cd /root/download
wget 'https://centos7.iuscommunity.org/ius-release.rpm'
yum install -y ius-release.rpm
yum install -y httpd php56u php56u-cli php56u-mysql php56u-mbstring php56u-mcrypt php56u-xml php56u-xmlrpc php56u-intl php56u-pecl-jsonc php56u-pecl-memcache php56u-pecl-memcached php56u-bcmath php56u-gd php56u-opcache php56u-pecl-redis mod_ssl
sed -i 's/;date.timezone =/date.timezone ="Asia\/Kuala_Lumpur"/g' /etc/php.ini
sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini
sed -i 's/;error_log = syslog/error_log = syslog/g' /etc/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /etc/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 600/g' /etc/php.ini
sed -i 's/max_input_time = 60/max_input_time = 600/g' /etc/php.ini
sed -i 's/;always_populate_raw_post_data = -1/always_populate_raw_post_data = -1/g' /etc/php.ini
vi /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"
ServerTokens prod
PidFile run/httpd.pid
User apache
Group apache
SetEnv SCR8_ENV production
SetEnv ENVIRONMENT production
Listen 0.0.0.0:80
ServerAdmin support@sky3888.com
ServerName myself.zabbix.com
UseCanonicalName Off
HostnameLookups Off
KeepAlive On
KeepAliveTimeout 60
DirectoryIndex index.php index.html index.html.var
TypesConfig /etc/mime.types
AccessFileName .htaccess
AcceptPathInfo On
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 128
MaxClients 128
MaxRequestsPerChild 128
</IfModule>
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule systemd_module modules/mod_systemd.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
#LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule headers_module modules/mod_headers.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule status_module modules/mod_status.so
#LoadModule ssl_module modules/mod_ssl.so
LoadModule env_module modules/mod_env.so
LoadModule php5_module modules/libphp5.so
AddHandler php5-script .php
AddType text/html .php
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Files ~ ^\.ht>
Order allow,deny
Deny from all
Satisfy All
</Files>
LogLevel warn
<IfModule log_config_module>
LogFormat "%V \"%{X-Forwarded-For}i\"%h %t \"%r\"%>s %b \"%{Referer}i\"\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\"%>s %b" common
SetEnvIf User-Agent ".*internal dummy connection.*" dontlog
CustomLog "|/usr/bin/logger -t apache-access -p local6.notice" combined env=!dontlog
ErrorLog "|/usr/bin/logger -t apache-error -p local6.err"
</IfModule>
#NameVirtualHost *:80
#
# myself.zabbix.com
#
<VirtualHost *:80>
ServerAdmin support@sky3888.com
DocumentRoot /var/www/html/zabbix
ServerName myself.zabbix.com
RewriteEngine on
ErrorLog "|/usr/bin/logger -t apache-error -p local6.err"
CustomLog "|/usr/bin/logger -t apache-access -p local6.notice" combined env=!dontlog
<Directory /var/www/html/zabbix/>
Options FollowSymLinks
AllowOverride all
Order allow,deny
allow from all
</Directory>
</VirtualHost>
apachectl configtest
mysql5.7
cd /root/download/
wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
rpm -Uvh mysql80-community-release-el7-1.noarch.rpm
yum repolist all | grep mysql
yum install -y yum-utils
yum-config-manager --disable mysql80-community
yum-config-manager --enable mysql57-community
yum repolist all | grep mysql
yum install -y mysql-community-server
vi /etc/my.cnf
[mysqld]
## General
ignore-db-dir = lost+found
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock
tmpdir = /var/lib/mysqltmp
## Cache
table-definition-cache = 4096
table-open-cache = 4096
#table-open-cache-instances = 1
#thread-cache-size = 16
#query-cache-size = 32M
#query-cache-type = 1
## Per-thread Buffers
join-buffer-size = 512K
read-buffer-size = 512K
read-rnd-buffer-size = 512K
sort-buffer-size = 512K
## Temp Tables
max-heap-table-size = 64M
tmp-table-size = 32M
## Networking
#interactive-timeout = 3600
max-connections = 400
max-connect-errors = 1000000
max-allowed-packet = 64M
skip-name-resolve
wait-timeout = 600
## MyISAM
key-buffer-size = 64M
#myisam-recover = FORCE,BACKUP
myisam-sort-buffer-size = 128M
## InnoDB
default_storage_engine = innodb
innodb-buffer-pool-size = 4G
innodb-data-file-path = ibdata1:64M:autoextend
#innodb-file-format = Barracuda
innodb-file-per-table = 1
innodb-flush-method = O_DIRECT
innodb-log-file-size = 128M
innodb_max_dirty_pages_pct = 75
#innodb_doublewrite = 0
#innodb_thread_concurrency = 4
innodb_flush_log_at_trx_commit = 1
innodb_log_buffer_size = 32M
innodb_log_file_size = 256M
innodb_log_files_in_group = 3
innodb_lock_wait_timeout = 120
## Replication and PITR
binlog-format = ROW
expire-logs-days = 7
log-bin = /var/log/mysql/bin-log
#log-slave-updates = 1
max-binlog-size = 128M
#read-only = 1
#relay-log = /var/log/mysql/relay-log
#relay-log-space-limit = 16G
server-id = 1
## Logging
#log-output = FILE
#log-slow-admin-statements
#log-slow-slave-statements
#log-warnings = 0
long-query-time = 1
slow-query-log = 1
slow-query-log-file = /var/log/mysql/slow-log
[mysqld_safe]
log-error = /var/log/mysqld.log
#malloc-lib = /usr/lib64/libjemalloc.so.1
open-files-limit = 65535
[mysql]
no-auto-rehash
socket=/var/lib/mysql/mysql.sock
prompt=\u:[\d]>\_
mkdir /var/lib/mysqltmp
mkdir /var/log/mysql
chown -R mysql.mysql /var/log/mysql
chown -R mysql.mysql /var/lib/mysqltmp
mysqld --defaults-file=/etc/my.cnf --initialize-insecure --user=mysql
yum install -y policycoreutils-python
semanage fcontext --list|grep mysql
semanage fcontext -a -t mysqld_db_t "/var/log/mysql(/.*)?"
restorecon -Rv /var/log/mysql
systemctl start mysqld
mysql_secure_installation
passwd:Zabbixxxx
mysql_config_editor set --login-path=root --host=localhost --user=root --password
mysql --login-path=root
mysql>grant all privileges on zabbix.* to zabbix@'%' identified by 'Zabbixxxx';
mysql>create database zabbix default charset utf8 COLLATE utf8_general_ci;
zabbix-server
cd /root/download/
wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
yum install zabbix-release-3.4-2.el7.noarch.rpm -y
yum install -y zabbix-proxy-mysql zabbix-server-mysql zabbix-web-mysql zabbix-get
zcat /usr/share/doc/zabbix-server-mysql-3.4.15/create.sql.gz |mysql -uzabbix -p zabbix
vi /etc/zabbix/zabbix_server.conf
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
DBHost=xxx
DBName=zabbix
DBUser=zabbix
DBPassword=Zabbixxx
StartPollers=30
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=8
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000
setsebool -P httpd_can_network_connect on
setsebool -P mysql_connect_any on
setsebool -P zabbix_can_network on
cd /root/download/
vi zabbix_server_add.te
module zabbix_server_add 1.1;
require {
type zabbix_var_run_t;
type tmp_t;
type zabbix_t;
class sock_file {create unlink write};
class unix_stream_socket connectto;
class process setrlimit;
}
#============= zabbix_t ==============
#!!!! This avc is allowed in the current policy
allow zabbix_t self:process setrlimit;
#!!!! This avc is allowed in the current policy
allow zabbix_t self:unix_stream_socket connectto;
#!!!! This avc is allowed in the current policy
allow zabbix_t tmp_t:sock_file {create unlink write};
#!!!! This avc is allowed in the current policy
allow zabbix_t zabbix_var_run_t:sock_file {create unlink write};
checkmodule -M -m -o zabbix_server_add.mod zabbix_server_add.te
semodule_package -m zabbix_server_add.mod -o zabbix_server_add.pp
semodule -i zabbix_server_add.pp
ausearch -c 'python' --raw | audit2allow -M my-python
semodule -i my-python.pp
systemctl start zabbix-server
systemctl start httpd
cp -R /usr/share/zabbix /var/www/html/
http://xxxx
centos7 zabbix-agent
cd /root/download/
wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-agent-3.4.14-1.el7.x86_64.rpm
yum install -y zabbix-agent-3.4.14-1.el7.x86_64.rpm
vi /etc/zabbix/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=1
DebugLevel=3
Server=xxx
ListenPort=10050
StartAgents=3
AllowRoot=0
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/*.conf
systemctl enable zabbix-agent
systemctl start zabbix-agent
selinux for zabbix exec python
semanage permissive -a zabbix_agent_t