Skip to content

Commit

Permalink
添加nexus迁移文档
Browse files Browse the repository at this point in the history
  • Loading branch information
weiliang-ms committed Nov 1, 2024
1 parent 3369205 commit b821f2c
Show file tree
Hide file tree
Showing 11 changed files with 376 additions and 51 deletions.
8 changes: 8 additions & 0 deletions 1.Linux基础/1.2包管理器/yum/rocky.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
## rocky更换为国内镜像源

```shell
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirror.sjtu.edu.cn/rocky|g' \
-i.bak \
/etc/yum.repos.d/[Rr]ocky*.repo
```
47 changes: 47 additions & 0 deletions 1.Linux基础/1.4软件更新/01升级内核.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,50 @@
### 离线升级

下载 kernel rpm lt 包

- https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/

1. 下载必须文件

```shell
# tree kernel/
kernel/
├── kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
├── kernel-lt-devel-5.4.278-1.el7.elrepo.x86_64.rpm
├── kernel-lt-doc-5.4.278-1.el7.elrepo.noarch.rpm
├── kernel-lt-headers-5.4.278-1.el7.elrepo.x86_64.rpm
├── kernel-lt-tools-5.4.278-1.el7.elrepo.x86_64.rpm
├── kernel-lt-tools-libs-5.4.278-1.el7.elrepo.x86_64.rpm
├── kernel-lt-tools-libs-devel-5.4.278-1.el7.elrepo.x86_64.rpm
├── perf-5.4.278-1.el7.elrepo.x86_64.rpm
└── python-perf-5.4.278-1.el7.elrepo.x86_64.rpm
```

2. 查看内核列表

```shell
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
```
3. 安装

```shell
yum localinstall kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
```

4. 重建内核

```shell
grub2-mkconfig -o /boot/grub2/grub.cfg
```

5. 配置新版内核

```shell
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/g" /etc/default/grub
```

6. 重启

### el7在线升级稳定版内核

> 导入`public key`,添加扩展源
Expand Down
3 changes: 3 additions & 0 deletions 1.Linux基础/1.7存储/lvm/lvm.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## lvm架构

![](lvm.png)
Binary file added 1.Linux基础/1.7存储/lvm/lvm.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
66 changes: 66 additions & 0 deletions 1.Linux基础/1.9安全/nfs.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
## 修复nfs漏洞

描述:扫描主机可以安装远程服务器导出的至少一个NFS共享。 攻击者可能能够利用它来读取(并可能写入)远程主机上的文件。

1. server 端配置可挂载ip白名单

```shell
cat /etc/exports
/data/report 10.10.1.0/24(rw,no_root_squash,async)
```

2. server 配置Mount白名单

```shell
cat /etc/hosts.allow
mountd:10.10.1.3,10.10.4,10.10.5
```

```shell
cat /etc/hosts.deny
mountd:all
```

3. 重载(可能也不需要重载?)

```shell
systemctl restart sshd
```

4. 白名单机器验证

```shell
nmap --script nfs-showmount 10.10.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2024-07-05 09:19 CST
Nmap scan report for 10.10.1.1
Host is up (0.00020s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
| nfs-showmount:
|_ /data/report 10.10.1.0/24
2049/tcp open nfs
8080/tcp open http-proxy
MAC Address: 00:50:56:8C:9A:B5 (VMware)
```

5. 黑名单机器验证

```shell
$ nmap --script nfs-showmount 10.10.1.1

Starting Nmap 6.40 ( http://nmap.org ) at 2024-07-05 09:21 CST
Nmap scan report for 10.10.1.1
Host is up (0.00032s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
2049/tcp open nfs
8080/tcp open http-proxy

Nmap done: 1 IP address (1 host up) scanned in 31.74 seconds
```

6 changes: 3 additions & 3 deletions 1.Linux基础/rockylinux/05安装docker.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,9 @@ EOF
7. 启动containerd、dockerd

```shell
$ groupadd docker
$ systemctl enable --now containerd.service
$ systemctl enable --now docker.service
groupadd docker
systemctl enable --now containerd.service
systemctl enable --now docker.service
```

8. 测试docker
Expand Down
40 changes: 2 additions & 38 deletions 2.容器/运行时/docker/安全加固/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -503,7 +503,7 @@ Total reclaimed space: 0B
> 安装最新稳定版`docker-ce`
- [docker-ce 二进制下载地址](https://download.docker.com/mac/static/stable/x86_64/)
- [docker-ce 二进制下载地址](https://download.docker.com/linux/static/stable/x86_64/)
- [docker-ce 镜像源](https://mirrors.tuna.tsinghua.edu.cn/docker-ce/)
### 配置
Expand Down Expand Up @@ -536,43 +536,7 @@ sysctl -p
> 配置`docker daemon`
```shell script
mkdir -p /etc/docker
cat <<EOF > /etc/docker/daemon.json
{
"log-opts": {
"max-size": "5m",
"max-file":"3"
},
"userland-proxy": false,
"live-restore": true,
"default-ulimits": {
"nofile": {
"Hard": 64000,
"Name": "nofile",
"Soft": 64000
}
},
"default-address-pools": [
{
"base": "172.80.0.0/16",
"size": 24
},
{
"base": "172.90.0.0/16",
"size": 24
}
],
"no-new-privileges": false,
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-shm-size": "64M",
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl restart docker
```
```
### 文件权限调整
Expand Down
35 changes: 35 additions & 0 deletions 2.容器/镜像构建/buildx.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
## 基于x86编译运行arm镜像

### 编译

```shell
docker buildx build --platform=linux/amd64,linux/arm64 -t xxx/xxx:latest -f Dockerfile . --push
```

### 测试运行

开启 QEMU 仿真

```shell
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
```

下载 qemu-aarch64-static

```shell
wget https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-1/qemu-aarch64-static && \
chmod +x qemu-aarch64-static
```

启动容器时将 `qemu-aarch64-static` 挂载到容器内
```shell
docker run -t \
--rm \
--platform arm64 \
-v $(pwd)/qemu-aarch64-static:/usr/bin/qemu-aarch64-static \
debian:11 \
uname -m
```


https://blog.csdn.net/edcbc/article/details/139366049?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_baidulandingword~default-1-139366049-blog-109631585.235^v43^pc_blog_bottom_relevance_base4&spm=1001.2101.3001.4242.2&utm_relevant_index=4
16 changes: 8 additions & 8 deletions 3.集成部署/git/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,19 +69,19 @@ quit
### 编译安装

```bash
$ curl -L https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.9.5.tar.xz -o ./git-2.9.5.tar.xz -k
$ yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker -y
$ tar xvf git-2.9.5.tar.xz
curl -L https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.9.5.tar.xz -o ./git-2.9.5.tar.xz -k
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker -y
tar xvf git-2.9.5.tar.xz

$ cd git-2.9.5
$ ./configure --prefix=/usr/local/git
$ make && make install
cd git-2.9.5
./configure --prefix=/usr/local/git
make && make install

$ cat >> ~/.bash_profile <<EOF
cat >> ~/.bash_profile <<EOF
PATH=\$PATH:/usr/local/git/bin
EOF

$ . ~/.bash_profile
. ~/.bash_profile
```

## 重写大的历史提交
Expand Down
Loading

0 comments on commit b821f2c

Please sign in to comment.