2.创建备份服务器： ntp+cron rsync --daemon

创建备份服务器：   ntp+cron   rsync --daemon

# optimization by onekey

sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config

grep SELINUX=disabled /etc/selinux/config

setenforce 0

getenforce

/etc/init.d/iptables stop

/etc/init.d/iptables stop

chkconfig iptables off

chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash

useradd oldboy

\cp /etc/sudoers /etc/sudoers.bak

echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

tail -l /etc/sudoers

visudo -c

echo ‘export TMOUT=1800‘ >> /etc/profile

echo ‘export HISTSIZE=5‘  >> /etc/profile

echo ‘export HISTFILESIZE=5‘ >> /etc/profile

. /etc/profile

echo ‘*                -       nofile          65535‘ >> /etc/security/limits.conf

echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local

#about selinux

cat >> /etc/sysctl.conf <<EOF

net.ipv4.tcp_fin_timeout = 2

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_keepalive_time = 600

net.ipv4.ip_local_port_range = 4000   65000

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.route.gc_timeout = 100

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_synack_retries = 1

net.core.somaxconn = 16384

net.core.netdv_max_backlog = 16384

net.ipv4.tcp_max_orphans = 16384

net.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_max = 25000000

net.netfilter.nf_conntrack_tcp_timeout_established = 180

net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120

net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

EOF

#set ip and hosts for backup

cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=10.0.0.41

NETSK=255.255.255.0

GATEWAY=10.0.0.2

nameserver=202.96.128.86

EOF

cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

IPADDR=172.16.1.41

NETSK=255.255.255.0

EOF

cat >/etc/sysconfig/network<<EOF

NETWORKING=yes

HOSTNAME=backup

EOF

hostname backup

cat >/etc/hosts <<EOF

127.0.0.1    localhost localhost.localdomain localhost4 localhost4.localdomain4

::1          localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.1.5   lb01

172.16.1.6   lb02

172.16.1.7   web02

172.16.1.8   web01

172.16.1.31  nfs01

172.16.1.41  backup

172.16.1.51  db01

172.16.1.61  m01

EOF

#/etc/init.d/network reload

#make some dir

mkdir -p /server/scripts /server/tools /application /data

reboot

=======================================================================================================

#yum repo and epel

yum -y install  wget

\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

yum clean all

yum makecache

#setup some tools and develpment

yum -y install lrzsz nmap tree dos2unix nc wget

yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"

#set ntp cron

echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root

echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root

crontab -l

#setup rsync --daemon

#install rsync

yum -y install rsync

#useradd rsync

useradd -s /sbin/nologin -M -u889 rsync

id rsync

#create /etc/rsyncd.conf

user=rsync

authuser=rsync_backup

passwd=oldboy

passwdfile=/etc/rsync.password

bakpath1=/backup

bakpath2=/nfsbackup

bakpath3=/webbackup

cat >/etc/rsyncd.conf <<EOF

#rsync_config________________________start

#create by 20has at 20170608

uid = $user

gid = $user

use chroot = no

max connections = 200

timeout = 300

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsyncd.log

ignore errors

read only =false

list = false

hosts allow = 172.16.1.0/24

#hosts deny = 0.0.0.0/32

auth users = $authuser

secrets file = $passwdfile

[backup]

path = $bakpath1

[nfsbackup]

path = $bakpath2

[webbackup]

path = $bakpath3

#rsync_config________________________end

EOF

#create passwordfile

echo "rsync_backup:oldboy" > $passwdfile

chmod 600 $passwdfile

#create backuppath

mkdir -p $bakpath1 $bakpath2 $bakpath3

chown -R rsync.rsync $bakpath1 $bakpath2 $bakpath3

#onboot

echo "rsync --daemon " >>/etc/rc.local

#start daemon

rsync --daemon

lsof -i :873

backup:      这部分是未来backup校验全网备份和文件（暂时未完成）

mkdir /backup

chown rsync.rsync /backup

rm -f `find /backup -type f -name "*.tar.gz" -mtime +180`

改进的脚本：

[[email protected] scripts]# vim check.sh

#!/bin/sh

#################check /backup by 20has at 20170514

/bin/find /backup -type f -name "*.tar.gz" -and ! -name "$date +%F_%W" -mtime +180|xargs /bin/rm -f

/usr/bin/md5sum -c /backup/10.0.0.8/flag.txt >>/backup/10.0.0.8/result.txt

mail -s "$(date +%F) bak result " [email protected] </backup/10.0.0.8/result.txt

客户端rsync过来的必要设置：

web01-8 客户端：

#install rsync

yum -y install rsync

#create passwordfile

echo "oldboy" >/etc/rsync.password

chmod 600 /etc/rsync.password

mkdir -p /server/scripts

cat >>/server/scripts/bak.sh <<EOF

#!/bin/sh

##create by 20has at 2017-5-18

IP=$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print $4}‘)

TIME=$(date +%F)

mkdir -p /backup/$IP

cd / && \

tar -zcf /backup/$IP/$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables var/html

md5sum /backup/$IP/$TIME.tar.gz >/backup/$IP/flag.log

rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password

#del

find /backup -type f -name "*.tar.gz" -mtime +180 |xargs rm -f

EOF

#add cron to rsync backup

echo ‘add cron to rsync backup at 20170608‘ >>/var/spool/cron/root

echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root