Monday, December 14, 2009

[Shell script] 自動開啟或關閉 vsftpd匿名登入機制

1 #!/bin/bash
2
3 vsftp_conf="/etc/vsftpd/vsftpd.conf"
4
5 if [ -f $vsftp_conf ]; then
6 if [ $# -ne 1 ]; then
7 echo "Parameters is not allow"
8 echo "usage: $0 on or $0 off"
9 exit 1
10 fi
11
12 case "$1" in
13 on) CMD='YES';;
14 off) CMD='NO';;
15 *)
16 echo "format error!"
17 exit 1
18 ;;
19 esac
20
21 if [ $CMD = 'YES' ]; then
22 sed 's/^.*anonymous_enable=.*/anonymous_enable=YES/' $vsftp_conf > /tmp/$$.vsftpd.conf
23 mv -f /tmp/$$.vsftpd.conf $vsftp_conf
24 /etc/init.d/vsftpd restart
25 else
26 sed 's/^.*anonymous_enable=.*/anonymous_enable=NO/' $vsftp_conf > /tmp/$$.vsftpd.conf
27 mv -f /tmp/$$.vsftpd.conf $vsftp_conf
28 /etc/init.d/vsftpd restart
29 fi
30 else echo "$vsftp_conf is not exist"
31 fi

說明:
列5 先判斷/etc/vsftpd/vsftpd.conf是否存在,若不存在則回報檔案不存在。(列30)
列6 判斷所傳入的引數是否為1個,若不是則回報錯誤並結束。 (列7~10)
列12-19 使用case,判斷是on, off或是格式有誤。
列21-24 若為on則設定anonymous_enable=YES,並重新啟動vsftpd。
列25-28 若為off則設定anonymous_enable=NO,並重新啟動vsftpd。

測試:
1. 允許匿名登入:
[root@centos bin]# ./vsftpd.sh on
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@centos bin]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

2. 不允許匿名登入:
[root@centos bin]# ./vsftpd.sh off
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@centos bin]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>
References:

Friday, December 11, 2009

TestShell Studio

今天下午參加了派恩科技所舉辦的新世代電子與網通產品自動化測試技術研討會,見識到了QualiSystems所研發的TestShell tools其強調並不需要programming的能力就能完成自動化測試的工作,讓我印象最為深刻的就是TestShell Studio,它能結合多種網通測試設備(IXIA,SmartBits and etc),自訂commands,遠端控制DUT,錄製Web access action等等強大的功能以加快測試的速度!AWESOME!

只要把你腦海中的想法透過滑鼠Drag-&-drop,整個測試流程就完成了!我想這對於網通廠商來說是個非常有力的測試工具,也值得每個網通QA學習。

美中不足的是......
1. 沒有提供Trial version
2. 目前似乎沒有for Linux的版本

Wednesday, December 09, 2009

Google Chrome for Linux and Mac OSX goes beta!

Google Chrome for Linux與Mac OSX終於出Beta版了,在Linux方面提供了Debian/Ubuntu/Fedora/OpenSUSE的deb與rpm,而在Mac OSX呢,很遺憾地PPC的user還是被遺忘了,剛好我就是PPC的user @@||

Anyway,在Linux下與Firefox V3.5.5相比,Google Chrome運行起來的確是讓我感覺到有快一點,不過目前發現到有兩個缺點:

1. 預設的中文字型不好看。
2. 即使我已經裝了Adobe flash player,還是不能播放Youtube的影片。
有興趣的人可以試用看看唷!


Monday, November 30, 2009

emesene 1.5.1 - "awesome" bugfix edition has been released!

曾幾何時,當我從Pidgin跳槽至emesene時感覺到非常順手好用,但是唯一的缺點就是emesene常常回報對方收不到我的訊息,有時真覺得有點惱人,所以這陣子又跳回去使用Pidgin,雖然沒那麼好看但至少穩定。

Well,今天連到emesene official website發現到v1.5.1已經正式release了,並且也修正了送不出訊息的問題,好樣的重新拿回來使用!

嘿!不過目前還沒有OpenSUSE 11.2的rpm檔,先用tarball了。

Friday, November 27, 2009

How to configure mirror port on Cisco 2960G switch

碰到了就紀錄一下囉~
# monitor session 1 source interface Gi 0/11
# monitor session 1 destination interface Gi 0/10
如此一來port 10就會成為port 11的mirror port。


判斷service是否可使用TCP wrappers

在Linux系統中,針對service比較簡單的安全政策可透過TCP wrappers來做管理,但是有些service是可被TCP wrappers控管的,有些則不是,如何判斷呢?其實只要用ldd命令來查看service是否有利用到libwrap wrapper library就可以囉!以下舉幾個例子:
1. OpenSSH:
[root@centos ~]# ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib/libwrap.so.0 (0x003f9000)
2. NFS:
[root@centos ~]# ldd /usr/sbin/rpc.nfsd | grep libwrap
3. Apache:
[root@centos ~]# ldd /usr/sbin/httpd | grep libwrap
由上可知OpenSSH可由TCP wrappers託管,但是NFS與Apache則不行。(有自己的安全機制)

回憶起以前考RHEL3時是用死記的方法記下那些service可以被TCP wrappers託管,現在年紀大了記憶體不足,只好靠些小技巧來幫助。

Thursday, November 26, 2009

Netifera

Netifera是一套for Linux與MAC OSX的網路環境偵測軟體,使用起來非常簡單易懂。
帽客安裝在CentOS5.4下,從安裝到使用上沒有發生什麼問題,且整體跑起來感覺很流暢!值得推薦給大家使用。

What is Netifera?
Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools.
Netifera website
Netifera quick guide
Download Netifera

Thursday, November 19, 2009

如何透過ISO檔,更新CentOS

之前介紹過如何透過ISO檔升級OpenSUSE,身為紅帽與蜥蜴系的愛好者,當然也要介紹一下如何透過ISO檔升級CentOS(應該也可用於Redhat與Fedora)。

Step1. 建立掛載點:
# mkdir -p /mnt/iso/1
Step2. 掛載ISO檔:
# mount -o loop /mnt/nfs/CentOS-5.4*.iso /mnt/iso/1
Step3. 安裝createrepo套件:
# yum install createrepo
Step4. 產生來源repository:
# cd /mnt/iso
# createrepo .
Step5. 建立新repository設定檔:
# vi /etc/yum.repos.d/centos54.repo
[CentOS5.4 Repository]
baseurl=file:///mnt/iso
enabled=1
Step6. 準備升級:
先將原本的repos全部rename成xxx.repo.bak
# yum clean all
# yum update
成功的話就可看到下圖顯示準備更新成CentOS5.4的套件:


Wednesday, November 18, 2009

學習Linux CLI 的好站

想學習Linux CLI嗎?以下的網站非常值得閱讀或是當作線上工具書:
LinuxCommand
O'Reilly's Linux Command Directory
The Linux CookBook
Ols3 shell script
Also please let me know your favorite websites for learning Linux command line in the comments.

Tuesday, November 17, 2009

Fedora 12 即將release!

Oh.. Fedora12預計於.....2009.11.17 release (不就是今天嗎? 逃~),太久沒注意Fedora project了,明天download下來在VirtualBox上跑看看吧。

BTW, 最近真是OS的大混戰呀! 打得激烈!
Apple MAC OSX 10.6.2 [未使用,好想用呀~哭]
CentOS 5.4 [使用中]
Ubuntu 9.10 [未使用]
OpenSUSE 11.2 [使用中]
Fedora 12 [快要出了]
Windows 7 [恩...]

Friday, November 13, 2009

升級OpenSUSE 11.1至11.2之雜記

OpenSUSE 11.2已經於11.12日正式release了,雖然說11.1目前在S10e上跑得挺順的,但是手癢的我還是決定給它升級看看,以往我會選擇重新安裝的方法來升級,反正/home是配置到另外一個partition,系統重新安裝也不會讓資料遺失,但是總覺得要重新調整到自己習慣的桌面設定太浪費時間了,於是這一次我選擇透過將software repositories指定成OpenSUSE 11.2的方法來安裝:

Step1. Yast->Software->Software Repositories->Add->Local ISO Image添加OpenSUSE11.2镜像。
Step2. 手動移除OpenSUSE 11.1的repositories
Step3. # zypper dup
遺憾的是.....我竟然在X Window幹下此等蠢事,zypper dup會將有衝突的軟件強制刪除,沒想到在Firefox開啟的狀態下,造成系統crash導致更新尚未完成!重開機後整個系統爛掉,唉!我可不能panic呀,冷靜下來進入failsafe mode重新再執行一次zypper dup,沒想到卻回報無法找到來源,原來還需要讓Kernel把loop的模組掛起來,於是便執行modprobe loop,如此一來就可以繼續升級的動作了。

沒想到升級完後,只有保留了kernel-2.6.27.37-0.1-pae而竟然沒有安裝上新的kernel-2.6.31.5-0.1-desktop,導致無法進入GNOME..... anyway透過zypper再裝上新版的kernel吧,裝上後一切搞定,可以正常進入GNOME,目前嘗試使用看看。

Update1_新增OpenSUSE 11.2的repositories:
# zypper ar http://ftp.gwdg.de/pub/linux/misc/packman/suse/11.2/ packman
# zypper ar http://download.opensuse.org/distribution/11.2/repo/oss/ opensuse11.2_oss
# zypper ar http://download.opensuse.org/distribution/11.2/repo/non-oss/opensuse_11.2_non-oss
# zypper ar http://download.opensuse.org/update/11.2/ opensuse11.2_update
Update2_安裝S10e(Broadcom Corporation BCM4312 802.11b/g)的wireless module:
# zypper in broadcom-wl*

Friday, October 30, 2009

CentOS 5.4 now is available to download!

令人喜愛的CentOS5.4正式release囉!趕緊來download.... :)

CentOS 5.4 release notice
Download site

如果已經安裝了之前的版本,則可透過以下的命令線上更新系統:
# yum list updates
# yum update

Thursday, October 29, 2009

備份利器: rsnapshot

rsnapshot與我之前用rsync備份的方法比較起來看來是更加地簡單好用了,有興趣的朋友可參考以下的文章作個測試:
How To Backup Local Unix Host Using rsnapshot rsync Utility
How To Backup Remote Linux Host Using rsnapshot rsync Utility

Thursday, October 22, 2009

Clone HD in the VirtualBox

錯誤方法:
copy / paste original vdi檔。


正確方法:
Windows->cmd->vboxmanage clonehd "original vdi" "new vdi"


之後匯入新的vdi檔就不會造成UUID重複的問題了。

Monday, October 19, 2009

Install FreeMind in OpenSUSE 11.1

在OSX下習慣用FreeMind紀錄一些自己的ideas,但我的末代"老"白iBook G4它老人家重達2.2Kg在加上一些書籍,我實在是背不動了,所以就將S10e安裝成OpenSUSE帶去上班用,索性也來裝個FreeMind來使用吧,沒想到,它真的不是很好安裝,很多套件不論是官方的repository或是packman repository都沒有,只好手動自己找一找裝一裝了。(忽然想起多年前在RHEL3.0要裝K3b support燒錄mp3的壯烈情況。)

裝完了之後,遇到了中文亂碼的問題,參考了佑子窩 blogger所提供的方法很順利的解決了。
不過OpenSUSE與Ubuntu有個地方不一樣:
OpenSUSE: ln -s /usr/share/fonts/truetype/uming.ttf
Ubuntu: ln -s /usr/share/fonts/truetype/arphic/uming.ttf

[Shell script] Select選單語法練習

1. 以選單方式,提供要刪除哪一個檔案 (a1, a2, a3, a4 and a5)
2. 只有當user輸入y/Y時,才會將檔案刪除。
#!/bin/bash
select VAR in a1 a2 a3 a4 a5 exit
do
case $VAR in
a1) read -p "Delete a1? (y/Y/n/N)" FLAG
if [ $FLAG = y -o $FLAG = Y ]; then
rm -f ./a1
fi;;
a2) read -p "Delete a2? (y/Y/n/N)" FLAG
if [ $FLAG = y -o $FLAG = Y ]; then
rm -f ./a2
fi;;
a3) read -p "Delete a3? (y/Y/n/N)" FLAG
if [ $FLAG = y -o $FLAG = Y ]; then
rm -f ./a3
fi;;
a4) read -p "Delete a4? (y/Y/n/N)" FLAG
if [ $FLAG = y -o $FLAG = Y ]; then
rm -f ./a4
fi;;
a5) read -p "Delete a5? (y/Y/n/N)" FLAG
if [ $FLAG = y -o $FLAG = Y ]; then
rm -f ./a5
fi;;
exit) exit;;
esac
done

Friday, October 16, 2009

[Shell script] 遞迴

#!/bin/bash
function re () {
local tmp
tmp=$1
if [ $tmp -eq 1 ]; then
total=1
else
re $(($tmp-1))
total=$(($tmp*$total))
fi
}


read -p "Data=" VAR
re $VAR
echo "$VAR!=$total"
太久沒寫了腦袋打結了一下。

Thursday, October 15, 2009

Fine Tuning Firefox

參考了以下的文章在OpenSUSE 11.1下調整了FireFox的參數,感覺有改善!
Fine Tuning Firefox

順便找到備份FF的軟體:
FEBE

最後附上OpenSUSE 11.1美美的桌面環境。

Wednesday, October 07, 2009

OpenSUSE 11.2 roadmap

沒意外的話應該在今年的11月12號OpenSUSE 11.2就會release了,我還蠻喜歡OpenSUSE team的roadmap。

Milestone -> Release Candidate -> Gold Master
http://en.opensuse.org/Roadmap/11.2

如何幫助測試OpenSUSE: http://en.opensuse.org/Testing/

Sunday, October 04, 2009

Free Partition Manager for Windows

I find a good partition management tool for Windows series OS.
EASEUS Partition Master it's very useful, and Home user edition is free!

Tested on Lenovo S10e netbook and it's works.

Tuesday, September 29, 2009

Shell script 練習

看到Ols3前輩出的練習題,故嘗試寫看看,題目是這個樣子的:
# 把 以下資料檔 d1.txt d2.txt 予以整合
d1.txt
====================
abc:12
bob:25
cdc:36
OK:121
Tomy:99
Jack:108

d2.txt
====================
Jack:9
cdc:8
OK:11
Tomy:22
bob:5
abc:88

試寫一 script 來處理 d1.txt d2.txt 使其變成

abc:12:88
bob:25:5
cdc:36:8
Jack:108:9
OK:121:11
Tomy:99:22

My script:
#!/bin/bash

for VAR1 in `cat ./d1.txt | sort`
do
for VAR2 in `cat ./d2.txt | sort`
do
if [ `echo $VAR1 | cut -d: -f1` = `echo $VAR2 | cut -d: -f1` ]; then
echo $VAR1\:`echo $VAR2 | cut -d: -f2`
fi
done
done

References:

Thursday, September 24, 2009

Powerful web application and network load testing tool: curl-loader

找到了一個還蠻強大的web application與network load testing的工具: curl-loader
curl-loader是based on Linux並號稱可以提供類似SpirentAvalanche與IXIA loader的功能(IXIA用過,但是IXIA loader我可是沒用過 XD),同時間透過curl-loader可以產生上萬筆的clients來產生實際的HTTP或是FTP的流量,重點是透過它的configure file,curl-loader會自動的幫你bind IP,真是貼心的設計呀,使用之前最好是依照它的建議更改些Linux預設的參數,當然如果要產生big real flow那就要使用高檔點的機器囉,帽客實際上跑了一下,發現到當產生30K HTTP clients時,會將dual core(Intel C2D E4500)的CPU resource全部吃光光!

建議調整的參數:
ulimit -n 100000
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 100000 > /proc/sys/fs/file-max
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/ethX/rp_filter
echo "109568 109568 109568" > /proc/sys/net/ipv4/tcp_mem

Monday, September 21, 2009

Wednesday, September 16, 2009

Linux上常見的Load Balancer Project

常見的有:
Linux Virtual Server
Ultra Monkey
Red Hat Cluster Suite
High-Availability Linux

References:

Friday, September 11, 2009

OSX 10.5.x 重大更新通知

OSX剛剛提醒我目前有更新囉,這次的更新還不小,有iTunes, QuickTime, Java for MAC與Security update。

Wednesday, September 09, 2009

只印出本次登入所輸入的命令

Linux系統預設上可透過history(bash內建的指令)看到以前與本次登入所輸入的所有命令,而當使用者登出系統後系統會自動將本次登入時所輸入的所有命令新增到 ~/.bash_history中,至於最多紀錄多少筆則要取決於HISTSIZE/HISTFILESIZE設定為多少(兩者預設應該都是1000),所以排除舊的命令歷史記錄,新的紀錄應該會從1001開始,於是乎可以利用以下簡單的方法列印出目前登入所輸入的所有指令:

# history | while read cmd; do set -- $cmd; if [ $1 -gt 1000 ]; then echo "$1:$2";fi; done
1001:history
1002:set
1003:history
1004:ifconfig
1005:history

Note:
1. 預設上HISTFILESIZE是設定~/.bash_history可紀錄多少筆,預設是1000,假設今天設定成2000則代表~/.bash_history可存放2000筆記錄,於是乎上面的指令就必需改成這樣:
# history | while read cmd; do set -- $cmd; if [ $1 -gt 2000 ]; then echo "$1:$2";fi; done

2.若~/.bash_history未滿1000筆時,那就要特別注意判斷的條件了。

Wednesday, August 26, 2009

HTTP Server Benchmark Test Tool: WBox

WBox aims to help you having fun while testing HTTP related stuff. You can use it to perform many tasks, including the following:

- Benchmarking how much time it takes to generate content for your web application.
- Web server and web application stressing.
- Testing virtual domains configuration without the need to alter your local resolver.
- Check if your redirects are working correctly emitting the right HTTP code.
- Test if the HTTP compression is working and if it is actually serving pages faster.
- Use it as a configuration-less HTTP server to share files! (see the server mode documentation at the end of the Wbox tutorial in this page, but it's as simple as % wbox servermode webroot /tmp)

Wbox is free software under the GPL version 2 license and was written in ANSI C (POSIX runtime required) by Salvatore 'antirez' Sanfilippo

使用過後,個人感覺比ab強大好用!

Thursday, July 30, 2009

Deny SSH brute attack via iptables

iptables rules:
#iptables -A INPUT -p tcp --dport 22 -i ethx -m state --state NEW -m recent --set
#iptables -A INPUT -p tcp --dport 22 -i ethx -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
如此一來,本機於1分鐘內收到超過5個以上的SSH連線需求時,第5個SSH connection就會被drop掉.

緊接著用hping測試連續送出n個TCP port 22 SYN,看看第5個SSH connection是否會被drop:


Reference:
http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
http://tuxtraining.com/2009/06/23/stop-ssh-brute-force-attack-using-susefirewall

Thursday, July 23, 2009

Suspend Linux to swap

分享一個在console下將Linux系統休眠到swap的方法:

Tested on CentOS5.3:
Step1. 設定STD(suspend to disk)到swap:
[root@localhost ~]# fdisk -l
Disk /dev/hda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1          13      104391   83  Linux
/dev/hda2              14         842     6658942+  83  Linux
/dev/hda3             843         907      522112+  82  Linux swap / Solaris
/dev/hda4             908        1044     1100452+   5  Extended
/dev/hda5             908         972      522081   83  Linux
[root@localhost ~]# ls -ld /dev/hda3
brw-r----- 1 root disk 3, 3 Jul 23  2009 /dev/hda3

由此得知swap partition的major與minor ID是3.3,接著修改參數如下 (預設是0:0):
[root@localhost power]# echo "3:3" > /sys/power/resume 

Step2. 啟動休眠:
[root@localhost ~]# echo "disk" > /sys/power/state 

此時系統將立刻進入休眠狀態,並於下次重開機時回到剛剛的環境。

Step3. 設定永久suspend到swap:
修改/boot/grub/grub.conf並設定Kernel參數如下:
kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=LABEL=/ rhgb quiet resume=/dev/hda3

Tuesday, July 14, 2009

善用tmpfs當Firefox的cache

現在的電腦記憶體很夠用, Redhat/CentOS預設又將/dev/shm當成tmpfs掛載起來, 所以也就別辜負了它的美意吧! 把它拿來當成Firefox cache的RAMDisk用吧!

至於如何將Firefox的cache指定到/dev/shm呢? 實作上非常簡單, 只要開啟Firefox並於網址列上輸入about:config, 然後點擊滑鼠右鍵->新增->字串後輸入: browser.cache.disk.parent_directory, 內容則輸入/dev/shm就完成了.


成功的話, 當使用Firefox瀏覽網頁時就會看到/dev/shm會新增Cache目錄.
當然系統重新開機後, cache就會消失了!
Note: Redhat/CentOS預設並不特別指定/dev/shm的大小為何, 記憶體剩下多少就允許/dev/shm使用, 如果想要改變此行為的話可開啟/dev/fstab,找到mount /dev/shm的那一列並修改如下:
tmpfs /dev/shm tmpfs defaults,size=100M 0 0
以上希望對大家使用Linux有幫助.

Thursday, July 02, 2009

Compress and encrypt directory in Linux

直接進入實作步驟~
Compress tools: tar
Data encrypt tools: AES Crypt (http://www.aescrypt.com/)

Objective-1, To backup /etc and encrypt it:
1. 壓縮並加密/etc:
# tar cvf - /etc | aescrypt -e -p 123456 -> etc.tar.aes
(-e: encrypt, -p password)

2. 測試etc.tar.aes是否有加密:
[root@localhost ~]# file etc.tar.aes
etc.tar.aes: data
[root@localhost ~]# tar tvf etc.tar.aes
tar: This does not look like a tar archive
tar: Skipping to next header
tar: Archive contains obsolescent base-64 headers
tar: Read 300 bytes from etc.tar.aes
tar: Error exit delayed from previous errors
測試結果發現到etc.tar.aes已經被AES加密了,故無法直接以tar觀看壓縮檔的內容。

Objective-2 To decrypt and uncompress data:
1. 將壓縮檔解密:
# aescrypt -d -p 123456 etc.tgz.aes 
解密後會新增一檔案為etc.tar
2. 解壓縮:
# tar xvf etc.tar
如此一來便可解開加密過後的壓縮檔了。

其它在Linux上常見的加密工具還有openssl與gpg。

Monday, June 29, 2009

20個Linux系統/網路偵測的好工具

發現到一篇介紹20個Linux系統/網路偵測工具的好網頁,挺多我沒有使用過的,所以特別收錄起來,FYI。

Sunday, June 21, 2009

Free online file conversion: Zamzar

很多人為了轉換檔案格式,總是會在電腦上裝載各種轉換的軟體,甚至有時收到了不能讀取的檔案時就更是令人感到心煩了,比如Office 2007的docx,像我的Linux與OSX都沒辦法讀取docx的文件,偏偏有人就是很喜歡寄給我但也總不能去請人家去轉換好再寄給我吧,此時只好自己開啟Windows的office 2007來看,挺浪費時間,嘿嘿~不過今天真是個好日子,讓我發現了一個能解決我這種困擾的服務,Zamzar!

Zamzar它是一個免費的線上格式轉換的服務,不論您使用那種OS(事實上跟OS一點關係都沒有),只要將檔案透過Web browser上傳後,選擇想轉換成的檔案格式,它就會幫你將檔案轉換好並透過mail告訴你檔案下載的連結,真的是非常之方便呀!目前檔案的上限為100MB,而能轉換的格式真是包山包海呀!


Wednesday, June 10, 2009

[Shell script] Remote Services watchdog

以下的script是針對偵測到對方的service沒有正常運作時則發mail給所指定的使用者,請參考:

#!/bin/bash

SRVLIST='192.168.0.100:80
192.168.0.100:53'
MAILACCOUNT="root@server1.example.com"

for SRV in `echo $SRVLIST`
do
 IP=`echo $SRV | cut -d: -f1`
 PORT=`echo $SRV | cut -d: -f2`
 nc -w 1 $IP $PORT > /dev/null 2>&1 || echo "Port $PORT on Server $IP is failed" | mail -s "Error: Service failed" $MAILACCOUNT
done

Monday, June 08, 2009

Install AWstats on CentOS 5.x

What's AWstats?
AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.
http://awstats.sourceforge.net/

安裝步驟:
1. 於rpmfind.net 搜尋並下載awstat*rpm for RHEL5.x (awstats-6.9-2.el5.rf.noarch.rpm)
2. # rpm -ivh awstat*rpm
3. 修改/etc/httpd/conf/httpd.conf:
AddHandler cgi-script .cgi .pl
4. 修改/etc/httpd/conf.d/awstats.conf :
Alias /awstats/icon/ /var/www/awstats/icon/
ScriptAlias /awstats/ /var/www/awstats/
        DirectoryIndex awstats.pl
        Options ExecCGI
        Order allow,deny
        Allow from all
#       order deny,allow
#       deny from all
#       allow from 127.0.0.1
5. 將/etc/awstats/awstats.localhost.localdomain.conf改成/etc/awstats/awstats.IPADDRESS.conf (e.g., IPADDRESS=192.168.0.1)

6.手動執行/etc/cron.hourly/00awstats
如此一來就馬上有資料產生了,之後就交給system crontable更新吧!

7. 開啟瀏覽器並輸入 http://192.168.0.1/awstats/awstats.pl,成功的話應該會看到以下的畫面:

Note: awstats.IPADDRESS.conf 有許多參數可調整,請參考裡面的說明。

Sunday, June 07, 2009

帽客剛整理好的桌面

剛整理好,乾淨了一些,拍個照紀錄一下。


Saturday, June 06, 2009

[Shell script] Services watchdog

這隻script的功能就是當偵測到所指定的port於本機沒有啟動的話,就會將它自動重啟,放在cron table裡定時檢查吧!

#!/bin/bash

SRVLIST='80:/etc/init.d/httpd
25:/etc/init.d/postfix
22:/etc/init.d/sshd
110:/etc/init.d/dovecot'

for SRV in `echo $SRVLIST`
do
 nc -w 1 localhost `echo $SRV | cut -d: -f1` > /dev/null 2>&1 && echo "Port $SRV fine" || `echo $SRV|cut -d: -f2` restart
done


[Shell script] Monitor process cpu loading and count

1. 當process CPU loading超過90%, 就先行刪除:
#!/bin/bash
CPULOADING=90
ps auxh | \
while read pro
do
set -- $pro
if [ `echo $3 | cut -d"." -f1` -gt $CPULOADING ]; then
kill $2
fi
done

2.當process數目超過50時, 就先行刪除:
#!/bin/bash
PSCOUNT=50
ps axh -o "cmd" | sort | uniq -d -c | \
while read ps
do
set -- $ps
if [ $1 -gt $PSCOUNT ]; then
killall $2
fi
done

Reference: Linux網路安全管理與監控

Friday, June 05, 2009

[Shell script] Monitor Disk space

#!/bin/bash
USAGE_SPACE=20

df | grep '[0-9]%' | egrep 'sd|hd' | \
while read line 
do
# if [ `echo $line | awk -F" " '{ print $5 }' | cut -d% -f1` -gt "$USAGE_SPACE" ]; then
# echo "Disk space of `echo $line | awk -F" " '{ print $6}'` belongs to `hostname` is over $USAGE_SPACE%" | mail -s "HD DISK is not enough" $USER
# fi

set -- $line
if [ `echo $5 | cut -d% -f1` -gt $USAGE_SPACE ]; then
echo "Disk space of `echo $6` belongs to `hostname` is over $USAGE_SPACE%" | mail -s "HD DISK is not enough" $USER
fi
done

Remark的部份是小弟以前的做法,利用awk去filter出硬碟使用的百分比與目錄名稱,但拜讀了新書"Linux 網路安全管理與監控",學到了可透過set --$line方便取出某行的資料為引數使用,好用!


Sunday, May 31, 2009

Eason Chen Moving on stage 21 part II

昨晚陪老婆去台北小巨蛋聽陳奕迅Moving on stage 21 part II的演唱會,老實說我並非Eason的歌迷,對他的歌比較熟悉的是只有K歌之王,你的背包,婚禮的祝福(這張專輯我有買)。
整體聽下來我可以了解為何老婆這麼喜歡Eason了,他真的很有實力,歌曲確實能打動人心, 感覺上他真的唱得很賣力,連唱了四個小時吧!有幸能參加這種實力派歌手的演唱會真是我們的幸福,可惜我只聽到11:00多就先行離場回家去哄小朋友睡覺了,不然真的很想跟Eason待到最後。

Anyway Eason期待你下一次再來台北開唱!婚禮的祝福真是太好聽了!

Wednesday, May 20, 2009

Moving SUSE Linux to another system

工作用的一台PC可能太過老舊,常常跑到一半就system freeze,懷疑是熱當,然而剛好有一台idle的機器,想說就將hard drive換到那台機器就好了,本以為應該會很順利,沒想到系統重開時SUSE回報:
waiting for device /dev/hda2 to appear
waiting for device /dev/hda4 to appear
然後整個系統就停止了.... 事情似乎沒有我想像得單純..... :p
進入rescue mode查看hard drive也沒損壞呀? 只好上google查看看吧~

後來查到原來是當更換到另一台機器時,由於主機板上的controller是不一樣的! SUSE需要重新make initrd, Redhat不用! 呵呵.... 整個救援的方法如下:

hard drive partition information:
/dev/hda1 -> /boot
/dev/hda2 -> swap
/dev/hda3 -> /home
/dev/hda4 -> /

1. 利用SUSE安裝光碟進入rescue mode
2. 將root partition掛載: mount /dev/hda4 /mnt
3. 將rescue mode的/dev與/proc分別掛載到 /mnt/dev與/mnt/proc: mount --bind /dev /mnt/dev; mount --bind /proc /mnt/proc
4. 將目前的rescue mode的single-root轉成實際上的root partition: chroot /mnt
5. 將/boot掛載: mount /dev/hda1 /boot
6. 切換到/boot目錄,並執行mkinitrd: cd /boot; mkinitrd

Accomplished!

Monday, May 18, 2009

快速取得路由路徑資訊

在Linux下,要確定或查看到某一個destination的方法,比較傳統的方法是執行route -n 或是netstat -rn取得routing table後,再以肉眼判斷讀出,不過我看過有些人管控的機器其routing table內容非常之可怕! 眼睛可能會看到"脫窗", 所幸我今天發現到了一個新的指令可以幫助苦命的IT/MIS.

# ip route get x.x.x.x
-> 系統就會回報到x.x.x.x會經由哪個gateway出去, e.g.,
ip route get 168.95.1.1
168.95.1.1 via 192.168.1.254 dev br0 src 192.168.1.100
cache mtu 1500 advmss 1460 hoplimit 64
解讀: 從src 192.168.1.100到dst 168.95.1.1是透過192.168.1.254出去

Tuesday, May 12, 2009

[Shell script] 讓/etc/passwd更利於閱讀

#!/bin/bash
IFS=:
echo "System User list:"
echo "-------------------------------------"
while read username shapass uid gid comm home shell
do
echo "UserName:$username"
echo " 1.password:$shapass"
echo " 2.uid:$uid"
echo " 3.gid:$gid"
echo " 4.comment:$comm"
echo " 5.home:$home"
echo " 6.default shell:$shell"
echo "------------------------------------"
done < /etc/passwd

參考Linux-101 Hacks, hack 88. Read data file fields inside a shell script

Monday, May 11, 2009

Get Ready for openSUSE Community Week!

The first openSUSE Community Week is just around the corner. May 11 through May 17 we’ll be hosting live sessions in IRC to help grow the openSUSE Community.
Community week is all about helping new contributors get started with openSUSE and getting existing contributors together to mentor new contributors, and working together on major projects.
We’ll be hosting a week of IRC tutorials, Q&A’s, and jam sessions on a number of topics. Learn to work with the testing/QA team, create packages, work with the openSUSE Build Service, help work on the wiki, or get involved with the GNOME and KDE teams. There’s something for everybody.


Schedule:
http://en.opensuse.org/Community_Week

Tuesday, May 05, 2009

Ubuntu and Upstart

Ubuntu與Fedora都採用了upstart模擬跑SysV. 但是OpenSUSE11.1/SLES11 whereas.... 還是採用大家熟悉的SysV, 讓我們來看看Novell的concern吧:

http://en.opensuse.org/Ubuntu_and_Upstart

是不是差點沒說出脫褲子放屁~ XD

Thursday, April 23, 2009

wget useful parameters

遇到了所以在此做個紀錄,雜記一下:

# wget -r -np -A img,txt,gz,pcap,cap http://xxx.xxx.xxx
-r --recursive
-np --no-parent
-A --accept=LIST
-> 如此一來就會對xxx.xxx.xxx的網站以遞迴的方式,抓取以img,txt,gz,pcap與cap類型的檔案,其它的都會忽視。

更多的參數可透過wget --help或是man wget獲得更進一步的資訊。

Monday, April 13, 2009

忽視記錄指定的指令於history中

上次介紹可用HISTCONTROL="ignorespace"來忽視開頭為"空白"的指令記錄於history中,今天再提供另一種可行的方法,當看到特定的指令時,也將不記錄於history中,實作的方法如下:

Usage: HISTIGNORE="cmd1:cmd2"

Example1: 忽視記錄pwd,useradd,userdel,passwd等指令:
# export HISTIGNORE="pwd:useradd:userdel:passwd"

Example2: 開機即套用:
Redhat/SUSE: echo 'export HISTIGNORE="pwd:useradd:userdel:passwd"' >> /etc/profile
Note: 如果系統不允許重開機,可以透過source /etc/profile來生效。

Friday, April 10, 2009

不紀錄開頭為space的指令於history中

直接來看如何實作吧!
舉個常會碰到的例子, 如果在console下需輸入敏感的資料時, 不要讓它記錄到history中:
#HISTCONTROL=ignorespace
# echo "redhat" | passwd --stdin lawrence (注意開頭必需為空白)
#history

如此一來echo "redhat" | passwd --stdin lawrence 就不會記錄到history中.

Wednesday, April 08, 2009

Modify Linux prompt

改變一下原本CentOS5.x黑底白字的prompt為黑底綠字如下, 有小學時用DOS的fu ~ XD



加入以下的設定於 /etc/profile讓每個使用者都有這種fu ~
PS1="\e[0;32m[\u@\h \W]$ \e[m"

Cocoa Packet Analyzer in OSX

以前帽客要在OSX下抓網路封包, 有兩種方法:
1. 開啟終端機, 執行tcpdump -> 只有文字模式
2. 安裝X11-> 透過某個在OSX下能安裝Linux apps的工具(Fink)安裝wireshark -> 有圖形可看了, 但是挺麻煩.

現在不用囉! 直接給它安裝Cocoa Packet Analyzer就可以在OSX下抓網路封包啦!
About Cocoa Packet Analyzer
A native Mac OS X implementation of a network protocol analyzer and packet sniffer. It is able to do basic network capturing (incl. packet filtering), analyze and display packet trace files. CPA supports the industry-standard PCAP packet capture format for reading, capturing and writing packet trace files. Further more the libPCAP/ tcpdump filter expressions may be used during capturing network traffic. It supports a variety of network protocols and can be enhanced using the Cocoa bundle plugin technology. Features a quicklook plugin so you can get an overview of you trace file even in finder.

Support libpcap format, 太棒了正是我需要的, 因為我 慣用的packet playback tools只支援libpcap format.

Download: http://www.apple.com/downloads/macosx/networking_security/cocoapacketanalyzer.html

Friday, April 03, 2009

透過ac command 顯示所有使用者登入的時間

今天看書,學習到利用ac指令來獲取系統上所有使用者上線的總時間,帽客覺得這是非常實用的指令,故於此分享給大家,以下是ac的簡單說明: (man page description)
ac prints out a report of connect time (in hours) based on the logins/logouts in the current wtmp file. A total is also printed out.

ok, 再來以上線跑不久的OpenSUSE11.1來做個例子:

Example1: 顯示每天所有使用者上線的時間總和:
linux-xgby:~ # ac -d
Mar 7 total 28.81
Mar 9 total 0.14
Mar 13 total 17.35
Mar 15 total 32.28
Mar 20 total 8.09
Mar 21 total 3.00
Mar 22 total 44.08
Mar 23 total 10.44
Mar 24 total 33.19
Mar 25 total 29.43
Mar 31 total 0.03
Apr 1 total 15.17
Apr 2 total 4.47
Apr 2 total 14.60
Apr 3 total 21.09
Today total 1.67

Example2: 顯示個別使用者上線的時間總和:
linux-xgby:~ # ac -p
lawrence 258.67
root 5.31
total 263.98

如何,夠簡單又實用吧!

Thursday, April 02, 2009

To compile polygraph network benchmark tools on CentOS5.2

What's polygraph?
"Web Polygraph is a freely available performance testing tool for caching proxies, origin server accelerators, L4/7 switches, content filters, and other Web intermediaries. Polygraph's features include:
high-performance HTTP clients and servers
realistic HTTP and SSL traffic generation
HTTP Basic, NTLM, and Negotiate proxy authentication
LDAP-friendly generation of user credentials
flexible content simulation
ready-to-use standard workloads for benchmarking
powerful domain-specific configuration language
portable open-source implementation
friendly commercial support "


http://www.web-polygraph.org/

在CentOS5.2下編譯polygraph v3.1.5時會發生SslWrap.cc的問題,解決的方法是:
http://www.linuxquestions.org/questions/linux-server-73/problem-compiling-web-polygraph-689766/

./configure;make;make install 好搞定了! Enjoy it!

Thursday, March 26, 2009

Novell SLES11 Server/Desktop is available to download

哇哈哈~ Novell SLES11 Server/Desktop總算是釋出了,目前家裡一台P4 2.4GHz的老PC跑OpenSUSE 11.0讓我非常滿意,之前有聽說過SLES11是基於OpenSUSE 11.1開發的。

打算先找台NB裝一下看看,BTW Novell SLES11與SLES10一樣提供60天的免費更新,哈!還算ok!
謎之音: 之前在某家公司內部所架設的SLES10 <- 提供挺多services 沒當過,不知還在運作否 XD

Monday, March 16, 2009

OSX: 螢幕抓圖利器 InstantShot!


InstantShot! 是帽客在OSX環境下慣用的螢幕抓圖軟體,個人覺得非常直覺好用,重點是它支援中文又是free的,這麼好用的軟體希望Mac fans不要錯過囉。

Friday, March 13, 2009

Linux管理小技巧: CDPATH

預設上, RHEL5.x與CentOS5.x的bind有chroot的機制, 所以當系統管理者要去更改named.conf或是相關的DNS zonefile時就必需要輸入/var/named/chroot/etc/ or /var/named/chroot/var/named/ 恩... 有點長, tab要按好幾次, 於是乎帽客想到了一個好用的偷懶方法, CDPATH.

透過CDPATH可以設定parent directory然後透過cd指令切入到subdirectories, 看起來有點抽象? 實際看看例子吧:


上面的例子是設定CDPATH為DNS Server chroot的路徑(/var/named/chroot), 並將它變成環境變數, 之後只要輸入cd etc就會切入到/var/named/chroot/etc, 而cd var/named就會切入到/var/named/chroot/var/named.

看起來方便多了吧!

update:
讓CDPATH重開機時就生效吧:
echo "CDPATH=/var/named/chroot" >> /root/.bash_profile

2009.3.16 update:
今天發現到bash內建的command,pushd與popd也有著類似的功能:
先將/var/named/chroot 透過pushd新增至stack中,並用dirs確定目前stack的內容(第一筆永遠是current directory),之後透過cd就可以切換到subdirectories。

Thursday, March 12, 2009

經濟愈差 病毒愈多

我的好朋友Mark給我以下的消息,網路實在是不安全。

Tuesday, March 10, 2009

Compile Linux kernel "2.6.28.7" on CentOS5.2

想玩看看EXT4,所以下載了最新版有支援EXT4的kernel於CentOS5.2上,以下是compile的雜記:

1. 於/usr/src/kernels/解開2.6.28.7的kernel source (download: www.kernel.org)
2. 將目前的kernel config 從/boot下copy到/usr/src/kernels/2.6.28.7/.config
3. 於/usr/src/kernels/2.6.28.7執行make menuconfig
-> Add EXT4
-> Remove Bluetooth
-> Remove wireless
4. 執行make bzImage
5. 執行make modules
6. 執行make modules_install
7. 執行make install
8. 檢查/boot/*, /boot/grub/grub.conf
-> 開機選用kernel 2.6.28.7開機。
2009.3.25 update:
Tested ext3 and ext4 performance on kernel 2.6.29 and result as below:
It looks like ext4 is better than ext3.
Note: To clean HD cache for each test processing by hdparm -f command.

Tuesday, February 24, 2009

列印出每個使用者登入至Linux主機的總次數

這麼下達就可以得到結果了 :

# last|awk -F" " '{print $1}'|grep -v "^$"|grep -v reboot|grep -v wtmp|sort|uniq -c

Monday, February 16, 2009

Check Linux NIC driver

工作需求所以用到了, 在此記錄:

#ethtool -i eth0
driver: e1000e
version: 0.3.3.3-k6
firmware-version: 5.7-6
bus-info: 0000:0c:00.0

Linux liveUSB creator

發現了一套可執行於Linux與Windows的Linux liveUSB creator: liveusb-creator 透過它, 可以很方便的透過iso檔製作出liveusb, usb開機比DVD/CD-ROM開機不僅來得快也來得方便多了, 畢竟現在很多notebook/netbook預設都不搭配DVD/CD-ROM.

安裝:
-如果你要運行於Windows在可於此下載, 解開並執行liveusb-creator.exe: liveusb-creator-3.2.zip
-然而如果要運行於Linux的話, 以Fedora9/10來說, 可直接透過yum安裝: # yum install liveusb-creator

測試:
Under Windows XP SP3
1. 插入USB device
2. Fdisk/Format USB device 為單一主要分割區, 格式為FAT32 (目前只能運作於FAT32/EXT)
3. 執行liveusb-creator.exe
4. 選擇來源ISO: systemrescuecd-x86-1.1.5.iso
5. 選擇Target Device為USB device partition
-> Completed

之後透過USB device開機, systemrescuecd Linux正常開機且運作順利.
更多的資訊可參考官方的FAQ: https://fedorahosted.org/liveusb-creator/wiki/FAQ

Thursday, January 22, 2009

Disable bug buddy in OpenSUSE11.1

這幾天OpenSUSE在X環境下(GNOME)不斷跳出bug buddy的popup message, 而我也已經將系統錯誤訊息回傳給OpenSUSE研發團隊了,但是它還是不斷地popup,有點惱人,決定先行關掉它了:

Disable bug buddy message method:
編輯家目錄下的 .profile:
vi ~/.profile
#Disable bug buddy message
export GNOME_DISABLE_CRASH_DIALOG=1

重新登入或重開機後就不再popup了.

Tuesday, January 20, 2009

iptstate tools

利用iptstate tools你可以觀察到netfilter中每一筆connection的狀況, 真是隻好工具! 使用時請先記得將ip_conntrack kernel module 掛載起來, 否則將無任何資料顯示出來.

# modprobe ip_conntrack

http://phildev.net/iptstate/