CentOS7 PHP7설치 및 오라클 모듈(oci8.so) 생성

[출처 : http://ellordnet.tistory.com/ / http://syanoe.com/ ]

1. PHP7 설치
  - epel-release 인스톨 및 yum 저장소를 업데이트 해 줍니다.

# yum install -y epel-release
# rpm -ivh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum –enablerepo=remi update remi-release
# yum update
# php70 -v  <--설치 버전 확인
PHP 7.0.26 (cli) (built: Nov 21 2017 14:27:35) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

# yum install php70 php70-php php70-php-gd php70-php-mbstring php70-php-mysqlnd

2.oracle-instantclient를 다운 받는다.
 - 11.2.0.4.0 버전으로 아래 두개의 파일을 다운 받는다.
  oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm
  oracle-instantclient11.2-devel-11.2.0.4.0-1.x86_64.rpm

 - 다운 받은 파일을 설치

# rpm -ivh oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm
# rpm -ivh oracle-instantclient11.2-devel-11.2.0.4.0-1.x86_64.rpm

 - oci8모듈소스를 다운 받는다.

[root@centos-linux ellord]# pecl install oci8
WARNING: channel "pecl.php.net" has updated its protocols, use "pecl channel-update pecl.php.net" to update
downloading oci8-2.1.8.tgz ...
Starting to download oci8-2.1.8.tgz (194,154 bytes)
.........................................done: 194,154 bytes
11 source files, building
running: phpize
Configuring for:
PHP Api Version:         20151012
Zend Module Api No:      20151012
Zend Extension Api No:   320151012
Please provide the path to the ORACLE_HOME directory. Use 'instantclient,/path/to/instant/client/lib' if you're compiling with Oracle Instant Client [autodetect] : instantclient,/usr/lib/oracle/11.2/client64/lib <--입력(설치 경로 등록)

 - 아래와 같이 자동 컴파일 진행됨.

building in /var/tmp/pear-build-root87TwHg/oci8-2.1.8
running: /var/tmp/oci8/configure --with-php-config=/usr/bin/php-config --with-oci8=instantclient,/usr/lib/oracle/11.2/client64/lib
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for a sed that does not truncate output... /usr/bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib
checking for PHP extension directory... /usr/lib64/php/modules
checking for PHP installed headers prefix... /usr/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking for Oracle Database OCI8 support... yes, shared
checking PHP version... 7.0.24, ok
checking OCI8 DTrace support... no
checking size of long int... 8
checking checking if we're on a 64-bit platform... yes
checking Oracle Instant Client directory... /usr/lib/oracle/11.2/client64/lib
checking Oracle Instant Client SDK header directory... /usr/include/oracle/11.2/client64
checking Oracle Instant Client library version compatibility... 11.1
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... (cached) gawk
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... no
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands
running: make
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8.c -o oci8.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8.c  -fPIC -DPIC -o .libs/oci8.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8_lob.c -o oci8_lob.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8_lob.c  -fPIC -DPIC -o .libs/oci8_lob.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8_statement.c -o oci8_statement.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8_statement.c  -fPIC -DPIC -o .libs/oci8_statement.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8_collection.c -o oci8_collection.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8_collection.c  -fPIC -DPIC -o .libs/oci8_collection.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8_interface.c -o oci8_interface.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8_interface.c  -fPIC -DPIC -o .libs/oci8_interface.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=compile cc  -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -c /var/tmp/oci8/oci8_failover.c -o oci8_failover.lo
libtool: compile:  cc -I. -I/var/tmp/oci8 -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64 -DHAVE_CONFIG_H -g -O2 -c /var/tmp/oci8/oci8_failover.c  -fPIC -DPIC -o .libs/oci8_failover.o
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=link cc -DPHP_ATOM_INC -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/include -I/var/tmp/pear-build-root87TwHg/oci8-2.1.8/main -I/var/tmp/oci8 -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/oracle/11.2/client64  -DHAVE_CONFIG_H  -g -O2   -o oci8.la -export-dynamic -avoid-version -prefer-pic -module -rpath /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules  oci8.lo oci8_lob.lo oci8_statement.lo oci8_collection.lo oci8_interface.lo oci8_failover.lo -Wl,-rpath,/usr/lib/oracle/11.2/client64/lib -L/usr/lib/oracle/11.2/client64/lib -lclntsh
libtool: link: cc -shared  -fPIC -DPIC  .libs/oci8.o .libs/oci8_lob.o .libs/oci8_statement.o .libs/oci8_collection.o .libs/oci8_interface.o .libs/oci8_failover.o   -L/usr/lib/oracle/11.2/client64/lib -lclntsh  -O2 -Wl,-rpath -Wl,/usr/lib/oracle/11.2/client64/lib   -Wl,-soname -Wl,oci8.so -o .libs/oci8.so
libtool: link: ( cd ".libs" && rm -f "oci8.la" && ln -s "../oci8.la" "oci8.la" )
/bin/sh /var/tmp/pear-build-root87TwHg/oci8-2.1.8/libtool --mode=install cp ./oci8.la /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules
libtool: install: cp ./.libs/oci8.so /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules/oci8.so
libtool: install: cp ./.libs/oci8.lai /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules/oci8.la
libtool: finish: PATH="/usr/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /var/tmp/pear-build-root87TwHg/oci8-2.1.8/modules

if you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

Build complete.
Don't forget to run 'make test'.

running: make INSTALL_ROOT="/var/tmp/pear-build-root87TwHg/install-oci8-2.1.8" install
Installing shared extensions:     /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr/lib64/php/modules/
running: find "/var/tmp/pear-build-root87TwHg/install-oci8-2.1.8" | xargs ls -dils
  1252758   0 drwxr-xr-x. 3 root root     17 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8
101046009   0 drwxr-xr-x. 3 root root     19 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr
  1252759   0 drwxr-xr-x. 3 root root     17 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr/lib64
 34473647   0 drwxr-xr-x. 3 root root     21 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr/lib64/php
 67823917   0 drwxr-xr-x. 2 root root     21 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr/lib64/php/modules
 67823918 584 -rwxr-xr-x. 1 root root 595672 11월  7 17:46 /var/tmp/pear-build-root87TwHg/install-oci8-2.1.8/usr/lib64/php/modules/oci8.so

Build process completed successfully
Installing '/usr/lib64/php/modules/oci8.so'
install ok: channel://pecl.php.net/oci8-2.1.8
configuration option "php_ini" is not set to php.ini location
You should add "extension=oci8.so" to php.ini

 - 생성 파일 확인 및 php.ini에 모듈 추가

# cd /usr/lib64/php/modules/
# ls
bz2.so       exif.so      gmp.so       mcrypt.so          pdo.so          pdo_sqlite.so  simplexml.so  sysvshm.so    xmlrpc.so
calendar.so  fileinfo.so  iconv.so     mysqlnd.so         pdo_dblib.so    pgsql.so       sockets.so    tokenizer.so  xmlwriter.so
ctype.so     ftp.so       imagick.so   mysqlnd_mysqli.so  pdo_mysqlnd.so  phar.so        sqlite3.so    wddx.so       xsl.so
curl.so      gd.so        json.so      oci8.so            pdo_odbc.so     posix.so       sysvmsg.so    xml.so        zip.so
dom.so       gettext.so   mbstring.so  odbc.so            pdo_pgsql.so    shmop.so       sysvsem.so    xmlreader.so

# chmod 755 oci8.so

# vi /etc/php.ini

;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
extension=oci8.so

Centos7에 owncloud 설치 하기

[ 출처 : https://download.owncloud.org/ ]

Add repository and install manually(hide)

CentOS_7 owncloud-files-10.0.4-1

Run the following shell commands as root to trust the repository.

rpm --import https://download.owncloud.org/download/repositories/production/CentOS_7/repodata/repomd.xml.key

Run the following shell commands as root to add the repository and install from there.

wget http://download.owncloud.org/download/repositories/production/CentOS_7/ce:stable.repo -O /etc/yum.repos.d/ce:stable.repo
yum clean expire-cache
yum install owncloud-files

Direct Download

CentOS_6 owncloud-files-10.0.4-1

Run the following shell commands as root to trust the repository.

rpm --import https://download.owncloud.org/download/repositories/production/CentOS_6/repodata/repomd.xml.key

Run the following shell commands as root to add the repository and install from there.

wget http://download.owncloud.org/download/repositories/production/CentOS_6/ce:stable.repo -O /etc/yum.repos.d/ce:stable.repo
yum clean expire-cache
yum install owncloud-files

Direct Download

iRedmail 관련 Tip

LDAP 사용자 메일 포워딩 설정
 - LDAP 관리자에서 화면에서 해당 사용자 (ex>aa@mail.com)의 이메일을 bb@mail.com로
   포워딩 하기
   New Attirbute에서 mailForwardingAddress을 추가하고 포워딩 이메일 주소 추가

iRedmail 설치 완료 후 WEB 접속 불가시
  - iptables의 기본 Rule 설정이 변경 되지 않아 firewale에는 iredmail rule로 설정 되었으나
    iptables의 rule는 public으로 설정되어 있어 문제 발생됨.
    따라서 public에 서비스할 rule를 추가하면 됨.
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --permanent --zone=public --add-service=pop3
# firewall-cmd --permanent --zone=public --add-service=pop3s
# firewall-cmd --permanent --zone=public --add-service=imap
# firewall-cmd --permanent --zone=public --add-service=imaps
# firewall-cmd --permanent --zone=public --add-service=submission
# firewall-cmd --permanent --zone=public --add-service=ldap
# firewall-cmd --permanent --zone=public --add-service=smtp
# firewall-cmd --reload

Asterial 컴파일 설치 제거하기

[출처 :  http://idchowto.com/ ]

- 직접 컴파일 하여 설치한 asterisk 제거 방법
killall -9 asterisk

rm -rf /etc/asterisk

rm -rf /var/log/asterisk

rm -rf /var/lib/asterisk

rm -rf /var/spool/asterisk

rm -rf /usr/lib/asterisk

rm -rf /var/run/asterisk

rm -rf /var/lib/asterisk

rm -rf /usr/src/asterisk

rm -rf /usr/include/asterisk

rm -f /usr/sbin/asterisk

rm -f /etc/rc.d/init.d/asterisk







[설치 : http://itscom.org/archives/6985 ]

Proxy 서버 설정하기

[ 출처 : https://hostpresto.com/ ]

1. Proxy 프로그램 설치
# yum install  squid
# systemctl enable squid   <- 서비스로 등록
# systemctl start squid
# vi /etc/squid/squid.conf
 - 접속을 허용할 네트워크 대역 등록
  acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
  acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
 - 접속을 허용할 Port 등록
  acl Safe_ports port 80          # http
  acl Safe_ports port 21          # ftp


# systemctl restart squid

기본 서비스 포트는 3128임.

Linux에서 Proxy 설정 하기

[ 출처 : http://oofbird.net/ ]

1. shell에 proxy 설정하기

http_proxy=http://[IP]:[PORT]
export no_proxy=[제외할 경로]
export http_proxy

/etc/profile 또는 .bash_profile 등의 쉘 Profile에 대하여 http_proxy를 설정하면 됩니다.

이때 Proxy 설정을 제외할 대상은 no_proxy에 설정을 같이 해주시면 됩니다. (보통은 localhost, 127.0.0.1 등이 포함됩니다.)

설정이 완료된 뒤, 로그아웃 안하고 적용을 할 경우에는

[root@domain ]# source /etc/profile
[root@domain ]# source .bash_profile

source 명령을 통하여 갱신을 하시면 됩니다.
2. yum에 proxy 설정하기

....
proxy=http://[IP]:[PORT]
....

yum의 설정파일인 /etc/yum.conf 파일에 proxy라는 설정을 추가해주시면 됩니다.

설정이 완료된 뒤 yum clean all 명령을 통하여 초기화 하신 뒤 다시 갱신을 하시면 됩니다.

이메일 DDOS 공격 차단

- iptables를 이용한 방법[ https://sys4.de/ ]
1. 이메일 서버에 인증 없이 메일 발송이 되지 않도록 해 놓았는데 계속 시도하면서 서버에
   부하을 일으키는 스패머가 있어 차단 방법(공통 키워드 EHLO ylmf-pc)

설정 후 적용 리스트
# iptables -A INPUT -p tcp -dport 25 -m string --string 'ylmf-pc' --algo bm -j DROP

적용되면 메일 로그에서 지속적으로 발송 시도하던 로그는 말끔히 사라진다.

※추가로 해당 로그만 별도 보기를 원할 경우 아래와 같이 추가하면 된다.
   EHLO ylmf-pc 문자열이 확인 되면 SMTP 오류를 발생하고 180초간 3번의 오류 발생시 로그 생성
# iptables -I INPUT -p tcp --dport 25 -m string --to 90 \
    --string "EHLO ylmf-pc" --algo bm -m recent \
    --name SMTP_ERROR --set
# iptables -I INPUT -m recent --name SMTP_ERROR \
    --rcheck --seconds 180 --hitcount 3 -j DROP
# iptables -I INPUT -p tcp --dport 25 -m string --to 90\
    --string "EHLO ylmf-pc" --algo bm -j LOG \
    --log-level info --log-prefix "SMTP_ERROR "

# iptables -I INPUT -p tcp --dport 25 -m string --algo bm --string 'ylmf-pc' -j DROP

커널 로그(kern.log)에 아래와 같이 표시됨.
SMTP_ERROR IN=eth0 OUT= MAC=..:..:..:..:..:..:..:..:..:..:..:..:..:.. SRC=x.x.x.x DST=x.x.x.x LEN=54 TOS=0x00 PREC=0x00 TTL=111 ID=3363 DF PROTO=TCP SPT=3677 DPT=25 WINDOW=65501 RES=0x00 ACK PSH URGP=0


2. 포트 포워딩 설정
# iptables -A PREROUTING -p tcp -m tcp --dport {서버접속포트} -j DNAT\
           --to-destination {서비스서버IP:서비스포트}

3. iptables 설정값 저장 및 restore
# iptables-save > /etc/iptables.rule
# iptables-restore < /etc/iptables.rule

4. 설정된 리스트 조회
# iptables -L
# iptables -t nat  <-- 포트포워드 규칙이 있을 경우

- fail2ban을 이용하는 방법[ https://serverfault.com/ ]
# vi /etc/fail2ban/jail.conf
[postfix-ddos]

enabled  = true
port     = smtp,ssmtp
filter   = postfix-helo
logpath  = /var/log/mail.log
maxretry = 5

# vi /etc/fail2ban/filter.d/postfix-helo.conf

[INCLUDES]
before = common.conf

[Definition]
failregex = reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2

ignoreregex =

SCP 접속시 패스워드 없이 접속하여 백업 받기

[출처 : http://alvinalexander.com/ ]

작업 내용 A서버에서 B서버로 scp로 접속하여 B의 폴더의 모든 파일을 A서버 폴더로 복사

1. A서버(①)에서 B서버(②)로 접속시 자동 로그인이 되도록 하기 위한 처리
① A 서버에서 Key 생성
# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/al/.ssh/id_rsa):  <-- 엔터
Enter passphrase (empty for no passphrase):  <-- 엔터
Enter same passphrase again:  <-- 엔터
Your identification has been saved in /Users/al/.ssh/id_rsa.
Your public key has been saved in /Users/al/.ssh/id_rsa.pub.
The key fingerprint is:
6f:16:29:90:46:b6:88:34:3d:81:07:fc:bd:1a:fc:db al@Al-Alexanders-MacBook.local
The key's randomart image is:
+--[ RSA 2048]----+
| .++..o          |
| .oo++ o         |
|  .o.o=          |
|    ....   .     |
|   .   .S o      |
|    o .  o .     |
|     +    +      |
|    . .. o       |
|      ..E        |
+-----------------+

# ssh-copy-id root@B서버IP -p 포트
root password 등록



이후 패스워드 필요하지 않음.

2. 파일 백업을 위한 scp문장 작성
# scp -p 포트 root@B서버 IP:/B서버 파일 위치  /A서버 저장 위치 -r

ownclude 관련 글

1. owncloude 설치consol에서 파일을 cp/mv로 이동 처리한 후 웹에서 보이지 않을 경우[출처]
# cd /var/www/html/owncloud/
# ./occ files:scan --all   <-- 파일을 읽어 cache 처리 한다.

iRedmail과 owncloud 로그인 연동하기

[ 출처 : http://www.iredmail.org/forum/ ]
[ 출처 : https://doc.owncloud.org/]

1. OwnClude 설치[ 참조 ]
2. iRedmail 설치[ 참조 ]
  - 설치 후 바이러스 백신(clamav) 로그 파일 오류 발생(로그 생성시 권한 오류 발생)
    mkdir /var/log/clamav
    chown clamupdate.clamupdate -R /var/log/clamav
  - 설치시 Sogo까지 설치한 경우 postmaster로 5분 간격으로 메일 발송됨.
    cron에서 실행하면서 자동 메일 발생되고 있어 수정(빨간색 부분 제외 처리)
    vi /var/spool/cron/sogo
    *   *   *   *   *   /usr/sbin/sogo-tool expire-sessions 30 2>/dev/null; /usr/sbin/sogo-ealarms-notify

3. Ownclude상의 Apps에서 비활성에서 LDAP를 검색하여 사용함으로 변경하면
   admin 설정 부분에 LDAP가 새로 생성되고 아래와 같이 설정

- 로그인시 오류 발생할 경우 group 설정을 user 설정의 이름고 base user tree를 동일하게 설정한다.
  owncloud 로그는 /var/www/html/owncloud/data/owncloud.log에서 확인 가능

- LDAP 사용자 삭제시 자동 삭제되도록 설정(기본값음 disable)
 # vi /var/www/html/owncloud/config/config.php

  'ldapUserCleanupInterval' => 30,  <-- 적용 시간(Min) 추가

[ 참조 : https://doc.owncloud.org/ ]

- LDAP 사용자 삭제[ 참조 : https://doc.owncloud.org/ ]

Centos 방화벽 설정 관련 건

[출처 :  https://www.lesstif.com/ ]


Centos7에는 방화벽이 추가되어 있어 서비스 추가 후 방화벽상의 서비스 포트를
별도 OPEN 해야 함.
 
1. 설치
  yum install firewalld
  systemctl start firewalld
  systemctl enable firewalld
2. 설정 파일
  /etc/firewalld/zones/public.xml
  - 설정 완료 후 재 시작
    firewall-cmd --reload
3. Zone
  - 정의된 zone 목록 출력
  firewall-cmd --get-zones
 - 전체 존 목록을 상세하게 출력
  firewall-cmd --list-all-zones
 - 기존 zone 출력
  firewall-cmd --get-default-zone
 - 활성화된 zone 출력
  firewall-cmd  --get-active-zone

4. 서비스 목록
 - 서비스 목록 출력
   firewall-cmd --get-services
 - permanent로 등록된 서비스 목록
   firewall-cmd --permanent --list-all
 - 사전 정의된 서비스는 /usr/lib/firewalld/services에 존재 해야함.

5.포트 추가/삭제(reload시 적용안되므로 7의 방법으로 추가후 reload 할것)
 - 포트 추
   firewall-cmd --add-port=80/tcp
 - 포트 삭제
   firewall-cmd --remove-port=80/tcp

6. rich-rule(삭제시 add를 remove로 변경하면됨)
   firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4"  source address="192.168.10.0/24"  port protocol="tcp" port="9000" accept"

  
7. 서비스 포트 추가 
  - 기본 zone이 public 이므로  --zone=public는 생략 가능(적용후 리로드 필요)
   firewall-cmd --permanent --zone=public --add-service=http
   firewall-cmd --permanent --zone=public --add-service=https
  - 정상 설정 여부 확인
   firewall-cmd --list-services   --zone=public
   dhcpv6-client http https ssh

8. 포트 포워딩 추가
   firewall-cmd --permanent --add-masquerade
   firewall-cmd --permanent --add-forward-port=port=8080:proto=tcp:toport=80:toaddr=x.x.x.x
   
  - 등록 후 리스트 조회시 아래와 같이 조회 되어야 함.
   masquerade: yes
   forward-ports: port=8080:proto=tcp:toport=80:toaddr=x.x.x.x


9.모든 패킷에 대한 deny되는 패킷을 로깅
# firewall-cmd --set-log-denied="all"
  설정 가능 옵션 : 'all','unicast','broadcast','multicast','off'
  
10. 프로그램 옵션
Usage: firewall-cmd [OPTIONS...]

General Options
  -h, --help           Prints a short help text and exists
  -V, --version        Print the version string of firewalld
  -q, --quiet          Do not print status messages

Status Options
  --state              Return and print firewalld state
  --reload             Reload firewall and keep state information
  --complete-reload    Reload firewall and lose state information
  --runtime-to-permanent
                       Create permanent from runtime configuration

Log Denied Options
  --get-log-denied     Print the log denied value
  --set-log-denied=<value>
                       Set log denied value

Automatic Helpers Options
  --get-automatic-helpers
                       Print the automatic helpers value
  --set-automatic-helpers=<value>
                       Set automatic helpers value

Permanent Options
  --permanent          Set an option permanently
                       Usable for options marked with [P]

Zone Options
  --get-default-zone   Print default zone for connections and interfaces
  --set-default-zone=<zone>
                       Set default zone
  --get-active-zones   Print currently active zones
  --get-zones          Print predefined zones [P]
  --get-services       Print predefined services [P]
  --get-icmptypes      Print predefined icmptypes [P]
  --get-zone-of-interface=<interface>
                       Print name of the zone the interface is bound to [P]
  --get-zone-of-source=<source>[/<mask>]|<MAC>|ipset:<ipset>
                       Print name of the zone the source is bound to [P]
  --list-all-zones     List everything added for or enabled in all zones [P]
  --new-zone=<zone>    Add a new zone [P only]
  --new-zone-from-file=<filename> [--name=<zone>]
                       Add a new zone from file with optional name [P only]
  --delete-zone=<zone> Delete an existing zone [P only]
  --load-zone-defaults=<zone>
                       Load zone default settings [P only] [Z]
  --zone=<zone>        Use this zone to set or query options, else default zone
                       Usable for options marked with [Z]
  --get-target         Get the zone target [P only] [Z]
  --set-target=<target>
                       Set the zone target [P only] [Z]
  --info-zone=<zone>   Print information about a zone
  --path-zone=<zone>   Print file path of a zone [P only]

 IPSet Options
  --get-ipset-types    Print the supported ipset types
  --new-ipset=<ipset> --type=<ipset type> [--option=<key>[=<value>]]..
                       Add a new ipset [P only]
  --new-ipset-from-file=<filename> [--name=<ipset>]
                       Add a new ipset from file with optional name [P only]
  --delete-ipset=<ipset>
                       Delete an existing ipset [P only]
  --load-ipset-defaults=<ipset>
                       Load ipset default settings [P only]
  --info-ipset=<ipset> Print information about an ipset
  --path-ipset=<ipset> Print file path of an ipset [P only]
  --get-ipsets         Print predefined ipsets
  --ipset=<ipset> --set-description=<description>
                       Set new description to ipset [P only]
  --ipset=<ipset> --get-description
                       Print description for ipset [P only]
  --ipset=<ipset> --set-short=<description>
                       Set new short description to ipset [P only]
  --ipset=<ipset> --get-short
                       Print short description for ipset [P only]
  --ipset=<ipset> --add-entry=<entry>
                       Add a new entry to an ipset [P]
  --ipset=<ipset> --remove-entry=<entry>
                       Remove an entry from an ipset [P]
  --ipset=<ipset> --query-entry=<entry>
                       Return whether ipset has an entry [P]
  --ipset=<ipset> --get-entries
                       List entries of an ipset [P]
  --ipset=<ipset> --add-entries-from-file=<entry>
                       Add a new entries to an ipset [P]
  --ipset=<ipset> --remove-entries-from-file=<entry>
                       Remove entries from an ipset [P]

IcmpType Options
  --new-icmptype=<icmptype>
                       Add a new icmptype [P only]
  --new-icmptype-from-file=<filename> [--name=<icmptype>]
                       Add a new icmptype from file with optional name [P only]
  --delete-icmptype=<icmptype>
                       Delete an existing icmptype [P only]
  --load-icmptype-defaults=<icmptype>
                       Load icmptype default settings [P only]
  --info-icmptype=<icmptype>
                       Print information about an icmptype
  --path-icmptype=<icmptype>
                       Print file path of an icmptype [P only]
  --icmptype=<icmptype> --set-description=<description>
                       Set new description to icmptype [P only]
  --icmptype=<icmptype> --get-description
                       Print description for icmptype [P only]
  --icmptype=<icmptype> --set-short=<description>
                       Set new short description to icmptype [P only]
  --icmptype=<icmptype> --get-short
                       Print short description for icmptype [P only]
  --icmptype=<icmptype> --add-destination=<ipv>
                       Enable destination for ipv in icmptype [P only]
  --icmptype=<icmptype> --remove-destination=<ipv>
                       Disable destination for ipv in icmptype [P only]
  --icmptype=<icmptype> --query-destination=<ipv>
                       Return whether destination ipv is enabled in icmptype [P only]
  --icmptype=<icmptype> --get-destinations
                       List destinations in icmptype [P only]

Service Options
  --new-service=<service>
                       Add a new service [P only]
  --new-service-from-file=<filename> [--name=<service>]
                       Add a new service from file with optional name [P only]
  --delete-service=<service>
                       Delete an existing service [P only]
  --load-service-defaults=<service>
                       Load icmptype default settings [P only]
  --info-service=<service>
                       Print information about a service
  --path-service=<service>
                       Print file path of a service [P only]
  --service=<service> --set-description=<description>
                       Set new description to service [P only]
  --service=<service> --get-description
                       Print description for service [P only]
  --service=<service> --set-short=<description>
                       Set new short description to service [P only]
  --service=<service> --get-short
                       Print short description for service [P only]
  --service=<service> --add-port=<portid>[-<portid>]/<protocol>
                       Add a new port to service [P only]
  --service=<service> --remove-port=<portid>[-<portid>]/<protocol>
                       Remove a port from service [P only]
  --service=<service> --query-port=<portid>[-<portid>]/<protocol>
                       Return whether the port has been added for service [P only]
  --service=<service> --get-ports
                       List ports of service [P only]
  --service=<service> --add-protocol=<protocol>
                       Add a new protocol to service [P only]
  --service=<service> --remove-protocol=<protocol>
                       Remove a protocol from service [P only]
  --service=<service> --query-protocol=<protocol>
                       Return whether the protocol has been added for service [P only]
  --service=<service> --get-protocols
                       List protocols of service [P only]
  --service=<service> --add-source-port=<portid>[-<portid>]/<protocol>
                       Add a new source port to service [P only]
  --service=<service> --remove-source-port=<portid>[-<portid>]/<protocol>
                       Remove a source port from service [P only]
  --service=<service> --query-source-port=<portid>[-<portid>]/<protocol>
                       Return whether the source port has been added for service [P only]
  --service=<service> --get-source-ports
                       List source ports of service [P only]
  --service=<service> --add-module=<module>
                       Add a new module to service [P only]
  --service=<service> --remove-module=<module>
                       Remove a module from service [P only]
  --service=<service> --query-module=<module>
                       Return whether the module has been added for service [P only]
--service=<service> --get-modules
                       List modules of service [P only]
  --service=<service> --set-destination=<ipv>:<address>[/<mask>]
                       Set destination for ipv to address in service [P only]
  --service=<service> --remove-destination=<ipv>
                       Disable destination for ipv i service [P only]
  --service=<service> --query-destination=<ipv>:<address>[/<mask>]
                       Return whether destination ipv is set for service [P only]
  --service=<service> --get-destinations
                       List destinations in service [P only]

Options to Adapt and Query Zones
  --list-all           List everything added for or enabled in a zone [P] [Z]
  --list-services      List services added for a zone [P] [Z]
  --timeout=<timeval>  Enable an option for timeval time, where timeval is
                       a number followed by one of letters 's' or 'm' or 'h'
                       Usable for options marked with [T]
  --set-description=<description>
                       Set new description to zone [P only] [Z]
  --get-description    Print description for zone [P only] [Z]
  --set-short=<description>
                       Set new short description to zone [P only] [Z]
  --get-short          Print short description for zone [P only] [Z]
  --add-service=<service>
                       Add a service for a zone [P] [Z] [T]
  --remove-service=<service>
                       Remove a service from a zone [P] [Z]
  --query-service=<service>
                       Return whether service has been added for a zone [P] [Z]
  --list-ports         List ports added for a zone [P] [Z]
  --add-port=<portid>[-<portid>]/<protocol>
                       Add the port for a zone [P] [Z] [T]
  --remove-port=<portid>[-<portid>]/<protocol>
                       Remove the port from a zone [P] [Z]
  --query-port=<portid>[-<portid>]/<protocol>
                       Return whether the port has been added for zone [P] [Z]
  --list-protocols     List protocols added for a zone [P] [Z]
  --add-protocol=<protocol>
                       Add the protocol for a zone [P] [Z] [T]
  --remove-protocol=<protocol>
                       Remove the protocol from a zone [P] [Z]
  --query-protocol=<protocol>
                       Return whether the protocol has been added for zone [P] [Z]
  --list-source-ports  List source ports added for a zone [P] [Z]
  --add-source-port=<portid>[-<portid>]/<protocol>
                       Add the source port for a zone [P] [Z] [T]
  --remove-source-port=<portid>[-<portid>]/<protocol>
                       Remove the source port from a zone [P] [Z]
  --query-source-port=<portid>[-<portid>]/<protocol>
                       Return whether the source port has been added for zone [P] [Z]
  --list-icmp-blocks   List Internet ICMP type blocks added for a zone [P] [Z]
  --add-icmp-block=<icmptype>
                       Add an ICMP block for a zone [P] [Z] [T]
  --remove-icmp-block=<icmptype>
                       Remove the ICMP block from a zone [P] [Z]
  --query-icmp-block=<icmptype>
                       Return whether an ICMP block has been added for a zone
                       [P] [Z]
  --add-icmp-block-inversion
                       Enable inversion of icmp blocks for a zone [P] [Z]
  --remove-icmp-block-inversion
                       Disable inversion of icmp blocks for a zone [P] [Z]
  --query-icmp-block-inversion
                       Return whether inversion of icmp blocks has been enabled
                       for a zone [P] [Z]
  --list-forward-ports List IPv4 forward ports added for a zone [P] [Z]
  --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
                       Add the IPv4 forward port for a zone [P] [Z] [T]
  --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
                       Remove the IPv4 forward port from a zone [P] [Z]
  --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
                       Return whether the IPv4 forward port has been added for
                       a zone [P] [Z]
  --add-masquerade     Enable IPv4 masquerade for a zone [P] [Z] [T]
  --remove-masquerade  Disable IPv4 masquerade for a zone [P] [Z]
  --query-masquerade   Return whether IPv4 masquerading has been enabled for a
                       zone [P] [Z]
  --list-rich-rules    List rich language rules added for a zone [P] [Z]
  --add-rich-rule=<rule>
                       Add rich language rule 'rule' for a zone [P] [Z] [T]
  --remove-rich-rule=<rule>
                       Remove rich language rule 'rule' from a zone [P] [Z]
  --query-rich-rule=<rule>
                       Return whether a rich language rule 'rule' has been
                       added for a zone [P] [Z]

Options to Handle Bindings of Interfaces
  --list-interfaces    List interfaces that are bound to a zone [P] [Z]
  --add-interface=<interface>
                       Bind the <interface> to a zone [P] [Z]
  --change-interface=<interface>
                       Change zone the <interface> is bound to [Z]
  --query-interface=<interface>
                       Query whether <interface> is bound to a zone [P] [Z]
  --remove-interface=<interface>
                       Remove binding of <interface> from a zone [P] [Z]

Options to Handle Bindings of Sources
  --list-sources       List sources that are bound to a zone [P] [Z]
  --add-source=<source>[/<mask>]|<MAC>|ipset:<ipset>
                       Bind the source to a zone [P] [Z]
  --change-source=<source>[/<mask>]|<MAC>|ipset:<ipset>
                       Change zone the source is bound to [Z]
  --query-source=<source>[/<mask>]|<MAC>|ipset:<ipset>
                       Query whether the source is bound to a zone [P] [Z]
  --remove-source=<source>[/<mask>]|<MAC>|ipset:<ipset>
                       Remove binding of the source from a zone [P] [Z]

Helper Options
  --new-helper=<helper> --module=<module> [--family=<family>]
                       Add a new helper [P only]
  --new-helper-from-file=<filename> [--name=<helper>]
                       Add a new helper from file with optional name [P only]
  --delete-helper=<helper>
                       Delete an existing helper [P only]
  --load-helper-defaults=<helper>
                       Load helper default settings [P only]
  --info-helper=<helper> Print information about an helper
  --path-helper=<helper> Print file path of an helper [P only]
  --get-helpers         Print predefined helpers
  --helper=<helper> --set-description=<description>
                       Set new description to helper [P only]
  --helper=<helper> --get-description
                       Print description for helper [P only]
  --helper=<helper> --set-short=<description>
                       Set new short description to helper [P only]
  --helper=<helper> --get-short
                       Print short description for helper [P only]
  --helper=<helper> --add-port=<portid>[-<portid>]/<protocol>
                       Add a new port to helper [P only]
  --helper=<helper> --remove-port=<portid>[-<portid>]/<protocol>
                       Remove a port from helper [P only]
  --helper=<helper> --query-port=<portid>[-<portid>]/<protocol>
                       Return whether the port has been added for helper [P only]
  --helper=<helper> --get-ports
                       List ports of helper [P only]
  --helper=<helper> --set-module=<module>
                       Set module to helper [P only]
  --helper=<helper> --get-module
                       Get module from helper [P only]
  --helper=<helper> --set-family={ipv4|ipv6|}
                       Set family for helper [P only]
  --helper=<helper> --get-family
                       Get module from helper [P only]

Direct Options
  --direct             First option for all direct options
  --get-all-chains
                       Get all chains [P]
  --get-chains {ipv4|ipv6|eb} <table>
                       Get all chains added to the table [P]
  --add-chain {ipv4|ipv6|eb} <table> <chain>
                       Add a new chain to the table [P]
  --remove-chain {ipv4|ipv6|eb} <table> <chain>
                       Remove the chain from the table [P]
  --query-chain {ipv4|ipv6|eb} <table> <chain>
                       Return whether the chain has been added to the table [P]
  --get-all-rules
                       Get all rules [P]
  --get-rules {ipv4|ipv6|eb} <table> <chain>
                       Get all rules added to chain in table [P]
  --add-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...
                       Add rule to chain in table [P]
  --remove-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...
                       Remove rule with priority from chain in table [P]
  --remove-rules {ipv4|ipv6|eb} <table> <chain>
                       Remove rules from chain in table [P]
  --query-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...
                       Return whether a rule with priority has been added to
                       chain in table [P]
  --passthrough {ipv4|ipv6|eb} <arg>...
                       Pass a command through (untracked by firewalld)
  --get-all-passthroughs
                       Get all tracked passthrough rules [P]
  --get-passthroughs {ipv4|ipv6|eb} <arg>...
                       Get tracked passthrough rules [P]
  --add-passthrough {ipv4|ipv6|eb} <arg>...
                       Add a new tracked passthrough rule [P]
  --remove-passthrough {ipv4|ipv6|eb} <arg>...
                       Remove a tracked passthrough rule [P]
  --query-passthrough {ipv4|ipv6|eb} <arg>...
                       Return whether the tracked passthrough rule has been
                       added [P]

Lockdown Options
  --lockdown-on        Enable lockdown.
  --lockdown-off       Disable lockdown.
  --query-lockdown     Query whether lockdown is enabled

Lockdown Whitelist Options
  --list-lockdown-whitelist-commands
                       List all command lines that are on the whitelist [P]
  --add-lockdown-whitelist-command=<command>
                       Add the command to the whitelist [P]
  --remove-lockdown-whitelist-command=<command>
                       Remove the command from the whitelist [P]
  --query-lockdown-whitelist-command=<command>
                       Query whether the command is on the whitelist [P]
  --list-lockdown-whitelist-contexts
                       List all contexts that are on the whitelist [P]
  --add-lockdown-whitelist-context=<context>
                       Add the context context to the whitelist [P]
  --remove-lockdown-whitelist-context=<context>
                       Remove the context from the whitelist [P]
  --query-lockdown-whitelist-context=<context>
                       Query whether the context is on the whitelist [P]
  --list-lockdown-whitelist-uids
                       List all user ids that are on the whitelist [P]
  --add-lockdown-whitelist-uid=<uid>
                       Add the user id uid to the whitelist [P]
  --remove-lockdown-whitelist-uid=<uid>
                       Remove the user id uid from the whitelist [P]
  --query-lockdown-whitelist-uid=<uid>
                       Query whether the user id uid is on the whitelist [P]
  --list-lockdown-whitelist-users
                       List all user names that are on the whitelist [P]
  --add-lockdown-whitelist-user=<user>
                       Add the user name user to the whitelist [P]
  --remove-lockdown-whitelist-user=<user>
                       Remove the user name user from the whitelist [P]
  --query-lockdown-whitelist-user=<user>
                       Query whether the user name user is on the whitelist [P]

Panic Options
  --panic-on           Enable panic mode
  --panic-off          Disable panic mode
  --query-panic        Query whether panic mode is enabled
   

Centos7 노트북 닫을 때 절전모드 하지 않기

[ 출처 : https://medium.com/imjang57blog/ ]

vi /etc/systemd/logind.conf
HandleLidSwitch=ignore

추가 후 해당 서비스 재 시작
systemctl restart systemd-logind.service

Centos7에 Webmin 설치하기

[ 출처 : http://www.webmin.com/ ]

1. 설치 파일을 가져올 저장소를 추가
vi /etc/yum.repos.d/webmin.repo

- 아래 내용 입력하고 저장
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

2. GPG Key 추가
rpm --import http://www.webmin.com/jcameron-key.asc
- 상기와 같이 처리시 오류가 발생될 경우 http://www.webmin.com/jcameron-key.asc를
  브라우저로 열어서 화면에 표시 되는 내용을 복사한 후 서버에 webmin.asc란 파일로 저장
  rpm --import webmin.asc 로 처리 가능

3. 패지기 목록 업데이트 후 webmin 설치
yum check-update
yum install webmin -y

4.webmin을 시작시 서비스로 추가
chkconfig webmin on
service webmin start

5. 방화벽 사용시 해당 포트 open(설치시 기본port 10000)
firewall-cmd --add-port=10000/tcp
 

[ABAP] 프로그램간의 테이블 전달

1. 호출 하는 프로그램

  SUBMIT ZSD003 USING SELECTION-SCREEN '1000'
  WITH S_ERDAT IN S_ERDAT
  ....   <-- 전달할 Select-options 값
  AND RETURN.

  CLEAR : GT_ZPP003, GT_ZPP003[].     <-- 전달 받을 테이블 초기화
  "전달받을메모리 변수에서 내부 테이블로 전달
  IMPORT GT_ZPP003 FROM MEMORY ID 'ZPP003'.
  FREE MEMORY ID 'ZPP003'.            <-- 메모리 변수 초기화

2. 호출 받는 프로그램
  CLEAR : GS_ZPP003, GT_ZPP003[].
  "프로그램 실행 결과를 넘겨줄 프로그램과 동일한 구조를 가지는 테이블로 결과 입력
  LOOP AT GT_DATA.                   
    CLEAR : GS_ZPP003.
    MOVE-CORRESPONDING GT_DATA TO GS_ZPP003.
    APPEND GS_ZPP003 TO GT_ZPP003.
  ENDLOOP.
  EXPORT GT_ZPP003 TO MEMORY ID 'ZPP003'.

시트 보호 비밀번호 없이 해제 하기

[ 출처 : http://blog.naver.com/ ]

시트 보호가 되어 있는 엑셀 문서일 경우 비밀번호를 모르면 내용 편집이 불가할 때 편법으로 수정할 수 있는 방법임.
1. 시트 보호된 엑셀 파일을 임의의 위치에 저장하고 확장자를 ZIP로 변경하고 압축을 푼다.

2. 압축을 푼 폴더의 xl\worksheets\sheet1.xml 파일을 메모장으로 연다.
sheetProtection로 시작해서 scenarios="1"로 끝나는 부분을 삭제

3. 해당 파일 저장 후 재압축 후 확장자를 xlsx로 변경한 후 파일을 열면 수정 가능함.

오라클 JOB 프로세스 등록 방법

[참조 : http://blog.naver.com/ ]

1. 권한을 확인한다.
  SELECT * FROM V$PARAMETER WHERE NAME LIKE '%job%'
  조회 값중 Value가 0일 경우 스케쥴러가 동작하지 않으므로 이를 변경한다.

2. Value가 0일 경우 설정 변경
ALTER SYSTEM SET JOB_QUEUE_PROCESSES= 10;

3. Job생성
 DECLARE
  V_JOB NUMBER(5);
BEGIN

 DBMS_JOB.SUBMIT( V_JOB                            ,  --job 번호 생성용
                 'function_name;'                        ,  -- 실행 function 이름
                  SYSDATE                          ,  -- Job시작일
                  'TRUNC(SYSDATE) + 1 + 15.2 / 24'   ,   --Interval (다음날 15시12분)
                  FALSE                            );  -- true 이면 submit시에 job을 parsing하지 않는다

 -- 새로 생성된 JOB 번호 출력
 DBMS_OUTPUT.put_line('DBMS_JOB job number is ' || TO_CHAR(v_job));

 COMMIT;

END;

4. Job 보기
SELECT * FROM USER_JOBS;

5. Job 삭제
DBMS_JOB.REMOVE(job);

6. Job 항목 변경
DBMS_JOB.CHANGE(job, what, next_date, interval);

7. Job 수행 작업 변경
DBMS_JOB.WHAT(job, WHAT);

8.Job 시작일자 변경
DBMS_JOB.NEXT_DATE(job, next_date);

9. Job 실행 주기 변경
DBMS_JOB.INTERVAL(job, interval);

10.Job 중단(on Broken)
DBMS_JOB.BROKEN(job, broken, next_date);

11.Job를 바로 실행
DBMS_JOB.RUN(job);

[ABAP] READ_TEXT에서 사용하는 ID 알아내기

1. Purcharse Order의 경우
 - 텍스트 박스를 더블 클릭하면 편집기 화면으로 전환됨.

 - 메뉴의 GOTO - Header를 선택

 - 세부 정보 확인 가능

 - READ_TEXT에 그대로 적용

 - 입력한 데이터 표시됨.

 - SE75에서 확인 가능