Полезные ссылки
https://www.binarytides.com/linux-commands-hardware-info/
https://www.binarytides.com/linux-netstat-command-examples/
mail test
https://www.mail-tester.com/
centos 7 NETWORK
https://www.krizna.com/centos/setup-network-centos-7/
chsh
chsh -l
chfn
setcap
setcap cap_net_raw,cap_net_admin=eip /usr/bin/curl
capsh --print
filecap
pscap -a
yum install libcap-ng-utils
yum install libcap-ng
openssl
openssl s_client -connect domain.com:443 -servername domain.com
yum reinstall ca-certificates
openssl rsa -noout -modulus -in private.txt | openssl md5
openssl x509 -noout -modulus -in www_rd_metall_ru_2020_02_06.crt | openssl md5
openssl x509 -in cert.pem -text -noout | grep DNS
##################################
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
##################################
openssl x509 -noout -subject -dates -in server.crt
Postfix
https://wiki.dieg.info/postfix
Red Hat / CentOS IPv6 Network Configuration
https://www.cyberciti.biz/faq/rhel-redhat-fedora-centos-ipv6-network-configuration/
boot partition is almost full in CentOS
https://unix.stackexchange.com/questions/105026/boot-partition-is-almost-full-in-centos
Fail2ban и nginx: блокируем нежелательный трафик к определенному URL
https://habrahabr.ru/post/236859/
How to upgrade MySQL 5.5 to 5.6/5.7 or MariaDB 5.5 to 10.0/10.1/10.2 on Linux
https://support.plesk.com/hc/en-us/articles/213403429--%D0%9A%D0%B0%D0%BA-%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%B8%D1%82%D1%8C-MySQL-%D1%81-%D0%B2%D0%B5%D1%80%D1%81%D0%B8%D0%B8-5-5-%D0%BD%D0%B0-5-6-
####\
https://www.modsecurity.org/download.html
Too many open files, как победить?
https://www.stableit.ru/2009/11/too-many-open-files.html
Мониторинг HP Smart Array в Zabbix
http://wiki.enchtex.info/howto/zabbix/zabbix_hp_smart_array_monitoring
Centos и аппаратный рейд HP
http://demi4.com/centos-i-aparatnyiy-reyd-hp/
Монтирование нескольких разделов в одну директорию
https://habrahabr.ru/post/264853/
Зачем нужно подключать сетевые диски?
http://answit.com/uvelichenie-diska-na-vps-zaschyot-vneshnih-faylovyih-sistem/
L2TP
https://github.com/travislee8964/L2TP-VPN-installation-script-for-CentOS-7/blob/master/l2tp-ipsec-install-script-for-centos7.sh
Как определить кто шлет спам на VPS/Dedicated. Блокировка почты для отдельного сайта
https://thehost.ua/wiki/spam
Запрещаем хотлинкинг в Apache и nginx — как защитить свои картинки от hotlink
http://ktonanovenkogo.ru/vokrug-da-okolo/webmaster/zapreshhaem-xotlink-hotlink-v-apache-nginx-zashhitit-kartinki.html
Определить Кодировку Файла
https://www.shellhacks.com/ru/linux-check-change-file-encoding/
MySQL перенос пользователей и прав на другой сервер
http://www.kochetov.net.ua/?p=613
MYSQL_CONN="-uroot -ppassword"
f
восстанавливаем на другом сервере
mysql -uroot -p -A < MySQLUserGrants.sql
MySQL: Разрешить удаленный доступ к MySQL Server
http://kyunez.blogspot.com/2011/12/mysql-server.html
CRON
https://crontab.guru/#*/1_*_*_*_*
Мониторинг с консоли
http://rus-linux.net/MyLDP/server/monitoring-servera-v-konsoli.html
https://habrahabr.ru/company/ua-hosting/blog/281519/
CHECK SSL
https://www.sslshopper.com/ssl-checker.html#hostname=https://cdn2.pornolenta.net
https://www.ssllabs.com/ssltest/
Сканер вирусов WEB
https://getvir.org/
##\
https://web-optimizator.com/301-redirekt-htaccess/
https://www.ndchost.com/wiki/apache/redirect-http-to-https
http://web-optimizator.com/301-redirekt-htaccess/
Реестр запрещенных сайтов
https://reestr.rublacklist.net/
htaccess-конвертер для nginx
http://winginx.com/ru/htaccess
PASTEBIN
http://pastebin.com/
SystemRescueCd
http://www.system-rescue-cd.org/Download/
IP pool
https://4it.me/getlistip
##\
http://cp.inferno.name/knowledgebase/1/Administrirovanie
MDADM
http://xgu.ru/wiki/mdadm
RAID setup
https://raid.wiki.kernel.org/index.php/RAID_setup
Как устранить неисправность InnoDB в базе данных MySQL
http://kb.justhost.ru/article/1436
VPN
https://zefir.space/a/1/
http://serveradmin.ru/nastroyka-openvpn-na-centos-7/
http://eax.me/openvpn/
Забыл Root от MySQL
https://sis-admin.su/?p=56
http://mbps.net/
RAID FREEBSD
https://www.opennet.ru/base/sys/freebsd_fs_mount.txt.html
https://www.freebsd.org/doc/ru/books/handbook/GEOM-mirror.html
https://www.stableit.ru/2010/04/freebsd-not-all-disks-connected.html
md /ramdisk mfs rw,-s2048m 2 0
mount /ramdisk
memtester
http://software.opensuse.org/download.html?project=utilities&package=memtester
Fail2ban
https://vps.ua/wiki/%D0%9D%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B0_Fail2ban
DNS CHACK
http://www.intodns.com/
https://developers.google.com/speed/public-dns/cache?hl=uk
http://www.host-tracker.com/InstantCheck/ResultComplete/c5b67f88-5185-e611-80c2-0003ff7328cc
bootimages.redstation.co.uk
SED - потоковы редактор
http://wiki.enchtex.info/practice/bash/bash_sed_sample
http://rus-linux.net/MyLDP/consol/sed.html
Linux: rsyslogd, MySQL (ommysql) и фильтры (RainerScript и Property-Based).
https://rtfm.co.ua/rsyslog-mysql-ommysql-rainerscript-property-based-filer/
Rsyslog на Debian, настройка сервера сбора логов
http://www.k-max.name/linux/rsyslog-na-debian-nastrojka-servera/
Страницы руководства - syslog-ng.conf
http://www.ekzorchik.ru/2013/03/ubuntu-12-syslog-zyxel-keenetic-lite-logs/
http://manpages.ylsoftware.com/ru/syslog-ng.conf.5.html
INFO IT
https://tproger.ru/
http://www.unix-lab.org/posts/
https://wiki.osdev.org/Main_Page
http://sboronin.ru/
http://muff.kiev.ua/
https://www.digitalocean.com/community/tutorials
https://bozza.ru/art.html
https://wikival.bmstu.ru/doku.php
https://www.cyberciti.biz/faq/
https://plone.lucidsolutions.co.nz/linux/
Удаление писем из очереди postfix
http://val-khmyrov.blogspot.ru/2012/10/postfix.html
Список_портов_TCP_и_UDP
https://ru.wikipedia.org/wiki/%D0%A1%D0%BF%D0%B8%D1%81%D0%BE%D0%BA_%D0%BF%D0%BE%D1%80%D1%82%D0%BE%D0%B2_TCP_%D0%B8_UDP
command IP
https://ss64.com/bash/ip.html
Полезные Unix утилиты. lsof.
http://handynotes.ru/2010/01/unix-utility-lsof.html
RFC
https://rfc2.ru/
Computer Security Student
http://www.computersecuritystudent.com/HOME/index.html
Bitrix
tail bitrix/modules/error.log
https://www.acrit-studio.ru/pantry-programmer/solutions-to-bugs-and-errors-1c_bitrix/white-screen-on-bitrix_causes-and-elimination/
SITE SPEED
https://www.webpagetest.org/
REDIS
https://ruhighload.com/%D0%9E%D0%BF%D1%82%D0%B8%D0%BC%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F+%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B5%D0%BA+redis
http://www.w3big.com/ru/redis/redis-conf.html
Масштабирование и оптимизация
https://ruhighload.com
HAProxy
http://devacademy.ru/posts/haproxy/
РЕГУЛЯРНЫЕ ВЫРАЖЕНИЯ LINUX
https://losst.ru/regulyarnye-vyrazheniya-linux
Разделы жесткого диска и файловые системы
http://help.ubuntu.ru/wiki/%D1%80%D0%B0%D0%B7%D0%B4%D0%B5%D0%BB%D1%8B_%D0%B8_%D1%84%D0%B0%D0%B9%D0%BB%D0%BE%D0%B2%D1%8B%D0%B5_%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B_linux
Создание разделов и файловых систем
https://www.ibm.com/developerworks/ru/library/l-lpic1-v3-104-1/index.html
Расширение корневого раздела LVM в Linux на лету
http://www.o-nix.com/pages/reshenija-v-linux/rasshirenie-kornevogo-razdela-lvm.php
GRUB2
https://wizardforcel.gitbooks.io/vbird-linux-basic-4e/content/168.html
Работа со звуком С++ как?
https://toster.ru/q/376284
https://habrahabr.ru/post/226143/
FreeBSD
portupgrade -o databases/mysql57-client -f mysql56-client-\*
portupgrade -arRF
# устранить проблемы с vim
pkg install -f gettext-runtime
# NFS
http://mediaunix.com/nfs-na-freebsd/
https://eax.me/freebsd-nfs/
# certboot
https://certbot.eff.org/lets-encrypt/freebsd-nginx
http://linux-notes.org/ustanovka-certbot-dlya-polucheniya-sertifikata-ot-letsencrypt-v-unix-linux/
# redis replication
https://www.8host.com/blog/replikaciya-dannyx-redis-v-ubuntu-16-04/
# IPFW
https://alexnettm.org.ua/freebsd/freebsd-nastrojka-ipfw-kernel-nat.html
https://bozza.ru/art-92.html
# sysctl
https://klaver.it/linux/sysctl.conf
# installing php 5.6 + openssl 1.0.2
https://end0tknr.wordpress.com/2016/05/01/installing-php-5-6-openssl-1-0-2-cakephp-3-2/
spinx
http://sphinxsearch.com/docs/current/ref-indexer.html
netplan Ubuntu 18
cat /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
match:
macaddress: "00:25:90:86:75:70"
set-name: "eth2"
dhcp4: no
dhcp6: no
eth1:
match:
macaddress: "00:25:90:86:75:71"
set-name: "eth0"
dhcp4: no
dhcp6: no
addresses: [ip/26,ip/32]
gateway4: ip
nameservers:
addresses: [ip,ip]
cat /proc/net/bonding/bond0
netplan apply
netplan --debug apply
tnftpd
cat /etc/ftpd.conf
umask all 022
chroot all %d
recvbufsize all 65536
sendbufsize all 65536
KVS
mod_kvs.sh
kvsroot=PATH
kvsuser=user
kvsgroup=group
chmod 750 $kvsroot
chown -R $kvsuser:$kvsgroup $kvsroot
find $kvsroot/ -type f -exec chmod 666 {} \;
find $kvsroot/ -type d -exec chmod 775 {} \;
find $kvsroot/tmp -type d -exec chmod 777 {} \;
find $kvsroot/tmp -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/template -type d -exec chmod 777 {} \;
find $kvsroot/template -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/contents -mindepth 1 -type d -exec chmod 777 {} \;
find $kvsroot/contents -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/admin/smarty/cache -type d -exec chmod 777 {} \;
find $kvsroot/admin/smarty/cache -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/admin/smarty/template-c -type d -exec chmod 777 {} \;
find $kvsroot/admin/smarty/template-c -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/admin/smarty/template-c-site -type d -exec chmod 777 {} \;
find $kvsroot/admin/smarty/template-c-site -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/admin/logs -type d -exec chmod 777 {} \;
find $kvsroot/admin/logs -type f -not -name ".htaccess" -exec chmod 666 {} \;
find $kvsroot/admin/data -mindepth 1 -type d -exec chmod 777 {} \;
find $kvsroot/admin/data -type f -not -name ".htaccess" -not -name "remote_cron\.php" -exec chmod 666 {} \;
certbot + letsencrypt
Здравствуйте.
Количество сайтов, которое вы добавляете через панель управления, не ограничивается. Однако стоит помнить, что ограничены физические ресурсы сервера (частота и количество процессоров, память, место на диске). Соответственно, нужно соблюдать такое количество сайтов, которое может потянуть сервер. Чем больше сайтов - тем больше используется ресурсов сервера и тем больше нагрузка на сервере. Может настать момент, когда сервер не справится с нагрузкой и все сайты перестанут работать.
echo 2 | /usr/work/src/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/home/imag/imag.one/public/ -d imag.one -d www.imag.one
certbot certonly --webroot -w /home/bpmob/domain.com -d domain.com -d www.domain.com
git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto certonly --manual -d *.excalibur-lets.pp.ua -d excalibur-lets.pp.ua --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
05 03 * * 2,4,6 /usr/local/bin/certbot-auto renew --no-self-upgrade && /usr/sbin/apachectl -k restart
05 02 * * 2,4,6 /usr/local/bin/certbot renew --no-self-upgrade && /usr/local/apache2/bin/apachectl -k graceful > /dev/null
30 03 * * * /usr/local/bin/certbot renew && /usr/local/sbin/nginx -s reload
05 03 * * 2,4,6 /usr/local/bin/certbot renew --no-self-upgrade --post-hook '/usr/local/sbin/nginx -s reload'
05 03 * * 2,4,6 /usr/local/bin/certbot renew --renew-hook '/usr/local/sbin/nginx -s reload'
libsodium
https://download.libsodium.org/libsodium/releases/
Bound
Centos 7
https://www.unixmen.com/linux-basics-create-network-bonding-on-centos-76-5/
https://blog.it-kb.ru/2016/06/20/network-bonding-with-vlan-and-802-3ad-lacp-on-centos-linux-7-2-and-lag-channel-group-on-switch-cisco-catalyst-ws-c3560g-with-testing-load-balancing-and-high-availability/
Sphinx freebsd
http://www.hilik.org.ua/setup-sphinx/
Полезные команды
2>&1 nginx -V | tr -- - '\n' | grep _module
fallocate
pvs -ao +devices
vgs -ao +devices
lvs -ao +devices
stat -c%a
Centos 7
nmcli con reload
Ethtool: ethtool
http://alexof.ru/page/iperf
cat /proc/net/bonding/bond0
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
ls -laut --time=ctime
mtr -rnc 100 54.36.120.64
cat /proc/$(pgrep redis | head -1)/limits | grep files
### MYSQL ####
http://linux-notes.org/sozdat-pol-zovatelya-s-pravami-read-only-tol-ko-chtenie-v-mysql/
https://support.symantec.com/en_US/article.HOWTO16962.html
grant select on database_name.* to 'Your_read-only_mysql_username'@'localhost' identified by 'Your_password_for_read-only_mysql_username';
SHOW VARIABLES LIKE 'collation%';
SHOW VARIABLES LIKE 'character%';
mysql explain
SHOW GRANTS FOR 'gemslog'@'localhost';
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
FLUSH PRIVILEGES;
DROP USER ‘demo’@‘localhost’;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'bloguser'@'localhost';
CREATE DATABASE mydatabase CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE DATABASE mydb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPass');
GRANT SELECT ON `mantis_pgh`.`mantis_bugnote_text_table` TO 'pgh_metabase'@'%';
GRANT SELECT (id, name, status) ON `uaapartments_rnt`.`rent_owners` TO 'pgh_metabase'@'%'
DESCRIBE tablename;
SHOW TABLE STATUS;
SELECT @@character_set_database, @@collation_database;
ALTER DATABASE databasename CHARACTER SET utf8 COLLATE utf8_unicode_ci;
ALTER TABLE tablename CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT SELECT (deleted_at, created_at, member_id, calc_id) ON `uaapartments_dbv`.`apt_referral_calc` TO 'dobovo_powerbi'@'%'
GRANT SELECT ON `uaapartments_dbv`.`apt_referral_payments` TO 'dobovo_powerbi'@'%'
show processlist \G;
DROP USER 'ashemale_wbr'@'%';
mysql -e "REVOKE USAGE ON *.* TO 'ashemale_wbr'@'%'; FLUSH PRIVILEGES;"
set global innodb_ft_result_cache_limit=10000000000;
Table handler out of memory
mysql -e "show databases;" | awk '{print "mysqldump --single-transaction --opt --routines --events --triggers "$1 " > " $1".sql"}' | sh
ls | awk -F "." '{print "mysql " $1 " < " $1"."$2 }' | sh
show status like 'Conn%';
show variables like 'max_connections';
set global max_connections = 400;
https://www.dmosk.ru/miniinstruktions.php?mini=mysql-max-connections
Before launching the mysqldump you can send this query to check if big selects are available:
SELECT @@global.SQL_BIG_SELECTS;
and then you can enable them using
SET @@global.SQL_BIG_SELECTS = 1;
and disable again (after the dump) using
SET @@global.SQL_BIG_SELECTS = 0;
use datbases;
SHOW VARIABLES LIKE "character_set_database";
ALTER DATABASE имя_вашей_базы_данных charset=utf8;
ALTER TABLE `db_name`.`table_name` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
SELECT CONCAT( 'ALTER TABLE `', t.`TABLE_SCHEMA` , '`.`', t.`TABLE_NAME` , '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;' ) AS sqlcode
FROM `information_schema`.`TABLES` t
WHERE 1
AND t.`TABLE_SCHEMA` = 'My_DB_for_convert'
ORDER BY 1
LIMIT 0 , 90
vim add text to end line
%norm A*
nmap -sU -p U:11212
ipfw add unreach port udp from any to me dst-port 11212
вот еще есть строчка, если выводит версию мемкеша то можна через него ддосить, если пусто то не
echo -en "\000\000\000\000\000\001\000\000version\r\n" | nc -w1 -u ip 11212
badblocks -b 4096 -w -s -v /dev/da1
openssl req -new -newkey rsa:2048 -nodes -out domain.csr -keyout domain.key -subj "/C=CY/ST=Limassol/L=Limassol/O=Unicall Service Limited/CN=unicall.io"
Шаг 1.
Остановить сервер MySQL
Шаг 2.
добавьте эту строку в my.cnf(в окнах она называется my.ini)
set-variable=innodb_force_recovery=6
Шаг 3.
удалить ib_logfile0 и ib_logfile1
Шаг 4.
Запустить сервер MySQL
Шаг 5.
Запустите эту команду:
mysqlcheck --database db_name table_name -uroot -p
После того, как вы успешно зафиксировали разбитую таблицу innodb, не забудьте удалить # set-variable = innodb_force_recovery = 6 из my.cnf, а затем снова перезапустить сервер MySQL.
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
mysqldump --single-transaction --opt --routines --events --triggers \
--ignore-table=db.api_log \
--ignore-table=db.call_center_request_log \
--ignore-table=db.user_action_log \
--ignore-table=db.user_action_log_query \
db > db.sql
### Libvirt ###
sudo apt install qemu-kvm libvirt-bin
sudo adduser $USER libvirtd
sudo apt install virtinst
## Create virtual machine ##
sudo virt-install -n FreeBSD10.4 -r 1024 --vcpus=1 --os-variant=freebsd10 --accelerate -v -c /home/excalibur/Downloads/FreeBSD-10.4-RELEASE-amd64-disc1.iso --network network=default,model=virtio --vnc --disk path=/var/lib/libvirt/images/FreeBSD10.4.img,size=4
tcpdump -c2000 -nnpi eth0 dst port 80 | awk '{print $3}' | cut -d'.' -f1,2,3,4 | sort | uniq -c | sort -n | tail -n10
https://pastebin.com/rKBRnMDr
## Iptables ##
iptables -L -n --line-numbers -t filter | less
iptables -D INPUT 23
iptables -A INPUT -s 192.168.1.1 -p tcp --destination-port 222 -j ACCEPT
iptables -A SSH -s 192.168.1.1/32 -m comment --comment "limit ssh access" -j ACCEPT
iptables-save > /etc/sysconfig/iptables
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -j MASQUERADE
iptables -A POSTROUTING -s 192.168.20.0/24 -o eth0 -j SNAT --to-source 192.168.1.1
iptables -N MYSQL
iptables -A INPUT -j MYSQL
iptables -I INPUT 1 -j FTP_ALLOW
iptables -A INPUT -d 127.0.0.1/32 -i lo -j ACCEPT
465 порт - то SSL порт, поэтому telnetом проверять не правильно, попробуйте соединится через openssl
openssl s_client -connect smtp.domain.com:465
V tigus | grep frontend
### Lsof ###
lsof -n -a -i -u user_name
sed -i"" "s#domainname#new domain#g" file
## Cron
12 0 6 * * cd /usr/share/GeoIP > /dev/null 2>&1 && wget http://data3.advancedhosters.com/geoip/GeoIP.dat.gz > /dev/null 2>&1 && gunzip -f GeoIP.dat.gz
05 * * * * sleep 23; /usr/sbin/ntpdate -bs 0.us.pool.ntp.org 0.nl.pool.ntp.org 1.us.pool.ntp.org 1.nl.pool.ntp.org >/dev/null 2>&1
00 11 * * * /usr/local/bin/mysqldump --single-transaction --opt --routines --events --triggers sphonebd | /bin/gzip > /home/TRASH/sphonebd.sql.gz && /usr/local/bin/rsync -avH -e "ssh -p222" /home/TRASH/sphonebd.sql.gz [email protected]:/home/ssamobile/SVDS126022/db/ && /bin/rm /home/TRASH/sphonebd.sql.gz
smartctl
1 Raw_Read_Error_Rate 0x002f 200 200 051 Pre-fail Always - если значение растет
5 Reallocated_Sector_Ct 0x0033 200 200 140 Pre-fail Always - >+5
193 Load_Cycle_Count 0x0032 200 200 000 Old_age Always - 7 если значение растет
197 Current_Pending_Sector 0x0032 200 200 000 Old_age Always >+1
200 Multi_Zone_Error_Rate 0x0008 200 200 000 Old_age Offline - если значение растет
обращать внимание на температуру диска
MYSQL Репликация
http://www.itnotes.org.ua/administration/mysql/master_master_replication_db.html
http://linux-notes.org/replikatsiya-mysql-v-vide-master-slave/
http://www.mysql.ru/docs/man/Replication.html
http://sysadm.pp.ua/
.htaccess
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ - [env=proto:http]
RewriteCond %{HTTP:X-Forwarded-Proto} https
RewriteRule ^(.*)$ - [env=proto:https]
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE BY DenyCountry
Deny from env=DenyCountry
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(UA|RU|NL)$
RewriteRule ^(.*) http://check-your-pride.info/$1 [L,R=301]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
gpart
gmirror status
gpart backup da1 | gpart restore ad0
gpart backup da1 | gpart restore da0
gpart bootcode -b /boot/boot0 da0
gmirror forget gm0
gmirror insert gm0 da0s1
gmirror rebuild gm0 da0s1
gpart bootcode -b /boot/boot0 da1
robots.txt
robots.txt
User-Agent: bingbot
Crawl-Delay: 5
User-Agent: msnbot
Crawl-Delay: 5
https://rcp.advancedhosters.com/message/show/360002508#360109732
nginx SSL
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile /usr/local/etc/letsencrypt/live/domain/cert.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/domain/privkey.pem
SSLCertificateChainFile /usr/local/etc/letsencrypt/live/domain/chain.pem
ssl on;
ssl_certificate "/etc/letsencrypt/live/domain/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/domain/privkey.pem";
ssl_trusted_certificate "/etc/letsencrypt/live/domain/chain.pem";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
sndbuf=16k rcvbuf=8k backlog=2024;
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/unsettrial\.php*
RewriteCond %{REQUEST_URI} !^/trial_access\.php*
RewriteRule ^(.*)$ https://domain$1 [R=301,L]
location ~ /.well-known {allow all; auth_basic off; default_type text/plain;}
if ($uri !~ ^/(robots.txt))
{ rewrite ^/(.*)$ http://d.net/$1 permanent;}
if ($host = 'www.domain.com'){
return 204 'access forbidden';
default_type "text/plain";
}
# проверить private key
rsa -noout -modulus -in goalcounters.com.key | openssl md5
location /.well-known {
root /home/patch/;
}
location ~ /(\d+)/(\d+)/preview_(\d+)\.jpg {
rewrite "^/(\d+)/(\d+)/preview_(\d+).jpg" "/$1/$2/preview.jpg" last;
}
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
https://xn--d1acnqm.xn--j1amh/%D0%B7%D0%B0%D0%BF%D0%B8%D1%81%D0%B8/nginx-301-%D0%BD%D0%B0-%D0%B2%D1%81%D0%B5-%D1%81%D0%BB%D1%83%D1%87%D0%B0%D0%B8-%D0%B6%D0%B8%D0%B7%D0%BD%D0%B8
if ($scheme = http) {
return 301 https://origin.hmlcdn.com$request_uri;
}
if ($host ~* ^www\.domain\.com$) {
rewrite ^(.*) http://$server_name$request_uri permanent;
}
if ( $scheme = "http" ) { rewrite ^/(.*)$ https://$host/$1 permanent;}
location ~ ^.+\.(png|PNG|jpg|JPG|jpeg|JPEG|gif|GIF|ico|wmv|avi|flv|mpg|mpeg|mp4|ogg|zip|rar|gz|css|js|txt|ttf|eot|otf|woff|svg|swf|bmp)$ {
expires 30d;
error_page 404 = @fallback;
}
if ( $request_uri !~ "^/robots.txt") {
return 301 https://worldporn.org$request_uri;
}
proxy_request_buffering off;
proxy_buffering off;
proxy_connect_timeout 100;
proxy_send_timeout 100;
proxy_read_timeout 100;
send_timeout 100;
убрать сфлеш в конце 301 редирект
rewrite ^/(.*)/$ /$1 permanent;
auth_basic "closed site";
auth_basic_user_file /etc/nginx/.htpasswd;
FFMPEG
wget "http://downloads.sourceforge.net/project/yamdi/yamdi/1.9/yamdi-1.9.tar.gz"
tar zxvf yamdi-1.9.tar.gz
cd yamdi-1.9
gcc yamdi.c -o yamdi -O2 -Wall -D_FILE_OFFSET_BITS=647
cp yamdi /usr/bin/
##################
ffmpeg -V 2>&1 | egrep -io "libx264|libavfilter|libfaac|libfdk_aac"
##################
http://work.service-host.ru/
PSQL
CREATE ROLE tracking_awccount WITH SUPERUSER CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'pass';
ALTER DATABASE wstore OWNER TO tracking_account;
alter user tracking_account with encrypted password 'pass';
grant all privileges on database wstore to tracking_accwount;
CREATE DATABASE "helpspot_db" WITH OWNER "postgres" ENCODING 'UTF8' LC_COLLATE = 'en_US.UTF-8' LC_CTYPE = 'en_US.UTF-8' TEMPLATE template0;
goaccess
goaccess /home/LOGS/ACCESS/326055070.nginx --log-format=COMBINED -o /home/domains/matureshare.net/goaccess/index.html --real-time-html --port=7894 --daemonize
chsh -s /bin/bash
Команды
/usr/bin/lockf -kt0 /tmp/d.cron.lock
yum --enablerepo=remi-php72 install php-
certbot certificates | grep domain.com
atopsar
traff monitor
https://www.binarytides.com/linux-commands-monitor-network/
A=`nginx -V 2>&1`;B=`echo $A|sed 's/ --/# --/g'|tr '#' '\n'|sed -n '/^ --/p'|sort`;printf "$A"|head -2;printf "configure arguments:\n$B\n"
lspci -vnn
lftp ip -u login,pass -e "mirror -R --parallel=4 /source/ /"
nmap --script ssl-enum-ciphers -p 443 domain
netstat -ntu | awk '{print $5}' | grep -vE "(Address|servers|127.0.0.1)" | cut -d: -f1 | sort | uniq -c | sort -n| sed 's/^[ \t]*//'
netstat -na | awk '{print $5}' | cut -d. -f 1-4 | grep -vE "(Address|servers|127.0.0.1)" | cut -d: -f1 | sort | uniq -c | sort -n | sed 's/^[ \t]*//'
dig -x ip @ns1.advancedhosters.com +short
#ДОБАВИТЬ ПОЛЬЗОВАТЕЛЯ В ГРУППУ LINUX
usermod -a -G wheel user
Проверил файлы в веб каталогах, созданные за последние 10 часов:
find /var/www -type f -mmin -600
cat /etc/passwd | sort -k3 -t: -n
cut -d: -f1,6 /etc/passwd
time curl --proxy 200.52.111.7:3128 -U 11n7812:123456 https://www.google.com -o /dev/null
ssh -b ip -p 222 ip -v
dd if=/dev/sda bs=1M | bzip2 -q9c > /root/sda.bz2
top -m io -o total
gstat - freebsd
iotop -oPa
iostat -x 1
systat -iostat
top -mio -SH -owrite -s1
dstat -tldnpms 10
dstat -tl -M topcpu,topio -d -M topmem -m 10
find ./ -newermt '2018-01-01 11:35' ! -newermt '2018-08-17 12:17' -ls
tar -cvf - files | bzip2 -9 > file.tar.bz2
stat -c "%a %n" mail.tar.bz2
stat -c "%U:%G %a %n" 5_yazikov_lubvi.pdf
dave:dave 664 5_yazikov_lubvi.pdf
stat -c "%U:%G" 5_yazikov_lubvi.pdf
dave:dave
stat -c "%U:%G %n" 5_yazikov_lubvi.pdf
dave:dave 5_yazikov_lubvi.pdf
php_value error_reporting 2039
https://lukeslinux.com/
curl http://wttr.in/Kiev
echo -e "\033[0;31m Can I reboot this server... OK? \033[0m" > /dev/pts/2
siege -c20 http://113.174.145.12/ -t30s
ngrep -d enp1s0 -q -W byline "text" host 233.174.145.12 and port 80
ngrep -d enp1s0 -q -W byline "^(GET|POST) .*" host 3.174.145.12 and port 80
sudo chfn -o umask=007 username
GET
sudo tcpdump -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
POST
sudo tcpdump -s 0 -A -vv 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354'
apt-cache policy elasticsearch
echo "Subject: test" | /usr/local/sbin/sendmail1 -v [email protected]
truncate -s0 log.log
for pid in `pidof nginx`; do echo "$(< /proc/$pid/cmdline)"; egrep 'files|Limit' /proc/$pid/limits; echo "Currently open files: $(ls -1 /proc/$pid/fd | wc -l)"; echo; done
memmory use proggram
ps --no-headers -o "rss,cmd" -C nginx | awk '{ sum+=$1 } END { printf ("\nRAM statistics\n--------------\n") } END { printf ("Total RAM: %d%s\n", sum/1024, "M") } END { printf ("Total processes: %d\n", NR) } END { printf ("Average RAM/process: %d%s\n", sum/NR/1024, "M\n") }'
FreeBSD
pciconf -vl
objdump -p /sbin/ifconfig | grep NEEDED
#######
gsutil du -sh gs://origin/*
gsutil -m rsync -d -r data gs://mybucket/data
gcsfuse --stat-cache-ttl "1h" --type-cache-ttl "1h" --limit-bytes-per-sec "-1" --limit-ops-per-sec "-1" -o allow_other --file-mode 666 --di|
r-mode 775 --uid 33 --gid 1002 -o rw origin-videos-huvids-com /home/cc1/domain/contents
Wordpress
define('FS_METHOD', 'direct');
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
после строки
$table_prefix = 'wp_';
добавить
$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_LOGIN', true);
также в базе сменить с http на https
включить дебаг в wp
define('WP_DEBUG', false);
$_SERVER['HTTPS'] = 'on';
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
SmartCJ
$config['redis_host'] = '127.0.0.1';
$config['redis_port'] = '6379';
$config['redis_database'] = 0;
$config['redis_password'] = '';
SSH
Match User root
PasswordAuthentication yes
#В самый низ это
А глобально в конфиге запрети
PasswordAuthentication no
AuthorizedKeysFile %h/.ssh/authorized_keys
Инфа о железе
lshw -class disk -class storage
S.M.A.R.T
https://rtfm.co.ua/s-m-a-r-t-proverka-hdd-opisanie-atributov-znachenie-atributov-utility-parametry/
ftpd
#!/bin/sh
#
# $FreeBSD: releng/10.2/etc/rc.d/ftpd 240336 2012-09-11 05:04:59Z obrien $
#
# PROVIDE: ftpd
# REQUIRE: LOGIN FILESYSTEMS
# KEYWORD: shutdown
. /etc/rc.subr
name="ftpd"
rcvar="ftpd_enable"
command="/usr/libexec/${name}"
pidfile="/var/run/${name}.pid"
start_precmd=ftpd_prestart
ftpd_prestart()
{
rc_flags="-D ${rc_flags}"
return 0
}
load_rc_config $name
run_rc_command "$1"
3proxy
cat /usr/local/etc/3proxy.cfg
#!/usr/local/bin/3proxy
nserver 8.8.8.8
nscache 8190
timeouts 1 5 30 60 180 1800 15 60
users proxy_user:CL:1eddXTRJgSakKLmU7q2M9
users ping:CL:BoowddpujBijdsdWymHyb
allow
daemon
auth strong
proxy -a -n -i88.208.32.72 -e88.208.32.72 -p2253
#socks
auth strong
flush
maxconn 32
socks -i88.208.32.72 -e88.208.32.72 -p7835
#############
test
curl --socks5 88.208.32.72:7835 -U blinok1:DomssasEyljddddivRoitva check-host.net/ip
Анализ логов access
cat /home/logs/nginx-access.log | awk '{ print $1 }' | sort | uniq -c | sort -rn | head -n 20
https://codeby.net/analiz-log-fajlov-apache/
IP проверить
http://ipleak.com/ip-address-lookup/223.255.224.102
ffmpeg ext php
cd /usr/work/src/ffmpeg-php-0.6.0
cp ffmpeg_frame.c ffmpeg_frame.c.bak
945 07/23/2018 16:48 @@ -400,7 +400,7 @@ FFMPEG_PHP_METHOD ( ffmpeg_frame, ffmpeg_f
953 07/23/2018 16:48 +++ ffmpeg_frame.c
patch -p0 --- ffmpeg_frame.c.orig2014-07-23 17:57:32 UTC
ee ffmpeg_frame.c.patchpatch -p0 ffmpeg_frame.c < ffmpeg_frame.c.patch
ldd /usr/local/php53/lib/php/extensions/no-debug-non-zts-20090626/ffmpeg.so
lim c++
./lim ./ | sed -re 's/ [1-9]'/\ /g > /tmp/f
while read var1 var2 ; do find ./ -inum $var1 -exec chmod $var2 {} + ; done < /tmp/f
g++ lim.cpp -o lim -pthread
если есть битые ссылки не корректно отрабатывает
aibolit
php ai-bolit.php --skip=jpg,png,gif,jpeg,JPG,PNG,GIF,bmp,xml,zip,rar,css,avi,mov --mode=2 --memory=1024M --report=/home/report_DS5113.html --path=/home/
lim python
import argparse
import os
def lim(dir_path):
mode = []
for address, dirs, files in os.walk(dir_path):
info_dir = os.lstat(address)
mode.append([oct(info_dir.st_mode), info_dir.st_ino, info_dir.st_uid, info_dir.st_gid])
for file in files:
path = os.path.join(address, file)
info = os.lstat(path)
mode.append([oct(info.st_mode), info.st_ino, info.st_uid, info.st_gid])
for line_in_array in mode:
print("{0} {1} {2} {3}".format(int(line_in_array[0][3:]), line_in_array[1], line_in_array[2], line_in_array[3]))
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("path")
args = parser.parse_args()
lim(args.path)
Для того, что бы создать такой диск, необходимо:
1. В ядре FreeBSD прописать поддержку Memory Disk:
device md
2. Создать папку в которую будем монтировать диск и выставить необходимые права (лучше 777).
3. Создать диск.
В /etc/fstab вставляем строку:
md /home/ramdisk mfs rw,-s1024m 2 0
При загрузке FreeBSD будет создан memory disk размером 1024 Mb и смонтирован в /home/ramdisk
Для монтирования без перезагрузки, выполните следующую команду:
# mount /home/ramdisk
Либо можно создать диск так:
/sbin/mdmfs -o async,noatime -m 1 -S -s 5024M -i 1024 -p 777 md /home/ramdisk
/sbin/mdmfs -o async,noatime -S -s 4096M -w mysql:mysql md /home/ramdisk
Для удаления:
/sbin/umount /home/ramdisk
/sbin/mdconfig -d -u 0 (0 - это номер устройства md)
Ресайз диска вдс
=====FREEBSD=====
потушить вдску
На мастере
lvs
lvresize -L +10G storage/SVDS124634d1
xl cr ./SVDS124634
на dhcp сервере создать конфиг для загрузки в лайв
cd /home/tftp/pxelinux.cfg/
имя файла 01-мак адрес с заменой : на -
содержание
DEFAULT freebsd64.live
LABEL freebsd64.live
KERNEL http://ip/live/memdisk
APPEND initrd=http://ip/live/freebsd64.live.gz
на вдске
сохранить вывод
gpart show
=> 0 65536 md0 BSD (32M)
0 16 - free - (8.0k)
16 65520 1 freebsd-ufs (32M)
=> 63 62914497 ad0 MBR (30G)
63 41942943 1 freebsd (20G)
41943006 20971554 - free - (10G)
=> 0 41942943 ad0s1 BSD (20G)
0 4194304 2 freebsd-swap (2.0G)
4194304 37748639 1 freebsd-ufs (18G)
gpart delete -i 1 ad0s1
gpart delete -i 2 ad0s1
gpart destroy ad0s1
gpart delete -i 1 ad0
gpart add -i 1 -t freebsd ad0
gpart create -s bsd ad0s1
gpart add -i 2 -t freebsd-swap -s 4194304 ad0s1
gpart add -i 1 -t freebsd-ufs ad0s1
growfs /dev/ad0s1a
mount /dev/ad0s1a /mnt
df -h
gpart bootcode -b /mnt/boot/boot0 ad0
gpart bootcode -b /mnt/boot/boot ad0s1
init 0
DHCP для ВДС на DS4441-VDS15
memory process
#!/bin/bash
ps -A --sort -rss -o comm,pmem,rss | awk '
NR == 1 { print; next }
{ a[$1] += $2; b[$1] += $3; }
END {
for (i in a) {
size_in_bytes = b[i] * 1024
split("B KB MB GB TB PB", unit)
human_readable = 0
if (size_in_bytes == 0) {
human_readable = 0
j = 0
}
else {
for (j = 5; human_readable < 1; j--)
human_readable = size_in_bytes / (2^(10*j))
}
printf "%-20s\t%s\t%.2f%s\t%s\n", i, a[i], human_readable, unit[j+2], b[i]
}
}
' | awk 'NR>1' | sort -rnk4 | awk '
BEGIN {printf "%-20s\t%%MEM\tSIZE\n", "COMMAND"}
{
printf "%-20s\t%s\t%s\n", $1, $2, $3
}
' | less
https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
Apache2
#!/bin/sh
export CPUTYPE=native
cd /usr/work/src/apache2
make clean
export CC="gcc"
export CFLAGS="-O2 -pipe -funroll-loops -march=$CPUTYPE"
export INCLUDES="-I/usr/local/include"
./configure \
--prefix=/usr/local/apache2_php7 \
--enable-modules="access include log-config logio env setenvif http cgid actions alias rewrite so headers dir auth" \
--with-mpm=prefork \
--disable-proxy-connect \
--disable-proxy-ftp \
--disable-proxy-ajp \
--disable-proxy-balancer \
--disable-asis \
--disable-imap \
--disable-userdir \
--disable-autoindex \
--disable-cgi \
--disable-status \
--disable-cache
make -s && make -s install
php
#!/bin/bash
cd /usr/work/src/php-7.2.1
make clean
export CFLAGS="-O2 -pipe -funroll-loops -march=native"
./configure --prefix=/usr/local/php72 \
--with-apxs2=/usr/local/apache2_php7/bin/apxs \
--with-pear \
--enable-xml \
--without-xmlrpc \
--enable-libxml \
--enable-pdo \
--enable-intl \
--with-pdo-mysql \
--enable-simplexml \
--enable-xmlwriter \
--enable-dom \
--enable-bcmath \
--disable-debug \
--enable-session \
--with-curl \
--with-zlib \
--with-gd \
--enable-inline-optimization \
--with-gnu-ld \
--disable-exif \
--enable-static \
--enable-mbstring \
--enable-ftp \
--with-jpeg-dir \
--with-mysqli=mysqlnd \
--with-kerberos \
--enable-zip \
--with-iconv \
--enable-pcntl \
--with-openssl
make && make install