夜行人 » Linux

Linux下根据模块名查看网卡驱动版本

admin — Tue, 25 Oct 2011 05:15:45 +0000

例如我们要查看博通网卡的驱动版本，如果该机器上刚好是博通的网卡，最简单的方法就是
ethtool -i eth0

但如果我们所查看的机器用的不是博通的网卡，则可以通过以下方法查看
我们知道博通网卡的驱动文件名叫bnx2.ko
我们查找下bnx2.ko的位置
updatedb
locate bnx2.ko
结果如下
/lib/modules/2.6.32-71.el6.x86_64/kernel/drivers/net/bnx2.ko
查看驱动详细情况
modinfo /lib/modules/2.6.32-71.el6.x86_64/kernel/drivers/net/bnx2.ko
以下信息中，version记录就是我们的网卡驱动版本，是2.0.8-j15

filename: /lib/modules/2.6.32-71.el6.x86_64/kernel/drivers/net/bnx2.ko
firmware: bnx2/bnx2-rv2p-09ax-5.0.0.j10.fw
firmware: bnx2/bnx2-rv2p-09-5.0.0.j10.fw
firmware: bnx2/bnx2-mips-09-5.0.0.j15.fw
firmware: bnx2/bnx2-rv2p-06-5.0.0.j3.fw
firmware: bnx2/bnx2-mips-06-5.0.0.j6.fw
version: 2.0.8-j15
license: GPL
description: Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver
author: Michael Chan
srcversion: 8CDA41B3E0DF70A112FBA80
alias: pci:v000014E4d0000163Csv*sd*bc*sc*i*
alias: pci:v000014E4d0000163Bsv*sd*bc*sc*i*
alias: pci:v000014E4d0000163Asv*sd*bc*sc*i*
alias: pci:v000014E4d00001639sv*sd*bc*sc*i*
alias: pci:v000014E4d000016ACsv*sd*bc*sc*i*
alias: pci:v000014E4d000016AAsv*sd*bc*sc*i*
alias: pci:v000014E4d000016AAsv0000103Csd00003102bc*sc*i*
alias: pci:v000014E4d0000164Csv*sd*bc*sc*i*
alias: pci:v000014E4d0000164Asv*sd*bc*sc*i*
alias: pci:v000014E4d0000164Asv0000103Csd00003106bc*sc*i*
alias: pci:v000014E4d0000164Asv0000103Csd00003101bc*sc*i*
depends:
vermagic: 2.6.32-71.el6.x86_64 SMP mod_unload modversions
parm: disable_msi:Disable Message Signaled Interrupt (MSI) (int)

Nginx递归限制访问同名目录

admin — Fri, 25 Mar 2011 13:30:38 +0000

Nginx根目录是/opt/www

假如
/opt/www/a/x
/opt/www/a/d/x
/opt/www/b/x
如果配置可以禁止访问所有的x目录？

找到了
location ~ ^(.*)\/\x\/{ deny all;}

Linux下SecureCRT的替代品：PAC Manager

admin — Fri, 04 Mar 2011 16:21:36 +0000

在windows下管理linux服务器，经常用的是securecrt，它主要特性有

1、标签式管理
2、标签可以克隆，方便在不同标签完成不同工作
3、服务器列表支持分类
4、缓存key的 passphrase，只需要输入一次，后续使用该key的服务器访问都不需要再输入
5、Forward agent.

大家通过用securecrt登录到2台服务器，2台服务器上都有自己的key，这时，2台服务器上不需要额外的设置即可以相互scp文件，这个过程用的就是 SSH的Forward agent特性，它把认证进行转发。

而我们在linux下管理linux，比较常用的是gnome terminal，这个与securecrt比起来，未免太原始了，敲命令，敲到手抽筋，最近在网上找securecrt的替代工具，竟然在WOW！Ubuntu上找到了PAC Manager 。

http://wowubuntu.com/pac-254.html

它主要特性：
1、标签式管理
2、标签可以克隆，方便在不同标签完成不同工作
3、服务器列表支持分类
4、Forward agent（这个可以通过PAC本身的配置实现，有可以通过修改/etc/ssh/ssh_config的配置来实现）.

对比下可以看到，PAC Manager不支持缓存passphrase，这意味着，你每登录一台服务器，你都需要输入一次你key的 passphrase，但这个可以通过修改系统配置来达到.

我在ubuntu 10.10上安装了，下面先来做简单介绍

下面说下PAC Manager的图形化操作
添加组：
PAC窗口左上角“GROUP”显示的是组信息，点击添加可以新建分组

左下角是添加服务器列表，点击添加可以添加服务器信息

填好IP，用户名和密码等，如果是用key登录，密码留空即，再指定key的位置

"Edit connection" -> "Connections Properties" -> "Advanced Options":

-o "IdentityFile=/path/to/my_private_key_file"

如果想登录2台服务器，可以相互scp文件，则需要在“CONNECTION PROPERTIES”里把“Forward Agent”选上。

这样就可以进行连接了

每台服务器都需要指定key，这个未免太麻烦了，另外有些服务器需要使用另一个key，而且每次使用key登录服务器，都需要输入key的passphrase，为解决这个问题，我们只要把要用到的private key都交给ssh-agent来进行管理，，每个key只需要输入一次passphrase，后面的登录，就不用输入密码了。

ssh-agent 是个管理 private key 的 passphrase 的工具，启动
ssh-agent
添加需要被ssh-agent管理的key，假设你的private key名是id_rsa
ssh-add id_rsa
此时需要输入一次 private key 的 passphrase ，输入正确后，passphrase 就归 ssh-agent 管理，往后的 ssh 操作，就不需要询问 passphrase 了

ssh-add -l 可以看到现有托管的key

PAC Manager的配置文件保存在/home/user/.pac/pac.yml
如果有大量服务器需要添加，可以写脚本，直接生成配置文件放到/home/user/.pac/pac.yml

syslog记录history历史记录

admin — Thu, 06 Jan 2011 13:32:04 +0000

工作中可能会有无聊的黑客在你服务器上转悠，黑客智商都不错，所有离开的时候就会删除history记录。怎么办才能记录下用户的历史记录呢？
原理：将history记录到syslog上面，并实时的传送到了远端的日志集中服务器上。

方法：使用bash4.1的新功能：历史命令保存到syslog！然后使用syslog-ng构建集中型日志服务器收集主机日志。

1、下载bash：
#wget http://ftp.gnu.org/gnu/bash/bash-4.1.tar.gz
#tar zxvf bash-4.1.tar.gz –C /tmp/bash-4.1
#cd /tmp/bash-4.1

2、修改源码

(根据个人需要，我只保留了pid，uid，sid等，参数请看目录下的shell.c中)：
文件bashhist.c大约708行的位置开始，修改成以下一段：

syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d PPID=%d SID=%d User=%s CMD=%s", getpid(), getppid(), getsid(getpid()), current_user.user_name, line);
else
{
strncpy (trunc, line, SYSLOG_MAXLEN);
trunc[SYSLOG_MAXLEN - 1] = '\0';
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d PPID=%d SID=%d User=%s CMD=%s", getpid(), getppid(), getsid(getpid()), current_user.user_name, trunc);
}
注：
ppid：跟踪sh切换后的用户
Sid：跟踪 su 切换后的用户
第二段代表log长度超过600后使用的语句
修改config-top.h文件

/*#define SYSLOG_HISTORY*/
修改为
#define SYSLOG_HISTORY
编译安装
# ./configure --prefix=/usr/local/bash_4.1 && make && make install
修改用户配置：
将用户的bash换成现在的bash4.1
# vi /etc/passwd
dongwm:x:501:501::/home/dongwm:/usr/local/bash_4.1/bin/bash
这样日志就会记在/var/log/messages
结果类似这样：

Dec 23 17:40:28 server -bash: HISTORY: PID=4089 PPID=4088 SID=4089 User=dongwm CMD=exit
Dec 23 17:41:47 server -bash: HISTORY: PID=4282 PPID=4278 SID=4282 User=root CMD=exit
Dec 23 17:41:53 server -bash: HISTORY: PID=4321 PPID=4317 SID=4321 User=root CMD=ssh java00
Dec 23 17:44:09 server -bash: HISTORY: PID=2152 PPID=2137 SID=2152 User=root CMD=vi Clean_javalog.sh
Dec 23 17:45:16 server -bash: HISTORY: PID=2152 PPID=2137 SID=2152 User=root CMD=sh Clean_javalog.sh
Dec 23 17:45:30 server -bash: HISTORY: PID=2152 PPID=2137 SID=2152 User=root CMD=cat /dev/shm/cleanJavaLog.log
Dec 23 17:46:08 server -bash: HISTORY: PID=2152 PPID=2137 SID=2152 User=root CMD=vi Clean_javalog.sh
Dec 23 17:48:54 server -bash: HISTORY: PID=2152 PPID=2137 SID=2152 User=root CMD=cat Clean_javalog.sh

......
在整个环境布置了记录功能，就能方便的查出来谁-在何时，用什么账号，做了什么操作...

3、主机syslog配置（添加日志服务器的地址）
# vi /etc/syslog.conf

在最后添加一列：
*.* @server.dongwm.com

4、搭建日志服务器
请参看：http://wenku.baidu.com/view/c3bb49c58bd63186bcebbc7a.html

转载自:http://salogs.com/2010/12/syslog%E8%AE%B0%E5%BD%95history%E5%8E%86%E5%8F%B2%E8%AE%B0%E5%BD%95/

Python处理keepass导出的xml文件

admin — Mon, 20 Dec 2010 13:23:49 +0000

用keepass管理密码现在有员工需要将用户名和密码导出来格式如下 username password 我觉得最难的地方是根据Value取出来的list中，有空值，如果是空值，取其值或者类型时，都会提示 “AttributeError:...

调查服务器响应时间的利器 tcprstat

admin — Fri, 17 Dec 2010 05:05:05 +0000

我们在做服务器程序的时候，经常要知道一个请求的响应时间，借以优化或者定位问题。通常的做法是在代码里面加入日志计算时间，这个方法有问题，时间不准确。因为数据从网卡到应用程序，从应用到网卡的时间没有被计算在内。而且这个时间随着系统的负载有很大的变化。
那同学说，我wireshark, tcpdump抓包人肉统计不行吗。可以的，只不过我会很同情你，此举需要耐心且不具可持续性。所以我们希望有个工具能够最少费力的做这个事情。

这时候来自percona的tcprstat来救助了！这个工具原本开发用来调查mysqld的性能问题，所以不要奇怪它的默认端口是3306, 但是我们可以用这个工具来调查典型的request->response类型的服务器。

什么是tcprstat:

tcprstat is a free, open-source TCP analysis tool that watches network traffic and computes the delay between requests and responses. From this it derives response-time statistics and prints them out. The output is similar to other Unix -stat tools such as vmstat, iostat, and mpstat. The tool can optionally watch traffic to only a specified port, which makes it practical for timing requests and responses to a single daemon process such as mysqld, httpd, memcached, or any of a variety of other server processes.

文档很详细：请参考： http://www.percona.com/docs/wiki/tcprstat:start

不愿意编译的同学直接从这里下载64位系统的编译好的二进制： http://github.com/downloads/Lowercases/tcprstat/tcprstat-static.v0.3.1.x86_64

源码编译也挺容易的：由于它自带libpcap包，这个包有可能在configure的时候没认识好netlink, 只要把config.h里面的netlink那个define注释掉就好。

编译好了，典型使用很简单：

# tcprstat -p 3306 -t 1 -n 5
timestamp count max min avg med stddev 95_max 95_avg 95_std 99_max 99_avg 99_std
1283261499 1870 559009 39 883 153 13306 1267 201 150 6792 323 685
1283261500 1865 25704 29 578 142 2755 889 175 107 23630 333 1331
1283261501 1887 26908 33 583 148 2761 714 176 94 23391 339 1340
1283261502 2015 304965 35 624 151 7204 564 171 79 8615 237 507
1283261503 1650 289087 35 462 146 7133 834 184 120 3565 244 358

但是这个tcprstat在bonding的网卡下有点问题：

# /sbin/ifconfig
bond0 Link encap:Ethernet HWaddr A4:BA:DB:28:B5:AB
inet addr:10.232.31.19 Bcast:10.232.31.255 Mask:255.255.255.0
inet6 addr: fe80::a6ba:dbff:fe28:b5ab/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:19451951688 errors:0 dropped:4512 overruns:0 frame:0
TX packets:26522074966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6634368171533 (6.0 TiB) TX bytes:32576206882863 (29.6 TiB)
…
# tcprstat -p 3306 -t 1 -n 5
pcap: SIOCGIFFLAGS: bonding_masters: No such device

解决方案是:

# sudo tcprstat -p 3306 -t 1 -n 0 -l `/sbin/ifconfig | grep ‘addr:[^ ]\+’ -o | cut -f 2 -d : | xargs echo | sed -e ’s/ /,/g’`

在典型满负载的mysql服务器上抓包的开销是：

26163 root 18 0 104m 5304 4696 S 18.3 0.0 49:47.58 tcprstat

用IP方式，而不是网络接口方式搞定。

祝大家玩的开心。

转载自：http://rdc.taobao.com/blog/cs/?p=728

Linux下杀僵尸进程办法

admin — Fri, 10 Dec 2010 03:09:01 +0000

1) 检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

175

# top | head -2

top - 15:05:54 up 97 days, 23:49, 4 users, load average: 0.66, 0.45, 0.39

Tasks: 829 total, 1 running, 479 sleeping, 174 stopped, 175 zombie

# ps -ef | grep defunct | grep -v grep

2) 获得杀僵尸进程语句

# ps -ef | grep defunct | grep -v grep | awk '{print "kill -9 " $2,$3}'

执行上面获得的语句即可, 使用信号量9, 僵尸进程数会大大减少.

3) 过一会儿检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

125

# top | head -2

top - 15:29:26 up 98 days, 12 min, 7 users, load average: 0.27, 0.54, 0.56

Tasks: 632 total, 1 running, 381 sleeping, 125 stopped, 125 zombie

发现僵尸进程数减少了一些, 但还有不少啊.

4) 再次获得杀僵尸进程语句

# ps -ef | grep defunct | grep -v grep | awk '{print "kill -18 " $3}'

执行上面获得的语句即可, 这次使用信号量18杀其父进程, 僵尸进程应该会全部消失.

5) 过一会儿再检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

# top | head -2

top - 15:39:46 up 98 days, 23 min, 7 users, load average: 5.46, 2.20, 1.12

Tasks: 134 total, 1 running, 133 sleeping, 0 stopped, 0 zombie

6) 清除ZOMBIE(僵尸)进程原理

# kill -18 PPID

PPID是其父进程, 这个信号是告诉父进程, 该子进程已经死亡了, 请收回分配给他的资源. 如果还不行则看先看其父进程又无其他子进程, 如果有, 可能需要先kill其他子进程, 也就是兄弟进程.

方法是:

# kill -15 PID1 PID2

PID1,PID2是僵尸进程的父进程的其它子进程.

然后再kill父进程:

# kill -15 PPID

--End--

How to: Linux / UNIX Delete or Remove Files With Inode Number

admin — Tue, 16 Nov 2010 04:59:53 +0000

An inode identifies the file and its attributes such as file size, owner, and so on. A unique inode number within the file system identifies each inode. But, why to delete file by an inode number? Sure, you can use rm command to delete file. Sometime accidentally you creates filename with control characters or characters which are unable to be input on a keyboard or special character such as ?, * ^ etc. Removing such special character filenames can be problem. Use following method to delete a file with strange characters in its name:

Please note that the procedure outlined below works with Solaris, FreeBSD, Linux, or any other Unixish oses out there:

Find out file inode
First find out file inode number with any one of the following command:

stat {file-name}

ls -il {file-name}

Use find command to remove file:
Use find command as follows to find and remove a file:

find . -inum [inode-number] -exec rm -i {} \;

When prompted for confirmation, press Y to confirm removal of the file.

Delete or remove files with inode number
Let us try to delete file using inode number.

(a) Create a hard to delete file name:
$ cd /tmp
$ touch "\+Xy \+\8"
$ ls
(b) Try to remove this file with rm command:
$ rm \+Xy \+\8

781956 drwx------ 3 viv viv 4096 2006-01-27 15:05 gconfd-viv
781964 drwx------ 2 viv viv 4096 2006-01-27 15:05 keyring-pKracm
782049 srwxr-xr-x 1 viv viv 0 2006-01-27 15:05 mapping-viv
781939 drwx------ 2 viv viv 4096 2006-01-27 15:31 orbit-viv
781922 drwx------ 2 viv viv 4096 2006-01-27 15:05 ssh-cnaOtj4013
781882 drwx------ 2 viv viv 4096 2006-01-27 15:05 ssh-SsCkUW4013
782263 -rw-r--r-- 1 viv viv 0 2006-01-27 15:49 \+Xy \+\8Note: 782263 is inode number.

(d) Use find command to delete file by inode:
Find and remove file using find command, type the command as follows:
$ find . -inum 782263 -exec rm -i {} \;
Note you can also use add \ character before special character in filename to remove it directly so the command would be:
$ rm "\+Xy \+\8"
If you have file like name like name "2005/12/31" then no UNIX or Linux command can delete this file by name. Only method to delete such file is delete file by an inode number. Linux or UNIX never allows creating filename like 2005/12/31 but if you are using NFS from MAC OS or Windows then it is possible to create a such file.

转载自：http://www.cyberciti.biz/tips/delete-remove-files-with-inode-number.html

Linux : How to delete file securely

admin — Tue, 16 Nov 2010 04:55:14 +0000

Recently we had lot of discussion regarding this issue. How to remove files securely so that it cannot be undeleted. Peter Gutmann paper "Secure Deletion of Data from Magnetic and Solid-State Memory" has very good information. Here are some commands/tools available under Debian GNU/Linux (it should work with other Linux distributions) to delete file securely.

srm: Securely remove files or directories
This command is a replacement for rm command. It works under Linux/BSD/UNIX-like OSes. It removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undelete or recovering any information about the file from the command line. Because it does lots of operation on file/directory for secure deletion, it also takes lot of time to remove it. Download srm from http://sourceforge.net/projects/srm (RPM file is also available for RPM based Linux distributions)

i) Untar and install the srm:

# ./configure
# make
# make install ii) How to use srm?
srm syntax is like rm command. Read man srm. Here is simple example:

$ srm privateinfo.docwipe: It is a secure file wiping utility
Download wipe from http://wipe.sourceforge.net/
i) Untar and install the wipe

# ./configure
# make
# make installii) How to use wipe?

$ wipe filenameRead man page of wipe for information.

shred: Delete a file securely, first overwriting it to hide its contents.
It is available on most of Linux distributions including Debian GNU/Linux. To remove file called personalinfo.tar.gz :

$ shred -n 200 -z -u personalinfo.tar.gzWhere,

-n: Overwrite N (200) times instead of the default (25)
-z: Add a final overwrite with zeros to hide shreddin
-u: Truncate and remove file after overwriting
Read the man page of shred(1) for more information. Most of these utilities are not effective (read as useless) only if :

File system is log-structured or journaled filesystems, such as JFS, ReiserFS, XFS, Ext3 etc
Your filesystems is RAID-based, compressed filesystem etc
In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed by these utilities.
See also:

Delete (remove) files with inode number - to remove special character filename

转载自：http://www.cyberciti.biz/tips/linux-how-to-delete-file-securely.html

HOW-TO:X11 forwarding using ssh, SecureCRT and Xming

admin — Wed, 03 Nov 2010 03:56:35 +0000

1. Linux Server's IP:192.168.1.100

2. Install Desktop Enviroment on server

2.1 List software group
yum grouplist

2.2 Install Gnome
yum groupinstall "GNOME Desktop Environment"

2.3 The server can run in level 3 or level 5.By default,OPENSSH enable X11 forward,make sure your /etc/ssh/sshd_config on "X11 forward" look like

X11Forwarding yes

3. Configure Linux client which must run in level 5

3.1 login in the server
[root@client ~]# ssh -X username@192.168.1.100

the output should contain DISPLAY
[root@server_192.168.1.100 ~]# env |grep -i DISPLAY
DISPLAY=localhost:10.0

[root@server_192.168.1.100 ~]# xclock

If you can see a clock,it means that the X11 forward is successful.

4. Configure Windows client
4.1 Install X server : Xming and launch it.
4.2 Install a ssh client,such as SecureCRT,putty.
4.3 Configure SecureCRT
Options--Session Options--Connection--Port Forward--Remote/X11
enable Forward X11 packets,click ok,Connect to the server 192.168.1.100,after login in,also type "env |grep -i DISPLAY" to make sure the desktop enviroment is ok.

type xclock,you will see a clock.