iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp –dport 8018 -j DNAT –to 192.168.1.138:8018
iptables -t nat -A POSTROUTING -d 192.168.1.138 -p tcp –dport 8018 -j SNAT –to 1.2.3.4
iptables 内网端口映射。
1条回复
月度归档:2010年09月
centos 关闭ipv6,很有思路的一篇文章。
mysql的datadir中的文件用途说明,网上收集,仅供参考
mysql的datadir文件分析说明:
1、ibdata1
这个文件超级大, 查了一下, 大概的作用如下
是储存的格式
INNODB类型数据状态下,
ibdata用来储存文件的数据
而库名的文件夹里面的那些表文件只是结构而已
由于mysql4.1默认试innodb,所以这个文件默认就存在了http://man.chinaunix.net/database/mysql/inonodb_zh/2.htm 这个链接试innodb的中文参考, innodb的东西可以在my.ini中设置
2、ib_logfileX
The ib_logfileX files are log files used by the innodb storage engine
mainly to rollback any uncommitted transactions so that the database
is in a consistent state after it recovers from a crash
大概的意思是ib_logfilex文件是innodb存储引擎使用的日志文件,用来回滚一些未提交的sql,
3、localhost-relay-bin.005759和localhost-relay-bin.index
默认情况,中继日志使用host_name-relay-bin.nnnnnn形 式的文件名,其中host_name是从服务器主机名,nnnnnn是 序列号。用连续序列号来创建连续中继日志文件,从000001开始。从服务器跟踪索引文件中目前正 使用的中继日志。 默认中继日志索引文件名为host_name-relay-bin.index。 默认情况,在从服务器的数据目录中创建这些文件。可以用–relay-log和–relay-log-index服 务器选项覆盖 默认文件名。参见6.8节,“复制启动选项”。
中继日志与二进制日志的格式相同,并且可以用mysqlbinlog读取。SQL线 程执行完中继日志中的所有事件并且不再需要之后,立即自动删除它。没有直接的删除中继日志的机制,因为SQL线程可以负责完 成。然而,FLUSH LOGS可以循环中继日志,当SQL线程删除日志时会有影响。
4、master.info和relay-log.info
从属复制服务器在数据目录中另外创建两个小文件。这些状态文件默认名为主master.info和relay-log.info。 它们包含SHOW SLAVE STATUS语句的输出所显示的信息(关于该语句的描述参见13.6.2节,“用 于控制从服务器的SQL语句”)。状态文件保存在硬盘上,从服务器关闭时不会丢失。下次从服务器启动时,读取这些文件 以确定它已经从主服务器读取了多少二进制日志,以及处理自己的中继日志的程度。
举例如下:
[root@localhost db]# cat master.info
14
localhost-bin.000007
132857066
192.168.0.1
dbuser
pw
3306
60
0
[root@localhost db]# cat relay-log.info
/home/db/localhost-relay-bin.005944
239
localhost-bin.000007
132857066
7066
apache给目录添加验证
首先说明:
加验证为解决的问题,也就是加验证的目的,现在很多网站被注入,程序漏洞是一方面,在黑客注入的过程中,利用网站的后台上传木马是很关键的一步,很多程序,前台很安全,后台因为有密码验证,所以,安全会差点,而且,后台可以上传图片,发布文章,少稍不注意,就会被上传webshell,所以,黑客如果没有拿到网站后台,上传木马其实还是很困难的。
apache中文官方手册里面加authtype basic的过程(金步国翻译的),参考链接:http://www.souzz.net/online/apachemanual/howto/auth.html
认证是指任何识别用户身份的过程,以允许特定的用户访问特定的区域或信息。
相关模块和指令
| 相关模块 | 相关指令 |
|---|---|
一个老外的my.cnf的配置,很有价值参考,呵呵
HOWTO: configure MySQL’s my.cnf file
UPDATE: I recently used this MySQL tuner script, I basically went with what it told me, but I’m using a higher query_cache_size than it recommends, basically because I don’t see anything online saying it will hurt things. So I’m now using the following values on my server:
[mysqld]
user=mysql
bind-address=127.0.0.1
datadir=/var/lib/mysql
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysql/mysql.sock
port=3306
tmpdir=/tmp
language=/usr/share/mysql/english
skip-external-locking
query_cache_limit=64M
query_cache_size=32M
query_cache_type=1
max_connections=15
max_user_connections=300
interactive_timeout=100
wait_timeout=100
connect_timeout=10
thread_stack=128K
thread_cache_size=128
myisam-recover=BACKUP
key_buffer=64M
join_buffer=1M
max_allowed_packet=32M
table_cache=512M
sort_buffer_size=1M
read_buffer_size=1M
read_rnd_buffer_size=768K
max_connect_errors=10
thread_concurrency=4
myisam_sort_buffer_size=32M
skip-locking
skip-bdb
expire_logs_days=10
max_binlog_size=100M
server-id=1
[mysql.server]
user=mysql
basedir=/usr
[safe_mysqld]
bind-address=127.0.0.1
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit=8192
SAFE_MYSQLD_OPTIONS=”–defaults-file=/etc/my.cnf –log-slow-queries=/var/log/slow-queries.log”
[mysql]
[isamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M
[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M
[mysqlhotcopy]
interactive-timeout
max_heap_table_size = 64 M
tmp_table_size = 64 M
!includedir /etc/mysql/conf.d/I’ve gone back and forth over the years configuring MySQL for optimal performance, and while I know I’m not there, I now have a new baseline to build from. From a post called Standard MYSQL my.cnf configuration, you can see all the base information, but also things like:
key_buffer=256M # 64M for 1GB, 128M for 2GB, 256 for 4GBWhich defines the value (256M) but then spells out ideal base values for you to start with if you have more RAM on your system. This is very helpful, I’m tried to go a step further by combining it with Debian’s default my.cnf that comes on 5.0 (lenny) for MySQL 5. As I’m always open for suggestions for improvements, please comment if you have a different view on these choices, thanks. Here it is:
[client]
socket=/var/run/mysqld/mysqld.sock
port=3306
[mysqld_safe]
socket=/var/run/mysqld/mysqld.sock
nice=0
[mysqld]
user=mysql
bind-address=127.0.0.1
datadir=/var/lib/mysql
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysql/mysql.sock
port=3306
tmpdir=/tmp
language=/usr/share/mysql/english
skip-external-locking
query_cache_limit=1M
query_cache_size=32M
query_cache_type=1
max_connections=3000
max_user_connections=600
interactive_timeout=100
wait_timeout=100
connect_timeout=10
thread_stack=128K
thread_cache_size=128
myisam-recover=BACKUP
#key_buffer – 64M for 1GB, 128M for 2GB, 256 for 4GB
key_buffer=64M
#join_buffer_size – 1M for 1GB, 2M for 2GB, 4M for 4GB
join_buffer=1M
max_allowed_packet=32M
table_cache=1024
#sort_buffer_size – 1M for 1GB, 2M for 2GB, 4M for 4GB
sort_buffer_size=1M
#read_buffer_size – 1M for 1GB, 2M for 2GB, 4M for 4GB
read_buffer_size=1M
#read_rnd_buffer_size – 768K for 1GB, 1536K for 2GB, 3072K for 4GB
read_rnd_buffer_size=768K
max_connect_errors=10
thread_concurrency=4
#myisam_sort_buffer_size – 32M for 1GB, 64M for 2GB, 128 for 4GB
myisam_sort_buffer_size=32M
skip-locking
skip-bdb
expire_logs_days=10
max_binlog_size=100M
server-id=1
[mysql.server]
user=mysql
basedir=/usr
[safe_mysqld]
bind-address=127.0.0.1
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit=8192
SAFE_MYSQLD_OPTIONS=”–defaults-file=/etc/my.cnf –log-slow-queries=/var/log/slow-queries.log”
#[mysqldump]
#quick
#quote-names
#max_allowed_packet=16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
#key_buffer – 64M for 1GB, 128M for 2GB, 256M for 4GB
key_buffer=64M
#sort_buffer – 64M for 1GB, 128M for 2GB, 256M for 4GB
sort_buffer=64M
#read_buffer – 16M for 1GB, 32M for 2GB, 64M for 4GB
read_buffer=16M
#write_buffer – 16M for 1GB, 32M for 2GB, 64M for 4GB
write_buffer=16M
[myisamchk]
#key_buffer – 64M for 1GB, 128M for 2GB, 256M for 4GB
key_buffer=64M
#sort_buffer – 64M for 1GB, 128M for 2GB, 256M for 4GB
sort_buffer=64M
#read_buffer – 16M for 1GB, 32M for 2GB, 64M for 4GB
read_buffer=16M
#write_buffer – 16M for 1GB, 32M for 2GB, 64M for 4GB
write_buffer=16M
[mysqlhotcopy]
interactive-timeout
!includedir /etc/mysql/conf.d/
mysql的my.cnf选项
table_cache更改为table_open_cache选项,5.1.3以后的版本更改了,不过貌似写了table_cache = 500也是起作用的,hoho
wget 脚本常用选项
wget -c url 支持断点续传
wget -c http://www.hardwork.cn/1.rar
wget -P 把文件存储在哪个位置
wget -P /usr/local/src https://www.hardwork.cn/1.rar
wget –http-user=name –http-password=pw url
wget –http-user=software –http-password=123456 https://www.hardwork.cn/1.rar
如果页面有验证,使用http-user和http-password做验证
wget 代理服务器设置,在root目录下建立.wgetrc文件,里面写入代理服务器地址即可
例如:.wgetrc
http-proxy = 70.20.196.10:8080
http-proxy = 144.1140.162.6:80
http-proxy = 206.220.88.36:80
rpc.statd,portmap等服务
tcp 0 0 0.0.0.0:867 0.0.0.0:* LISTEN 2805/rpc.statd 可以停(如果不用nfs)
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2786/portmap 可以停(如果不用nfs,portmap
就如同剛剛提的到,我們的 NFS 其實可以被視為一個 RPC 程式,而要啟動任何一個 RPC 程式之前,我們都需要做好 port 的對應 (mapping) 的工作才行,這個工作其實就是『 portmap 』這個服務所負責的!也就是說, 在啟動任何一個 RPC server 之前,我們都需要啟動 portmap 才行!)
tcp 0 0 0.0.0.0:2102 0.0.0.0:* LISTEN 29924/mysqld
tcp 0 0 222.222.222.222:111 222.222.222.221:58557 ESTABLISHED 2786/portmap
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3029/vsftpd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 23339/cupsd 可以停(打印服务,除了cups外还有一个lpr也是打印服务)
tcp 0 0 0.0.0.0:2583 0.0.0.0:* LISTEN 3177/perl mon监控(可能是在监控服务器的状态)
tcp 0 0 :::22 :::* LISTEN 3004/sshd
tcp 0 0 ::ffff:222.222.222.222 ::ffff:222.222.222.222:50122 ESTABLISHED 20767/0
linux下的一些服务
sort -u -k 7n port.txt,netstat -anpt >> port.txt
[root@adp ~]# sort -u -k 7n port.txt
tcp 0 0 222.222.222.222:80 60.21.136.42:52059 SYN_RECV –
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2786/portmap
tcp 0 0 0.0.0.0:867 0.0.0.0:* LISTEN 2805/rpc.statd
tcp 0 0 :::22 :::* LISTEN 3004/sshd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3029/vsftpd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3048/sendmail: acce
tcp 0 0 0.0.0.0:2583 0.0.0.0:* LISTEN 3177/perl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 16959/adpmain
tcp 0 0 ::ffff:222.73.23.24:22 ::ffff:119.57.32.69:50122 ESTABLISHED 20767/0
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 23339/cupsd
tcp 0 0 0.0.0.0:2102 0.0.0.0:* LISTEN 29924/mysqld
openssl的编译
问题:编译nrpe的时候,提示libssl找不到,但是inc文件可以找到,已经编译了openssl,并且成功,但就是找不到libssl
出错信息如下:
checking for socklen_t… yes
checking for type of socket size… size_t
checking for SSL headers… SSL headers found in /home/system/nagios
checking for SSL libraries… configure: error: Cannot find ssl libraries
解决:
ldconfig
ld.so.conf添加路径,还是失败
PKG_CONFIG_PATH路径添加,失败
DYLD_LIBRARY_PATH路径添加,失败
没辙了,后来再网上搜到这篇文章:
http://support.nagios.com/knowledgebase/faqs/index.php?option=com_content&view=article&id=52&catid=35&faq_id=449&expand=false&showdesc=true
说明了解决办法,如果e文不好,那么我解释一句,可能您就明白了
then Ok, but with some Openssl packages, the default is to build archive libraries. Shareable libraries must be explicitly asked with a configure option, –enable-shared. Or some developpers don’t wish to use a .so variant and prefer static linkage.
大概的意思是说,openssl这个包,默认的会编译出“存档库”,如果希望编译为“共享库”,需要在编译的时候添加enable-shared的选项,一些开发人员不喜欢使用.so的变体,更喜欢prefer static linkage,
呵呵,明白了,重新编译openssl,添加enable-shared选项,即可解决。
这是我编译openssl的选项:
./config –prefix=/home/system/nagios/ enable-shared –openssldir=/home/system/nagios/openssl