CentOS 7에서 방화벽 오픈 여부 확인 방법

2019/07/18 13:48
Telnet Client가 설치되어 있지 않은 경우, 먼저 telnet 설치
yum -y install telnet
방화벽이 열려 있지 않은 경우
telnet ip_address port_number
---> Connection timed out
방화벽은 열려 있으나, 해당 포트 서비스가 안 떠 있는 경우
telnet ip_address port_number
---> Connection refused
방화벽도 열려 있고, 서비스도 떠 있는 경우
telnet ip_address port_number
---> Connected to ip_address
---> Escape character is '^]'.

CentOS 7.4에서 Jenkins 설치하기

2019/07/11 14:46
1. JDK && Git Client 설치
yum install java-1.8*
java -version
yum install git
git --version
2. 방화벽 설정
yum list installed | grep firewalld
설치되어 있지 않을 경우,
yum install -y firewalld

<서비스 등록>
systemctl unmask firewalld
systemctl enable firewalld
systemctl start firewalld

<방화벽 등록>
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --reload
3. Maven / Gradle 설치
mkdir /tools
cd /tools

<Maven Download>
wget http://mirror.navercorp.com/apache/maven/maven-3/3.6.1/binaries/apache-maven-3.6.1-bin.tar.gz
tar xzvf apache-maven-3.6.1-bin.tar.gz
ln -s apache-maven-3.6.1 maven

<Maven ENV Setting>
vi /etc/profile.d/maven.sh

export MAVEN_HOME=/tools/maven
export PATH=${MAVEN_HOME}/bin:${PATH}

source /etc/profile.d/maven.sh
mvn -version

<Gradle Download>
wget --no-check-certificate https://services.gradle.org/distributions/gradle-5.4.1-bin.zip
unzip gradle-5.4.1-bin.zip
ln -s gradle-5.4.1 gradle

<Gradle ENV Setting>
vi /etc/profile.d/gradle.sh

export GRADLE_HOME=/tools/gradle
export PATH=${GRADLE_HOME}/bin:${PATH}

source /etc/profile.d/gradle.sh
gradle -v
4. Jenkins 설치
wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
yum install -y jenkins

<Jenkins Default Port Setting>
vi /etc/sysconfig/jenkins
JENKINS_PORT="8080"

<Jenkins Operation>
Start : service jenkins start
Stop : service jenkins stop
Restart : service jenkins restart
5. Jenkins 실행
Web Browser에서 http://localhost:8080 접속

<Initial Admin Password>
view /var/lib/jenkins/secrets/initialAdminPassword

<Error Case>
Admin 로그인 후, This Jenkins instance appears to be offline 일 경우,

vi /var/lib/jenkins/hudson.model.UpdateCenter.xml
<url>https://updates.jenkins.io/update-center.json</url> 에서 https -> http로 변경

<Jenkins Restart>
service jenkins restart


CentOS 7에서 계정에 Root 권한 부여하기

2019/07/08 19:56
계정 추가 : adduser
계정 수정 : usermod
계정 삭제 : userdel
1. sudo 권한 부여
vi /etc/sudoers
root    ALL=(ALL)    ALL 아래에 다음 내용 추가
계정명    ALL=(ALL)    ALL
2. root 그룹 부여
vi /etc/group
root:x:0: ----> root:x:0:계정명
3. uid, gid 값을 root 값으로 변경
vi /etc/passwd
계정명:x:uid:gid::/home/계정명:/bin/bash --------> 계정명:x:0:0::/home/계정명:/bin/bash
4. SSH Config 수정
vi /etc/ssh/sshd_config
PermitRootLogin = prohibit-password | without-password | no 일 경우,
PermitRootLogin yes 로 변경
5. Service 재 시작
service sshd restart



CentOS 7.4에서 PostgreSQL 9.6 설치

2019/07/08 11:45
1. PostgreSQL Installation by using yum
yum install -y postgresql9.6*
2. Initialize Database
/usr/pgsql-9.6/bin/postgresql96-setup initdb
3. Service Registry on System Boot
systemctl start postgresql-9.6
systemctl enable postgresql-9.6
4. Edit Configurations
vi /var/lib/pgsql/9.6/data/pg_hba.conf
    host    all             all              127.0.0.1/0               md5
    host    all             user                       0.0.0.0/0                  md5
vi /var/lib/pgsql/9.6/data/postgresql.conf
   listen_address = '*'
5. Service Restart
systemctl restart postgresql-9.6

CentOS 7.4 SFTP 설정

2019/06/17 20:37
1. sftp user creation
  • create the user
sudo adduser access
  • assign a password to the new user
sudo passwd access

2. Create Directory for File Transfer
  • create the directory for file upload
sudo mkdir -p /var/sftp/uploads
  • establish the root user as owner
sudo chown root:root /var/sftp
  • grant write permissions to the root user and read to the other users
sudo chmod 755 /var/sftp
  • modify the owner of uploads to be the user access
sudo chown access:access /var/sftp/uploads

3. Restrict Directory Access
  • restrict the access by the terminal to the user access
sudo vi /etc/ssh/sshd_config
  • In the final part of the file, add followings
Match User access

ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
  • Save the changes using the key combination
ESC + :wq
  • apply the changes in SSH
sudo systemctl restart sshd

4. Verify SSH Connection
  • SSH connection
ssh acces@{server_ip}
         ==> The result is verified that the connection will be closed through SSH
  • Use the sftp protocol
sftp access@{server_ip}