/proc/cpuinfo /proc/meminfo dmidecode
uname -a df -hT dumpe2fs -h /dev/sda1 hdparm -I /dev/sda
ethtool eth0 mii-tool eth0 lspci various cards
lsmod | modinfo *** grep -i videoram /var/log/Xorg.0.log l. cd cd -
skill -u wzh du -sh * init [0|6] ulimit -a
ntpdate 210.72.145.44 man -f rm -- -g dos2unix 去 ^M
man hd sd md elf hier syscalls ascii operator clone cal 6 2008 ps -A|egrep "3051|2043"
whois 166.111.8.16 cat -A file.txt lock screen: CTRL + ALT + L
new xterm: ctrl+shift+n ctrl+l=reset firefox google: ctrl+[jkl]
cp "/mnt/win/"*.{avi,mkv,rmvb,rm} . chattr +a /home/peter/.bash_profile
soffice resume.doc acroread resume.pdf eog mei.jpg echo "scale=2;1000/6"|bc
tr "[:upper:]" "[:lower:]" < PBS.America.Revealed.Food.Machine.srt > PBS.America.Revealed.Food.Machine.srt
-----------------------------------------------------------------------------------------------
1. top Process Activity Command
2. free Memory Usage
3. ps Displays The Processes
4. w Find Out Who Is Logged on And What They Are Doing
5. /proc file system - Various Kernel Statistics
6. vmstat System Activity, Hardware and System Information
7. iostat Average CPU Load, Disk Activity
8. sar Collect and Report System Activity
9. mpstat Multiprocessor Usage
10. pmap Process Memory Usage
11. netstat and ss Network Statistics
12. iptraf iftop Real-time Network Statistics
13. tcpdump Detailed Network Traffic Analysis
14. nmap lsof
15. strace System Calls
-----------------------------------------------------------------------------------------------
Shell: ctrl+j = Enter
ctrl+u ctrl+k: ctrl+y 删从光标到行首行尾: 反取消
ctrl+h ctrl+d 删光标前后的字符 ctrl+f ctrl+b 光标左右移一个位置
ctrl+a ctrl+e 行首行尾 ctrl+s ctrl+q 停止恢复屏幕输出 stty -a
ctrl+p/n 逐个显示history command
搜含less的history: ctrl+r -> less 之后就ctrl+r搜
login shell: 有登录过程,/bin/login 读 /etc/passwd
/etc/profile -> ~/.bash_profile (~/.bashrc) -> /etc/bashrc
non-login shell: 没有登录过程: xterm, konsole, /bin/bash, /bin/su
~/.bashrc -> /etc/bashrc
所以切换用户用su - ,这样会生成一个login shell,会读取配置文件,su - 之后自动切到$HOME
简单用su 就可能会因为丢失环境变量而出问题,比如su之后不会自动切到$HOME。
称一个正在运行的shell脚本为 non-interactive shell,没有登录过程,不会读取配置文件
因此普通用户crontab -e 要加上环境变量
PATH=/usr/bin:/bin:/usr/local/bin:/sbin:/usr/local/sbin
HOME=/home/cngrid
sh test.sh
扩展名相关:
for fname in *.png
do
bname=`basename "$fname" .png`
convert -quality 100 "$fname" "$bname".jpg
done
$ file 989C109D07FF5F23BEB44CD53E6F5CDC0DD3AAA7.torrent
989C109D07FF5F23BEB44CD53E6F5CDC0DD3AAA7.torrent.gz: gzip compressed data
for fname in *.torrent
do
str=`file "$fname"`
if [[ "$str" =~ "gzip compressed data" ]]; then
mv $fname $fname.gz
gunzip -d $fname.gz
fi
done
$ file 989C109D07FF5F23BEB44CD53E6F5CDC0DD3AAA7.torrent
989C109D07FF5F23BEB44CD53E6F5CDC0DD3AAA7.torrent: BitTorrent file
===============================================================================================
mount fat32 : mount -o codepage=936,iocharset=cp936 /dev/sda7 /mnt/dir/
格式化u盘:先umount,在mkfs.vfat /dev/sdb*
制作iso:
dd if=/dev/zero of=my.iso bs=4K count=10K
mkfs.ext3 backup.iso -b 4096
mount backup.iso /mnt -o loop
cp ....
umount /mnt
-----------------------------------------------------------------------------------------------
大硬盘、大分区,增大分区的预留空间,reserver blocks < 1%
$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 9.7G 9.0G 178M 99% /
tmpfs 499M 408K 498M 1% /dev/shm
/dev/sda2 64G 56G 5.4G 92% /home
//10.0.1.15/share 108G 74G 34G 69% /mnt/win
$ dumpe2fs /dev/sda2
......
Block count: 16977040
Reserved block count: 848852
Free blocks: 2249295
Free inodes: 4247365
First block: 0
Block size: 4096
......
用 bc 可以算出分区预留磁盘空间大小:
848852 / 16977040 = 5%
848852 * 4 KB = 3 GB+ 空间,想释放一部分出来,设成 1%,
16977040 * 1% = 169770
$ sudo tune2fs -r 169770 /dev/sda2
-----------------------------------------------------------------------------------------------
用inode number处理filename为乱码的文件:
$ convmv -f utf8 -t gb2312 好.txt --notest
$ ls -il *.txt
1784745 -rw-r--r-- 1 root root 2 2009-01-31 10:33 15月亮MM.txt
1783010 -rw-r--r-- 1 root root 47 2009-12-25 17:20 ???Ǻ???.txt
$ find . -inum 1783010 -exec mv "{}" 好.txt \;
linux windows 之间传文件tar包乱码,用rarlinux
$ tar zxvf rarlinux-3.9.3.tar.gz -C /usr/local/
$ cd /usr/local/rar/ && make && make install
将字幕打包: $ rar a sub.rar *.{srt,ssa,ass}
查看检验rar内容: $ rar t sub.rar|less
解压: rar x sub.rar
提取文件: $ rar e sub.rar "中日战争扩大化的真相.srt"
添加文件: $ rar a sub.rar "上海老师到穷村.srt" "全球化资本主义的未来.srt"
删除a.srt 蒙古淘金.srt: $ rar d sub.rar a.srt 蒙古淘金.srt
只打包,不压缩:
rar a -m0 linuxsoft.rar *.{rpm,tar.gz,tar.bz2}
===============================================================================================
shntool
想转成ape就用mac, ape + cue 不能直接split成单个ape,只好先split成wav,再写脚本用mac一个一个转
-> [flac|wav]
shntool conv -i [ape|flac|wav] -o [flac|wav] "Bizet - Carmen Fantasie.ape"
-> ape:
$ mac "Bizet - Carmen Fantasie.wav" "Bizet - Carmen Fantasie.ape" -c4000
cue + [wav|flac|ape] -> wav|flac|mp3
$ vi cue :set fileencoding 看文件内容的编码,转为utf-8,:set fileencoding=utf-8
$ shntool split -f "HAND IN HAND.cue" "HAND IN HAND.wav" -t "%p - %t" -o [wav|flac]
$ mac foo.wav foo.ape -c4000
注意 .cue 放前面 .[ape|flac|wave]放后面
本地有3个dir: mp3 ape eng,删了一些旧的mp3,增加了一些ape,同步:
$ rsync -av --delete ape mp3 eng root@10.0.1.7:/usr/local/linux-2.6.34/music/
图片格式转换: gimp或convert
$ convert -quality 100 朱晓琳.歌声飘过30年.png 朱晓琳.歌声飘过30年.jpg
vcdimager-0.7.23-8.fc8.i386.rpm 和 vcdimager-libs-0.7.23-8.fc8.i386.rpm 互相依赖
一起装: rpm -ivh vcdimager*
录视频: xvidcap
smplayer无法加载 UTF-16,MPEG ADTS 格式的字幕:
$ file *.srt
世界粮食危机(1):粮食依赖美国的失败.srt: MPEG ADTS, layer I, v1, 96 kBits, 44.1 kHz, Stereo
gedit打开srt,new一个srt,把内容copy到new srt中,save时编码选GBK。
===============================================================================================
scp "166.111.131.47:/usr/local/linux-2.6.31/music/movie/刘欢\ -\ 少年壮志不言愁.ape" .
cp "The Lion King - "*.ape /home/cngrid/EN/
passwd -l cngrid passwd -u cngrid 密码lock & unlock
vi /etc/passwd /sbin/nologin pwconv 不让某用户登录
不让某用户更改密码:man 5 shadow,将第4个域设置的足够长
at命令 在某一时刻一次性的执行某个命令
$ at 23:53
at>ping 10.0.1.191
at>ctrl+d
atq atrm+jobnumber
ctr+z fg+jobid bg
$ md5sum vsftpd-2.0.3.tar.gz > md5dest.txt && diff md5.txt md5dest.txt
把interview.txt传给Windows用户成了一行,先unix2dos再传: unix2dos interview.txt
-----------------------------------------------------------------------------------------------
xargs带空格的情况: man xargs知道利用find -print0 man find 知道 -exec 也行
$ find . -type d -print0 |xargs -0 chmod 755
$ find . -type d -exec chmod 755 {} \;
find -> args OR find -> egrep
但find -> egrep -> xargs 不好,egrep会导致-print0失效。看看某些文件能否够刻一张盘:
$ find . -maxdepth 1 -name "*Capi*" -print0 -o -name "*Morning*" -print0 | xargs -0 du -ch
copy kernel txt:
$ find linux-2.6.33/ | grep txt | cpio -pd ~/temp/
===============================================================================================
对用户peter设置quota,最多给40GB空间,超过39GB Warning
先df -h 看分区情况
1.$ sudo vi /etc/fstab
LABEL=/1 / ext3 defaults 1 1
LABEL=/var /var ext3 defaults 1 2
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/home /home ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda7 swap swap defaults 0 0
将/home那行改成如下,其它不变:
LABEL=/home /home ext3 defaults,usrquota 1 2
2.$ sudo umount /dev/sda2 && mount -a && less /etc/mtab 其中有如下项
/dev/sda2 /home ext3 rw,usrquota 0 0
$ sudo quotacheck -avug 结束后在/home/下生成aquota.user文件
$ sudo quotaon -avug 如果结果含有 turned on 出现就可以继续了
3.设定peter的使用空间. # edquota -u peter ,只填写soft, hard, 其它不要动.
soft hard
39000000 40000000
$ edquota -t 设定宽限时间,默认7days,不用动
$ repquota -au 看最后结果
$ quota -s
===============================================================================================
/etc/hosts --> IP hostname FQDN
/etc/sysconfig/network--> hostname, gateway
/etc/sysconfig/network-scripts/ifcfg-eth0 -->IP/submask,gateway, MAC
/etc/resolv.conf->DNS
/etc/host.conf--> order hosts,bind
生效:service network restart
修改hostname后注意把/etc/hosts中 127.0.0.1 cn122 localhost.localdomain localhost 也改掉
-----------------------------------------------------------------------------------------------
Linux 下配置路由器
一. 插好网线和网卡
原来 Gateway 是无线路由器,外面接公网,里面是LAN,192.168.1.1/10.128.X.X
LAN 中机器都为 192.168.1.0/24 ,server0 ~ server4
xx@server4:~$ sudo vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.14
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1 // Default Gateway
xx@server4:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
现在无线路由器不稳定,替换掉,用 LAN 中这台双网卡的server4 做新网关,Ubuntu 12.04
设置 server4: 192.168.1.1/10.128.X.X
LAN 中机器都用的 eth0 private ip,因此server4 eth0 继续做 private,把 eth1 设成 public。
这样 LAN 中其它机器的配置都不用改。新的布局为:
Gateway: GW
eth1: public dhcp DHCP Server: 10.108.216.1
eth0: private 192.168.1.1
LAN: server0 ~ server3
eth0: private static 192.168.1.0/24
二. Hostname/IP/SUBMASK/IP Forwarding
xx@GW:~$ sudo vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth1
iface eth1 inet dhcp
xx@GW:~$ sudo /etc/init.d/networking restart
# Enables packet forwarding by kernel
xx@GW:~$ sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
xx@GW:~$ sudo sysctl -p
三. NAT configuration with IP Tables
# Delete and flush all the rules in filter and nat tables
xx@GW:~$ sudo iptables -F
xx@GW:~$ sudo iptables -t nat -F
xx@GW:~$ sudo iptables -X
xx@GW:~$ sudo iptables -t nat -X
# Set up IP FORWARDing and Masquerading
xx@GW:~$ sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
xx@GW:~$ sudo iptables -A FORWARD -i eth0 -j ACCEPT
xx@GW:~$ sudo /etc/init.d/networking restart
# Save and Restore iptables rules
xx@GW:~$ sudo bash -c 'iptables-save > /etc/network/iptables.rules'
xx@GW:~$ sudo vi /etc/network/interfaces append:
post-up iptables-restore < /etc/network/iptables.rules
Test:
xx@GW:~$ dhclient 10.108.216.1
xx@GW:~$ ping www.google.co.uk
xx@server0:~$ ping www.google.co.uk
# Port Forwarding to server0
xx@GW:~$ sudo iptables -A PREROUTING -t nat -i eth1 -j DNAT --to 192.168.1.10
xx@GW:~$ sudo iptables -A FORWARD -i eth1 -d 192.168.1.10 -j ACCEPT
四. Result:
xx@GW:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.108.216.1 0.0.0.0 UG 100 0 0 eth1
10.108.216.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
xx@server0:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
xx@GW:~$ sudo cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto eth1
iface eth1 inet dhcp
post-up iptables-restore < /etc/network/iptables.rules
xx@GW:~$ sudo iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 ACCEPT tcp -- anywhere 192.168.1.10 tcp dpt:ssh
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
xx@GW:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere anywhere to:192.168.1.10
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Delete a rule:
xx@GW:~$ sudo iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- anywhere anywhere tcp dpt:ssh to:192.168.1.10:22
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- anywhere anywhere
xx@GW:~$ sudo iptables -t nat -D PREROUTING 1
Port Forwarding 39492 to server5, 8000 to server1:
xx@GW:~$ sudo iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT all -- anywhere anywhere to:192.168.1.10
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- anywhere anywhere
xx@GW:~$ sudo iptables -I PREROUTING 1 -t nat -i eth1 -j DNAT -p tcp --dport 39492 --to 192.168.1.15
xx@GW:~$ sudo iptables -I PREROUTING 1 -t nat -i eth1 -j DNAT -p tcp --dport 8000 --to 192.168.1.11
xx@GW:~$ sudo iptables -I PREROUTING 1 -t nat -i eth1 -j DNAT -p tcp --dport 27017 --to 192.168.1.15
-----------------------------------------------------------------------------------------------
dmesg|grep eth 看启动时网卡是否被kernel捕捉到, r8169: eth0: link up
Realtek RTL8169/8110都是G级网卡,FC6无法识别,到realtek官网下驱动,readme很详细。大概步骤:
make clean modules && make install
depmod -a
insmod src/r8169.ko
验证,能显示相应设备就说明安装成功了:
lsmod | grep r8169
ifconfig -a
# vi /etc/sysconfig/network-scripts/ifcfg-eth*
a. Fix IP address:
DEVICE=eth*
BOOTPROTO=static
ONBOOT=yes
TYPE=ethernet
IPADDR=10.0.1.4
NETMASK=255.255.255.0
GATEWAY=10.0.1.254
b. DHCP:
DEVICE=eth*
BOOTPROTO=dhcp
ONBOOT=yes
HWADDR=00:13:20:42:79:52
# service network restart
-----------------------------------------------------------------------------------------------
RealTek的 RTL8169S/8110S, RTL8169SB/8110SB, and RTL8110SC 都是G级网卡
Jumbo Frame
假设本机是RTL8110S/SB/SC某种G级网卡,想设定packet为7KB:
# ifconfig ethX mtu 7168
验证,找一台目标机,对方也是诸如RTL8169S/SB/SC的G级网卡,而且已经配置好了7KB的packet,
# ping <IP Address> -s 7126 -M do
即用UDP也用TCP的service: DNS, portmap(sun RPC), NFS
DNS主要用UDP, 两种情况要用TCP:
1.UDP的返回报文段> 512 byte时,就改用TCP,因为TCP是byte stream,不怕报文段大.
2.secondary server向primary server请求执行zone transfer时.此时传输数据量较大,需要可靠传输
192.168.100.0/30 192.168.100.0/23 可用地址有哪些
|<---Net ID ---->| |
192.168.100.00000000
Network ID 192.168.100.00000000 192.168.100.0
Subnetmask 255.255.255.11111100 255.255.255.252
Broadcast 192.168.100.00000011 192.168.100.3
|<--NetID---->|--HostID-|
192.168.01100100.00000000
Network ID 192.168.01100100.00000000 192.168.100.0
Subnetmask 255.255.11111110.00000000 192.168.254.0
Broadcast 192.168.01100101.11111111 192.168.101.255
-----------------------------------------------------------------------------------------------
Routing
收敛:去所有的网络都可以了。
DV:distance vecotr distance:距离远近。 vecotr: 向哪个方向。
LS:link state指router Interface的状态,如Up,Down,IP地址,网络类型以及router和它邻居router间的关系.
IP routing:
1) Search the routing table for an entry that matches the complete destination IP address
2) Search the routing table for an entry that matches just the destination network ID
3) search for a default entry.
Ethernet: host A ---> host D
A先查自己的routing table,发现dst ip和自己的network ID 符合,知道是一个Ethernet内,就用arp获取
dst mac,封装src ip, src mac, dst ip, dst mac,然后直接发给D.
WAN: host A --> Router B --> Router C --> host D 包中dst IP不变,dst MAC不断变
A先查自己的routing table,发现没有对应D的entry,就向default传:先把dst ip= D ip封进去,然后arp获取B
的mac,把src ip, src mac, dst ip, B mac封起来送给B;
B去掉src mac,dst mac,查自己的routing table,发现没有和dst ip匹配的.就转default,dst ip不变.通过arp
获取C的mac.把src ip, dst ip, src map, C mac封起来发给C;
C去掉src mac,dst mac,查自己的routing table,发现和dst ip一个network ID,就arp获取C mac,封进去发给D
RIP:router周期广播routing table给邻居,全量更新,知道跳数。DV可能产生routing loop.跳数最大16
OSPF: 配置OSPF router时可把链路带宽、时延或经济费用等设置成Cost。
dig netstat -su
man ip ip {link | addr | neigh | route} help
网络正常时备份LAN ip mac 映射表:
$ sudo nmap -sP 10.0.1.0/24 >> ipmac_src
现在LAN内部出问题了,原来mount一个samba分区不能用了,df -h显示不出来,卡住。也上不了外网。
$ sudo nmap -sP 10.0.1.0.24 >> ipmac_trouble
$ vimdiff ipmac_src ipmac_trouble
$ less ipmac_trouble
Starting Nmap 5.21 ( http://nmap.org ) at 2010-04-02 12:42 CST
Nmap scan report for 10.0.1.4
Host is up.
Nmap scan report for 10.0.1.15
Host is up (0.00035s latency).
MAC Address: 00:1E:8C:A3:61:63 (Asustek Computer)
Nmap scan report for 10.0.1.192
Host is up (0.00012s latency).
MAC Address: 00:13:20:4B:A7:1C (Intel Corporate)
Nmap scan report for 10.0.1.196
Host is up (0.000092s latency).
MAC Address: 00:24:1D:55:40:38 (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.197
Host is up (0.00011s latency).
MAC Address: 00:E0:4D:96:F4:0C (Internet Initiative Japan)
Nmap scan report for 10.0.1.202
Host is up (0.00012s latency).
MAC Address: 00:24:1D:54:D6:C3 (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.205
Host is up (0.00027s latency).
MAC Address: 00:1F:D0:12:08:CA (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.209
Host is up (0.00022s latency).
MAC Address: 00:24:1D:59:FB:D7 (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.210
Host is up (0.00017s latency).
MAC Address: 00:E0:4D:96:F2:D0 (Internet Initiative Japan)
Nmap scan report for 10.0.1.215
Host is up (0.00011s latency).
MAC Address: 00:24:1D:55:EB:3E (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.220
Host is up (0.00010s latency).
MAC Address: 00:1B:FC:2B:E6:92 (Asustek Computer)
Nmap scan report for 10.0.1.221
Host is up (0.00013s latency).
MAC Address: 00:E0:4D:A3:3E:D1 (Internet Initiative Japan)
Nmap scan report for 10.0.1.224
Host is up (0.00013s latency).
MAC Address: 00:E0:4D:9A:E5:CF (Internet Initiative Japan)
Nmap scan report for 10.0.1.231
Host is up (0.00011s latency).
MAC Address: 00:13:20:4B:A7:59 (Intel Corporate)
Nmap scan report for 10.0.1.232
Host is up (0.00012s latency).
MAC Address: 00:13:20:42:81:7E (Intel Corporate)
Nmap scan report for 10.0.1.233
Host is up (0.00013s latency).
MAC Address: 00:13:20:4B:A7:3F (Intel Corporate)
Nmap scan report for 10.0.1.238
Host is up (0.00011s latency).
MAC Address: 00:24:1D:54:D4:BA (Giga-byte Technology Co.)
Nmap scan report for 10.0.1.239
Host is up (0.00012s latency).
MAC Address: 00:13:20:42:79:25 (Intel Corporate)
Nmap scan report for 10.0.1.242
Host is up (0.00011s latency).
MAC Address: 00:E0:4D:A3:3E:DB (Internet Initiative Japan)
Nmap scan report for 10.0.1.251
Host is up (0.10s latency).
MAC Address: 00:60:B3:13:94:9B (Z-com)
Nmap scan report for 10.0.1.254
Host is up (0.00011s latency).
MAC Address: 00:13:46:5E:A7:28 (D-Link)
Nmap done: 256 IP addresses (21 hosts up) scanned in 31.10 seconds
发现10.0.1.251是0.10s latency,明显过高,拔掉251的网线,网络果然好了!
-----------------------------------------------------------------------------------------------
Kernel parameter tuning
source code kernel-2.6.31.5-127.fc12.src.rpm kernel-2.6.18-194.el5.src.rpm
fedora: http://download.fedora.redhat.com/
RHEL: ftp://ftp.redhat.com/
man proc Documentation/sysctl/
$ sudo sysctl -a|less search keyword
temporary set:
# echo "512" >> /sys/block/<DEV>/queue/nr_requests
# sysctl -w kernel.threads-max=16000.
permanent set:
write echo command to /etc/rc.d/rc.local
# vi /etc/modprobe.conf Add kernel.threads-max=16000
# sysctl -p
ignore all ICMP ECHO
# sysctl -w net.ipv4.icmp_echo_ignore_all=1
Example: G级网时,应调高kernel的一些网络参数 man tcp
increase buffer:
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
allow more syn requests:
net.ipv4.tcp_max_syn_backlog = 4096
increase free mem:
vm.min_free_kbytes = 65536
net.core.netdev_max_backlog = 2500
Maximum number of packets, queued on the INPUT side, when the interface receives packets faster
than kernel can process them.
do not modify: net.ipv4.tcp_mem
do not enable as much as possible: net.ipv4.tcp_syncookies
-----------------------------------------------------------------------------------------------
安全删除某个rpm:
locate avahi-> rpm -qfi /usr/sbin/avahi-daemon看package信息->rpm -e ***
locate avahi->/etc/rc.d/init.d/avahi-daemon,service avahi-daemon stop-> ntsysv取消开机启动
list rpm : $ sudo rpm -qpl /usr/local/src/xmms-in-mac-0.2.1-alt2.i586.rpm
添加gridftp服务: vi /etc/xinetd.d/gridftp
service gsiftp
{
instances = 100
socket_type = stream
wait = no
user = root
env += GLOBUS_LOCATION=/usr/local/globus-4.0.5
env += LD_LIBRARY_PATH=/usr/local/globus-4.0.5/lib
server = /usr/local/globus-4.0.5/sbin/globus-gridftp-server
server_args = -i
log_on_success += DURATION
nice = 10
disable = no
}
vi /etc/services 末尾加上: gsiftp 2811/tcp
service xinetd reload
netstat -a|grep gsiftp 看是否已经启动
===============================================================================================
copy /etc/hosts /etc/yp.conf /etc/nsswitch.conf /etc/rc.d/rc.local
mount -t nfs cn118:/lsf6.2 /lsf6.2
mount -t nfs cn117:/home/users /home/users
-----------------------------------------------------------------------------------------------
NIS client端配置:
1. vi /etc/hosts
10.0.1.246 nismaster.job nismaster
10.0.1.245 nisslave.job nisslave
10.0.1.192 thucngrid.grid thucngrid
2. vi /etc/yp.conf
# domain NISDOMAIN server HOSTNAME
domain job server nismaster
domain job server nisslave
3. vi /etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
#hosts: db files nisplus nis dns
hosts: files dns nis
ethers: files nis
netmasks: files nis
networks: files nis
protocols: files nis
rpc: files nis
services: files nis
netgroup: files nis
publickey: nisplus
automount: files nis
aliases: files nisplus nis
4. nisdomainname job
5. vi /etc/rc.d/rc.local 末尾加上
/bin/nisdomainname job
/sbin/ypbind
NIS Client 常用命令:
id gos2
uid=695(gos2) gid=100(users) groups=100(users)
说明NIS Client已经连接上了NIS Server.
yptest 看nisdomain nisserver等信息
刚假设好NIS Client时,要根据屏幕信息一个一个检查,看有无错误。
ypwhich 返回nisserver等信息.
ypcat 读取数据库的内容,数据库名称在 /var/yp/ 下面的文件中
例如 ypcat passwd.byname
gos2用户修改密码:yppasswd
===============================================================================================
SSH Port Forwarding -L -R 需要设置/etc/ssh/sshd_config GatewayPorts yes
前提:远程有一台机器开了ssh服务,并且你有一个ssh帐号。
目标:把那台远程机器作为代理服务器,让外界看到的是远程机器的IP,隐藏自己的IP。
利用ssh port forwarding,设置firefox SOCKS代理。
$ ssh -D 9999 user@remotehost 输入密码
$ sudo netstat -an|grep 9999
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN
tcp 0 0 ::1:9999 :::* LISTEN
已经建立连接了。
Firefox 使用代理
Edit ->Preferences ->Advanced -> Network ->Settings ->Manual Proxy Configuration:
SOCKS Host:127.0.0.1 PORT: 9999
ip138上看自己的IP应该已经是Proxy的ip了。如果远程机器在国外,那就可以过W了。
有错误:
channel 2: open failed: administratively prohibited: open failed
$ sudo vi /etc/ssh/sshd_config 设置 GatewayPorts
GatewayPorts yes
$ sudo service sshd restart
如果想关掉这个端口,可以先找到pid然后kill掉:
$ sudo lsof -i:9999
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
ssh 32136 root 4u IPv4 668733 TCP cn122:distinct (LISTEN)
ssh 32136 root 6u IPv6 668734 TCP localhost6.localdomain6:distinct (LISTEN)
$ kill 32136
server set idle time:
$ sudo vi /etc/ssh/sshd_config
ClientAliveInterval 900
ClientAliveCountMax 100
$ sudo service ssh restart
直接上BBS很慢,找台IP地址不受限的机器做Proxy,穿梭:
$ ssh -L
$ telnet localhost 9988 就可以用代理上BBS了
-----------------------------------------------------------------------------------------------
ssh无密码登录:
ssh-keygen && ssh cngrid@10.0.1.7 mkdir .ssh && chmod 0700 .ssh
scp ~/.ssh/id_rsa.pub cngrid@10.0.1.7:~/.ssh/authorized_keys
如果很多机器两两之间都需要无密码登录:
产生2个key -> 把id_rsa.pub改名为authorized_keys 3.把这2个key传送到其它机器的~/.ssh/下即可
用expect也可实现无密码scp,但不安全:
#!/usr/bin/expect
# usage: expect expect.sh
spawn scp -r /home/cngrid/mp3/ root@10.0.1.7:/usr/local/linux-2.6.31/music/
expect "password:"
send "hello456\r"
interact
ftp无密码登录直接用 lftp -e "get -c High.Noon.1952.mkv" -u user,passwd <IP>
ssh到对方机器很慢: # vi /etc/ssh/sshd_config UseDNS no
用ssh j而不是ssh root@10.0.1.7 登录. 在本机 vi ~/.ssh/config
Host j
HostName 10.0.1.7
User root
-----------------------------------------------------------------------------------------------
对用户做登录限制时,涉及ip:port 用firewall方便,涉及ip:username用sshd_config和PAM方便。
Example 1. 禁止cngrid在10.0.1.15上ssh登录。
man sshd_config sshd
$ sudo vi /etc/ssh/sshd_config
DenyUsers cngrid@10.0.1.15
$ sudo service sshd restart
注意:
1) 如果cngrid之前已经通过~/.ssh/known_hosts登录,则设置TCP_Wrapper hosts.allow和hosts.deny不灵。
所以对用户做限制时,尽量不要用TC_Wrapper。
2) ssh-keygen把pubkey给用户,并限制ssh只能通过RSA认证。这样虽然可以,但会导致所有ssh用户都得用
这种方式登陆,影响其它用户,也不利于将来自己这边变动。
Example 2. cngrid在内网时,只允许他在10.0.1.15登录,但cngrid在外网时不限制。
用sshd_config不灵,没见到 EXCEPT 介绍,应该是没有,用 ! 也不灵。
用PAM:
$ sudo vi /etc/pam.d/sshd
account required pam_access.so
$ sudo vi /etc/security/access.conf 把下面这行作为第一行
-:cngrid:10.0.1.0/24 EXCEPT 10.0.1.15
这样cngrid就只能从10.0.1.15这个内网ip登陆了,不必重启sshd。
注意: 如果把上面那行放在最后一行则无效。
man pam pam.conf 都不详细,看看它的doc有哪些:
$ sudo rpm -qd pam
...
/usr/share/man/man5/access.conf.5.gz
/usr/share/man/man5/config-util.5.gz
/usr/share/man/man5/console.apps.5.gz
/usr/share/man/man5/console.handlers.5.gz
...
可以 man /usr/share/man/man5/access.conf.5.gz,看了上面的文档就给/etc/ 下很多限制用户相关的文件
来个总结: /etc/motd /etc/shells /etc/nologin /etc/hosts.equiv /etc/securetty
/etc/security/access.conf /etc/security/limits.d/ ......
Example 3. 不让任何普通用户登录就 $ sudo touch /etc/nologin
因为 /etc/pam.d/login 有如下一行: account required pam_nologin.so
man /usr/share/man/man8/pam_nologin.8.gz
Example 4. 只允许cngrid使用su:
$ sudo vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
按注释说的添加一行:
auth required pam_wheel.so group=suok
$ sudo groupadd suok
$ sudo usermod -a -G suok cngrid
则普通用户中只有cngrid可以使用su了。 man /usr/share/man/man8/pam_wheel.8.gz
想把cngrid从suok中删除就$ sudo gpasswd -d cngrid suok
man iptables
iptables -L
iptables -F && iptables -X
写好rule,用的时候直接 iptables-restore > ~/rule
iptables-save < ~/rule
接受来自192.168.1.0/24的请求,但是拒绝192.168.1.10:
iptables -A INPUT -i eth0 -s 192.168.1.10 -j DROP
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT
拒绝192.168.1.0/24上port范围1024:65535的packet ssh到本机:
iptables -A INPUT -i eth0 -p tcp -s 192.168.1.0/24 --sport 1024:65535 --dport 22 -j DROP
管理111端口,仅允许192.168.1.0/24从111 port进来:
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 111 -j DROP
一个Web sever:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 22,80 -j ACCEPT
iptables -A INPUT -m state RELATED ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
man dsniff tcpdump
监听eth0上port 22,来自 10.0.1.15 的 packets
tcpdump -i eth0 -nn `port 22 and src host 10.0.1.15`
TCP SYN flood 现象:
能ping通目标主机却无法访问
netstat -na 有大量SYN_RCVD、TIME_WAIT、FIN_WAIT_1等,ESTABLISHED很少.
===============================================================================================
Ubuntu 12.04 安装 nagios 3.4
安装环境: 一共9台机器,server0 ~ server3 server5 ~ server9 / 192.168.1.10 ~ 192.168.1.19
CPU: Intel x86_64
OS: Ubuntu 12.04 Server
$ uname -a
Linux server0 3.3.7-030307-generic #201205211535 SMP Mon May 21 19:36:02 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
一共3个软件包:
nagios-3.4.1.tar.gz
nagios-plugins-1.4.16.tar.gz
nrpe-2.13.tar.gz (Nagios Remote Plugin Executor)
让 server0 负责监测 server1 ~ server3 server5 ~ server9,不监测 server0 本身。
server0 上要装那3个软件;
server1 ~ server3 server5 ~ server9 上只需装后2个: nagios-plugins nrpe
官方文档很全,一定要对照看:
http://nagios.sourceforge.net/docs/nagioscore/3/en/toc.html
一. 监控端 server0 上安装 nagios:
1. 首先在 server0 上添加用户。
$ sudo useradd -m -s /bin/bash nagios
$ sudo passwd nagios
$ groupadd nagcmd
$ usermod -a -G nagcmd nagios
$ usermod -a -G nagcmd www-data
切换成 nagios 用户,接下来就用这个用户安装配置 nagios:
$ su - nagios
2. 安装预装包:
nagios@server0:~$ sudo apt-get install build-essential libgd2-xpm-dev libssl-dev
nagios@server0:~$ sudo apt-get install apache2 php5 libapache2-mod-php5
注意要先装 apache2,再装 php5,这样 apache2 和 php5 会自动关联,
如果没有自动关联就只好手动关联,手动给 apache 添加 php5 module:
nagios@server0:~$ cd /etc/apache2/
apache2 配置文件在这,里面有两个 mods 文件夹 mods-available mods-enabled
nagios@server0:/etc/apache2$ ls -l mods-enabled mods-available |less
mods-enabled/ 里面应该有php5 module,如果没有就要手动添加,然后重启 apache2:
nagios@server0:/etc/apache2$ sudo a2enmod php5
nagios@server0:/etc/apache2$ sudo service apache2 restart
虽然 apache2 启动显示 OK,还要看看 apache2 log,在 /var/log/apache2/ 下,
确定 error.log 没有问题再继续。
3. 安装 nagios:
nagios@server0:~$ tar zxvf nagios-3.4.1.tar.gz
nagios@server0:~$ cd nagios/
nagios@server0:~/nagios$ ./configure --with-command-group=nagcmd
nagios@server0:~/nagios$ make all
nagios@server0:~/nagios$ sudo make install
nagios@server0:~/nagios$ sudo make install-init
nagios@server0:~/nagios$ sudo make install-config
nagios@server0:~/nagios$ sudo make install-commandmode
nagios@server0:~/nagios$ sudo make install-webconf
nagios 默认被安装到 /usr/local/nagios/ 下
添加nagios 管理员账户,系统默认 user 为 nagiosadmin,也可以添加其它的:
nagios@server0:~/nagios$ htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
nagios@server0:~/nagios$ sudo service apache2 restart
4. 安装 nagios-plugins:
nagios@server0:~$ tar zxvf nagios-plugins-1.4.16.tar.gz
nagios@server0:~$ cd agios-plugins-1.4.16/
nagios@server0:~/nagios-plugins-1.4.16$ ./configure --with-nagios-user=nagios --with-nagios-group=nagios
......
config.status: creating po/POTFILES
config.status: creating po/Makefile
--with-apt-get-command: /usr/bin/apt-get
--with-ping6-command: /bin/ping6 -n -U -w %d -c %d %s
--with-ping-command: /bin/ping -n -U -w %d -c %d %s
--with-ipv6: yes
--with-mysql: no
--with-openssl: yes
--with-gnutls: no
--enable-extra-opts: no
--with-perl: /usr/bin/perl
--enable-perl-modules: no
--with-cgiurl: /nagios/cgi-bin
--with-trusted-path: /bin:/sbin:/usr/bin:/usr/sbin
--enable-libtap: no
看到 --with-openssl: yes 就可以继续了; 如果显示 no 就要安装对应 OS 的 SSL Lib package。
nagios@server0:~/nagios-plugins-1.4.16$ make
nagios@server0:~/nagios-plugins-1.4.16$ sudo make install
nagios@server0:~/nagios-plugins-1.4.16$ sudo make install-root
此时 /usr/local/nagios/libexec/ 下生成了很多 nagios-plugin,就是写好的一堆脚本,-h 看帮助:
nagios@server0:~/nagios-plugins-1.4.16$ /usr/local/nagios/libexec/check_*** -h|less
nagios@server0:~/nagios-plugins-1.4.16$ vi ~/.bashrc
export PATH=$PATH:/usr/local/nagios/bin
nagios@server0:~/nagios-plugins-1.4.16$ source ~/.bashrc
nagios@server0:~/nagios-plugins-1.4.16$ service nagios start
nagios@server0:~/nagios-plugins-1.4.16$ ps -A|grep nagios 会有显示。
接下来在 server0 上打开浏览器,输入:
http://192.168.1.10/nagios
如果没有 firewall 的干扰,就能看到 server0 自己的界面了。
Current Status -> Services 能看到 Ping, Swap, Total Processes 等机器状态的参数。
如果server0 在远方,就在 router 上对 apache2 的监听端口做个 port forwarding。
这里要对照文档多看看 /usr/local/nagios/ 下的配置文件,其中 etc/nagios.cfg 被称为
Main Configuration File,etc/objects/ 下还有几个配置文件。
监测本机的配置文件是 etc/objects/localhost.cfg 对照文档看看就知道含义了。
为了监测其它机器,还要继续安装 nrpe,这是一个特殊的 nagios-plugin,需要在监控端和被监控机器上
都安装,nrpe 在远程机器上搜集信息,将信息返回给监控端:
5. 安装 nrpe
nagios@server0:~$ tar zxvf nrpe-2.13.tar.gz
nagios@server0:~$ cd nrpe-2.13/
nrpe 默认每个 service 只能返回 1KB 数据,nagios 默认每个 service 能读取 8KB 数据。修改两行源码,
将数值增大到 8192,然后再编译安装:
nagios@server0:~/nrpe-2.13$ vi include/common.h
#define MAX_INPUT_BUFFER 8192 /* max size of most buffers we use */
#define MAX_PACKETBUFFER_LENGTH 8192 /* max amount of data we'll send in one query/response */
经过试验,默认的 1024 效果很好,远程机器的监控对象一旦发生变化,nagios web 界面上很快就能看到;
设置成 8192 后,nagios web 界面上收到 nrpe 返回信息的时间会变长很多,大于2分钟;
设置成大于 8192 会导致 nrpe 不能正常运行,即使单机也不行。
直接 configure 出错:
nagios@server0:~/nrpe-2.13$ ./configure
checking for SSL headers... SSL headers found in /usr
checking for SSL libraries... configure: error: Cannot find ssl libraries
没找到 SSL lib
1) $ locate ssl|less 找到路径
2) $ ./configure -h|less 找到 configure 选项
nagios@server0:~/nrpe-2.13$ ./configure --with-ssl-lib=/usr/lib/x86_64-linux-gnu/
nagios@server0:~/nrpe-2.13$ make all
nagios@server0:~/nrpe-2.13$ sudo make install-plugin
nagios@server0:~/nrpe-2.13$ vi ~/.bashrc
export PATH=$PATH:/usr/local/nagios/bin
nagios@server0:~/nrpe-2.13$ source ~/.bashrc
参考官方文档 "Object Definitions" 定义自己的配置文件:
http://nagios.sourceforge.net/docs/nagioscore/3/en/objectdefinitions.html
下面是我自己定义的配置:
server0 监测 server1 ~ server3 server5 ~ server9 的 load, total processes
以 server1 为例,server0 根据自己的配置文件把命令传给 server1 nrpe daemon,
server1 nrpe daemon 根据自己的配置文件在本机执行命令,然后把结果返回给 server0。
nagios@server0:~/nrpe-2.13$ cd /usr/local/nagios/
nagios@server0:/usr/local/nagios$ ls etc/servers/
commands.cfg hosts.cfg services.cfg
nagios@server0:/usr/local/nagios$ vi etc/servers/hosts.cfg
define host{
name linux-server-template
check_period 24x7
check_interval 5
retry_interval 1
max_check_attempts 10
contact_groups admins
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
process_perf_data 1
retain_status_information 1
notification_interval 120
notification_period workhours
notification_options d,u,r
register 0
}
define host{
use linux-server-template
host_name server0
alias nagiosserver
address 192.168.1.10
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server1
alias server1
address 192.168.1.11
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server2
alias server2
address 192.168.1.12
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server3
alias server3
address 192.168.1.13
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server5
alias server5
address 192.168.1.15
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server6
alias server6
address 192.168.1.16
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server7
alias server7
address 192.168.1.17
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server8
alias server8
address 192.168.1.18
check_command check_nrpe!check_host_alive
}
define host{
use linux-server-template
host_name server9
alias server9
address 192.168.1.19
check_command check_nrpe!check_host_alive
}
这里 check_host_alive 是在系统默认配置文件 etc/objects/commands.cfg 中:
# This command checks to see if a host is "alive" by pinging it
# The check must result in a 100% packet loss or 5 second (5000ms) round trip
# average time to produce a critical error.
# Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
# 'check-host-alive' command definition
define command{
command_name check-host-alive
command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
}
这就要求被监测机器 server1 上的配置文件中要有执行 check_ping 的设置,如果没有就要自己添加。
nagios@server0:/usr/local/nagios$ vi etc/servers/services.cfg
define service{
name linux-service-template
active_checks_enabled 1
passive_checks_enabled 1
parallelize_check 1
obsess_over_service 1
check_freshness 0
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
failure_prediction_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 10
retry_check_interval 2
contact_groups admins
notification_options w,u,c,r
notification_interval 60
notification_period workhours
register 0
}
define service{
use linux-service-template
host_name server1,server2,server3,server5,server6,server7,server8,server9
service_description CPU Load
check_command check_nrpe!check_load
}
define service{
use linux-service-template
host_name server1,server2,server3,server5,server6,server7,server8,server9
service_description Total Processes
check_command check_nrpe!check_total_procs
}
nagios@server0:/usr/local/nagios$ vi etc/servers/commands.cfg
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t 30
}
设置好配置文件后,要先 nagios -v 检查一下:
nagios@server0:/usr/local/nagios$ nagios -v etc/nagios.cfg
如果没有error,继续检查 command definition,如果这里 check_nrpe 后面的参数写错了,
nagios -v 是检查不出来的。比如上面命令参数 -c 写成了 -C,nagios -v 检查没有 error,
就以为是 apache2 的问题,去查 apache2 log 也不会有结果。
都通过了就可以重启 nagios:
nagios@server0:/usr/local/nagios$ service nagios restart
接下来要在被监控的机器上安装配置了。
二. 在被监控的机器 server1 ~ server9 上安装 nagios-plugins, nrpe:
1. 在 server1 ~ server3 server5 ~ server9 上添加 nagios 用户:
$ sudo useradd -m -s /bin/bash nagios
$ sudo passwd nagios
2 . 在server1 ~ server3 server5 ~ server9 上预装如下 package:
nagios@server1:~$ sudo apt-get install build-essential libgd2-xpm-dev libssl-dev
3. 安装 nagios-plugins:
nagios@server1:~$ tar zxvf nagios-plugins-1.4.16.tar.gz
nagios@server1:~$ cd nagios-plugins-1.4.16/
nagios@server1:~/nagios-plugins-1.4.16$ ./configure --with-nagios-user=nagios --with-nagios-group=nagios
nagios@server1:~/nagios-plugins-1.4.16$ make
nagios@server1:~/nagios-plugins-1.4.16$ sudo make install
nagios@server1:~/nagios-plugins-1.4.16$ sudo make install-root
4. 安装 NRPE:
nagios@server1:~$ tar zxvf nrpe-2.13.tar.gz
nagios@server1:~$ cd nrpe-2.13/
nagios@server1:~/nrpe-2.13$ vi include/common.h
#define MAX_INPUT_BUFFER 8192 /* max size of most buffers we use */
#define MAX_PACKETBUFFER_LENGTH 8192 /* max amount of data we'll send in one query/response */
nagios@server1:~/nrpe-2.13$ ./configure --with-ssl-lib=/usr/lib/x86_64-linux-gnu/
nagios@server1:~/nrpe-2.13$ make all
nagios@server1:~/nrpe-2.13$ sudo make install-plugin
nagios@server1:~/nrpe-2.13$ sudo make install-daemon
nagios@server1:~/nrpe-2.13$ sudo make install-daemon-config
nagios@server1:~/nrpe-2.13$ vi ~/.bashrc
export PATH=$PATH:/usr/local/nagios/bin
nagios@server1:~/nrpe-2.13$ source ~/.bashrc
nagios@server1:~/nrpe-2.13$ cd /usr/local/nagios/
nagios@server1:/usr/local/nagios$ vi etc/nrpe.cfg
1) 加上允许监控自己的 server0 IP:
allowed_hosts=127.0.0.1,192.168.1.10
2) 搜 include_dir,在下面加上自己定义的目录:
include_dir=/usr/local/nagios/etc/rservers
nagios@server1:/usr/local/nagios$ mkdir etc/rservers
发现 etc/nrpe.cfg 中没有 server0 中设置的 check-host-alive command,需要我们自己定义:
nagios@server1:/usr/local/nagios$ vi etc/rservers/commands.cfg
command[check-host-alive]=/usr/local/nagios//libexec/check_ping -H localhost -w 3000.0,80% -c 5000.0,100% -p 5
启动 nrpe:
nagios@server1:/usr/local/nagios$ nrpe -c etc/nrpe.cfg -d
nagios@server1:~$ ps -A|grep nrpe
17300 ? 00:00:00 nrpe
nagios@server1:~$ netstat -an|grep 5666
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN
每次修改 nrpe.cfg 之后,都要 kill nrpe 进程,然后重新启动。
在 本机 和 server0 上测试,都能返回版本号就安装成功了:
nagios@server1:/usr/local/nagios$ libexec/check_nrpe -H localhost
NRPE v2.13
nagios@server0:~$ /usr/local/nagios/libexec/check_nrpe -H server1
NRPE v2.13
如果出错就修改 etc/nrpe.cfg:
debug=1
重启 nrpe,执行 nrpe 命令出错之后去 /var/log/syslog 中找 error 信息,然后 google
三. 网页验证
在 server0 的浏览器上输入: http://192.168.1.10/nagios
正常会出现被监测机器 server1 ~ server3 server5 ~ server9 的信息: load, total processes。
如果没有正常显示,可以先在命令行下测试:
nagios@server0:/usr/local/nagios$ libexec/check_nrpe -H server1 -c check_total_procs
PROCS WARNING: 173 processes
如果命令行显示结果都正常,就先好好检查 server0 上自己设置的 commands.cfg,看参数是否有错;
如果没错就看 apache2 log,/var/log/apache2/ 下的 error.log
nagios@server0:/usr/local/nagios$ ps -A|grep nagios
更多时候要自己写 plugin,放到 libexec/ 下面,plugin 要遵循 nagios 的规范:
http://nagios.sourceforge.net/docs/3_0/pluginapi.html
nagios 本身对监测结果不能出图,必须安装第三方的软件。如果想出图,那么写 plugin 时除了 Output,
还要返回 perfdata,就是一个字符串,nrpe 将这个 perfdata 返回给第三方生成图形的软件处理。
plugin 返回的字符串,Output + perfdata,nrpe 只能读前 1024,要想让 plugin 返回更多数据,就 multiline 的方式输出。
如果无法出图,可以先查看 nagios host service 状态:
nagios@server0:/usr/local/nagios$ less var/status.dat
如果采用被动监测方式,可以安装 Ndoutils 插件 + MySQL,然后安装 Centreon。
Centreon 可以在图形界面中修改配置文件。
这里装一个免费的 pnp4nagios,加入图形显示选项。
官方文档一定要看:
http://docs.pnp4nagios.org/pnp-0.6/doc_complete
四. 安装 pnp4nagios
1. 预备安装
nagios@server0:~$ sudo apt-get install perl rrdtool php5-gd
Enable apache2 rewrite module:
nagios@server0:~$ cd /etc/apache2/
nagios@server0:/etc/apache2$ ls -l mods-available/|grep write
-rw-r--r-- 1 root root 66 Feb 7 12:16 rewrite.load
nagios@server0:~$ sudo a2enmod rewrite
2. 安装 pnp4nagios
nagios@server0:~$ tar zxvf pnp4nagios-0.6.18.tar.gz
nagios@server0:~$ cd pnp4nagios-0.6.18/
nagios@server0:~/pnp4nagios-0.6.18$ ./configure --with-nagios-user=nagios --with-nagios-group=nagcmd
nagios@server0:~/pnp4nagios-0.6.18$ make all
nagios@server0:~/pnp4nagios-0.6.18$ sudo make install
nagios@server0:~/pnp4nagios-0.6.18$ sudo make install-webconf
nagios@server0:~/pnp4nagios-0.6.18$ sudo make install-config
nagios@server0:~/pnp4nagios-0.6.18$ sudo make install-init
默认安装到 /usr/local/pnp4nagios/ 下
nagios@server0:~/pnp4nagios-0.6.18$ sudo service apache2 restart
3. 配置
监测的机器很少,所以用最基本的 Synchronous Mode;
机器多些的用 Bulk Mode;
几百台机器的用 Bulk Mode with NPCD daemon
nagios@server0:~/pnp4nagios-0.6.18$ vi /usr/local/nagios/etc/nagios.cfg 更改三行:
process_performance_data=1
host_perfdata_command=process-host-perfdata
service_perfdata_command=process-service-perfdata
nagios@server0:~/pnp4nagios-0.6.18$ vi /usr/local/nagios/etc/servers/commands.cfg 添加如下两段:
define command {
command_name process-service-perfdata
command_line /usr/local/pnp4nagios/libexec/process_perfdata.pl
}
define command {
command_name process-host-perfdata
command_line /usr/local/pnp4nagios/libexec/process_perfdata.pl -d HOSTPERFDATA
}
注释掉 /usr/local/nagios/etc/objects/commands.cfg 中系统默认的两个对应 command 的定义。
打开网页: http://192.168.1.10/pnp4nagios
网页显示验证结果,显示 GD Lib 没有加入到 php 中去,但明明已经安装 php5-gd 了。
nagios@server0:~$ sudo updatedb
nagios@server0:~$ locate gd|less
......
/usr/lib/php5/20090626/gd.so
......
将 gd.so 手动加入 php 配置文件中:
nagios@server0:~$ less /etc/php5/apache2/php.ini
搜 extension 找到相应位置,再用 vi 打开添加目录和lib,直接 vi 打开颜色深蓝看不清。
在相应位置添加如下两行:
extension_dir = "/usr/lib/php5/20090626/"
extension=gd.so
nagios@server0:~$ sudo service apache2 restart
这下刷新网页就pass了,按照提示将 install.php 改名:
nagios@server0:~/pnp4nagios-0.6.18$ cd /usr/local/pnp4nagios/share/
nagios@server0:~/usr/local/pnp4nagios/share$ mv install.php install.php.backup
4. 继续修改 nagios 的相关配置文件
nagios@server0:~$ sudo vi /usr/local/nagios/etc/servers/hosts.cfg
define host {
name host-pnp
action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_
register 0
}
在各个 define host 中 use 末尾加入 host-pnp,以 server1 为例:
define host{
use linux-server-template,host-pnp
host_name server1
alias server1
address 192.168.1.11
check_command check_nrpe!check_host_alive
}
nagios@server0:~$ sudo vi /usr/local/nagios/etc/servers/services.cfg
define service {
name srv-pnp
action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$
register 0
}
在各个 define service 中 use 末尾加入 srv-pnp,以 check_load 为例:
define service{
use linux-service-template
host_name server1,server2,server3,server5,server6,server7,server8,server9
service_description CPU Load
check_command check_nrpe!check_load
}
验证 nagios 配置文件写的是否正确:
nagios@server0:~/usr/local/pnp4nagios/share$ nagios -v /usr/local/nagios/etc/nagios.cfg
没有 Error 就重启 nagios:
nagios@server0:~/usr/local/pnp4nagios/share$ service nagios restart
网页输入: http://192.168.1.10/nagios
可以看到小图标了,一点击就出来大图了。
pnp4nagios 生成图的配置文件:
/usr/local/pnp4nagios/etc/config_local.php
定制 pnp4nagios 生成图:
/usr/local/pnp4nagios/share/ 下面有几个 templates* 目录,里面的 .php 就是生成图形的。
其中 templates.dist/ 下面有一堆样例,自己定制的 .php 放在 templates/ 下面,
比如要对 nagios service check_http 出图,就要有 check_http.php。
系统按照如下顺序搜索 check_http.php:
1. templates/check_http.php
2. templates.dist/check_http.php
3. templates/default.php
4. templates.dist/default.php
如果自己不定制,系统会用默认的 default.php 来出图,这里的 .php 都是通过读取 rrd 数据库出图。
/usr/local/pnp4nagios/var/perfdata/ 下面有一堆目录,每台被监测机器一个目录,目录里面,每个
service 都包含 .rrd .xml 两个文件。templates/*.php 除了读 .rrd 之外,也可以利用 .xml 信息。
如果出图错误,可以先把 .rrd .xml 两个文件删除,重新生成。
nagios@server0:/usr/local/pnp4nagios$ ls -l var/perfdata/
drwxrwxr-x 2 nagios nagios 4096 Aug 9 10:25 localhost
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:26 server0
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:29 server1
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:29 server2
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:30 server3
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:30 server5
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:30 server6
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:30 server7
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:29 server8
drwxrwxr-x 2 nagios nagios 4096 Sep 5 19:29 server9
nagios@server0:/usr/local/pnp4nagios$ ls -l var/perfdata/server1
-rw-rw-r-- 1 nagios nagios 1151496 Sep 12 10:29 CPU_Load.rrd
-rw-rw-r-- 1 nagios nagios 13063 Sep 12 10:29 CPU_Load.xml
-rw-rw-r-- 1 nagios nagios 1534768 Sep 12 10:29 CPU_Usage.rrd
-rw-rw-r-- 1 nagios nagios 13818 Sep 12 10:29 CPU_Usage.xml
-rw-rw-r-- 1 nagios nagios 768224 Sep 12 10:21 Disk_IO_Status.rrd
-rw-rw-r-- 1 nagios nagios 12621 Sep 12 10:21 Disk_IO_Status.xml
-rw-rw-r-- 1 nagios nagios 384952 Sep 12 10:25 Disk_Usage.rrd
-rw-rw-r-- 1 nagios nagios 11753 Sep 12 10:25 Disk_Usage.xml
-rw-rw-r-- 1 nagios nagios 768224 Sep 12 10:29 _HOST_.rrd
-rw-rw-r-- 1 nagios nagios 12157 Sep 12 10:29 _HOST_.xml
-rw-rw-r-- 1 nagios nagios 9200208 Aug 28 17:35 KVM_Status.rrd
-rw-rw-r-- 1 nagios nagios 27735 Sep 6 17:50 KVM_Status.xml
-rw-rw-r-- 1 nagios nagios 1918040 Sep 12 10:26 Memory_Usage.rrd
-rw-rw-r-- 1 nagios nagios 14544 Sep 12 10:26 Memory_Usage.xml
-rw-rw-r-- 1 nagios nagios 1534768 Sep 12 10:27 Network_Status.rrd
-rw-rw-r-- 1 nagios nagios 13800 Sep 12 10:27 Network_Status.xml
-rw-rw-r-- 1 nagios nagios 768224 Aug 8 11:39 PING.rrd
-rw-rw-r-- 1 nagios nagios 12536 Aug 8 11:39 PING.xml
-rw-rw-r-- 1 nagios nagios 1918040 Aug 10 14:01 Total_Processes_Number.rrd
-rw-rw-r-- 1 nagios nagios 14427 Aug 10 14:01 Total_Processes_Number.xml
-rw-rw-r-- 1 nagios nagios 1918040 Aug 10 14:02 Total_Processes.rrd
-rw-rw-r-- 1 nagios nagios 14309 Aug 10 14:02 Total_Processes.xml
-rw-rw-r-- 1 nagios nagios 1918040 Sep 12 10:29 Total_Procs.rrd
-rw-rw-r-- 1 nagios nagios 14301 Sep 12 10:29 Total_Procs.xml
和定制 nagios plugin 类似,定制出图的 .php 也要遵循一定的规范:
1. templates must not create any output.
2. the two arrays $opt[] and $def[] have to be filled.
If both arrays contain more than one set of data, graphs will be created for every set.
Inside the templates, the data from the related XML files can be used.
nagios 还有许多其它 plugin,常用需求都有,先去官方网站找,都是各种脚本,直接修改添加就行。
把写好的 plugin 放到被监测机器 libexec/ 下,etc/rservers/ 下 define objects。
libexec/check_linux_stats 是一个 C wrapper,调用perl 脚本 check_linux_stats.pl,
其中 check_kvm 要root 权限,其它可以直接用 nagios 用户执行 check_linux_stats.pl:
$ sudo chown root check_linux_stats
$ sudo chmod 4755 check_linux_stats
预装软件 server1 ~ server9:
$ sudo apt-get install libsys-statistics-linux-perl liblist-moreutils-perl libxml-xpath-perl libxml-parser-perl libxml-simple-perl libproc-processtable-perl
Openstack 已经安装 libvirt-bin,这里只需安装 libvirt dev:
$ sudo apt-get install libvirt-dev
Sys-Virt:
$ tar zxvf Sys-Virt-0.9.8.tar.gz
$ cd Sys-Virt-0.9.8/
$ perl Makefile.PL
$ make
$ sudo make install
===============================================================================================
# vi /etc/sudoers
globus ALL=(cngrid) NOPASSWD:
/usr/local/globus-4.0.5/libexec/globus-gridmap-and-execute -g /etc/grid-security/grid-mapfile
/usr/local/globus-4.0.5/libexec/globus-job-manager-script.pl *
globus 以cngrid的身份执行后面的操作,man sudoers
User_Alias Host_Alias(Runas_Alias) Cmnd_Alias
sudo自身很安全没有问题,但想做到安全的配置很难:
1. 比如让用户可以sudo执行vim,在vim里运行:shell 出来的就是root shell,可以做任何事。
2. sudo一个目录下所有程序,不巧用户正好可以往这个目录下写东西,它可以copy一个shell到下面,
又可以做任何事了。
===============================================================================================
task_struct-->files_struct (file **fd) --> file ---> dentry ---> inode --> data
file descriptors --> file description
0 1 2 3... file offset f_pos
f_flags O_DIRECT O_SYNC O_AYNC
open() creates a new file struct
fork() the child copies the parent’s fd_array, share file struct
dup() ls > a.txt the old and new fds refer to the same file struct
-----------------------------------------------------------------------------------------------
screen
create a new window: C-a c
next/preivous window: C-a n/p
delete a window C-a K
detach screen from current terminal: C-a d
now if you log out, the screen will be still there.
when you log in back, just: screen -rd <pid>
then you get exactly what you have when you last leave
-----------------------------------------------------------------------------------------------
hard link VS symbolic link
每个partition就一个superblock,其他group中的sb都是group1中sb的备份。
sb和group discriptors 备份在如下group上: 1,3,5,7 的幂
hard link:不能跨partition,不能link目录. inode只在superblock中唯一编号,且每个partiton只有一个
superblock,所以hard link无法跨越多个partition, 而symbolic link是可以跨partition的。
hardlink可以用来做重要文件的备份:
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/networking/profiles/default/ifcfg-eth0
/etc/sysconfig/networking/devices/ifcfg-eth0
stat它们一下,发现inode number相同, links=3,因此它们是hardlink
symbolic link,实现时要防止出现cycle:
假设hellodir存在,test.c不存在,ln -s hellodir test.c之后,ls -li发现inode 编号不同
32095 drwxrwxr-x 2 cngrid cngrid 4096 2008-04-23 23:01 hellodir
32098 lrwxrwxrwx 1 cngrid cngrid 8 2008-04-23 23:01 test.c -> hellodir
test.c此时有自己的data block,其data block中存放hellodir.所以size是8,
如果有path,还要加上path的size. 此时cd test.c就能看见hellodir下的文件.
-----------------------------------------------------------------------------------------------
file sharing
task_struct-->files_struct (file **fd) --> file ---> dentry ---> inode --> data
file descriptors --> file description
0 1 2 3... file offset f_pos
f_flags O_DIRECT O_SYNC O_AYNC
open() creates a new file struct
fork() the child copies the parent’s fd_array, share file struct
dup() ls > a.txt the old and new fds refer to the same file struct
===============================================================================================
fedora 12 常用软件安装
fedora 12 Xorg 狂占cpu,而且没解决办法。不如 fedora 8,只是 fedora 8 没有官方yum源了,只好装了
1. # vi /etc/sudoers 把普通用户加入
2. NetworkManager 有bug,有它启动后不能自动上网,卸掉 $ sudo yum remove NetworkManager -y
3. System->Preferences->Personal->Input Method
$ sudo ntsysv 取消某些daemon开机启动
root vi 文件无颜色
$ sudo vi /etc/bashrc
alias vi='vim'
cp mv 覆盖已有文件不提示
$ vi ~/.bashrc
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
$ source ~/.bashrc
$ sudo vi /etc/selinux/config
SELINUX=disabled
$ sudo service network restart
4. 加yum源。
如果版本很新,直接安装最新的源:
$ sudo rpm -ivh
http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
$ sudo rpm -ivh
http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
fedora 12 已经不再更新源了,去下面两个目录找对应版本的 rpm 装上:
http://download1.rpmfusion.org/free/fedora/
http://download1.rpmfusion.org/nonfree/fedora/
$ sudo rpm -ivh
http://download1.rpmfusion.org/free/fedora/updates/12/i386/rpmfusion-free-release-12-3.noarch.rpm
$ sudo rpm -ivh
http://download1.rpmfusion.org/nonfree/fedora/updates/12/i386/rpmfusion-nonfree-release-12-3.noarch.rpm
$ sudo yum install gnochm bash-completion bchunk zhcon convmv xmms xmms-mp3 xmms-skins xmms-flac
mac lame iftop stardict gparted tsclient nmap iptraf wget shntool cuetools smplayer mencoder
ffmpeg pcmanx-gtk2 thunderbird pidgin wireshark-gnome screen mkvtoolnix gpac subtitleeditor
5. pcmanx-gtk2: View->Font:AR PL UMing CN,Edit->
Preference-> Site Settings-> Site Encoding:gbk
$ vi ~/.vimrc set fileencodings=utf-8,gbk,gb2312,gb18030,big5
gedit乱码: 打开一个.txt文件 --> 关掉文件,保留gedit --> open --> Character Coding
alt+ctrl+F6-> $ zhcon --utf8 && vi Chinesebook
xmms乱码未解决,fedora 8的方法不行了,但可以听。桌面底下把鼠标放上去能正常显示中文,比如:
XMMS - 283. 程琳 - 风雨兼程.ape
播放列表也有行号,所以可以 $ ls ape|nl|less 来定位听的歌。相当于把歌名加密了:)
ctrl + p
Input Plugins
MPEG Layer 1/2/3 Placeholder Plugin [librh_mp3.so](disabled)
Output Plugin
ALSA 1.2.10 output plugin [libALSA.so]
ape: $ sudo rpm -ivh xmms-in-mac-0.2.1-alt2.i586.rpm
注意: evolution不能全部删除,否则就进不去gnome了:
应该 $ sudo yum remove evolution 不能 yum remove evolution*
6. Adobereader, Skype, Xvidcap
mplayer rmvb: $ sudo tar jxvf all-20071007.tar.bz2 -C /usr/lib/codecs/
$ sudo rpm -ivh pcmanx-gtk2-0.3.8-5.fc11.i586.rpm
$ wget 213.146.168.246/linux/skype-2.1.0.81-fc10.i586.rpm
$ sudo rpm -ivh linux-fetion-1.3-1.fc13.src.rpm
$ sudo chown -R cngrid.cngrid rpmbuild/
$ sudo rpmbuild -bb rpmbuild/SPECS/linux-fetion.spec
$ sudo rpm -ivh rpmbuild/RPMS/linux-fetion-1.3-1.fc12.i686.rpm
$ sudo rpm -ivh nerolinux-4.0.0.0-x86.rpm
刻录单个文件> 2GB时选UDF格式。启动刻录机,插入光盘后,nerolinux 找不到光驱:
$ ll /dev|grep sg
drwxr-xr-x 2 root root 80 2010-04-19 19:35 bsg
crw-rw---- 1 root root 1, 11 2010-04-19 07:51 kmsg
crw-rw---- 1 root disk 21, 0 2010-04-19 07:51 sg0
crw-rw---- 1 root cdrom 21, 1 2010-04-19 19:35 sg1
对应cdrom,给普通用户加上rw $ sudo chown 666 /dev/sg1
一个 4.0 的可用key: 9M1K-0098-P3HL-PK6P-T6UA-1E5X-E557-8X41
7. stardict EN-EN词典
http://reciteword.cosoft.org.cn/stardict-iso/stardict-dic/dict.org/ 下5个包:
Webster's Revised Unabridged Dictionary (1913)
Longman Dictionary of Contemporary English
Oxford Advanced Learner's Dictionary
Merrian Webster 10th dictionary
stardict-collins5-2.4.2.tar.bz2
全部解压到/usr/share/stardict/dic/ 下
$ sudo tar jxvf stardict-dictd-web1913-2.4.2.tar.bz2 -C /usr/share/stardict/dic/
....
8. mldonkey 多协议,包括BT和驴, sancho为gui
$ tar jxvf mldonkey-3.0.5.tar.bz2
$ cd mldonkey-3.0.5/ && sudo ./configure && sudo make && sudo make install
到CSDN下sancho-0.9.4-59-linux-gtk.sh
$ sudo sh sancho-0.9.4-59-linux-gtk.sh 释放到 /usr/local/
$ sudo ln -s /usr/local/sancho /usr/local/bin/sancho
$ sudo chown -R cngrid.cngrid ~/.sancho
先 mlnet & ,再 sancho 设置sancho和mlnet关联
Preferences-> Networks添加enable_bittorrent, enable_kademlia, enable_overnet, enable_fileTP
http://www.nodes-dat.com/ 下 nodes.dat -> console: kad_load /home/cngrid/nodes.dat
取消IP限制:
$ rm -rf ~/.mldonkey/web_infos/level1.gz
$ vi ~/.mldonkey/downloads.ini 搜 web_infos ,删除如下行:
("guarding.p2p", 96, "http://www.bluetack.co.uk/config/level1.gz");
重启mldonkey。
导入server列表: servers server.met
与 Firefox 关联:
mldonkey tar包里就带着相关工具,在 /usr/local/mldonkey-3.0.5/distrib/ed2k_mozilla/ 下
有个 mldonkey_protocol_handler-2.5.xpi,把它拖入 Firefox 中装上就行了。
增加一个share directory:
/home 分区没空间了,/ 分区还有15GB 空间,把一个6GB 的大文件放里面共享给别人:
$ sudo mkdir /mldonkeyshare
$ vi .mldonkey/downloads.ini 搜 share 找到相应位置:
shared_directories = [
{ dirname = shared
strategy = all_files
priority = 0
};
{ dirname = "incoming/files"
strategy = incoming_files
priority = 0
};
{ dirname = "incoming/directories"
strategy = incoming_directories
priority = 0
};]
可见,默认共享目录是 .mldonkey/share/
先关闭 mldonkey,按照样例在 [] 里面增加一项。直接添加不行:
{ dirname = "/mldonkeyshare"
strategy = all_files
priority = 0
};
先在 .mldonkey/incoming/ 里做个 symlink 就行了:
$ cd ~/.mldonkey/incoming/
$ ln -s /mldonkeyshare share
$ vi ~/.mldonkey/download.ini 在[]里添加一项:
{ dirname = "incoming/share"
strategy = all_files
priority = 0
};
$ sudo ln -s /mnt/win/movie/mule/ .mldonkey/incoming/files/winshare
这下有什么好东西放里就行了。
共享一个文件,把 ed2k 地址给别人:
把要共享的文件放入 shared dir,然后点 Console,在下面输入 reshare 回车,计算Hash需要1分钟,
之后点 Shares 就会发现文件正被共享,右击文件 -> copy to clipboard --> ed2k://->
clipboard ,然后右键 -> paste 就行了。也可以按 shift 多选,然后 clipboard,多个地址一下
就都出来了。
mldonkey 默认每半小时更新一次 share dir 里的内容。mldonkey 启动时会读取配置文件 download.ini,
因此重启mldonkey也能更新 share dir 里的内容。
用 mldonkey 也可以下 ftp http ssh,都是通过 File --> Input link,比如输入
http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.38.2.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.38.2.tar.bz2
磁盘空间满,mldonkey自动 disconnection。删除文件有空间了,sancho 启动时和mlnet关联不上了:
$ mlnet & 注意此时shell会有提示说有log 进入.mldonkey/mlnet.log
$ sancho 就会关联不上,看看 log
$ less .mldonkey/mlnet.log
...
2011/02/13 14:30:58 [cInt] WARNING: Directory temp is full, MLDonkey queues all downloads
2011/02/13 14:30:58 [cInt] WARNING: Directory /home/cngrid/.mldonkey is full, MLDonkey shuts down
2011/02/13 14:30:58 Exception Sys_error("No space left on device") in Network.iter for Donkey
2011/02/13 14:30:58 [cCO] Options correctly saved
2011/02/13 14:38:58 [cO] Started logging...
File files.ini.tmp exists
An error may have occurred during previous configuration save.
Please, check your configurations files, and rename/remove this file
before restarting
2011/02/13 14:39:03 [cO] Started logging...
File files.ini.tmp exists
An error may have occurred during previous configuration save.
Please, check your configurations files, and rename/remove this file
before restarting
...
按照提示,$ rm -rf *.tmp 此时启动sancho就正常了。
9. Dropbox i386
过w下 nautilus-dropbox-0.6.8-1.fedora.i386.rpm;
下 http://www.getdropbox.com/download?plat=lnx.x86 并解压至 ~;
$ sudo rpm -ivh nautilus-dropbox-0.6.8-1.fedora.i386.rpm
如果是 x86_64 就下 http://www.getdropbox.com/download?plat=lnx.x86_64 并解压至 ~ 。
-----------------------------------------------------------------------------------------------
WAN用ftp合适
client用lftp: man lftp
$ sudo vi /etc/lftp.conf 末尾:
set ftp:charset “gbk”
set file:charset “utf-8″
ls -lR . |grep Nemo
get -c a.txt put -c a.txt
mget -c *.srt mput -c *.mpg
mirror -c book/ mirror -Rc test/
!ls 显示本地内容
lftp -c "mirror -c http://rpm.livna.org/fedora/8/i386/"
lftp -c "get -c http://download.fedoraproject.org/iso/Fedora-11-i386-DVD.iso"
$ vi lftp.sh
#!/bin/bash
lftp grid:hpcgrid@10.0.1.125
lftp ftp.trueice.net
lftp upload:upload@ftp.trueice.net:8021
lftp media:dcecoa_ftp@59.66.188.92:10021
lftp mse:kexie@incoming.blueink.org:40021
下载指定html链接的内容:
wget -r -l 1 http://staff.ustc.edu.cn/~xlanchen/EmbeddedOS2009Fall/EmbeddedOS2009Fall.html
备份整个网站:
wget --recursive --no-clobber --page-requisites --convert-links --restrict-file-names=windows
--no-parent http://www.tsinghua.edu.cn/publish/eea/
server用pure-ftp。vsftp打上中文补丁后,如果单个文件大于2GB就不能正常传输。
目标:禁止匿名登录,用虚拟用户grid能上传下载删除修改文件。
$ sudo yum install pure-ftpd
$ sudo vi /etc/pure-ftpd/pure-ftpd.conf 禁掉匿名访问的选项,同时保证打开以下2条:
PureDB /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication yes
末尾添加两行:
FileSystemCharset utf-8
ClientCharset gbk
系统已经有普通用户fit,利用fit建立虚拟用户grid:
$ sudo pure-pw useradd grid -u fit -g fit -d /var/ftp -m
$ sudo chown -R fit.fit /var/ftp
$ sudo service pure-ftpd start
$ sudo ntsysv 开机自动启动
$ sudo pure-pw show grid 看用户信息
无法登录: PureDB选项没打开,认证过不去。
把ftp作为用户,uid=14,而配置文件却有 MinUID 500 选项,自然无法登录了。
无法下载:要保证 PAMAuthentication yes
无法上传:要保证共享目录的最后一级有w权限。
要么chown -R fit.fit /var/ftp; 要么chmod 777 /var/ftp:
$ ls -l |grep ftp
drwxr-xr-x 2 fit fit 4096 2010-03-05 23:29 ftp
$ ls -l |grep ftp
drwxrwxrwx 2 root root 4096 2010-03-05 23:29 ftp
pure-ftp的pureftpd.log不能显示中文,/var/log/messages却可以:)
-----------------------------------------------------------------------------------------------
Samba
用samba client访问mount上win机器上的share dir后很方便,默认对中文支持良好。
但别在linux上配置samba server,太不稳定,尝过苦头,想共享文件给别人推荐用ftp。
man smb.conf
linux本机是10.0.1.4。windows是10.0.1.15,D:\共享 是个share dir
目标:在Linux本机可以直接看win上共享目录中的电影,也可以直接用linux传统cp命令copy文件。
Linux -> Win:
$ sudo mkdir -p /mnt/win
$ smbclient -L 10.0.1.15 -U administrator 看对方有哪些共享目录
$ sudo mount -t cifs -o user=administrator,password=hpcgridfit //10.0.1.15/共享 /mnt/win/
$ sudo vi /etc/rc.d/rc.local 把上面mount命令写进去,开机自动mount。
Linux下mount Windows的NTFS有时会有不同步的bug: 到Windows下编辑a.txt,回到Linux下访问这个a.txt,
有时发现还是以前的内容。先 umount 然后重新mount一次就好了,cache 管理方式的一个缺陷,文件太小不
真正往硬盘写。mount、umount 都会更新 /etc/mtab、/proc/mounts,/proc/mounts 信息更详细。
===============================================================================================
man bash info grep
注意 && 和 || 优先级相同
$! 写个脚本让后台运行,想取得这个bash的pid,但系统有很多bash,这时用$! 代表刚刚这个bash启动的后
台作业的pid
用local声明局部变量,否则就认为是全局的
引用str时,由于str内可能有',所以要用 "${str}",不用'${str}'
for ((i=121; i<=128; i++))
do
hostname="cn${i}"
done
求pattern在string中第一次出现的位置:
从string末尾开始,把最长匹配 pattern* 的delete,剩下串的长度就是firstpos
firstpos=${a%%${b}*}
lastpos=${a%{b}*}
数字计算多用$((i+1)) 少用expr
int变量相加:total=$(($total+$score)) total=$(($total + 1))
_fgrep() {
s=$1
f=$2
while read line; do
if strstr "$line" "$s"; then
echo $line
return 0
fi
done < $f
return 1
}
从文件输入
sh test.sh < /root/a.txt
------------------------------------------ sed & awk -------------------------------------------
substitute:
&表示被替换的内容 s/love/**&**/ 替换 love 为 **love**
sed 's/cngrid/wzh/g' passwd 全局替换
sed 's#peter#wzh#g' passwd 紧跟s的都被认为是分隔符,#代替了默认的/,表示把所有peter替换成wzh
delete:
sed '2,5d' passwd delete第2,第5行
sed '/ed2k/'d passwd delete含ed2k的行
sed -e '1,5d' -e 's/cngrid/wzh/' passwd -e允许在同一行里执行多条命令。命令执行顺序对结果有影响
print:
sed -n '5,10p' passwd print5-10行, -n和p搭配只显示匹配项
sed -n '5,/^peter/p' passwd ,表示范围.print第5行到第一个包含以peter开头的行之间的所有行
sed -n '/cngrid/,/wzh/p' passwd 所有在模板cngrid和wzh所确定的范围内的行都被print
sed '/cngrid/,/wzh/s/$/sed cngrid/' passwd 对于含有cngrid和wzh之间的行,每行末尾用sed cngrid替换
append,insert:一后一前
sed '2a drink tea' passwd 第2行下面append一行: drink tea
sed '2,5a drink tea' passwd 第2-第5行每行下面都append一行: drink tea
sed '2,5c int main' a.cpp 将第2-5行替换成一行: int main
sed '/^wzh/a hello world' passwd 将wzh开头的行后面append上hello world
read write:
sed '/cngrid/r file' passwd passwd中匹配cngrid的行,在这些匹配行后面附上file的内容
sed -n '/cngrid/w file' passwd passwd中所有包含cngrid的行都被写入file里
next:
sed '/cngrid/{n;s/aa/bb/;}' passwd 如果cngrid被匹配,则移动到匹配行的下一行,替换这一行
的aa为bb,并print该行,然后继续
y:
sed '1,10y/nologin/NOLOGIN/' passwd 把1--10行所有nologin变为NOLOGIN
hH gG:
sed -e '/peter/h' -e '$G' passwd
匹配peter的行被找到后将被存入pattern space,h将其copy到hold space内;第二条语句的意思是当到达
最后一行后,G取出hold space中的行放到pattern space中,且append至pattern space的末尾。
简单说,任何包含peter的行都被复制并追加到该文件的末尾
数字后面直接加acdprwhHgG这些东西,否则就先/再acdprwhHgG
将127.0.0.1替换成127_0_0_1
#!/bin/bash
ip=127.0.0.1
destip=$( echo ${ip} | sed "s/\./\_/g" )
echo ${destip}
-----------------------------------------------------------------------------------------------
awk使用经验:
确保整个awk命令用' '括起来;
确保命令内所有" "成对出现;
确保用{}括起action语句,用()括起control语句
man awk中的record就是指一行
/pattern/{action}
允许pattern,action省略一个.如果pattern被省略,则对于输入文件的每一行,action都会被执行;
如果action被省略,则执行{print},即print所有符合pattern的行,
$ cat f
India's Broken People (21 September 2007).avi 370 MB
The Killing of Kashmir (2004).avi 354 MB
Kosovo - State of Denial (25 May 2007).avi 350 MB
Guns, Votes & Money (14 September 2007).avi 350 MB
Iraq - On the Front Line 01-09-06.mpg 344 MB
Honduras.War On Children (12 October 2007).avi 325 MB
Children Of The Lost Generation (28 September 2007).avi 325 MB
去掉最后两列:
$ awk 'BEGIN {ORS = ""} {for (i = 1; i < NF-1; i++) {print $i " "}; print "\n"}' f > out
awk '/cngrid/' passwd print含cngrid的行
awk -F : '/wzh/{print $3}' passwd 找出含wzh的行然后print第3个字段,fs指定为:
history | awk '{print $2}'|sort|uniq -c|sort -rn|head -n 10
awk -F : '/cngrid/{print $3} /wzh/{print $7}' passwd 找出含cngrid,wzh的行然后分别print第3,7个字段
last | awk '{print $1 "\t" $3}' print第1和第3列,
awk -F : '$1 != "cngrid" {print "The entry for", $1, "is not Tim.", $2}' passwd
找出第1个字段不等于cngrid的行,print其中的第1和第2个字段
ifconfig eth0 | grep -i mask | awk '{print $2}' | awk -F : '{print $2}'
ifconfig | grep -i mask | awk '{print $2}' | awk -F : '{print $2}'
awk -F : '$3 > 200' passwd 找出第3个字段大于200的行
awk -F : '$1 ~ /wzh/' passwd print第一个字段含wzh的那些行
BEGIN用来指明awk开始处理一个文件之前先执行一些action.BEGIN经常用来初始化数值,设置参数等.
END用来在文件处理完成后执行一些指令,一般用作总结或注释.
ls -l | awk '{x += $5} END {print "total bytes:" x}'
与bash scripts不同,在awk中,变量可以直接用,不必加$符号.
awk处理文件过程:
1.读入一行,将第一行信息填入$0,$1,$2..中
2.根据condition的限制,判断是否要进行后面的action
3.做完所有的condition和action
4.若还有后续的行,则重复1-3.直到处理完毕 awk以行为一次处理单位,以字段为最小的处理单位.
$ last | awk '{print $1 "\tlines:" NR "\tcolumns:" NF}'
root lines:1 columns:10
root lines:2 columns:10
reboot lines:3 columns:9
root lines:3 columns:10
root lines:4 columns:10
reboot lines:5 columns:9
awk '{nlines++} END {print nlines}' passwd 文件有多少行
awk '{print NR, $0}' passwd print每行内容,并在每行的前面加上行号
============================================ vim ==============================================
$ vimtutor
本行搜索: fx
重复删word: dw .
跳到第8行: 8G
设定行号 :set nu :set nonu
z Enter z- 将当前行置为屏幕第一最后行
H M L 光标到本屏首行 中间 最后
/string 向下搜 ?string 向上搜 n N 连续搜
u 取消操作 ctrl+r 反取消 :e 就u不回去了
ZZ 保存退出
一行太长行间移动光标,前面加g: gj gk
清空整个文件: gg -> dG
copy到行首行尾: ygg yG
0 $ 行首行尾 ^0 行首第一个非空字符
90i= 插入==========
不退出当前文件,暂时看另一个文档 :e /home/cngrid/unp.h ctrl+^ 来回切换
cursor放到要搜的中文上 -> / -> ctrl+r ctrl+w 就不用敲中文了 ctrl+r ctrl+a 搜的更长
ctrl + i ctrl + o 回溯
copy 多行: v -> j -> w d :100,146 w d
将第2行到第9行copy到第100行后 :2,9 co 100
将第2行到第9行move到第100行后 :2,9 m 100
copy 多列: ctrl+v
` ` 跳到上次光标停留的地方
恢复由于断电正在编辑的文件:vi -r ***
:r !date 将date命令内容加进来 :r !command
help 时连续TAB可以补齐, ctrl+d 列出所有匹配
:h ctrl-f
:h :e
:h ctrl TAB....
:help 查细节,进入退出subsection ctrl+] ctrl+t
.......
WHAT PREPEND EXAMPLE ~
Normal mode command (nothing) :help ZZ
Visual mode command v_ :help v_u
Insert mode command i_ :help i_<Esc>
Command-line command : :help :quit
Command-line editing c_ :help c_<Del>
Vim command argument - :help -r
Option ' :help 'textwidth'
.....
------------------------------------ insert mode -------------------------------------------
ctrl+y ctrl+e 按住别动 复制光标上行 下行的内容
ctrl+h 光标向前 ctrl+j 换行
ctrl x f 插入当前目录下的文件名
水平多窗 vi server.cpp :split client.cpp --> ctrl+w 切换
垂直多窗 :30 vsplit server.cpp
自动缩进,中文编码,代码折叠
vi ~/.vimrc
set autoindent
set shiftwidth=4
set cindent
set fileencodings=utf-8,gb2312,gb18030,gbk,big5
set foldmethod=indent
set foldlevel=100
J 连接两行
za 打开关闭当前折叠 zR zM 打开关闭所有折叠
copy整个函数: 先折叠再copy 或者 yv][
ctrl+n 自动补齐一个word ctrl+p 回到匹配前
ctrl+x ctrl+l 自动补line
* # 正向反向搜variable的定义处
~ 大小写切换 gugg guG 或者 ctr+v选中--> [u|U]
光标移动到库函数上,按“K”直接man,
[I 看光标所在字符的几处定义 [<TAB> ` ` 跳到变量第一次出现的位置,回来
:grep -r "addr {" /usr/include
:cope 打开quickfix窗口挨个看,ctrl+w 窗口切换
^ 跳到本行的第一个非空字符 - + 跳到上一行下一行第一个非空字符
gd 看该word定义
ga : display hex,ascii value of char under cursor
n>> n<< 以下n行缩进
ctrl+e ctrl+y 光标不动,屏幕上下滚
ctrl+g 本行所在百分比
xp 交换两个字符位置 ddp交换两行
[{ ]} 跳到本循环{ }处
[[ ]] 下一个函数的{ }处
快速注释多行: ctrl+v选中第1列--> I --> # --> ESC
copy文件source中 5行~10行 的内容到文件dest中: 5G -> mk 10G -> y'k -> :e dest -> p
recording,输入
1
2
3
.
.
.
1 -> ESC -> qq -> yyp -> ctrl+a -> q -> 100@q
Ctags
$ sudo ctags -R
$ vi -t task_struct ,ctrl+]跳入 ctrl+t跳回; 如果已经在vi里了就:tag task_struct
void *produce(void *arg); 把光标放在produce上,ctrl+]就跳到那里了, ctrl+t又跳回去.
在/usr/include/ /usr/local/src/linux-2.6.28/ 里面 grep, find配合 vi -t keyword 查找:
看宏展开: $ g++ -E -o a a.cpp && vi a 搜main
看依赖关系$ g++ -MM client.cpp server.cpp unp.cpp
valgrind检测malloc/free: # g++ -g -o a a.cpp && valgrind ./a
strace info cpp make objdump -d formatdb size program.out pmap pid
od -c /proc/$(pidof vim)/cmdline ps -o pid,ppid,stat,cmd,wchan
nm /usr/lib/purple-2/libfetion.so strip a Discard symbols from object files
ctrl+h ctrl+p ctrl+n
===============================================================================================
gdb 常用, 细节进去后 help all
l: list source code
n s : 不进入函数 进入函数
finish : 跳出函数
b serverprocess : 跳到serverprocess入口处
b *0x80483c3: set breakpoint at address 0x80483c3
b 705 --> c 在705行设置断点并跳到705行处
disable enable d 禁用 启用 删除 断点
disable 2 禁用2号断点
d 705: 删除705行处的断点
d : 删除所有断点
info break 看断点设置情况
跳出循环:
until 106 跳到比当前大的行那里
或者 b 5--> r ---> b 20 --> d 5 --> c
bt stack函数调用关系
静态数组直接 p arrayname
动态数组 p *arrayname@len
watch i: debug时,i值如果变化会有显示
info watch
d watch 2
set i=8 debug时,修改源代码也ok
p *(int *) 0xbffff890 print integer at address 0xbffff890
stepi: execute one instruction
stepi 4: execute four instructions
signal SIGINT 发送SIGINT, 不用ctrl+c
x/2w 0xbffff890 examine two(4 byte) words starting at address 0xbffff890
在i==(index-1)时让程序结束:
23 for (int i = 0; i > index; i++)
24 {
25 int m = 8;
26 ....
27 }
(gdb) b 24 if i==(index-1)
(gdb) c
make 不退出 gdb 就可以重新产生可执行文件.
shell 不离开 gdb 就执行 shell 命令.
先允许Linux生成core文件: vi /etc/profile 末尾加上 ulimit -c 1000000
$ gdb client core.***
(gdb) where
Wednesday, March 31, 2010
linuxer
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment