寻觅生命中的那一片浅草......

发布者 夜行人

Linux : How to delete file securely

2010年11月16日 写评论 作者 夜行人

Recently we had lot of discussion regarding this issue. How to remove files securely so that it cannot be undeleted. Peter Gutmann paper “Secure Deletion of Data from Magnetic and Solid-State Memory” has very good information. Here are some commands/tools available under Debian GNU/Linux (it should work with other Linux distributions) to delete file securely.

srm: Securely remove files or directories
This command is a replacement for rm command. It works under Linux/BSD/UNIX-like OSes. It removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undelete or recovering any information about the file from the command line. Because it does lots of operation on file/directory for secure deletion, it also takes lot of time to remove it. Download srm from http://sourceforge.net/projects/srm (RPM file is also available for RPM based Linux distributions)

i) Untar and install the srm:

# ./configure
# make
# make install ii) How to use srm?
srm syntax is like rm command. Read man srm. Here is simple example:

$ srm privateinfo.docwipe: It is a secure file wiping utility
Download wipe from http://wipe.sourceforge.net/
i) Untar and install the wipe

# ./configure
# make
# make installii) How to use wipe?

$ wipe filenameRead man page of wipe for information.

shred: Delete a file securely, first overwriting it to hide its contents.
It is available on most of Linux distributions including Debian GNU/Linux. To remove file called personalinfo.tar.gz :

$ shred -n 200 -z -u personalinfo.tar.gzWhere,

-n: Overwrite N (200) times instead of the default (25)
-z: Add a final overwrite with zeros to hide shreddin
-u: Truncate and remove file after overwriting
Read the man page of shred(1) for more information. Most of these utilities are not effective (read as useless) only if :

File system is log-structured or journaled filesystems, such as JFS, ReiserFS, XFS, Ext3 etc
Your filesystems is RAID-based, compressed filesystem etc
In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed by these utilities.
See also:

Delete (remove) files with inode number – to remove special character filename

转载自:http://www.cyberciti.biz/tips/linux-how-to-delete-file-securely.html

Linux, Security
,

让OpenVZ 更加好支持iptables

2010年11月15日 写评论 作者 夜行人

在硬件节点内修改iptables挂载模组

vim /etc/sysconfig/iptables-config

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

vim /etc/sysconfig/vz

IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

重新启动VZ服务

service vz restart

放行更加多的iptables 条目

# vzctl set $CTID –numiptent 400 –save

vzctl enter $CTID

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -I INPUT -j ACCEPT -m state –state ESTABLISHED,RELATED
iptables -I FORWARD -j ACCEPT -m state –state ESTABLISHED,RELATED
iptables -I INPUT -j ACCEPT -i lo
iptables -I INPUT -p tcp –dport 25 -j ACCEPT
iptables -I INPUT -p tcp –dport 110 -j ACCEPT
iptables -I INPUT -p tcp –dport 995 -j ACCEPTiptables -I INPUT -p tcp –dport 80 -j ACCEPT
iptables -I INPUT -p tcp –dport 53 -j ACCRPTiptables -I INPUT -p udp –dport 53 -j ACCEPT
service iptables save
service iptables restart

转载自:
http://hi.baidu.com/enjoyunix/blog/item/09cc631bd1cec1dcac6e7573.html

OpenVZ, Proxmox

Proxmox_KVM虚拟机无法启动

2010年11月11日 写评论 作者 夜行人

虚拟管理平台是Proxmox

虚拟的2008无法启动,怀疑是该虚拟机配置引起的问题,故尝试把cdrom删掉,结果报以下错

抄下来,在ssh上直接输入

/usr/sbin/qm set 103 –localtimie –freeze 0 –acpi 1 –kvm 1 –startdate –bootdisk ide0 –boot c –vga –cpuunits 1000

结果报几个选项是未知的,修改为

/usr/sbin/qm set 103 –freeze 0 –acpi 1 –kvm 1 —bootdisk ide0 –boot c –cpuunits 1000

执行后报以下错误

setting parameters failed – VM is locked (backup)

网上搜多了下,大多是备份时lock的,查找配置文件

locete 103.conf

/etc/qemu-server/103.conf

/var/lock/qemu-server/lock-103.conf

vi /etc/qemu-server/103.conf

发现有一行lock的,把它注释掉,就可以启动了

比较文明的解锁方法应该是

qm unlock 103

Proxmox 几个目录

Openvz的虚拟机配置文件

/etc/vz/conf

KVM的虚拟机配置文件

/etc/qemu-server/

不知道什么原因 ,虚拟出来的2008,过一段时间后 ,网络就特别慢,ping的延迟特别高,估计是虚拟出来的网络问题?

KVM, OpenVZ, Proxmox, 虚拟化

HOW-TO:X11 forwarding using ssh, SecureCRT and Xming

2010年11月3日 写评论 作者 夜行人

1. Linux Server’s IP:192.168.1.100

2. Install Desktop Enviroment on server

2.1 List software group
yum grouplist

2.2 Install Gnome
yum groupinstall “GNOME Desktop Environment”

2.3 The server can run in level 3 or level 5.By default,OPENSSH enable X11 forward,make sure your /etc/ssh/sshd_config on “X11 forward” look like

X11Forwarding yes

3. Configure Linux client which must run in level 5

3.1 login in the server
[root@client ~]# ssh -X username@192.168.1.100

the output should contain DISPLAY
[root@server_192.168.1.100 ~]# env |grep -i DISPLAY
DISPLAY=localhost:10.0

[root@server_192.168.1.100 ~]# xclock

If you can see a clock,it means that the X11 forward is successful.

4. Configure Windows client
4.1 Install X server : Xming and launch it.
4.2 Install a ssh client,such as SecureCRT,putty.
4.3 Configure SecureCRT
Options–Session Options–Connection–Port Forward–Remote/X11
enable Forward X11 packets,click ok,Connect to the server 192.168.1.100,after login in,also type “env |grep -i DISPLAY” to make sure the desktop enviroment is ok.

type xclock,you will see a clock.

Linux

将阵列卡驱动编辑进initrd.img

2010年10月29日 写评论 作者 夜行人

CentOS5.4无法识别五舟服务器的阵列卡,每次安装都要手动加载,十分麻烦

今天突发奇想,要把驱动加到安装光盘里,找到这篇文章,太给力了

以下为转载内容

原文见:http://hi.baidu.com/delovery/blog/item/b55c317aa1b329e12e73b33c.html/cmtid/c15bb909a772bc2a6b60fb00

[root@localhost test]# ls
initrd.img rh5.2img.zip
[root@localhost test]# file initrd.img
initrd.img: gzip compressed data, from Unix, last modified: Tue Jun 24 00:53:16 2008, max compression
[root@localhost test]# mv initrd.img initrd.img.gz
[root@localhost test]# ls
initrd.img.gz rh5.2img.zip
[root@localhost test]# gunzip initrd.img.gz
[root@localhost test]# ls
initrd.img rh5.2img.zip
[root@localhost test]# file initrd.img
initrd.img: ASCII cpio archive (SVR4 with no CRC)
[root@localhost test]# mkdir a
[root@localhost test]# ls
a initrd.img rh5.2img.zip
[root@localhost test]# cd a
[root@localhost a]# cpio -dumi < ../initrd.img
14988 blocks
[root@localhost a]# ls
bin dev etc init modules proc sbin selinux sys tmp var
[root@localhost a]# cd modules/
[root@localhost modules]# ls -l
total 4520
-rw-r–r– 1 root root 5791 Jun 24 2008 module-info
-rw-r–r– 1 root root 117885 Jun 24 2008 modules.alias
-rw-r–r– 1 root root 4396775 Jun 24 2008 modules.cgz
-rw-r–r– 1 root root 13152 Jun 24 2008 modules.dep
-rw-r–r– 1 root root 62055 Jun 24 2008 pci.ids
[root@localhost modules]# file modules.cgz
modules.cgz: gzip compressed data, from Unix, last modified: Tue Jun 24 00:53:05 2008, max compression
[root@localhost modules]# cat modules.dep
cciss: scsi_mod
aic94xx: libsas libata scsi_transport_sas scsi_mod
libsas: libata scsi_transport_sas scsi_mod
mptsas: mptscsih mptbase scsi_transport_sas scsi_mod
scsi_transport_sas: scsi_mod
orinoco_plx: orinoco hermes
dm-emc: dm-multipath dm-mod
……………………………..
[root@localhost modules]# mv modules.cgz modules.cgz.gz
[root@localhost modules]# ls
module-info modules.alias modules.cgz.gz modules.dep pci.ids
[root@localhost modules]# gunzip modules.cgz.gz
[root@localhost modules]# ls -lh modules.cgz
-rw-r–r– 1 root root 18M Jun 24 2008 modules.cgz
[root@localhost modules]# cpio -i –verbose –make-directories < modules.cgz
2.6.18-92.el5/x86_64/cciss.ko
2.6.18-92.el5/x86_64/scsi_transport_sas.ko
2.6.18-92.el5/x86_64/orinoco_plx.ko
2.6.18-92.el5/x86_64/dm-multipath.ko
2.6.18-92.el5/x86_64/sundance.ko
2.6.18-92.el5/x86_64/rtl8150.ko
2.6.18-92.el5/x86_64/lock_nolock.ko
2.6.18-92.el5/x86_64/raid1.ko
2.6.18-92.el5/x86_64/vga16fb.ko
……………………………………….
[root@localhost modules]# cd 2.6.18-92.el5/x86_64
[root@localhost x86_64]# ls
3c574_cs.ko dm-zero.ko mptspi.ko sata_via.ko
3c589_cs.ko e1000e.ko msdos.ko sata_vsc.ko
3c59x.ko e1000.ko natsemi.ko scsi_mod.ko
3w-9xxx.ko e100.ko ne2k-pci.ko scsi_transport_fc.ko
3w-xxxx.ko edd.ko netwave_cs.ko scsi_transport_iscsi.ko
8139cp.ko ehci-hcd.ko netxen_nic.ko scsi_tra
……………………….
[root@localhost modules]#cd /test
[root@localhost test]# ls
a initrd.img rh5.2img.zip
[root@localhost test]# unzip rh5.2img.zip
Archive: rh5.2img.zip
creating: rh5.2img/
extracting: rh5.2img/disk-info
inflating: rh5.2img/modinfo
inflating: rh5.2img/modules.alias
inflating: rh5.2img/modules.cgz
extracting: rh5.2img/modules.dep
inflating: rh5.2img/modules.pcimap
inflating: rh5.2img/pci.ids
inflating: rh5.2img/pcitable
inflating: rh5.2img/replace_ahci.sh
inflating: rh5.2img/replace_ahci_readme.txt
extracting: rh5.2img/rhdd
[root@localhost test]# cd rh5.2img
[root@localhost rh5.2img]# ls
disk-info modules.alias modules.dep pci.ids replace_ahci_readme.txt rhdd
modinfo modules.cgz modules.pcimap pcitable replace_ahci.sh
[root@localhost rh5.2img]# more pcitable
0x8086 0x2682 “megasr” “MegaSR|INTEL-ESB2”
0x8086 0x2683 “megasr” “MegaSR|INTEL-ESB2”
0x8086 0x27C3 “megasr” “MegaSR|INTEL-ICH7R”
0x8086 0x2925 “megasr” “MegaSR|LSI-NEC”
0x8086 0x3A25 “megasr” “MegaSR|LSI-ICH10R”
0x1000 0x0055 “megasr” “MegaSR|LSI-1068”
0x1000 0x0057 “megasr” “MegaSR|LSI-1064E”
0x1000 0x0059 “megasr” “MegaSR|LSI-1068E”
[root@localhost rh5.2img]# mv modules.cgz modules.cgz.gz
[root@localhost rh5.2img]# ls
disk-info modules.alias modules.dep pci.ids replace_ahci_readme.txt rhdd
modinfo modules.cgz.gz modules.pcimap pcitable replace_ahci.sh
[root@localhost rh5.2img]# gunzip modules.cgz.gz
[root@localhost rh5.2img]# ls
disk-info modules.alias modules.dep pci.ids replace_ahci_readme.txt rhdd
modinfo modules.cgz modules.pcimap pcitable replace_ahci.sh
[root@localhost rh5.2img]# file modules.cgz
modules.cgz: ASCII cpio archive (SVR4 with CRC)
[root@localhost rh5.2img]# cpio -i –verbose –make-directories < modules.cgz
2.6.18-92.el5xen/x86_64/megasr.ko
2.6.18-92.el5/x86_64/megasr.ko
2.6.18-92.el5xen/i686/megasr.ko
2.6.18-92.el5PAE/i686/megasr.ko
2.6.18-92.el5/i686/megasr.ko
6214 blocks
[root@localhost rh5.2img]# ls
2.6.18-92.el5 modinfo modules.pcimap replace_ahci.sh
2.6.18-92.el5PAE modules.alias pci.ids rhdd
2.6.18-92.el5xen modules.cgz pcitable
disk-info modules.dep replace_ahci_readme.txt
[root@localhost rh5.2img]# cd 2.6.18-92.el5
[root@localhost 2.6.18-92.el5]# ls
i686 x86_64
[root@localhost 2.6.18-92.el5]# cd x86_64/
[root@localhost x86_64]# ls
megasr.ko
[root@localhost x86_64]#cp megasr.ko /test/a/modules/2.6.18-92.el5/x86_64/
下面我们要修改/test/a/modules下的:pci.ids modules.alias modules.info
[root@localhost modules]# vi cpi.ids
[root@localhost modules]#vi modules.alias
在上述文件中加入rh5.2img中cpi.ids和modules.alias modinfo中的内容追加在后面
[root@localhost modules]# ls
2.6.18-92.el5 module-info modules.alias modules.cgz modules.dep pci.ids
[root@localhost modules]# rm -rf modules.cgz
[root@localhost modules]# find 2.6.18-92.el5/ |cpio -H newc -ov |gzip -9 -c – > modules.cgz
[root@localhost modules]# cd ..
[root@localhost a]# ls
bin dev etc init modules proc sbin selinux sys tmp var
[root@localhost a]#find . |cpio -H newc -ov |gzip -9 -c – > /test/b/initrd.img
[root@localhost a]#cd ..
[root@localhost test]# cd b
[root@localhost b]# ls
initrd.img
[root@localhost b]# file initrd.img
initrd.img: gzip compressed data, from Unix, last modified: Sun Sep 13 20:22:37 2009, max compression
到此完成操作,试验结果,待绪

另外有一篇文章也值得一读

http://www.torkwrench.com/2010/01/06/installing-rhel-5-using-the-vmware-paravirtualized-scsi-driver-pvscsi/

Linux
Newer Entries
Older Entries
2025年十二月
« 5月    
1234567
891011121314
15161718192021
22232425262728
293031