一般人常有習慣針對網頁目錄做備份,為了方便,於是先將它tar起來或者是尾巴加些日期關鍵字, 但是仍暴露於網頁路徑下,而造成備份檔有可能被下載或者是php原始碼可以直接瀏覽。 利用find指令找出這些檔案,切換到網頁路徑下執行 # find . -name "*.tar*" -or -name "*.gz.*" -or -name "*.php*" -or -name "*.bak*" 參考來源:
- 10月 05 週日 200810:55
find指令技巧
- 7月 31 週四 200823:49
/etc/make.conf設定
MASTER_SITE_BACKUP?= \
ftp://ftp.cs.pu.edu.tw/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.nctu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
ftp://ftp.cs.pu.edu.tw/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.nctu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
- 6月 16 週一 200811:50
IEEE_802.1q
http://www.internetworkpro.org/wiki/IEEE_802.1q
- 4月 20 週日 200821:16
zfs v.s. ufs測試
硬碟:seagate 36G(SCSI,10000 rpm) 測試工具:blogbench
UFS:root@bsd:/usr/ports/benchmarks/blogbench# blogbench -d /test_dir/Frequency = 10 secs
Scratch dir = [/test_dir/]
Spawning 3 writers...
Spawning 1 rewriters...
Spawning 5 commenters...
Spawning 100 readers...
Benchmarking for 30 iterations.
The test will run during 5 minutes.
UFS:root@bsd:/usr/ports/benchmarks/blogbench# blogbench -d /test_dir/Frequency = 10 secs
Scratch dir = [/test_dir/]
Spawning 3 writers...
Spawning 1 rewriters...
Spawning 5 commenters...
Spawning 100 readers...
Benchmarking for 30 iterations.
The test will run during 5 minutes.
- 4月 20 週日 200820:57
solaris 10上patch後,NIS不能改密碼
# yppasswd user
New Password:
Re-enter new Password:
Permission denied
You might also find something like this in the debug log: Jul 23 08:45:06 nismaster yppasswdd[162]: [ID 467562 auth.error] yppasswdd: user someuser: does not existSolution
You match the following conditions:
New Password:
Re-enter new Password:
Permission denied
You might also find something like this in the debug log: Jul 23 08:45:06 nismaster yppasswdd[162]: [ID 467562 auth.error] yppasswdd: user someuser: does not existSolution
You match the following conditions:
- 2月 22 週五 200823:48
jpgraph參考網站
JPGraph doc & manual
http://doc.async.com.br/jpgraph/html
JPGraph Tutorial
http://www.binnendijk.net/jpgraph/index.php?page=3d_pie_1
http://www.pafis.shh.fi/reference/manuals/jpgraph/docs/
- 2月 22 週五 200819:42
PF錯誤訊息
# pfctl -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
*表示interface填錯了,檢查看看
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
*表示interface填錯了,檢查看看
- 12月 07 週五 200715:13
用pf防止ssh、ftp暴力攻擊
1.在/etc/pf.conf加入底下規則
table <SSHbruteforce> persist
table <FTPbruteforce> persist
block quick from <SSHbruteforce>
block quick from <FTPbruteforce>
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_fileecho " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
table <SSHbruteforce> persist
table <FTPbruteforce> persist
block quick from <SSHbruteforce>
block quick from <FTPbruteforce>
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_fileecho " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
- 12月 03 週一 200720:13
postfix寄信到hotmail等等問題
常常寄信到外部ISP都會寄不出去,而有的又可以
可能對方主機判斷DNS沒有MX紀錄,而認為是垃圾信
postfix在main.cf內加上
relayhost = [ms25.hinet.net]
請有MX的郵件主機幫忙relay,前提是要對方接受relay
- 11月 03 週六 200717:59
PHP whois api
想用php做一個查詢ip位置,找到這個api可用
http://www.nott.org/blog/php-whois-script.html
http://www.nott.org/blog/php-whois-script.html
System (3)