Fli
11-14-2014, 03:32 PM
This page shows script to setup OpenVZ + HyperVM beta server on CentOS 6.x
(last update: Autumn 2019)
HyperVM BETA version for CentOS 6.x
clear
echo "READ CAREFULLY WHAT THIS SCRIPT DO WITHOUT ASKING! (THIS SCRIPT CAN REBOOT, SO IT MAY INTERUPT ANY PROCESS THAT IS RUNNING (example vzmigrate, rsync transfer..)!!)
EXPECTED RUNTIME: 15 MINUTES
This script is made for CentOS 6.x 64bit. Looking for centos version:"
cat /etc/red*
uname -a
echo "This script show this server details, disable selinux, download and install hypervm BETA + openvz/xen or nothing virtualization (will ask), update system (yum update -y), install sendmail and reboot server. Any key to continue..."
read readme
echo "
Check speed of the server hdd and internet + show server details? y = yes, other key no"
read servdetails
if [ "$servdetails" == "y" ];then
# show server details
yum -y -q install wget smartmontools gcc-c++;clear;hostname;cat /etc/red*;uname -a;sleep 4;ping google.com -c 3;sleep 2;cat /etc/resolv.conf;sleep 2;w;tail -n25 /proc/cpui*;sleep 7;df -h;cat /proc/mdstat;sleep 8;free -m;sleep 5;smartctl -H /dev/sda;sleep 6;smartctl -a /dev/sda;
# checking server HDD & network speed
start=$(date +%s);wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/ioping/ioping-0.8.tar.gz -O - | tar xz;cd ioping-0.8;make;make install;cd ..;rm -rf ioping-0.8;echo "";echo "";echo "---------------- TESTS BELOW ----------------";echo "==== Disk sequential Writing speed: ====";dd if=/dev/zero of=speedtest bs=64k count=3200 conv=fdatasync;echo "==== Disk sequential Reading speed ====";dd if=/dev/zero of=/var/log/wtmp bs=64k count=3200 oflag=direct;echo "==== Measure disk seek rate (iops, avg): ====";ioping -R /dev/sda;echo "";echo "CPU name: $( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo )";echo "CPU frequency: $( awk -F: ' /cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo )Mhz x $( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) cores";echo "Total RAM: $( free -m | awk 'NR==2 {print $2}' )";echo "Total SWAP: $( free -m | awk 'NR==4 {print $2}' )";echo "Testing download speed... (320Mb)";ovhfr=$( wget -O /dev/nullhttp://proof.ovh.net/files/100Mio.dat 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from OVH France (100Mb): $ovhfr ";leasewebnl=$( wget -O /dev/null http://mirror.nl.leaseweb.net/speedtest/100mb.bin 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from LeaseWeb Netherlands (100Mb): $leasewebnl ";cachefly=$( wget -O /dev/null http://cachefly.cachefly.net/100mb.test 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from CacheFly USA (100Mb): $cachefly ";cachefly2=$( wget -O /dev/null http://cachefly.cachefly.net/10mb.test2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from CacheFly USA (10Mb): $cachefly2 ";googlecode=$( wget -O /dev/null https://androidnetworktester.googlecode.com/files/10mb.txt 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from GoogleCode.com USA (10Mb): $googlecode ";rm -rf speedtest;echo "Total testing runtime: $(($(date +%s)-start)) seconds";
fi
echo "
Change SSH port to nonstandard one? if yes, type new ssh port number", ELSE hit Enter
read sshport
if [ "$sshport" != "" ];then
echo "before change: head -n 20 /etc/ssh/sshd_config | grep Port"
head -n 20 /etc/ssh/sshd_config | grep Port
sed -ie 's/#Port.*[0-9]$/Port '$sshport'/gI' /etc/ssh/sshd_config
/usr/sbin/sshd -t
echo "Change done, result: head -n 20 /etc/ssh/sshd_config | grep Port"
head -n 20 /etc/ssh/sshd_config | grep Port
echo "Should be like: Port XY , not #Port XY . If wrong, needs to manually edit /etc/ssh/sshd_config . Hit enter to continue"
fi
echo "
Install EPEL & SolusVM repo and vzdump wget man screen htop iftop mtr mutt nload nmon dstat iotop bind-utils(dig,nslookup,host..) htop openssh-clients vnstat vmstat? y=yes or other key to skip"
read repospackages
echo "
Change system time to UTC & setup auto sync time with NTP? y=yes or other key to skip"
read timechange
if [ "$timechange" == "y" ];then
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
yum install ntp -y;chkconfig ntpd on;ntpdate pool.ntp.org;/etc/init.d/ntpd start
fi
if [ "$repospackages" == "y" ];then
cat <<EOM >/etc/yum.repos.d/solusvm.repo
[soluslabs]
name=Soluslab Repo
#baseurl=http://repo.soluslabs.com/centos/$releasever/os/$basearch
mirrorlist=http://repo.soluslabs.com/centos/mirrors-soluslabs
gpgcheck=0
enabled=1
EOM
cat <<EOM >/etc/yum.repos.d/epel-bootstrap.repo
[epel]
name=Bootstrap EPEL
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-\$releasever&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOM
yum --enablerepo=epel -y install epel-release
rm -f /etc/yum.repos.d/epel-bootstrap.repo
yum install wget man screen sendmail* sysstat vzdump iftop mtr mutt nload nmon dstat iotop bind-utils htop openssh-clients vnstat vmstat -y
fi
setenforce 0
find /etc/sysconfig -name 'selinux' -print0 | xargs -0 sed -i 's|SELINUX\=enforcing|SELINUX\=disabled|g'
cat /etc/sysconfig/selinux | grep SELINUX=
echo "SELINUX=disabled <-- it must be disabled, if it is disabled, please hit enter or else Ctrl+C"
read dffdgdfgfd
echo "75.98.169.138 download.lxcenter.org" >> /etc/hosts
wget https://raw.githubusercontent.com/slrslr/hypervm/674534084c6fced3529c170030560791e5897a04/deploy-dev.sh --no-check-certificate
sh deploy-dev.sh dev
echo "
If all succeeded, we do commands:
cd /usr/local/lxlabs/hypervm-install/hypervm-linux/
sh ./hypervm-install-master.sh --virtualization-type=youwillbeabletoselect
Continue? (hit any key)"
read osososo
echo "Select your virtualization type below and hit enter:
NONE - you already installed some virtualization
openvz - you want to install openvz
xen - you want to install xen"
read whichvirt
cd /usr/local/lxlabs/hypervm-install/hypervm-linux/
sh ./hypervm-install-master.sh --virtualization-type=$whichvirt
rm -rf ./hypervm-install-master.sh
rm -rf program-*
yum -y -q install vzdump ploop
echo "Changing default storage layout from ploop to simfs in /etc/vz/vz.conf" && sed -i "s|VE_LAYOUT=ploop|VE_LAYOUT=simfs|g" /etc/vz/vz.conf
# some fix, badly merged variables:
sed -i "s|NEIGHBOUR_DEVS=allSKIP_SYSCTL_SETUP=yes|NEIGHBOU R_DEVS=all\\nSKIP_SYSCTL_SETUP=yes|g" /etc/vz/vz.conf
echo "So is HyperVM successfully installed? hit any key to continue or Ctrl+c to stop script"
read hypervmokk
echo "Cat /etc/grub.conf"
cat /etc/grub.conf
echo ""
echo "Cat /boot/grub/grub.conf"
cat /boot/grub/grub.conf
echo "
The grub file contents above should contain around 3 boot options. You need to select openvz as default boot option, meaning if openvz boot entry is at second position, you need to set default=1, if openvz is on first position, then default=0 . If default= value is set correctly in above files, you cont need to change anything. Else you manually edit above mentioned files."
echo "
Now hit enter to update system (yum update), so hypervm sendmail works, it downloads around 70MB of data and can take time. Cancel now or hit enter to continue. The server will be rebooted after update end!!!!! (so ensure above mentioned grub data are correct so system boot into openvz kernel). By restart HyperVM and Virtualization installation should be complete and ready to import VMs. After reboot, try to:
yum install rkhunter lynis
login hypervm and make sure that in Services section the iptables service has both green icons
By hitting any key, following command be executed:
yum update -y;yum install sendmail* -y;chkconfig sendmail on;chkconfig ssh on;service sendmail restart;reboot"
yum update -y;yum install sendmail* -y;chkconfig sendmail on;chkconfig ssh on;service sendmail restart;reboot
OpenVZ failed to install? Try other ways to install OpenVZ:
Virtualizor: https://internetlifeforum.com/virtualisation/8351-virtualizor-kvm-openvz-installation-tutorial-centos-6-9-64bit/
Proxmox: https://internetlifeforum.com/virtualisation/8529-migrate-openvz-6-vpss-into-lxc-proxmox-server/
What next? (for both HyperVM versions)
The steps that are not covered in above scripts:
- Move /vz folder to the partition with enough disk space (http://internetlifeforum.com/virtualisation/250-how-free-up-vz-space-if-its-full-how-move/)
- Schedule regular automatic backups of HyperVM mysql database (http://internetlifeforum.com/virtualisation/1150-how-backup-restore-hypervm-settings-config-database/)
- enable iptables modules for VPSs (modprobe modulename) (http://internetlifeforum.com/security-protection/1711-csftest-pl-failed-%5Bfatal-error-iptables-unknown-error-required-csf-funct/)
- check OpenVZ script to periodically check & suspend/restart overloaded VMs (VPSs) (http://internetlifeforum.com/virtualisation/2313-openvz-script-periodically-check-suspend-restart-overloaded-vms-vpss/)
- Setup automatic regular backup of all OpenVZ VMs (http://internetlifeforum.com/virtualisation/716-how-backup-restore-all-hypervm-openvz-vms-virtual-machines-vpss/) and then setup offserver backup (example to some cheap Kimsufi server) and prepare tutorial on how to quickly restore backup if primary server is not accessible or suspended
- check that in /etc/vz/conf/ are files like "ve-vswap-256m.conf-sample" which contains all needed VPS parameters. My example file is:
# RAM
PHYSPAGES="0:256M"
# Swap
SWAPPAGES="0:512M"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="2G:2.2G"
DISKINODES="131072:144179"
QUOTATIME="0"
# CPU fair scheduler parameter
CPUUNITS="1000"
NETFILTER="full"
# i added these manually
DEVNODES="net/tun:rw"
DEVICES=""
CAPABILITY="NET_ADMIN:on"
# IOLIMIT 5MB rw per second
IOLIMIT="5242880"
IOPSLIMIT="30"
When PHYSPAGES used like in above example (0:something) and PRIVVMPAGES not used (or set to unlimited?) - openvz should enable vSWAP which seems to behave significantly better to me.
- Install defending tools 1) DDoS deflate (http://internetlifeforum.com/security-protection/1132-how-manage-ddos-deflate-deny-ddos-attack/#post1675), 2) Fail2Ban (http://internetlifeforum.com/security-protection/1136-installing-fail2ban-linux-prevent-various-bad-bots-attacks-bruteforce/), 3) NodeWatch (http://internetlifeforum.com/virtualisation/2442-nodewatch-installation/)
- Install intrusion prevention and detection tools (https://internetlifeforum.com/security-protection/3173-lynis-rkhunter-chkrootkit-maldet-aide-how-audit-linux-install-sw/) (rkhunter,lynis,aide,maldet)
(last update: Autumn 2019)
HyperVM BETA version for CentOS 6.x
clear
echo "READ CAREFULLY WHAT THIS SCRIPT DO WITHOUT ASKING! (THIS SCRIPT CAN REBOOT, SO IT MAY INTERUPT ANY PROCESS THAT IS RUNNING (example vzmigrate, rsync transfer..)!!)
EXPECTED RUNTIME: 15 MINUTES
This script is made for CentOS 6.x 64bit. Looking for centos version:"
cat /etc/red*
uname -a
echo "This script show this server details, disable selinux, download and install hypervm BETA + openvz/xen or nothing virtualization (will ask), update system (yum update -y), install sendmail and reboot server. Any key to continue..."
read readme
echo "
Check speed of the server hdd and internet + show server details? y = yes, other key no"
read servdetails
if [ "$servdetails" == "y" ];then
# show server details
yum -y -q install wget smartmontools gcc-c++;clear;hostname;cat /etc/red*;uname -a;sleep 4;ping google.com -c 3;sleep 2;cat /etc/resolv.conf;sleep 2;w;tail -n25 /proc/cpui*;sleep 7;df -h;cat /proc/mdstat;sleep 8;free -m;sleep 5;smartctl -H /dev/sda;sleep 6;smartctl -a /dev/sda;
# checking server HDD & network speed
start=$(date +%s);wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/ioping/ioping-0.8.tar.gz -O - | tar xz;cd ioping-0.8;make;make install;cd ..;rm -rf ioping-0.8;echo "";echo "";echo "---------------- TESTS BELOW ----------------";echo "==== Disk sequential Writing speed: ====";dd if=/dev/zero of=speedtest bs=64k count=3200 conv=fdatasync;echo "==== Disk sequential Reading speed ====";dd if=/dev/zero of=/var/log/wtmp bs=64k count=3200 oflag=direct;echo "==== Measure disk seek rate (iops, avg): ====";ioping -R /dev/sda;echo "";echo "CPU name: $( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo )";echo "CPU frequency: $( awk -F: ' /cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo )Mhz x $( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo ) cores";echo "Total RAM: $( free -m | awk 'NR==2 {print $2}' )";echo "Total SWAP: $( free -m | awk 'NR==4 {print $2}' )";echo "Testing download speed... (320Mb)";ovhfr=$( wget -O /dev/nullhttp://proof.ovh.net/files/100Mio.dat 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from OVH France (100Mb): $ovhfr ";leasewebnl=$( wget -O /dev/null http://mirror.nl.leaseweb.net/speedtest/100mb.bin 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from LeaseWeb Netherlands (100Mb): $leasewebnl ";cachefly=$( wget -O /dev/null http://cachefly.cachefly.net/100mb.test 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from CacheFly USA (100Mb): $cachefly ";cachefly2=$( wget -O /dev/null http://cachefly.cachefly.net/10mb.test2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from CacheFly USA (10Mb): $cachefly2 ";googlecode=$( wget -O /dev/null https://androidnetworktester.googlecode.com/files/10mb.txt 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' );echo "Download speed from GoogleCode.com USA (10Mb): $googlecode ";rm -rf speedtest;echo "Total testing runtime: $(($(date +%s)-start)) seconds";
fi
echo "
Change SSH port to nonstandard one? if yes, type new ssh port number", ELSE hit Enter
read sshport
if [ "$sshport" != "" ];then
echo "before change: head -n 20 /etc/ssh/sshd_config | grep Port"
head -n 20 /etc/ssh/sshd_config | grep Port
sed -ie 's/#Port.*[0-9]$/Port '$sshport'/gI' /etc/ssh/sshd_config
/usr/sbin/sshd -t
echo "Change done, result: head -n 20 /etc/ssh/sshd_config | grep Port"
head -n 20 /etc/ssh/sshd_config | grep Port
echo "Should be like: Port XY , not #Port XY . If wrong, needs to manually edit /etc/ssh/sshd_config . Hit enter to continue"
fi
echo "
Install EPEL & SolusVM repo and vzdump wget man screen htop iftop mtr mutt nload nmon dstat iotop bind-utils(dig,nslookup,host..) htop openssh-clients vnstat vmstat? y=yes or other key to skip"
read repospackages
echo "
Change system time to UTC & setup auto sync time with NTP? y=yes or other key to skip"
read timechange
if [ "$timechange" == "y" ];then
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
yum install ntp -y;chkconfig ntpd on;ntpdate pool.ntp.org;/etc/init.d/ntpd start
fi
if [ "$repospackages" == "y" ];then
cat <<EOM >/etc/yum.repos.d/solusvm.repo
[soluslabs]
name=Soluslab Repo
#baseurl=http://repo.soluslabs.com/centos/$releasever/os/$basearch
mirrorlist=http://repo.soluslabs.com/centos/mirrors-soluslabs
gpgcheck=0
enabled=1
EOM
cat <<EOM >/etc/yum.repos.d/epel-bootstrap.repo
[epel]
name=Bootstrap EPEL
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-\$releasever&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOM
yum --enablerepo=epel -y install epel-release
rm -f /etc/yum.repos.d/epel-bootstrap.repo
yum install wget man screen sendmail* sysstat vzdump iftop mtr mutt nload nmon dstat iotop bind-utils htop openssh-clients vnstat vmstat -y
fi
setenforce 0
find /etc/sysconfig -name 'selinux' -print0 | xargs -0 sed -i 's|SELINUX\=enforcing|SELINUX\=disabled|g'
cat /etc/sysconfig/selinux | grep SELINUX=
echo "SELINUX=disabled <-- it must be disabled, if it is disabled, please hit enter or else Ctrl+C"
read dffdgdfgfd
echo "75.98.169.138 download.lxcenter.org" >> /etc/hosts
wget https://raw.githubusercontent.com/slrslr/hypervm/674534084c6fced3529c170030560791e5897a04/deploy-dev.sh --no-check-certificate
sh deploy-dev.sh dev
echo "
If all succeeded, we do commands:
cd /usr/local/lxlabs/hypervm-install/hypervm-linux/
sh ./hypervm-install-master.sh --virtualization-type=youwillbeabletoselect
Continue? (hit any key)"
read osososo
echo "Select your virtualization type below and hit enter:
NONE - you already installed some virtualization
openvz - you want to install openvz
xen - you want to install xen"
read whichvirt
cd /usr/local/lxlabs/hypervm-install/hypervm-linux/
sh ./hypervm-install-master.sh --virtualization-type=$whichvirt
rm -rf ./hypervm-install-master.sh
rm -rf program-*
yum -y -q install vzdump ploop
echo "Changing default storage layout from ploop to simfs in /etc/vz/vz.conf" && sed -i "s|VE_LAYOUT=ploop|VE_LAYOUT=simfs|g" /etc/vz/vz.conf
# some fix, badly merged variables:
sed -i "s|NEIGHBOUR_DEVS=allSKIP_SYSCTL_SETUP=yes|NEIGHBOU R_DEVS=all\\nSKIP_SYSCTL_SETUP=yes|g" /etc/vz/vz.conf
echo "So is HyperVM successfully installed? hit any key to continue or Ctrl+c to stop script"
read hypervmokk
echo "Cat /etc/grub.conf"
cat /etc/grub.conf
echo ""
echo "Cat /boot/grub/grub.conf"
cat /boot/grub/grub.conf
echo "
The grub file contents above should contain around 3 boot options. You need to select openvz as default boot option, meaning if openvz boot entry is at second position, you need to set default=1, if openvz is on first position, then default=0 . If default= value is set correctly in above files, you cont need to change anything. Else you manually edit above mentioned files."
echo "
Now hit enter to update system (yum update), so hypervm sendmail works, it downloads around 70MB of data and can take time. Cancel now or hit enter to continue. The server will be rebooted after update end!!!!! (so ensure above mentioned grub data are correct so system boot into openvz kernel). By restart HyperVM and Virtualization installation should be complete and ready to import VMs. After reboot, try to:
yum install rkhunter lynis
login hypervm and make sure that in Services section the iptables service has both green icons
By hitting any key, following command be executed:
yum update -y;yum install sendmail* -y;chkconfig sendmail on;chkconfig ssh on;service sendmail restart;reboot"
yum update -y;yum install sendmail* -y;chkconfig sendmail on;chkconfig ssh on;service sendmail restart;reboot
OpenVZ failed to install? Try other ways to install OpenVZ:
Virtualizor: https://internetlifeforum.com/virtualisation/8351-virtualizor-kvm-openvz-installation-tutorial-centos-6-9-64bit/
Proxmox: https://internetlifeforum.com/virtualisation/8529-migrate-openvz-6-vpss-into-lxc-proxmox-server/
What next? (for both HyperVM versions)
The steps that are not covered in above scripts:
- Move /vz folder to the partition with enough disk space (http://internetlifeforum.com/virtualisation/250-how-free-up-vz-space-if-its-full-how-move/)
- Schedule regular automatic backups of HyperVM mysql database (http://internetlifeforum.com/virtualisation/1150-how-backup-restore-hypervm-settings-config-database/)
- enable iptables modules for VPSs (modprobe modulename) (http://internetlifeforum.com/security-protection/1711-csftest-pl-failed-%5Bfatal-error-iptables-unknown-error-required-csf-funct/)
- check OpenVZ script to periodically check & suspend/restart overloaded VMs (VPSs) (http://internetlifeforum.com/virtualisation/2313-openvz-script-periodically-check-suspend-restart-overloaded-vms-vpss/)
- Setup automatic regular backup of all OpenVZ VMs (http://internetlifeforum.com/virtualisation/716-how-backup-restore-all-hypervm-openvz-vms-virtual-machines-vpss/) and then setup offserver backup (example to some cheap Kimsufi server) and prepare tutorial on how to quickly restore backup if primary server is not accessible or suspended
- check that in /etc/vz/conf/ are files like "ve-vswap-256m.conf-sample" which contains all needed VPS parameters. My example file is:
# RAM
PHYSPAGES="0:256M"
# Swap
SWAPPAGES="0:512M"
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="2G:2.2G"
DISKINODES="131072:144179"
QUOTATIME="0"
# CPU fair scheduler parameter
CPUUNITS="1000"
NETFILTER="full"
# i added these manually
DEVNODES="net/tun:rw"
DEVICES=""
CAPABILITY="NET_ADMIN:on"
# IOLIMIT 5MB rw per second
IOLIMIT="5242880"
IOPSLIMIT="30"
When PHYSPAGES used like in above example (0:something) and PRIVVMPAGES not used (or set to unlimited?) - openvz should enable vSWAP which seems to behave significantly better to me.
- Install defending tools 1) DDoS deflate (http://internetlifeforum.com/security-protection/1132-how-manage-ddos-deflate-deny-ddos-attack/#post1675), 2) Fail2Ban (http://internetlifeforum.com/security-protection/1136-installing-fail2ban-linux-prevent-various-bad-bots-attacks-bruteforce/), 3) NodeWatch (http://internetlifeforum.com/virtualisation/2442-nodewatch-installation/)
- Install intrusion prevention and detection tools (https://internetlifeforum.com/security-protection/3173-lynis-rkhunter-chkrootkit-maldet-aide-how-audit-linux-install-sw/) (rkhunter,lynis,aide,maldet)