firewall-cmd --add-masquerade --permanent sudo firewall-cmd --reload firewall-cmd --add-port=port-number/port-type
- Make the new settings persistent:
$ sudo firewall-cmd --runtime-to-permanent
Reference: https://linuxhint.com/centos7_router/
Author Archives: alfred
Change to use a free jsdelivr
cd /www/wwwroot/ && find -type f -name "*.tpl" | xargs sed -i 's/jsdelivr.example.com/cdn.jsdelivr.net/'
How to install ntop
docker run -dit --restart unless-stopped -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:latest -i eth0
How to copy docker image from a host to another one
docker save -o <path for generated tar file> <image name>
docker load -i <path to copied image file>Docker can’t be started: Error initializing network controller: list bridge addresses failed
Solution:
Create docker network interface manually using the following commands:
ip link add name docker0 type bridge
ip addr add dev docker0 172.x.y.z/16
How to install BBR on CentOS 7
Since CentOS 7 ships with the 3.10.x kernel, which does not include BBR by default, we need to upgrade to a newer kernel version on your machine to use BBR.
For this, we install the ELRepo repo,
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpmOutput:
[root@vps ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@vps ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Retrieving http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
Retrieving http://elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:elrepo-release-7.0-4.el7.elrepo ################################# [100%]
[root@vps ~]#To install kernel using the ELRepo repo,
yum --enablerepo=elrepo-kernel install kernel-ml -yOutput:
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
kernel-ml x86_64 5.12.9-1.el7.elrepo elrepo-kernel 53 M
Transaction Summary
================================================================================
Install 1 Package
.
.
.
Installed:
kernel-ml.x86_64 0:5.12.9-1.el7.elrepo
Complete!Now check the stable kernel installation by using the following command,
rpm -qa | grep kernelNote: If the installation is successful, you should see kernel-ml-5.xx.xx.elrepo.x86_64 among the output list:
Output:
[root@vps ~]# rpm -qa | grep kernel
kernel-3.10.0-1160.el7.x86_64
kernel-tools-3.10.0-1160.el7.x86_64
kernel-ml-5.12.9-1.el7.elrepo.x86_64
kernel-tools-libs-3.10.0-1160.el7.x86_64
[root@vps ~]#Boot into the newer Kernel
Next, you need to boot into the latest kernel by setting it as the default grub2 boot entry.
Command to show all entries in the grub2 menu,
egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'Output:
[root@vps ~]# egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
CentOS Linux 7 Rescue 13f95ded0c4147935ac6afed832cfb0a (5.12.9-1.el7.elrepo.x86_64)
CentOS Linux (5.12.9-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-dd1973a114f84ea8bbf37b494513d3f7) 7 (Core)Use the following command to set the default boot entry,
Note: The count starts from 0 and the latest stable kernel is on the second line thus we set it to 1
For example,
[root@vps ~]# egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
CentOS Linux 7 Rescue 13f95ded0c4147935ac6afed832cfb0a (5.12.9-1.el7.elrepo.x86_64) <-- 0
CentOS Linux (5.12.9-1.el7.elrepo.x86_64) 7 (Core) <-- 1
CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core) <-- 2
CentOS Linux (0-rescue-dd1973a114f84ea8bbf37b494513d3f7) 7 (Core) <-- 3grub2-set-default 1Reboot the server
shutdown -r nowOnce the server is back online, confirm that you are using the correct kerne.
uname -rOutput:
[root@vps ~]# uname -r
5.12.9-1.el7.elrepo.x86_64Enable Google BBR.
You need to modify systctl as follows to enable the Google BBR algorithm.
echo 'net.core.default_qdisc=fq' | tee -a /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' | tee -a /etc/sysctl.conf
sysctl -pOutput:
[root@vps ~]# echo 'net.core.default_qdisc=fq' | tee -a /etc/sysctl.conf
net.core.default_qdisc=fq
[root@vps ~]# echo 'net.ipv4.tcp_congestion_control=bbr' | tee -a /etc/sysctl.conf
net.ipv4.tcp_congestion_control=bbr
[root@vps ~]# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbrRun the following command to verify if BBR is enabled,
sysctl net.ipv4.tcp_available_congestion_controlOutput:
[root@vps ~]# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic bbrFinally, execute the following command to verify the Google BBR,
lsmod | grep bbrOutput:
[root@vps ~]# lsmod | grep bbr
tcp_bbr 20480 1Congratulations! You have successfully installed TCP BBR Congestion Control.
Reference: https://wiki.crowncloud.net/?How_to_Enable_Google_BBR_on_CentOS_7
Install Zabbix Agent from Source on Linux
|
1
2
|
groupadd zabbixuseradd -g zabbix zabbix |
Download and install latest version of zabbix from source.
1. cd /usr/local/src2. wget http://freefr.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/3.0.3/zabbix-3.0.3.tar.gz3. tar -zxvf zabbix-3.0.3.tar.gz4. cd zabbix-3.0.35. ./configure --enable-agent6. make install |
Edit Zabbix agent configuration file at
|
1
|
vi /usr/local/etc/zabbix_agentd.conf |
Add Zabbix server IP address to the file.
|
1
|
Server = 127.0.0.1, ZABBIX_SERVER_IP |
Start zabbix_agentd
|
1
|
[root@server ~]# zabbix_agentd |
Verify Zabbix agent log for errors.
|
1
|
tail /tmp/zabbix_agentd.log |
Then login to Zabbix Dashboard on zabbix server and add a new host by entering the following details.
|
1
2
3
|
Host name: client host nameGroups: Linux ServersIP address: client host IP |
Enable Zabbix Agent to start on Boot CentOS
|
1
2
3
4
|
[root@server ~]# cd /usr/local/src/zabbix-*/[root@server zabbix-3.0.3]# cp misc/init.d/fedora/core5/zabbix_agentd /etc/init.d/zabbix_agentd[root@server zabbix-3.0.3]# chkconfig --add zabbix_agentd[root@server zabbix-3.0.3]# chkconfig zabbix_agentd on |
If everything is alright, you should see 3:on like below when running the following command.
|
1
2
3
|
[root@server ~]# chkconfig | grep zabbixzabbix_agentd 0:off 1:off 2:on 3:on 4:on 5:on 6:off[root@server ~]# |
Enable Zabbix Agent to start on Boot (Ubuntu/Debian)
|
1
2
3
4
|
cd ~/zabbix-source/zabbix-*/cp misc/init.d/debian/zabbix-agent /etc/init.dchmod 755 /etc/init.d/zabbix-agentupdate-rc.d zabbix-agent defaults |
Reference: https://blog.hostonnet.com/install-zabbix-agent-from-source-linux
How to set up Zabbix Server
docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 zabbix-net docker run --name postgres-server -t -e POSTGRES_USER="zabbix" -e POSTGRES_PASSWORD="zabbix_pwd" -e POSTGRES_DB="zabbix" --network=zabbix-net --restart unless-stopped -d postgres:latest docker run --name zabbix-snmptraps -t -v /zbx_instance/snmptraps:/var/lib/zabbix/snmptraps:rw -v /var/lib/zabbix/mibs:/usr/share/snmp/mibs:ro --network=zabbix-net -p 162:1162/udp --restart unless-stopped -d zabbix/zabbix-snmptraps:alpine-5.4-latest docker run --name zabbix-server-pgsql -t -e DB_SERVER_HOST="postgres-server" -e POSTGRES_USER="zabbix" -e POSTGRES_PASSWORD="zabbix_pwd" -e POSTGRES_DB="zabbix" -e ZBX_ENABLE_SNMP_TRAPS="true" --network=zabbix-net -p 10051:10051 --volumes-from zabbix-snmptraps --restart unless-stopped -d zabbix/zabbix-server-pgsql:alpine-5.4-latest docker run --name zabbix-web-nginx-pgsql -t -e ZBX_SERVER_HOST="zabbix-server-pgsql" -e DB_SERVER_HOST="postgres-server" -e POSTGRES_USER="zabbix" -e POSTGRES_PASSWORD="zabbix_pwd" -e POSTGRES_DB="zabbix" --network=zabbix-net -p 443:8443 -p 8080:8080 -v /etc/ssl/nginx:/etc/ssl/nginx:ro --restart unless-stopped -d zabbix/zabbix-web-nginx-pgsql:alpine-5.4-latest
Reference: https://www.zabbix.com/documentation/current/en/manual/installation/containers
How to install Zabbix agent on CentOS 8
Step 1: Go to the /etc/yum.repos.d/ directory.
cd /etc/yum.repos.d/
Step 2: Run the below commands
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
Step 3: Now run the yum update
yum update -y
Step 4:
dnf install https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-agent-6.0.3-1.el8.x86_64.rpm
Edit /etc/zabbix/zabbix_agentd.conf
#Server=[zabbix server ip] #Hostname=[ Hostname of client system ] Server=192.168.1.100 ServerAlive=192.168.1.100 Hostname=Server1
systemctl enable zabbix-agent systemctl start zabbix-agent
References:
https://techglimpse.com/failed-metadata-repo-appstream-centos-8/
TCPMSS
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu