192.168.1.100 --dport 11211 -j ACCEPT iptables -I INPUT -p udp -s 192.168.1.100 --dport 11211 -j ACCEPT
使用1.4.3或以上版本的memcached支持使用SASL进行登录验证,需要在编译时加入–enable-sasl参数。
存储过程相关权限
create_routine
alter_routine
execute
视图相关权限
视图及存储过程用户权限的处理和检查
sed -e 's/DEFINER[ ]*=[ ]*[^*]*\*/\*/ ' abc.sql > abc.new.sql egrep -in "definer|set @@" abc.new.sql
导入存储过程时,应检查并修改为正确数据库用户
[root@localhost tmp]# egrep -in "definer|set @@" abc.new.sql 9253:CREATE DEFINER=`root`@`%` PROCEDURE `nextseq_proc`( ) 9277:CREATE DEFINER=`root`@`%` PROCEDURE `setBidTimeForward`(IN p_bid LONG, IN p_months INT) [root@localhost tmp]#
授予用户全局super权限
grant super on *.* to p2puser@localhost;
撤销用户全局super权限
update mysql.user set super_priv='N' where user='p2puser';
查询具有全局super权限的用户
SELECT user,host FROM mysql.user WHERE super_priv='Y';
查看全局用户权限设置
select * from mysql.user where user='p2puser'; select * from mysql.user\G;
查看数据库用户权限设置
select * from mysql.db where user='p2puser'; select * from mysql.db\G;
授权grant all权限明细
Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y
下载
[root@localhost ~]# curl -O http://mirrors.example.com/abc.tar.gz
登录验证并下载
[root@localhost ~]# curl -u username:password -O http://mirrors.example.com/abc.tar.gz
下载并重命名文件名称
[root@localhost ~]# curl -o 123.tgz http://mirrors.example.com/abc.tar.gz
断点续传下载(-C -)
[root@localhost ~]# curl -C - -O http://mirrors.example.com/abc.tar.gz
限速下载(默认单位B/s)
[root@localhost ~]# curl --limit-rate 128k -O http://mirrors.example.com/abc.tar.gz
请求头信息
[root@localhost ~]# curl -I 192.168.2.95:8080 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Tue, 14 Jun 2016 02:26:26 GMT [root@localhost ~]#