Amazon Linux 2 EC2 Postgres インストール

【Postgresql14インストール】

# vi /etc/yum.conf

proxy=http://192.168.13.101:3128

#  vi /etc/amazon-linux-extras.conf

export http_proxy=http://192.168.13.101:3128

export https_proxy=http://192.168.13.101:3128

# vi /etc/profile.d/proxy.sh

PROXY="http://192.168.13.101:3128"

export http_proxy=$PROXY

export HTTP_PROXY=$PROXY

export https_proxy=$PROXY

export HTTPS_PROXY=$PROXY            

#  cd /tmp

#  wget http://repo.zabbix.com/zabbix/6.2/rhel/7/x86_64/zabbix-agent2-6.2.7-release1.el7.x86_64.rpm

# yum install  zabbix-agent2-6.2.7-release1.el7.x86_64.rpm

#  vi /etc/zabbix/zabbix_agent2.conf

# cd

#  vi .rpmmacros

%_httpport 3128

%_httpproxy http://192.168.13.101

# amazon-linux-extras
63 postgresql14 available [ =stable ]

# amazon-linux-extras install -y postgresql14

# yum install -y postgresql-server postgresql-devel

# psql -V

psql (PostgreSQL) 14.3

# postgresql-setup initdb

# systemctl start postgresql

#  systemctl enable postgresql

# sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'password';"

# passwd postgres

# vi `find / -name pg_hba.conf`

#local   all             all                                     peer

local   all             all                                     trust

#host    all             all             127.0.0.1/32            ident

host all all 192.168.0.0/16 password
# systemctl restart postgresql

# find / -name postgresql.conf

# vi /var/lib/pgsql/data/postgresql.conf

listen_addresses = '*'          

port = 5432  

openssh コンパイル

./configure

configure: error: *** working libcrypto not found, check config.log

 # dnf install openssl-devel

OpenSSH has been configured with the following options:

                     User binaries: /usr/local/bin

                   System binaries: /usr/local/sbin

               Configuration files: /usr/local/etc

                   Askpass program: /usr/local/libexec/ssh-askpass

                      Manual pages: /usr/local/share/man/manX

                          PID file: /var/run

  Privilege separation chroot path: /var/empty

            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

                    Manpage format: doc

                       PAM support: no

                   OSF SIA support: no

                 KerberosV support: no

                   SELinux support: no

                   libedit support: no

                   libldns support: no

  Solaris process contract support: no

           Solaris project support: no

         Solaris privilege support: no

       IP address in $DISPLAY hack: no

           Translate v4 in v6 hack: yes

                  BSD Auth support: no

              Random number source: OpenSSL internal ONLY

             Privsep sandbox style: seccomp_filter

                   PKCS#11 support: yes

                  U2F/FIDO support: yes

              Host: x86_64-pc-linux-gnu

          Compiler: cc

    Compiler flags: -g -O2 -pipe -Wno-error=format-truncation -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE  

Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE

      Linker flags:  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie 

         Libraries: -ldl -lutil  -lresolv

     +for channels: -lcrypto  -lz

         +for sshd: -lcrypt 

80ポートデバック

 while true; do { echo -e 'HTTP/1.1 200 OK\r\n'; } | tee /dev/tty | sudo nc -l 80;date; done

curl https://www.xxxx.co.jp/ -H 'X-hoge-hoge:fuga_fuga' -H 'X_hoge_hoge:fuga_fuga'

nc -v host port

tcpdump -nn -i ens192 host 18.221.42.51 and tcp port 80

※ SYNを送ってもACKが返ってこない。

確認

# sysctl net.ipv4.tcp_tw_recycle

net.ipv4.tcp_tw_recycle = 0

設定

# sysctl -w net.ipv4.tcp_tw_recycle=0

net.ipv4.tcp_tw_recycle = 0

→OKだ！！

    やっぱり、初心に戻り、デフォルトルート確認。

apache htaccess

【apache リダイレクト】

# vi /etc/httpd/conf.d/htaccess.conf

<Directory /var/www/html/dirctory>
AllowOverride All
</Directory>

# vi .htaccess

Redirect permanent /元 https://www.world.com/先

【BASIC 認証】

<Directory /var/www/html/dirctory>
AllowOverride All
</Directory>

# cd 対象ディレクト

# vi .htaccess

# authenticate(Basic)

AuthUserFile /var/www/html/portal/doc/.htpasswd  ←本当は、ドキュメント外が望ましい。

AuthGroupFile /dev/null

AuthName "IDとパスワードを入力してください。"

AuthType Basic

require valid-user

# htpasswd -c .htpasswd    user1          # renew

# htpasswd      .htpasswd   user2           # add

# chown apache:apache .htaccess  .htpasswd

# chmod 644 .htaccess

# chmod 644 .htpasswd

【パスワード生成】

$  openssl rand -base64 40 | fold -w 40 | head -1

※ 使用したくない文字がある場合。

$ openssl rand -base64 9 | tr 'il1oO0' '#$%&()'

webgl チェック

  webglreport.com

amdgpu Update

Rocm 5.7 update     2023-10-06

https://rocm.docs.amd.com/en/latest/deploy/linux/quick_start.html

https://www.amd.com/ja/support



# rpm -e amdgpu-install

# rpm -Uvh  amdgpu-install-5.4.50403-1.el8.noarch.rpm
# amdgpu-install --vulkan=amdvlk

# amdgpu-install --usecase=graphics --vulkan=amdvlk --opencl=rocr

# amdgpu-install --usecase=rocm
# dkms status
# rocminfo

# vainfo

# vdpauinfo

#  grep -iE 'vdpau | dri driver' xorg.1.log

# amdgpu-install -h

Usage: amdgpu-install [options...]

Options:

  -h|--help                Display this help message

  --rocmrelease=           Install a specific ROCm release. By default only

                           one release of ROCm can be installed. Using this

                           option will allow installation of multiple releases.

                           Note: when used during uninstall, the specific rocm

                                 release will be removed. Use --rocmrelease=all

                                 to uninstall all rocm releases.

  --dryrun                 Print list of commands to run and exit

  --pro                    (DEPRECATED) Install legacy OpenGL, pro Vulkan, and

                           open source multimedia. This is equivalent to:

                           amdgpu-install --usecase=workstation --vulkan=pro

  --usecase=               Install a set of libraries for a specific use case

  --list-usecase           Show all available usecases and descriptions

  --opencl=                Install a specific OpenCL implementation. This

                           option implies the addition of the opencl usecase.

                           Available implementations:

                           rocr        (ROCr/KFD based OpenCL)

                           legacy      (Legacy OpenCL)

  --opengl=                Install a specific OpenGL implementation. This

                           option implies the addition of the graphics usecase.

                           Available implementations:

                           mesa        (Open source Mesa 3D)

                           oglp        (Cloud/Other use, Ubuntu 20.04 only)

  --vulkan=                Install a specific vulkan implementation

                           Available implementations:

                           amdvlk      (AMD open source implementation)

                           pro         (AMD closed source implementation)

  --no-dkms                Do not install dkms and use built-in kernel driver

  --no-32                  Do not install 32 bit graphics runtime support

  --accept-eula            Accept EULA for this run only (for non-free install)

                           Note: only use this option if you accept the EULA

  --uninstall              Uninstall the graphics driver

  Options --opencl/--vulkan/--usecase can be used together, e.g.:

  amdgpu-install --usecase=graphics --vulkan=amdvlk --opencl=rocr

  Multiple implementations can be selected if comma separated, e.g.:

  amdgpu-install --usecase=graphics,opencl --opencl=rocr,legacy --vulkan=amdvlk,pro

  Unless the -h|--help option is given, 'yum' options may be present