git for sysadmins

git init configs
====================
git install                                                         || pip install or whatever your system is
git config –list                                                || list configs
git config –global user.name root             || set user
git config –global user.email ur.email      || set email
git config –system system.name “repo ” || set repo name
git config –global core.pager more          || set “more” as pager tool
git config –global core.editor vim            || set editor as vim

skip file from git sync by add file name to .gitignore_global file
git config –global core.excludesfile ~/.gitignore_global || set ignored files
start with git
====================
git init || create new git repo in `pwd`
git status || checkout status
git add file || add file to repo
git rm file || remove file from repo
git comiit -m ” comment ” || -m for message
git clone src_repo new_repo || copy repo
echo ” no_git_file ” > .gitignore || add file to ignored files from git sync
Branch managment :
====================
git checkout -b development || create new branch
git branch -a || list branch
git checkout branch || to switch branch
git merge development || will merge development branch to current working branch

git log
====================
git log || will show all logs
git log -b || only diffs
git log -2 || show only last 2 events
git log –stat || more information
git log –pertty=online || formatting oneline
git log –graph || nice logs
github.com
=====================
github.com
* register new account
* github offer unlimited public repos
* no free priavte repos
* you can add your ssh key for passwordless commit with github servers
* create new repo ( my_new ) and user for example is : gitrepo
clone git
* git clone git@github.com:gitrepo/my_new.git
* after you can set git configs
sync with repo
* git clone
* git add file
* git commit -m ” new file ”
* git push origin remote_repo

Bitbucket
=====================
* register new account
* github offer unlimited public repos
* no free priavte repos
* you can add your ssh key for passwordless commit with github servers
* create new repo ( my_new ) and user for example is : gitrepo
* offer free 5 priavte repos
* have GUI name source-tree
* after you can set git configs

clone git
* git clone git@Bitbucket.com:gitrepo/my_new.git

sync with repo
* git clone
* git add file
* git commit -m ” new file ”
* git push origin remote_repo

Raid HW

megacli -CfgLdAdd -r0 [252:0,252:1] WB RA Direct CachedBadBBU -a0
megacli -CfgLdAdd -r1 [252:0,252:1] WT NORA Direct CachedBadBBU -a0

WT : writethrough faster. Data in disk cache is considered written. vs
WB: write-back safer. Only considered to be written once on disk.
NORA :No Read Ahead vs
RA: ReadAhead vs
ADRA : Adaptive ReadAhead where if the previous two requests were sequential it pre-loads the next in sequence.
Cached: Cache reads.
Direct: Only the previous read is cached.
-strpszM : Stripe size so -strpsz64 means 64kb stripe size.
Hsp[E0:S0] : Choose this drive to be a hot-spare
148148

nginx tips

http://www.nginxtips.com/how-to-install-nginx-geoip-module/
http://www.nginxtips.com/how-to-install-mod_security-on-nginx/
http://articles.slicehost.com/2009/2/2/centos-adding-an-nginx-init-script
http://www.nginxtips.com/nginx-optimization-the-definitive-guide/
https://github.com/cfsego/nginx-limit-upstream/
https://github.com/kyprizel/nginx_ocsp_proxy-module
http://wiki.nginx.org/HttpHealthcheckModule
https://code.google.com/p/nginx-sflow-module/
http://labs.frickle.com/nginx_ngx_slowfs_cache/
https://github.com/yaoweibin/nginx_tcp_proxy_module

nginx init.d

vim /etc/init.d/nginx

#!/bin/sh
#
# nginx – this script starts and stops the nginx daemin
#
# chkconfig: – 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid

Continue reading

nginx build scr

yum install -y gcc make automake autoconf libtool pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel gcc-c++ pcre-dev pcre-devel zlib-devel make unzip

git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
cd mod_security
./autogen.sh
./configure –enable-standalone-module
make

http://www.webtrafficexchange.com/how-mitigate-ddos-modsecurity-and-modevasive-centos-6
http://blog.cherouvim.com/simple-dos-protection-with-mod_security/
NPS_VERSION=1.9.32.2
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-1.9.32.2-beta.zip
unzip release-1.9.32.2-beta.zip
cd ngx_pagespeed-release-1.9.32.2-beta/
wget https://dl.google.com/dl/page-speed/psol/1.9.32.2.tar.gz
tar -xzvf 1.9.32.2.tar.gz
wget http://nginx.org/download/nginx-1.7.7.tar.gz
tar -xvpzf nginx-*
cd nginx-*
./configure –add-module=/root//mod_security/nginx/modsecurity –add-module=/root/ngx_pagespeed-release-1.9.32.2-beta
make
make install

sysctl.txt

/proc/sys/net/ipv4/* Variables:

ip_forward – BOOLEAN
0 – disabled (default)
not 0 – enabled

Forward Packets between interfaces.

This variable is special, its change resets all configuration
parameters to their default state (RFC1122 for hosts, RFC1812
for routers)

Continue reading

tuning 10Gbps

sysctl
========
fs.file-max = 5000000
net.core.netdev_max_backlog = 400000
net.core.optmem_max = 10000000
net.core.rmem_default = 10000000
net.core.rmem_max = 10000000
net.core.somaxconn = 100000
net.core.wmem_default = 10000000
net.core.wmem_max = 10000000
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_max_syn_backlog = 12000
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_mem = 30000000 30000000 30000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem = 30000000 30000000 30000000
net.ipv4.tcp_tw_reuse = 1
net.netfilter.nf_conntrack_max = 131072
net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.ipv4.ip_forward=1
net.core.wmem_max=12582912
net.core.rmem_max=12582912
net.ipv4.tcp_rmem= 10240 87380 12582912
net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem= 10240 87380 12582912
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.netfilter.nf_conntrack_tcp_timeout_syn_recv=40
sysctl -p

init setup

Sysyem update
============
yum localinstall http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-13.ius.centos6.noarch.rpm
yum localinstall wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update

Kvm install
============
wget -N http://files.virtualizor.com/install.sh
chmod 0755 install.sh
./install.sh email=id3@id3m.net kernel=kvm lvg=new

===============================================================
## Get the latest source
# cd /usr/src/utils
# mkdir ddos
# cd ddos
wget http://www.inetbase.com/scripts/ddos/install.sh
sh install.sh
echo /usr/local/ddos/ddos.sh -c >> /etc/rc.local
===============================================================