#---------------------------------------
# TIME ZONE
#---------------------------------------
# timedatectl set-timezone Asia/Tokyo
# timedatectl# localectl set-locale LANG=ja_JP.utf8
# localectl
#------------------------------
# dns
#-------------------------------
#-------------------------------
# vi /etc/resolv.conf
#nameserver 10.14.4.7nameserver 8.8.8.8
# systemctl restart NetworkManager
# dig www.example.org
# vi /etc/sysconfig/tomcat <<_EOF__
CATALINA_HOME=/opt/tomcat
$ openssl genrsa -aes256 2048 > bms.cxdnext.co.jp.key
# dnf module list php
# dnf module enable php:remi-8.0
# dnf install php
# php --version# dnf repolist all
#------------------------------
# chrony
#-------------------------------
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
# systemctl stop ntpd
# systemctl disable ntpd
# systemctl enable chronyd
# systemctl start chronyd
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
======================================================================
^+ x.ns.gin.ntt.net 2 6 17 2 -2262us[-1053us] +/- 87ms
^* time.cloudflare.com 3 6 17 2 +1543us[+2752us] +/- 72ms
^+ 122x215x240x51.ap122.ftt> 2 6 17 2 +4556us[+5765us] +/- 49ms
^+ gotoky.hojmark.net 2 6 17 2 -3532us[-2323us] +/- 40ms
#-------------------------------------
# net-tools
#---------------------------------------
# user作成
#---------------------------------------
# chrony
#-------------------------------
# dnf install chrony
# systemctl status chronyd● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:chronyd(8)
man:chrony.conf(5)
# systemctl stop ntpd
# systemctl disable ntpd
# systemctl enable chronyd
# systemctl start chronyd
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
======================================================================
^+ x.ns.gin.ntt.net 2 6 17 2 -2262us[-1053us] +/- 87ms
^* time.cloudflare.com 3 6 17 2 +1543us[+2752us] +/- 72ms
^+ 122x215x240x51.ap122.ftt> 2 6 17 2 +4556us[+5765us] +/- 49ms
^+ gotoky.hojmark.net 2 6 17 2 -3532us[-2323us] +/- 40ms
#-------------------------------------
# net-tools
#------------------------------------
# dnf install net-tools
# dnf install net-tools
# user作成
#---------------------------------------
useradd administrator
passwd administrator<<__EOF__
WEB-server-%4266%
WEB-server-%4266%
__EOF__
useradd sysadm
passwd sysadm<<__EOF__
WEB-server-\$9166\$
WEB-server-\$9166\$
__EOF__
useradd sysuser
passwd sysuser<<__EOF__
WEB-server-<0308<
WEB-server-<0308<
__EOF__
useradd appuser
passwd appuser<<__EOF__
WEB-server-!4795!
WEB-server-!4795!
__EOF__
# ------------------------------------
# JAVA
#-------------------------------------
# dnf install java-17-openjdk
# update-alternatives --config java# dirname $(readlink $(readlink $(which java)))
# vi /etc/profile.d/java.shexport JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which java)))))
export PATH=$PATH:$JAVA_HOME/bin
#----------------------------------------
# tomcat
#----------------------------------------
# dnf install wget
# dnf install wget
# cd /opt
# wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.10/bin/apache-tomcat-10.1.10.tar.gz
# tar xzvf apache-tomcat-10.1.10.tar.gz
# ln -s apache-tomcat-10.1.10 tomcat
# vi /usr/lib/systemd/system/tomcat.service<<__EOF__
[Unit]
Description=Apache Tomcat 10
After=network.target
[Service]
Type=oneshot
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
EnvironmentFile=/etc/sysconfig/tomcat
RemainAfterExit=yes
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
__EOF__
CATALINA_HOME=/opt/tomcat
__EOF__
# cd /opt
# ln -s /opt/apache-tomcat-10.1.10 tomcat
# useradd -M -d /opt/tomcat tomcat
# chown -R tomcat:tomcat /opt/tomcat /opt/tomcat/*
# vi /etc/httpd/conf.d/tomcat.conf <<__EOF__
<Location /tomcat/ >
ProxyPass ajp://localhost:8009/
ProxyPassReverse ajp://localhost:8009/tomcat/
</Location>
<Location /docs/ >
ProxyPass ajp://localhost:8009/docs/
ProxyPassReverse ajp://localhost:8009/docs/
</Location>
<Location /examples/ >
ProxyPass ajp://localhost:8009/examples/
ProxyPassReverse ajp://localhost:8009/examples/
</Location>
<Location /host-manager/ >
ProxyPass ajp://localhost:8009/host-manager/
ProxyPassReverse ajp://localhost:8009/host-manager/
</Location>
<Location /manager/ >
ProxyPass ajp://localhost:8009/manager/
ProxyPassReverse ajp://localhost:8009/manager/
</Location>
__EOF__
■ postgres jdbcドライバ
URL: https://jdbc.postgresql.org/download/
# mv postgresql-42.6.0.jar /opt/tomca/lib/
# chown tomcat:tomcat postgresql-42.6.0.jar
# chmod 640 postgresql-42.6.0.jar
# vi /opt/tomcat/conf/context.xml
<Context>
<Resource name="jdbc/PostgreSQL"
auth="Container"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
initialSize="2" maxActive="4" minIdle="1" maxIdle="2"
username="service_admin" password="casio00"
driverClassName="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/servicebase"
validationQuery="SELECT 1" />
</Context>
■ MariaDB jdbc ドライバ
java 8+ connector
3.1.4-GA
Platform Independent
# mv mariadb-java-client-3.1.4.jar /opt/tomcat/lib/
# chown tomcat:tomcat /opt/tomcat/lib/mariadb-java-client-3.1.4.jar
# systemctl start tomcat
# systemctl enable tomcat
# systemctl restart httpd
# ------------------------------------
# httpd
#-------------------------------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-3.el8.noarch.rpm
# dnf -y install --disablerepo=AppStream --enablerepo=raven httpd httpd-devel mod_ssl
# vi /etc/httpd/conf/httpd.conf << __EOF__
# add by takahab
ServerName shqap0392:80
# del by takahab
# Listen 80
# mod by takahab
#Options Indexes FollowSymLinks
Options FollowSymLinks
# add by takahab
ServerTokens ProductOnly
ServerSignature Off
Timeout 300
TraceEnable off
Header append X-FRAME-OPTIONS "SAMEORIGIN"
__EOF__
# vi /etc/httpd/conf.d/ssl.conf
ServerName bms.cxdnext.co.jp:443
# httpd -t
AH00526: Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
# firewall-cmd --add-service=http --zone=public --permanent
# firewall-cmd --add-service=https --zone=public --permanent
# firewall-cmd --reload
# systemctl restart httpd
Enter TLS private key passphrase for bms.cxdnext.co.jp:443 (RSA) : *******
#------------------------------------------------------
# 仮証明書
#------------------------------------------------------
URL: https://www.digicert.com/help/
# vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /var/local/certs/bms.cxdnext.co.jp.crt
SSLCertificateKeyFile /var/local/certs/bms.cxdnext.co.jp.key
#SSLCertificateChainFile /var/local/certs/bms.cxdnext.co.jp-chain.crt
$ openssl req -new -key bms.cxdnext.co.jp.key > bms.cxdnext.co.jp.csr
$ openssl x509 -in bms.cxdnext.co.jp.csr -days 36500 -req -signkey bms.cxdnext.co.jp.key > bms.cxdnext.co.jp.crt
# ls -l /var/local/certs
-rw-r--r--. 1 root root 1224 7月 6 11:38 bms.cxdnext.co.jp.crt
-rw-r--r--. 1 root root 1041 7月 6 11:37 bms.cxdnext.co.jp.csr
-rw-r--r--. 1 root root 1766 7月 6 11:33 bms.cxdnext.co.jp.key
#----------------------------------------------------------------------------------
# 本番サーバ証明書発行 (stts.cxdnext.co.jp)
#----------------------------------------------------------------------------------
# nmcli general hostname www.exsample.co.jp
# systemctl restart NetworkManager.service
# vi /etc/httpd/conf.d/ssl.conf <<__EOF__
ServerName www.example.co.jp:443
__EOF__
# openssl genrsa -aes256 2048 > www.example.co.jp.key
# openssl req -new -key www.example.co.jp.key > www.example.co.jp.csr
# openssl x509 -in www.example.co.jp.csr -days 3650 -req -signkey www.example.co.jp.key > www.example.co.jp.crt
# openssl genrsa -aes256 2048 > www.example.co.jp.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.......+++++
.......................................+++++
e is 65537 (0x010001)
Enter pass phrase:example
Verifying - Enter pass phrase:example
sh-4.4# openssl req -new -key www.example.co.jp.key > www.example.co.jp.csr
Enter pass phrase for www.example.co.jp.key:example
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Shibuya-ku
Organization Name (eg, company) [Default Company Ltd]:EXAMPLE CO., LTD.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.example.co.jp
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# ls -l /var/local/certs/
-rw-r--r--. 1 root root 1553 7 月 19 13:58 www.example.co.jp-chain.crt ← 中間証明書
-rw-r--r--. 1 root root 2333 7 月 19 13:57 www.example.co.jp.crt ← サーバ証明書
-rw-r--r--. 1 root root 1009 7 月 19 11:43 www.example.co.jp.csr
-rw-r--r--. 1 root root 1766 7 月 19 11:41 www.example.co.jp.key
#-------------------------------------------
# Postgres
#-------------------------------------------
# dnf install postgresql14-server
# passwd postgres
postgres_password
※ semanage: コマンドが見つかりません
# dnf provides /usr/sbin/semanage
# dnf install policycoreutils-python-utils
# semanage fcontext -a -t postgresql_db_t "/data/postgres(/.*)?"
# PGSETUP_INITDB_OPTIONS='--encoding=UTF-8 --no-locale'
# /usr/pgsql-14/bin/postgresql-14-setup initdb
# vi /var/lib/pgsql/14/data/pg_hba.conf
#local all all peer
local all all trust
#host all all 127.0.0.1/32 ident
host all all 192.168.0.0/16 password
# vi /var/lib/pgsql/14/data/postgresql.conf
listen_addresses = '*'
port = 5432
# firewall-cmd --add-port=5432/tcp --zone=public --permanent
# firewall-cmd --reload
# mkdir -p /data/postgres/data
# chown -R postgres:postgres /data/postgres/data
# semanage fcontext -a -t postgresql_db_t "/data/postgres(/.*)?"
# grep -i postgresql /etc/selinux/targeted/contexts/files/file_contexts.local
# restorecon -R -v /data/postgres
# ls -lZR /data/postgres
(確認)
# ls -l /var/lib/pgsql/14/data
# vi /usr/lib/systemd/system/postgresql-14.service
# grep -v -E "^#|^$" /var/lib/pgsql/14/data/pg_hba.conf
# grep listen_addresses /var/lib/pgsql/14/data/postgresql.conf
# ls -lZ /var/lib/pgsql
drwx------. 4 postgres postgres system_u:object_r:postgresql_db_t:s0 51 4月 20 14:26 14
# systemctl start postgresql-14
# systemctl enable postgresql-14
$ su - postgres
$ psql -U postgres
ALTER USER postgres PASSWORD 'password';
$ psql
create user admin with password 'password' superuser;
create database workbase owner admin;
grant all privileges on database workbase to admin;
create user service_admin with password 'password' superuser;
create database servicebase owner service_admin;
grant all privileges on database servicebase to service_admin;
Rocky linux9
mkdir /data/tablespace_admin
chown postgres:postgres /data/tablespace_admin
chmod 700 /data/tablespace_admin
mkdir /data/tablespace_office
chown postgres:postgres /data/tablespace_office
chmod 700 /data/tablespace_office
mkdir /data/tablespace_sales
chown postgres:postgres /data/tablespace_sales
chmod 700 /data/tablespace_sales
mkdir /data/tablespace_shop
chown postgres:postgres /data/tablespace_shop
chmod 700 /data/tablespace_shop
mkdir /data/tablespace_calendars
chown postgres:postgres /data/tablespace_calendars
chmod 700 /data/tablespace_calendars
#-----------------------------------------------
# MariaDB client
#-----------------------------------------------
# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
# dnf remove mysql*
# dnf remove mysql*
# dnf remove Mariadb*
# dnf install MariaDB-client MariaDB-devel
※ pip install mysqlclientでエラー
Exception: Can not find valid pkg-config name.
6/22 リリースのmysqlclient==2.2.0 でエラー発生、
→ mysqlclient==2.1.0にバージョンダウンで回避。
# dnf install postgresql14-devel
- perl(IPC::Run) が提供されません postgresql14-devel-14.8-2PGDG.rhel8.x86_64 に必要です
→ dnf install perl-CPAN
perl -MCPAN -e shell
cpan> install IPC::Run
→ 解決できない!!!
※ Error: pg_config executable not found.
→ PATH確認
# find / -print |grep pg_config
# PATH=/usr/pgsql-14/bin:$PATH;export PATH
※ libpq-fe.h: そのようなファイルやディレクトリはありません
postgresql14-develがインストールできない為、やむおえず、/usr/pgpsql-14/include/*
をコピー。
#------------------------------------
# Oracle client
#-------------------------------------
■ 11gクライアントインストール
URL: https://www.oracle.com/jp/database/technologies/instant-client/linux-x86-64-downloads.html
https://www.oracle.com/jp/database/technologies/instant-client/linux-x86-64-downloads.html#license-lightbox
# dnf localinstall oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm
# vi /etc/ld.so.conf.d/oracle.conf
/usr/lib/oracle/11.2/client64/lib
# vi /etc/profile.d/oracle.sh
export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib/:$LD_LIBRARY_PATH
# vi /etc/sysconfig/httpd
LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib/:$LD_LIBRARY_PATH
ERROR: django.db.utils.NotSupportedError: Oracle 19 or later is required (found 11.2.0.4.0).
■ 19Cクライアントインストール
# dnf localinstall oracle-instantclient19.18-basic-19.18.0.0.0-2.x86_64.rpm --allowerasing
# vi /etc/ld.so.conf.d/oracle.conf
/usr/lib/oracle/19.18/client64/lib
# vi /etc/profile.d/oracle.sh
export LD_LIBRARY_PATH=/usr/lib/oracle/19.18/client64/lib/:$LD_LIBRARY_PATH
# vi /etc/sysconfig/httpd
LD_LIBRARY_PATH=/usr/lib/oracle/19.18/client64/lib/:$LD_LIBRARY_PATH
→ 同じエラー発生
ERROR: django.db.utils.NotSupportedError: Oracle 19 or later is required (found 11.2.0.4.0).
※ やむおえず、チェックしているソースをNOPにしたら動作した。
vi /var/www/wsgi/office/.venv/lib64/python3.9/site-packages/django/db/backends/base/base.py
if (
self.features.minimum_database_version is not None
and self.get_database_version() < self.features.minimum_database_version
):
db_version = ".".join(map(str, self.get_database_version()))
min_db_version = ".".join(map(str, self.features.minimum_database_version))
#raise NotSupportedError(
# f"{self.display_name} {min_db_version} or later is required "
# f"(found {db_version})."
#)
#---------------------------------------------------
# PHP 8.0
#---------------------------------------------------
# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
# dnf module reset php# dnf module list php
# dnf module enable php:remi-8.0
# dnf install php
# php --version
# dnf config-manager --disable epel epel-modular remi-modular remi-safe
# dnf config-manager --enable epel epel-modular
#------------------------------------------------
# python3.9
#------------------------------------------------
# dnf install python39
# update-alternatives --display python3
python3 -ステータスは自動です。
リンクは現在 /usr/bin/python3.6 を指しています。
/usr/bin/python3.6 - 優先度 1000000
スレーブ easy_install-3: /usr/bin/easy_install-3.6
スレーブ pip-3: /usr/bin/pip-3.6
スレーブ pip3: /usr/bin/pip3.6
スレーブ pydoc-3: /usr/bin/pydoc3.6
スレーブ pydoc3: /usr/bin/pydoc3.6
スレーブ pyvenv-3: /usr/bin/pyvenv-3.6
スレーブ python3-man: /usr/share/man/man1/python3.6.1.gz
/usr/bin/python3.9 - 優先度 3900
スレーブ easy_install-3: /usr/bin/easy_install-3.9
スレーブ pip-3: /usr/bin/pip-3.9
スレーブ pip3: /usr/bin/pip3.9
スレーブ pydoc-3: /usr/bin/pydoc3.9
スレーブ pydoc3: /usr/bin/pydoc3.9
スレーブ pyvenv-3: (null)
スレーブ python3-man: /usr/share/man/man1/python3.9.1.gz
現在の「最適」バージョンは /usr/bin/python3.6 です。
sh-4.4# update-alternatives --config python3
2 プログラムがあり 'python3' を提供します。
選択 コマンド
-----------------------------------------------
*+ 1 /usr/bin/python3.6
2 /usr/bin/python3.9
Enter を押して現在の選択 [+] を保持するか、選択番号を入力します:2
#-------------------------------------------------
# Django
#-------------------------------------------------
# dnf install gcc rpm-build python39-devel make zbar
# pip3.9 install mod-wsgi
# find / -print|grep mod_wsgi-py39.cpython
/usr/local/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so
# vi /etc/httpd/conf.modules.d/20-wsgi.conf
LoadModule wsgi_module /usr/local/lib64/python3.9/site-packages/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so
# vi /etc/httpd/conf.d/wsgi.conf << __EOF__
#
# Timeout: The number of seconds before receives and sends time out.
#Timeout 1000
WSGIApplicationGroup %{GLOBAL}
#
# Timeout: The number of seconds before receives and sends time out.
#Timeout 1000
WSGIApplicationGroup %{GLOBAL}
WSGISocketPrefix /var/run/wsgi
WSGIDaemonProcess office user=apache group=apache processes=1 threads=100 maximum-requests=10000 \
home=/var/www/wsgi/office \
python-home=/var/www/wsgi/office/.venv \
python-path=/var/www/wsgi/office:/var/www/wsgi/office/.venv/lib/python3.9/site-packages \
lang=ja_JP.utf8
WSGIScriptAlias /office /var/www/wsgi/office/Config/wsgi.py process-group=office
Alias /assets/ /aws/efs/assets/
Alias /media/ /aws/efs/media/
<Directory /aws/efs/assets>
Require all granted
</Directory>
<Directory /aws/efs/media>
Require all granted
</Directory>
WSGIPassAuthorization on
<Location /office>
WSGIProcessGroup office
</Location>
WSGIDaemonProcess office user=apache group=apache processes=1 threads=100 maximum-requests=10000 \
home=/var/www/wsgi/office \
python-home=/var/www/wsgi/office/.venv \
python-path=/var/www/wsgi/office:/var/www/wsgi/office/.venv/lib/python3.9/site-packages \
lang=ja_JP.utf8
WSGIScriptAlias /office /var/www/wsgi/office/Config/wsgi.py process-group=office
Alias /assets/ /aws/efs/assets/
Alias /media/ /aws/efs/media/
<Directory /aws/efs/assets>
Require all granted
</Directory>
<Directory /aws/efs/media>
Require all granted
</Directory>
WSGIPassAuthorization on
<Location /office>
WSGIProcessGroup office
</Location>
__EOF__
#-------------------------------------------
# ZABBIX
#-------------------------------------------
# rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/zabbix-release-6.4-1.el8.noarch.rpm
# dnf clean all
# dnf module switch-to php:7.4
# dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
# sudo -u postgres createuser --pwprompt zabbix
# sudo -u postgres createdb -O zabbix zabbix
# zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix
DBPassword=password
# su - postgres
# psql
> alter role zabbix with password 'password';
# systemctl restart zabbix-server zabbix-agent httpd php-fpm
# systemctl enable zabbix-server zabbix-agent httpd php-fpm
#-------------------------------------------------
# clam
#-------------------------------------------------
# dnf --enablerepo=epel install clamav clamav-scanner-systemd clamav-update
# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
# vi /etc/clamd.conf
#Example
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/pts/ptmx
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/audit
ExcludePath ^/etc/selinux
ExcludePath ^/etc/security
ExcludePath ^/run/systemd/inaccessible
ExcludePath ^/run/user
ExcludePath ^/var/log/audit
ExcludePath ^/var/lib/selinux/targeted
# vi /etc/freshclam.conf
#Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log/
LogFileMaxSize 2M
LogTime yes
LogRotate yes
DatabaseOwner root
# vi /usr/lib/systemd/system/clamd@.service <<__EOF__
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
MemoryLimit=256M
CPUQuota=20%
Nice = 19
[Install]
WantedBy = multi-user.target
__EOF__
SElinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P antivirus_use_jit 1
# freshclam
# systemctl enable clamd@scan
# systemctl start clamd@scan
# vi /etc/cron.daily/clamscan.sh <<__EOF__
#!/bin/bash
PATH=/usr/bin:/bin
dnf - -y update clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1
freshclam > /dev/null
CLAMSCANTMP=`mktemp`
clamdscan /boot /dev /etc /home /media /mnt /opt /proc /root /run /srv /sys /tmp /usr /var --remove > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root
rm -f $CLAMSCANTMP
__EOF__
# chown root:root /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh
→ systemctl start clamd@scanでタイムアウト発生。 保留
#------------------------------------------
# その他課題
#------------------------------------------
1) 7月 06 13:40:53 shqap0392 sshd[683709]: error: kex_exchange_identification: read: Connection reset by peer 多発
2)clamd 起動でタイムアウト
0 件のコメント:
コメントを投稿