服务器

在Ubuntu 10.04 下安装Ispcp管理虚拟主机

一时大意,在服务器上装了ubuntu10.04,由于太新了,ispcp最新版本ispCP Omega 1.0.6 • 2010-08-04都不能直接安装,所以从svn check了最新的代码来安装

1. check ispCP

  njava@njava.com:~$svn checkout http://www.isp-control.net:800/ispcp_svn/trunk/

2. update相关组件,监测安装脚本, 在ubuntu 10.04下将识别出ubuntu-packages-lucid的脚本

 njava@njava.com:~$cd trunk
  njava@njava.com:~$aptitude update && aptitude safe-upgrade
  njava@njava.com:~$aptitude install $(cat ./docs/Ubuntu/ubuntu-packages-`lsb_release -cs`)

› Continue reading

Tags: ,

星期一, 16 8 月, 2010 服务器 没有评论

迅速修复nginx fcgi方式配置漏洞

2010年5月20日,80后爆nginx 0day漏洞,上传图片可入侵100万服务器。目前已经有好几个大型互联网公司被入侵了,公司类型包括电子商务、游戏、SNS等。

现在看来,这个漏洞不属于Nginx的漏洞. 是配置的问题, 现在到处都在说是Nginx的Bug,关闭fix_pathinfo(默认是开启的).就可以解决

临时修复方法如下,可3选其一。

1、设置php.ini的cgi.fix_pathinfo为0,重启php。最方便,但修改设置的影响需要自己评估。

2、给nginx的vhost配置添加如下内容,重启nginx。vhost较少的情况下也很方便。

if ( $fastcgi_script_name ~ \..*\/.*php ) {
return 403;
}

3、禁止上传目录解释PHP程序。不需要动webserver,如果vhost和服务器较多,短期内难度急剧上升;建议在vhost和服务器较少的情况下采用。

› Continue reading

Tags: ,

星期五, 21 5 月, 2010 服务器 没有评论

使用DDoS deflate防御DDos攻击

1 命令行判断连接服务器客户端IP的连接数

bear@njava:~$ netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

2 安装medialayer给我们带来的防止ddos攻击的免费软件DDoS deflate
地址 :http://deflate.medialayer.com/

DDoS deflate是一款免费的用来防御和减轻DDoS攻击的脚本。它通过netstat监测跟踪创建大量网络连接的IP地址,在检测到某个结点超过预设的限 制时,该程序会通过APF或IPTABLES禁止或阻挡这些IP.

Installation

bear@njava:~$wget http://www.inetbase.com/scripts/ddos/install.sh

bear@njava:~$chmod 0700 install.sh

bear@njava:~$./install.sh

Uninstalling

bear@njava:~$wget http://www.inetbase.com/scripts/ddos/uninstall.ddos

bear@njava:~$chmod 0700 uninstall.ddos

bear@njava:~$./uninstall.ddos

Version 0.6 | Change Log

whitelisting possible by adding IPs in /usr/local/ddos/ignore.ip.list

it uses this file to avoid banning the ip again (it was handling this differently and was a bit slower too)

Tags:

星期三, 5 5 月, 2010 工具, 服务器 没有评论

N73上安装putty连接SSH

今天在N73手机上安装了putty for s60 3nd,以后就可以用它来登录njava了。

一 软件下载
1 PuTTY for Symbian OS
http://s2putty.sourceforge.net/

现在已经到PuTTY 1.5.2了

2 因为我已经禁用了ssh的密码登录了,所以只能用密钥登录。要在putty上使用openssh生成的私钥,还需要PuTTYgen来转换密钥。

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

二 安装使用

安装putty很简单,按一般s60的程序安装一样,因为开源,不需要破解

n73上的putty程序

n73上的putty程序

Putty的主界面很简洁,就四个设置卡

n73上putty的主界面

n73上putty的主界面

n73上putty的主界面ssh设置卡里设置ssh登录端口,ssh版本,私钥位置等等参数

n73上putty的SSH设置

n73上putty的SSH设置

n73上putty的SSH设置显示卡里设置屏幕风辨率和是否全屏显示,这些设置都可以通过快捷键来完成的

n73上putty的显示设置

n73上putty的显示设置

n73上putty的显示设置日志目录,最好设置到卡里

n73上putty的日志设置

n73上putty的日志设置

设置服务器地址和用户名

n73上putty的基本设置

n73上putty的基本设置

bear登录上了njava的服务器

登录njava成功

登录njava成功

登录njava成功把分辨率调到了最高,字很小设置putty的字体大小

设置putty的字体大小

设置putty的字体大小

N73上的top指令列目录看到的效果

N73上的top指令

N73上的top指令

ls目录

ls目录

ls目录

从巴士ping了一下baidu,3个287ms,还不错ping baidu.com

ping baidu.com

ping baidu.com

看来米国的网络就是好呀,ping米国的google速度嗷嗷的

ping Google.com

ping Google.com

断开SSH的链接,

断开SSH连接
断开SSH连接

教程结束。。。。

Tags: , , ,

星期一, 5 4 月, 2010 服务器 一条评论

使用find命令定期删除n天前的日志文件

日志和备份多了,硬盘不够了,所以删除之

bear@njava:/data/log$ find /data/log -mtime +3 -exec rm -rf {} \;

关于find参数-mtime,-ctime,-atime

bear@njava:~$ man find
       -mtime n
              File's data was last modified n*24 hours ago.  See the comments for -atime to understand how  rounding
              affects the interpretation of file modification times.
       -ctime n
              File's status was last changed n*24 hours ago.  See the comments for -atime to understand how rounding
              affects the interpretation of file status change times.
      -atime n
              File  was  last  accessed n*24 hours ago.  When find figures out how many 24-hour periods ago the file
              was last accessed, any fractional part is ignored, so to match -atime +1, a  file  has  to  have  been
              accessed at least two days ago.

Tags: , ,

星期六, 3 4 月, 2010 服务器 没有评论

linux的内存使用查看和实际可用内存计算

使用free,top等工具都可以查看linux的内存使用量,如
使用top命令

bear@njava:/etc/nginx/conf# top
Tasks:  36 total,   2 running,  32 sleeping,   2 stopped,   0 zombie
Cpu(s):  0.3%us,  0.3%sy,  0.0%ni, 99.3%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:    524800k total,   478320k used,    46480k free,        0k buffers
Swap:        0k total,        0k used,        0k free,        0k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND            
15658 www-data  23   0 49188 7280 4104 S  0.0  1.4   0:00.03 php5-cgi           
15663 www-data  16   0 57888  28m  16m S  0.0  5.5   0:12.62 php5-cgi           
15664 www-data  16   0 60704  32m  18m S  0.0  6.4   0:11.99 php5-cgi           
15665 www-data  16   0 59488  29m  16m S  0.0  5.8   0:11.00 php5-cgi           
15667 www-data  18   0 58388  30m  17m S  0.0  5.9   0:11.62 php5-cgi           
15668 www-data  16   0 58628  28m  16m S  0.0  5.6   0:12.05 php5-cgi           
15669 www-data  16   0 58660  29m  16m S  0.0  5.7   0:09.81 php5-cgi           
15670 www-data  16   0 56220  26m  16m S  0.0  5.2   0:11.24 php5-cgi           
15671 www-data  16   0 59432  29m  16m S  0.0  5.8   0:11.04 php5-cgi           
15673 www-data  16   0 54596  25m  16m S  0.0  4.9   0:12.43 php5-cgi           
15674 www-data  16   0 58036  27m  15m S  0.0  5.4   0:11.66 php5-cgi           
19790 www-data  15   0 10856 2644 1008 S  0.0  0.5   0:02.18 nginx              
19791 www-data  18   0 10856 2676 1060 S  0.0  0.5   0:01.55 nginx              
19939 www-data  17   0  6936 3136  744 S  0.0  0.6   0:00.11 nginx-fcgi

使用free命令

bear@njava:/etc/nginx/conf# free
             total       used       free     shared    buffers     cached
Mem:        524800     476756      48044          0          0          0
-/+ buffers/cache:     476756      48044
Swap:            0          0          0
bear@njava:/etc/nginx/conf#

又那么多的内存参数字段:used,free,shared,buffers,cached
怎么计算实际剩余可用内存呢?
公式如下:

空闲内存=free+buffers+cached

看上去巴士的vps不适合做这个例子,呵呵,当作留存吧

Tags: ,

星期五, 2 4 月, 2010 服务器 没有评论

ubuntu修改时区

查看时区

bear@njava:#  date -R

修改为+8时区的上海

bear@njava:#  cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

Tags: ,

星期五, 2 4 月, 2010 服务器 没有评论

nginx的stub_status状态信息解释

打开nginx的stub_status可以通过页面链接看到如下信息

Active connections: 353
server accepts handled requests
 532423 532423 3283276
Reading: 1 Writing: 1 Waiting: 351

他们是啥意思呢,解释如下
active connections:353 #nginx 正处理的活动连接数 353个。
server accepts handled requests
nginx启动到现在共处理了 532423个连接 ,
nginx启动到现在共成功创建 532423 次握手 ,
请求丢失数=(握手-连接),可以看出,我们没丢请求
总共处理了3283276 次请求。
Reading :nginx 读取到客户端的 Header 信息数。
Writing : nginx 返回给客户端的 Header 信息数。
Waiting : Nginx 已经处理完正在等候下一次请求指令的驻留连接。开启 keep-alive 的情况下,这个值等于 active – (reading + writing)。

Tags: ,

星期五, 2 4 月, 2010 服务器 没有评论

cacti的rrdtool画不出图来的问题

1 习惯性的把rrd的文件rm -rf *掉了,发现cron过了好多次都没画出图来
2 检查权限,权限ok的,cron的执行用户和/var/www/cacti/rra目录的拥有者是同一个用户

bear@njava:/var/www/cacti/rra$ sudo vi /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
*/5 * * * * www-data php /var/www/cacti/poller.php > /dev/null 2>&1

3 把Poller Type由spine改成cmd.php,奇迹发生了,图被画出来了,之后再改回spine,运转正常

Tags: ,

星期四, 1 4 月, 2010 服务器 没有评论

cacti通过snmp监控ubuntu9.10网卡流量遇到的问题

折腾无线,snmp总是链接不上,debug报如下错误;

+ Running data query [1].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.2.1.2.2.1.1'
+ No SNMP data returned
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'

谷歌百度,终于找到解决办法,记录之。。。

bear@njava:/var/www/njava$ sudo vi /etc/snmp/snmpd.conf 
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):
# sec.name  source          community
#com2sec paranoid  default         public
#com2sec paranoid  default         njava
com2sec readonly  default         public
bear@njava:/var/www/njava$ sudo /etc/init.d/snmpd restart

获取到后的数据源

+ Running data query [1].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.2.1.2.2.1.1'
+ Index found at OID: '1.3.6.1.2.1.2.2.1.1.1' value: '1'
+ Index found at OID: '1.3.6.1.2.1.2.2.1.1.2' value: '2'
+ Index found at OID: '1.3.6.1.2.1.2.2.1.1.3' value: '3'
+ Located input field 'ifIndex' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.1'
+ Found item [ifIndex='1'] index: 1 [from value]
+ Found item [ifIndex='2'] index: 2 [from value]
+ Found item [ifIndex='3'] index: 3 [from value]
+ Located input field 'ifOperStatus' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.8'
+ Found item [ifOperStatus='Up'] index: 1 [from value]
+ Found item [ifOperStatus='Up'] index: 2 [from value]
+ Found item [ifOperStatus='Down'] index: 3 [from value]
+ Located input field 'ifDescr' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.2'
+ Found item [ifDescr='lo'] index: 1 [from value]
+ Found item [ifDescr='eth0'] index: 2 [from value]
+ Found item [ifDescr='eth1'] index: 3 [from value]
+ Located input field 'ifName' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.31.1.1.1.1'
+ Found item [ifName='lo'] index: 1 [from value]
+ Found item [ifName='eth0'] index: 2 [from value]
+ Found item [ifName='eth1'] index: 3 [from value]
+ Located input field 'ifAlias' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.31.1.1.1.18'
+ Found item [ifAlias=''] index: 1 [from value]
+ Found item [ifAlias=''] index: 2 [from value]
+ Found item [ifAlias=''] index: 3 [from value]
+ Located input field 'ifType' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.3'
+ Found item [ifType='softwareLoopback(24)'] index: 1 [from value]
+ Found item [ifType='ethernetCsmacd(6)'] index: 2 [from value]
+ Found item [ifType='ethernetCsmacd(6)'] index: 3 [from value]
+ Located input field 'ifSpeed' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.5'
+ Found item [ifSpeed='10000000'] index: 1 [from value]
+ Found item [ifSpeed='100000000'] index: 2 [from value]
+ Found item [ifSpeed='0'] index: 3 [from value]
+ Located input field 'ifHwAddr' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.2.2.1.6'
+ Found item [ifHwAddr=''] index: 1 [from value]
+ Found item [ifHwAddr='00:0D:60:D4:BC:04'] index: 2 [from value]
+ Found item [ifHwAddr='00:0D:60:D4:BC:05'] index: 3 [from value]
+ Located input field 'ifIP' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.2.1.4.20.1.2'
+ Found item [ifIP='127.0.0.1'] index: 1 [from regexp oid parse]
+ Found item [ifIP='8.8.8.8'] index: 2 [from regexp oid parse]
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'
+ Found data query XML file at '/var/www/cacti/resource/snmp_queries/interface.xml'

参考:http://www.linuxquestions.org/questions/linux-networking-3/cacti-traffic-stats-snmp-config-prob-378983/

Tags: , ,

星期四, 1 4 月, 2010 服务器 没有评论
« Previous Entries Next Entries »

归档

链接表

比特币捐赠:

1LMooBmUE153Wnd3zDryWvDyXxQudbFxDr