centos 7 after install ( php setting & firewall setting )

sudo -i
sudo yum -y update
sudo yum -y install epel-release
sudo yum install -y  https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y  fio ioping nload psmisc wget htop nano iftop telnet net-tools  mlocate mtr  yum-utils sysstat zip unzip  traceroute tcptraceroute tcpdump bind-utils  ftp.x86_64  policycoreutils-python

sudo sed -i -e 's/10/2/g' /etc/cron.d/sysstat

sudo echo "DefaultLimitNOFILE=1024000" >> /etc/systemd/system.conf
sudo echo "DefaultLimitNOFILE=1024000" >>  /etc/systemd/user.conf

sudo echo "*     soft nofile 1024000" >> /etc/security/limits.conf
sudo echo "*     hard nofile 1024000" >> /etc/security/limits.conf
sudo echo "*     soft nproc 1024000" >> /etc/security/limits.conf
sudo echo "*     hard nproc 1024000" >> /etc/security/limits.conf

echo "fs.aio-max-nr = 1048576" >> /etc/sysctl.conf
echo "net.nf_conntrack_max = 1024000" >> /etc/sysctl.conf
echo "kernel.msgmnb = 1024000" >> /etc/sysctl.conf
echo "kernel.msgmax = 1024000" >> /etc/sysctl.conf
echo "fs.file-max = 1024000" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 15000 65000 > /proc/sys/net/ipv4/ip_local_port_range
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse


sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --permanent --zone=public --add-service=mysql


sudo firewall-cmd --permanent --add-port=53/tcp
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp

sudo firewall-cmd --zone=public --add-port=9070/tcp --permanent
sudo firewall-cmd --zone=public --add-port=9071/tcp --permanent
sudo firewall-cmd --zone=public --add-port=9072/tcp --permanent
sudo firewall-cmd --zone=public --add-port=9073/tcp --permanent
sudo firewall-cmd --zone=public --add-port=9074/tcp --permanent
sudo firewall-cmd --zone=public --add-port=9080/tcp --permanent
sudo firewall-cmd --reload

#firewall-cmd --zone=public --add-port=2222/tcp --permanent
#sudo firewall-cmd --runtime-to-permanent 

gistfile1.txt

sudo yum install -y  http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --enable remi-php74
sudo yum remove  -y  php*



sudo yum install -y php72-php php72-php-pear php72-php-bcmath php72-php-pecl-jsond-devel php72-php-mysqlnd php72-php-gd php72-php-common php72-php-fpm php72-php-intl php72-php-cli php php72-php-xml php72-php-opcache php72-php-pecl-apcu php72-php-pecl-jsond php72-php-pdo php72-php-gmp php72-php-process php72-php-pecl-imagick php72-php-devel php72-php-mbstring php72-php-mcrypt  php72-php-soap  php72-php-pecl-zip


sudo yum install -y php73-php php73-php-pear php73-php-bcmath php73-php-pecl-jsond-devel php73-php-mysqlnd php73-php-gd php73-php-common php73-php-fpm php73-php-intl php73-php-cli php php73-php-xml php73-php-opcache php73-php-pecl-apcu php73-php-pecl-jsond php73-php-pdo php73-php-gmp php73-php-process php73-php-pecl-imagick php73-php-devel php73-php-mbstring php73-php-mcrypt  php73-php-soap  php73-php-pecl-zip

sudo yum install -y php74-php php74-php-pear php74-php-bcmath php74-php-pecl-jsond-devel php74-php-mysqlnd php74-php-gd php74-php-common php74-php-fpm php74-php-intl php74-php-cli php php74-php-xml php74-php-opcache php74-php-pecl-apcu php74-php-pecl-jsond php74-php-pdo php74-php-gmp php74-php-process php74-php-pecl-imagick php74-php-devel php74-php-mbstring php74-php-mcrypt  php74-php-soap  php74-php-pecl-zip


yum install php82-php-pear php82-php-bcmath php82-php-pecl-jsond-devel php82-php-mysqlnd php82-php-gd php82-php-common php82-php-fpm php82-php-intl php82-php-cli php82-php-xml php82-php-opcache php82-php-pecl-apcu php82-php-pecl-jsond php82-php-pdo php82-php-gmp php82-php-process php82-php-pecl-imagick php82-php-devel php82-php-mbstring php82-php-mcrypt  php82-php-soap  php82-php-pecl-zip php82-php-pecl-swoole5.x86_64

sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9070/g' /etc/opt/remi/php70/php-fpm.d/www.conf
sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9071/g' /etc/opt/remi/php71/php-fpm.d/www.conf
sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9072/g' /etc/opt/remi/php72/php-fpm.d/www.conf
sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9073/g' /etc/opt/remi/php73/php-fpm.d/www.conf
sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9074/g' /etc/opt/remi/php74/php-fpm.d/www.conf
sudo sed -i -e 's/127.0.0.1:9000/127.0.0.1:9080/g' /etc/opt/remi/php80/php-fpm.d/www.conf


sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php70/php-fpm.d/www.conf
sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php71/php-fpm.d/www.conf
sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php72/php-fpm.d/www.conf
sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php73/php-fpm.d/www.conf
sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php74/php-fpm.d/www.conf
sudo echo "php_admin_value[date.timezone] = Asia/Tehran" >>  /etc/opt/remi/php80/php-fpm.d/www.conf


sudo systemctl enable php70-php-fpm;sudo systemctl enable php71-php-fpm;sudo systemctl enable php72-php-fpm;

sudo systemctl enable php73-php-fpm;systemctl enable php74-php-fpm;
sudo systemctl enable php80-php-fpm;

sudo systemctl start php70-php-fpm;sudo systemctl start php71-php-fpm;sudo systemctl start php72-php-fpm;

sudo systemctl start php73-php-fpm;sudo systemctl start php74-php-fpm;
sudo systemctl start php80-php-fpm;


sudo updatedb
sudo mkdir /var/lib/php/session
sudo chmod -R 777 /var/lib/php/session
sudo chmod 777 /var/opt/remi/php70/lib/php/session
sudo chmod 777 /var/opt/remi/php71/lib/php/session
sudo chmod 777 /var/opt/remi/php72/lib/php/session
sudo chmod 777 /var/opt/remi/php73/lib/php/session
sudo chmod 777 /var/opt/remi/php74/lib/php/session
sudo chmod 777 /var/opt/remi/php80/lib/php/session

 
sudo sed -i "/expose_php =/c\expose_php = Off" /etc/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 300000" /etc/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/php.ini

sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php72/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php72/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php72/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php72/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php72/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php72/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php72/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php72/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php72/php.ini



sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php73/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php73/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php73/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php73/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php73/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php73/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php73/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php73/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php73/php.ini


sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php74/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php74/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php74/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php74/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php74/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php74/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php74/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php74/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php74/php.ini



sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php80/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php80/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php80/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php80/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php80/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php80/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php80/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php80/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php80/php.ini


sudo systemctl restart php70-php-fpm;sudo systemctl restart php71-php-fpm;

sudo systemctl restart php72-php-fpm; sudo systemctl restart php73-php-fpm;sudo systemctl restart php74-php-fpm;

sudo systemctl restart php80-php-fpm;

10 4 * * *   rm -rf  /var/opt/remi/php70/lib/php/wsdlcache/*  >/dev/null 2>&1
10 4 * * *   rm -rf  /var/opt/remi/php71/lib/php/wsdlcache/*  >/dev/null 2>&1
10 4 * * *   rm -rf  /var/opt/remi/php72/lib/php/wsdlcache/*  >/dev/null 2>&1



10 2 * * *   root systemctl restart php70-php-fpm  >/dev/null 2>&1
10 3 * * *   root systemctl restart php71-php-fpm   >/dev/null 2>&1
10 4 * * *   root systemctl restart php72-php-fpm   >/dev/null 2>&1




sudo yum install -y php70-php php70-php-pear php70-php-bcmath php70-php-pecl-jsond-devel php70-php-mysqlnd php70-php-gd php70-php-common php70-php-fpm php70-php-intl php70-php-cli php php70-php-xml php70-php-opcache php70-php-pecl-apcu php70-php-pecl-jsond php70-php-pdo php70-php-gmp php70-php-process php70-php-pecl-imagick php70-php-devel php70-php-mbstring php70-php-mcrypt  php70-php-soap  php70-php-pecl-zip

sudo yum install -y php71-php php71-php-pear php71-php-bcmath php71-php-pecl-jsond-devel php71-php-mysqlnd php71-php-gd php71-php-common php71-php-fpm php71-php-intl php71-php-cli php php71-php-xml php71-php-opcache php71-php-pecl-apcu php71-php-pecl-jsond php71-php-pdo php71-php-gmp php71-php-process php71-php-pecl-imagick php71-php-devel php71-php-mbstring php71-php-mcrypt  php71-php-soap  php71-php-pecl-zip




sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php70/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php70/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php70/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php70/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php70/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php70/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php70/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php70/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php70/php.ini

sudo sed -i "/expose_php =/c\expose_php = Off" /etc/opt/remi/php71/php.ini
sudo sed -i "/memory_limit =/c\memory_limit =12800000M" /etc/opt/remi/php71/php.ini
sudo sed -i "/short_open_tag =/c\short_open_tag = On" /etc/opt/remi/php71/php.ini
sudo sed -i "/post_max_size =/c\post_max_size = 200M" /etc/opt/remi/php71/php.ini
sudo sed -i "/max_input_time =/c\max_input_time = 3000" /etc/opt/remi/php71/php.ini
sudo sed -i "/max_execution_time =/c\max_execution_time = 30000000" /etc/opt/remi/php71/php.ini
sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = 200M" /etc/opt/remi/php71/php.ini
sudo sed -i "/max_file_uploads =/c\max_file_uploads = 100" /etc/opt/remi/php71/php.ini
sudo sed -i "/allow_url_fopen =/c\allow_url_fopen = On" /etc/opt/remi/php71/php.ini

find php current user for permission

echo posix_getpwuid(posix_geteuid())['name'];

count open file

lsof | wc -l

find /var/ -type f -size +5120k -exec ls -lh {} ;

systemctl list-unit-files | grep fpm

see all open port on linux

ss -tulw

sed -i "/^pm.max_children/c\pm.max_children = 1500"  /etc/opt/remi/php70/php-fpm.d/www.conf
sed -i "/^pm.max_spare_servers/c\pm.max_spare_servers = 1450"  /etc/opt/remi/php70/php-fpm.d/www.conf
sed -i "/^pm.min_spare_servers/c\pm.min_spare_servers = 400"  /etc/opt/remi/php70/php-fpm.d/www.conf
sed -i "/^pm.start_servers/c\pm.start_servers = 500"  /etc/opt/remi/php70/php-fpm.d/www.conf

sed -i "/^pm.max_children/c\pm.max_children = 1500"  /etc/opt/remi/php71/php-fpm.d/www.conf
sed -i "/^pm.max_spare_servers/c\pm.max_spare_servers = 1450"  /etc/opt/remi/php71/php-fpm.d/www.conf
sed -i "/^pm.min_spare_servers/c\pm.min_spare_servers = 400"  /etc/opt/remi/php71/php-fpm.d/www.conf
sed -i "/^pm.start_servers/c\pm.start_servers = 500"  /etc/opt/remi/php71/php-fpm.d/www.conf

sed -i "/^pm.max_children/c\pm.max_children = 1500"  /etc/opt/remi/php72/php-fpm.d/www.conf
sed -i "/^pm.max_spare_servers/c\pm.max_spare_servers = 1450"  /etc/opt/remi/php72/php-fpm.d/www.conf
sed -i "/^pm.min_spare_servers/c\pm.min_spare_servers = 400"  /etc/opt/remi/php72/php-fpm.d/www.conf
sed -i "/^pm.start_servers/c\pm.start_servers = 500"  /etc/opt/remi/php72/php-fpm.d/www.conf


sed -i "/^pm.max_children/c\pm.max_children = 1500"  /etc/opt/remi/php73/php-fpm.d/www.conf
sed -i "/^pm.max_spare_servers/c\pm.max_spare_servers = 1450"  /etc/opt/remi/php73/php-fpm.d/www.conf
sed -i "/^pm.min_spare_servers/c\pm.min_spare_servers = 400"  /etc/opt/remi/php73/php-fpm.d/www.conf
sed -i "/^pm.start_servers/c\pm.start_servers = 500"  /etc/opt/remi/php73/php-fpm.d/www.conf

sed -i "/^pm.max_children/c\pm.max_children = 1500"  /etc/opt/remi/php74/php-fpm.d/www.conf
sed -i "/^pm.max_spare_servers/c\pm.max_spare_servers = 1450"  /etc/opt/remi/php74/php-fpm.d/www.conf
sed -i "/^pm.min_spare_servers/c\pm.min_spare_servers = 400"  /etc/opt/remi/php74/php-fpm.d/www.conf
sed -i "/^pm.start_servers/c\pm.start_servers = 500"  /etc/opt/remi/php74/php-fpm.d/www.conf

view ram usage

 sar -r ALL

sar -n DEV 1
sar -n TCP,ETCP 1

vmstat 3

cpu info
lshw -short -class cpu

sed -i '3 a text/css                                         less ;'  /etc/nginx/mime.types

service nginx restart

sudo groupadd davaringinxapache
sudo usermod -a -G davaringinxapache nginx
sudo usermod -a -G davaringinxapache apache
sudo usermod -a -G davaringinxapache root
sudo usermod -a -G davaringinxapache promtail
sudo chgrp -R davaringinxapache /var/log/nginx
sudo chmod -R 770 /var/log/nginx
sed -i '1 a  su root davaringinxapache' /etc/logrotate.d/nginx
systemctl restart php70-php-fpm

for test sh /etc/cron.daily/logrotate

tcpdump -i any -nnvvS -s 65535 -w smpp.cap

systemctl list-units | grep php
sudo systemctl list-unit-files | grep -E 'php[^fpm]*fpm'

check hard mount
blkid
lvs -a --units m
lvdisplay

One method of preventing metadata exhaustion is to enable ThinPool automatic
extension. Edit /etc/lvm/lvm.conf and set:

thin_pool_autoextend_threshold = 80
thin_pool_autoextend_percent = 10

dns porblem

tail -f /var/log/messages | grep named

for winstp sudo

sudo su -c /usr/libexec/openssh/sftp-server

view old process

 ps -elf | sort -r -k12 | head -n 10

This command shows how much processes each user is currently using:

ps h -Led -o user | sort | uniq -c | sort -n

sudo sed -i "/GSSAPIAuthentication/c\GSSAPIAuthentication no" /etc/ssh/sshd_config
sudo sed -i "/#UseDNS/c\UseDNS no" /etc/ssh/sshd_config
service sshd restart

add date

date -s "70 seconds"

service --status-all

systemctl restart php7.4-fpm

show hard partition type
lsblk

php74 -r 'if (php_sapi_name() === "cli") { $open_basedir = ini_get("open_basedir"); echo "The open_basedir setting is: $open_basedir\n"; }'

 php74 -r "date_default_timezone_set('Asia/Tehran'); echo date('Y-m-d H:i:s') . PHP_EOL;"

SCRIPT_NAME=/status70 SCRIPT_FILENAME=/status70 REQUEST_METHOD=GET cgi-fcgi -bind -connect localhost:9070

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -n50 | awk '{if ($1 > 50) print $2}'

sudo date -s "+5 minutes"

kill -9 $(pgrep -f candoo)

journalctl -u crond --follow

/root/.ssh/authorized_keys