yum install -y gcc make
wget -O- https://linuxcontainers.org/downloads/lxc/lxc-templates-3.0.4.tar.gz | tar zx
cd lxc-templates-3.0.4
./configure --prefix=/usr --localstatedir=/var
make install
虽然 lxc-templates 包,但该包未包含 Ubuntu 容器模板。故还须从其源码安装。
lxc-templates-3.0.4 并不需要编译任何 C 程序,但 configure 将检查 gcc。故须安装 gcc
2021-02-20 17:04:59,580 fail2ban.observer [2615]: INFO Observer start...
2021-02-20 17:04:59,583 fail2ban.database [2615]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'2021-02-20 17:04:59,583 fail2ban.jail [2615]: INFO Creating new jail 'sshd'2021-02-20 17:04:59,593 fail2ban.jail [2615]: INFO Jail 'sshd' uses pyinotify {}2021-02-20 17:04:59,596 fail2ban.jail [2615]: INFO Initiated 'pyinotify' backend
2021-02-20 17:04:59,597 fail2ban.filter [2615]: INFO maxLines: 1
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO maxRetry: 3
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO findtime: 600
2021-02-20 17:04:59,611 fail2ban.actions [2615]: INFO banTime: 86400
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO encoding: UTF-8
2021-02-20 17:04:59,611 fail2ban.filter [2615]: INFO Added logfile: '/var/log/auth.log'(pos= 34274, hash= 5cdc6285962a0352611a54aa860667fc35ededc1)2021-02-20 17:04:59,614 fail2ban.jail [2615]: INFO Jail 'sshd' started
2021-02-20 17:08:12,674 fail2ban.server [2615]: INFO Reload all jails
2021-02-20 17:08:12,674 fail2ban.server [2615]: INFO Reload jail 'sshd'2021-02-20 17:08:12,674 fail2ban.filter [2615]: INFO maxLines: 1
2021-02-20 17:08:12,674 fail2ban.filter [2615]: INFO maxRetry: 3
2021-02-20 17:08:12,675 fail2ban.filter [2615]: INFO findtime: 600
2021-02-20 17:08:12,675 fail2ban.actions [2615]: INFO banTime: 86400
2021-02-20 17:08:12,675 fail2ban.filter [2615]: INFO encoding: UTF-8
2021-02-20 17:08:12,675 fail2ban.server [2615]: INFO Jail 'sshd' reloaded
2021-02-20 17:08:12,675 fail2ban.server [2615]: INFO Reload finished.
三、查看状态
1
sudo fail2ban-client status sshd
输出类似:
123456789
Status for the jail: sshd
|- Filter
||- Currently failed: 2
||- Total failed: 5343
|`- File list: /var/log/auth.log
`- Actions
|- Currently banned: 178
|- Total banned: 1354
`- Banned IP list: ...
列表 iptables 的规则:
1
iptables -S
输出类似:
12345678910
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-nginx-http-auth -j RETURN
-A fail2ban-ssh -s <IP 1> -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-ssh -s <IP 2> -j REJECT --reject-with icmp-port-unreachable
...
-A fail2ban-ssh -j RETURN
WARNING: Not using device /dev/sdb5 for PV kyDNAt-ONdQ-9MIb-4tJO-w8kC-WnEY-xmJ2qj.
WARNING: PV kyDNAt-ONdQ-9MIb-4tJO-w8kC-WnEY-xmJ2qj prefers device /dev/sda5 because device is used by LV.
Would you like to use LXD clustering? (yes/no)[default=no]:
# 配置存储池Do you want to configure a new storage pool? (yes/no)[default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (btrfs, dir, lvm, zfs, ceph)[default=zfs]: dir
Would you like to connect to a MAAS server? (yes/no)[default=no]:
# 创建虚拟网络Would you like to create a new local network bridge? (yes/no)[default=yes]:
What should the new bridge be called? [default=lxdbr0]:
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”)[default=auto]:
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”)[default=auto]:
# LXD 服务的网络配置Would you like LXD to be available over the network? (yes/no)[default=no]: yes
Address to bind LXD to (not including port)[default=all]:
Port to bind LXD to [default=8443]:
Trust password for new clients:
lxc launch tuna-images:ubuntu/20.04 focal-vm --vm --profile default --profile vm
Ubuntu 16.04 默认内核 4.4 ,将遇到
1234
Creating focal-vm
Starting focal-vm
Error: Failed to run: modprobe vhost_vsock: modprobe: FATAL: Module vhost_vsock not found in directory /lib/modules/4.4.0-176-generic
Try `lxc info --show-log local:focal-vm`for more info
Checking for`rbenv' in PATH: /root/.rbenv/bin/rbenvChecking for rbenv shims in PATH: OKChecking `rbenv install' support: /root/.rbenv/plugins/ruby-build/bin/rbenv-install (ruby-build 20190615-9-gf3f4193)Counting installed Ruby versions: none
There aren't any Ruby versions installed under `/root/.rbenv/versions'.
You can install Ruby versions like so: rbenv install 2.2.4
Checking RubyGems settings: OK
Auditing installed plugins: OK
二、常用命令
列表可安装的Ruby版本
1
rbenv install -l
除了Ruby官方版本,还支持RBX和JRuby等。
安装指定版本的Ruby
安装过程,实际为下载并编译指定版本的Ruby源码,故需系统安装:
1
sudo apt-get install -y make gcc libssl-dev libreadline-dev zlib1g-dev
然后:
1
rbenv install 2.6.3
Ruby版本安装在 ~/.rbenv/versions 目录中。
卸载指定版本的Ruby
1
rbenv uninstall 2.6.3
设置shell的Ruby版本
1
rbenv shell 2.6.3
等同于
1
export RBENV_VERSION=2.6.3
清除RBENV_VERSION
1
rbenv shell --unset
三、升级
123456
cd ~/.rbenv
git pull
cd ~/.rbenv/plugins/ruby-build
git pull
cd ~/.rbenv/plugins/rbenv-taobao-mirror
git pull