2.創建備份服務器: ntp+cron rsync --daemon
創建備份服務器: ntp+cron rsync --daemon
# optimization by onekey
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash
useradd oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
tail -l /etc/sudoers
visudo -c
echo ‘export TMOUT=1800‘ >> /etc/profile
echo ‘export HISTSIZE=5‘ >> /etc/profile
echo ‘export HISTFILESIZE=5‘ >> /etc/profile
. /etc/profile
echo ‘* - nofile 65535‘ >> /etc/security/limits.conf
echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
#about selinux
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdv_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
#set ip and hosts for backup
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.41
NETSK=255.255.255.0
GATEWAY=10.0.0.2
nameserver=202.96.128.86
EOF
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=172.16.1.41
NETSK=255.255.255.0
EOF
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=backup
EOF
hostname backup
cat >/etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web02
172.16.1.8 web01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
#/etc/init.d/network reload
#make some dir
mkdir -p /server/scripts /server/tools /application /data
reboot
=======================================================================================================
#yum repo and epel
yum -y install wget
\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
#setup some tools and develpment
yum -y install lrzsz nmap tree dos2unix nc wget
yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"
#set ntp cron
echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root
echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l
#setup rsync --daemon
#install rsync
yum -y install rsync
#useradd rsync
useradd -s /sbin/nologin -M -u889 rsync
id rsync
#create /etc/rsyncd.conf
user=rsync
authuser=rsync_backup
passwd=oldboy
passwdfile=/etc/rsync.password
bakpath1=/backup
bakpath2=/nfsbackup
bakpath3=/webbackup
cat >/etc/rsyncd.conf <<EOF
#rsync_config________________________start
#create by 20has at 20170608
uid = $user
gid = $user
use chroot = no
max connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only =false
list = false
hosts allow = 172.16.1.0/24
#hosts deny = 0.0.0.0/32
auth users = $authuser
secrets file = $passwdfile
[backup]
path = $bakpath1
[nfsbackup]
path = $bakpath2
[webbackup]
path = $bakpath3
#rsync_config________________________end
EOF
#create passwordfile
echo "rsync_backup:oldboy" > $passwdfile
chmod 600 $passwdfile
#create backuppath
mkdir -p $bakpath1 $bakpath2 $bakpath3
chown -R rsync.rsync $bakpath1 $bakpath2 $bakpath3
#onboot
echo "rsync --daemon " >>/etc/rc.local
#start daemon
rsync --daemon
lsof -i :873
backup: 這部分是未來backup校驗全網備份和文件(暫時未完成)
mkdir /backup
chown rsync.rsync /backup
rm -f `find /backup -type f -name "*.tar.gz" -mtime +180`
改進的腳本:
[[email protected] scripts]# vim check.sh
#!/bin/sh
#################check /backup by 20has at 20170514
/bin/find /backup -type f -name "*.tar.gz" -and ! -name "$date +%F_%W" -mtime +180|xargs /bin/rm -f
/usr/bin/md5sum -c /backup/10.0.0.8/flag.txt >>/backup/10.0.0.8/result.txt
mail -s "$(date +%F) bak result " [email protected] </backup/10.0.0.8/result.txt
客戶端rsync過來的必要設置:
web01-8 客戶端:
#install rsync
yum -y install rsync
#create passwordfile
echo "oldboy" >/etc/rsync.password
chmod 600 /etc/rsync.password
mkdir -p /server/scripts
cat >>/server/scripts/bak.sh <<EOF
#!/bin/sh
##create by 20has at 2017-5-18
IP=$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print $4}‘)
TIME=$(date +%F)
mkdir -p /backup/$IP
cd / && \
tar -zcf /backup/$IP/$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables var/html
md5sum /backup/$IP/$TIME.tar.gz >/backup/$IP/flag.log
rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password
#del
find /backup -type f -name "*.tar.gz" -mtime +180 |xargs rm -f
EOF
#add cron to rsync backup
echo ‘add cron to rsync backup at 20170608‘ >>/var/spool/cron/root
echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root
2.創建備份服務器: ntp+cron rsync --daemon