|
|
|
|
@ -17,11 +17,62 @@ if [ ! -z "$stream" ];then |
|
|
|
|
dnf upgrade -y libmodulemd |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PKGMGR='yum' |
|
|
|
|
if [ $VERSION_ID -ge 8 ];then |
|
|
|
|
PKGMGR='dnf' |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
#https need |
|
|
|
|
if [ ! -d /root/.acme.sh ];then |
|
|
|
|
curl https://get.acme.sh | sh |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
if [ -f /usr/sbin/iptables ];then |
|
|
|
|
$PKGMGR install -y iptables-services |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT |
|
|
|
|
service iptables save |
|
|
|
|
|
|
|
|
|
iptables_status=`service iptables status | grep 'not running'` |
|
|
|
|
if [ "${iptables_status}" == '' ];then |
|
|
|
|
service iptables restart |
|
|
|
|
fi |
|
|
|
|
#安装时不开启 |
|
|
|
|
service iptables stop |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
if [ ! -f /usr/sbin/iptables ];then |
|
|
|
|
$PKGMGR install firewalld -y |
|
|
|
|
systemctl enable firewalld |
|
|
|
|
#取消服务锁定 |
|
|
|
|
systemctl unmask firewalld |
|
|
|
|
systemctl start firewalld |
|
|
|
|
|
|
|
|
|
sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf |
|
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=22/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=80/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=443/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=888/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=7200/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=3306/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp |
|
|
|
|
|
|
|
|
|
# sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf |
|
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
|
|
#安装时不开启 |
|
|
|
|
systemctl stop firewalld |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
$PKGMGR install -y epel-release |
|
|
|
|
if [ ! -z "$cn" ];then |
|
|
|
|
sed -e 's|^metalink=|#metalink=|g' \ |
|
|
|
|
@ -71,55 +122,5 @@ else |
|
|
|
|
done |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
#https need |
|
|
|
|
if [ ! -d /root/.acme.sh ];then |
|
|
|
|
curl https://get.acme.sh | sh |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
if [ -f /usr/sbin/iptables ];then |
|
|
|
|
$PKGMGR install -y iptables-services |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT |
|
|
|
|
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT |
|
|
|
|
# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT |
|
|
|
|
service iptables save |
|
|
|
|
|
|
|
|
|
iptables_status=`service iptables status | grep 'not running'` |
|
|
|
|
if [ "${iptables_status}" == '' ];then |
|
|
|
|
service iptables restart |
|
|
|
|
fi |
|
|
|
|
#安装时不开启 |
|
|
|
|
service iptables stop |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
if [ ! -f /usr/sbin/iptables ];then |
|
|
|
|
$PKGMGR install firewalld -y |
|
|
|
|
systemctl enable firewalld |
|
|
|
|
#取消服务锁定 |
|
|
|
|
systemctl unmask firewalld |
|
|
|
|
systemctl start firewalld |
|
|
|
|
|
|
|
|
|
sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf |
|
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=22/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=80/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=443/tcp |
|
|
|
|
firewall-cmd --permanent --zone=public --add-port=888/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=7200/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=3306/tcp |
|
|
|
|
# firewall-cmd --permanent --zone=public --add-port=30000-40000/tcp |
|
|
|
|
|
|
|
|
|
# sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf |
|
|
|
|
firewall-cmd --reload |
|
|
|
|
|
|
|
|
|
#安装时不开启 |
|
|
|
|
systemctl stop firewalld |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
cd /www/server/mdserver-web/scripts && bash lib.sh |
|
|
|
|
chmod 755 /www/server/mdserver-web/data |
|
|
|
|
|
