├── .gitignore
├── Graphite+collectl
    └── check-dependencies.py
├── Nmon
    ├── NA_UserGuide v34.doc
    ├── nmon analyser v34a.xls
    ├── nmon_x86_64_centos5
    ├── nmon_x86_64_centos6
    ├── nmon_x86_64_rhel6
    ├── nmon_x86_centos6
    └── nmon_x86_rhel6
├── README.md
├── apache+tomcat+jk
    ├── apache+tomcat.docx
    └── readme.txt
├── aria2
    ├── install.txt
    └── readme.txt
├── awstats
    ├── GeoLiteCity.dat
    ├── qqhostinfo
    │   ├── qqhostinfo.pm
    │   ├── qqwry.dat
    │   └── qqwry.pl
    └── readme.txt
├── cacti+nagios
    ├── install.sh
    └── liuliangyuzhi.txt
├── cacti
    ├── scripts
    │   ├── bind-stats.pl
    │   ├── echoping.pl
    │   ├── edit_rrd.sh
    │   ├── fbsd-stats.pl
    │   ├── iptables.pl
    │   ├── loadavg_gwynnebaer.pl
    │   ├── memfree_gwynnebaer.pl
    │   ├── ping-tcp.pl
    │   ├── ping_latency.pl
    │   ├── proc_cnt.sh
    │   ├── proc_gwynnebaer.pl
    │   ├── qmailq.pl
    │   ├── radius.pl
    │   ├── sendmail_messages.sh
    │   ├── sendmailq.pl
    │   ├── snmp-cacti-load.sh
    │   ├── snmp-cacti-mailq.sh
    │   ├── spine.pl
    │   └── webhits_gwynnebaer.pl
    └── template
    │   ├── lvs
    │       ├── cacti_data_query_lvs.xml
    │       ├── install.sh
    │       └── snmp-lvs.xml
    │   ├── memcache
    │       └── readme.txt
    │   ├── mysql
    │       ├── README.txt
    │       ├── cacti_graph_template_mysql_command_statistics.xml
    │       ├── cacti_graph_template_mysql_connections.xml
    │       ├── cacti_graph_template_mysql_handler_statistics.xml
    │       ├── cacti_graph_template_mysql_querycache_statistics.xml
    │       ├── cacti_graph_template_mysql_questions.xml
    │       ├── cacti_graph_template_mysql_single_statistics.xml
    │       ├── cacti_graph_template_mysql_thread_statistics.xml
    │       ├── cacti_graph_template_mysql_traffic.xml
    │       └── mysql_stats.php
    │   ├── nginx
    │       ├── cacti-nginx-readme
    │       ├── cacti_graph_template_nginx_clients_stat.xml
    │       ├── cacti_graph_template_nginx_sockets_stat.xml
    │       ├── get_nginx_clients_status.pl
    │       ├── get_nginx_socket_status.pl
    │       └── readme.txt
    │   ├── php-fpm
    │       ├── php
    │       │   ├── cacti_graph_template_php-fpm_pool_status.xml
    │       │   └── get_php_fpm_status.php
    │       └── sh
    │       │   ├── cacti_check_php-fpm.sh
    │       │   └── cacti_graph_template_php-fpm_fastcgi_stats.xml
    │   ├── tomcat
    │       └── readme.txt
    │   └── varnish
    │       └── Cacti_Plugin_for_Varnish_3.x
    │           ├── README.txt
    │           ├── cacti_host_template_varnish.xml
    │           ├── getVarnishStats.sh
    │           └── varnish_stats.sh
├── coreseek
    ├── csft_mysql.conf
    └── install.txt
├── denyhosts
    ├── denyhosts.conf
    └── install.txt
├── dhcp
    └── readme.txt
├── dns
    └── readme.txt
├── epel
    └── readme.txt
├── fastdfs
    └── 4.06
    │   ├── fastdfs-nginx-module_v1.15 mod_fastdfs.conf
    │   └── tracker.conf
├── fwknop
    └── readme.txt
├── gcc
    └── install.sh
├── git
    ├── etc
    │   ├── git-completion.bash
    │   ├── gitconfig
    │   └── profile
    ├── install.txt
    └── windows
    │   └── readme.txt
├── inotify+rsync
    ├── 10.10.67.80
    │   └── inotify_nfs_upload.sh
    ├── 10.10.67.81
    │   └── rsyncd.conf
    └── readme
├── iptables
    ├── apache+tomcat_114_ipt.sav
    ├── apache+tomcat_115_ipt.sav
    ├── db_ipt.sav
    ├── db_master_ipt.sav
    ├── db_slave_ipt.sav
    ├── lvs_ipt.sav
    ├── manager_ipt.sav
    ├── mysql_lvs_ipt.sav
    ├── redis_master_ipt.sav
    ├── redis_slave_ipt.sav
    ├── varnish_ipt.sav
    ├── web_ipt.sav
    ├── web_lvs_ipt.sav
    └── web_server_ipt.sav
├── iscsi
    ├── client
    │   ├── initiatorname.iscsi
    │   ├── iscsid.conf
    │   └── readme
    └── server
    │   ├── ietd.conf
    │   ├── initiators.allow
    │   ├── initiators.deny
    │   └── install
├── java
    └── install.txt
├── keepalived
    ├── VRRP.txt
    ├── check_mysql.sh
    └── keepalived.conf
├── kickstart
    ├── crypt.txt
    ├── default
    ├── ks.cfg
    └── readme.txt
├── kvm
    ├── kvm-install
    ├── kvm.docx
    ├── kvm01.xml
    └── rhel-debuginfo.repo
├── lamp
    ├── apc_tt.php
    ├── http-conf
    │   ├── extra
    │   │   ├── httpd-default.conf
    │   │   ├── httpd-mpm.conf
    │   │   └── httpd-vhosts.conf
    │   └── httpd.conf
    ├── lamp_32.sh
    ├── lamp_64.sh
    ├── mysql.user.sql
    ├── php.ini
    └── sysctl.conf
├── lftp
    └── readme.txt
├── lnmp
    ├── Zend Opcache.txt
    ├── apc_tt.php
    ├── cutlog.sh
    ├── iptables
    ├── iptables.sh
    ├── iptables_vps_master
    ├── iptables_web.sh
    ├── lnmp_32.sh
    ├── lnmp_64.sh
    ├── my-mini.cnf
    ├── my.cnf
    ├── mysql.user.sql
    ├── mysql_backup.sh
    ├── nginx-mini.conf
    ├── nginx-proxy-master.conf
    ├── nginx-proxy-vhost.com
    ├── nginx.conf
    ├── php-fpm.conf
    ├── php.ini
    ├── sysctl.conf
    └── tomcat
    │   └── install.sh
├── loganalyzer
    └── install.sh
├── lvs+keepalived
    └── install.sh
├── mysql
    ├── mysql-slave.sh
    ├── mysql_del_root.sh
    ├── mysqlsla.txt
    └── readme.txt
├── nagios
    ├── hostgroup.cfg
    ├── install.sh
    ├── nagios.cfg
    └── qhappy_check_nginx.sh
├── nfs-iptables
    └── readme.txt
├── nfs
    ├── client.sh
    └── server.sh
├── nginx+keepalived
    ├── install.sh
    ├── keepalived.conf
    ├── nginx.conf
    └── nginx_pid.sh
├── nginx+pathinfo
    └── readme.txt
├── nginx+tomcat
    └── install.txt
├── nginx_location
    └── readme.txt
├── nodejs
    └── readme.txt
├── ntop
    └── readme.txt
├── openssl
    └── readme.txt
├── openswan
    ├── ipsec.conf
    └── readme.txt
├── openvpn
    ├── client.txt
    ├── readme.txt
    └── server.conf
├── pdsh
    └── readme.txt
├── perl
    └── readme.txt
├── postfix
    ├── postfix-vda-v13-2.10.0.patch
    ├── postfix.txt
    └── readme.txt
├── psad
    ├── install.sh
    └── signatures
├── puppet
    └── install.sh
├── pure-ftpd
    └── install.sh
├── python
    ├── Dive.Into.Python-zh-cn-5.4-with-code.chm
    └── pip_install.txt
├── redis
    ├── Redis.doc
    ├── install.txt
    └── redis.conf
├── samba
    ├── readme.txt
    └── smb.conf
├── sersync
    ├── 10.10.67.40
    │   ├── confxml.xml
    │   └── readme.txt
    └── web_server
    │   ├── readme.txt
    │   ├── rsyncd.conf
    │   ├── rsyncd.motd
    │   └── rsyncd.secrets
├── sftp
    └── sftp.sh
├── shell
    ├── 9_9.sh
    ├── Double_line_spacing.sh
    ├── Reverse_line_order.sh
    ├── cut_log.sh
    ├── del_html.sh
    ├── disk_space.sh
    ├── factorial.sh
    ├── initialize_system.sh
    ├── inotify_nfs_upload.sh
    ├── merger_log.sh
    ├── merger_nginx_log.sh
    ├── merger_varnish_log.sh
    ├── readme.txt
    ├── rm.sh
    ├── ssh_chroot.sh
    └── web_status.sh
├── snmp
    └── readme.txt
├── some commands
    ├── column.txt
    ├── cut.txt
    ├── dig.txt
    ├── dmidecode.txt
    ├── find.txt
    ├── grub-crypt.txt
    ├── history.txt
    ├── join.txt
    ├── ldd.txt
    ├── mknod.txt
    ├── nc.txt
    ├── nl.txt
    ├── paste.txt
    ├── pdflush.txt
    ├── read.txt
    ├── sar.txt
    ├── seq.txt
    ├── sort.txt
    ├── strace.txt
    ├── tee.txt
    └── uniq.txt
├── subversion
    └── readme.txt
├── sudo
    └── readme.txt
├── svn+apache
    └── install.sh
├── swatch
    ├── readme.txt
    └── sshauth.pl
├── sysctl
    └── sysctl.conf
├── tcp-wrappers
    ├── hosts.allow
    ├── hosts.deny
    └── readme
├── tmux
    ├── .tmux.conf
    └── readme.txt
├── tomcat
    ├── install.sh
    └── java_install.txt
├── ubuntu_solarized
    ├── .vimrc
    └── install.sh
├── varnish
    └── install.sh
├── vim
    ├── readme.txt
    └── vim_YouCompleteMe
    │   └── install.sh
├── vncserver
    └── install.txt
├── wireshark
    └── readme.txt
└── xen
    ├── install.sh
    ├── install.txt
    └── repare.txt


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.tgz
 2 | *.gz
 3 | *.bz2
 4 | *.xz
 5 | *.msi
 6 | *.exe
 7 | *.rpm
 8 | *.pdf
 9 | *.bin
10 | *.zip
11 | *.rar
12 | *.7z
13 | *~
14 | *.swp
15 | /gcc/gcc/
16 | 


--------------------------------------------------------------------------------
/Nmon/NA_UserGuide v34.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/NA_UserGuide v34.doc


--------------------------------------------------------------------------------
/Nmon/nmon analyser v34a.xls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon analyser v34a.xls


--------------------------------------------------------------------------------
/Nmon/nmon_x86_64_centos5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon_x86_64_centos5


--------------------------------------------------------------------------------
/Nmon/nmon_x86_64_centos6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon_x86_64_centos6


--------------------------------------------------------------------------------
/Nmon/nmon_x86_64_rhel6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon_x86_64_rhel6


--------------------------------------------------------------------------------
/Nmon/nmon_x86_centos6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon_x86_centos6


--------------------------------------------------------------------------------
/Nmon/nmon_x86_rhel6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/Nmon/nmon_x86_rhel6


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | linux
2 | =====
3 | 
4 | 运维笔记
5 | 
6 |   主要是一些程序的部署过程。
7 | 


--------------------------------------------------------------------------------
/apache+tomcat+jk/apache+tomcat.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/apache+tomcat+jk/apache+tomcat.docx


--------------------------------------------------------------------------------
/apache+tomcat+jk/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/apache+tomcat+jk/readme.txt


--------------------------------------------------------------------------------
/aria2/install.txt:
--------------------------------------------------------------------------------
 1 | #如果是源码安装，gcc 版本需要升级，4.7 or later
 2 | ./configure && make && make install
 3 | 
 4 | 
 5 | #错误记录
 6 | #make时出现如下错误
 7 |   CXX      XmlRpcDiskWriter.lo
 8 |   CXX      FallocFileAllocationIterator.lo
 9 |   CXX      EpollEventPoll.lo
10 |   CXX      LibgnutlsTLSContext.lo
11 |   CXX      LibgnutlsTLSSession.lo
12 | LibgnutlsTLSSession.cc: In member function 'virtual int aria2::GnuTLSSession::init(int)':
13 | LibgnutlsTLSSession.cc:86:40: error: invalid conversion from 'unsigned int' to 'gnutls_connection_end_t' [-fpermissive]
14 | In file included from LibgnutlsTLSSession.h:40:0,
15 |                  from LibgnutlsTLSSession.cc:35:
16 | /usr/include/gnutls/gnutls.h:680:7: error:   initializing argument 2 of 'int gnutls_init(gnutls_session_int**, gnutls_connection_end_t)' [-fpermissive]
17 | make[3]: *** [LibgnutlsTLSSession.lo] Error 1
18 | make[3]: Leaving directory `/usr/src/RPM/BUILD/aria2-1.18.5/src'
19 | make[2]: *** [all-recursive] Error 1
20 | make[2]: Leaving directory `/usr/src/RPM/BUILD/aria2-1.18.5/src'
21 | make[1]: *** [all-recursive] Error 1
22 | make[1]: Leaving directory `/usr/src/RPM/BUILD/aria2-1.18.5'
23 | make: *** [all] Error 2
24 | 
25 | # 解决方法
26 | # 修改src/LibgnutlsTLSSession.cc,约在文件第76行，行前带+的为添加的内容
27 | #
28 | int GnuTLSSession::init(sock_t sockfd)
29 |   {
30 |  +#if GNUTLS_VERSION_NUMBER >= 0x030000
31 |     unsigned int flags = tlsContext_->getSide() == TLS_CLIENT ?
32 |       GNUTLS_CLIENT : GNUTLS_SERVER;
33 |   #ifdef A2_DISABLE_OCSP
34 |  @@ -84,6 +85,11 @@ int GnuTLSSession::init(sock_t sockfd)
35 |   #endif // A2_DISABLE_OCSP
36 |   
37 |     rv_ = gnutls_init(&sslSession_, flags);
38 |  +#else // GNUTLS_VERSION_NUMBER >= 0x030000
39 |  +  rv_ = gnutls_init(
40 |  +      &sslSession_,
41 |  +      tlsContext_->getSide() == TLS_CLIENT ? GNUTLS_CLIENT : GNUTLS_SERVER);
42 |  +#endif // GNUTLS_VERSION_NUMBER >= 0x030000
43 |     if(rv_ != GNUTLS_E_SUCCESS) {
44 |       return TLS_ERR_ERROR;
45 |     }
46 | 
47 | 


--------------------------------------------------------------------------------
/aria2/readme.txt:
--------------------------------------------------------------------------------
 1 | #主要参数
 2 | 
 3 | -x  (–max-connection-per-server ),多线程下载，对每个服务器使用几个连接
 4 | 
 5 | aria2c -x2 http://host/image.iso #使用2个线程下载这个文件
 6 | 
 7 | 
 8 | 
 9 | 
10 | -s 使用多个链接下载同一文件
11 | 
12 | aria2c -s2 http://host/image.iso http://mirror1/image.iso http://mirror2/image.iso
13 | #可以指定URIs的数量多余 -s 选项设定的数。在这个例子中，前两个URL会被用于下载，而第三个URL作为备用（如果前面两个有个挂了，第三个顶上）
14 | 
15 | 
16 | -u  (–max-upload-limit) 最大上传速度
17 | -c  断点续传
18 | 
19 | -S 查看种子中包含的文件
20 | --select-file 选择要下载种子中的哪些文件
21 | aria2c --select-file=1-4,8 file.torrent
22 | 
23 | 


--------------------------------------------------------------------------------
/awstats/GeoLiteCity.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/awstats/GeoLiteCity.dat


--------------------------------------------------------------------------------
/awstats/qqhostinfo/qqhostinfo.pm:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | #-----------------------------------------------------------------------------
 3 | # HostInfo AWStats plugin
 4 | # This plugin allow you to add information on hosts, like a whois fields.
 5 | #-----------------------------------------------------------------------------
 6 | # Perl Required Modules: XWhois
 7 | #-----------------------------------------------------------------------------
 8 | # $Revision: 1.12 $ - $Author: eldy $ - $Date: 2004/03/27 18:09:00 $
 9 | 
10 | 
11 | # <-----
12 | # ENTER HERE THE USE COMMAND FOR ALL REQUIRED PERL MODULES
13 | push @INC, "${DIR}/plugins";
14 | # ----->
15 | use strict;no strict "refs";
16 | 
17 | require "${DIR}/plugins/qqwry.pl";
18 | 
19 | #-----------------------------------------------------------------------------
20 | # PLUGIN VARIABLES
21 | #-----------------------------------------------------------------------------
22 | # <-----
23 | # ENTER HERE THE MINIMUM AWSTATS VERSION REQUIRED BY YOUR PLUGIN
24 | # AND THE NAME OF ALL FUNCTIONS THE PLUGIN MANAGE.
25 | my $PluginNeedAWStatsVersion="6.0";
26 | my $PluginHooksFunctions="ShowInfoHost";
27 | # ----->
28 | 
29 | # <-----
30 | # IF YOUR PLUGIN NEED GLOBAL VARIABLES, THEY MUST BE DECLARED HERE.
31 | use vars qw/
32 | /;
33 | # ----->
34 | 
35 | 
36 | 
37 | #-----------------------------------------------------------------------------
38 | # PLUGIN FUNCTION: Init_pluginname
39 | #-----------------------------------------------------------------------------
40 | sub Init_qqhostinfo {
41 | 	my $InitParams=shift;
42 | 	my $checkversion=&Check_Plugin_Version($PluginNeedAWStatsVersion);
43 | 
44 | 	# <-----
45 | 	# ENTER HERE CODE TO DO INIT PLUGIN ACTIONS
46 | 	debug(" InitParams=$InitParams",1);
47 | 	# ----->
48 | 
49 | 	return ($checkversion?$checkversion:"$PluginHooksFunctions");
50 | }
51 | 
52 | 
53 | 
54 | 
55 | 
56 | #-----------------------------------------------------------------------------
57 | # PLUGIN FUNCTION: ShowInfoHost_pluginname
58 | # UNIQUE: NO (Several plugins using this function can be loaded)
59 | # Function called to add additionnal columns to the Hosts report.
60 | # This function is called when building rows of the report (One call for each
61 | # row). So it allows you to add a column in report, for example with code :
62 | #   print "<TD>This is a new cell for $param</TD>";
63 | # Parameters: Host name or ip
64 | #-----------------------------------------------------------------------------
65 | sub ShowInfoHost_qqhostinfo {
66 |     my $param="$_[0]";
67 | 	# <-----
68 | 	if ($param eq '__title__') {
69 | 		print "<th width=\"80\">Location</th>";	
70 | 	}
71 | 	elsif ($param) {
72 | 		print "<td>";
73 | 		print ipwhere("$param");
74 | 		#print $param;
75 | 		print "</td>";
76 | 	}
77 | 	else {
78 | 		print "<td>&nbsp;</td>";
79 | 	}
80 | 	return 1;
81 | 	# ----->
82 | }
83 | 
84 | 
85 | 
86 | 
87 | 1;	# Do not remove this line
88 | 


--------------------------------------------------------------------------------
/awstats/qqhostinfo/qqwry.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/awstats/qqhostinfo/qqwry.dat


--------------------------------------------------------------------------------
/awstats/qqhostinfo/qqwry.pl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/awstats/qqhostinfo/qqwry.pl


--------------------------------------------------------------------------------
/awstats/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/awstats/readme.txt


--------------------------------------------------------------------------------
/cacti+nagios/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti+nagios/install.sh


--------------------------------------------------------------------------------
/cacti+nagios/liuliangyuzhi.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti+nagios/liuliangyuzhi.txt


--------------------------------------------------------------------------------
/cacti/scripts/bind-stats.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | # bind-stats.pl - a script to return bind-related statistical information
 4 | #                 Author: Matt Groener, gwynnebaer@hotmail.com
 5 | 
 6 | # Use built-in option syntax
 7 | use Getopt::Std;
 8 | 
 9 | # use $opt_d to override default named.stats dir location
10 | getopt('d');
11 | 
12 | $STATFILE = $opt_d ? "$opt_d/named.stats" : '/var/named/named.stats';
13 | $MEMFILE  = $opt_d ? "$opt_d/named.memstats" : '/var/named/named.memstats';
14 | $cmd_ndc  = '/usr/sbin/ndc -q stats > /dev/null 2>&1';
15 | 
16 | # Generate stats now (this could be turned off and run via cron as well)
17 | unlink($STATFILE,$MEMFILE);
18 | qx($cmd_ndc);
19 | $status = $?;
20 | die "Failed command: $cmd_ndc: EXIT_CODE: $status" if $status;
21 | 
22 | # Die unless we can locate the stats file
23 | if (!open(STATS,$STATFILE)) {
24 |         die "Failed to open $STATFILE: $!\n";
25 | }
26 | 
27 | # Parse the stats file
28 | while (<STATS>) {
29 |         next if /^[\-\+]/;
30 |         chomp();
31 |         if (/Legend/) { $start_legend++; next; }
32 |         if (/Global/) { $start_legend--; $start_global++; next; }
33 |         if ($start_legend) {
34 |                 push(@legend,split());
35 |         } elsif ($start_global) {
36 |                 @global = split();
37 |                 for (0..$#legend) { $hash{lc($legend[$_])} = $global[$_]; }
38 |                 last;
39 |         } else {
40 |                 @data = split();
41 |                 next if $data[1] =~ /^\d+$/;
42 |                 # break up the data and build hash of data
43 |                 /time since/i && do { $hash{lc($data[3])} = $data[0]; next; };
44 |                 /^\d+\s+.*\s+quer/i && do { $hash{lc($data[1])} = $data[0]; next; };
45 |         }
46 | }
47 | close (STATS);
48 | 
49 | # print out stats or usage
50 | if (@ARGV) {
51 |         foreach $argv (@ARGV) {
52 |                 push(@output,$hash{lc($argv)}) if defined $hash{lc($argv)};
53 |         }
54 |         print "@output";
55 | } else {
56 |         print "Usage: $0 [-d statsdir] args\n\n       where args is one of:\n       ";
57 |         foreach $argv (sort keys %hash) {
58 |                 print $argv;
59 |                 $incr++;
60 |                 if ($incr == 13) {
61 |                         print "\n       ";
62 |                         $incr = 0;
63 |                 } else {
64 |                         print " ";
65 |                 }
66 |         }
67 |         print "\n\n";
68 | }


--------------------------------------------------------------------------------
/cacti/scripts/echoping.pl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti/scripts/echoping.pl


--------------------------------------------------------------------------------
/cacti/scripts/edit_rrd.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ $# = 0 ]
 4 | then
 5 |         echo "Usage ./edit_rrd.sh [FILENAME]"
 6 |         exit
 7 | fi
 8 | 
 9 | rrdtool dump $1 > /tmp/work.xml
10 | 
11 | vi /tmp/work.xml
12 | 
13 | rm -f $1
14 | 
15 | rrdtool restore /tmp/work.xml $1


--------------------------------------------------------------------------------
/cacti/scripts/iptables.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | #
 3 | # This is a quick perl script to 
 4 | # pull bandwidth usage from iptables chains
 5 | #
 6 | # If you use/optimize this script, please let me know.
 7 | # Brian Stanback : brian [at] stanback [dot] net
 8 | 
 9 | # Example iptables rule for web bandwidth usage:
10 | # > iptables -N WWW
11 | # > iptables -A WWW -j ACCEPT
12 | # > iptables -A INPUT -p tcp -m tcp --dport 80 -j WWW
13 | # > iptables -A OUTPUT -p tcp -m tcp --sport 80 -j WWW
14 | #
15 | # Run "iptables.pl WWW" as root to test, note that you can 
16 | # combine more than one protocol into a single chain.
17 | #
18 | # Sudo Configuration (/etc/sudoers)
19 | # > www-data    ALL = NOPASSWD: /usr/share/cacti/scripts/iptables.pl
20 | #
21 | # The Input String should be set to "sudo <path_cacti>/scripts/iptables.pl <chain>"
22 | # and you will need to setup an input field so that the <chain> argument can be passwd.
23 | #
24 | # The data input type should be set to COUNTER
25 | #
26 | 
27 | if ($ARGV[0])
28 | {
29 |         $chains = `/sbin/iptables -xnvL | grep -A 2 'Chain $ARGV[0]'`;
30 |         @chains = split(/\n/, $chains);
31 |         $chains[2] =~ /[\W+]?[0-9]+\W+([0-9]+)\W+/;
32 |         print $1;
33 | }
34 | else
35 | {
36 |         print "Usage: $0 Chain\n";
37 | }


--------------------------------------------------------------------------------
/cacti/scripts/loadavg_gwynnebaer.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl 
 2 | 
 3 | # get load uptimes for 1;5;15 min 
 4 | # usage: loadavg.pl 1|5|15|all|debug 
 5 | chomp($uptime = qx(uptime)); 
 6 | $uptime_raw = $uptime; 
 7 | $uptime =~ s/.*:\s+|,//g; 
 8 | @uptime = split(/\s+/,$uptime); 
 9 | 
10 | for ($ARGV[0]) { 
11 |         /^1$/ && print $uptime[0]; 
12 |         /^5/ && print $uptime[1]; 
13 |         /^15/ && print $uptime[2]; 
14 |         /all/ && print $uptime; 
15 |         /debug/ && do { print "UPTIME: $uptime_raw\n", 
16 |                               "5MIN:    $uptime[0]\n", 
17 |                               "15MIN:   $uptime[1]\n", 
18 |                               "30MIN:   $uptime[2]\n"; }; 
19 | } 
20 | 
21 | exit 0;


--------------------------------------------------------------------------------
/cacti/scripts/memfree_gwynnebaer.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl 
 2 | 
 3 | if (-r '/proc/meminfo') { 
 4 |     $procfile = '/proc/meminfo'; 
 5 | } elsif (-r '/compat/linux/proc/meminfo') { 
 6 |     # FreeBSD Linux emulation 
 7 |     $procfile = '/compat/linux/proc/meminfo'; 
 8 | } else { 
 9 |     # this only works for Linux or FreeBSD (with linux emulation) 
10 |     exit(1); 
11 | } 
12 | 
13 | open(PROCFILE,$procfile); 
14 | while (<PROCFILE>) { 
15 |     chomp(); 
16 |     if (/^$ARGV[0]/) { 
17 |         s/^$ARGV[0]:?\s+(\d+).*/$1/g; 
18 |         print; 
19 |         last; 
20 |     } 
21 | } 
22 | close(PROCINFO);


--------------------------------------------------------------------------------
/cacti/scripts/ping-tcp.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | require 5.002;
 4 | use Socket;
 5 | use Time::HiRes qw(gettimeofday tv_interval);
 6 | use Errno qw(ECONNREFUSED EINTR);
 7 | 
 8 | sub timeout
 9 | {
10 |         return;
11 | }
12 | 
13 | sub ping
14 | {
15 |         my($host, $timeout, $count) = @_;
16 |         my $iaddr = inet_aton($host) or die "Unknown host: $host\n";
17 |         my $proto = getprotobyname('tcp') or die "getprotobyname: $!\n";
18 |         my $n = 0;
19 |         my $port = 65535;
20 |         my $paddr = undef;
21 |         my $elapsed = 0;
22 |         my $got = 0;
23 | 
24 |         while($n++ < $count || !$count)
25 |         {
26 |                 $paddr = sockaddr_in($port, $iaddr) or
27 |                         die "getprotobyname: $!\n";
28 | 
29 |                 socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or 
30 |                         die "socket: $!\n";
31 | 
32 |                 local($SIG{'ALRM'}) = 'timeout';
33 |                 alarm($timeout);
34 | 
35 |                 my $t0 = [gettimeofday];
36 |                 connect(SOCKET, $paddr);
37 | 
38 |                 if ($! == &EINTR)
39 |                 {
40 |                         $port--;
41 |                 }
42 | 
43 |                 if ($! == &ECONNREFUSED)
44 |                 {
45 |                         $got++;
46 |                         $elapsed += tv_interval ($t0, [gettimeofday]);  
47 |                 }
48 | 
49 |                 close(SOCKET);
50 |         }
51 | 
52 |         if ($got)
53 |         {
54 |                 return (($elapsed * 1000) / $got);
55 |         }
56 |         else
57 |         {
58 |                 return -1;
59 |         }
60 | }
61 | 
62 | print ping($ARGV[1], 5, $ARGV[0]);


--------------------------------------------------------------------------------
/cacti/scripts/ping_latency.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | $Target = $ARGV[0]; 
 4 | $PLCount = 12; 
 5 | 
 6 | $Ping = "ping -l 3 -c $PLCount -i .2 -w 2 $Target |"; 
 7 | 
 8 | open(PING, $Ping) || die "U:U\n"; 
 9 | while(<PING>) {
10 |         #64 bytes from 192.168.3.1: icmp_seq=3 ttl=254 time=16.0 ms
11 | 	if(/time=(\d+\.?\d*)\sms/) {
12 | 		if($1 eq "<") {push(@RTValues, 0)} 
13 |                 else {push(@RTValues, $1)} 
14 |                 $PLCount--;
15 | 	} 
16 | } 
17 | close(PING); 
18 | 
19 | #Calculate the Average Round-Trip Time 
20 | @RTValues = sort {$a <=> $b} @RTValues;         #Sorts the numbers 
21 | shift(@RTValues);                               #Removes the lowest number 
22 | pop(@RTValues);                                 #Removes the highest number 
23 | 
24 | $Average = $Average / ($#RTValues + 1);
25 | while($i <= $#RTValues) {
26 |         $Average += $RTValues[$i];
27 |         $i++; 
28 | } 
29 | 
30 | $Average = $Average / $#RTValues; 
31 | $Average = sprintf("%.0f", $Average);           #Round Off Decimals 
32 | 
33 | #Calculate the Packet Loss Percentage 
34 | $PacketLoss = $PLCount * 5; 
35 | if($PacketLoss == 100) {$Average = "U"} 
36 | 
37 | print "roundtrip:$Average packetloss:$PacketLoss"; 
38 | 


--------------------------------------------------------------------------------
/cacti/scripts/proc_cnt.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti/scripts/proc_cnt.sh


--------------------------------------------------------------------------------
/cacti/scripts/proc_gwynnebaer.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl 
 2 | 
 3 | # returns number of open processes from 'ps' output 
 4 | 
 5 | open(PROCS,'/bin/ps ax |'); 
 6 | while (<PROCS>) { 
 7 |         $procs++; 
 8 | } 
 9 | close(PROCS); 
10 | 
11 | $procs--; 
12 | 
13 | print $procs;


--------------------------------------------------------------------------------
/cacti/scripts/qmailq.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | #
 3 | # qmailq.pl
 4 | #
 5 | # Author         : Jeremy Garcia <jeremy@linuxquestions.org>
 6 | # Date          : 07/07/04
 7 | # Version       : 0.2
 8 | # Description   : Script to output the number of messages in a qmail queue.
 9 | #                 Output is <messages in queue> <messages in queue but not yet
10 | #                 preprocessed>
11 | #		  Thanks to Nick, who alerted me to the fact that the script
12 | #		  needed an update
13 | #		  to be compatible with the latest version of cacti.
14 | 
15 | # Full path to qmail-stat.  If you are using Linux you will need to write
16 | # a SUID perl wrapper as suid sh scripts are no good in Linux.
17 | @queue = `/var/qmail/bin/qmail-qstat.pl`;
18 | 
19 | @jqueue = split " ",$queue[0];
20 | @pro    = split " ",$queue[1];
21 | 
22 | print join(':','messages',$jqueue[3])," ",join(':','unprocessed',$pro[7]);


--------------------------------------------------------------------------------
/cacti/scripts/radius.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | #
 3 | #
 4 | #This script fetch the number of online users in a Freeradius server with mysql module.
 5 | #You just have to change login, password, databasename and the ip address of your NAS.
 6 | #Omar Armas <oarmas at mpsnet.net.mx>
 7 | 
 8 | use DBI;
 9 | 
10 | my $dsn = 'DBI:mysql:radius:localhost';
11 | my $db_user_name = 'username';
12 | my $db_password = 'password';
13 | my $dbh = DBI->connect($dsn, $db_user_name, $db_password) or die "Failed to connect $DBI::errstr\n";
14 | 
15 | my $sth = $dbh->prepare(qq{
16 |     SELECT DISTINCT UserName,AcctStartTime,FramedIPAddress,CallingStationId FROM radacct
17 | 	WHERE AcctStopTime = '0' AND NASIPAddress = '200.23.1.1' GROUP BY UserName
18 |     });
19 | $sth->execute();
20 | print $sth->rows();
21 | 
22 | exit;


--------------------------------------------------------------------------------
/cacti/scripts/sendmail_messages.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # Autor         : Stefan Arts, Holland
 4 | # Date          : 07/22/05
 5 | # Version       : 1.0
 6 | # Description   : Script to output the number of messages send to sendmail
 7 | #                 Output is <messages received by sendmail>
 8 | #
 9 | #                 If you run the cacti poller as non-root, then you may need
10 | #                 need to change the permissions of the sendmail statistics
11 | #                 file. Example:
12 | #
13 | #                   chmod 644 /etc/mail/statistics
14 | #
15 | /usr/sbin/mailstats | grep ^\ T | cut -b25-32 | sed s/\ *//


--------------------------------------------------------------------------------
/cacti/scripts/sendmailq.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | # sendmailq.pl
 3 | #
 4 | # Autor         : Jeremy Garcia <jeremy@linuxquestions.org>
 5 | # Date          : 05/03/02
 6 | # Version       : 0.2
 7 | #		: - Added support for both single and multiple queues
 8 | #		: - Tried to accomodate for as many different forms of output as possible.
 9 | #		    If I missed yours let me know and I will include it.
10 | # Description	: Script to output the number of messages in a sendmail queue.
11 | #		  Output is <messages in queue>
12 | 
13 | # If you run sendmail with mupltiple queues uncomment this line
14 | #$MULTIPLE_QUEUE = 1;
15 | 
16 | if ($MULTIPLE_QUEUE) {
17 | 	$mailq = `mailq | grep "Total Requests:" | cut -d' ' -f3`;
18 | 	chomp $mailq;
19 | }
20 | else {
21 | 	$mailq = `mailq | head -1 | cut -d'(' -f2 | cut -d' ' -f01`;
22 | 	chomp $mailq;
23 | 	if ($mailq eq "is" || $mailq =~ "queue" || $mailq eq "Mail") { $mailq = 0 }
24 | }
25 | 
26 | print $mailq;


--------------------------------------------------------------------------------
/cacti/scripts/snmp-cacti-load.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # 
 3 | # snmp-cacti-load.sh
 4 | # 
 5 | # Autor         : Danny Bendersky <danny@team.inter.net>
 6 | # Date          : 11 Feb 2002
 7 | # Version       : 1.0
 8 | # Description	: Script that give the load in a server with SNMP.
 9 | #
10 | #
11 | # Verify that there is an input
12 | # ------------------------------
13 | if [ -z "$1" ]; then
14 | echo "usage: snmp-cacti-load.sh <server> <snmp-comunity> <num>"
15 | echo
16 | exit
17 | fi
18 | #
19 | # Variables
20 | # ---------
21 | SERVER=$1                    # Example: 10.0.0.3
22 | SNMPCOMUNITY=$2              # Example: public
23 | NUM=$3                       # Example: 1
24 | #
25 | case $NUM in
26 | 	1)
27 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.1 | awk '{print $3}'
28 |         ;;
29 | 	5)
30 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.2 | awk '{print $3}'
31 |         ;;
32 | 	15)
33 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.3 | awk '{print $3}'
34 |         ;;
35 | 	*)
36 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.1 | awk '{print $3}'
37 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.2 | awk '{print $3}'
38 |         /usr/bin/snmpget $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.10.1.3.3 | awk '{print $3}'
39 |         ;;
40 | esac
41 | #
42 | # End of File


--------------------------------------------------------------------------------
/cacti/scripts/snmp-cacti-mailq.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # 
 3 | # snmp-cacti-mailq.sh
 4 | # 
 5 | # Autor         : Danny Bendersky <danny@team.inter.net>
 6 | # Date          : 12 Feb 2002
 7 | # Version       : 1.0
 8 | # Description	: Script that give the mailq in a server with SNMP
 9 | #
10 | #
11 | # Verify that there is an input
12 | # ------------------------------
13 | if [ -z "$1" ]; then
14 | echo "usage: snmp-cacti-mailq.sh <server> <snmp-comunity>"
15 | echo
16 | exit
17 | fi
18 | #
19 | # Variables
20 | # ---------
21 | SERVER=$1                    # Example: 10.0.0.3
22 | SNMPCOMUNITY=$2              # Example: public
23 | #
24 | /usr/bin/snmpwalk -v 1 $SERVER $SNMPCOMUNITY .1.3.6.1.4.1.2021.53.101.0\
25 | | awk '{ print $5 }'|sed -e "s/(//g"
26 | #
27 | #
28 | # End of File


--------------------------------------------------------------------------------
/cacti/scripts/webhits_gwynnebaer.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl 
 2 | 
 3 | # reads in apache (or any) logfile and returns either 0 or number of lines 
 4 | $lines = 0; 
 5 | 
 6 | unless ($ARGV[0]) { 
 7 |         $log_path = '/var/log/httpd/access_log'; 
 8 | } else { 
 9 |         $log_path = $ARGV[0]; 
10 | } 
11 | 
12 | 
13 | if (-r $log_path) { 
14 |         open(LOG_PATH,$log_path); 
15 |         while (<LOG_PATH>) { 
16 |                 $lines++; 
17 |         } 
18 |         close(LOG_PATH); 
19 | } 
20 | 
21 | print $lines;


--------------------------------------------------------------------------------
/cacti/template/lvs/install.sh:
--------------------------------------------------------------------------------
 1 | #服务端
 2 | cacti导入模版 cacti_data_query_lvs.xml
 3 | snmp-lvs.xml上传到cacti_path/resource/net_queries目录下
 4 | 
 5 | 
 6 | Host Templates-->Add
 7 | #填写一下信息
 8 | Name：自定义
 9 | 
10 | Associated Graph Templates： ucd/net-LVS-Connections --> Add
11 | Save
12 | 
13 | Data Templates --> ucd/net - LVS-Connections
14 | 
15 | Data Input Method --> Get SNMP Data
16 | OID 
17 | 
18 | Save
19 | 
20 | #客户端
21 | 安装snmp-lvs-module
22 | 
23 | rpm -ivh net-snmp-lvs-module-0.0.4-5.el6.x86_64.rpm
24 | #验证是否安装成功
25 | snmptranslate -m LVS-MIB -On -IR lvsServiceEntry
26 | 
27 | snmpwalk -v 2c 172.16.83.93 -c public .1.3.6.1.4.1.8225.4711.17.1.10
28 | 
29 | 
30 | vi /etc/snmp/snmpd.conf ,加入以下行
31 | 
32 | dlmod lvs /usr/lib64/libnetsnmplvs.so
33 | 
34 | service snmpd restart
35 | 


--------------------------------------------------------------------------------
/cacti/template/lvs/snmp-lvs.xml:
--------------------------------------------------------------------------------
 1 | <interface>
 2 | 	<name>Get IPVS Statistics</name>
 3 | 	<oid_index>.1.3.6.1.4.1.8225.4711</oid_index>
 4 | 	
 5 | 	<fields>
 6 | 		<srvIndex>
 7 | 			<name>Index</name>
 8 | 			<method>walk</method>
 9 | 			<source>value</source>
10 | 			<direction>input</direction>
11 | 			<oid>.1.3.6.1.4.1.8225.4711.17.1.1</oid>
12 | 		</srvIndex>
13 | 		<srvIP>
14 | 			<name>Service IP</name>
15 | 			<method>walk</method>
16 | 			<source>value</source>
17 | 			<direction>input</direction>
18 | 			<oid>.1.3.6.1.4.1.8225.4711.17.1.4</oid>
19 | 		</srvIP>
20 | 		<srvSched>
21 | 			<name>Scheduler</name>
22 | 			<method>walk</method>
23 | 			<source>value</source>
24 | 			<direction>input</direction>
25 | 			<oid>.1.3.6.1.4.1.8225.4711.17.1.2</oid>
26 | 		</srvSched>
27 | 		<srvPort>
28 | 			<name>Service port</name>
29 | 			<method>walk</method>
30 | 			<source>value</source>
31 | 			<direction>input</direction>
32 | 			<oid>.1.3.6.1.4.1.8225.4711.17.1.5</oid>
33 | 		</srvPort>
34 | 		<srvBytesOut>
35 | 			<name>Bytes out</name>
36 | 			<method>walk</method>
37 | 			<source>value</source>
38 | 			<direction>output</direction>
39 | 			<oid>.1.3.6.1.4.1.8225.4711.17.1.14</oid>
40 | 		</srvBytesOut>
41 |                 <srvBytesIn>
42 |                         <name>Bytes in</name>
43 |                         <method>walk</method>
44 |                         <source>value</source>
45 |                         <direction>output</direction>
46 |                         <oid>.1.3.6.1.4.1.8225.4711.17.1.13</oid>
47 |                 </srvBytesIn>
48 |                 <srvPktsOut>
49 |                         <name>Packets Out</name>
50 |                         <method>walk</method>
51 |                         <source>value</source>
52 |                         <direction>output</direction>
53 |                         <oid>.1.3.6.1.4.1.8225.4711.17.1.12</oid>
54 |                 </srvPktsOut>
55 |                 <srvPktsIn>
56 |                         <name>Packets In</name>
57 |                         <method>walk</method>
58 |                         <source>value</source>
59 |                         <direction>output</direction>
60 |                         <oid>.1.3.6.1.4.1.8225.4711.17.1.11</oid>
61 |                 </srvPktsIn>
62 |                 <srvConnects>
63 |                         <name>Connections</name>
64 |                         <method>walk</method>
65 |                         <source>value</source>
66 |                         <direction>output</direction>
67 |                         <oid>.1.3.6.1.4.1.8225.4711.17.1.10</oid>
68 |                 </srvConnects>
69 | 	</fields>
70 | </interface>
71 | 


--------------------------------------------------------------------------------
/cacti/template/memcache/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti/template/memcache/readme.txt


--------------------------------------------------------------------------------
/cacti/template/mysql/README.txt:
--------------------------------------------------------------------------------
 1 | README 
 2 | mysql_stats.php
 3 | version 2.0.1
 4 | enables cacti to read mysql statistics
 5 | support: Scott McCarty <scott.mccarty@gmail.com>
 6 | author: Otto Berger berger@hk-net.de
 7 | date: 2005/01/18 - 2011
 8 | 
 9 | INSTALLATION
10 | ============
11 | 
12 | 1. put the mysql_stats.php file inside the cacti/scripts/ directory
13 | 2. import the .xml-Files using the cacti webinterface
14 | 
15 | To upgrade a previous installation, have a look below.
16 | 
17 | USAGE
18 | =====
19 | 
20 | Configure the mysql-server you want to graph. To enable access from the
21 | cacti-machine to the mysql-status informations, you must have the 
22 | "process" right.
23 | 
24 | Use for example the following mysql-command to set the process-right for the
25 | mysql-user "cactiuser" with the password "cactipasswd":
26 | 
27 | GRANT PROCESS ON *.* TO cactiuser@'localhost' IDENTIFIED by 'cactipasswd';
28 | 
29 | To monitor a foreign host, fill in the hostname where you came from, 
30 | for example:
31 | 
32 | GRANT PROCESS ON *.* TO cactiuser@'cactihost.com' IDENTIFIED by 'cactipasswd';
33 | 
34 | 
35 | GRAPH CREATION
36 | ==============
37 | 
38 | 1. Click inside cacti on "New Graphs"
39 | 2. Choose host and a mysql-template
40 | 3. Click create
41 | 4. Fill in the MySQL-username and password as specified obove
42 | 5. Finished!
43 | 
44 | 
45 | UPGRADE
46 | =======
47 | 
48 | Put the new mysql_stats.php file inside the cacti/scripts/ directory
49 | You can now delete the other mysql_* php-files...
50 | 
51 | --> Normally the import of the xml-files using the cacti-interface
52 | --> would be enough to upgrade.
53 | 
54 | 
55 | In case of errors, or to prevent them, you have to edit the 
56 | "data input methods" manually through the webinterface. For each MySQL-
57 | input method you have to change the input string to one of the following:
58 | 
59 | MySQL - QCache statistics:
60 | <path_php_binary> -q <path_cacti>/scripts/mysql_stats.php cache <hostname> <username> <password>
61 | 
62 | MySQL - Single Statistics:
63 | <path_php_binary> -q <path_cacti>/scripts/mysql_stats.php status <hostname> <username> <password> <query>
64 | 
65 | MySQL - Handler statistics:
66 | <path_php_binary> -q <path_cacti>/scripts/mysql_stats.php handler <hostname> <username> <password>
67 | 
68 | MySQL - Command statistics:
69 | <path_php_binary> -q <path_cacti>/scripts/mysql_stats.php command <hostname> <username> <password>
70 | 
71 | MySQL - Thread statistics:
72 | <path_php_binary> -q <path_cacti>/scripts/mysql_stats.php thread <hostname> <username> <password>
73 | 
74 | 
75 | 


--------------------------------------------------------------------------------
/cacti/template/mysql/mysql_stats.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /* mysql_stats.php
 3 |  * enables cacti to read mysql statistics
 4 |  * by berger@hk-net.de 2005/01/18
 5 |  *
 6 |  * usage:
 7 |  * mysql_stats.php section db_host db_user db_password [status_var]
 8 |  * sections:
 9 |  * cache, command, handler, thread, traffic, status
10 | */
11 | 
12 | if ($_SERVER["argc"] == 5 || ($_SERVER["argv"][1] == "status" && $_SERVER["argc"] == 6)) {
13 | 
14 | 	$host     = $_SERVER["argv"][2];
15 | 	$username = $_SERVER["argv"][3];
16 | 	$password = $_SERVER["argv"][4];
17 | 
18 | 	if (@mysql_connect($host, $username, $password)) {
19 | 		$result_stat = @mysql_query("SHOW /*!50002 GLOBAL */ STATUS");
20 | 		while ($fld_stat = @mysql_fetch_row($result_stat)) {
21 | 			$status[$fld_stat[0]] = $fld_stat[1];
22 | 		}
23 | 
24 | 		$result_var = @mysql_query("SHOW /*!50002 GLOBAL */ VARIABLES");
25 | 		while ($fld_var = @mysql_fetch_row($result_var)) {
26 | 			$variables[$fld_var[0]] = $fld_var[1];
27 | 		}
28 | 	} else {
29 | 		die("Error: MySQL connect failed. Check MySQL parameters (host/login/password)\n");
30 | 	}
31 | 	
32 | 	if (!is_array($status) || !is_array($variables)) {
33 | 		die("Error: Cannot get statistics. Check MySQL server permissions\n");
34 | 	}
35 | 
36 | 	switch($_SERVER["argv"][1]) {
37 | 	case "cache" :
38 | 		$output = "used:" 		. ($variables["query_cache_size"]-$status["Qcache_free_memory"]) . " "
39 | 				 ."available:" 	. $status["Qcache_free_memory"];
40 | 	break;
41 | 	case "command" :
42 | 		$output = "change_db:" . $status["Com_change_db"] . " "
43 | 				 ."delete:"    . $status["Com_delete"] . " "
44 | 				 ."insert:"    . $status["Com_insert"] . " "
45 | 				 ."select:"    . $status["Com_select"] . " "
46 | 				 ."update:"    . $status["Com_update"];
47 | 	break;
48 | 	case "handler" :
49 | 		$output = "delete:" 		. $status["Handler_delete"] . " "
50 | 				 ."read_first:" 	. $status["Handler_read_first"] . " "
51 | 				 ."read_key:"   	. $status["Handler_read_key"] . " "
52 | 				 ."read_next:"  	. $status["Handler_read_next"] . " "
53 | 				 ."read_prev:"  	. $status["Handler_read_prev"] . " "
54 | 				 ."read_rnd:"   	. $status["Handler_read_rnd"] . " "
55 | 				 ."read_rnd_next:" 	. $status["Handler_read_rnd_next"] . " "
56 | 				 ."update:"			. $status["Handler_update"] . " "
57 | 				 ."write:"			. $status["Handler_write"];
58 | 	break;
59 | 	case "thread" :
60 | 		$output = "connected:" . $status["Threads_connected"] . " "
61 | 				 ."running:"   . $status["Threads_running"] . " "
62 | 				 ."cached:"    . $status["Threads_cached"];
63 | 	break;
64 | 	case "traffic" :
65 | 		$output = "in:"		. $status["Bytes_received"] . " "
66 | 				 ."out:"	. $status["Bytes_sent"];
67 | 	break;
68 | 	case "status" :
69 | 		if (!isset($_SERVER["argv"][5])) {
70 | 			die("Error: wrong parameter count\nUsage: mysql_stats.php db_host db_user db_password status_var\n");
71 | 		}
72 | 		$output = $status[$_SERVER["argv"][5]];
73 | 	break;
74 | 	default :
75 | 		die("Error: undefinded parameter given.\nUse one of these: cache, commands, handler, thread, status, traffic\n");
76 | 	}
77 | 
78 | 	echo $output;
79 | 	
80 | } else {
81 | 	die("Error: wrong parameter count\nUsage: mysql_stats.php section db_host db_user db_password [status_var]\n");
82 | }
83 | ?>
84 | 


--------------------------------------------------------------------------------
/cacti/template/nginx/cacti-nginx-readme:
--------------------------------------------------------------------------------
 1 | Scripts and templates for nginx.
 2 | 
 3 | Provide graphing nginx clients statistics (active, reading, writing, waiting)
 4 | and nginx socket statistics (accepts, handled, requests). It's a formal devision
 5 | used only for graphs usability.
 6 | 
 7 | For use do next steps:
 8 | 
 9 | 1. Enable nginx http_stub_status_module at configure stage (if requared).
10 | 
11 | 2. Enable stub status. Add to nginx.conf (in any server context):
12 | 
13 | location /nginx_status {
14 |         stub_status on;
15 | 	# disable access_log if requared
16 | 	access_log   off;
17 |         #allow XX.YY.AA.ZZ;
18 | 	#allow YY.ZZ.JJ.CC;
19 |         #deny all;
20 | }
21 | 
22 | Restart nginx.
23 | 
24 | 3.
25 | 
26 | cp get_nginx_clients_status.pl <path_cacti>/scripts/
27 | cp get_nginx_socket_status.pl <path_cacti>/scripts/
28 | chmod 0755 <path_cacti>/scripts/get_nginx_socket_status.pl
29 | chmod 0755 <path_cacti>/scripts/get_nginx_clients_status.pl
30 | 
31 | 4. Check that it's work. Run
32 | 
33 | get_nginx_clients_status.pl http://nginx.server.tld/nginx_status
34 | 
35 | and see that returned the same string:
36 | 
37 | nginx_accepts:113869 nginx_handled:113869 nginx_requests:122594
38 | 
39 | 5. Import to cacti cacti_graph_template_nginx_clients_stat.xml and cacti_graph_template_nginx_sockets_stat.xml.
40 | 
41 | 6. Add nginx graphs to yours hosts.
42 | 


--------------------------------------------------------------------------------
/cacti/template/nginx/get_nginx_clients_status.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | if (! eval "require LWP::UserAgent;")
 4 | {
 5 | 	$ret = "LWP::UserAgent not found";
 6 | }
 7 | 
 8 | if ( exists $ARGV[0]) {
 9 | 	if ($ret)
10 | 	{
11 | 		print "no ($ret)\n";
12 | 		exit 1;
13 | 	}
14 | 
15 | 	my $ua = LWP::UserAgent->new(timeout => 5);
16 | 
17 | 	my $response = $ua->request(HTTP::Request->new('GET',$ARGV[0]));
18 | 	my @content = split (/\n/, $response->content);
19 | 
20 | 	my $active_connections = -1;
21 | 	if ($content[0] =~ /^Active connections:\s+(\d+)\s*$/i) {
22 | 		$active_connections = $1;
23 | 	}
24 | 
25 | 	my $accepts = -1;
26 | 	my $handled = -1;
27 | 	my $requests = -1;
28 | 	if ($content[2] =~ /^\s+(\d+)\s+(\d+)\s+(\d+)\s*$/) {
29 | 		$accepts = $1;
30 | 		$handled = $2;
31 | 		$requests = $3;
32 | 	}
33 | 
34 | 	my $reading = -1; 
35 | 	my $writing = -1; 
36 | 	my $waiting = -1;
37 | 	if ($content[3] =~ /Reading: (\d+) Writing: (\d+) Waiting: (\d+)\s*$/) {
38 | 		$reading = $1;
39 | 		$writing = $2;
40 | 		$waiting = $3;
41 | 	}
42 | 
43 | 	print "nginx_active:$active_connections nginx_reading:$reading nginx_writing:$writing nginx_waiting:$waiting ";
44 | 	print "\n";
45 | }
46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/cacti/template/nginx/get_nginx_socket_status.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | if (! eval "require LWP::UserAgent;")
 4 | {
 5 | 	$ret = "LWP::UserAgent not found";
 6 | }
 7 | 
 8 | if ( exists $ARGV[0]) {
 9 | 	if ($ret)
10 | 	{
11 | 		print "no ($ret)\n";
12 | 		exit 1;
13 | 	}
14 | 
15 | 	my $ua = LWP::UserAgent->new(timeout => 5);
16 | 
17 | 	my $response = $ua->request(HTTP::Request->new('GET',$ARGV[0]));
18 | 	my @content = split (/\n/, $response->content);
19 | 
20 | 	my $active_connections = -1;
21 | 	if ($content[0] =~ /^Active connections:\s+(\d+)\s*$/i) {
22 | 		$active_connections = $1;
23 | 	}
24 | 
25 | 	my $accepts = -1;
26 | 	my $handled = -1;
27 | 	my $requests = -1;
28 | 	if ($content[2] =~ /^\s+(\d+)\s+(\d+)\s+(\d+)\s*$/) {
29 | 		$accepts = $1;
30 | 		$handled = $2;
31 | 		$requests = $3;
32 | 	}
33 | 
34 | 	my $reading = -1; 
35 | 	my $writing = -1; 
36 | 	my $waiting = -1;
37 | 	if ($content[3] =~ /Reading: (\d+) Writing: (\d+) Waiting: (\d+)\s*$/) {
38 | 		$reading = $1;
39 | 		$writing = $2;
40 | 		$waiting = $3;
41 | 	}
42 | 
43 | 	print "nginx_accepts:$accepts nginx_handled:$handled nginx_requests:$requests ";
44 | 	print "\n";
45 | }
46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/cacti/template/nginx/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti/template/nginx/readme.txt


--------------------------------------------------------------------------------
/cacti/template/php-fpm/php/get_php_fpm_status.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | #!/usr/bin/php -q
 3 | /* do NOT run this script through a web browser */
 4 | if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
 5 |    die("<br><strong>This script is only meant to run at the command line.</strong>");
 6 | }
 7 | 
 8 | $default['host'] = '';                   # server host
 9 | $default['script'] = '/statusfpm';       # test script (absolute path starting at / - root directory -)
10 | $default['port'] = 80;                   # tcp port
11 | $default['timeout'] = 3;                 # timeout in seconds
12 | 
13 | $args = array();
14 | @list(, $args['host'], $args['script'], $args['port'], $args['timeout']) = $_SERVER["argv"];
15 | foreach($args as $key => $value)
16 | 	$args[$key] = ($value)? $value : $default[$key]; 
17 | 
18 | if (($args['host'] == '') || ($args['port'] == '')) {
19 |   print "Usage: get_php_fpm_status.php <host> [<test script>] [<port>] [<timeout seconds>]\n";
20 |   exit(-1);
21 | }
22 | 
23 | $content = file_get_contents('http://'.$args['host'].':'.$args['port'].$args['script']); 
24 | $result = preg_match("/accepted conn:\s+(\d+)\s*\n/i", $content, $matches);
25 | $conn['accepted'] = ($result)? $matches[1] : 'n/a'; 
26 | $result = preg_match("/idle processes:\s+(\d+)\s*\n/i", $content, $matches);
27 | $conn['idle'] = ($result)? $matches[1] : 'n/a';
28 | $result = preg_match("/active processes:\s+(\d+)\s*\n/i", $content, $matches);
29 | $conn['active'] = ($result)? $matches[1] : 'n/a';
30 | $result = preg_match("/total processes:\s+(\d+)\s*\n/i", $content, $matches);
31 | $conn['total'] = ($result)? $matches[1] : 'n/a';
32 | echo 'accepted:' . $conn['accepted'] . ' idle:' . $conn['idle'] . ' active:'. $conn['active'] . ' total:' . $conn['total'] . "\n";
33 | 


--------------------------------------------------------------------------------
/cacti/template/php-fpm/sh/cacti_check_php-fpm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | host=$1
 3 | port=$2
 4 | url=$3
 5 | conn=`curl -s http://${host}:${port}${url} | grep "accepted conn"`
 6 | conn=`echo $conn | awk '{print $3}'`
 7 | idle=`curl -s http://${host}:${port}${url} | grep "idle processes"`
 8 | idle=`echo $idle | awk '{print $3}'`
 9 | active=`curl -s http://${host}:${port}${url} | grep "active processes"`
10 | active=`echo $active | awk '{print $3}'`
11 | total=`curl -s http://${host}:${port}${url} | grep "total processes"`
12 | total=`echo $total | awk '{print $3}'`
13 | echo "conn:$conn idle:$idle active:$active total:$total"
14 | 


--------------------------------------------------------------------------------
/cacti/template/tomcat/readme.txt:
--------------------------------------------------------------------------------
 1 | #修改tomcatstats.pl
 2 | my $url = "http://$username:$password"."\@$host/manager/status?XML=true";
 3 | my $xml = `GET $url`;
 4 | 
 5 | 以上两行修改为如下内容：
 6 | my $url = "http://$host/manager/status?XML=true";
 7 | my $xml = `wget -qO - --http-user=$username --http-password=$password $url`;
 8 | 
 9 | # tomcatstats.pl上传到cacti_path/scripts目录下，并赋予执行权限
10 | 
11 | 
12 | #从cacti控制台导入模版cacti_host_template_tomcat_server.xml
13 | 
14 | #修改tomcat_path/conf下的tomcat-users.xml,添加如下内容
15 | 
16 | <tomcat-users>
17 | <role rolename="manager-gui"/>
18 | <role rolename="manager-script"/>
19 | <role rolename="manager-jmx"/>
20 | <role rolename="manager-status"/>
21 | <user username="admin" password="happigo" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
22 | </tomcat-users>   
23 | 
24 | #在tomcat控制台中点击"数据输入方法" 找到"Tomcat Status"(这是刚才导入的tomcat模版所使用的数据输入方法)，输入类型修改为：
25 | perl <path_cacti>/scripts/tomcatstats.pl <hostname>:8080 admin happigo \"http-bio-8080\"  #http-bio-8080相当于tomcat提供的一个接口，用来获取tomcat运行状况，接口名称不一定是http-bio-8080,可通过http://ip:port/manager/status?XML=true来查看
26 | 
27 | #如果监控一台机器上多个tomcat实例，或者多台机器上的tomcat，因为端口和接口名称不一定相同，所以需要手动添加数据模版，然后给每个模版添加合适的数据输入方法才行。
28 | 


--------------------------------------------------------------------------------
/cacti/template/varnish/Cacti_Plugin_for_Varnish_3.x/README.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/cacti/template/varnish/Cacti_Plugin_for_Varnish_3.x/README.txt


--------------------------------------------------------------------------------
/cacti/template/varnish/Cacti_Plugin_for_Varnish_3.x/getVarnishStats.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | host=$1
 4 | com=$2
 5 | OID=".1.3.6.1.4.1.8072.1.3.2.3.1.1.12.118.97.114.110.105.115.104.115.116.97.116.115"
 6 | 
 7 | # For SNMP V2
 8 | resultados=`snmpwalk -t 20 -Oqv -v 2c -c $com $host $OID | awk '{ printf("%s", $0) }'`
 9 | 
10 | # For SNMP V3  -u username  -A password
11 | #resultados=`snmpwalk -v3 -u cactiuser -l auth -a MD5 -A cactiuser $host $OID | awk '{ printf("%s", $0) }'`
12 | 
13 | echo -n $resultados


--------------------------------------------------------------------------------
/cacti/template/varnish/Cacti_Plugin_for_Varnish_3.x/varnish_stats.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | /usr/local/bin/varnishstat -1 > /tmp/varnish.$$
4 | 
5 | awk '{
6 |         printf ("%s:%s ",$1,$2)
7 | }' /tmp/varnish.$$
8 | 
9 | rm -rf /tmp/varnish.$$


--------------------------------------------------------------------------------
/coreseek/csft_mysql.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/coreseek/csft_mysql.conf


--------------------------------------------------------------------------------
/coreseek/install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/coreseek/install.txt


--------------------------------------------------------------------------------
/denyhosts/install.txt:
--------------------------------------------------------------------------------
 1 | tar zxvf DenyHosts-2.6.tar.gz cd DenyHosts-2.6
 2 | 
 3 | #install 
 4 | python setup.py install
 5 | 
 6 | # install to here by default
 7 | cd /usr/share/denyhosts
 8 | 
 9 | cp daemon-control-dist /etc/init.d/denyhosts
10 | 
11 | #config file
12 | cp denyhosts.cfg-dist denyhosts.cfg
13 | 
14 | chown root /etc/init.d/denyhosts
15 | 
16 | chmod 700 /etc/init.d/denyhosts
17 | 
18 | chkconfig --level 3 denyhosts on
19 | 
20 | 
21 | 


--------------------------------------------------------------------------------
/dhcp/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/dhcp/readme.txt


--------------------------------------------------------------------------------
/dns/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/dns/readme.txt


--------------------------------------------------------------------------------
/epel/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/epel/readme.txt


--------------------------------------------------------------------------------
/fastdfs/4.06/fastdfs-nginx-module_v1.15 mod_fastdfs.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/fastdfs/4.06/fastdfs-nginx-module_v1.15 mod_fastdfs.conf


--------------------------------------------------------------------------------
/fastdfs/4.06/tracker.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/fastdfs/4.06/tracker.conf


--------------------------------------------------------------------------------
/fwknop/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/fwknop/readme.txt


--------------------------------------------------------------------------------
/gcc/install.sh:
--------------------------------------------------------------------------------
 1 | #/ bin/bash
 2 | 
 3 | # 依赖
 4 | yum install gcc gcc-c++ gibc-static cloog-ppl gmp-devel
 5 | 
 6 | # isl
 7 | wget ftp://gcc.gnu.org/pub/gcc/infrastructure/isl-0.12.2.tar.bz2
 8 | tar jxvf isl-0.12.2.tar.bz2 && cd isl-0.12.2
 9 | ./configure
10 | make
11 | make install
12 | 
13 | #gcc
14 | 
15 | #获取最新gcc源码
16 | #svn checkout svn://gcc.gnu.org/svn/gcc/trunk  localdir
17 | cd localdir/gcc
18 | mkdir build
19 | 
20 | #下载gmp，mpfr，mpc源码，gcc-4.10.tgz里已经包含下载完的三个源码包，不必再次下载
21 | ./contrib/download_prerequisites 
22 | 
23 | cd build
24 | ../configure --prefix=/usr --enable-languages=c,c++ --disable-multilib
25 | 
26 | make -j4 
27 | #make -j选项，与cpu个数及线程数有关
28 | 
29 | make install
30 | 
31 | 


--------------------------------------------------------------------------------
/git/etc/gitconfig:
--------------------------------------------------------------------------------
 1 | [gui]
 2 | encoding = utf-8
 3 | [i18n]
 4 | commitencoding = gbk
 5 | [svn] 
 6 | pathnameencoding = gbk
 7 | [core]
 8 | 	symlinks = false
 9 | 	autocrlf = false
10 | [color]
11 | 	diff = auto
12 | 	status = auto
13 | 	branch = auto
14 | 	interactive = true
15 | [pack]
16 | 	packSizeLimit = 2g
17 | [help]
18 | 	format = html
19 | [http]
20 | 	sslCAinfo = /bin/curl-ca-bundle.crt
21 | [sendemail]
22 | 	smtpserver = /bin/msmtp.exe
23 | 
24 | [diff "astextplain"]
25 | 	textconv = astextplain
26 | [rebase]
27 | 	autosquash = true
28 | 


--------------------------------------------------------------------------------
/git/install.txt:
--------------------------------------------------------------------------------
 1 | #安装依赖库
 2 | yum install expat-devel zlib-devel curl-devel openssl-devel gettext-devel 
 3 | 
 4 | #获取git源码
 5 | git clone https://github.com/git/git
 6 | 
 7 | #安装,进入到git目录
 8 | 
 9 | make prefix=/Data/app
10 | make prefix=/Data/app  install
11 | 
12 | #git的项目仓库克隆到本地，以便更新
13 | git clone git://git.kernel.org/pub/scm/git/git.git
14 | 
15 | ##########gitolite控制权限#############
16 | 
17 | #安装在git用户下
18 | 
19 | ###客户端 
20 | su git
21 | ssh-keygen -f ~/.ssh/admin
22 | 
23 | admin.pub发送到server端/home/git下
24 | 
25 | ###服务端
26 | 
27 | su git
28 | cd
29 | git clone git://github.com/sitaramc/gitolite
30 | 
31 | mkdir ~/bin
32 | 
33 | ./gitolite/install -to ~/bin
34 | 
35 | ./bin/gitolite  setup  -pk admin.pub #将admin公钥组添加到/home/git/.ssh/authorized_keys下，执行此操作前要确保authorized_keys为空或者不存在
36 | 
37 | 
38 | 
39 | 
40 | ###################客户端常用命令#########################
41 | ##########################################################
42 | #git config --system user.name ""
43 | #git config --system user.email xx@.com
44 | 
45 | #git config --global user.name ""
46 | #git config --global user.email xx@.com
47 | #
48 | #git config --global push.default simple
49 | 
50 | #########################################################
51 | 
52 | #初始化一个新的版本库
53 | git init  
54 | 
55 | git add  file
56 | 
57 | git commit file -m ""
58 | 
59 | #与远程git版本库建立联系
60 | git remote add origin git@github.com:shidg/test.git
61 | 
62 | #推送到远程版本库
63 | git push -u origin master
64 | 
65 | # 查看版本库状态
66 | git status
67 | 
68 | # 修改记录
69 | git log
70 | 
71 | # 命令记录
72 | git reflog
73 | 
74 | #版本库回退到上个版本
75 | git reset --hard HEAD^  
76 | 
77 | #版本库回退到上上个版本
78 | git reset --hard HEAD^^  
79 | 
80 | #回退到指定版本
81 | git reset --hard d27413c
82 | 
83 | #丢弃工作区的修改,让工作区文件回到最近的git add状态，若修改后尚未git add,则回到最近的git commit状态。
84 | git checkout -- file 
85 | 
86 | #丢弃暂存区的修改,撤销git add
87 | git reset HEAD file
88 | 
89 | 
90 | 


--------------------------------------------------------------------------------
/git/windows/readme.txt:
--------------------------------------------------------------------------------
1 | https://github.com/msysgit/msysgit/releases/
2 | 
3 | https://code.google.com/p/tortoisegit/
4 | 


--------------------------------------------------------------------------------
/inotify+rsync/10.10.67.80/inotify_nfs_upload.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # inotify_nfs_upload.sh
 4 | 
 5 | # This script will run in the background.When file that in /Data/nfs/upload/ has changed,
 6 | # this script will push these changes to 10.10.67.81 with rsync
 7 | # Created by shidegang at 2013.11.04
 8 | 
 9 | src=/Data/nfs/upload/
10 | user=rsync_user
11 | host=10.10.67.81
12 | module=upload
13 | INOTIFYWAIT=/usr/local/bin/inotifywait
14 | 
15 | $INOTIFYWAIT -mrq --timefmt '%d/%m/%y %H:%M' --format  '%T %w %f %e' --event close_write,delete,create,move,attrib --exclude '(.swp|.swx|.svn)' $src | while read date time dir file event
16 | do
17 |         case $event in
18 |                 CLOSE_WRITE,CLOSE|CREATE,ISDIR|MOVED_TO|MOVED_TO,ISDIR)
19 |                 if [ "${file: -4}" != '4913' ]  && [ "${file: -1}" != '~' ]; then
20 |                          rsync -az --password-file=/etc/rsync.pas $src $user@$host::$module > /dev/null 2>&1
21 |                 fi
22 |         ;;
23 | 
24 |                 MOVED_FROM|MOVED_FROM,ISDIR|DELETE|DELETE,ISDIR)
25 |                 if [ "${file: -4}" != '4913' ]  && [ "${file: -1}" != '~' ]; then
26 |                         rsync -az --delete --password-file=/etc/rsync.pas $src $user@$host::$module > /dev/null 2>&1
27 |                 fi
28 |         ;;
29 |         esac
30 | done
31 | 
32 | # End


--------------------------------------------------------------------------------
/inotify+rsync/10.10.67.81/rsyncd.conf:
--------------------------------------------------------------------------------
 1 | # Minimal configuration file for rsync daemon
 2 | # See rsync(1) and rsyncd.conf(5) man pages for help
 3 |  
 4 | # This line is required by the /etc/init.d/rsyncd script
 5 | pid file = /var/run/rsyncd.pid   
 6 | port = 873
 7 | uid = www
 8 | gid = www   
 9 | use chroot = yes
10 | read only = no 
11 |  
12 |  
13 | #limit access to private LANs
14 | hosts allow = 10.10.67.80
15 | max connections = 5
16 | motd file = /etc/rsyncd/rsyncd.motd
17 |  
18 | #This will give you a separate log file
19 | log file = /var/log/rsync.log
20 |  
21 | #This will log every file transferred - up to 85,000+ per user, per sync
22 | #transfer logging = yes
23 |  
24 | log format = %t %a %m %f %b
25 | syslog facility = local3
26 | timeout = 300
27 |  
28 | [cache]   
29 | path = /Data/nfs/cache
30 | list=yes
31 | ignore errors
32 | auth users = rsync_user
33 | secrets file = /etc/rsyncd/rsyncd.secrets 
34 | comment = nfs 81 
35 | [mzt]   
36 | path = /Data/nfs/mzt
37 | list=yes
38 | ignore errors
39 | auth users = rsync_user
40 | secrets file = /etc/rsyncd/rsyncd.secrets 
41 | comment = nfs 81 
42 | [upload]   
43 | path = /Data/nfs/upload
44 | list=yes
45 | ignore errors
46 | auth users = rsync_user
47 | secrets file = /etc/rsyncd/rsyncd.secrets 
48 | comment = nfs 81 
49 | 


--------------------------------------------------------------------------------
/inotify+rsync/readme:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/inotify+rsync/readme


--------------------------------------------------------------------------------
/iptables/apache+tomcat_114_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Apr 15 21:59:44 2014
 2 | *filter
 3 | :INPUT DROP [0:0]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [1:136]
 6 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 7 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 8 | -A INPUT -i lo -j ACCEPT 
 9 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 
10 | -A INPUT -s 10.10.67.253/32 -j ACCEPT 
11 | -A INPUT -p tcp -m tcp --dport 5122 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
12 | -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 45564 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
14 | -A INPUT -p udp -m udp --dport 45564 -j ACCEPT 
15 | -A INPUT -s 10.10.67.115/32 -p tcp -m tcp --dport 4000 -m state --state NEW -j ACCEPT 
16 | -A INPUT -s 10.10.67.115/32 -p tcp -m tcp --dport 4001 -m state --state NEW -j ACCEPT 
17 | -A INPUT -s 10.10.67.115/32 -p tcp -m tcp --dport 8009 -m state --state NEW -j ACCEPT 
18 | -A INPUT -s 10.10.67.115/32 -p tcp -m tcp --dport 8010 -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -j ACCEPT 
20 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
21 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
22 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
23 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
24 | -A OUTPUT -o lo -j ACCEPT 
25 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 
26 | -A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -p tcp -m tcp --dport 45564 -m state --state NEW -j ACCEPT 
29 | -A OUTPUT -p udp -m udp --dport 45564 -j ACCEPT 
30 | -A OUTPUT -d 10.10.67.115/32 -p tcp -m tcp --dport 4000 -m state --state NEW -j ACCEPT 
31 | -A OUTPUT -d 10.10.67.115/32 -p tcp -m tcp --dport 4001 -m state --state NEW -j ACCEPT 
32 | -A OUTPUT -d 10.10.67.0/24 -p tcp -m tcp --dport 8009 -m state --state NEW -j ACCEPT 
33 | -A OUTPUT -d 10.10.67.0/24 -p tcp -m tcp --dport 8010 -m state --state NEW -j ACCEPT 
34 | -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 
35 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
36 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
37 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
38 | COMMIT
39 | # Completed on Tue Apr 15 21:59:44 2014
40 | 


--------------------------------------------------------------------------------
/iptables/apache+tomcat_115_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Apr 15 21:59:33 2014
 2 | *filter
 3 | :INPUT DROP [0:0]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [13:712]
 6 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 7 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 8 | -A INPUT -i lo -j ACCEPT 
 9 | -A INPUT -s 10.10.67.253/32 -j ACCEPT 
10 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 
11 | -A INPUT -p tcp -m tcp --dport 5122 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
12 | -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 45564 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
14 | -A INPUT -p udp -m udp --dport 45564 -j ACCEPT 
15 | -A INPUT -s 10.10.67.114/32 -p tcp -m tcp --dport 4000 -m state --state NEW -j ACCEPT 
16 | -A INPUT -s 10.10.67.114/32 -p tcp -m tcp --dport 4001 -m state --state NEW -j ACCEPT 
17 | -A INPUT -s 10.10.67.114/32 -p tcp -m tcp --dport 8009 -m state --state NEW -j ACCEPT 
18 | -A INPUT -s 10.10.67.114/32 -p tcp -m tcp --dport 8010 -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -j ACCEPT 
20 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
21 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
22 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
23 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
24 | -A OUTPUT -o lo -j ACCEPT 
25 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 
26 | -A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -p tcp -m tcp --dport 45564 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT 
29 | -A OUTPUT -p udp -m udp --dport 45564 -j ACCEPT 
30 | -A OUTPUT -d 10.10.67.114/32 -p tcp -m tcp --dport 4000 -m state --state NEW -j ACCEPT 
31 | -A OUTPUT -d 10.10.67.114/32 -p tcp -m tcp --dport 4001 -m state --state NEW -j ACCEPT 
32 | -A OUTPUT -d 10.10.67.0/24 -p tcp -m tcp --dport 8009 -m state --state NEW -j ACCEPT 
33 | -A OUTPUT -d 10.10.67.0/24 -p tcp -m tcp --dport 8010 -m state --state NEW -j ACCEPT 
34 | -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 
35 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
36 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
37 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
38 | COMMIT
39 | # Completed on Tue Apr 15 21:59:33 2014
40 | 


--------------------------------------------------------------------------------
/iptables/db_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | #-A INPUT ! -s 172.16.83.0/24 -i em2 -j LOG --log-prefix "SPOOFED PKT " 
10 | -A INPUT ! -s 172.16.83.0/24 -i em2 -j DROP 
11 | -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
12 | -A INPUT -i em2 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT
13 | -A INPUT -i em2 -p tcp -m tcp --dport 5666 -m conntrack --ctstate NEW -j ACCEPT
14 | -A INPUT -i em2 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
16 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
17 | -A INPUT -i lo -j ACCEPT
18 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
19 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
20 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
21 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT  
22 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT  
23 | -A OUTPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A OUTPUT -o em2 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT  
25 | -A OUTPUT -o em2 -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
26 | -A OUTPUT -o em2 -p udp -m udp --dport 514 -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
28 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
29 | -A OUTPUT -o lo -j ACCEPT 
30 | COMMIT
31 | # Completed on Tue Oct 15 11:10:51 2013
32 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
33 | *nat
34 | :PREROUTING ACCEPT [293:34284]
35 | :POSTROUTING ACCEPT [172:11324]
36 | :OUTPUT ACCEPT [228:14684]
37 | COMMIT
38 | # Completed on Tue Oct 15 11:10:51 2013
39 | 


--------------------------------------------------------------------------------
/iptables/db_master_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 2 | *nat
 3 | :PREROUTING ACCEPT [1195:64976]
 4 | :POSTROUTING ACCEPT [1410:84600]
 5 | :OUTPUT ACCEPT [1410:84600]
 6 | COMMIT
 7 | # Completed on Tue Oct 29 17:52:08 2013
 8 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 9 | *filter
10 | :INPUT DROP [0:0]
11 | :FORWARD DROP [0:0]
12 | :OUTPUT DROP [0:0]
13 | -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
14 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
16 | -A INPUT -i lo -j ACCEPT 
17 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT 
18 | -A INPUT -p tcp -m tcp --dport 3306 --syn -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.67.61 -j ACCEPT 
20 | -A INPUT -s 10.10.67.62 -j ACCEPT 
21 | -A INPUT -s 10.10.67.63 -j ACCEPT 
22 | -A INPUT -s 10.10.67.64 -j ACCEPT 
23 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
25 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options
26 | -A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
27 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
28 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
29 | -A OUTPUT -o lo -j ACCEPT 
30 | -A OUTPUT -d 10.10.67.61 -j ACCEPT
31 | -A OUTPUT -d 10.10.67.62 -j ACCEPT
32 | -A OUTPUT -d 10.10.67.63 -j ACCEPT
33 | -A OUTPUT -d 10.10.67.64 -j ACCEPT
34 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
35 | -A OUTPUT -p udp -m udp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT 
36 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
37 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
38 | COMMIT
39 | # Completed on Tue Oct 29 17:52:08 2013
40 | 


--------------------------------------------------------------------------------
/iptables/db_slave_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 2 | *nat
 3 | :PREROUTING ACCEPT [1195:64976]
 4 | :POSTROUTING ACCEPT [1410:84600]
 5 | :OUTPUT ACCEPT [1410:84600]
 6 | COMMIT
 7 | # Completed on Tue Oct 29 17:52:08 2013
 8 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 9 | *filter
10 | :INPUT DROP [0:0]
11 | :FORWARD DROP [0:0]
12 | :OUTPUT DROP [0:0]
13 | -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
14 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
16 | -A INPUT -i lo -j ACCEPT 
17 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT 
18 | -A INPUT -p tcp -m tcp --dport 3306 --syn -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.67.60 -j ACCEPT 
20 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
21 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
22 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options
23 | -A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
24 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
25 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
26 | -A OUTPUT -o lo -j ACCEPT 
27 | -A OUTPUT -d 10.10.67.60 -j ACCEPT 
28 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT 
30 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
31 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
32 | COMMIT
33 | # Completed on Tue Oct 29 17:52:08 2013
34 | 


--------------------------------------------------------------------------------
/iptables/lvs_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | #-A INPUT ! -s 172.16.83.0/24 -i em2 -j LOG --log-prefix "SPOOFED PKT " 
10 | -A INPUT ! -s 172.16.83.0/24 -i em2 -j DROP 
11 | -A INPUT -p vrrp -j ACCEPT 
12 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
14 | -A INPUT -i em1 -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -i em1 -p tcp -m tcp --dport 8080 -m conntrack --ctstate NEW -j ACCEPT 
16 | -A INPUT -s 172.16.83.0/24 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
17 | -A INPUT -s 172.16.83.121 -p tcp -m tcp --dport 5666 -m conntrack --ctstate NEW -j ACCEPT 
18 | -A INPUT -s 172.16.83.121 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
19 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
20 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
21 | -A INPUT -i lo -j ACCEPT 
22 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
23 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
24 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
25 | -A OUTPUT -p vrrp -j ACCEPT 
26 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 
27 | -A OUTPUT -o em2 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -o em1 -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -o em1 -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT 
30 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
31 | -A OUTPUT -o em2 -p udp -m udp --dport 514 -m conntrack --ctstate NEW -j ACCEPT 
32 | -A OUTPUT -o em2 -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
33 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
34 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
35 | -A OUTPUT -o lo -j ACCEPT 
36 | #-A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
37 | -A FORWARD -m conntrack --ctstate INVALID -j DROP
38 | -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
39 | -A FORWARD -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
40 | -A FORWARD -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT
41 | COMMIT
42 | # Completed on Tue Oct 15 11:10:51 2013
43 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
44 | *nat
45 | :PREROUTING ACCEPT [293:34284]
46 | :POSTROUTING ACCEPT [172:11324]
47 | :OUTPUT ACCEPT [228:14684]
48 | COMMIT
49 | # Completed on Tue Oct 15 11:10:51 2013
50 | 


--------------------------------------------------------------------------------
/iptables/manager_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | #-A INPUT ! -s 172.16.83.0/24 -i em2 -j LOG --log-prefix "SPOOFED PKT " 
10 | -A INPUT ! -s 172.16.83.0/24 -i em2 -j DROP 
11 | -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
12 | -A INPUT -i em1 -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
13 | -A INPUT -i em1 -p tcp -m tcp --dport 8080 -m conntrack --ctstate NEW -j ACCEPT 
14 | -A INPUT -i em2 -p udp -m udp --dport 514 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
16 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
17 | -A INPUT -i lo -j ACCEPT 
18 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
19 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
20 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
21 | -A OUTPUT -o em2 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
22 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
23 | -A OUTPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
25 | # for cacti(next 5 lines)
26 | -A OUTPUT -o em2 -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -o em2 -p tcp -m tcp --dport 5666 -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -o em2 -p tcp -m tcp --dport 3000 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -o em2 -p tcp -m tcp --dport 11211 -m conntrack --ctstate NEW -j ACCEPT 
30 | -A OUTPUT -o em2 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
31 | #for ntpdate (next line)
32 | -A OUTPUT -o em2 -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
33 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
34 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
35 | -A OUTPUT -o lo -j ACCEPT 
36 | COMMIT
37 | # Completed on Tue Oct 15 11:10:51 2013
38 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
39 | *nat
40 | :PREROUTING ACCEPT [293:34284]
41 | :POSTROUTING ACCEPT [172:11324]
42 | :OUTPUT ACCEPT [228:14684]
43 | COMMIT
44 | # Completed on Tue Oct 15 11:10:51 2013
45 | 


--------------------------------------------------------------------------------
/iptables/mysql_lvs_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | -A INPUT -i lo -j ACCEPT 
10 | -A INPUT -p vrrp -j ACCEPT 
11 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 
12 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m conntrack --ctstate NEW -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
14 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
16 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
17 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
18 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
19 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
20 | -A OUTPUT -o lo -j ACCEPT 
21 | -A OUTPUT -p vrrp -j ACCEPT 
22 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 
23 | -A OUTPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
25 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
26 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
27 | -A FORWARD -m conntrack --ctstate INVALID -j DROP
28 | -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
29 | -A FORWARD -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT
30 | COMMIT
31 | # Completed on Tue Oct 15 11:10:51 2013
32 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
33 | *nat
34 | :PREROUTING ACCEPT [293:34284]
35 | :POSTROUTING ACCEPT [172:11324]
36 | :OUTPUT ACCEPT [228:14684]
37 | COMMIT
38 | # Completed on Tue Oct 15 11:10:51 2013
39 | 


--------------------------------------------------------------------------------
/iptables/redis_master_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 2 | *nat
 3 | :PREROUTING ACCEPT [1195:64976]
 4 | :POSTROUTING ACCEPT [1410:84600]
 5 | :OUTPUT ACCEPT [1410:84600]
 6 | COMMIT
 7 | # Completed on Tue Oct 29 17:52:08 2013
 8 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 9 | *filter
10 | :INPUT DROP [0:0]
11 | :FORWARD DROP [0:0]
12 | :OUTPUT DROP [0:0]
13 | -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
14 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
16 | -A INPUT -i lo -j ACCEPT 
17 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT 
18 | -A INPUT -p tcp -m tcp --dport 6379 --syn -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
20 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
21 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options
22 | -A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
23 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
24 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
25 | -A OUTPUT -o lo -j ACCEPT  
26 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -p tcp -m tcp --dport 57822 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
30 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
31 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
32 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP" --log-tcp-options --log-ip-options
33 | COMMIT
34 | # Completed on Tue Oct 29 17:52:08 2013
35 | 


--------------------------------------------------------------------------------
/iptables/redis_slave_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 2 | *nat
 3 | :PREROUTING ACCEPT [1195:64976]
 4 | :POSTROUTING ACCEPT [1410:84600]
 5 | :OUTPUT ACCEPT [1410:84600]
 6 | COMMIT
 7 | # Completed on Tue Oct 29 17:52:08 2013
 8 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 9 | *filter
10 | :INPUT DROP [0:0]
11 | :FORWARD DROP [0:0]
12 | :OUTPUT DROP [0:0]
13 | -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
14 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
16 | -A INPUT -i lo -j ACCEPT 
17 | -A INPUT -s 10.10.67.90 -j ACCEPT 
18 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT 
19 | -A INPUT -p tcp -m tcp --dport 6379 --syn -m state --state NEW -j ACCEPT 
20 | -A INPUT -p tcp -m tcp --dport 57822 -m conntrack --ctstate NEW -j ACCEPT 
21 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
22 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
23 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options
24 | -A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options
25 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
26 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
27 | -A OUTPUT -o lo -j ACCEPT  
28 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT
30 | -A OUTPUT -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
31 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
32 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
33 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP" --log-tcp-options --log-ip-options
34 | COMMIT
35 | # Completed on Tue Oct 29 17:52:08 2013
36 | 


--------------------------------------------------------------------------------
/iptables/varnish_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | #-A INPUT ! -s 172.16.83.0/24 -i em2 -j LOG --log-prefix "SPOOFED PKT " 
10 | -A INPUT ! -s 172.16.83.0/24 -i em2 -j DROP 
11 | -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
12 | #-A INPUT -p tcp -m tcp --dport 10050 -m conntrack --ctstate NEW -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
14 | -A INPUT -i em2 -p tcp -m tcp --dport 5666 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -i em2 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
16 | -A INPUT -i em2 -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
17 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
18 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
19 | -A INPUT -i lo -j ACCEPT 
20 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
21 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
22 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
23 | -A OUTPUT -o em2 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A OUTPUT -o em2 -p udp -m udp --dport 514 -m conntrack --ctstate NEW -j ACCEPT 
25 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
26 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
27 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
30 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
31 | -A OUTPUT -o lo -j ACCEPT 
32 | COMMIT
33 | # Completed on Tue Oct 15 11:10:51 2013
34 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
35 | *nat
36 | :PREROUTING ACCEPT [293:34284]
37 | :POSTROUTING ACCEPT [172:11324]
38 | :OUTPUT ACCEPT [228:14684]
39 | COMMIT
40 | # Completed on Tue Oct 15 11:10:51 2013
41 | 


--------------------------------------------------------------------------------
/iptables/web_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | #-A INPUT ! -s 172.16.83.0/24 -i em2 -j LOG --log-prefix "SPOOFED PKT " 
10 | -A INPUT ! -s 172.16.83.0/24 -i em2 -j DROP 
11 | -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 
12 | -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
13 | -A INPUT -p tcp -m tcp --dport 3000 -m conntrack --ctstate NEW -j ACCEPT
14 | -A INPUT -i em1 -p tcp -m tcp --dport 21211 -m conntrack --ctstate NEW -j ACCEPT
15 | -A INPUT -i em1 -p tcp -m tcp --dport 30000:40000 -j ACCEPT 
16 | -A INPUT -i em2 -p tcp -m tcp --dport 5666 -m conntrack --ctstate NEW -j ACCEPT
17 | -A INPUT -i em2 -p tcp -m tcp --dport 3000 -m conntrack --ctstate NEW -j ACCEPT
18 | -A INPUT -i em2 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
19 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
20 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
21 | -A INPUT -i lo -j ACCEPT
22 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
23 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
24 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
25 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT   
26 | # nfs
27 | -A OUTPUT -d 172.16.83.196 -m conntrack --ctstate NEW -j ACCEPT   
28 | -A OUTPUT -o em2 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT   
29 | #next line for connect ro rsync_server(172.16.83.162)
30 | -A OUTPUT -o em2 -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT   
31 | -A OUTPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT  
32 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT  
33 | -A OUTPUT -p udp -m udp --dport 514 -m conntrack --ctstate NEW -j ACCEPT  
34 | -A OUTPUT -o em2 -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
35 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
36 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
37 | -A OUTPUT -o lo -j ACCEPT 
38 | COMMIT
39 | # Completed on Tue Oct 15 11:10:51 2013
40 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
41 | *nat
42 | :PREROUTING ACCEPT [293:34284]
43 | :POSTROUTING ACCEPT [172:11324]
44 | :OUTPUT ACCEPT [228:14684]
45 | COMMIT
46 | # Completed on Tue Oct 15 11:10:51 2013
47 | 


--------------------------------------------------------------------------------
/iptables/web_lvs_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
 2 | *filter
 3 | :INPUT DROP [253:28094]
 4 | :FORWARD DROP [0:0]
 5 | :OUTPUT DROP [56:3360]
 6 | #-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
 7 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
 8 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
 9 | -A INPUT -i lo -j ACCEPT 
10 | -A INPUT -p vrrp -j ACCEPT 
11 | -A INPUT -d 224.0.0.0/8 -j ACCEPT 
12 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m conntrack --ctstate NEW -j ACCEPT 
13 | -A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
14 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
15 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
16 | #-A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
17 | #-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
18 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
19 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
20 | -A OUTPUT -o lo -j ACCEPT 
21 | -A OUTPUT -p vrrp -j ACCEPT 
22 | -A OUTPUT -d 224.0.0.0/8 -j ACCEPT 
23 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
24 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
25 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
26 | #-A OUTPUT ! -o lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
27 | -A FORWARD -m conntrack --ctstate INVALID -j DROP
28 | -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
29 | -A FORWARD -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
30 | COMMIT
31 | # Completed on Tue Oct 15 11:10:51 2013
32 | # Generated by iptables-save v1.4.7 on Tue Oct 15 11:10:51 2013
33 | *nat
34 | :PREROUTING ACCEPT [293:34284]
35 | :POSTROUTING ACCEPT [172:11324]
36 | :OUTPUT ACCEPT [228:14684]
37 | COMMIT
38 | # Completed on Tue Oct 15 11:10:51 2013
39 | 


--------------------------------------------------------------------------------
/iptables/web_server_ipt.sav:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 2 | *nat
 3 | :PREROUTING ACCEPT [1195:64976]
 4 | :POSTROUTING ACCEPT [1410:84600]
 5 | :OUTPUT ACCEPT [1410:84600]
 6 | COMMIT
 7 | # Completed on Tue Oct 29 17:52:08 2013
 8 | # Generated by iptables-save v1.4.7 on Tue Oct 29 17:52:08 2013
 9 | *filter
10 | :INPUT DROP [0:0]
11 | :FORWARD DROP [0:0]
12 | :OUTPUT DROP [0:0]
13 | -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
14 | -A INPUT -m conntrack --ctstate INVALID -j DROP 
15 | -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
16 | -A INPUT -i lo -j ACCEPT 
17 | -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT 
18 | -A INPUT -p tcp -m tcp --dport 80 --syn -m state --state NEW -j ACCEPT 
19 | -A INPUT -s 10.10.38.238/32 -p udp -m udp --dport 161 -m conntrack --ctstate NEW -j ACCEPT 
20 | -A INPUT -s 10.10.67.10/32 -p tcp -m tcp --dport 873 --syn -m state --state NEW -j ACCEPT 
21 | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
22 | -A INPUT ! -i lo -j LOG --log-prefix "DROP " --log-tcp-options --log-ip-options 
23 | -A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID " --log-tcp-options --log-ip-options 
24 | -A OUTPUT -m conntrack --ctstate INVALID -j DROP 
25 | -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
26 | -A OUTPUT -o lo -j ACCEPT 
27 | -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT 
28 | -A OUTPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT 
29 | -A OUTPUT -m iprange --dst-range 10.10.67.80-10.10.67.81 -m conntrack --ctstate NEW -j ACCEPT 
30 | -A OUTPUT -d 10.10.66.49/32 -m conntrack --ctstate NEW -j ACCEPT 
31 | -A OUTPUT -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT 
32 | -A OUTPUT -p tcp -m tcp --dport 3306 -m conntrack --ctstate NEW -j ACCEPT 
33 | -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT 
34 | -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT 
35 | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
36 | -A OUTPUT ! -o lo -j LOG --log-prefix "DROP" --log-tcp-options --log-ip-options 
37 | COMMIT
38 | # Completed on Tue Oct 29 17:52:08 2013
39 | 


--------------------------------------------------------------------------------
/iscsi/client/initiatorname.iscsi:
--------------------------------------------------------------------------------
1 | /etc/iscsi/initiatorname.iscsi
2 | InitiatorName=iqn.2009-10.com.ichiayi:vm-mail
3 | 
4 | 


--------------------------------------------------------------------------------
/iscsi/client/iscsid.conf:
--------------------------------------------------------------------------------
 1 | #/etc/iscsi/iscsid.conf
 2 | node.startup = automatic
 3 | node.session.timeo.replacement_timeout = 120
 4 | node.conn[0].timeo.login_timeout = 15
 5 | node.conn[0].timeo.logout_timeout = 15
 6 | node.conn[0].timeo.noop_out_interval = 15
 7 | node.conn[0].timeo.noop_out_timeout = 15
 8 | node.session.initial_login_retry_max = 10
 9 | node.session.cmds_max = 128
10 | node.session.queue_depth = 32
11 | node.session.iscsi.InitialR2T = No
12 | node.session.iscsi.ImmediateData = Yes
13 | node.session.iscsi.FirstBurstLength = 262144
14 | node.session.iscsi.MaxBurstLength = 16776192
15 | node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072
16 | discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
17 | node.session.iscsi.FastAbort = No
18 | 


--------------------------------------------------------------------------------
/iscsi/client/readme:
--------------------------------------------------------------------------------
 1 | yum -y install iscsi-initiator-utils
 2 | 
 3 | service iscsi start
 4 | 
 5 | #客户端管理工具 iscsiadm
 6 | #扫描
 7 | iscsiadm -m discovery --type sendtargets --portal 192.168.255.30
 8 | 192.168.255.30:3260,1 iqn.20080-03.com.30:storage.iscsitest
 9 | 
10 | 
11 | 登记
12 | [root@centos49 iscsi]# iscsiadm -m node -T iqn.20080-03.com.30:storage.iscsitest -p 192.168.255.30 --login
13 | Login session [iface: default, target: iqn.20080-03.com.30:storage.iscsitest, portal: 192.168.255.30,3260]
14 | 
15 | 
16 | 注销
17 | [root@centos49 iscsi]# iscsiadm -m node -T iqn.20080-03.com.30:storage.iscsitest -p 192.168.255.30 --logout
18 | 


--------------------------------------------------------------------------------
/iscsi/server/ietd.conf:
--------------------------------------------------------------------------------
 1 | # /etc/ietd.conf
 2 | Target iqn.2009-10.com.ichiayi:storage.data1t.iscsi.data01
 3 |         #IncomingUser trysoft trysoft
 4 |         #OutgoingUser trysoft trysoft
 5 |         Lun 0 Path=/data1t/iSCSI/LUN0,Type=fileio
 6 |         Lun 1 Path=/data1t/iSCSI/LUN1,Type=fileio
 7 |         Lun 2 Path=/data1t/iSCSI/LUN2,Type=fileio
 8 |         Alias iSCSI for ichiayi
 9 |         MaxConnections          1
10 |         InitialR2T              Yes
11 |         ImmediateData           Yes
12 | 


--------------------------------------------------------------------------------
/iscsi/server/initiators.allow:
--------------------------------------------------------------------------------
1 | # /etc/initiators.allow
2 | 
3 | #iqn.<year>-<month>.<hostname>:<LVM diskname>
4 | #iqn.2009-03.pd920:mydiskname
5 | ALL  10.0.8.254
6 | 


--------------------------------------------------------------------------------
/iscsi/server/initiators.deny:
--------------------------------------------------------------------------------
1 | # /etc/initiators.deny
2 | 


--------------------------------------------------------------------------------
/iscsi/server/install:
--------------------------------------------------------------------------------
 1 | # on centos
 2 | yum install kernel-devel openssl-devel gcc rpm-build
 3 | wget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20.2/iscsitarget-1.4.20.2.tar.gz
 4 | tar -xvf iscsitarget-1.4.20.2.tar.gz
 5 | cd iscsitarget-1.4.20.2
 6 | make
 7 | make instal
 8 | 
 9 | service iscsi-target start
10 | 
11 | chkconfig --level 3 iscsi-target on
12 | 


--------------------------------------------------------------------------------
/java/install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/java/install.txt


--------------------------------------------------------------------------------
/keepalived/check_mysql.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | while true
 3 | do
 4 | onmysqld=$(ss -at | grep ":3306") 
 5 | if [ "$onmysqld" == "" ];then 
 6 | /etc/init.d/keepalived stop 
 7 | exit 1 
 8 | fi 
 9 | sleep 2 
10 | done 
11 | 


--------------------------------------------------------------------------------
/keepalived/keepalived.conf:
--------------------------------------------------------------------------------
  1 | ! Configuration File for keepalived
  2 | global_defs {
  3 |      router_id LVS_MASTER
  4 | #     notification_email   ####此处定义发生替换会邮件通知
  5 | #     {
  6 | #     huijunf@gmail.com
  7 | #     }
  8 | #     notification_email_from huijun_lvs@3drich.com
  9 | #     smtp_server 127.0.0.1
 10 | #     stmp_connect_timeout 30
 11 | }
 12 | vrrp_script chk_http_port {          #这里定义的脚本会被keepalived定期执行
 13 |                 script "/usr/local/sbin/nginx_pid.sh" ##监控脚本位置
 14 |                 interval 2           #执行脚本的间隔时间
 15 |                 weight 2
 16 | }
 17 | 
 18 | vrrp_sync_group VGM {
 19 |      group {
 20 |           WAN_VI1
 21 |           LAN_VI1
 22 |      }
 23 | }
 24 | vrrp_instance WAN_VI1 {
 25 |      state MASTER
 26 |      interface em1
 27 |      mcast_src_ip 118.144.83.93  #该参数可以省略，默认为em1的ip
 28 |      lvs_sync_daemon_inteface em1
 29 |      virtual_router_id 51
 30 |      notify_master script parth
 31 |      priority 100
 32 |      advert_int 1
 33 |      authentication {
 34 |          auth_type PASS
 35 |          auth_pass 1111
 36 |      }
 37 |      virtual_ipaddress {
 38 |          118.144.83.99
 39 |      }
 40 | }
 41 | 
 42 | vrrp_instance LAN_VI1 {
 43 |      state MASTER
 44 |      interface em2
 45 |      mcast_src_ip 172.16.83.93
 46 |      lvs_sync_daemon_inteface em2
 47 |      virtual_router_id 51
 48 |      notify_master script parth
 49 |      priority 100
 50 |      advert_int 1
 51 |      authentication {
 52 |          auth_type PASS
 53 |          auth_pass 1111
 54 |      }
 55 |      virtual_ipaddress {
 56 |          172.16.83.99
 57 |      }
 58 | }
 59 | 
 60 | virtual_server 118.144.83.99 80 {
 61 |      delay_loop 6
 62 |      lb_algo wrr
 63 |      lb_kind DR
 64 |      nat_mask 255.255.255.0
 65 |      #persistence_timeout 50
 66 |      protocol TCP
 67 |      real_server 118.144.83.110 80 {
 68 |          weight 3
 69 |          TCP_CHECK {
 70 |          connect_timeout 1
 71 |          nb_get_retry 3
 72 |          connect_port 80
 73 |          }
 74 |      }
 75 |      real_server 118.144.83.111 80 {
 76 |          weight 3
 77 |          TCP_CHECK {
 78 |          connect_timeout 1
 79 |          nb_get_retry 3
 80 |          connect_port 80
 81 |          }
 82 |      }
 83 | }
 84 | 
 85 | 
 86 | virtual_server 172.16.83.99 3306 {
 87 |      delay_loop 6
 88 |      lb_algo wrr
 89 |      lb_kind DR
 90 |      nat_mask 255.255.255.0
 91 |      persistence_timeout 10
 92 |      protocol TCP
 93 |      real_server 172.16.83.118 3306 {
 94 |          weight 3
 95 |          TCP_CHECK {
 96 |          connect_timeout 10
 97 |          nb_get_retry 3
 98 |          connect_port 3306
 99 | 	 delay_before_retry 3
100 |          }
101 |      }
102 |      real_server 172.16.83.119 3306 {
103 |          weight 3
104 |          TCP_CHECK {
105 |          connect_timeout 10
106 |          nb_get_retry 3
107 |          connect_port 3306
108 | 	 delay_before_retry 3
109 |          }
110 |      }
111 | }
112 | 


--------------------------------------------------------------------------------
/kickstart/crypt.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/kickstart/crypt.txt


--------------------------------------------------------------------------------
/kickstart/default:
--------------------------------------------------------------------------------
 1 | default linux
 2 | prompt 1
 3 | timeout 1
 4 | 
 5 | display boot.msg
 6 | 
 7 | menu background splash.jpg
 8 | menu title Welcome to CentOS 6.5!
 9 | menu color border 0 #ffffffff #00000000
10 | menu color sel 7 #ffffffff #ff000000
11 | menu color title 0 #ffffffff #00000000
12 | menu color tabmsg 0 #ffffffff #00000000
13 | menu color unsel 0 #ffffffff #00000000
14 | menu color hotsel 0 #ff000000 #ffffffff
15 | menu color hotkey 7 #ffffffff #ff000000
16 | menu color scrollbar 0 #ffffffff #00000000
17 | 
18 | label linux
19 | kernel vmlinuz
20 | append ks=http://10.10.67.11/ks.cfg initrd=initrd.img ksdevice=em1  #ksdevice=em1防止安装过程中提示选择网卡，多网卡服务器使用
21 | 


--------------------------------------------------------------------------------
/kickstart/ks.cfg:
--------------------------------------------------------------------------------
 1 | auth --useshadow --passalgo=sha512  #用户密码的加密方式
 2 | key --skip 
 3 | bootloader --location=mbr
 4 | clearpart --all --initlabel
 5 | text
 6 | firewall --disabled
 7 | firstboot --disable
 8 | keyboard us
 9 | lang en_US
10 | logging --level=info
11 | url --url=http://10.10.67.11/pxe/
12 | network --device=em1 bootproto=dhcp --onboot=yes
13 | rootpw admincp
14 | selinux --disabled
15 | timezone Asia/Shanghai
16 | #xconfig --defaultdesktop=GNOME -depth=8 --resolution=640x480
17 | zerombr yes  #任何磁盘上的无效分区表都将被初始化
18 | part /boot --fstype="ext4"  --size=512
19 | part / --fstype="ext4"  --size=20480
20 | part /var --fstype="ext4"  --size=20480
21 | part /home --fstype="ext4"  --size=20480
22 | part /tmp --fstype="ext4"  --size=10240
23 | part swap --fstype="swap" --size=8196
24 | part /Data --fstype="ext4"  --grow --size=1
25 | %packages
26 | @base
27 | 
28 | #安装后将执行的命令
29 | %post
30 | makdir /root/post_test
31 | sed -i 's/#Port/Port/' /etc/ssh/sshd_config


--------------------------------------------------------------------------------
/kickstart/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/kickstart/readme.txt


--------------------------------------------------------------------------------
/kvm/kvm-install:
--------------------------------------------------------------------------------
 1 | yum install kvm libvirt python-virtinst qemu-kvm virt-viewer
 2 | 
 3 | #挂载光盘
 4 | mount  /dev/cdrom   /mnt
 5 | #修改yum源为本地光盘
 6 | 
 7 | #在宿主机上安装kvm套件
 8 | yum groupinstall kvm
 9 | 
10 | #加载kvm模块
11 | modprobe kvm
12 | modprobe kvm_intel #需要cpu支持虚拟化并在bios中开启该支持
13 | 
14 | #创建40G大小的虚拟磁盘
15 | dd if=/dev/zero  of=/kvm/kvm01.img  bs=2M count=20480
16 | 
17 | #生成10img，格式：qcow2，这种格式随容量大小变化，直到超过限定值。生成很快，文件也很小，拷贝很方便。 
18 | qemu-img create -f qcow2 centos.img  10G 
19 | 
20 | #修改宿主机网卡设置，添加网桥
21 | vi  /etc/sysconfig/network-script/ifc-eth0  #现有的真实网卡
22 | 
23 | DEVICE=eth0
24 | HWADDR=
25 | BOOTPROTO=no
26 | ONBOOT=yes
27 | TYPE=Ethernet
28 | BRIDGE=br0
29 | 
30 | 
31 | vi /etc/sysconfig/network-script/ifc-br0 #添加的网桥
32 | 
33 | DEVICE=br0
34 | BOOTPROTO=static
35 | IPADDR=124.238.252.249
36 | NETMASK=255.255.255.0
37 | GATEWAY=
38 | TYPE=Bridge
39 | 
40 | # 将光盘内容复制为本机上的iso文件
41 | dd  if=/dev/cdrom  of=/opt/rhel.iso  bs=2048
42 | 
43 | #在虚拟磁盘上创建第一个虚拟机
44 | virt-install -n kvm01 -r 2048 --vcpus=2 -no-acpi -f /kvm/kvm01.img  --vnc -c /opt/rhel.iso
45 | 
46 | #克隆虚拟机
47 | virt-clone --connect=qemu:///system -o blog-web-1 -n blog-web-2 -f /var/lib/libvirt/images/blog-web-2.img 
48 | #在克隆之前现行修改网卡信息（注释掉HAADDR，修改ip地址）
49 | 
50 | #使用已有的虚拟机配置文件创建新的虚拟机
51 | virsh dumpxml node1 >/etc/libvirt/qemu/node2.xml
52 | vi  /etc/libvirt/qeme/node2.xml
53 | virsh  define  /etc/libvirt/qemu/node2.xml
54 | virsh  start  node2
55 | 
56 | #虚拟机管理
57 | 
58 | #配置文件
59 | /etc/libvirt/qeum/node_name.xml
60 | #编辑虚拟机配置文件
61 | virsh  edit  node_name
62 | 
63 | #虚拟机开启vnc
64 | 
65 | <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1' keymap='en-us'/>
66 |    #port='-1' autoport='yes'：port自动分配，监听回环网络（virt-manager管理需要listen='127.0.0.1'）,无密码
67 | 改为
68 | <graphics type='vnc' port='5904' autoport='no' listen='0.0.0.0' keymap='en-us' passwd='xiaobai'/>
69 | #固定vnc管理端口5904，不自动分配，vnc密码xiaobai，监听所有网络
70 | 
71 | 
72 | virsh  list
73 | virsh  destroy #强行关闭
74 | virsh  create  /etc/libvirt/qeum/kvm01.xml  #使用配置文件启动虚拟机
75 | virt-viwer  -c qemu///system  
76 | 
77 | #
78 | # push test
79 | 


--------------------------------------------------------------------------------
/kvm/kvm.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/kvm/kvm.docx


--------------------------------------------------------------------------------
/kvm/kvm01.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/kvm/kvm01.xml


--------------------------------------------------------------------------------
/kvm/rhel-debuginfo.repo:
--------------------------------------------------------------------------------
 1 | [rhel-debuginfo]
 2 | 
 3 | name=Red Hat Enterprise Linux $releasever - $basearch - Debug
 4 | 
 5 | baseurl=file:///mnt/Server
 6 | 
 7 | enabled=1
 8 | 
 9 | gpgcheck=0
10 | 
11 | 
12 | [Cluster]
13 | 
14 | name=Red Hat Enterprise Linux $releasever - $basearch - Cluster
15 | 
16 | baseurl= file:///mnt/Cluster
17 | 
18 | enabled=1
19 | 
20 | gpgcheck=0
21 | 
22 | 
23 | [ClusterStorage]
24 | 
25 | name=Red Hat Enterprise Linux $releasever - $basearch - ClusterStorage
26 | 
27 | baseurl= file:///mnt/ClusterStorage
28 | 
29 | enabled=1
30 | 
31 | gpgcheck=0
32 | 
33 | 
34 | [Server]
35 | 
36 | name=Red Hat Enterprise Linux $releasever - $basearch - Server
37 | 
38 | baseurl= file:///mnt/Server
39 | 
40 | enabled=1
41 | 
42 | gpgcheck=0
43 | 
44 | 
45 | [VT]
46 | 
47 | name=Red Hat Enterprise Linux $releasever - $basearch - VT
48 | 
49 | baseurl= file:///mnt/VT
50 | 
51 | enabled=1
52 | 
53 | gpgcheck=0
54 | 


--------------------------------------------------------------------------------
/lamp/http-conf/extra/httpd-default.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # This configuration file reflects default settings for Apache HTTP Server.
 3 | #
 4 | # You may change these, but chances are that you may not need to.
 5 | #
 6 | 
 7 | #
 8 | # Timeout: The number of seconds before receives and sends time out.
 9 | #
10 | Timeout 5
11 | 
12 | #
13 | # KeepAlive: Whether or not to allow persistent connections (more than
14 | # one request per connection). Set to "Off" to deactivate.
15 | #
16 | KeepAlive On
17 | 
18 | #
19 | # MaxKeepAliveRequests: The maximum number of requests to allow
20 | # during a persistent connection. Set to 0 to allow an unlimited amount.
21 | # We recommend you leave this number high, for maximum performance.
22 | #
23 | MaxKeepAliveRequests 150
24 | 
25 | #
26 | # KeepAliveTimeout: Number of seconds to wait for the next request from the
27 | # same client on the same connection.
28 | #
29 | KeepAliveTimeout 5
30 | 
31 | #
32 | # UseCanonicalName: Determines how Apache constructs self-referencing 
33 | # URLs and the SERVER_NAME and SERVER_PORT variables.
34 | # When set "Off", Apache will use the Hostname and Port supplied
35 | # by the client.  When set "On", Apache will use the value of the
36 | # ServerName directive.
37 | #
38 | UseCanonicalName Off
39 | 
40 | #
41 | # AccessFileName: The name of the file to look for in each directory
42 | # for additional configuration directives.  See also the AllowOverride 
43 | # directive.
44 | #
45 | AccessFileName .htaccess
46 | 
47 | #
48 | # ServerTokens
49 | # This directive configures what you return as the Server HTTP response
50 | # Header. The default is 'Full' which sends information about the OS-Type
51 | # and compiled in modules.
52 | # Set to one of:  Full | OS | Minor | Minimal | Major | Prod
53 | # where Full conveys the most information, and Prod the least.
54 | #
55 | ServerTokens Prod
56 | 
57 | #
58 | # Optionally add a line containing the server version and virtual host
59 | # name to server-generated pages (internal error documents, FTP directory 
60 | # listings, mod_status and mod_info output etc., but not CGI generated 
61 | # documents or custom error documents).
62 | # Set to "EMail" to also include a mailto: link to the ServerAdmin.
63 | # Set to one of:  On | Off | EMail
64 | #
65 | ServerSignature Off
66 | 
67 | #
68 | # HostnameLookups: Log the names of clients or just their IP addresses
69 | # e.g., www.apache.org (on) or 204.62.129.132 (off).
70 | # The default is off because it'd be overall better for the net if people
71 | # had to knowingly turn this feature on, since enabling it means that
72 | # each client request will result in AT LEAST one lookup request to the
73 | # nameserver.
74 | #
75 | HostnameLookups Off
76 | 


--------------------------------------------------------------------------------
/lamp/http-conf/extra/httpd-mpm.conf:
--------------------------------------------------------------------------------
  1 | #
  2 | # Server-Pool Management (MPM specific)
  3 | # 
  4 | 
  5 | #
  6 | # PidFile: The file in which the server should record its process
  7 | # identification number when it starts.
  8 | #
  9 | # Note that this is the default PidFile for most MPMs.
 10 | #
 11 | <IfModule !mpm_netware_module>
 12 |     PidFile "logs/httpd.pid"
 13 | </IfModule>
 14 | 
 15 | #
 16 | # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
 17 | #
 18 | <IfModule !mpm_winnt_module>
 19 | <IfModule !mpm_netware_module>
 20 | LockFile "logs/accept.lock"
 21 | </IfModule>
 22 | </IfModule>
 23 | 
 24 | #
 25 | # Only one of the below sections will be relevant on your
 26 | # installed httpd.  Use "apachectl -l" to find out the
 27 | # active mpm.
 28 | #
 29 | 
 30 | # prefork MPM
 31 | # StartServers: number of server processes to start
 32 | # MinSpareServers: minimum number of server processes which are kept spare
 33 | # MaxSpareServers: maximum number of server processes which are kept spare
 34 | # MaxClients: maximum number of server processes allowed to start
 35 | # MaxRequestsPerChild: maximum number of requests a server process serves
 36 | <IfModule mpm_prefork_module>
 37 |     StartServers         5
 38 |     MinSpareServers      5
 39 |     MaxSpareServers      10
 40 |     ServerLimit          600
 41 |     MaxClients           500
 42 |     MaxRequestsPerChild   800
 43 | </IfModule>
 44 | 
 45 | # worker MPM
 46 | # StartServers: initial number of server processes to start
 47 | # MaxClients: maximum number of simultaneous client connections
 48 | # MinSpareThreads: minimum number of worker threads which are kept spare
 49 | # MaxSpareThreads: maximum number of worker threads which are kept spare
 50 | # ThreadsPerChild: constant number of worker threads in each server process
 51 | # MaxRequestsPerChild: maximum number of requests a server process serves
 52 | <IfModule mpm_worker_module>
 53 |     StartServers          2
 54 |     MaxClients          150
 55 |     MinSpareThreads      25
 56 |     MaxSpareThreads      75 
 57 |     ThreadsPerChild      25
 58 |     MaxRequestsPerChild   0
 59 | </IfModule>
 60 | 
 61 | # BeOS MPM
 62 | # StartThreads: how many threads do we initially spawn?
 63 | # MaxClients:   max number of threads we can have (1 thread == 1 client)
 64 | # MaxRequestsPerThread: maximum number of requests each thread will process
 65 | <IfModule mpm_beos_module>
 66 |     StartThreads            10
 67 |     MaxClients              50
 68 |     MaxRequestsPerThread 10000
 69 | </IfModule>
 70 | 
 71 | # NetWare MPM
 72 | # ThreadStackSize: Stack size allocated for each worker thread
 73 | # StartThreads: Number of worker threads launched at server startup
 74 | # MinSpareThreads: Minimum number of idle threads, to handle request spikes
 75 | # MaxSpareThreads: Maximum number of idle threads
 76 | # MaxThreads: Maximum number of worker threads alive at the same time
 77 | # MaxRequestsPerChild: Maximum  number of requests a thread serves. It is 
 78 | #                      recommended that the default value of 0 be set for this
 79 | #                      directive on NetWare.  This will allow the thread to 
 80 | #                      continue to service requests indefinitely.                          
 81 | <IfModule mpm_netware_module>
 82 |     ThreadStackSize      65536
 83 |     StartThreads           250
 84 |     MinSpareThreads         25
 85 |     MaxSpareThreads        250
 86 |     MaxThreads            1000
 87 |     MaxRequestsPerChild      0
 88 |     MaxMemFree             100
 89 | </IfModule>
 90 | 
 91 | # OS/2 MPM
 92 | # StartServers: Number of server processes to maintain
 93 | # MinSpareThreads: Minimum number of idle threads per process, 
 94 | #                  to handle request spikes
 95 | # MaxSpareThreads: Maximum number of idle threads per process
 96 | # MaxRequestsPerChild: Maximum number of connections per server process
 97 | <IfModule mpm_mpmt_os2_module>
 98 |     StartServers           2
 99 |     MinSpareThreads        5
100 |     MaxSpareThreads       10
101 |     MaxRequestsPerChild    0
102 | </IfModule>
103 | 
104 | # WinNT MPM
105 | # ThreadsPerChild: constant number of worker threads in the server process
106 | # MaxRequestsPerChild: maximum  number of requests a server process serves
107 | <IfModule mpm_winnt_module>
108 |     ThreadsPerChild      150
109 |     MaxRequestsPerChild    0
110 | </IfModule>
111 | 
112 | 


--------------------------------------------------------------------------------
/lamp/http-conf/extra/httpd-vhosts.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Virtual Hosts
 3 | #
 4 | # If you want to maintain multiple domains/hostnames on your
 5 | # machine you can setup VirtualHost containers for them. Most configurations
 6 | # use only name-based virtual hosts so the server doesn't need to worry about
 7 | # IP addresses. This is indicated by the asterisks in the directives below.
 8 | #
 9 | # Please see the documentation at 
10 | # <URL:http://httpd.apache.org/docs/2.2/vhosts/>
11 | # for further details before you try to setup virtual hosts.
12 | #
13 | # You may use the command line option '-S' to verify your virtual host
14 | # configuration.
15 | 
16 | #
17 | # Use name-based virtual hosting.
18 | #
19 | NameVirtualHost *:80
20 | 
21 | #
22 | # VirtualHost example:
23 | # Almost any Apache directive may go into a VirtualHost container.
24 | # The first VirtualHost section is used for all requests that do not
25 | # match a ServerName or ServerAlias in any <VirtualHost> block.
26 | #
27 | <VirtualHost *:80>
28 |     DocumentRoot "/data/www"
29 |     ServerName localhost
30 |     #ServerAlias www.dummy-host.example.com
31 |     #RewriteEngine on
32 |     #RewriteCond %{HTTP_HOST} ^abc\.org [NC]
33 |     #RewriteRule ^(.*)$ http://www.abc.com/$1 [R=permanent,L]
34 |     #RewriteCond %{HTTP_HOST} !^www.abc\.com [NC]
35 |     #RewriteRule ^/(.*) /error.html [L]
36 |     ErrorLog "|usr/local/sbin/cronolog /data/logs/error/error_%Y%m%d.log"
37 |     CustomLog "|/usr/local/sbin/cronolog /data/logs/access/access_%Y%m%d.log" combined
38 | </VirtualHost>
39 | 


--------------------------------------------------------------------------------
/lamp/lamp_32.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lamp/lamp_32.sh


--------------------------------------------------------------------------------
/lamp/mysql.user.sql:
--------------------------------------------------------------------------------
 1 | -- MySQL dump 10.13  Distrib 5.5.27, for Linux (i686)
 2 | --
 3 | -- Host: localhost    Database: mysql
 4 | -- ------------------------------------------------------
 5 | -- Server version	5.5.27-log
 6 | 
 7 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 8 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
 9 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
10 | /*!40101 SET NAMES gbk */;
11 | /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
12 | /*!40103 SET TIME_ZONE='+00:00' */;
13 | /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
14 | /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
15 | /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
16 | /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
17 | 
18 | --
19 | -- Table structure for table `user`
20 | --
21 | 
22 | DROP TABLE IF EXISTS `user`;
23 | /*!40101 SET @saved_cs_client     = @@character_set_client */;
24 | /*!40101 SET character_set_client = utf8 */;
25 | CREATE TABLE `user` (
26 |   `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
27 |   `User` char(16) COLLATE utf8_bin NOT NULL DEFAULT '',
28 |   `Password` char(41) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL DEFAULT '',
29 |   `Select_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
30 |   `Insert_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
31 |   `Update_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
32 |   `Delete_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
33 |   `Create_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
34 |   `Drop_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
35 |   `Reload_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
36 |   `Shutdown_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
37 |   `Process_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
38 |   `File_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
39 |   `Grant_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
40 |   `References_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
41 |   `Index_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
42 |   `Alter_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
43 |   `Show_db_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
44 |   `Super_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
45 |   `Create_tmp_table_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
46 |   `Lock_tables_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
47 |   `Execute_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
48 |   `Repl_slave_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
49 |   `Repl_client_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
50 |   `Create_view_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
51 |   `Show_view_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
52 |   `Create_routine_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
53 |   `Alter_routine_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
54 |   `Create_user_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
55 |   `Event_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
56 |   `Trigger_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
57 |   `Create_tablespace_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
58 |   `ssl_type` enum('','ANY','X509','SPECIFIED') CHARACTER SET utf8 NOT NULL DEFAULT '',
59 |   `ssl_cipher` blob NOT NULL,
60 |   `x509_issuer` blob NOT NULL,
61 |   `x509_subject` blob NOT NULL,
62 |   `max_questions` int(11) unsigned NOT NULL DEFAULT '0',
63 |   `max_updates` int(11) unsigned NOT NULL DEFAULT '0',
64 |   `max_connections` int(11) unsigned NOT NULL DEFAULT '0',
65 |   `max_user_connections` int(11) unsigned NOT NULL DEFAULT '0',
66 |   `plugin` char(64) COLLATE utf8_bin DEFAULT '',
67 |   `authentication_string` text COLLATE utf8_bin,
68 |   PRIMARY KEY (`Host`,`User`)
69 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Users and global privileges';
70 | /*!40101 SET character_set_client = @saved_cs_client */;
71 | 
72 | --
73 | -- Dumping data for table `user`
74 | --
75 | 
76 | LOCK TABLES `user` WRITE;
77 | /*!40000 ALTER TABLE `user` DISABLE KEYS */;
78 | INSERT INTO `user` VALUES ('localhost','root','*897F89E43B915C47FA5769CDD90A24AF32CE733A','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0,0,'','');
79 | /*!40000 ALTER TABLE `user` ENABLE KEYS */;
80 | UNLOCK TABLES;
81 | /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
82 | 
83 | /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
84 | /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
85 | /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
86 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
87 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
88 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
89 | /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
90 | 
91 | -- Dump completed on 2012-09-05  5:57:21
92 | 


--------------------------------------------------------------------------------
/lamp/sysctl.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lamp/sysctl.conf


--------------------------------------------------------------------------------
/lftp/readme.txt:
--------------------------------------------------------------------------------
 1 | #在用lftp访问国内一些ftp服务器时，往往看到的中文是乱码,这是由于服务器和本地编码不一致造成的。我们只要在主目录下新建一个文件~/.lftprc或者~/.lftp/rc,并在其中加入以下内容：
 2 | 
 3 | debug 3
 4 | set ftp:charset GBK
 5 | set file:charset UTF-8
 6 | #set ftp:passtive-mode no
 7 | #alias utf8 " set ftp:charset UTF-8"
 8 | #alias gbk " set ftp:charset GBK"
 9 | 
10 | # lftp连接方式
11 | lftp -u username,passwd -p 21 ftp.exam.com
12 | lftp username:passwd@ftp.exam.com:port
13 | lftp ftp://user:passwd@exam.com:port
14 | lftp sftp://user:passwd@exam.com:port
15 | lftp username@exam.com:port
16 | 
17 | 
18 | #lftp连接使用ssl加密
19 | 
20 | lftp
21 | lftp :~> set ftp:ssl-force yes
22 | lftp :~> set ssl:verify-certificate no # 如果证书是受信任的，略过此步骤
23 | lftp :~> connect username@exam.com:port
24 | #也可直接将这两个变量写到~/.lftp/rc中,但是一旦写入rc中就成为全局配置，将无法连接不支持ssl的ftp服务器.
25 | 
26 | 
27 | #bookmark
28 | #显示所有书签
29 | bookmark
30 | 
31 | #添加书签
32 | bookmark add  66.53  ftp://www@10.10.66.53:21220
33 | 
34 | #删除
35 | bookmark del 66.53
36 | 
37 | #使用书签
38 | lftp 66.53
39 | 
40 | 
41 | 
42 | 


--------------------------------------------------------------------------------
/lnmp/Zend Opcache.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/Zend Opcache.txt


--------------------------------------------------------------------------------
/lnmp/cutlog.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # This script run at 00:00
 3 | # cut yesterday log and gzip the day before yesterday log files.
 4 | # yesterday logs to awstats
 5 | 
 6 | # The Nginx logs path
 7 | logs_from_path="/usr/local/nginx/logs/"
 8 | logs_to_path="/data/logs/nginx/"
 9 | 
10 | DAY=`date -d '-1 day' +%Y%m%d`
11 | DAY_BEFORE=`date -d '-2 day' +%Y%m%d`
12 | NGINX=/usr/local/nginx/sbin/nginx
13 | 
14 | #begin
15 | for i in bbs cms train job phper uc
16 | do
17 |     mv ${logs_from_path}$i-access.log  ${logs_to_path}access/$i-$DAY.log
18 | done
19 | mv ${logs_from_path}access.log  ${logs_to_path}access/access-$DAY.log
20 | mv ${logs_from_path}error.log  ${logs_to_path}error/error-$DAY.log
21 | 
22 | $NGINX -s reopen
23 | 
24 | gzip -9  ${logs_to_path}access/*${DAY_BEFORE}.log
25 | gzip -9  ${logs_to_path}error/error-$DAY.log
26 | find ${logs_to_path}access -mtime +30 | xargs -i rm -rf {}
27 | find ${logs_to_path}error -mtime +30 | xargs -i rm -rf {}


--------------------------------------------------------------------------------
/lnmp/iptables:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.3.5 on Wed Jul 20 16:22:45 2011
 2 | *nat
 3 | :PREROUTING ACCEPT [625:44365]
 4 | :POSTROUTING ACCEPT [10:1067]
 5 | #blog-web-1
 6 | -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.122.119:80
 7 | -A PREROUTING -i br0 -p tcp -m tcp --dport 2201 -j DNAT --to-destination 192.168.122.117:22
 8 | -A PREROUTING -i br0 -p tcp -m tcp --dport 2202 -j DNAT --to-destination 192.168.122.118:22
 9 | -A PREROUTING -i br0 -p tcp -m tcp --dport 5666 -j DNAT --to-destination 192.168.122.117:5666
10 | -A PREROUTING -i br0 -p tcp -m tcp --dport 5667 -j DNAT --to-destination 192.168.122.118:5666
11 | #output
12 | -A POSTROUTING -s 192.168.122.0/255.255.255.0  -j SNAT --to-source 10.8.33.21
13 | COMMIT
14 | # Generatea by iptabes-save v1.3.5 on Wed Jul 20 16:22:45 2011
15 | *filter
16 | :INPUT DROP [0:0]
17 | :FORWARD ACCEPT [6579:984621]
18 | :OUTPUT ACCEPT [5509:4582680]
19 | -A INPUT -i lo -j ACCEPT
20 | -A INPUT -i virbr0 -j ACCEPT
21 | -A INPUT -i br0 -j ACCEPT
22 | -A INPUT -i br0 -p tcp -m tcp --dport 22 -j ACCEPT
23 | -A INPUT -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
24 | -A INPUT -i br0 -s 10.8.20.20 -j ACCEPT
25 | -A INPUT -i br0 -s 10.8.20.100 -j ACCEPT
26 | -A INPUT -i br0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
27 | -A INPUT -i br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
28 | -A INPUT -i br0 -m state --state INVALID -j DROP
29 | COMMIT
30 | # Completed on Wed Jul 20 16:22:45 2011
31 | 


--------------------------------------------------------------------------------
/lnmp/iptables.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/iptables.sh


--------------------------------------------------------------------------------
/lnmp/iptables_vps_master:
--------------------------------------------------------------------------------
 1 | # Generated by iptables-save v1.3.5 on Wed Jul 20 16:22:45 2011
 2 | *nat
 3 | :PREROUTING ACCEPT [625:44365]
 4 | :POSTROUTING ACCEPT [10:1067]
 5 | :OUTPUT ACCEPT [3:723]
 6 | #phpchina.com
 7 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 22110 -j DNAT --to-destination 192.168.122.110:22 
 8 | #wintest
 9 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 4001 -j DNAT --to-destination 192.168.122.101:3389 
10 | # wintest-cwrsync
11 | #-A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 873 -j DNAT --to-destination 192.168.122.101:873 
12 | #vps100-ssh
13 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 22100 -j DNAT --to-destination 192.168.122.100:22 
14 | #Tvps-ssh
15 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 22106 -j DNAT --to-destination 192.168.122.106:22 
16 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 8080 -j DNAT --to-destination 192.168.122.106:8080 
17 | #eduvps-ssh
18 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 22108 -j DNAT --to-destination 192.168.122.108:22 
19 | #cactivps-ssh
20 | -A PREROUTING -i eth0 -p tcp -m state --state NEW --dport 22109 -j DNAT --to-destination 192.168.122.109:22 
21 | #output
22 | -A POSTROUTING -s 192.168.122.0/255.255.255.0  -j MASQUERADE 
23 | COMMIT
24 | # Completed on Wed Jul 20 16:22:45 2011
25 | # Generated by iptables-save v1.3.5 on Wed Jul 20 16:22:45 2011
26 | *filter
27 | :INPUT DROP [0:0]
28 | :FORWARD DROP [6579:984621]
29 | :OUTPUT DROP [5509:4582680]
30 | :RH-Firewall-1-INPUT - [0:0]
31 | -A INPUT  -m state --state INVALID -j LOG --log-prefix "DROP VALID"  --log-ip-optioins --log-tcp-options
32 | -A INPUT  -m state --state INVALID -j DROP 
33 | -A INPUT -i lo -j ACCEPT 
34 | -A INPUT -i virbr0 -j ACCEPT 
35 | -A INPUT -i eth0 -p tcp --syn -m state --state NEW --dport 22111 -j ACCEPT 
36 | -A INPUT -i eth0 -p tcp --syn -m state --state NEW --dport 80 -j ACCEPT 
37 | -A INPUT -i eth0 -p icmp  --icmp-type echo-request -j ACCEPT 
38 | -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
39 | -A FORWARD -m state --state INVALID -j DROP
40 | -A FORWARD -p tcp -s 192.168.122.0/255.255.255.0 --dport 80 --syn -m state --state NEW -j ACCEPT
41 | -A FORWARD -p tcp -s 192.168.122.0/255.255.255.0 --dport 3690 --syn -m state --state NEW -j ACCEPT
42 | -A FORWARD -p tcp -s 192.168.122.0/255.255.255.0 --dport 5666 --syn -m state --state NEW -j ACCEPT
43 | -A FORWARD -p tcp -s 192.168.122.0/255.255.255.0 --dport 22 --syn -m state --state NEW -j ACCEPT
44 | -A FORWARD -p tcp -s 192.168.122.0/255.255.255.0 --dport 25 --syn -m state --state NEW -j ACCEPT
45 | -A FORWARD -p udp -s 192.168.122.0/255.255.255.0 --dport 53 -m state --state NEW -j ACCEPT
46 | -A FORWARD -p tcp -i eth0 --dport 22 --syn -m state --state NEW -j ACCEPT
47 | -A FORWARD -p tcp -i eth0 --dport 80 --syn -m state --state NEW -j ACCEPT
48 | -A FORWARD -p tcp -i eth0 --dport 3690 --syn -m state --state NEW -j ACCEPT
49 | -A FORWARD -p tcp -i eth0 --dport 3389 --syn -m state --state NEW -j ACCEPT
50 | -A FORWARD -p tcp -i eth0 --dport 5666 --syn -m state --state NEW -j ACCEPT
51 | -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
52 | -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
53 | -A OUTPUT -m state --state INVALID -j DROP
54 | -A OUTPUT -o lo -j ACCEPT
55 | -A OUTPUT -o virbr0 -j ACCEPT
56 | #-A OUTPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
57 | -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
58 | -A OUTPUT -p tcp --dport 25 --syn -m state --state NEW -j ACCEPT
59 | -A OUTPUT -p udp --dport 123 -m state --state NEW -j ACCEPT
60 | -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
61 | #-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
62 | -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
63 | COMMIT
64 | # Completed on Wed Jul 20 16:22:45 2011
65 | 


--------------------------------------------------------------------------------
/lnmp/iptables_web.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | echo "[+] Setting up Defult policy..."
 3 | iptables -P INPUT DROP
 4 | iptables -P FORWARD DROP
 5 | iptables -P OUTPUT DROP
 6 | 
 7 | echo "[+] Setting up INPUT chain..."
 8 | -A INPUT  -m state --state INVALID -j LOG --log-prefix "DROP VALID"  --log-ip-optioins --log-tcp-options
 9 | iptables -A INPUT -m state --state INVALID -j DROP
10 | iptables -A INPUT -i lo -j ACCEPT 
11 | #开放http
12 | iptables -A INPUT -i eth0 -p tcp --dport 80  --syn -m state --state NEW -j ACCEPT 
13 | #开放ssh
14 | iptables -A INPUT -i eth0 -p tcp --dport 22 --syn -m state --state NEW  -j ACCEPT 
15 | #ICMP
16 | iptables -A INPUT -P icmp --icmp-type echo-request -j ACCEPT
17 | 
18 | #SYN洪水攻击
19 | #iptables -A INPUT -p tcp –syn -m limit –limit 1/s -j ACCEPT
20 | #屏蔽 SYN_RECV 的连接
21 | #iptables -A INPUT -p tcp  –tcp-flags SYN,RST,ACK SYN -m limit –limit 1/sec -j ACCEPT
22 | 
23 | #封包状态
24 | iptables -A INPUT -i eth0  -m state --state ESTABLISHED,RELATED -j ACCEPT
25 | 
26 | echo "[+] Setting up OUTPUT chain..."
27 | iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID" --log-ip-options --log-tcp-options
28 | iptables -A OUTPUT -m state --state INVALID -j DROP
29 | iptables -A OUTPUT -o lo -j ACCEPT 
30 | #dns
31 | iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
32 | #开放邮件发送
33 | iptables -A OUTPUT -p tcp  --dport 25 --syn -m state --state NEW -j ACCEPT 
34 | #允许服务器发起http请求
35 | iptables -A OUTPUT -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT 
36 | #ICMP 
37 | iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
38 | #封包状态
39 | iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
40 | 
41 | iptables save
42 | echo "[+] Done."
43 | 
44 | 
45 | 


--------------------------------------------------------------------------------
/lnmp/lnmp_32.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/lnmp_32.sh


--------------------------------------------------------------------------------
/lnmp/lnmp_64.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/lnmp_64.sh


--------------------------------------------------------------------------------
/lnmp/my-mini.cnf:
--------------------------------------------------------------------------------
 1 | [client]
 2 | default-character-set=utf8
 3 | port = 3306
 4 | socket = /tmp/mysql.sock
 5 | [mysqld]
 6 | character-set-server = utf8
 7 | collation-server = utf8_general_ci
 8 | #replicate-ignore-db = mysql
 9 | #replicate-ignore-db = test
10 | #replicate-ignore-db = information_schema
11 | user = mysql
12 | port = 3306
13 | socket  = /tmp/mysql.sock
14 | basedir = /usr/local/mysql
15 | datadir = /data/mysql/data
16 | log-error = /data/mysql/mysql_error.log
17 | pid-file = /data/mysql/mysql.pid
18 | open_files_limit    = 600
19 | back_log = 20
20 | max_connections = 50
21 | max_connect_errors = 100
22 | external-locking = FALSE
23 | max_allowed_packet = 4M
24 | sort_buffer_size = 128K
25 | join_buffer_size = 128K
26 | thread_cache_size = 10
27 | thread_concurrency = 4
28 | query_cache_size = 0M
29 | query_cache_limit = 2M
30 | query_cache_min_res_unit = 2k
31 | default-storage-engine = MyISAM
32 | thread_stack = 192K
33 | transaction_isolation = READ-COMMITTED
34 | tmp_table_size = 512K
35 | max_heap_table_size = 32M
36 | long_query_time = 3
37 | log-slave-updates
38 | log-bin = /data/mysql/binlog/binlog
39 | binlog_cache_size = 2M
40 | binlog_format = MIXED
41 | max_binlog_cache_size = 4M
42 | max_binlog_size =512M
43 | expire-logs-days = 7
44 | #relay-log-index = /data/mysql/relaylog/relaylog
45 | #relay-log-info-file = /data/mysql/relaylog/relaylog
46 | #relay-log = /data/mysql/relaylog/relaylog
47 | key_buffer_size = 4M
48 | read_buffer_size = 1M
49 | read_rnd_buffer_size = 2M
50 | bulk_insert_buffer_size = 2M
51 | myisam_sort_buffer_size = 4M
52 | myisam_max_sort_file_size = 10G
53 | myisam_repair_threads = 1
54 | ;myisam_recover
55 | 
56 | interactive_timeout = 120
57 | wait_timeout = 120
58 | 
59 | skip-name-resolve
60 | slave-skip-errors = 1032,1062,126,1114,1146,1048,1396
61 | server-id = 1
62 | 
63 | ;innodb_additional_mem_pool_size = 16M
64 | ;innodb_buffer_pool_size = 512M
65 | ;innodb_data_file_path = ibdata1:256M:autoextend
66 | ;innodb_file_io_threads = 4
67 | ;innodb_thread_concurrency = 8
68 | ;innodb_flush_log_at_trx_commit = 2
69 | ;innodb_log_buffer_size = 16M
70 | ;innodb_log_file_size = 128M
71 | ;innodb_log_files_in_group = 3
72 | ;innodb_max_dirty_pages_pct = 90
73 | ;innodb_lock_wait_timeout = 120
74 | ;innodb_file_per_table = 0
75 | 
76 | slow_query_log
77 | slow_query_log_file = /data/mysql/slow.log
78 | long_query_time = 1
79 | log-queries-not-using-indexes
80 | 
81 | [mysqldump]
82 | quick
83 | max_allowed_packet = 4M
84 | 


--------------------------------------------------------------------------------
/lnmp/my.cnf:
--------------------------------------------------------------------------------
 1 | [client]
 2 | default-character-set=gbk
 3 | port = 3306
 4 | socket = /tmp/mysql.sock
 5 | [mysqld]
 6 | character-set-server = gbk
 7 | collation-server = gbk_chinese_ci
 8 | #replicate-ignore-db = mysql
 9 | #replicate-ignore-db = test
10 | #replicate-ignore-db = information_schema
11 | user = mysql
12 | port = 3306
13 | socket  = /tmp/mysql.sock
14 | basedir = /usr/local/mysql
15 | datadir = /data/mysql/data
16 | log-error = /data/mysql/mysql_error.log
17 | pid-file = /data/mysql/mysql.pid
18 | open_files_limit    = 10240
19 | back_log = 600
20 | max_connections = 5000
21 | max_connect_errors = 6000
22 | table_cache = 614
23 | external-locking = FALSE
24 | max_allowed_packet = 32M
25 | sort_buffer_size = 1M
26 | join_buffer_size = 1M
27 | thread_cache_size = 300
28 | thread_concurrency = 8
29 | query_cache_size = 512M
30 | query_cache_limit = 2M
31 | query_cache_min_res_unit = 2k
32 | default-storage-engine = MyISAM
33 | thread_stack = 192K
34 | transaction_isolation = READ-COMMITTED
35 | tmp_table_size = 246M
36 | max_heap_table_size = 246M
37 | long_query_time = 3
38 | log-slave-updates
39 | log-bin = /data/mysql/binlog/binlog
40 | binlog_cache_size = 4M
41 | binlog_format = MIXED
42 | max_binlog_cache_size = 8M
43 | max_binlog_size = 1G
44 | expire-logs-days = 30
45 | relay-log-index = /data/mysql/relaylog/relaylog
46 | relay-log-info-file = /data/mysql/relaylog/relaylog
47 | relay-log = /data/mysql/relaylog/relaylog
48 | expire_logs_days = 30
49 | key_buffer_size = 256M
50 | read_buffer_size = 1M
51 | read_rnd_buffer_size = 16M
52 | bulk_insert_buffer_size = 64M
53 | myisam_sort_buffer_size = 128M
54 | myisam_max_sort_file_size = 10G
55 | myisam_repair_threads = 1
56 | ;myisam_recover
57 | 
58 | interactive_timeout = 120
59 | wait_timeout = 120
60 | 
61 | skip-name-resolve
62 | slave-skip-errors = 1032,1062,126,1114,1146,1048,1396
63 | 
64 | server-id = 1
65 | 
66 | ;innodb_additional_mem_pool_size = 16M
67 | ;innodb_buffer_pool_size = 512M
68 | ;innodb_data_file_path = ibdata1:256M:autoextend
69 | ;innodb_file_io_threads = 4
70 | ;innodb_thread_concurrency = 8
71 | ;innodb_flush_log_at_trx_commit = 2
72 | ;innodb_log_buffer_size = 16M
73 | ;innodb_log_file_size = 128M
74 | ;innodb_log_files_in_group = 3
75 | ;innodb_max_dirty_pages_pct = 90
76 | ;innodb_lock_wait_timeout = 120
77 | ;innodb_file_per_table = 0
78 | 
79 | log-slow-queries = /data/mysql/slow.log
80 | long_query_time = 1
81 | log-queries-not-using-indexes
82 | 
83 | [mysqldump]
84 | quick
85 | max_allowed_packet = 32M
86 | 


--------------------------------------------------------------------------------
/lnmp/mysql_backup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #DB_DIR=/usr/local/mysql/data
 3 | #Modify 2010 08 10
 4 | #by shidegang
 5 | 
 6 | BACK_DIR=/data/bak/mysql
 7 | 
 8 | DB_LST=/tmp/db.lst
 9 | 
10 | DATE=`date +%Y-%m-%d` 
11 | 
12 | export PATH=$PATH:/usr/local/mysql/bin
13 | 
14 | mysql -u root -p'' -e 'show databases' > $DB_LST
15 | 
16 | [ ! -d $BACK_DIR ] && mkdir -p $BACK_DIR
17 | for i in $(grep -vE "Database|information_schema|test" $DB_LST)
18 | do
19 | 	mysqldump --user='root' --passwor='' --default-character-set=utf8  $i > $BACK_DIR/$i-$DATE.sql
20 | 	[ "$PWD" != "$BACK_DIR" ] && cd $BACK_DIR 
21 | 	gzip  -f $BACK_DIR/$i-$DATE.sql
22 | done
23 | 
24 | 
25 | find $BACK_DIR -mtime +7 | xargs -i rm -rf {}
26 | 


--------------------------------------------------------------------------------
/lnmp/nginx-mini.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/nginx-mini.conf


--------------------------------------------------------------------------------
/lnmp/nginx-proxy-master.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/nginx-proxy-master.conf


--------------------------------------------------------------------------------
/lnmp/nginx-proxy-vhost.com:
--------------------------------------------------------------------------------
 1 | server {
 2 | 	listen 80;
 3 | 	server_name www.phpchina.com phpchina.com;
 4 | 	if ($host != 'www.phpchina.com'){
 5 |  		rewrite ^/(.*) http://www.phpchina.com/$1 permanent;
 6 |  	}
 7 | 	access_log off;
 8 | 	if  ( $fastcgi_script_name ~ \..*\/.*php )  {
 9 |                  return 403;
10 |         }
11 | 
12 |     #目录后自动添加“/”
13 |     if (-d $request_filename){
14 |         rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
15 |     }
16 |     
17 | 	location / {
18 |                 proxy_set_header   Host   $host;
19 |                 proxy_set_header   X-Real-IP  $remote_addr;
20 | 				proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
21 |                 proxy_pass http://192.168.122.110;
22 |         }
23 | }	
24 | 


--------------------------------------------------------------------------------
/lnmp/nginx.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/nginx.conf


--------------------------------------------------------------------------------
/lnmp/sysctl.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/lnmp/sysctl.conf


--------------------------------------------------------------------------------
/lnmp/tomcat/install.sh:
--------------------------------------------------------------------------------
 1 | #jave-jdk
 2 | 
 3 | #http://www.oracle.com/technetwork/java/javase/downloads/index.html
 4 | 
 5 | chmod  +x  jdk-6u37-linux-x64.bin
 6 | 
 7 | ./jdk-6u37-linux-x64.bin #安装完成后将生成jdk1.6.0_37目录
 8 | 
 9 | mv  jdk1.6.0_37  /usr/local/
10 | 
11 | #修改环境变量
12 | #最好不要直接修改/etc/profile文件，而是通过修改用户家目录下的.bashrc文件来单独为制定用户设置环境变量
13 | 
14 | echo -ne "JAVA_HOME=/usr/local/jdk1.6.0_37\nPATH=$PATH:$JAVA_HOME/bin\nCLASSPATH=.:JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar\nexport JAVA_HOME PATH CLASSPATH" >> .bashrc
15 | 
16 | #测试是否安装成功
17 | java -version
18 | 
19 | #tomcat
20 | 
21 | #http://mirror.olnevhost.net/pub/apache/tomcat/tomcat-7/v7.0.33/bin/apache-tomcat-7.0.33.tar.gz
22 | 
23 | tar zxvf apache-tomcat-7.0.33.tar.gz  
24 | 
25 | mv tar zxvf apache-tomcat-7.0.33  /usr/local/tomcat
26 | 
27 | $tomcat_home/bin/startup.sh | shutdown.sh 
28 | 
29 | #修改tomcat根目录
30 | 
31 | $tomcat_home/conf/server.xml
32 | <Host name="localhost"  appBase="webapps" unpackWARs="true" autoDeploy="true">
33 | <Context path="" docBase="/data/www/zhonggong/bbs" debug="0" reloadable="true" crossContext="true" /> #这一句是自行添加的
34 | 


--------------------------------------------------------------------------------
/loganalyzer/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/loganalyzer/install.sh


--------------------------------------------------------------------------------
/lvs+keepalived/install.sh:
--------------------------------------------------------------------------------
 1 | # CentOS-6
 2 | 
 3 | yum install kernel-devel
 4 | 
 5 | yum install popt popt-devel popt-static libnl libnl-devel
 6 | 
 7 | tar zxvf ipvsadm-1.26.tar.gz && cd ipvsadm-1.26
 8 | 
 9 | make && make install
10 | 
11 | 
12 | ####real_server的sysctl.conf######
13 | 
14 | ##必须关闭arp解析功能##
15 | net.ipv4.conf.lo.arp_ignore = 1
16 | net.ipv4.conf.lo.arp_announce = 2
17 | net.ipv4.conf.all.arp_ignore = 1
18 | net.ipv4.conf.all.arp_announce = 2
19 | 
20 | 
21 | 
22 | 
23 | #keepalived
24 | 
25 | tar zxvf keepalived-1.2.8.tar.gz && cd keepalived-1.2.8
26 | 
27 | ./configure && make && make install
28 | 
29 | cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
30 | 
31 | cp /usr/local/etc/sysconfig/keepalived  /etc/sysconfig/
32 | 
33 | mkdir /etc/keepalived
34 | 
35 | cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
36 | 
37 | cp /usr/local/sbin/keepalived /usr/sbin/
38 | 


--------------------------------------------------------------------------------
/mysql/mysql-slave.sh:
--------------------------------------------------------------------------------
 1 | mysql> 		
 2 | 
 3 | flush tables with readlock;
 4 | 
 5 | show master status;
 6 | 
 7 | 
 8 | slave stop;
 9 | 
10 | change master to
11 | master_host='192.168.48.128',
12 | master_user='backup',
13 | master_password='backup',
14 | master_log_file='mysql-bin.000003',
15 | master_log_pos=1826803;
16 | 
17 | slave start;
18 | 1826803
19 | show slave status\G;jfjb
20 | 


--------------------------------------------------------------------------------
/mysql/mysql_del_root.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/mysql/mysql_del_root.sh


--------------------------------------------------------------------------------
/mysql/mysqlsla.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/mysql/mysqlsla.txt


--------------------------------------------------------------------------------
/mysql/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/mysql/readme.txt


--------------------------------------------------------------------------------
/nagios/hostgroup.cfg:
--------------------------------------------------------------------------------
1 | define hostgroup{
2 |         hostgroup_name  linux-servers ; The name of the hostgroup
3 |         alias           Linux Servers ; Long name of the group
4 |         members         localhost     ; Comma separated list of hosts that belong to this group
5 |         }
6 | 


--------------------------------------------------------------------------------
/nagios/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/nagios/install.sh


--------------------------------------------------------------------------------
/nagios/qhappy_check_nginx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | PROGNAME=`basename $0`
 4 | VERSION="Version 1.0,"
 5 | AUTHOR="2011, Qhappy (http://www.9ai9.net/) lxy1234@163.com"
 6 | 
 7 | #exit status
 8 | ST_OK=0
 9 | ST_WR=1
10 | ST_CR=2
11 | ST_UK=3
12 | 
13 | function PrintHelp(){
14 |         echo "A This Program is a plug  of nagios to monitor WebServer , special for Nginx!";
15 |         echo "This Program base on  WebServer's respond status report an emergency ";
16 |         echo "It usefull on nginx repond 502 and 504 status";
17 |         echo "$AUTHOR";
18 |         echo "How to use Eg 1";
19 |         echo "$PROGNAME --url http://www.9ai9.net/index.php";
20 |         echo "How to use Eg 2";
21 |         echo "$PROGNAME -host www.9ai9.net --url http://174.36.186.59/index.php";
22 |         echo "www.9ai9.net and 174.36.186.69 replace of you site and IP!"
23 | }
24 | 
25 | while test -n "$1";do
26 |         case "$1" in
27 |                 --help|-h)
28 |                         PrintHelp
29 |                         exit $ST_UK
30 |                         ;;
31 |                 --url|-u)
32 |                         URL=$2
33 |                         shift
34 |                         ;;
35 |                 --host|-H)
36 |                         HOST=$2
37 |                         shift
38 |                         ;;
39 |                 *)
40 |                         echo "fail"
41 |                         exit $ST_UK
42 |                         ;;
43 |         esac
44 |         shift
45 | done
46 | 
47 | if [  -n "$HOSTNAME" ] ;then
48 |         HTTP_STATUS=`curl -s -I  "$URL" |head -n1|awk '{print $2}'`
49 | else 
50 |         HTTP_STATUS=`curl -s -I host:$HOSTNAME "$URL"|head -n1|awk '{print $2}'`
51 | fi
52 | if [ ! -n "$HTTP_STATUS" ] ;then
53 |         HTTP_STATUS="CONNET_ERROR"
54 | fi
55 | 
56 | case $HTTP_STATUS in
57 |         200)
58 |         echo "OK HTTP $HTTP_STATUS ";
59 |         exit $ST_OK;
60 |         ;;
61 |         500|502|504|CONNET_ERROR)
62 |         echo "CRITICAL $HTTP_STATUS $URL";
63 |         exit $ST_CR;
64 |         ;;
65 |         *)
66 |         echo "WARNING $HTTP_STATUS";
67 |         exit $ST_WR
68 |         ;;
69 | esac
70 | 


--------------------------------------------------------------------------------
/nfs-iptables/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/nfs-iptables/readme.txt


--------------------------------------------------------------------------------
/nfs/client.sh:
--------------------------------------------------------------------------------
 1 | #客户端同样需要启动portmap,centos6之后是rpcbind
 2 | service  (portmap|rpcbind)  start
 3 | 
 4 | 
 5 | showmount -e (ip)  #扫描服务器共享信息
 6 | 
 7 | #挂载服务器共享目录到本地，挂载参数可控
 8 | mount -t nfs -o rw,ro,bg,fg,nosuid,nodev,noexec,soft,hard,intr,rsize=,wsize=  ip:/data/nfs  /mnt
 9 | 
10 | #autofs自动挂载
11 | #主要配置文件 auto.master
12 | vi  /etc/auto.master
13 | /home   /etc/auto.nfs  #auto.nfs文件名为自定义
14 | 
15 | #具体配置文件 auto.nfs
16 | vi  /etc/auto.nfs
17 | 
18 | public  -rw,bg,soft,rsize=2048,wsize=2048  10.0.8.2:/data/pub
19 | software  -ro,bg,soft,rsize=2048,wsize=2048  10.0.8.2:/data/software
20 | ……
21 | #当试图读取本机的/home/public目录时，本机就会自动去挂载10.0.8.2上的/data/public目录，挂载的参数就是以"-"开头的那几个参数。而超过一定时间不使用，系统又会自动卸载这个远程挂载。
22 | 
23 | service autofs start
24 | 


--------------------------------------------------------------------------------
/nfs/server.sh:
--------------------------------------------------------------------------------
 1 | #安装
 2 | yum install portmap # 从centos6开始 portmap 变成rpcbind
 3 | yum install nfs-utils
 4 | 
 5 | #centos6 安装
 6 | 
 7 | yum install nfs-utils prcbind
 8 | #设置共享目录，共享参数是重点，这些参数中有部分参数在CENTOS6的新版本NFS中不再可用，比如no_root_suqash no_hide，应该是出于安全性考虑
 9 | vi  /etc/exports
10 | /data/nfs  10.0.8.2(rw,ro,sync,async,secure,insecure,root_suqash,no_root_suqash,all_suqash,anonuid=,anongid=,hide,no_hide,subtree_check,no_subtree_check) #注意这里是空格  *(ro)
11 | 
12 | #anonuid  anongid这两个参数指定了匿名访问nfs目录的用户uid,当在客户端用root访问挂载的nfs目录是，root的身份会被自动映射为一个普通用户，默认这个用户是nfsnobody,如果服务端的exports文件设置了anonuid参数，则root会映射为anonuid指定的那个用户
13 | 
14 | #启动服务
15 | service portmap/rpcbind start
16 | service nfs start
17 | 
18 | #管理
19 | showmount -e  localhost #显示共享信息
20 | exportfs -ar  #重新加载exprots文件，使新的挂载参数生效
21 | 


--------------------------------------------------------------------------------
/nginx+keepalived/install.sh:
--------------------------------------------------------------------------------
 1 | wget http://www.keepalived.org/software/keepalived-1.2.10.tar.gz
 2 | 
 3 | yum install popt-devel openssl openssl-devel libnl-devel
 4 | 
 5 | tar zxvf keepalived-1.2.10.tar.gz  &&  cd keepalived-1.2.10
 6 | 
 7 | ./configure --prefix=/usr/local/keepalived
 8 | 
 9 | make
10 | 
11 | make install
12 | 
13 | cp /usr/local/keepalived/sbin/keepalived  /usr/sbin
14 | cp /usr/local/keepalived/etc/rc.d/init.d/keepalived  /etc/init.d/keepalived
15 | cp /usr/local/keepalived/etc/sysconfig/keepalived   /etc/sysconfig/
16 | 
17 | mkdir /etc/keepalived
18 | 
19 | touch /etc/keepalived/keepalived.conf
20 | 


--------------------------------------------------------------------------------
/nginx+keepalived/keepalived.conf:
--------------------------------------------------------------------------------
 1 | ! Configuration File for keepalived
 2 | global_defs {
 3 | #   notification_email {    ####此处定义发生替换会邮件通知
 4 | #     cuimingkun@yinwuweiye.com
 5 | #   }
 6 | #   notification_email_from keepalived@domain.com
 7 | #   smtp_server 127.0.0.1
 8 | #   smtp_connect_timeout 30
 9 |    router_id NGINX_BACK
10 | }
11 | vrrp_script chk_http_port {
12 |                 script "/usr/local/sbin/nginx_pid.sh" ##监控脚本位置
13 |                 interval 2
14 |                 weight 2
15 | }
16 | vrrp_instance VI_1 {
17 |     state MASTER        #####备机为BACKUP
18 |     interface eth1
19 |     virtual_router_id 51
20 |     priority 100        #####备机要小于主
21 |     advert_int 1
22 |     track_script {
23 |        chk_http_port
24 |     }
25 |     authentication {
26 |         auth_type PASS
27 |         auth_pass 1111
28 |     }
29 |     virtual_ipaddress {
30 | #        118.145.0.41  ####虚拟IP
31 | 		118.145.0.36/28
32 |     }
33 | }
34 | 


--------------------------------------------------------------------------------
/nginx+keepalived/nginx_pid.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | A=`ps -C nginx --no-header |wc -l`           
 3 | if [ $A -eq 0 ];then                                    
 4 | 	/Data/app/nginx/sbin/nginx -c /Data/app/nginx/conf/nginx.conf
 5 |         sleep 3
 6 | 	if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
 7 | 		killall keepalived
 8 |         fi
 9 | fi
10 | 


--------------------------------------------------------------------------------
/nginx+pathinfo/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/nginx+pathinfo/readme.txt


--------------------------------------------------------------------------------
/nginx+tomcat/install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/nginx+tomcat/install.txt


--------------------------------------------------------------------------------
/nginx_location/readme.txt:
--------------------------------------------------------------------------------
 1 | #nginx的location匹配
 2 | 
 3 | # 匹配类型
 4 | ~ #波浪线表示执行一个正则匹配，区分大小写
 5 | ~* #表示执行一个正则匹配，不区分大小写
 6 | ^~ #^~表示普通字符匹配，如果该选项匹配，只匹配该选项，不匹配别的选项，一般用来匹配目录
 7 | = #进行普通字符精确匹配
 8 | @ #"@" 定义一个命名的 location，使用在内部定向时，例如 error_page, try_files
 9 | 
10 | # 匹配优先级
11 | 
12 | 1  = 精确匹配,优先级最高。如果发现精确匹配，nginx不再尝试他匹配。
13 | 
14 | 2  ^~普通字符匹配,一旦匹配到指定的字符就不再尝试匹配其他location，优先级高于等效的正则匹配
15 | 
16 | 3  ~和~* 正则表达式匹配，后边跟的必须是正则表达式。如果找到相应的匹配，则nginx停止搜索其他匹配；多个正则表达式都匹配的话按照location出现的先后顺序匹配。
17 | 
18 | 4  不带^标记的普通字符匹配，【也就是location /image/这样的】优先级最低。当没有正则表达式或者没有正则表达式被匹配的情况下，那么匹配程度最高的逐字匹配指令会被使用。
19 | 
20 | 5  也就是,=最高，其次是带^的普通字符匹配，然后是正则，最后才是普通的字符匹配。正则跟正则之间，先被读取的生效，字符与字符之间，匹配度最高的，也就是最长匹配生效。
21 | 
22 | #举例说明匹配顺序
23 | 
24 | location  = / {
25 |   # 只匹配"/".
26 |   [ configuration A ] 
27 | }
28 | location  / {
29 |   # 匹配任何请求，因为所有请求都是以"/"开始
30 |   # 但是更长字符匹配或者正则表达式匹配会优先匹配
31 |   [ configuration B ] 
32 | }
33 | location ^~ /images/ {
34 |   # 匹配任何以 /images/ 开始的请求，并停止匹配 其它location
35 |   [ configuration C ] 
36 | }
37 | location ~* \.(gif|jpg|jpeg)$ {
38 |   # 匹配以 gif, jpg, or jpeg结尾的请求. 
39 |   # 但是所有 /images/ 目录的请求将由 [Configuration C]处理.   
40 |   [ configuration D ] 
41 | }
42 | 
43 | / -> 符合configuration A
44 | /documents/document.html -> 符合configuration B
45 | /images/1.gif -> 符合configuration C
46 | /documents/1.jpg ->符合 configuration D
47 | 
48 | # @location
49 | 
50 | error_page 404 = @fetch;
51 | 
52 | location @fetch(
53 | proxy_pass http://fetch;
54 | )
55 | 


--------------------------------------------------------------------------------
/nodejs/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/nodejs/readme.txt


--------------------------------------------------------------------------------
/ntop/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/ntop/readme.txt


--------------------------------------------------------------------------------
/openssl/readme.txt:
--------------------------------------------------------------------------------
 1 | #openssl升级
 2 | wget  http://www.openssl.org/source/openssl-1.0.1g.tar.gz
 3 | 
 4 | 
 5 | 
 6 | tar zxvf openssl-1.0.1g.tar.gz
 7 | cd openssl-1.0.1g
 8 | ./config shared zlib
 9 | make
10 | make install
11 | mv /usr/bin/openssl /usr/bin/openssl.OFF
12 | mv /usr/include/openssl /usr/include/openssl.OFF
13 | ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
14 | ln -s /usr/local/ssl/include/openssl /usr/include/openssl
15 | 
16 | 


--------------------------------------------------------------------------------
/openswan/ipsec.conf:
--------------------------------------------------------------------------------
 1 | # /etc/ipsec.conf - Openswan IPsec configuration file
 2 | 
 3 | # This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
 4 | #
 5 | # Manual:     ipsec.conf.5
 6 | 
 7 | 
 8 | version	2.0	# conforms to second version of ipsec.conf specification
 9 | 
10 | # basic configuration
11 | config setup
12 | 	# Do not set debug options to debug configuration issues!
13 | 	# plutodebug / klipsdebug = "all", "none" or a combation from below:
14 | 	# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
15 | 	# eg:
16 | 	# plutodebug="control parsing"
17 | 	# Again: only enable plutodebug or klipsdebug when asked by a developer
18 | 	#
19 | 	# enable to get logs per-peer
20 | 	# plutoopts="--perpeerlog"
21 | 	#
22 | 	# Enable core dumps (might require system changes, like ulimit -C)
23 | 	# This is required for abrtd to work properly
24 | 	# Note: incorrect SElinux policies might prevent pluto writing the core
25 | 	dumpdir=/var/run/pluto/
26 | 	#
27 | 	# NAT-TRAVERSAL support, see README.NAT-Traversal
28 | 	nat_traversal=yes
29 | 	# exclude networks used on server side by adding %v4:!a.b.c.0/24
30 | 	# It seems that T-Mobile in the US and Rogers/Fido in Canada are
31 | 	# using 25/8 as "private" address space on their 3G network.
32 | 	# This range has not been announced via BGP (at least upto 2010-12-21)
33 | 	virtual_private=%v4:10.10.66.0/24,%v4:10.10.64.0/24,%v4:10.10.203.0/24,%v4:192.168.0.0/16,%v4:172.16.3.0/24,%v4:172.16.83.0/24,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
34 | 	# OE is now off by default. Uncomment and change to on, to enable.
35 | 	oe=off
36 | 	# which IPsec stack to use. auto will try netkey, then klips then mast
37 | 	protostack=netkey
38 | 	# Use this to log to a file, or disable logging on embedded systems (like openwrt)
39 | 	#plutostderrlog=/dev/null
40 | 
41 | # Add connections here
42 | 
43 | # sample VPN connection
44 | # for more examples, see /etc/ipsec.d/examples/
45 | #conn sample
46 | #		# Left security gateway, subnet behind it, nexthop toward right.
47 | #		left=10.0.0.1
48 | #		leftsubnet=172.16.0.0/24
49 | #		leftnexthop=10.22.33.44
50 | #		# Right security gateway, subnet behind it, nexthop toward left.
51 | #		right=10.12.12.1
52 | #		rightsubnet=192.168.0.0/24
53 | #		rightnexthop=10.101.102.103
54 | #		# To authorize this connection, but not actually start it, 
55 | #		# at startup, uncomment this.
56 | #		#auto=add
57 | conn net-net
58 |         ike=3des-md5
59 |         authby=secret
60 |         keyingtries=0
61 |         left=118.145.0.200          
62 |         leftsubnet=10.10.66.0/24
63 |         leftnexthop=%defaultroute  
64 |         right=58.20.61.68
65 |         rightsubnet=10.10.203.0/24
66 |         rightnexthop=%defaultroute
67 |         compress=no
68 |         auto=start
69 | 


--------------------------------------------------------------------------------
/openswan/readme.txt:
--------------------------------------------------------------------------------
 1 | #试验环境 Centos5.6,最高可使用2.6.38，版本再高则无法编译通过####
 2 | 
 3 | ###在CentOS6.4上2.6.40可以编译通过，应该是已内核版本2.6.23为界####
 4 | ##download from  https://download.openswan.org/openswan/ ####
 5 | 
 6 | ###deps#####
 7 | yum install gmp-devel flex bison-devel
 8 | 
 9 | tar zxvf openswan-2.6.38.tar.gz && cd openswan-2.6.38 && make programs && make install
10 | 
11 | uname -r 查看一下内核版本
12 | export KERNELSRC= /usr/src/kernels/2.6.32-220.17.1.el6.x86_64/##这里的目录选择以上一步uname-r 的结果为准
13 | make module && make minstall
14 | depmod -a
15 | modprobe ipsec
16 | 
17 | ipsec --version
18 | Linux Openswan U2.6.38/K(no kernel code presently loaded)
19 | See `ipsec --copyright' for copyright information.
20 | 
21 | ###start####
22 | service ipsec start
23 | 
24 | ###sysctl.conf#####  sysctl -a | egrep "ipv4.*(accept|send)_redirects" | awk -F "=" '{print $1"= 0"}' >> /etc/sysctl.conf
25 | 
26 | 
27 | net.ipv4.ip_forward = 1 
28 | net.ipv4.conf.default.rp_filter = 0
29 | net.ipv4.conf.all.accept_redirects = 0
30 | net.ipv4.conf.all.send_redirects = 0
31 | net.ipv4.conf.default.accept_redirects = 0
32 | net.ipv4.conf.default.send_redirects = 0
33 | net.ipv4.conf.lo.accept_redirects = 0
34 | net.ipv4.conf.lo.send_redirects = 0
35 | net.ipv4.conf.em1.accept_redirects = 0
36 | net.ipv4.conf.em1.send_redirects = 0
37 | net.ipv4.conf.em4.accept_redirects = 0
38 | net.ipv4.conf.em4.send_redirects = 0
39 | net.ipv4.conf.em3.accept_redirects = 0
40 | net.ipv4.conf.em3.send_redirects = 0
41 | net.ipv4.conf.em2.accept_redirects = 0
42 | net.ipv4.conf.em2.send_redirects = 0
43 | 
44 | ######test#######
45 | ipsec verify
46 | 
47 | 
48 | ##################生成key(左右两端命令一样)#####
49 | mv  /dev/random  /dev/random.back
50 | ln -s  /dev/urandom  /dev/random
51 | ipsec newhostkey --output /etc/ipsec.secrets 
52 | 
53 | ###/etc/ipsec.secrets添加以下内容,两段公网ip ，123456是共享密钥##
54 | 118.145.0.38 118.144.83.20 : PSK "123456"
55 | 
56 | 
57 | #######ipsec.conf########
58 | version	2.0	
59 | config setup
60 | dumpdir=/var/run/pluto/
61 | nat_traversal=yes
62 | virtual_private=%v4:10.10.66.0/24,%v4:192.168.0.0/16,%v4:172.16.3.0/24,%v4:172.16.83.0/24,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
63 | oe=off
64 | protostack=auto
65 | 
66 | conn net-net
67 |         ike=3des-md5
68 |         authby=secret
69 |         keyingtries=0
70 |         left=118.145.0.200          
71 |         leftsubnet=10.10.66.0/24
72 |         leftrsasigkey=123456
73 |         leftnexthop=%defaultroute  
74 |         right=118.144.83.121
75 |         rightsubnet=172.16.83.0/24
76 |         rightrsasigkey=123456
77 |         rightnexthop=%defaultroute
78 |         compress=no
79 |         auto=start
80 | 
81 | 


--------------------------------------------------------------------------------
/openvpn/client.txt:
--------------------------------------------------------------------------------
 1 | 1.下载客户端，安装：
 2 | http://vpntech.googlecode.com/files/openvpn-2.1.1-gui-1.0.3-install-cn-64bit.zip
 3 |  
 4 | 2.将服务端打包文件解压，并将包内ca.crt、client1.crt、client1.key复制到安装目录的config下.
 5 |  
 6 | 3.在config下创建client.ovpn文件
 7 | 内容如下：
 8 | -----------------------
 9 | # 定义是一个客户端
10 | client
11 |  
12 | # 定义使用路由IP模式，与服务端一致
13 | ;dev tap
14 | dev tun
15 |  
16 | # 定义Windows下使用的网卡名称,linux不需要
17 | ;dev-node MyTap
18 |  
19 | # 定义使用的协议，与服务端一致
20 | ;proto tcp
21 | proto tcp
22 |  
23 | # 指定服务端地址和端口,可以用多行指定多台服务器
24 | # 实现负载均衡（从上往下尝试）
25 | remote 192.168.100.90 1194
26 | ;remote my-server-2 1194
27 |  
28 | # 若上面配置了多台服务器，让客户端随机连接
29 | ;remote-random
30 |  
31 | # 解析服务器域名
32 | # Keep trying indefinitely to resolve the
33 | # host name of the OpenVPN server. Very useful
34 | # on machines which are not permanently connected
35 | # to the internet such as laptops.
36 | resolv-retry infinite
37 |  
38 | # 客户端不需要绑定端口
39 | # Most clients do not need to bind to
40 | # a specific local port number.
41 | nobind
42 |  
43 | # 也是为了让Openvpn也nobody运行（安全）
44 | # 注意：Windows不能设置
45 | ;user nobody
46 | ;group nobody
47 |  
48 | # Try to preserve some state across restarts.
49 | persist-key
50 | persist-tun
51 | # 若客户端通过HTTP Proxy，在这里设置
52 | # 要使用Proxy，不能使用UDP为VPN的通讯协议
53 | ;http-proxy-retry # retry on connection failures
54 | ;http-proxy [proxy server] [proxy port #]
55 | # 无线网络有很多多余的头文件，设置忽略它
56 | ;mute-replay-warnings
57 | # 重点，就是指定ca和客户端的证书
58 | ca ca.crt
59 | cert client1.crt
60 | key client1.key
61 | # 如果服务端打开了PAM认证模块，客户端需要另其有效
62 | ;auth-user-pass
63 | # 一些安全措施
64 | # Verify server certificate by checking
65 | # that the certicate has the nsCertType
66 | # field set to "server". This is an
67 | # important precaution to protect against
68 | # a potential attack discussed here:
69 | # http://openvpn.net/howto.html#mitm
70 | #
71 | # To use this feature, you will need to generate
72 | # your server certificates with the nsCertType
73 | # field set to "server". The build-key-server
74 | # script in the easy-rsa folder will do this.
75 | ;ns-cert-type server
76 |  
77 | # If a tls-auth key is used on the server
78 | # then every client must also have the key.
79 | ;tls-auth ta.key 1
80 |  
81 | # Select a cryptographic cipher.
82 | # If the cipher option is used on the server
83 | # then you must also specify it here.
84 | ;cipher x
85 |  
86 | # 使用lzo压缩，与服务端一致
87 | comp-lzo
88 |  
89 | # Set log file verbosity.
90 | verb 3
91 | # Silence repeating messages
92 | ;mute 20
93 | -----------------------
94 | 5.连接：
95 | 在右下角的openvpn图标上右击，选择“Connect”,若能正常分配IP，则连接成功。
96 | 


--------------------------------------------------------------------------------
/openvpn/readme.txt:
--------------------------------------------------------------------------------
  1 | ###网络设置
  2 | #### 1.开启服务器端路由转发功能
  3 | # vi /etc/sysctl.conf
  4 | net.ipv4.ip_forward = 1
  5 | sysctl -p
  6 |  
  7 | ####2.设置nat转发:
  8 | ###注：保证VPN地址池可路由出外网
  9 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
 10 | 
 11 | ###3.设置openvpn端口通过：
 12 | iptables -A INPUT -p TCP --dport 1194 -j ACCEPT
 13 | iptables -A INPUT -p TCP --dport 7505 -j ACCEPT
 14 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 15 | 
 16 | #### 3.时间同步(重要)：
 17 | yum install -y ntpdate
 18 | ntpdate asia.pool.ntp.org
 19 | 
 20 | 
 21 | ###deps####
 22 | yum install -y openssl openssl-devel lzo lzo-devel pam pam-devel automake pkgconfig make wget gcc gcc+
 23 | 
 24 | 
 25 | ##download###
 26 | https://openvpn.net/index.php/open-source/downloads.html
 27 | git clone https://github.com/OpenVPN/openvpn
 28 | git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn
 29 | 
 30 | ##install####
 31 | 
 32 | tar zxvf openvpn-2.3.4.tar.gz && cd openvpn-2.3.4 && ./configure && make && make install
 33 | 
 34 | mkdir -p /etc/openvpn
 35 | 
 36 | ###openvpn配置文件####
 37 | cp -a sample /etc/openvpn/
 38 | cp /etc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/
 39 | 
 40 | 
 41 | ###easy-rsa####
 42 | wget -c https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip
 43 | 
 44 | unzip 2.x.zip
 45 | cp -a  easy-rsa-release-2.x/easy-rsa  /etc/openvpn/
 46 | cd  /etc/openvpn/easy-rsa/2.0
 47 | vi vars
 48 | ####在后面生成服务端ca证书时，这里的配置会作为缺省配置####
 49 | export KEY_COUNTRY="CN"
 50 | export KEY_PROVINCE="BJ"
 51 | export KEY_CITY="beijing"
 52 | export KEY_ORG="example"
 53 | export KEY_EMAIL="user01@example.com"
 54 | 
 55 | ln -s openssl-1.0.0.cnf openssl.cnf
 56 | 
 57 | chmod +x vars
 58 | source ./vars
 59 | 
 60 | ####开始配置证书####
 61 | 
 62 | ##### 1.清空原有证书：
 63 | # ./clean-all
 64 | ####注：这个命令在第一次安装时可以运行，以后在添加完客户端后慎用，因为这个命令会清除所有已经生成的证书密钥，和上面的提示对应
 65 |  
 66 | 
 67 | ###  2.生成服务器端ca证书
 68 | ./build-ca
 69 | ### 注：由于之前做过缺省配置，这里一路回车即可
 70 |  
 71 | 
 72 | ####  3.生成服务器端密钥证书, 后面这个openvpn.example.com就是服务器名，也可以自定义
 73 | ./build-key-server openvpn.example.com
 74 | ###注：这个过程中会要求输入一个challenge password，一个An optional company name，还有两次y
 75 | 
 76 | 
 77 | 
 78 | ######4.生成所需客户端证书密钥文件：
 79 | # ./build-key client1
 80 | # ./build-key client2
 81 | 注：这里与生成服务端证书配置类似，中间一步提示输入服务端密码，其他按照缺省提示一路回车即可。
 82 | 
 83 | #######5.再生成diffie
 84 | #hellman参数，用于增强openvpn安全性（生成需要漫长等待）####./build-dh
 85 | 
 86 | 
 87 | ###6.打包keys
 88 | tar zcvf keys.tar.gz keys/
 89 | ####打包的文件发送给客户端
 90 | 
 91 | ###配置openvpn server####
 92 | #内容见server.conf##
 93 | 
 94 | 
 95 | 
 96 | ####创建日志目录：
 97 | mkdir -p /var/log/openvpn/
 98 | 
 99 | ###启动###
100 | 
101 | openvpn --config /etc/openvpn/server.conf &
102 | 


--------------------------------------------------------------------------------
/openvpn/server.conf:
--------------------------------------------------------------------------------
  1 | # 设置监听IP，默认是监听所有IP
  2 | ;local a.b.c.d
  3 | # 设置监听端口，必须要对应的在防火墙里面打开
  4 | port 1194
  5 | # 设置用TCP还是UDP协议？
  6 | ;proto tcp
  7 | proto tcp
  8 | # 设置创建tun的路由IP通道，还是创建tap的以太网通道
  9 | # 路由IP容易控制，所以推荐使用它；但如果如IPX等必须
 10 | # 使用第二层才能通过的通讯，则可以用tap方式，tap也
 11 | # 就是以太网桥接
 12 | ;dev tap
 13 | dev tun
 14 | # Windows需要给网卡一个名称，这里设置，linux不需要
 15 | ;dev-node MyTap
 16 | # 这里是重点，必须指定SSL/TLS root certificate (ca),
 17 | # certificate(cert), and private key (key)
 18 | # ca文件是服务端和客户端都必须使用的，但不需要ca.key
 19 | # 服务端和客户端指定各自的.crt和.key
 20 | # 请注意路径,可以使用以配置文件开始为根的相对路径,
 21 | # 也可以使用绝对路径
 22 | # 请小心存放.key密钥文件
 23 | ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
 24 | cert /etc/openvpn/easy-rsa/2.0/keys/openvpn.example.com.crt
 25 | key /etc/openvpn/easy-rsa/2.0/keys/openvpn.example.com.key
 26 | # This file should be kept secret
 27 |  
 28 | # 指定Diffie hellman parameters.
 29 | dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
 30 |  
 31 | # 配置VPN使用的网段，OpenVPN会自动提供基于该网段的DHCP
 32 | # 服务，但不能和任何一方的局域网段重复，保证唯一
 33 | server 10.8.0.0 255.255.255.0
 34 |  
 35 | # 维持一个客户端和virtual IP的对应表，以方便客户端重新
 36 | # 连接可以获得同样的IP
 37 | ifconfig-pool-persist ipp.txt
 38 |  
 39 | # 配置为以太网桥模式,但需要使用系统的桥接功能
 40 | # 这里不需要使用
 41 | ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
 42 |  
 43 | # 为客户端创建对应的路由,以另其通达公司网内部服务器
 44 | # 但记住，公司网内部服务器也需要有可用路由返回到客户端
 45 | ;push "route 192.168.20.0 255.255.255.0"
 46 | push "route 172.24.30.0 255.255.255.0"
 47 |  
 48 | # 为特定的客户端指定IP或指定路由,该路由通常是客户端后面的
 49 | # 内网网段,而不是服务端连接的网段
 50 | # ccd是/etc/openvpn下的目录，其中建有希望限制的客户端Common
 51 | # Name为文件名的文件,并通过下面的命令写入固定IP地址
 52 | # 例如Common Name为client1,则在/etc/openvpn/ccd/client1写有：
 53 | # ifconfig-push 10.9.0.1 10.9.0.2
 54 | ;client-config-dir ccd
 55 | ;route 192.168.40.128 255.255.255.248
 56 |  
 57 | # 为可以对不同的客户端设置防火墙等权限
 58 | # 可以让其自动运行对应脚本,可参考man
 59 | ;learn-address ./script
 60 |  
 61 | # 若客户端希望所有的流量都通过VPN传输,则可以使用该语句
 62 | # 其会自动改变客户端的网关为VPN服务器,推荐关闭
 63 | # 一旦设置，请小心服务端的DHCP设置问题
 64 | ;push "redirect-gateway"
 65 |  
 66 | # 用OpenVPN的DHCP功能为客户端提供指定的DNS、WINS等
 67 | ;push "dhcp-option DNS 10.8.0.1"
 68 | ;push "dhcp-option WINS 10.8.0.1"
 69 |  
 70 | # 默认客户端之间是不能直接通讯的，除非把下面的语句注释掉
 71 | client-to-client
 72 |  
 73 | # 如果您希望有相同Common Name的客户端都可以登陆
 74 | # 也可以注释下面的语句,推荐每个客户端都使用不用的Common Name
 75 | # 常用于测试
 76 | ;duplicate-cn
 77 |  
 78 | # 设置服务端检测的间隔和超时时间
 79 | keepalive 10 120
 80 |  
 81 | # 下面是一些对安全性增强的措施
 82 | # For extra security beyond that provided
 83 | # by SSL/TLS, create an "HMAC firewall"
 84 | # to help block DoS attacks and UDP port flooding.
 85 | #
 86 | # Generate with:
 87 | # openvpn --genkey --secret ta.key
 88 | #
 89 | # The server and each client must have
 90 | # a copy of this key.
 91 | # The second parameter should be 0
 92 | # on the server and 1 on the clients.
 93 | ;tls-auth ta.key 0 # This file is secret
 94 |  
 95 | # Select a cryptographic cipher.
 96 | # This config item must be copied to
 97 | # the client config file as well.
 98 | ;cipher BF-CBC # Blowfish (default)
 99 | ;cipher AES-128-CBC # AES
100 | ;cipher DES-EDE3-CBC # Triple-DES
101 |  
102 | # 使用lzo压缩的通讯,服务端和客户端都必须配置
103 | comp-lzo
104 |  
105 | # 设置最大用户数
106 | ;max-clients 100
107 |  
108 | # 让OpenVPN以nobody用户和组来运行（安全）
109 | ;user nobody
110 | ;group nobody
111 |  
112 | # The persist options will try to avoid
113 | # accessing certain resources on restart
114 | # that may no longer be accessible because
115 | # of the privilege downgrade.
116 | persist-key
117 | persist-tun
118 |  
119 | # 输出短日志,每分钟刷新一次,以显示当前的客户端
120 | status /var/log/openvpn/openvpn-status.log
121 |  
122 | # 缺省日志会记录在系统日志中，但也可以导向到其他地方
123 | # 建议调试的使用先不要设置,调试完成后再定义
124 | log /var/log/openvpn/openvpn.log
125 | log-append /var/log/openvpn/openvpn.log
126 |  
127 | # 设置日志的级别
128 | #
129 | # 0 is silent, except for fatal errors
130 | # 4 is reasonable for general usage
131 | # 5 and 6 can help to debug connection problems
132 | # 9 is extremely verbose
133 | verb 3
134 |  
135 | # Silence repeating messages. At most 20
136 | # sequential messages of the same message
137 | # category will be output to the log.
138 | ;mute 20
139 | 


--------------------------------------------------------------------------------
/pdsh/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/pdsh/readme.txt


--------------------------------------------------------------------------------
/perl/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/perl/readme.txt


--------------------------------------------------------------------------------
/postfix/postfix.txt:
--------------------------------------------------------------------------------
  1 | #检查配置文件
  2 | postfix check
  3 | 
  4 | ==================================
  5 | #启动/关闭/重加载
  6 | postfix  start|stop|relaod
  7 | #除对inet_interfaces参数做修改之外，都不必重启postfix服务，使用reload即可。
  8 | 
  9 | =========================================================
 10 | #postfix多长时间扫描一次等待队列，默认1000秒
 11 | quene_run_delay
 12 | 
 13 | =====================================================
 14 | 
 15 | #一封邮件最多有多少收件人，默认1000
 16 | smtpd_recipient_limit
 17 | 
 18 | #单封邮件的大小,默认10MB
 19 | message_size_limit 
 20 | 
 21 | ====================================================================
 22 | #同一客户端连续出错，postfix自动延迟响应时间，出错达到一定次数后断开连接
 23 | smtpd_error_sleep_time = 1s
 24 | smtpd_soft_error_limit = 10
 25 | smtpd_hard_error_limit = 20
 26 | #每次客户端出错之后，Postfix延迟1秒钟，连续10次之后，开始延长每次的延迟时间，第十一次等待11秒，第十二次等待12秒……，到达20次自动断开
 27 | 
 28 | ===================================================================
 29 | 
 30 | #伪装主机名称
 31 | masquetade_domains = 
 32 | 
 33 | =========================================
 34 | 
 35 | #投递地址发生变化。
 36 | 
 37 | relocated_maps = hash:/etc/postfix/relocated
 38 | 
 39 | #比如原来的kdent@exam.com邮箱已经不存在，更改为kdent@newexam.net,则可通过在relocated查询表中写入这样的内容：
 40 | 
 41 | kdent@exam.com   kdent@newexam.net
 42 | 
 43 | postmap  /etc/postfix/relocated
 44 | 
 45 | postfix reload
 46 | 
 47 | #这样，当用户再试图发邮件给kdent@exam.com的时候，postfix会拒收，并告诉发件人新的邮件地址
 48 | #另外，如果relocated里的内容是网域名称，则代表整个网域已经搬迁，如
 49 | 
 50 | @jiayeah.com   jiayeah.net
 51 | 
 52 | 这样Postfix会拒收所有发到jiayeah.com的邮件，并告诉发件人应该把邮件发到jiayeah.net
 53 | 
 54 | ==============================================================================
 55 | 
 56 | #postfix默认是拒收不明用户的邮件的（就是在系统账户、别名表、查询表中都找不到这个用户名），如果想收取不明用户的邮件，可以这样设置：
 57 | local_recipient_maps =
 58 | luser_relay = support
 59 | 
 60 | #local_recipient_maps参数设为空，（默认值是unix密码文件和别名表）support是一个有效的用户，那么所有的不明用户的邮件都会转到support的邮箱里。
 61 | 
 62 | ==========================================================================================
 63 | #postfix队列管理程序qmgr可以使用的磁盘空间，默认值为0,即可以无限使用，可视情况设置适当上限
 64 | queue_minfree = 
 65 | 
 66 | 
 67 | ==============================
 68 | 
 69 | #邮件列表管理
 70 | 
 71 | #显示邮件列表
 72 | 
 73 | postqueue  -p 
 74 | 
 75 | 显示内容包括标识符（Queue ID）大小 到达时间 寄件人地址 收件人地址
 76 | 如果Queue ID栏加注一个星号，代表邮件是在活动列队，加注感叹号是在保留列队，无任何符号是在等待列队
 77 | 
 78 | ==============================================
 79 | #删除队列中的邮件
 80 | 
 81 | postsuper  -d  [Queue ID]
 82 | 
 83 | postsuper -d  ALL 
 84 | 
 85 | ===========================================
 86 | 
 87 | #将邮件放进或者移出保留队列
 88 | 
 89 | postsuper -h [Queue ID]
 90 | 
 91 | postsuper -H [Queue ID]
 92 | 
 93 | ======================================================
 94 | #对邮件重新排队，也就是让邮件重新走一遍投递流程，以成功发送
 95 | 
 96 | postsuper -r [Queue ID]
 97 | postsuper -r ALL	
 98 | 
 99 | #查看队列文件的内容
100 | postcat -q [Queue ID]
101 | 
102 | #清空邮件。指的是让postfix立刻投递滞留在队列里的邮件的操作。前提是能确定邮件一定能成功投递，否则最好不要使用这个功能
103 | 
104 | postqueue -f 
105 | 
106 | #清空寄到特定站点的邮件，使用-s参数，并且收信站点要在fast_flush_domains参数之中
107 | postqueue -s example.com
108 | 
109 | #example.com一定要要包含在fast_flush_domains参数之中
110 | fast_flush_domains = $relay_domains example.com
111 | 
112 | #虚拟网域
113 | 
114 | #独立网域+虚拟账户
115 | virtual_mailbox_domains  virtual_mainbox_base  virtual_mailbox_maps
116 | 
117 | #独立网域+系统账户，邮件最终还是放到系统账户的邮箱内
118 | virttual_alias_domains   virtual_alias_maps
119 | 


--------------------------------------------------------------------------------
/postfix/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/postfix/readme.txt


--------------------------------------------------------------------------------
/psad/install.sh:
--------------------------------------------------------------------------------
 1 | #安装perl
 2 | wget http://www.cpan.org/src/5.0/perl-5.18.0.tar.gz 
 3 | tar zxvf perl-5.18.0.tar.gz
 4 | cd perl-5.18.0
 5 | ./Configure -des -Dprefix=/usr/local/perl
 6 | make
 7 | make test
 8 | make install
 9 | #替换旧版本的perl
10 | mv /usr/bin/perl /usr/bin/perl.old
11 | ln -s /usr/local/perl/bin/perl /usr/bin/perl
12 | #安装结果测试
13 | perl -v
14 | 
15 | #psad需要以下perl模块，默认并未安装，需手动添加
16 | Date::Calc
17 | IPTables::Parse
18 | Net::IPv4Addr
19 | IPTables::ChainMgr
20 | Unix::Syslog
21 | #为perl添加模块
22 | perl -MCPAN -e shell #进入CPAN
23 | cpan> reload cpan #更新cpan
24 | cpan> install <模块名>
25 | 
26 | #安装psad
27 | tar psad-2.2.tar.bz2
28 | cd psad-2.2
29 | ./install.pl #安装过程中会提示输入用来接收报警邮件的email、系统中syslog守护进程类型（syslog/syslog-ng等）等信息
30 | cp signatures /etc/psad/
31 | 


--------------------------------------------------------------------------------
/puppet/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/puppet/install.sh


--------------------------------------------------------------------------------
/pure-ftpd/install.sh:
--------------------------------------------------------------------------------
 1 | #获取软件
 2 | wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz
 3 | 
 4 | #安装
 5 | tar zxvf pure-ftpd-1.0.36.tar.gz && cd pure-ftpd-1.0.36
 6 |  ./configure --prefix=/usr/local/pure-ftpd --with-puredb --with-ftpwho --with-welcomemsg --with-virtualhosts --with-virtualchroot --with-diraliases --with-language=english --with-rfc2640 --with-tls  --with-certfile=/etc/ssl/private/pure-ftpd.pem
 7 | 
 8 | make && make install
 9 | 
10 | #参数说明
11 | --with-tls     开启ssl认证支持
12 | --with-certfile:使用的ssl证书存放位置,/etc/ssl/private/是缺省位置，如果使用缺省位置该参数可以省略
13 | 
14 | 
15 | #生成ssl证书
16 | mkdir -p /etc/ssl/private
17 | 
18 | openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
19 | 
20 | chmod 600 /etc/ssl/private/pure-ftpd.pem
21 | 
22 | #修改pure-ftpd.conf
23 | 
24 | TLS  2   仅接受加密认证 
25 | 


--------------------------------------------------------------------------------
/python/Dive.Into.Python-zh-cn-5.4-with-code.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/python/Dive.Into.Python-zh-cn-5.4-with-code.chm


--------------------------------------------------------------------------------
/python/pip_install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/python/pip_install.txt


--------------------------------------------------------------------------------
/redis/Redis.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/redis/Redis.doc


--------------------------------------------------------------------------------
/redis/install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/redis/install.txt


--------------------------------------------------------------------------------
/redis/redis.conf:
--------------------------------------------------------------------------------
 1 | daemonize yes
 2 | pidfile /Data/app/redis/var/run/redis.pid 
 3 | bind 0.0.0.0
 4 | port 6379   
 5 | timeout 30 
 6 | loglevel warning 
 7 | logfile /Data/app/redis/var/log/redis.log 
 8 | databases 16 
 9 | 
10 | save 900 1
11 | save 300 100   
12 | save 60 10000 
13 | rdbcompression yes 
14 | dbfilename dump.rdb
15 | dir /Data/app/redis/data/ 
16 | 
17 | maxclients 4096
18 | maxmemory 32gb
19 | maxmemory-policy volatile-lru
20 | 
21 | appendonly no
22 | appendfsync everysec
23 | no-appendfsync-on-rewrite no
24 | auto-aof-rewrite-percentage 100
25 | auto-aof-rewrite-min-size 64mb
26 | 
27 | slowlog-log-slower-than 10000 
28 | slowlog-max-len 1024 
29 | 


--------------------------------------------------------------------------------
/samba/readme.txt:
--------------------------------------------------------------------------------
 1 | 附：samba常用参数
 2 | 
 3 | comment: 对共享目录的备注
 4 | path：共享的路径。
 5 | allow hosts和deny hosts：允许或者拒绝的主机
 6 | writeable：目录缺省是否可写，也可以用readonly = no来设置可写
 7 | valid users：能够使用该共享资源的用户和组
 8 | invalid users：不能够使用该共享资源的用户和组
 9 | read list：只能读取该共享资源的用户和组
10 | write list：能读取和写该共享资源的用户和组
11 | admin list：能管理该共享资源（包括读写和权限赋予等）的用户和组
12 | public：该共享资源是否能给游客帐号访问，这个开关有时候也叫guest ok
13 | hide dot files：是否隐藏以“.”号开头的文件
14 | create mode：新建立的文件的属性，一般是0644
15 | directory mode：新建立的目录的属性，一般是0755
16 | sync always：对该共享资源进行写操作后是否进行同步操作
17 | short preserve case：不管文件名大小写
18 | preserve case：保持大小写
19 | 
20 | case sensitive：是否对大小写敏感，一般选no,不然可能引起错误
21 | mangle case：指明混合大小写
22 | default case：缺省的文件名是全部大写还是小写（lower/upper）
23 | force user：强制制定新建立文件的属主
24 | wide links：是否允许共享链接文件
25 | max connections = n：设定同时连接数
26 | delete readonly:能否删除共享资源里面已经被定义为只读的文件。
27 | 
28 | 
29 | 
30 | 
31 | comment = Share //定义共享目录名称，可用任意字符串 
32 | path = /home/share //设定共享目录路径 
33 | public = no //指定该共享是否允许guest账户访问 
34 | available = yes //用来指定该共享资源是否可用 
35 | admin users = itadmin //指定该共享的管理员，对该共享具有完全控制权限，如果用户验证方式设置成“security=share”时，此项无效。 
36 | valid users = +mgr,+periphery,+filemgr //用来指定允许访问该共享资源的用户，单个用户就直接写用户名，组就是“+组名” 
37 | writable = yes //是否允许写入，这项对下面的几项来说是首选，这项设置为NO，下面的create mask directory mask 等一系列预设值无效 
38 | write list = +mgr,+periphery,+filemgr //指定在该共享下有写入权限的用户 
39 | create mask= 0755 //表示新建文件的预设值，文件所有者全部权限，组内用户及其他用户可读可执行 
40 | directory mask= 0755 //表示新建目录的预设值，目录所有者全部权限，组内用户及其他用户可读可执行 
41 | browseable = no //指定该共享是否可以浏览 
42 | 


--------------------------------------------------------------------------------
/samba/smb.conf:
--------------------------------------------------------------------------------
 1 | [global]
 2 | workgroup = WORKGROUP
 3 | server string = Samba Server Version %v
 4 | netbios name = FileServer
 5 | 
 6 | ;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
 7 | allow hosts = 10.0.8. 172.169.128.
 8 | ;       deny hosts = 192.168.100.0/24
 9 | 
10 | # --------------------------- Logging Options -----------------------------
11 | log file = /var/log/samba/%m.log
12 | # max 50KB per log file, then rotate
13 | max log size = 50
14 | 
15 | security = user                               //认证模式为User
16 | map to guest = bad user              //这个很关键，实现匿名无须交互输入用户名和密码
17 | guest account = nobody              //匿名用户映射为nobody用户,系统中要有nobody用户
18 | encrypt passwords = yes             //用户的密码加密
19 | smb passwd file = /etc/samba/smbpasswd
20 | 
21 | [public]
22 | comment = public
23 | path= /data/pub/public
24 | browseable = yes                         //可以被浏览，就是在网络邻居中能看到共享名
25 | guest ok = yes                               //允许匿名访问，这个也需要设置，否则匿名无法访问
26 | admin users = 
27 | writable = yes
28 | printable = no
29 | create mask = 0644
30 | directory mask = 0755
31 | [project]
32 | comment = project
33 | path= /data/pub/project
34 | browseable = yes
35 | public = no
36 | guest ok = no
37 | write list = @train
38 | force user = root                   //强制制定建立的文件的属主
39 | printable = no
40 | create mask = 0644
41 | directory mask = 0755
42 | 


--------------------------------------------------------------------------------
/sersync/10.10.67.40/confxml.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
 2 | <head version="2.5">
 3 |     <host hostip="localhost" port="8008"></host>
 4 |     <debug start="false"/>
 5 |     <fileSystem xfs="false"/>
 6 |     <filter start="true">
 7 | 	<exclude expression="^BangFX/*"></exclude>
 8 | 	<exclude expression="^cache/*"></exclude>
 9 | 	<exclude expression="^upload/*"></exclude>
10 | 	<exclude expression="^mzt/*"></exclude>
11 |     </filter>
12 |     <inotify>
13 | 	<delete start="true"/>
14 | 	<createFolder start="true"/>
15 | 	<createFile start="false"/>
16 | 	<closeWrite start="true"/>
17 | 	<moveFrom start="true"/>
18 | 	<moveTo start="true"/>
19 | 	<attrib start="true"/>
20 | 	<modify start="true"/>
21 |     </inotify>
22 | 
23 |     <sersync>
24 | 	<localpath watch="/Data/code/mall.happigo.com">
25 | 	    <remote ip="10.10.67.41" name="web41"/>
26 | 	    <remote ip="10.10.67.42" name="web42"/>
27 | 	    <remote ip="10.10.67.43" name="web43"/>
28 | 	</localpath>
29 | 	<rsync>
30 | 	    <commonParams params="-artuz"/>
31 | 	    <auth start="true" users="rsync_user" passwordfile="/etc/rsync.pas"/>
32 | 	    <userDefinedPort start="false" port="874"/><!-- port=874 -->
33 | 	    <timeout start="true" time="100"/><!-- timeout=100 -->
34 | 	    <ssh start="false"/>
35 | 	</rsync>
36 | 	<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
37 | 	<crontab start="false" schedule="600"><!--600mins-->
38 | 	    <crontabfilter start="false">
39 | 		<exclude expression="*.php"></exclude>
40 | 		<exclude expression="info/*"></exclude>
41 | 	    </crontabfilter>
42 | 	</crontab>
43 | 	<plugin start="false" name="command"/>
44 |     </sersync>
45 | 
46 |     <plugin name="command">
47 | 	<param prefix="/bin/sh" suffix="" ignoreError="true"/>	<!--prefix /opt/tongbu/mmm.sh suffix-->
48 | 	<filter start="false">
49 | 	    <include expression="(.*)\.php"/>
50 | 	    <include expression="(.*)\.sh"/>
51 | 	</filter>
52 |     </plugin>
53 | 
54 |     <plugin name="socket">
55 | 	<localpath watch="/opt/tongbu">
56 | 	    <deshost ip="192.168.138.20" port="8009"/>
57 | 	</localpath>
58 |     </plugin>
59 |     <plugin name="refreshCDN">
60 | 	<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
61 | 	    <cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
62 | 	    <sendurl base="http://pic.xoyo.com/cms"/>
63 | 	    <regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
64 | 	</localpath>
65 |     </plugin>
66 | </head>
67 | 


--------------------------------------------------------------------------------
/sersync/10.10.67.40/readme.txt:
--------------------------------------------------------------------------------
1 | sersync2 -n 4 -o /etc/sersync/confxml.xml -d


--------------------------------------------------------------------------------
/sersync/web_server/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/sersync/web_server/readme.txt


--------------------------------------------------------------------------------
/sersync/web_server/rsyncd.conf:
--------------------------------------------------------------------------------
 1 | # Minimal configuration file for rsync daemon
 2 | # See rsync(1) and rsyncd.conf(5) man pages for help
 3 |  
 4 | # This line is required by the /etc/init.d/rsyncd script
 5 | pid file = /var/run/rsyncd.pid   
 6 | port = 873
 7 | uid = www
 8 | gid = www   
 9 | use chroot = no 
10 | read only = no 
11 |  
12 |  
13 | #limit access to private LANs
14 | hosts allow = 10.10.67.40
15 | max connections = 5
16 | motd file = /etc/rsyncd/rsyncd.motd
17 |  
18 | #This will give you a separate log file
19 | log file = /var/log/rsync.log
20 |  
21 | #This will log every file transferred - up to 85,000+ per user, per sync
22 | #transfer logging = yes
23 |  
24 | log format = %t %a %m %f %b
25 | syslog facility = local3
26 | timeout = 300
27 |  
28 | [web40]   
29 | path = /home/shidg/www   
30 | list=yes
31 | ignore errors
32 | auth users = rsync_user
33 | secrets file = /etc/rsyncd/rsyncd.secrets 
34 | comment = code on web40 
35 | 


--------------------------------------------------------------------------------
/sersync/web_server/rsyncd.motd:
--------------------------------------------------------------------------------
1 | ######################################################
2 | #         Welcome to rsyncd server                   #
3 | ######################################################
4 | 


--------------------------------------------------------------------------------
/sersync/web_server/rsyncd.secrets:
--------------------------------------------------------------------------------
1 | rsync_user:123456
2 | 


--------------------------------------------------------------------------------
/sftp/sftp.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/sftp/sftp.sh


--------------------------------------------------------------------------------
/shell/9_9.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | for ((i=1;i<=9;i++))
 3 | do
 4 | 	for((a=1;a<=$i;a++))
 5 | 	do
 6 | 		#echo -ne "$a*$i"=$(($a*$i))" "
 7 | 		#echo -ne "$a*$i"=$[$a * $i]" "
 8 | 		#echo -ne "$a*$i"=`expr $a \* $i`" "
 9 | 		let "b=$a * $i"
10 | 		echo -ne "$a*$i"=$b" "
11 | 	done
12 | 	echo
13 | done
14 | 


--------------------------------------------------------------------------------
/shell/Double_line_spacing.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/shell/Double_line_spacing.sh


--------------------------------------------------------------------------------
/shell/Reverse_line_order.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/shell/Reverse_line_order.sh


--------------------------------------------------------------------------------
/shell/cut_log.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # cut_log.sh
 3 | 
 4 | #######################################################################################################
 5 | # This script will run at 00:00 every day.Through this script,nginx's access log will be cut in days. #
 6 | # The access_log will be synchronized to awstats_server(172.16.83.121)                                #
 7 | # The access_log and error_log before 30 days ago will be deleted.                                    #
 8 | # created by shidegang.2013-10-8                                                                      #
 9 | #######################################################################################################
10 | 
11 | #Begin
12 | #Define variables
13 | 
14 | NGINX=/usr/sbin/nginx
15 | LOG_FROM_PATH=/var/log/service/nginx/
16 | LOG_TO_PATH=/data/logbackup/nginx/
17 | DAY=`date -d '-1 day' +%Y%m%d`
18 | 
19 | #  dir exit?
20 | 
21 | if [ ! -d ${LOG_TO_PATH} ];then
22 | mkdir -p ${LOG_TO_PATH} 
23 | fi
24 | 
25 | #cut access_log
26 | 
27 | #for i in 3drich.com.cn \
28 | #stylemode.com \
29 | #styleauto.com.cn \
30 | #stylehouse.com.cn
31 | #do
32 | #mv ${LOG_FROM_PATH}$i/access.log ${LOG_TO_PATH}access/$i-$DAY.log
33 | #done
34 | 
35 | #cut error_log
36 | #mv ${LOG_FROM_PATH}nginx_error.log ${LOG_TO_PATH}error/error-$DAY.log
37 | 
38 | # reopen nginx logs
39 | #$NGINX -s reopen
40 | 
41 | #compress the log file with gzip
42 | gzip -9 ${LOG_TO_PATH}access/*-$DAY.log
43 | gzip -9 ${LOG_TO_PATH}error/*-$DAY.log
44 | 
45 | #synchronized the log files to 172.16.83.121
46 | rsync -az ${LOG_TO_PATH}access/*-$DAY.log 
47 | #The end
48 | 
49 | 


--------------------------------------------------------------------------------
/shell/del_html.sh:
--------------------------------------------------------------------------------
1 | #! /bin/bash
2 | # del_html
3 | # delete all html tags
4 | # usage: del_html [filename]
5 | file=$1
6 | sed 's/<[^>]*>//g' $file #去掉所有html标签
7 | 
8 | sed '/<html>/,/<\/html>/!d' $file | sed '1d;$d'#截取<html>和</html>之间的内容


--------------------------------------------------------------------------------
/shell/disk_space.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # disk_space
 3 | # show top ten disk space usage
 4 | # usage: disk_space [dir_name] [dir_name]
 5 | if [ $# -eq 0 ];then
 6 | 	echo "Usage: `basename $0` dirname"
 7 | 	exit 1
 8 | fi
 9 | tmpfile=`mktemp -t diskXXXXXX`
10 | for i in `echo $*`
11 | do
12 | DIR=$i
13 | 
14 | du -Sh $DIR  | sort -nr | head > $tmpfile
15 | 
16 | echo "The $DIR directory:"
17 | 
18 | # 为输出添加行号，并使用awk格式化输出
19 | sed  '=' $tmpfile | sed  'N;s/\n/  /' | awk '{printf "%2d\t %9s\t %s\n", $1, $2, $3}'
20 | done
21 | rm -f $tmpfile
22 | 


--------------------------------------------------------------------------------
/shell/factorial.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | factorial (){
 3 | if [ $1 -eq 1 ];then
 4 | 	echo 1
 5 | else
 6 | 	local temp=$[$1-1]
 7 | 	local result=`factorial $temp`
 8 | 	echo $[$result * $1]
 9 | fi
10 | }
11 | read -p "Enter value: " value
12 | result=`factorial $value`
13 | echo "The factorial of $value is: $result"
14 | 


--------------------------------------------------------------------------------
/shell/initialize_system.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | if [ $(id -u) != 0 ];then
  3 | echo "Must be root can do this."
  4 | exit 9
  5 | fi
  6 | # set privileges
  7 | chmod 600 /etc/shadow
  8 | chmod 600 /etc/gshadow
  9 | 
 10 | # Turn off unnecessary services
 11 | service=($(ls /etc/init.d/))
 12 | for i in ${service[@]}; do
 13 | case $i in
 14 | sshd|network|syslog|iptables|crond)
 15 | chkconfig $i on;;
 16 | *)
 17 | chkconfig $i off;;
 18 | esac
 19 | done
 20 | #set ulimit
 21 | cat >> /etc/security/limits.conf << EOF
 22 | * soft nofile 65535
 23 | * hard nofile 65535
 24 | EOF
 25 | # set sysctl
 26 | cat > /etc/sysctl.conf << EOF
 27 | #不充当路由器
 28 | net.ipv4.ip_forward = 0
 29 | net.ipv4.conf.all.send_redirects = 0
 30 | net.ipv4.conf.default.send_redirects = 0
 31 | 
 32 | # 避免放大攻击
 33 | net.ipv4.icmp_echo_ignore_broadcasts = 1
 34 | # 开启恶意icmp错误消息保护
 35 | net.ipv4.icmp_ignore_bogus_error_responses = 1
 36 | 
 37 | # 处理无源路由的包
 38 | net.ipv4.conf.all.accept_source_route = 0
 39 | net.ipv4.conf.default.accept_source_route = 0
 40 | 
 41 | # 开启反向路径过滤
 42 | net.ipv4.conf.all.rp_filter = 1
 43 | net.ipv4.conf.default.rp_filter = 1
 44 | 
 45 | 
 46 | # 开启并记录欺骗，源路由和重定向包
 47 | net.ipv4.conf.all.log_martians = 1
 48 | net.ipv4.conf.default.log_martians = 1
 49 | 
 50 | # 禁止修改路由表
 51 | net.ipv4.conf.all.accept_redirects = 0
 52 | net.ipv4.conf.default.accept_redirects = 0
 53 | net.ipv4.conf.all.secure_redirects = 0
 54 | net.ipv4.conf.default.secure_redirects = 0
 55 | 
 56 | 
 57 | kernel.sysrq = 0
 58 | kernel.core_uses_pid = 1
 59 | kernel.msgmnb = 65536
 60 | kernel.msgmax = 65536
 61 | kernel.shmmax = 68719476736
 62 | kernel.shmall = 4294967296
 63 | net.ipv4.tcp_max_tw_buckets = 6000
 64 | net.ipv4.tcp_sack = 1
 65 | net.ipv4.tcp_window_scaling = 1
 66 | net.ipv4.tcp_rmem = 4096 87380 4194304
 67 | net.ipv4.tcp_wmem = 4096 16384 4194304
 68 | net.core.wmem_default = 8388608
 69 | net.core.rmem_default = 8388608
 70 | net.core.rmem_max = 16777216
 71 | net.core.wmem_max = 16777216
 72 | net.core.netdev_max_backlog = 262144
 73 | net.core.somaxconn = 262144
 74 | net.ipv4.tcp_max_orphans = 3276800
 75 | net.ipv4.tcp_syncookies = 1
 76 | net.ipv4.tcp_max_syn_backlog = 262144
 77 | net.ipv4.tcp_timestamps = 1
 78 | net.ipv4.tcp_synack_retries = 1
 79 | net.ipv4.tcp_syn_retries = 1
 80 | net.ipv4.tcp_tw_recycle = 1
 81 | net.ipv4.tcp_tw_reuse = 1
 82 | net.ipv4.tcp_mem = 94500000 915000000 927000000
 83 | net.ipv4.tcp_fin_timeout = 30
 84 | net.ipv4.tcp_keepalive_time = 1200
 85 | net.ipv4.ip_local_port_range = 1024 65535
 86 | vm.swappiness = 0
 87 | EOF
 88 | 
 89 | #修改ssh端口为5122
 90 | sed  -i '/22$/ {s/^# //;s/22/5122/}' /etc/ssh/sshd_config
 91 | #iptables
 92 | 
 93 | #定义变量
 94 | IPTABLES=/sbin/iptables
 95 | 
 96 | #清除filter表中INPUT OUTPUT FORWARD链中的所有规则，但不会修改默认规则。
 97 | $IPTABLES -F
 98 | #清除filter表中自定义链中的所有规则
 99 | #$IPTABLES -X
100 | #$IPTABLES -Z
101 | $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP
102 | $IPTABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
103 | $IPTABLES -A INPUT -i lo -j ACCEPT
104 | $IPTABLES -A INPUT -p tcp -m tcp --dport 5122 --syn -m state --state NEW -j ACCEPT
105 | $IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -m state --state NEW -j ACCEPT
106 | $IPTABLES -A INPUT -p udp -m udp -s 10.10.38.238 --dport 161 -j ACCEPT
107 | $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
108 | $IPTABLES -P INPUT DROP
109 | $IPTABLES -A OUTPUT -m conntrack --ctstate INVALID -j DROP
110 | $IPTABLES -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
111 | $IPTABLES -A OUTPUT -o lo -j ACCEPT
112 | $IPTABLES -A OUTPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT
113 | $IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
114 | $IPTABLES -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
115 | $IPTABLES -A OUTPUT -p udp -m udp --dport 123 -m conntrack --ctstate NEW -j ACCEPT
116 | $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
117 | $IPTABLES -P OUTPUT DROP
118 | $IPTABLES -P FORWARD DROP
119 | 
120 | service iptables save
121 | #history
122 | sed -i '/^HISTSIZE/ a \export HISTFILESIZE=10000000\
123 | export PROMPT_COMMAND="history -a"\
124 | export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S `whoami` "\
125 | export HISTIGNORE="pwd:ls:ll:ls -al:"\
126 | export HISTCONTROL="ignoredups"' /etc/profile
127 | 
128 | 
129 | #仅wheel组成员可以使用su,防止其他成员直接使用su - 切换root身份，，该限制不会影响sudo命令，只限制su 命令
130 | sed -i '/required/ s/^#//' /etc/pam.d/su
131 | echo "SU_WHEEL_ONLY  yes" >> /etc/login.defs
132 | 
133 | source /etc/profile
134 | # time
135 | echo "*/180 * * * * ( /usr/sbin/ntpdate tick.ucla.edu tock.gpsclock.com ntp.nasa.gov timekeeper.isi.edu ;)> /dev/null 2>&1" >>/var/spool/cron/root
136 | echo "All things is init ok! "
137 | 


--------------------------------------------------------------------------------
/shell/inotify_nfs_upload.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # inotify_nfs_upload.sh
 4 | 
 5 | # This script will run in the background.When file that in /Data/nfs/upload/ has changed,
 6 | # this script will push these changes to 10.10.67.81 with rsync
 7 | # Created by shidegang at 2013.11.04
 8 | 
 9 | src=/Data/nfs/upload/
10 | user=rsync_user
11 | host=10.10.67.81
12 | module=upload
13 | INOTIFYWAIT=/usr/local/bin/inotifywait
14 | 
15 | $INOTIFYWAIT -mrq --timefmt '%d/%m/%y %H:%M' --format  '%T %w %f %e' --event close_write,delete,create,move,attrib --exclude '(.swp|.swx|.svn)' $src | while read date time dir file event
16 | do
17 |         case $event in
18 |                 CLOSE_WRITE,CLOSE|CREATE,ISDIR|MOVED_TO|MOVED_TO,ISDIR)
19 |                 if [ "${file: -4}" != '4913' ]  && [ "${file: -1}" != '~' ]; then
20 |                          rsync -az --password-file=/etc/rsync.pas $src $user@$host::$module > /dev/null 2>&1
21 |                 fi
22 |         ;;
23 | 
24 |                 MOVED_FROM|MOVED_FROM,ISDIR|DELETE|DELETE,ISDIR)
25 |                 if [ "${file: -4}" != '4913' ]  && [ "${file: -1}" != '~' ]; then
26 |                         rsync -az --delete --password-file=/etc/rsync.pas $src $user@$host::$module > /dev/null 2>&1
27 |                 fi
28 |         ;;
29 |         esac
30 | done
31 | 
32 | # End


--------------------------------------------------------------------------------
/shell/merger_log.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # merger_log.sh
 3 | # This script running at 00:30 every day,merger log files from web161 and web162 to one big file
 4 | # created by shidegang 20131008
 5 | # Begin
 6 | DAY=`date -d '-1 day' +%Y%m%d`
 7 | DAY_BEFORE_YESTERDAY=`date -d '-2 day' +%Y%m%d`
 8 | LOG_FROM_PATH=/var/log/service/nginx/
 9 | LOG_TO_PATH=/var/log/service/nginx/merger/
10 | 
11 | gunzip ${LOG_FROM_PATH}web161/*-$DAY.log.gz
12 | gunzip ${LOG_FROM_PATH}web162/*-$DAY.log.gz
13 | #merger log files
14 | for i in 3drich.com.cn \
15 | 	stylemode.com \
16 | 	styleauto.com.cn \
17 | 	stylehouse.com.cn
18 | do
19 | 	sort -m -t " " -k 4 -o ${LOG_TO_PATH}$i/$i-$DAY.log ${LOG_FROM_PATH}web161/$i-$DAY.log ${LOG_FROM_PATH}web162/$i-$DAY.log
20 | #compress log file 2 days ago
21 | 	gzip -9 ${LOG_TO_PATH}$i/$i-${DAY_BEFORE_YESTERDAY}.log
22 | #delete log file 15 days ago
23 | 	find ${LOG_TO_PATH}$i -mtime +15 | xargs -i rm -rf {}
24 | done
25 | #delete log files from web_servers
26 | rm -f ${LOG_FROM_PATH}web161/*
27 | rm -f ${LOG_FROM_PATH}web162/*
28 | 
29 | #The end
30 | 


--------------------------------------------------------------------------------
/shell/merger_nginx_log.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # merger_log.sh
 3 | # This script running at 00:30 every day,merger log files from web161 and web162 to one big file
 4 | # created by shidegang 20131008
 5 | # Begin
 6 | DAY=`date -d '-1 day' +%Y%m%d`
 7 | DAY_BEFORE_YESTERDAY=`date -d '-2 day' +%Y%m%d`
 8 | LOG_FROM_PATH=/var/log/service/nginx/
 9 | LOG_TO_PATH=/var/log/service/nginx/merger/
10 | 
11 | gunzip ${LOG_FROM_PATH}web161/*-$DAY.log.gz
12 | gunzip ${LOG_FROM_PATH}web162/*-$DAY.log.gz
13 | #merger log files
14 | for i in 3drich.com.cn \
15 | 	stylemode.com \
16 | 	styleauto.com.cn \
17 | 	stylehouse.com.cn
18 | do
19 | 	sort -m -t " " -k 4 -o ${LOG_TO_PATH}$i/$i-$DAY.log ${LOG_FROM_PATH}web161/$i-$DAY.log ${LOG_FROM_PATH}web162/$i-$DAY.log
20 | #compress log file 2 days ago
21 | 	gzip -9 ${LOG_TO_PATH}$i/$i-${DAY_BEFORE_YESTERDAY}.log
22 | #delete log file 15 days ago
23 | 	find ${LOG_TO_PATH}$i -mtime +15 | xargs -i rm -rf {}
24 | done
25 | #delete log files from web_servers
26 | rm -f ${LOG_FROM_PATH}web161/*
27 | rm -f ${LOG_FROM_PATH}web162/*
28 | 
29 | #The end
30 | 


--------------------------------------------------------------------------------
/shell/merger_varnish_log.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # merger_log.sh
 3 | # This script running at 00:30 every day,merger log files from web161 and web162 to one big file
 4 | # created by shidegang 20131008
 5 | # Begin
 6 | DAY=`date -d '-1 day' +%Y%m%d`
 7 | DAY_BEFORE_YESTERDAY=`date -d '-2 day' +%Y%m%d`
 8 | LOG_FROM_PATH=/var/log/service/varnish/
 9 | LOG_TO_PATH=/var/log/service/varnish/merger/
10 | 
11 | gunzip ${LOG_FROM_PATH}varnish110/*-$DAY.log.gz
12 | gunzip ${LOG_FROM_PATH}varnish111/*-$DAY.log.gz
13 | #merger log files
14 | sort -m -t " " -k 4 -o ${LOG_TO_PATH}/varnish-$DAY.log ${LOG_FROM_PATH}varnish110/access-$DAY.log ${LOG_FROM_PATH}varnish111/access-$DAY.log
15 | #compress log file 2 days ago
16 | gzip -9 ${LOG_TO_PATH}varnish-${DAY_BEFORE_YESTERDAY}.log
17 | #delete log file 15 days ago
18 | find ${LOG_TO_PATH} -mtime +15 | xargs -i rm -rf {}
19 | find ${LOG_FROM_PATH}varnish110/ -mtime +15 | xargs -i rm -rf {}
20 | find ${LOG_FROM_PATH}varnish111/ -mtime +15 | xargs -i rm -rf {}
21 | 
22 | #The end
23 | 


--------------------------------------------------------------------------------
/shell/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/shell/readme.txt


--------------------------------------------------------------------------------
/shell/rm.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | 
 3 | #until  [ -z $1 ]
 4 | #do
 5 | #        echo -n $1
 6 | #        shift
 7 | #done
 8 | #
 9 | #args=$@
10 | #cmd="ls $args"
11 | #echo $args
12 | #eval $cmd
13 | #a=""
14 | #echo $a
15 | #echo
16 | #a=${a:-3}
17 | #echo $a
18 | #if [[ x$a -eq x"1" ]];then
19 | #    echo "a is null"
20 | #fi
21 | MINPARAMS=1
22 | [ $# -lt $MINPARAMS ] && echo "more than one params needed" 
23 | exit
24 | 
25 | function my_rm() {
26 |     local sub_dir=`date +%Y%m%d`
27 |     [[ ${1:0:1} == "-" ]] && shift
28 |     local dir=/home/shidg/${sub_dir}
29 |     [[ -d $dir ]] || mkdir -p $dir
30 |     until [ -z "$1" ];do
31 |         if [ -d "$1" ];then
32 |             find "$1" -type f -print0 | xargs -0 -i mv -t $dir {}
33 |         else
34 |             mv  -t $dir "$1"
35 |         fi
36 |         shift
37 |     done
38 | }
39 | my_rm "$@"
40 | 


--------------------------------------------------------------------------------
/shell/ssh_chroot.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | 
 3 | # 保证openssh版本在4.8p1以上，因为新版本的openssh已经内置了chroot，老版本需要第三方支持
 4 | 
 5 | user=happigo
 6 | chroot_dir=/home/chroot
 7 | #添加用户
 8 | useradd -M $user
 9 | echo "123456" | passwd --stdin $user
10 | 
11 | # 构建chroot环境
12 | mkdir -p ${chroot_dir}
13 |  
14 | #在/etc/ssh/sshd_config中添加chroot设置
15 | sed -i "\$a \Match  User ${user}\n\
16 | ChrootDirectory ${chroot_dir}" /etc/ssh/sshd_config
17 | #重启sshd服务
18 | service sshd restart
19 | 
20 | 
21 | #一个最基本的chroot环境至少有一个shell(例如sh,bash)和一些必要的系统设备文件(例如/dev/null，/dev/zero)，如果要允许用户执行一些命令，那么还要准备相应的命令可执行文件和命令依赖的库文件。
22 | 
23 | [ "$PWD" != "${chroot_dir}" ] && cd ${chroot_dir}
24 | mkdir {bin,dev,lib,lib64,etc,home}
25 | mknod dev/null c 1 3
26 | mknod dev/zero c 1 5
27 | mknod dev/random c 1 8
28 | mknod dev/urandom c 1 9
29 | mknod dev/tty c 5 0
30 | 
31 | chown -R root:root ${chroot_dir}
32 | chmod -R 755 ${chroot_dir}
33 | chmod 0666 ${chroot_dir}/dev/{null,zero,tty}
34 | 
35 | #建立pts设备
36 | mkdir -p ${chroot_dir}/dev/pts
37 | mount -t devpts devpts ${chroot_dir}/dev/pts
38 | 
39 | #用户密码及组文件
40 | grep $user /etc/passwd >> ${chroot_dir}/etc/passwd
41 | grep $user /etc/group >> ${chroot_dir}/etc/group
42 | 
43 | # 允许用户执行的命令和这些命令依赖的库文件复制到chroot环境中。
44 | # 要允许执行的文件列表
45 | cmdlist="/bin/bash /bin/ls /bin/cp /bin/mkdir /bin/mv /bin/rm /usr/bin/ssh"
46 | # chroot路径
47 | 
48 | # 依赖的库文件判断
49 | lib_1=`ldd $cmdlist | awk '{ print $1 }' | grep "/lib" | sort | uniq`
50 | lib_2=`ldd $cmdlist | awk '{ print $3 }' | grep "/lib" | sort | uniq`
51 | 
52 | # 复制命令文件
53 | for i in $cmdlist
54 | do
55 |     cp -a $i ${chroot_dir}/bin/ && echo "$i done"
56 | done
57 | 
58 | # 复制依赖的库文件(因为是x86_64所以是lib64,i386的则是lib)
59 | for j in $lib_1
60 | do
61 | cp -f $j ${chroot_dir}/lib64/ && echo "$j done"
62 | done
63 | 
64 | for k in $lib_2
65 | do
66 | cp -f $k ${chroot_dir}/lib64/ && echo "$k done"
67 | done
68 | 
69 | #创建用户家目录
70 | mkdir ${chroot_dir}/home/$user
71 | chown -R $user:$user ${chroot_dir}/home/$user
72 | chmod -R 700  ${chroot_dir}/home/$user
73 | 
74 | #现在可以以testuser用户ssh登录系统，登录以后限制在/data/chroot/目录下，家目录为/data/chroot/home/testuser,用户可使用的命令是$cmdlist所包含的命令
75 | 


--------------------------------------------------------------------------------
/shell/web_status.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | # web_status.sh
 3 | # This script get operational state of nginx and php
 4 | # edited by shidg at 20140219
 5 | 
 6 | # Create Temporary Files
 7 | TMPFILE1=`mktemp nginx.XXXX`
 8 | TMPFILE2=`mktemp php.XXXX`
 9 | 
10 | # Get the current date and time
11 | DATE=`date +%Y%m%d-%T`
12 | 
13 | #Get local ip
14 | IP=`ifconfig | grep inet | grep -v 127.0.0.1|grep -v inet6 |awk '{print $2}' | cut -d : -f2`
15 | 
16 | #The result will be recorded to the this file
17 | RESULT=status.$DATE
18 | 
19 | #NGINX
20 | ss -an | grep ":80" > $TMPFILE1
21 | 
22 | echo "Time: $DATE" > $RESULT
23 | echo -e "Server:$IP\n">>$RESULT
24 | echo -e "Part 1,nginx\n">>$RESULT
25 | echo -ne "Total connections of nginx:" >> $RESULT
26 | cat -n $TMPFILE1 | tail -n 1 | awk '{print $1}' >> $RESULT
27 | 
28 | echo "Connections top 20:" >> $RESULT
29 | awk '{print $5}' $TMPFILE1 | cut -d : -f 1 | sort | uniq -c | sort -k 1 -nr | head -n 20 >> $RESULT
30 | 
31 | echo "Connection Status:" >> $RESULT
32 | awk '{print $1}' $TMPFILE1 | sort |uniq -c >> $RESULT
33 | 
34 | #PHP
35 | ss -an | grep ":9000" > $TMPFILE2
36 | 
37 | echo -e "\n" >> $RESULT
38 | echo -e "Part 2,php\n">>$RESULT
39 | echo -ne "Total connections of php:" >> $RESULT
40 | cat -n $TMPFILE2 | tail -n 1 | awk '{print $1}' >>$RESULT
41 | 
42 | echo "Connection Status:" >> $RESULT
43 | awk '{print $1}' $TMPFILE2 | sort |uniq -c >> $RESULT
44 | 
45 | echo -e "\n" >> $RESULT
46 | 
47 | echo -e "Part 3 ,system status:\n" >> $RESULT
48 | echo -e "Physical Memory:(MB)" >> $RESULT
49 | echo -ne "Total:" >> $RESULT
50 | free -m | sed -n '2p' | awk '{print $2}' >>$RESULT
51 | echo -ne "Used:" >> $RESULT
52 | free -m | sed -n '3p' | awk '{print $3}' >>$RESULT
53 | 
54 | echo -e "\nload average:" >> $RESULT
55 | #load average:
56 | echo -n "Current load:" >> $RESULT
57 | uptime |awk -F , '{print $4}'| cut -d : -f 2 >>$RESULT
58 | echo -n "5 minutes averages:" >> $RESULT
59 | uptime |awk -F , '{print $5}' >>$RESULT
60 | echo -n "15 minutes averages:" >> $RESULT
61 | uptime |awk -F , '{print $6}' >>$RESULT
62 | 
63 | #delete tmpfile
64 | rm -f $TMPFILE1
65 | rm -f $TMPFILE2
66 | 
67 | echo -e "\nThe End" >> $RESULT
68 | 
69 | #End


--------------------------------------------------------------------------------
/snmp/readme.txt:
--------------------------------------------------------------------------------
1 | #屏蔽snmp系统日志
2 | # /etc/sysconfig/snmpd.options
3 | OPTIONS="-LS3d -Lf /dev/null -p /var/run/snmpd.pid"  
4 | 


--------------------------------------------------------------------------------
/some commands/column.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/column.txt


--------------------------------------------------------------------------------
/some commands/cut.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/cut.txt


--------------------------------------------------------------------------------
/some commands/dig.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/dig.txt


--------------------------------------------------------------------------------
/some commands/dmidecode.txt:
--------------------------------------------------------------------------------
 1 | #查看服务器型号、序列号
 2 | dmidecode|grep "System Information" -A9|grep -E  "Manufacturer|Product|Serial"
 3 | 
 4 | #查看内存的插槽数,已经使用多少插槽.每条内存多大
 5 | dmidecode|grep -A5 "Memory Device"|grep Size|grep -v Range
 6 | 
 7 | 
 8 | #查看内存的频率
 9 | 
10 | dmidecode|grep -A16 "Memory Device"|grep 'Speed' 
11 | 


--------------------------------------------------------------------------------
/some commands/find.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/find.txt


--------------------------------------------------------------------------------
/some commands/grub-crypt.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/grub-crypt.txt


--------------------------------------------------------------------------------
/some commands/history.txt:
--------------------------------------------------------------------------------
1 | export HISTFILESIZE=10000000
2 | export PROMPT_COMMAND="history -a"
3 | export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S `whoami` "
4 | export HISTIGNORE="pwd:ls:ll:ls -al:"
5 | export HISTCONTROL="ignoredups"
6 | 


--------------------------------------------------------------------------------
/some commands/join.txt:
--------------------------------------------------------------------------------
 1 | #根据关键字合并数据文件
 2 | 
 3 | cat file1
 4 | 2014-04	A	10.10.10.101	8
 5 | 2014-04	A	10.10.10.111	8
 6 | 2014-04	A	10.10.10.112	8
 7 | 2014-04	A	10.10.10.113	8
 8 | 2014-04	A	10.10.10.115	8
 9 | 2014-04	c	10.10.10.116	8
10 | 2014-04 b   10.10.10.114    8
11 | 
12 | cat file2
13 | 2014-04 c       10.10.10.116    83.61
14 | 2014-04	A       10.10.10.101	83.99
15 | 2014-04 A       10.10.10.113    94.23
16 | 2014-04	A	    10.10.10.111	86.77
17 | 2014-04	b	    10.10.10.114	88.72
18 | 2014-04	A	    10.10.10.115	84.96
19 | 2014-04 A       10.10.10.112    86.84
20 | 
21 | 
22 | 要求得到文件file3，其内容为：
23 | 
24 | 2014-04	A	10.10.10.101	8  83.99
25 | 2014-04	A	10.10.10.111	8  86.77
26 | 2014-04	A	10.10.10.112	8  86.84
27 | 2014-04	A	10.10.10.113	8  94.23
28 | 2014-04	A	10.10.10.115	8  84.96
29 | 2014-04	c	10.10.10.116	8  83.61
30 | 2014-04 b   10.10.10.114    8  88.72
31 | 
32 | 操作过程：
33 | 
34 | sort -k 3 file1 > file1.tmp
35 | sort -k 3 file2 > file2.tmp
36 | 
37 | join -j 3 -o 1.1 -o 1.2 -o 1.3 -o 1.4 -o 2.4 file1.tmp file2.tmp > file3
38 | 


--------------------------------------------------------------------------------
/some commands/ldd.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/ldd.txt


--------------------------------------------------------------------------------
/some commands/mknod.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/mknod.txt


--------------------------------------------------------------------------------
/some commands/nc.txt:
--------------------------------------------------------------------------------
 1 | # netcat,网络工具中的瑞士军刀
 2 | 
 3 | # 命令1
 4 | nc -z -v -n 10.10.38.57 21-25
 5 | # 解释
 6 | 
 7 | 可以运行在TCP或者UDP模式，默认是TCP，-u参数调整为udp.
 8 | z 参数告诉netcat使用0 IO,连接成功后立即关闭连接，不进行数据交换
 9 | v 参数指使用冗余选项(译者注：即详细输出)
10 | n 参数告诉netcat 不要使用DNS反向查询IP地址的域名
11 | 
12 | 这个命令会打印21到25所有开放的端口.
13 | Banner是一个连接的服务发送回的文本信息.当试图鉴别漏洞或者服务的类型和版本的时候,Banner信息是非常有用的.但是，并不是所有的服务都会发送banner。一旦发现开放的端口,可以容易的使用netcat连接服务抓取他们的banner。
14 | 
15 | # 命令2
16 | nc -v 172.31.100.7 21
17 | netcat 命令会连接开放端口21并且打印运行在这个端口上服务的banner信息。
18 | 
19 | # 命令3
20 | nc -l 2020
21 | # 服务器模式，在本机的2020端口启动了一个tcp服务器（listen）
22 | 
23 | # 命令 4
24 | nc 10.10.38.xx 2020
25 | # 连接到nc服务器，这时候不管输入什么都会出现在服务端的屏幕上
26 | 
27 | # 命令5
28 | 
29 | #server 端：
30 | nc -l 2020 < file.txt
31 | 
32 | #client 端
33 | nc 10.10.38.xx 2020 > file1.txt
34 | 
35 | 这里创建了一个服务器在A上并且重定向netcat的输入为文件file.txt，那么当任何成功连接到该端口，netcat会发送file的文件内容。
36 | 在客户端重定向输出到file1.txt，当B连接到A，A发送文件内容，B保存文件内容到file.txt.
37 | 也可以相反的方法使用,如下：
38 | 
39 | #server端
40 | nc -l 2020 > file1.txt
41 | 
42 | # client端
43 | nc 10.10.38.xx 2020 < file.txt
44 | 
45 | # 命令6
46 | # Server
47 | tar -cvf – dir_name | nc -l 1567
48 | # Client
49 | nc -n 172.31.100.7 1567 | tar -xvf -
50 | 
51 | 这里在A服务器上，我们创建一个tar归档包并且通过-在控制台重定向它，然后使用管道，重定向给netcat，netcat可以通过网络发送它。
52 | 在客户端我们下载该压缩包通过netcat 管道然后打开文件。
53 | 如果想要节省带宽传输压缩包，我们可以使用bzip2或者其他工具压缩。
54 | 
55 | # server
56 | tar -cvf – dir_name| bzip2 -z | nc -l 1567
57 | 
58 | #Client
59 | nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -
60 | 
61 | 
62 | # 命令7
63 | 
64 | 11. 指定源地址
65 | 
66 | 假设你的机器有多个地址，希望明确指定使用哪个地址用于外部数据通讯。我们可以在netcat中使用-s选项指定ip地址。
67 | 
68 | #server
69 | $nc -u -l 1567 < file.txt
70 | 
71 | #client
72 | $nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txt
73 | 


--------------------------------------------------------------------------------
/some commands/nl.txt:
--------------------------------------------------------------------------------
 1 | #文件添加行号
 2 | nl [options] files
 3 | files是nl需要为其添加行号的文本文件路径名，如果有多个文件，则nl会把多个文件合在一起编号，并输出到标准输出上
 4 | 
 5 | 选项
 6 | -b             指定行号指定的方式，主要有两种：
 7 | 
 8 |                  -b a   表示不论是否为空行，也同样列出行号（类似cat -n）
 9 | 
10 |                  -b  t   如果有空行，空的那一行不要列出行号（默认方式）
11 | 
12 | -n              列出行号表示的方法，主要有三种：
13 | 
14 |                   -n  ln  行号在屏幕最左边显示
15 | 
16 |                   -n  rn  行号在自己栏位的最右边显示，且不加0
17 | 
18 |                   -n  rz  行号在自己栏位的最右边显示，且加0
19 | 
20 | -w              设置行号栏占用的位数
21 | 
22 | 


--------------------------------------------------------------------------------
/some commands/paste.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/paste.txt


--------------------------------------------------------------------------------
/some commands/pdflush.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/pdflush.txt


--------------------------------------------------------------------------------
/some commands/read.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/read.txt


--------------------------------------------------------------------------------
/some commands/sar.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/sar.txt


--------------------------------------------------------------------------------
/some commands/seq.txt:
--------------------------------------------------------------------------------
 1 | for i in $(seq 10|tac)
 2 | 	do
 3 |         echo -ne "\aThe system will reboot after $i seconds...\r"
 4 | 	    sleep 1
 5 | 	done
 6 | 
 7 | 
 8 | -w  同宽输出，不足的用0补齐，以输出的位数最多的数为准
 9 | 
10 | -s  指定分割符，默认为回车 
11 | 
12 | seq -s " " 2 7
13 | 
14 | 2 3 4 5 6 7
15 | 
16 | -f  指定打印格式
17 | % 后面指定数字的位数 默认是"%g", 
18 | "%3g"那么数字位数是3，不足部分用空格补齐 
19 | #sed -f"%03g" 9 11  这样的话数字位数不足部分用0补齐
20 | % 前面指定字符串
21 | seq -f "str%03g" 9 11
22 | str009
23 | str010
24 | str011
25 | 
26 | seq -f %05g 2 7
27 | 00002
28 | 00003
29 | 00004
30 | 00005
31 | 00006
32 | 00007
33 | 


--------------------------------------------------------------------------------
/some commands/sort.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/sort.txt


--------------------------------------------------------------------------------
/some commands/strace.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/strace.txt


--------------------------------------------------------------------------------
/some commands/tee.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/tee.txt


--------------------------------------------------------------------------------
/some commands/uniq.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/some commands/uniq.txt


--------------------------------------------------------------------------------
/subversion/readme.txt:
--------------------------------------------------------------------------------
 1 | http://apr.apache.org/download.cgi
 2 | 
 3 | https://subversion.apache.org/download/
 4 | 
 5 | #install sqlite (version>= 3.7.12)
 6 | 
 7 | wget http://www.sqlite.org/2013/sqlite-autoconf-3080100.tar.gz
 8 | 
 9 | tar zxvf sqlite-autoconf-3080100.tar.gz && cd sqlite-autoconf-3080100
10 | 
11 | ./configure --prefix=/usr && make && make install


--------------------------------------------------------------------------------
/sudo/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/sudo/readme.txt


--------------------------------------------------------------------------------
/svn+apache/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/svn+apache/install.sh


--------------------------------------------------------------------------------
/swatch/readme.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/swatch/readme.txt


--------------------------------------------------------------------------------
/swatch/sshauth.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl -w
 2 | #
 3 | #############################################################################
 4 | #
 5 | # File: sshauth.pl
 6 | #
 7 | # Purpose: To interface with psad to block IP addresses that commit failed
 8 | #          login attempts against SSHD.  This script was written for the
 9 | #          book "Linux Firewalls: Attack Detection and Response with
10 | #          iptables, psad, and fwsnort".
11 | #
12 | # Copyright (C) 2006-2007 Michael Rash (mbr@cipherdyne.org)
13 | #
14 | # License (GNU Public License):
15 | #
16 | #   This program is distributed in the hope that it will be useful,
17 | #   but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19 | #   GNU General Public License for more details.
20 | #
21 | #   You should have received a copy of the GNU General Public License
22 | #   along with this program; if not, write to the Free Software
23 | #   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
24 | #   USA
25 | #
26 | #
27 | #############################################################################
28 | #
29 | # $Id: index.html 2980 2011-01-09 15:27:41Z mbr $
30 | #
31 | 
32 | use IO::Socket;
33 | use IO::Handle;
34 | use strict;
35 | 
36 | #============== config ===============
37 | my $auth_failed_threshold = 2;
38 | my $auth_failed_regex =
39 |     'sshd.*Authentication\s*failure.*?((?:[0-2]?\d{1,2}\.){3}[0-2]?\d{1,2})';
40 | my $sockfile = '/var/run/psad/auto_ipt.sock';
41 | my $sleep_interval = 5;  ### seconds
42 | #============ end config =============
43 | 
44 | ### cache previously seen IP addresses and associated failed login
45 | ### counts
46 | my %ip_cache = ();
47 | 
48 | ### open the psad domain socket for writing
49 | my $psad_sock = IO::Socket::UNIX->new($sockfile)
50 |     or die "[*] Could not acquire psad domain ",
51 |         "socket $sockfile: $!";
52 | 
53 | my $file = $ARGV[0] or die "$0 <file>";
54 | 
55 | ### open the log file
56 | open F, $file or die "[*] Could not open $file: $!";
57 | my $skip_first_loop = 0;
58 | for (;;) {
59 |     unless ($skip_first_loop) {
60 |         seek F,0,2; ### seek to the end of the file
61 |             $skip_first_loop = 1;
62 |     }
63 |     my @messages = <F>;
64 |     for my $msg (@messages) {
65 |         if ($msg =~ m|$auth_failed_regex|) {
66 |             $ip_cache{$1}++;
67 |         }
68 |     }
69 |     for my $src (keys %ip_cache) {
70 |         ### block the IP if the threshold is exceeded
71 |         if ($ip_cache{$src} % $auth_failed_threshold == 0) {
72 |             print $psad_sock "add $src\n";
73 |         }
74 |     }
75 |     F->clearerr();  ### be ready for new data
76 |     sleep $sleep_interval;
77 | }
78 | close F;
79 | close $psad_sock;
80 | exit 0;


--------------------------------------------------------------------------------
/sysctl/sysctl.conf:
--------------------------------------------------------------------------------
 1 | ####可以通过/etc/sysctl.conf控制和配置Linux内核及网络设置。
 2 | # 避免放大攻击
 3 | net.ipv4.icmp_echo_ignore_broadcasts = 1
 4 | # 开启恶意icmp错误消息保护
 5 | net.ipv4.icmp_ignore_bogus_error_responses = 1
 6 | # 开启SYN洪水攻击保护
 7 | net.ipv4.tcp_syncookies = 1
 8 | # 开启并记录欺骗，源路由和重定向包
 9 | net.ipv4.conf.all.log_martians = 1
10 | net.ipv4.conf.default.log_martians = 1
11 | # 处理无源路由的包
12 | net.ipv4.conf.all.accept_source_route = 0
13 | net.ipv4.conf.default.accept_source_route = 0
14 | # 开启反向路径过滤
15 | net.ipv4.conf.all.rp_filter = 1
16 | net.ipv4.conf.default.rp_filter = 1
17 | # 确保无人能修改路由表
18 | net.ipv4.conf.all.accept_redirects = 0
19 | net.ipv4.conf.default.accept_redirects = 0
20 | net.ipv4.conf.all.secure_redirects = 0
21 | net.ipv4.conf.default.secure_redirects = 0
22 | # 不充当路由器
23 | net.ipv4.ip_forward = 0
24 | net.ipv4.conf.all.send_redirects = 0
25 | net.ipv4.conf.default.send_redirects = 0
26 | # 开启execshild
27 | kernel.exec-shield = 1
28 | kernel.randomize_va_space = 1
29 | # IPv6设置
30 | net.ipv6.conf.default.router_solicitations = 0
31 | net.ipv6.conf.default.accept_ra_rtr_pref = 0
32 | net.ipv6.conf.default.accept_ra_pinfo = 0
33 | net.ipv6.conf.default.accept_ra_defrtr = 0
34 | net.ipv6.conf.default.autoconf = 0
35 | net.ipv6.conf.default.dad_transmits = 0
36 | net.ipv6.conf.default.max_addresses = 1
37 | # 优化LB使用的端口
38 | # 增加系统文件描述符限制
39 | fs.file-max = 65535
40 | # 允许更多的PIDs (减少滚动翻转问题); may break some programs 32768
41 | kernel.pid_max = 65536
42 | # 增加系统IP端口限制
43 | net.ipv4.ip_local_port_range = 2000 65000
44 | # 增加TCP最大缓冲区大小
45 | net.ipv4.tcp_rmem = 4096 87380 8388608
46 | net.ipv4.tcp_wmem = 4096 87380 8388608
47 | # 增加Linux自动调整TCP缓冲区限制
48 | # 最小，默认和最大可使用的字节数
49 | # 最大值不低于4MB，如果你使用非常高的BDP路径可以设置得更高
50 | # Tcp窗口等
51 | net.core.rmem_max = 8388608
52 | net.core.wmem_max = 8388608
53 | net.core.netdev_max_backlog = 5000
54 | net.ipv4.tcp_window_scaling = 1
55 | 


--------------------------------------------------------------------------------
/tcp-wrappers/hosts.allow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/tcp-wrappers/hosts.allow


--------------------------------------------------------------------------------
/tcp-wrappers/hosts.deny:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/tcp-wrappers/hosts.deny


--------------------------------------------------------------------------------
/tmux/.tmux.conf:
--------------------------------------------------------------------------------
 1 | unbind C-b
 2 | set -g prefix C-a
 3 | setw -g mode-keys vi
 4 | 
 5 | # split window like vim
 6 | # vim's defination of a horizontal/vertical split is revised from tumx's
 7 | bind s split-window -h
 8 | bind v split-window -v
 9 | # move arount panes wiht hjkl, as one would in vim after C-w
10 | bind h select-pane -L
11 | bind j select-pane -D
12 | bind k select-pane -U
13 | bind l select-pane -R
14 | 
15 | # resize panes like vim
16 | # feel free to change the "1" to however many lines you want to resize by,
17 | # only one at a time can be slow
18 | bind < resize-pane -L 10
19 | bind > resize-pane -R 10
20 | bind - resize-pane -D 10
21 | bind + resize-pane -U 10
22 | 
23 | # bind : to command-prompt like vim
24 | # this is the default in tmux already
25 | bind : command-prompt
26 | 


--------------------------------------------------------------------------------
/tmux/readme.txt:
--------------------------------------------------------------------------------
 1 | # get source
 2 | wget http://sourceforge.net/projects/tmux/files/tmux/tmux-1.9/tmux-1.9a.tar.gz
 3 | or
 4 | git clone git://git.code.sf.net/p/tmux/tmux-code tmux
 5 | cd tmux
 6 | sh autogen.sh
 7 | ./configure && make
 8 | 
 9 | 
10 | ###dep###
11 | #确保安装了ncurses
12 | yum install ncurses-devel
13 | 
14 | #从1.8版开始，tmux depends on libevent 2.x. 否则会有 make *** control.o error1 的错误,删除旧版本libevent，安装最新版
15 | tar zxvf libevent-2.0.21-stable.tar.gz && cd libevent-2.0.21-stable
16 | ./configure --prefix=/usr
17 | make && make install
18 | 
19 | # install tmux
20 | 
21 | tar zxvf tmux-1.9a.tar.gz && cd tmux-1.9a
22 | ./configure
23 | make && make install
24 | 
25 | #############################################################
26 | ###By default, `make install' will install all the files in##
27 | ###'/usr/local/bin', '/usr/local/lib' etc.                 ##
28 | #############################################################
29 | 
30 | 
31 | 


--------------------------------------------------------------------------------
/tomcat/install.sh:
--------------------------------------------------------------------------------
 1 | #jave-jdk
 2 | #java版本不低于6
 3 | 
 4 | #http://www.oracle.com/technetwork/java/javase/downloads/index.html
 5 | 
 6 | chmod  +x  jdk-6u37-linux-x64.bin
 7 | 
 8 | ./jdk-6u37-linux-x64.bin #安装完成后将生成jdk1.6.0_37目录
 9 | 
10 | mv  jdk1.6.0_37  /usr/local/
11 | 
12 | #修改环境变量
13 | #最好不要直接修改/etc/profile文件，而是通过修改用户家目录下的.bashrc文件来单独为制定用户设置环境变量
14 | 
15 | echo -ne "JAVA_HOME=/usr/local/jdk1.6.0_37\nPATH=$PATH:$JAVA_HOME/bin\nCLASSPATH=.:JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar\nexport JAVA_HOME PATH CLASSPATH" >> .bashrc
16 | 
17 | #测试是否安装成功
18 | java -version
19 | 
20 | #tomcat
21 | 
22 | #http://apache.dataguru.cn/tomcat/tomcat-7/v7.0.52/src/apache-tomcat-7.0.52-src.tar.gz
23 | 
24 | tar zxvf apache-tomcat-7.0.53.tar.gz  
25 | 
26 | mv  apache-tomcat-7.0.53  /usr/local/tomcat
27 | 
28 | $tomcat_home/bin/startup.sh | shutdown.sh 
29 | 
30 | #修改tomcat根目录
31 | 
32 | $tomcat_home/conf/server.xml
33 | <Host name="localhost"  appBase="webapps" unpackWARs="true" autoDeploy="true">
34 | <Context path="" docBase="/data/www/zhonggong/bbs" debug="0" reloadable="true" crossContext="true" /> #这一句是自行添加的
35 | 


--------------------------------------------------------------------------------
/tomcat/java_install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/tomcat/java_install.txt


--------------------------------------------------------------------------------
/ubuntu_solarized/install.sh:
--------------------------------------------------------------------------------
 1 | sudo apt-get install git-core
 2 | 
 3 | #dircolors
 4 | cd
 5 | 
 6 | git clone git://github.com/seebi/dircolors-solarized.git
 7 | 
 8 | cd dircolors-solarized
 9 | cp dircolors.256dark ~/.dircolors
10 | 
11 | vi ~/.bashrc, add:
12 | eval `dircolors ~/.dircolors`
13 | export TERM=xterm-256color
14 | 
15 | source ~.bashrc
16 | 
17 | #terminal-colors
18 | cd 
19 | git clone git://github.com/sigurdga/gnome-terminal-colors-solarized.git
20 | 
21 | cd gnome-terminal-colors-solarized/
22 | 
23 | ./set_dark.sh
24 | 
25 | 
26 | # vim solarized
27 | 
28 | mkdir -p ~/.vim/autoload
29 | mkdir -p ~/.vim/bundle
30 | 
31 | cd ~/.vim/autoload
32 | curl -LSso ~/.vim/autoload/pathogen.vim     https://raw.github.com/tpope/vim-pathogen/master/autoload/pathogen.vim
33 | 
34 | cd ~/.vim/bundle
35 | git clone git://github.com/altercation/vim-colors-solarized.git
36 | 
37 | # .vimrc
38 | syntax on
39 | execute pathogen#infect()
40 | set background=dark
41 | colorscheme solarized
42 | 


--------------------------------------------------------------------------------
/varnish/install.sh:
--------------------------------------------------------------------------------
1 | yum install automake autoconf


--------------------------------------------------------------------------------
/vim/readme.txt:
--------------------------------------------------------------------------------
 1 | # 底行模式下
 2 | :1,4 m 6  #把1-4行移动到第6行之后[含1，4]
 3 | :1,4 co 6  #把1-4行复制到第6行之后[含1，4]
 4 | :1,4 d     #删除1-4行[含1，4]
 5 | 
 6 | :g/^/m 0 #倒序文件行
 7 | :g/^$/d #vi中删除空行
 8 | :g/^/+1 d #删除偶数行 也可以用normal命令 :%normal jdd
 9 | :g/^/d|m. #删除奇数行
10 | 
11 | :!ls #执行外部命令
12 | :r !ls #将外部命令的执行结果写入到vim中
13 | 
14 | 
15 | 
16 | # 编辑模式下
17 | *  读取光标处的字符串，并且移动光标到它再次出现的地方。
18 | #  和上面的类似，但是是往反方向寻找。
19 | 
20 | c   行内删除
21 | cc  删除整行并进入输入模式
22 | cw  删除
23 | 
24 | zz 把当前置于屏幕中间，对应上下命令zt，zb
25 | 
26 | fx 移动光标到当前行的下一个 x 处。使用 ; 来重复上一个 f 命令。
27 | tx 和上面的命令类似，但是是移动到 x 的左边一个位置。
28 | 
29 | 
30 | # 编辑多个文件，vim -Oo  file1 file2 #垂直分屏或水平分屏
31 | # 同已vim中多个文件间的复制粘贴可以使用v选择要复制的区域
32 | # 使用寄存器
33 | “f3Y   #复制3整行到寄存器f中
34 | 
35 | ”fp    #将寄存器f中的内容粘贴到光标所在行之下，大写P则为粘贴到所在行之上
36 | 
37 | # 快速删除全部内容
38 | 
39 | gg  # 定位到文件首行
40 | dG  # 快速删除全部内容
41 | 


--------------------------------------------------------------------------------
/vim/vim_YouCompleteMe/install.sh:
--------------------------------------------------------------------------------
  1 | #vim 版本大于7.3.584
  2 | 
  3 | #升级vim
  4 | yum install ncurses-devel perl-ExtUtils-Embed python-devel
  5 | 
  6 | wget ftp://ftp.vim.org/pub/vim/unix/vim-7.4.tar.bz2
  7 | 
  8 | tar jxvf vim-7.4.tar.bz2 && cd vim74
  9 | ./configure --with-features=huge  --enable-pythoninterp=yes --with-python-config-dir=/usr/lib64/python2.6/config/ --enable-perlinterp=yes  --enable-cscope --enable-luainterp --enable-perlinterp --enable-multibyte --prefix=/usr
 10 | 
 11 | make -j4 && make install
 12 | 
 13 | #==============================================================================================
 14 | 
 15 | #升级gcc
 16 | 
 17 | # 依赖
 18 | yum install gcc gcc-c++ gibc-static cloog-ppl gmp-devel
 19 | 
 20 | # isl
 21 | wget ftp://gcc.gnu.org/pub/gcc/infrastructure/isl-0.12.2.tar.bz2
 22 | tar jxvf isl-0.12.2.tar.bz2 && cd isl-0.12.2
 23 | ./configure
 24 | make
 25 | make install
 26 | 
 27 | #获取最新gcc源码
 28 | #svn checkout svn://gcc.gnu.org/svn/gcc/trunk  localdir
 29 | cd localdir/gcc
 30 | mkdir build
 31 | 
 32 | #下载gmp，mpfr，mpc源码，gcc-4.10.tgz里已经包含下载完的三个源码包，不必再次下载
 33 | ./contrib/download_prerequisites 
 34 | 
 35 | cd build
 36 | ../configure --prefix=/usr --enable-languages=c,c++ --disable-multilib
 37 | 
 38 | make -j4 
 39 | #make -j选项，与cpu个数及线程数有关
 40 | 
 41 | make install
 42 | 
 43 | #===================================================================================================
 44 | 
 45 | #llvm-clang
 46 | 
 47 | #Checkout LLVM:
 48 | #Change directory to where you want the llvm directory placed.
 49 | mkdir /Data/software/llvm-clang && cd  /Data/software/llvm-clang
 50 | svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
 51 | 
 52 | # Checkout Clang:
 53 | cd llvm/tools
 54 | svn co http://llvm.org/svn/llvm-project/cfe/trunk clang
 55 | 
 56 | # Checkout extra Clang Tools: (optional)
 57 | cd llvm/tools/clang/tools
 58 | svn co http://llvm.org/svn/llvm-project/clang-tools-extra/trunk extra
 59 | 
 60 | # Checkout Compiler-RT:
 61 | cd llvm/projects
 62 | svn co http://llvm.org/svn/llvm-project/compiler-rt/trunk compiler-rt
 63 | cd ../../
 64 | 
 65 | #Build LLVM and Clang:
 66 | mkdir build
 67 | cd build
 68 | ../llvm/config --enable-optimized  #会提示gcc版本过低，升级gcc方法见gcc/install.sh
 69 | make -j4
 70 | make install
 71 | 
 72 | #clang加入系统变量
 73 | export PATH=/usr/local/bin:$PATH 
 74 | echo "/usr/local/lib" >> /etc/ld.so.conf
 75 | ldconfig
 76 | 
 77 | #安装clang标准库
 78 | cd /Data/software/llvm-clang/llvm
 79 | svn co http://llvm.org/svn/llvm-project/libcxx/trunk libcxx
 80 | cd libcxx/lib
 81 | ./buildit
 82 | cp -r ../include/ /usr/include/c++/v1/
 83 | ln -s libc++.so.1.0 libc++.so.1
 84 | ln -s libc++.so.1.0 libc++.so
 85 | cp libc++.so* /usr/lib/
 86 | 
 87 | cd /Data/software/llvm
 88 | svn co http://llvm.org/svn/llvm-project/libcxxabi/trunk libcxxabi
 89 | cd libcxxabi/lib
 90 | ./buildit
 91 | cp -r ../include/ /usr/include/c++/v1/
 92 | ln -s libc++abi.so.1.0 libc++abi.so.1
 93 | ln -s libc++abi.so.1.0 libc++abi.so
 94 | cp libc++abi.so* /usr/lib/
 95 | 
 96 | #================================================================================================
 97 | 
 98 | # 安装vundel，vim插件管理器
 99 | git clone https://github.com/gmarik/vundle.git ~/.vim/bundle/vundle
100 | 
101 | # 使用vundel安装YouCompleteMe
102 | 
103 | # 在.vimrc中添加如下内容：
104 | 
105 | """"""""""""""""""""""""""""""  
106 | " Vunble  
107 | """"""""""""""""""""""""""""""  
108 | filetype off " required!  
109 | set rtp+=~/.vim/bundle/vundle/  
110 | call vundle#rc()  
111 |   
112 | " let Vundle manage Vundle  
113 | Bundle 'gmarik/vundle'  
114 |   
115 | " YouCompleteMe repos  
116 | Bundle 'Valloric/YouCompleteMe'  
117 |   
118 | filetype plugin indent on " required!
119 | 
120 | # 执行命令 vim +BundleInstall +qall来安装YouCompleteMe
121 | 
122 | # 编译YouCompleteMe
123 | 
124 | cd ~
125 | mkdir ycm_build
126 | cd ycm_build
127 | cmake -G "Unix Makefiles" . ~/.vim/bundle/YouCompleteMe/cpp
128 | cmake -G "Unix Makefiles" -DPATH_TO_LLVM_ROOT=/usr/ . ~/.vim/bundle/YouCompleteMe/cpp
129 | make ycm_core 
130 | make ycm_support_libs
131 | #make 结果是在~/.vim/bundel/YouCompletMe/python目录下生成libclang.so、ycm_core.so、ycm_client_support.so
132 | 
133 | #安装 YouCompleteMe
134 | cd ~/.vim/bundle/YouCompleteMe 
135 | 
136 | ./install.sh --clang-completer --system-libclang 
137 | 
138 | 


--------------------------------------------------------------------------------
/vncserver/install.txt:
--------------------------------------------------------------------------------
 1 | #服务器安装了桌面环境，可以使用vnc远程连接到服务器的桌面环境进行操作，即使服务器运行在字符模式下。
 2 | 
 3 | #安装vnc-server
 4 | yum install tigervnc-server
 5 | 
 6 | vi /etc/sysconfig/vncservers
 7 | 
 8 | VNCSERVERS="10:root"   #vncserver默认端口5900，如果指定桌面号为10，那么连接的时候就连接（5900+10）这个端口
 9 | VNCSERVERARGS[10]="-geometry 800x600 -nolisten tcp"  #默认是只对localhost开放的，这里去掉了"-localhost"
10 | 
11 | #设置vncserver的连接密码：
12 | 
13 | vncspasswd
14 | 
15 | service  vncserver start
16 | 
17 | #vnc多用户登录
18 | 
19 | vi /etc/sysconfig/vncservers
20 | 
21 | VNCSERVERS="10:root 20:tom 30 herry" 
22 | VNCSERVERARGS[10]="-geometry 800x600 -nolisten tcp"
23 | VNCSERVERARGS[20]="-geometry 800x600 -nolisten tcp"
24 | VNCSERVERARGS[30]="-geometry 800x600 -nolisten tcp"
25 | 
26 | # 为各用户设置vnc密码需要切换到各自的用户之后再执行vncpasswd
27 | 
28 | # 设置tom的vnc密码
29 | su tom
30 | vncpasswd
31 | 
32 | # 设置herry的vnc密码
33 | su herry
34 | vncpasswd


--------------------------------------------------------------------------------
/wireshark/readme.txt:
--------------------------------------------------------------------------------
1 | 1  libffi
2 | 
3 | 2  glib
4 | 
5 | 3  gtk
6 | 
7 | 4  wireshark


--------------------------------------------------------------------------------
/xen/install.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/xen/install.sh


--------------------------------------------------------------------------------
/xen/install.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/xen/install.txt


--------------------------------------------------------------------------------
/xen/repare.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coregear/linux/a5f34156564a33ed489e40364ccb030158c54b36/xen/repare.txt


--------------------------------------------------------------------------------