2020年2月

CentOS6.10 网关失效问题解决

一台CentOS6.10机器忽然ping不通192.168.255.1网关,能ping通192.168.255.2的DNS服务器和同网段机器,192.168.254、10.254.254.x段的机器不通,公网也可以ping通;
后反复测试发现重启网络服务以后正常,当然重启机器也正常,但是20分钟以后故障会浮现,该机器已经运行180多天,一直很正常,重启后继续检查,步骤如下:

[root@hongsin-monitor ~]# dmesg | grep eth0
e1000 0000:02:00.0: eth0: (PCI:66MHz:32-bit) 00:50:56:be:17:a9
e1000 0000:02:00.0: eth0: Intel(R) PRO/1000 Network Connection
e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
eth0: no IPv6 routers present
e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
eth0: no IPv6 routers present

有网卡报错,继续检查

[root@hongsin-monitor ~]# cat  /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:56:be:17:a9", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

查看网卡配置文件

[root@hongsin-monitor ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:50:56:BE:17:A9
TYPE=Ethernet
UUID=690f4b51-36b8-405c-9d40-4f4d5bbfeaeb
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.255.209
NETMASK=255.255.255.0
GATEWAY=192.168.255.1
DNS1=192.168.255.2

将ifcfg-eth0文件中HWADDR地址修改成和70-persistent-net.rules文件中一致,为方便测试,直接重启机器,网关正常
20分钟后故障出现问题依旧;
最后定位到是vm网络里面有机器中病毒发起了arp攻击,解决如下:

获取正确的网关MAC地址后,使用网关IP到MAC的静态绑定
arp -s 192.168.255.1 00:00:5e:00:01:01
发送ARP包到网关
arping -U -I eth1 -s 192.168.255.209 192.168.255.1

恢复正常,当然最后还得找出发生ARP请求的机器进行处理。

CentOS清除用户登录记录和命令历史

清除登陆系统成功的记录

[root@localhost root]# echo > /var/log/wtmp //此文件默认打开时乱码,可查到ip等信息
[root@localhost root]# last //此时即查不到用户登录信息

清除登陆系统失败的记录

[root@localhost root]# echo > /var/log/btmp //此文件默认打开时乱码,可查到登陆失败信息
[root@localhost root]# lastb //查不到登陆失败信息

清除历史执行命令

[root@localhost root]# history -c //清空历史执行命令
[root@localhost root]# echo > ./.bash_history //或清空用户目录下的这个文件即可

导入空历史记录

[root@localhost root]# vi /root/history //新建记录文件
[root@localhost root]# history -c //清除记录 
[root@localhost root]# history -r /root/history.txt //导入记录 
[root@localhost root]# history //查询导入结果

AWS上快速创建LVM

名词解释:
PV(Physical Volume) - 物理卷
物理卷在逻辑卷管理中处于最底层,它可以是实际物理硬盘上的分区,也可以是整个物理硬盘,也可以是raid设备

VG(Volume Group) - 卷组
卷组建立在物理卷之上,一个卷组中至少要包括一个物理卷,在卷组建立之后可动态添加物理卷到卷组中。一个逻辑卷管理系统工程中可以只有一个卷组,也可以拥有多个卷组

LV(Logical Volume) - 逻辑卷
逻辑卷建立在卷组之上,卷组中的未分配空间可以用于建立新的逻辑卷,逻辑卷建立后可以动态地扩展和缩小空间。系统中的多个逻辑卷可以属于同一个卷组,也可以属于不同的多个卷组
929849-20180511172228368-364897317.png

创建LVM步骤

添加新硬盘;
给新硬盘创建分区;
创建PV;
创建VG;
创建LV;
格式化LV;
挂载LV到指定目录;

在AWS上创建LVM步骤如下:

1、先在控制台上添加存储;
2、查看添加的硬盘,

[root@hongsinvm ~]# fdisk -l

Disk /dev/nvme1n1: 483.2 GB, 483183820800 bytes, 943718400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/nvme0n1: 53.7 GB, 53687091200 bytes, 104857600 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000c7ec9

        Device Boot      Start         End      Blocks   Id  System
/dev/nvme0n1p1   *        2048     2099199     1048576   83  Linux
/dev/nvme0n1p2         2099200    41943039    19921920   8e  Linux LVM

Disk /dev/mapper/centos-root: 18.2 GB, 18249416704 bytes, 35643392 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

创建lvm 8e分区:

[root@hongsinvm ~]# fdisk /dev/nvme1n1
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x56ce9c54.

Command (m for help): o
Building a new DOS disklabel with disk identifier 0x98e04e99.

Command (m for help): p

Disk /dev/nvme1n1: 483.2 GB, 483183820800 bytes, 943718400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x98e04e99

        Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-943718399, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-943718399, default 943718399):
Using default value 943718399
Partition 1 of type Linux and of size 450 GiB is set

Command (m for help): p

Disk /dev/nvme1n1: 483.2 GB, 483183820800 bytes, 943718400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x98e04e99

        Device Boot      Start         End      Blocks   Id  System
/dev/nvme1n1p1            2048   943718399   471858176   83  Linux

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'

Command (m for help): p

Disk /dev/nvme1n1: 483.2 GB, 483183820800 bytes, 943718400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x98e04e99

        Device Boot      Start         End      Blocks   Id  System
/dev/nvme1n1p1            2048   943718399   471858176   8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

重新读取分区

partprobe

创建PV

[root@hongsinvm ~]# pvcreate /dev/nvme1n1p1
  Physical volume "/dev/nvme1n1p1" successfully created.

创建VG

[root@hongsinvm ~]# vgcreate datavg /dev/nvme1n1p1
  Volume group "datavg" successfully created

创建LV

[root@hongsinvm ~]# lvcreate -l 100%free -n datalv datavg
  Logical volume "datalv" created.

格式化LV

[root@hongsinvm ~]# mkfs.ext4 /dev/datavg/datalv
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
29491200 inodes, 117963776 blocks
5898188 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2267021312
3600 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
        102400000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

创建分区并挂载

[root@hongsinvm ~]# mkdir /data
[root@hongsinvm ~]# mount /dev/datavg/datalv /data/
[root@hongsinvm ~]# df -h
Filesystem                 Size  Used Avail Use% Mounted on
devtmpfs                    16G     0   16G   0% /dev
tmpfs                       16G     0   16G   0% /dev/shm
tmpfs                       16G   17M   16G   1% /run
  pfs                       16G     0   16G   0% /sys/fs/cgroup
/dev/mapper/centos-root     17G  1.9G   16G  12% /
/dev/nvme0n1p1            1014M  265M  750M  27% /boot
tmpfs                      3.1G     0  3.1G   0% /run/user/0
/dev/mapper/datavg-datalv  443G   73M  421G   1% /data

加入开机启动

[root@hongsinvm ~]# blkid
/dev/mapper/centos-root: UUID="2489f74a-946e-452a-bf62-1a1890668844" TYPE="xfs"
/dev/nvme0n1p2: UUID="c6AGGx-gtd0-N6XE-5qP2-phqY-V4Hr-BurxpM" TYPE="LVM2_member"
/dev/nvme0n1p1: UUID="75eb43ef-927b-4b24-af8e-bfc46bd0c2c2" TYPE="xfs"
/dev/mapper/centos-swap: UUID="9424b55f-2eb2-4156-b6ea-8d4bacf27d02" TYPE="swap"
/dev/nvme1n1p1: UUID="D0fh8n-ezI3-2Ork-bdAY-d0mE-R8eC-DrtDSy" TYPE="LVM2_member"
/dev/mapper/datavg-datalv: UUID="35c5eb3d-a7a0-4365-9ab9-91e1069c1d65" TYPE="ext4"
/dev/nvme1n1: PTTYPE="dos"
/dev/nvme0n1: PTTYPE="dos"
[root@hongsinvm ~]# vim /etc/fstab

#
# /etc/fstab
# Created by anaconda on Tue Aug 13 06:35:13 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /       xfs     defaults        0 0
UUID=75eb43ef-927b-4b24-af8e-bfc46bd0c2c2       /boot   xfs     defaults        0 0
UUID=35c5eb3d-a7a0-4365-9ab9-91e1069c1d65       /data   ext4    defaults        0 0
/dev/mapper/centos-swap swap    swap    defaults        0 0

"/etc/fstab" 12L, 458C written
[root@hongsinvm ~]# df -h
Filesystem                 Size  Used Avail Use% Mounted on
devtmpfs                    16G     0   16G   0% /dev
tmpfs                       16G     0   16G   0% /dev/shm
tmpfs                       16G   17M   16G   1% /run
tmpfs                       16G     0   16G   0% /sys/fs/cgroup
/dev/mapper/centos-root     17G  1.9G   16G  12% /
/dev/nvme0n1p1            1014M  265M  750M  27% /boot
tmpfs                      3.1G     0  3.1G   0% /run/user/0
/dev/mapper/datavg-datalv  443G   73M  421G   1% /data

firewall防火墙规则设置整理

在 CentOS 7 中,引入了一个新的服务,Firewalld,一个信任级别的概念来管理与之相关联的连接与接口,支持 ipv4 与 ipv6,并支持网桥,采用 firewall-cmd (command) 或 firewall-config (gui) 来动态的管理 kernel netfilter 的临时或永久的接口规则,并实时生效而无需重启服务。
shutterstock_639963214-firewall-59c5498b0d327a0011ecae0d.png
安装firewalld:

yum install firewalld

如果需要图形界面的话,则再安装

yum install firewall-config

firewall的配置文件:/etc/lib/firewalld/和/etc/firewalld/下的XML文件。配置firewall可以直接编辑配置文件,也可以使用firewall-cmd命令行工具。
一、常见命令:
启动, 停止, 重启firewalld

1、停止
systemctl stop firewalld.service 

2、启动
systemctl start firewalld.service 

3、重启
systemctl restart firewalld.service

4、查看状态: 
systemctl status firewalld 

5、禁止firewall开机启动
systemctl disable firewalld

6、设置开机启用防火墙:
systemctl enable firewalld.service

7、查看服务是否开机启动:
systemctl is-enabled firewalld.service

8、查看已启动的服务列表:
systemctl list-unit-files|grep enabled

9、查看启动失败的服务列表:
systemctl --failed

二、查看firewall规则与状态

1. 查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
firewall-cmd --state              

2. 查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略)
firewall-cmd --list-all           

3. 查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略)
firewall-cmd --list-all-zones     

4. 重新加载配置文件
firewall-cmd --reload

三、配置firewalld-cmd

查看版本: firewall-cmd --version

查看帮助: firewall-cmd --help

显示状态: firewall-cmd --state

查看所有打开的端口: firewall-cmd --zone=public --list-ports

更新防火墙规则: firewall-cmd --reload

查看区域信息:  firewall-cmd --get-active-zones

查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0

拒绝所有包:firewall-cmd --panic-on

取消拒绝状态: firewall-cmd --panic-off

查看是否拒绝: firewall-cmd --query-panic

四、设置firewall规则
1、对外暴露8000端口

firewall-cmd --permanent --add-port=8000/tcp

2、mysql服务的3306端口只允许192.168.1.1/24网段的服务器能访问

#添加规则
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

#reload使生效
firewall-cmd --reload

3、端口转发,将到本机的3306端口的访问转发到192.168.1.1服务器的3306端口

# 开启伪装IP
firewall-cmd --permanent --add-masquerade
# 配置端口转发
firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306
因为在/usr/lib/firewalld/services/中事先定义了ssh.xml的相应的规则
注意:如果不开启伪装IP,端口转发会失败;其次,要确保源服务器上的端口(3306)和目标服务器上的端口(13306)是开启的。
4、添加(--permanent永久生效,没有此参数重启后失效)
firewall-cmd --zone=public --add-port=80/tcp --permanent
5、重新载入(修改规则后使其生效)
firewall-cmd --reload
6、查看
firewall-cmd --zone= public --query-port=80/tcp
7、删除
firewall-cmd --zone= public --remove-port=80/tcp --permanent

Oracle11g服务器ip地址变更后监听修改

Oracle服务器IP地址发生变更后需要修改下监听,要么就会连不上数据库,操作方法如下:
1、修改Oracle监听 listener.ora

su - oracle
cd $ORACLE_HOME/network/admin/
[oracle@hd_nc_db admin]$ pwd
/data/app/oracle/product/11.2.0/db_1/network/admin
[oracle@hd_nc_db admin]$ cat listener.ora
# listener.ora Network Configuration File: /data/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = hd_nc_db)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )

ADR_BASE_LISTENER = /data/app/oracle

此处使用的是主机名hd_nc_db,直接修改/etc/hosts,将主机名对应的IP修改为服务器新IP保存即可,如果是IP地址直接修改为新IP地址保存;
2、重启服务器的listener

lsnrctl stop
lsnrctl start

3、修改客户端的tnsnames.ora(打开PL/SQL,工具栏找到 帮助->支持即可定位到tnsnames.ora文件位置),服务器如果配置了RAC,要更改参数文件中的节点地址、心跳地址等;

最新

分类

归档

评论

其它