Unutulmus diyarlar , forgotten realms okuyorum yeniden.

daha oncesinde sira gozetmeksizin parca pincik okumustum.

su anda yazi yazildigi esnada 7. kitaba geldim.

Kindle buyuk bir icat.

Tesekkurler icat edene, ettirene.

Unutulmuş Diyarlar Okuma Rehberi  isimli kayip rihtim forum yazisindan sirasini buraya yaziyorum.

buna gore seriye devam edip biritmek niyetindeyim:

Kara Elf Üçlemesi (Yazar: R.A. Salvatore)
1- Anayurt
2- Sürgün
3- Göç

Buzyeli Vadisi Üçlemesi (Yazar: R.A. Salvatore)
4- Kristal Parçası
5- Gümüş Damarlar
6- Buçukluğun Mücevheri

Drizzt Do’Urden’in Maceraları Serisi (Yazar: R.A. Salvatore)
7- Miras
8- Yıldızsız Gece
9- Karanlığın Kuşatması
10- Şafağa Geçit*

Karanlığın Yolları Serisi (Yazar: R.A. Salvatore)
11- Sessiz Kılıç
12- Dünya’nın Omurgası
13- Kristal’in Hizmetkarı**
14- Kılıçlar Denizi

Avcının Kılıçları Serisi (Yazar: R.A. Salvatore)
15- Bin Ork
16- Yalnız Drow
17- İki Kılıç

Değişimler Serisi (Yazar: R.A. Salvatore)
18- Ork Kral
21- Korsan Kral***
22- Hayalet Kral

Kiralık Kılıçlar Serisi (Yazar: R.A. Salvatore)
13- Kristal’in Hizmetkarı
19- Cadı Kralın Vaadi
20- Artemis’in Yolu

Kışgörmez Efsanesi Serisi (Yazar: R.A. Salvatore)
23- Gauntlgrym
24- Kışgörmez
25- Charon’un Pençesi
26- The Last Threshold (Türkçeye çevrilmedi.)

Bu kitaplar RA Salvatore’nin Drizzt ana kahramanlı kitaplarıdır.

*Şafağa Geçit’ten önce Ruhban Serisini okumanız tavsiye edilir. Okumasanız da bir şey kaçırmazsınız. Eğer okursanız o kitapta ve ondan sonraki kitaplarda geçecek olan Cadderly adlı kahramanın geçmişini öğrenir, Cadderly’i daha iyi tanırsınız.

**Kristal’in Hizmetkarı başlangıçta Karanlığın Yolları Serisi’nde bir kitap olarak düşünülüp daha sonra Kiralık Kılıçlar Serisi’ne bağlanmıştır.

***Korsan Kral’dan önce kesinlikle Kiralık Kılıçlar Serisi kitapları okunmalıdır.

Aşağıdaki kitaplar tek başlarına birer seridir ve öbür serilere bağlı değildir:

Ruhban Serisi (Yazar: R.A. Salvatore)*
1- İlahi
2- Ormanın Gölgelerinde
3- Gece Maskeleri
4- Düşen Kale
5- The Chaos Curse (Türkçeye çevrilmedi.)

Yıldızışığı ve Gölgeler Serisi (Yazar: Elaine Cunnigham)
1- Drow Kızı
2- Karmaşık Ağlar
3- Rüzgaryolcusu

Şarkılar ve Kılıçlar Serisi (Yazar: Elaine Cunnigham)
1- Elf Gölgesi
2- Elf Şarkısı
3- Gümüş Gölgeler
4- Dikenhisar

Danışmanlar ve Krallar Serisi (Yazar: Elaine Cunnigham)
1- Büyücüavcısı
2- Selgeçidi
3- Büyücüsavaşı

Elminster Serisi (Yazar: Ed Greenwood)
1- Elminster: Bir Büyücü Yaratmak
2- Elminster Myth Drannor’da
3- Elminster’ın Cezbedilişi
4- Elminster in Hell (Türkçeye çevrilmedi.)
5- Elminster’s Daughter (Türkçeye çevrilmedi.)

Avatar Serisi
1- Karanlık Vadi (Yazar: Richard Awlinson)
2- Tantras (Yazar: Richard Awlinson)
3- Derinsu (Yazar: Troy Denning)
4- Yalanlar Prensi (Yazar: James Lowder)

Örümcek Kraliçe’nin Savaşı Serisi
1- Dağılma (Yazar: Richard Lee Byers)
2- Ayaklanma (Yazar: Thomas M. Reid)
3- Hüküm (Yazar: Richard Baker)
4- Tükeniş (Yazar: Lisa Smedman)
5- İmha (Yazar: Philip Athans)
6- Diriliş (Yazar: Paul S. Kemp)

If you’re doing it more than once, Automate.

Any task that is worth doing more than once is worth automating. That means you should keep your scripting skills up to date on any platform you have to work on. This will also reduce the chance for mistakes the next time you accomplish this task.

Documentation is a Process.

Document everything. Don’t wait until after the project is done to start documenting, do it during. It will be easier for you and more accurate if you don’t have to remember things you’ve done a long time ago. Making documentation a daily part of your routine will lessen the chance you might forget.

Generalize as much as possible.

Follow the Unix KISS philosophy. Your scripts should be kept simple and do one task well. They should be made generic enough to be reusable as often as possible. Similarly, your documentation should assume a minimum of previous knowledge. Think of someone who is new to the job and needs to be shown how to do something from the ground up.

Stay Organized.

You don’t need to read a book about thought management to become more organized. Decide now on how where your scripts will be stored and ensure you always follow the same procedure. Documentation can take many forms, but often the simplest and oldest is best, such as a web portal running a wiki. You don’t want to chase down your documentation across sticky notes, emails, text files and so on. Whether you use OneNote, Evernote, or any other solution, you should never have to Google for a solution twice.

Patch and Monitor.

Patching is something that should be a part of your automation. Whether it’s desktop systems, servers or software applications, every part of the infrastructure should be automated, and you should have a way to verify that this is happening. If you can’t tell at a glance how well the environment you’re responsible for is doing, improve your process.

Handle Security in Layers.

Security doesn’t end at the firewall. Don’t leave privileged account passwords in text files. Implementing a password vault is quick and will make a big impact, both in making sure credentials are kept secure, but also serve as part of your documentation. Segment your networks so privileged systems don’t co-exist with regular ones. Find the weak points, sandbox your web apps so they don’t put the host server at risk. Monitor your firewall rules and IDS/IPS to make sure no unwanted traffic goes through. Make sure your anti-virus software is up to date and educate your users on how to behave in a secure way.

Be Prepared for the Worst.

Stay optimistic, but plan for the worst. This means doing proper backups using the 3-2-1 system, having three copies of any important data in two formats, making sure you always keep one copy off-site. Test your restore process, document that process and have a recovery plan that makes sense for your environment. Think up scenarios from software bugs to online attacks, physical breaches, power failures, flooding and fire, and find the best solution for them. People make mistakes, your procedures should keep those mistakes isolated.

Keep Learning.

Don’t get set in your ways. Always strive to learn more, and keep a percentage of each year to learn new software, products, or get new certifications. Be ready to handle the next shiny thing or switch role at a moment’s notice as your business evolves. Take advantage of the incredible amount of free resources from YouTube videos to the Microsoft Virtual Academy, recorded talks at USENIX, DefCon and more.

Don’t Change for Change’s Sake.

Don’t fall into the trap of wanting to change something just for change’s sake. Hype is not a business case. That Perl app may be old, but if it fulfills its task, leave it be. Account for the inevitable delays, cost overruns and scope changes before undertaking any new project. Avoid feature creep and ask yourself if there’s a simpler way to accomplish a goal before implementing an overly complex system.

Have Fun.

Don’t get burned out. Be respectful to your users and colleagues, but learn to say no. Think about what is most important to you, and how you will think back on these days in 10 years.

Original Link Here: https://github.com/Leo-G/DevopsWiki/wiki/Top-10-tenets-of-a-System-Administrator

actual iptables code used:

#SMTP output, only allow mail to send remotely.
iptables -A OUTPUT -m owner --uid-owner mail -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner root -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j REJECT

/sbin/service iptables save

cat /etc/sysconfig/iptables


Feel free to remove the whole line containing "--uid-owner root" if you don't need it.
I personally do a lot of debugging with telnet to port 25, hence I'm leaving it open.

Backup (mysql dump) all your MySQL databases in separate files

Sometimes we would like to dump all the MySQL databases. MySQL provides an easy solution to this problem:
1

mysqldump -u root -p –all-databases > all_dbs.sql

However this will dump stuff into one file. How to dump all databses into separate files? Well, here is my solution. A small bash script:

	
#! /bin/bash
 
TIMESTAMP=$(date +"%F")
BACKUP_DIR="/backup/$TIMESTAMP"
MYSQL_USER="backup"
MYSQL=/usr/bin/mysql
MYSQL_PASSWORD="password"
MYSQLDUMP=/usr/bin/mysqldump
 
mkdir -p "$BACKUP_DIR/mysql"
 
databases=`$MYSQL --user=$MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"`
 
for db in $databases; do
  $MYSQLDUMP --force --opt --user=$MYSQL_USER -p$MYSQL_PASSWORD --databases $db | gzip > "$BACKUP_DIR/mysql/$db.gz"
done

Be aware, that in order to execute this script from cron, you need to store password in it (so cron won’t be prompted to provide a password). That’s why, you should not use a root account. Instead just create a new user only for backups, with following privileges:

daha once bu konu hakkinda yazmistim.

bir daha yazmak icap etti.

kvm lerde kullandigim .raw imaj dosyalari sparse degiller.

halbuki sparse olsalar aktarirken 200GB yerin 20Gb aktaracagim.

haydi .raw imajlari sparse edelim.

1- ilgili virtual makinaya gir ve diskin heryerini 0 larla doldur:

dd if=/dev/zero of=/tmp/zerotxt bs=1M

islem bitince sync et

sync

zerotxt yi sil

rm /tm/zerotxt

2- simdi virtual makinadan cik ve makinayi kapat.

imaj dosyanin bulundugunu dizine git. en hizli ve en kolay yontem imaji copy edecegiz.

cp –sparse=always vm-foo.raw vm-foo.raw-sparse

3- simdi elimizde sparse dosyamiz oldu.

/var/lib/vz/images/101# ls -lash
total 252G
4,0K drwxr-xr-x 2 root root 4,0K Mar 11 08:04 .
4,0K drwxr-xr-x 12 root root 4,0K Ara 6 09:54 ..
201G -rw-r–r– 1 root root 200G Mar 11 23:40 vm-101-disk-1.eski.raw
51G -rw-r–r– 1 root root 200G Mar 11 07:55 vm-101-disk-1.raw

hemen yeni sunucuya transfer edelim 🙂

gule gule kullanalim.

Just do the following to set proxy timeout to 1800:
Code:

echo 'ProxyTimeout 1800' >> /etc/httpd/conf/extra/httpd-includes.conf
service httpd restart

LEMP stack/LAMP stack/LNMP stack installation scripts for CentOS/Redhat Debian and Ubuntu https://blog.linuxeye.com/31.html

adresler su sekilde

oncelikle cinli developerin gelistirdigi var:

https://github.com/lj2007331/lnmp

This script is written using the shell, in order to quickly deploy LEMP/LAMP/LNMP/LNMPA(Linux, Nginx/Tengine, MySQL in a production environment/MariaDB/Percona, PHP), applicable to CentOS 5~7(including RedHat), Debian 6~8, Ubuntu 12.04~15.04 of 32 and 64.

Script properties:

• Continually updated
• Source compiler installation, most stable source is the latest version, and download from the official site
• Some security optimization
• Providing a plurality of database versions (MySQL-5.7, MySQL-5.6, MySQL-5.5, MariaDB-10.1, MariaDB-10.0, MariaDB-5.5,Percona-5.7, Percona-5.6, Percona-5.5)
• Providing multiple PHP versions (php-5.3, php-5.4, php-5.5, php-5.6, php-7)
• Provide Nginx, Tengine
• Providing a plurality of Apache version (Apache-2.4, Apache-2.2)
• According to their needs to install PHP Cache Accelerator provides ZendOPcache, xcache, apcu, eAccelerator. And php encryption and decryption tool ionCube, ZendGuardLoader
• Installation Pureftpd, phpMyAdmin according to their needs
• Install memcached, redis according to their needs
• Tcmalloc can use according to their needs or jemalloc optimize MySQL, Nginx
• Providing add a virtual host script
• Provide Nginx/Tengine, MySQL/MariaDB/Percona, PHP, Redis, phpMyAdmin upgrade script
• Provide local backup and remote backup (rsync between servers) script
• Provided under HHVM install CentOS 6,7

birde bu var gotdeb

GotDeb

Interactive bash script for VPS or Dedicated servers. Build with low end systems in mind. Requires Debian version 7.x or 8.x

Installation

Run the script and follow the assistant:

wget https://gotdeb.com/setup.sh --no-check-certificate
chmod +x setup.sh && ./setup.sh

OR

wget https://raw.githubusercontent.com/eunas/gotdeb/master/setup.sh --no-check-certificate
chmod +x setup.sh && ./setup.sh

Script content

• Nginx
  • nginx 1.8.x
  • nginx 1.9.x
  • Optional SSL support with self signed certificate or Let’s Encrypt
• Blogs
  • Ghost
  • WordPress
• PHP
  • PHP-FPM 5.6
  • PHP-FPM 7.0 (Debian 8)
  • HHVM
• MySQL Server
• MariaDB server
• phpMyAdmin
• PureFTPD (FTPS enabled)
• OpenVPN Server (Works on NAT)
• SoftEtherVPS (Works on NAT)
• Squid3 Proxy Server
• sSMTP server
• Aria2 + webui
• Transmission BitTorrent Client
• X2Go + xfce Desktop
• Plex Media Server
• Observium
  • Server
  • Client
• Linux Dash server monitor
• User Management
  • Add user
  • Delete user
  • List Users
• System Management
  • Remove unneeded packages and services
  • Install essentials packages
  • Update timezone
  • System tests
  • Secure System
    • fail2ban
    • Uncomplicated Firewall
    • Unattended Upgrades
  • Speedtest.net
  • Get OS Version
• About

https://github.com/eunas/gotdeb

IP Tables Script

rules.sh

iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

cat /etc/nginx/conf.d/domain.com.conf

server {
       listen         80;
       server_name    domain.com;
       return         301 https://$server_name$request_uri;
}
server {
      listen 443 ssl;
      server_name domain.com;

      ssl_certificate /home/ssl/cert.crt;
      ssl_certificate_key /home/ssl/cert.key;

      access_log   /home/logs/domain.com.access.log;
      error_log /home/logs/domain.com.error.log;

      location / {
            proxy_pass https://WEBSERVERIP/;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-SSL on;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_max_temp_file_size 0;
            client_max_body_size 10m;
            client_body_buffer_size 128k;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;

      }
}

a sunucusundan b sunucusuna dosyalari en hizli nasil transfer ederiz?

cevap rsync tabiiki..

daha oncede yazmistim. Biraz gelistirmek zorunda kaldim.

soyle ki: su linkdeki adresde bu konuyu yazmisim.

ancak rsync malum paralel calismiyor. tek thread isi bozuyor.

o zaman 1 den cok thread calistiralim

parallel kullanarak.

yum install parallel veyahut apt-get install moreutils

sonrasinda komutumuz bu:

ls . | parallel -v -j8 rsync -raz --progress {} root@sun.ucu.ip.adres:/home/blabla/domains/hoptirirom.com.tr/public_html/{}

8 baglanti acip rsync yapacak bu.

ssh-keygen -t rsa

ve

ssh-copy-id user@123.45.56.78

yapmayi unutma bastan 🙂

biraz daha aciklama yazayim kendim icin

rsync icin -raz

-recursive

-archive

-zikistir

demek oluyor.

-j8 8 paralel demek

daha once

rsync icin -ave gibi bisi kullanmistim

-archive

-verbose

-e -e, –rsh=COMMAND specify the remote shell to use

demekmis

-e neden kullanmadim ben burada acaba?

cunku daha once sunu kullanmistim

rsync -ave 'ssh -p 22' 1.2.3.4:/home/ /home/

simdi kullanmadim. ssh yap demedim. centosdan centosa benzer zaten sheller. kendisi halletti galiba.

NOT: http://moo.nac.uci.edu/~hjm/parsync/

buda perl wrapper ayni isi yapan. bakmadim henuz buna lazim olursa bakarim. eminim daha kolaydir.