下载源代码

现在都不用svn了，学学git吧

git clone git://source.ffmpeg.org/ffmpeg.git

configure

在执行./configure的时候，可能会提示没有安装yasm，那么执行”yum install -y yasm“即可。

yum install -y yasm
./configure

make

执行make，就是编译整个ffmpeg项目了，会生成一些二进制文件，例如：ffplay、ffserver、ffmpeg、ffprobe!

makeinstall

执行make install时候，会把编译生成的.a归档复制到/usr/local/lib下!

webkitgtk+的编译要用到4.8+的GCC 人家ubuntu都有编译好的gcc。。。可怜我centos只能编译源代码了。。。

废话不说，速度干活

下载

先下载需要的GCC源码，http://gcc.gnu.org/

以gcc-4.8.3为例 先解压文件

cd ~
mkdir src
cd src
wget http://自己写吧
tar xf gcc-4.8.3.tar.gz

到这一步停下，还有软件包没有下载安装，难点重点就在这儿了，这三个软件包的安装顺序不能乱，而且安装后一个软件之前必须指定前面安装的路径，很麻烦！

下载源代码可以执行gcc-4.8.3/contrib下的download_prerequisites脚本，即可自动下载，到时候也好一起编译

阅读剩余部分

下载安装包：http://webkitgtk.org/ 使用下面命令压缩包

tar xvJf

安装依赖库：

apt-get install autoconf automake autotools-dev bison flex gperf glib-networking gtk-doc-tools libenchant-dev libgail-dev libgeoclue-dev libglib2.0-dev libgstreamer-plugins-base0.10-dev libgtk2.0-dev  libicu-dev libjpeg62-dev libpango1.0-dev libpng12-dev libsoup2.4-dev libsqlite3-dev libtool libxslt1-dev libxt-dev

试试Configure一下

./configure

可能还不够，提示找不到 libwebp，找一下吧：

apt-cache search  libwebp
libwebp-dev - Lossy compression of digital photographic images.
libwebp5 - Lossy compression of digital photographic images.
libwebpdemux1 - Lossy compression of digital photographic images.
libwebpmux1 - Lossy compression of digital photographic images.
python-webm - Python interface to the Google WebM video/image codec.

安装第一个即可

apt-get install libwebp-dev

找不到GStreamer

WebKit r169462，地址： http://nightly.webkit.org/ 下载到~/src下 然后解压

tar jxvf WebKit-r169462.tar.bz2

安装依赖包

./Tools/gtk/install-dependencies

GStreamer

apt-get install gstreamer0.10-*
apt-get install libgstreamer*

开始编译

如果提示没有编译工具就用这个安装，一次到位！

apt-get install build-essential

测试系统 ubuntu12.04

基本流程吧啊，以后可能会更新，以6.5为例：

下载安装必要文件，比如虚拟机virtualbox,vm等，还有镜像i386或者x86_64的，按需下载吧

设置虚拟机，开始安装，推荐使用全英文安装，速度和稳定性会好一点

完毕后网卡不会自动启动，需要手动开启

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:0C:29:64:A5:E3
TYPE=Ethernet
UUID=ff171f7b-3bc5-465d-a5ba-287e200f6da6
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp

然后

/etc/init.d/network start

现在看看ifconfig里有没有IP信息

有了IP就能上网了，下面就是各种yum了，有兴趣的TX可以执行一下这个优化脚本

逛淘宝店的时候看到的，记一下

内存有SD DDR和DDR2 DDR3之分，4种内存不能混用，拍前请确定自己的机器是用的什么内存，如果不能确定，可以用CPU-Z或者EVEREST这个软件检测一下！

打开软件后看”SPD”选项的”最大带宽”一栏!

SD类型

PC-100是 SD 100
PC-133是 SD 133

DDR1类型

PC-2100是DDR-266内存!
PC-2700是DDR-333内存!
PC-3200是DDR-400内存!

DDR2类型

PC2-3200是DDR2-400内存!不要和DDR1的弄混了！
PC2-4200(有时可能是PC2-4300)是DDR2-533内存!
PC2-5300是DDR2-667内存！
PC2-6400是DDR2-800内存！

DDR3类型

PC3-8500是DDR3-1066内存！
PC3-10600是DDR3-1333内存！

以下是3代游戏版本和高频率：

PC3-12800是DDR3-1600内存！
PC3-15000是DDR3-1866内存！
PC3-16000是DDR3-2000内存！

如果不会查看请直接百度搜索CPU-Z下载，下载1.49版本以上的，解压缩运行CPU-Z，查看SPD项即可知道自己内存的信息，然后根据自己所需要的购买！

经常网络被攻击，最有效的方式就是在linux操作系统上直接限制ip访问，主要有两种方式设置

1.使用hosts.allow和hosts.deny来设置ip白名单和黑名单，/etc/目录下

优先级为先检查hosts.deny，再检查hosts.allow， 
后者设定可越过前者限制， 
例如： 
a.限制所有的ssh， 
除非从218.64.87.0 - 127上来。 
hosts.deny: 
in.sshd:ALL 
hosts.allow: 
in.sshd:218.64.87.0/255.255.255.128
 
b.封掉218.64.87.0 - 127的telnet 
hosts.deny 
in.sshd:218.64.87.0/255.255.255.128
 
c.限制所有人的TCP连接，除非从218.64.87.0 - 127访问 
hosts.deny 
ALL:ALL 
hosts.allow 
ALL:218.64.87.0/255.255.255.128
 
d.限制218.64.87.0 - 127对所有服务的访问 
hosts.deny 
ALL:218.64.87.0/255.255.255.128
 
其中冒号前面是TCP daemon的服务进程名称，通常系统 
进程在/etc/inetd.conf中指定，比如in.ftpd，in.telnetd，in.sshd 
 
其中IP地址范围的写法有若干中，主要的三种是： 
    1.网络地址--子网掩码方式： 
        218.64.87.0/255.255.255.0
    2.网络地址方式（我自己这样叫，呵呵） 
        218.64.（即以218.64打头的IP地址） 
    3.缩略子网掩码方式，既数一数二进制子网掩码前面有多少个“1”比如： 
        218.64.87.0/255.255.255.0 -- 218.64.87.0/24
 
设置好后，要重新启动
# /etc/rc.d/init.d/xinetd restart
# /etc/rc.d/init.d/network restart

2.使用iptables命令

单个IP的命令是
iptables -I INPUT -s 80.241.219.171 -j DROP
 
封IP段的命令是
iptables -I INPUT -s 96.47.225.0/16 -j DROP
iptables -I INPUT -s 96.47.225.0/16 -j DROP
iptables -I INPUT -s 96.47.225.0/16 -j DROP
 
封整个段的命令是
iptables -I INPUT -s 96.47.225.0/8 -j DROP
 
封几个段的命令是
iptables -I INPUT -s 96.47.225.0/24 -j DROP
iptables -I INPUT -s 96.47.225.0/24 -j DROP
 
服务器启动自运行
有三个方法：
1、把它加到/etc/rc.local中
2、vi /etc/sysconfig/iptables可以把你当前的iptables规则放到/etc/sysconfig/iptables中，系统启动iptables时自动执行。
3、service iptables save 也可以把你当前的iptables规则放/etc/sysconfig/iptables中，系统启动iptables时自动执行。
后两种更好此，一般iptables服务会在network服务之前启来，更安全
 
解封：
iptables -L INPUT
iptables -L --line-numbers 然后iptables -D INPUT 序号
 
iptables 限制ip访问
通过iptables限制9889端口的访问（只允许192.168.1.101、192.168.1.102、192.168.1.103）,其他ip都禁止访问
iptables -I INPUT -p tcp --dport 9889 -j DROP
iptables -I INPUT -s 192.168.1.101 -p tcp --dport 9889 -j ACCEPT
iptables -I INPUT -s 192.168.1.102 -p tcp --dport 9889 -j ACCEPT
iptables -I INPUT -s 192.168.1.103 -p tcp --dport 9889 -j ACCEPT

转自：http://www.javaarch.net/jiagoushi/1004.htm

新装的机子执行一下，请酌情使用，出问题后果自负。

优化设置

This script is only for 64bit Operating System ! 64位系统专用，老高有修改

#!/bin/bash
#author suzezhi
#this script is only for CentOS 6
#check the OS

platform=`uname -i`
if [ $platform != "x86_64" ];then
echo "this script is only for 64bit Operating System !"
exit 1
fi
echo "the platform is ok"
version=`lsb_release -r |awk '{print substr($2,1,1)}'`
if [ $version != 6 ];then
echo "this script is only for CentOS 6 !"
exit 1
fi
cat << EOF
+---------------------------------------+
|   your system is CentOS 6 x86_64      |
|      start optimizing.......          |
+---------------------------------------
EOF

#make the 163.com as the default yum repo

#rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
#rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

yum install iotop lsof wget ntpdate crontabs -y

#mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
#wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo

#add the third-party repo
#add the epel
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

#add the rpmforge
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag

rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

#update the system and set the ntp
yum clean all
yum -y update glibc\*
yum -y update yum\* rpm\* python\*
yum -y update
yum -y install ntp
echo "* 4 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1" >> /var/spool/cron/root
service crond restart

#set the file limit
echo "ulimit -SHn 102400" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*           soft   nofile       65535
*           hard   nofile       65535
EOF

#set the control-alt-delete to guard against the miSUSE
sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf

#disable selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

#set ssh
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
service sshd restart

#tune kernel parametres
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
EOF
/sbin/sysctl -p

#define the backspace button can erase the last character typed
#echo 'stty erase ^H' >> /etc/profile
#echo "syntax on" >> /root/.vimrc

#stop some crontab
mkdir /etc/cron.daily.bak
mv /etc/cron.daily/makewhatis.cron /etc/cron.daily.bak
mv /etc/cron.daily/mlocate.cron /etc/cron.daily.bak
chkconfig bluetooth off
chkconfig cups off
chkconfig ip6tables off
chkconfig iptables off
chkconfig fcoe off
chkconfig iscsi off
chkconfig iscsid off
chkconfig lldpad off
chkconfig nfslock off
chkconfig nfs off
chkconfig rpcbind off
chkconfig rpcgssd off
chkconfig rpcidmapd off
#disable the ipv6
cat > /etc/modprobe.d/ipv6.conf << EOFI
alias net-pf-10 off
options ipv6 disable=1
EOFI
echo "NETWORKING_IPV6=off" >> /etc/sysconfig/network
cat << EOF
+-------------------------------------------------+
|               optimizer is done                 |
|   it's recommond to restart this server !       |
+-------------------------------------------------+
EOF

cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

对脚本的内容做一下说明：

1. 先对系统进行判断，如果是Cent OS 64位，就继续运行。
2. 先将系统的安装源设置为网易的（网易的安装源算是国内比较稳定的）
3. 安装epel的源和rpmforge的源，利用第三方的源来让yum安装起来更方便
4. 更新软件
5. 设置为每天凌晨四点进行时间同步（跟国家授时中心的服务器进行时间同步）
6. 将系统同时打开的文件个数增大
7. 将ctrl alt delete键进行屏蔽，防止误操作的时候服务器重启
8. 关闭selinux
9. 禁用GSSAPI来认证，也禁用DNS反向解析，加快SSH登陆速度
10. 优化一些内核参数
11. 调整删除字符的按键为backspace（某些系统默认是delete）
12. 打开vim的语法高亮
13. 取消生成whatis数据库和locate数据库
14. 关闭没用的服务
15. 关闭IPv6

安全设置

#!/bin/bash

echo "#####################################"
echo "#####Centos Sytem Security Shell#####"
echo "#####################################"

time=`date  "+%Y-%m-%d"`

#1#######Lock Useless Users#########
for i in adm lp sync shutdown halt news uucp operator games gopher ftp
do
usermod -L $i
done

#2######Close Useless Services########
for i in nfs postfix ypbind portmap smb netfs lpd snmpd named squid xinetd apmd autofs cups isdn nfslock pcmcia sendmail xinetd
do
chkconfig --level 2345 $i off
done

#3#####Directory And File Limit#######
chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow
# chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow

chmod -R 700 /etc/rc.d/init.d/*
chmod 644 /var/log/wtmp /var/run/utmp

#4#####Clean System Banner###########
cp /etc/issue /etc/issue.$time
cp /etc/issue.net /etc/issue.net.$time
echo "" > /etc/issue
echo "" > /etc/issue.net

#5####Alter login.defs###############
cp /etc/login.defs /etc/login.defs.$time
egrep -v "^#|^$" /etc/login.defs|grep PASS_MIN_LEN
if [ $? = 0 ] ;then
egrep -v "^#|^$" /etc/login.defs|awk '/PASS_MIN_LEN/{print "PASS_MIN_LEN 12";next};{print}' >/etc/login.defs.tmp
mv -f /etc/login.defs.tmp /etc/login.defs
else
echo "PASS_MIN_LEN 12" >>/etc/login.defs
fi
egrep -v "^#|^$" /etc/login.defs|grep PASS_MAX_DAYS
if [ $? = 0 ] ;then
egrep -v "^#|^$" /etc/login.defs|awk '/PASS_MAX_DAYS/{print "PASS_MAX_DAYS 90";next};{print}' >/etc/login.defs.tmp
mv -f /etc/login.defs.tmp /etc/login.defs
else
echo "PASS_MAX_DAYS 90" >>/etc/login.defs
fi

#6####Alter profile###############
cp /etc/profile /etc/profile.$time
egrep -v "^#|^$" /etc/profile|grep TMOUT
if [ $? = 0 ] ;then
egrep -v "^#|^$" /etc/profile|awk '/TMOUT/{print "TMOUT=300;export TMOUT";next};{print}' >/etc/profile.tmp
mv -f /etc/profile.tmp /etc/profile
else
echo "TMOUT=300;export TMOUT" >>/etc/profile
fi

#7####Alter inittab###############
cp /etc/inittab /etc/inittab.bak$time
egrep -v "^#|^$" /etc/inittab|grep ca::ctrlaltdel
if [ $? = 0 ] ;then
egrep -v "^#|^$" /etc/inittab|awk '/^ca::ctrlaltdel/ {sub($1,"#"$1,$0);next};{print}' >/etc/inittab.tmp
mv -f /etc/inittab.tmp /etc/inittab
else
echo -e "#ca::ctrlaltdel:/sbin/shutdown\t-t3\t-r\tnow" >>/etc/inittab
fi

#8####Alter syslog###############
cp /etc/syslog.conf /etc/syslog.conf.$time
egrep -v "^#|^$" /etc/syslog.conf|egrep "\*\.err"
if [ $? != 0 ] ;then
echo "*.err        /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "\*\.info"
if [ $? != 0 ] ;then
echo "*.info        /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "\*\.emerg"
if [ $? != 0 ] ;then
echo "*.emerg        /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "local7\.\*"
if [ $? != 0 ] ;then
echo "local7.*        /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "kern\.debug"
if [ $? != 0 ] ;then
echo "kern.debug       /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "kern\.warning"
if [ $? != 0 ] ;then
echo "kern.warning       /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "authpriv\.none"
if [ $? != 0 ] ;then
echo "authpriv.none       /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "mail\.none"
if [ $? != 0 ] ;then
echo "mail.none       /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "daemon\.notice"
if [ $? != 0 ] ;then
echo "daemon.notice        /var/adm/messages" >>/etc/syslog.conf
fi
egrep -v "^#|^$" /etc/syslog.conf|egrep "cron\.\*"
if [ $? != 0 ] ;then
echo "cron.*      /var/log/cron" >>/etc/syslog.conf
fi
/etc/rc.d/init.d/syslog restart

#9####Alter host.conf###############
cp /etc/host.conf /etc/host.conf.$time
echo -e "order\tbind,hosts\nmulti\ton\nnospoof\ton" >/etc/host.conf

#10####Alter limits.conf###############
cp /etc/security/limits.conf /etc/security/limits.conf.$time
egrep -v "^#|^$" /etc/security/limits.conf|egrep "\*[[:space:]]soft[[:space:]]core[[:space:]]0"
if [ $? != 0 ] ;then
echo -e "*\tsoft\tcore\t0" >> /etc/security/limits.conf
fi
egrep -v "^#|^$" /etc/security/limits.conf|egrep "\*[[:space:]]hard[[:space:]]core[[:space:]]0"
if [ $? != 0 ] ;then
echo -e "*\thard\tcore\t0" >> /etc/security/limits.conf
fi
egrep -v "^#|^$" /etc/security/limits.conf|egrep "\*[[:space:]]hard[[:space:]]rss[[:space:]]5000"
if [ $? != 0 ] ;then
echo -e "*\thard\trss\t5000" >> /etc/security/limits.conf
fi
egrep -v "^#|^$" /etc/security/limits.conf|egrep "\*[[:space:]]hard[[:space:]]nproc[[:space:]]20"
if [ $? != 0 ] ;then
echo -e "*\thard\tnproc\t20" >> /etc/security/limits.conf
fi

#11####Alter pam_login###############
cp /etc/pam.d/login /etc/pam.d/login.$time
egrep -v "^#|^$" /etc/pam.d/login|egrep "^session[[:space:]]required[[:space:]]/lib/security/pam_limits.so"
if [ $? != 0 ] ;then
echo -e "session\trequired\t/lib/security/pam_limits.so" >> /etc/pam.d/login
fi

#12####Alter sshd_config###############
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$time
egrep -v "^#|^$" /etc/ssh/sshd_config|egrep "^Protocol[[:space:]]2"
if [ $? != 0 ] ;then
echo -e "Protocol 2" >>/etc/ssh/sshd_config
fi

#13####Alter sysctl.conf###############
cp /etc/sysctl.conf /etc/sysctl.conf.$time
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.tcp_max_syn_backlog"
if [ $? != 0 ] ;then
echo "net.ipv4.tcp_max_syn_backlog=4096" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf_all.rp_filter"
if [ $? != 0 ] ;then
echo "net.ipv4.conf_all.rp_filter=1" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.tcp_syncookies"
if [ $? != 0 ] ;then
echo "net.ipv4.tcp_syncookies=1" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf\.all\.send_redirects"
if [ $? != 0 ] ;then
echo "net.ipv4.conf.all.send_redirects=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf\.all\.accept_redirects"
if [ $? != 0 ] ;then
echo "net.ipv4.conf.all.accept_redirects=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.ip_forward"
if [ $? != 0 ] ;then
echo "net.ipv4.ip_forward=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf\.all\.accept_source_route"
if [ $? != 0 ] ;then
echo "net.ipv4.conf.all.accept_source_route=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf\.default\.accept_redirects"
if [ $? != 0 ] ;then
echo "net.ipv4.conf.default.accept_redirects=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.conf\.default\.send_redirects"
if [ $? != 0 ] ;then
echo "net.ipv4.conf.default.send_redirects=0" >>/etc/sysctl.conf
fi
egrep -v "^#|^$" /etc/sysctl.conf|egrep "net\.ipv4\.icmp_echo_ignore_broadcasts"
if [ $? != 0 ] ;then
echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >>/etc/sysctl.conf
fi
sysctl -p /etc/sysctl.conf
chown root:root /etc/sysctl.conf
chmod 600 /etc/sysctl.conf

脚本转自：

http://www.linuxde.net/2011/12/5756.html http://www.linuxpad.cn/linux/centos-sytem-security-shell.html