Archive for March, 2012
To make sure your server always tells the correct time, follow these two instructions.
yum install -y ntp &&\
chkconfig ntpd on &&\
ntpdate pool.ntp.org &&\
service ntpd start
ln -sf /usr/share/zoneinfo/CET /etc/localtime
THIS POST IS OUT OF DATE NOW. PLEASE CHECK THE NEW SCRIPT HERE:
https://itblog.windeurope.org/2012/11/06/backup-database-and-rsync-to-offsite-server-2/
This the script I am using to back up the servers to offsite.ewea.org
#!/bin/bash # # Backup of database to offsite server # Jason Bickley, Web Manager EWEA # March 19 2012 # #==== DEFINE YOUR SERVER VARIABLES HERE ====# SERVER=events FREQ=daily #==== SCRIPT OPTIONS ====# USER=backup PASS="mwbubCEsxCU6XVsW" LOCALDIR=/root/backup/mysql/ FILE=localhost.sql.gz DEST=offsite.ewea.org #==== EXCUTION OF COMMANDS ====# # Change opearating directory cd $LOCALDIR # Export database mysqldump -u$USER -p$PASS --all-databases | gzip > $FREQ.$FILE chmod 600 $FREQ.$FILE # rscync the export to offsite server rsync -aze "ssh -p 10022 -i /root/.ssh/"$SERVER"_prv_key" $FREQ.$FILE root@$DEST:/backups/$SERVER/db/$FREQ/ # delete the exported file rm -f $FREQ.$FILE
The file is stored here: /root/Scripts/backup, and there are “daily”, “weekly” and “monthly” variations:
db_daily.sh
db_monthly.sh
db_weekly.sh
Today I set up a backup system for MySQL databases. 98% of our websites are using MySQL as the database that drives all the content for their CMS’s.
What I wanted was a script that would export all the database, zip it, then transfer it to the offsite web server. All this would be run as daily, weekly and monthly cron tasks.
Using PhpMyAdmin, I created on each machine a user called “backup” with the password “*****************”.
For this user I gave the following permissions:
#!/bin/bash #==== DEFINE YOUR SERVER VARIABLES HERE ====# SERVER=events FREQ=daily #==== SCRIPT OPTIONS ====# USER=backup PASS="*************" LOCALDIR=/root/backup/mysql/ FILE=localhost.sql.gz DEST=offsite.ewea.org #==== EXCUTION OF COMMANDS ====# # Change opearating directory cd $LOCALDIR # Export database mysqldump -u$USER -p$PASS --all-databases | gzip > $FREQ.$FILE # rscync the export to offsite server rsync -aze "ssh -p 10022 -i /root/.ssh/"$SERVER"_prv_key" $FREQ.$FILE root@$DEST:/backups/$SERVER/db/$FREQ/ # delete the exported file rm -f $FREQ.$FILE
To create a seamless include of a folder’s contents (as used here: http://ftp.ewea.org/annual2014/) you can use this code:
<?php $dir = "/var/www/html/sites/ftp.ewea.org/annual2014/files/"; // Define the directory you want to get contents from if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { // Start the loop if ($file != "." && $file != ".." && $file != ".htaccess") // Hide unix and hidden files { echo "<a href=\"/annual2014/files/" . $file ; // Print each document as echo "\" target=\"_blank\">" . $file . "</a><br />\n"; // a link on its own line } } closedir($dh); } } ?>
From http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-dhcp-configuring-client.html
To configure a DHCP client manually, modify the /etc/sysconfig/network file to enable networking and the configuration file for each network device in the /etc/sysconfig/network-scripts directory. In this directory, each device should have a configuration file named ifcfg-eth0, where eth0 is the network device name.
The /etc/sysconfig/network file should contain the following line:
NETWORKING=yes
The NETWORKING variable must be set to yes if you want networking to start at boot time.
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines:
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
A configuration file is needed for each device to be configured to use DHCP.
From http://lists.freebsd.org/pipermail/freebsd-questions/2007-January/139712.html
This is a sample file... What to REMOVE and What to ADD or KEEP?
# cat /etc/hosts.allow
#
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $
#
# NOTE: The hosts.deny file is deprecated.
# Place both 'allow' and 'deny' rules in the hosts.allow file.
# See hosts_options(5) for the format of this file.
# hosts_access(5) no longer fully applies.
# _____ _ _
# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | |
# | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | |
# | |___ > < | (_| | | | | | | | | |_) | | | | __/ |_|
# |_____| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_)
# |_|
# !!! This is an example! You will need to modify it for your specific
# !!! requirements!
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
ALL : ALL : allow
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
# Protect against simple DNS spoofing attacks by checking that the
# forward and reverse records for the remote host match. If a mismatch
# occurs, access is denied, and any positive ident response within
# 20 seconds is logged. No protection is afforded against DNS poisoning,
# IP spoofing or more complicated attacks. Hosts with no reverse DNS
# pass this rule.
ALL : PARANOID : RFC931 20 : deny
# Allow anything from localhost. Note that an IP address (not a host
# name) *MUST* be specified for rpcbind(8).
ALL : localhost 127.0.0.1 : allow
# Comment out next line if you build libwrap with NO_INET6=yes.
ALL : [::1] : allow
ALL : my.machine.example.com 192.0.2.35 : allow
# To use IPv6 addresses you must enclose them in []'s
ALL : [fe80::%fxp0]/10 : allow
ALL : [fe80::]/10 : deny
ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
ALL : [2001:db8:2:1::]/64 : allow
# Sendmail can help protect you against spammers and relay-rapers
sendmail : localhost : allow
sendmail : .nice.guy.example.com : allow
sendmail : .evil.cracker.example.com : deny
sendmail : ALL : allow
# Exim is an alternative to sendmail, available in the ports tree
exim : localhost : allow
exim : .nice.guy.example.com : allow
exim : .evil.cracker.example.com : deny
exim : ALL : allow
# Rpcbind is used for all RPC services; protect your NFS!
# (IP addresses rather than hostnames *MUST* be used here)
rpcbind : 192.0.2.32/255.255.255.224 : allow
rpcbind : 192.0.2.96/255.255.255.224 : allow
rpcbind : ALL : deny
# NIS master server. Only local nets should have access
ypserv : localhost : allow
ypserv : .unsafe.my.net.example.com : deny
ypserv : .my.net.example.com : allow
ypserv : ALL : deny
# Provide a small amount of protection for ftpd
ftpd : localhost : allow
ftpd : .nice.guy.example.com : allow
ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow
# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a "finger war".
fingerd : ALL \
: spawn (echo Finger. | \
/usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
: deny
# The rest of the daemons are protected.
ALL : ALL \
: severity auth.info \
: twist /bin/echo "You are not welcome to use %d from %h."
--