27
Oct

fail2ban centos 7

   Posted by: admin   in Linúc ếch bợt

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]

action = %(action_)s

rm jail.d/00-firewalld*

15
Apr

Bash convert number

   Posted by: admin   in Mẹo vặt của hiếu râu

Method of converting scientific notation (e) to numbers under Linux (tutorialfor.com)

Scientific notation uses e to identify values,The idea of ​​turning scientific computing into numbers:press the number to the right of e to move the number of decimal places.If the number to the right of e is negative,Then move the decimal point to the left.Examples are as follows:

  1. 1.2345678e2=123.45678
  2. 1.2345678e-2=0.012345678
  3. 1.7615562e + 06=1761556.2
  4. 1.87982e7=18798200
  5. 1e3=1000

So how do you convert scientific notation into numbers in the shell,The method is as follows:Here take “1.7615562e + 06″ (or 1.7615562e6) as an example:

  1. [root@kevin ~] #echo "1.7615562e6" | gawk "$1=strtonum ($1)"
  2. 1.76156e + 06

1) Conversion of scientific notation to decimal

  1. [root@kevin ~] #printf "%f" 1.7615569e + 06
  2. 1761556.900000
  3. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  4. 1761556.900000
  5. [root@kevin ~] #echo "1.7615569e + 03" | awk "{printf ("%f ", $0)}"
  6. 1761.556900
  7. [root@kevin ~] #echo "1.7615569e + 04" | awk "{printf ("%f ", $0)}"
  8. 17615.569000
  9. [root@kevin ~] #echo "1.7615569e-6" | awk "{printf ("%f ", $0)}"
  10. 0.000002
  11. [root@kevin ~] #echo "1.7615569e-4" | awk "{printf ("%f ", $0)}"
  12. 0.000176
  13. [root@kevin ~] #echo "1.7615569e-3" | awk "{printf ("%f ", $0)}"
  14. 0.001762
  15. [root@kevin ~] #echo "1.7615569e-2" | awk "{printf ("%f ", $0)}"
  16. 0.017616

Note:This method,In the conversion result, 6 digits are reserved after the decimal point:

1) If the number after e is positive,6 digits should be reserved after the decimal point, if not enough,Make up with 0.

2) If the number after e is negative,6 digits should be reserved after the decimal point.6 bits are reserved.

2) Convert scientific notation to decimal and retain two decimal places

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 2f ", $0)}"
  2. 1761556.90

Keep three decimal places

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 3f ", $0)}"
  2. 1761556.900

3) Scientific notation is converted to decimal and rounded

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0)}"
  2. 1761556
  3. [root@kevin ~] #echo "1.7615569e3" | awk "{printf ("%d ", $0)}"
  4. 1761
  5. [root@kevin ~] #echo "1.7615569e02" | awk "{printf ("%d ", $0)}"
  6. 176

4) Scientific notation is converted to decimal and rounded

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
  2. 1761557
  3. [root@kevin ~] #echo "1.7615563e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
  4. 1761556

5) How to remove the useless 0 after the decimal point, you can refer to:daily operation and maintenanceIntercept string in shell scriptPractice, that is, using variable expansion

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  2. 1761556.900000
  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
  4. [root@kevin ~] #echo ${var %%0 *}
  5. 1761556.9

Or use the sed method

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
  2. 1761556.900000
  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
  4. [root@kevin ~] #echo "$var" | sed "s/0 * $//"
  5. 1761556.9
  6. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}" | sed "s/0 * $//"
  7. 1761556.9

6) Sed removes the characters after the decimal point

  1. [root@kevin ~] #echo "kevin.123" | sed "s /\.*//g"
  2. kevin123
  3. \ .. * represents 1 or more after the decimal point
  4. [root@kevin ~] #echo "kevin.123" | sed "s /\..*//g"
  5. kevin
  6. [root@kevin ~] #echo "kevin_123" | sed "s/\ _ * //g"
  7. kevin123
  8. [root@kevin ~] #echo "kevin_123" | sed "s /\_.*//g"
  9. kevin

Command explanation:

* Represents 0 to more. Therefore, \. * Can only replace the decimal point and become empty.\ _ * Similarly.

. * Stands for 1 or more. Therefore, \ .. * removed everything after the decimal point.\ _. * Similarly.

7) Description of numerical calculation in the shell

  1. 1) bc method
  2. bc is a more commonly used linux computing tool,And supports floating-point operations:
  3. [root@kevin ~] #a=`echo 1 + 1 | bc`
  4. [root@kevin ~] #echo $a
  5. 2
  6. This method cannot solve the precision problem of floating point arithmetic,The following floating point calculations are silly x!
  7. [root@kevin ~] #a=`echo 1 + 1 | bc`
  8. [root@kevin ~] #echo $a
  9. 2
  10. [root@kevin ~] #b=`echo" 1.2 * 1.2 "| bc`
  11. [root@kevin ~] #echo $b
  12. 1.4
  13. [root@kevin ~] #c=`echo" 5.0/3.0 "| bc`
  14. [root@kevin ~] #echo $c
  15. 1
  16. [root@kevin ~] #d=`echo" scale=2;5.0/3.0 "| bc`
  17. [root@kevin ~] #echo $d
  18. 1.66
  19. [root@kevin ~] #e=`echo" scale=2;5.0/6.0 "| bc`
  20. [root@kevin ~] #echo $e
  21. .83
  22. 2) expr method
  23. Does not support floating point calculations,This is a pit,And pay attention to the spaces in numbers and operators.
  24. [root@kevin ~] #a=`expr 1 + 1`
  25. [root@kevin ~] #echo $a
  26. 1 + 1
  27. [root@kevin ~] #a=`expr 1 + 1`
  28. [root@kevin ~] #echo $a
  29. 2
  30. [root@kevin ~] #b=`expr 10/2`
  31. [root@kevin ~] #echo $b
  32. 5
  33. 3) $(()) method
  34. Same as expr, does not support floating point arithmetic
  35. [root@kevin ~] #a=$((1 + 1))
  36. [root@kevin ~] #echo $a
  37. 2
  38. [root@kevin ~] #b=$((1 + 3))
  39. [root@kevin ~] #echo $b
  40. 4
  41. 4) let method
  42. Does not support floating point arithmetic,And does not support direct output,Can only be assigned
  43. [root@kevin ~] #let a=1 + 1
  44. [root@kevin ~] #echo $a
  45. 2
  46. [root@kevin ~] #let b=50/5
  47. [root@kevin ~] #echo $b
  48. 10
  49. [root@kevin ~] #let c=1.2 * 2
  50. -bash:let:c=1.2 * 2:syntax error:invalid arithmetic operator (error token is ".2 * 2")
  51. 5) Awk method
  52. Common operations:
  53. [root@kevin ~] #a=`echo | awk" {print 1.0/2.0} "`
  54. [root@kevin ~] #echo $a
  55. 0.5
  56. control precision:
  57. [root@kevin ~] #b=`echo | awk" {printf ("%. 2f", 1.0/2.0)} "`
  58. [root@kevin ~] #echo $b
  59. 0.50
  60. Passing parameters:
  61. [root@kevin ~] #c=`echo | awk -v a=1 -v b=3" {printf ("%. 4f", a/b)} "`
  62. [root@kevin ~] #echo $c
  63. 0.3333
  64. Awk combined with begin (retain 6 digits after the decimal point)
  65. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (87/500) * 100}"
  66. 17.40%
  67. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (100/300) * 100}"
  68. 33.33%

in summary,Or awk’s method is the most reliable,Other methods have corresponding problems.Therefore, it is recommended to use awk to perform mathematical calculations in daily maintenance scenarios.

11
Mar

Squid Reverse Proxy

   Posted by: admin   in Mẹo vặt của hiếu râu

cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
acl sites_server_1 dstdomain www.example.com example.com
cache_peer_access server_1 allow sites_server_1

cache_peer ip.of.server2 parent 80 0 no-query originserver name=server_2
acl sites_server_2 dstdomain www.example.net download.example.com .example.net
cache_peer_access server_2 allow sites_server_2
acl foo urlpath_regex ^/foo

cache_peer ip.of.server1 parent 80 0 no-query originserver name=server1
cache_peer_access server1 deny foo

cache_peer ip.of.server2 parent 80 0 no-query originserver name=server2
cache_peer_access server2 allow foo
cache_peer_access server2 deny all

SquidFaq/SquidAcl - Squid Web Proxy Wiki (squid-cache.org)

24
Nov

win mười ác ti

   Posted by: admin   in Mẹo vặt của hiếu râu

C:\Windows\system32>slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
C:\Windows\system32>slmgr /skms kms.digiboy.ir
C:\Windows\system32>slmgr /ato
16
Sep

MariaDB audit log

   Posted by: admin   in Mẹo vặt của hiếu râu

INSTALL SONAME ’server_audit’;

SET GLOBAL server_audit_events=’QUERY_DML_NO_SELECT’;

SET GLOBAL server_audit_logging=ON;

SET GLOBAL server_audit_incl_users=’cacti’;

https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/

4
Aug

my fail2ban ssh

   Posted by: admin   in Mẹo vặt của hiếu râu

#!/bin/bash

BLACKLIST=`tail -n 1000 /var/log/secure | grep “Failed password for root from” | sed ’s/  / /g’ | cut -d’ ‘ -f 11 | sort | uniq -c | sort -n -r | grep -v -E ” 1 | 2 | 3 ” | sed ’s/^ *//g’ | cut -d’ ‘ -f 2`;

for i in $BLACKLIST; do

echo “+”${i} > /proc/net/xt_recent/SSH

done

add crontab */6

modprobe xt_recent ip_list_tot=1000

iptables-restore

-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -m recent –rcheck –seconds 86400 –hitcount 1 –name SSH –mask 255.255.255.255 –rsource -j DROP
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -j ACCEPT
16
Dec

ELK packetbeat

   Posted by: admin   in Mẹo vặt của hiếu râu

#yum -y install java-openjdk-devel java-openjdk

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF


sudo yum clean all
sudo yum makecache
sudo yum -y install elasticsearch
vi /etc/elasticsearch/jvm.options
set 4G heap
systemctl enable --now elasticsearch.service 
curl http://127.0.0.1:9200 
yum -y install kibana
vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "kibana.example.com"
elasticsearch.url: "http://localhost:9200"
systemctl enable --now kibana
yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic
curl -s -H "Content-Type: application/json" -XPUT localhost:9200/sniff -d
'{"mappings": { "doc" :  {"properties" : {"@datetime":{"type":"date"}}}}'}
cat json.txt

{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }

{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.238″,”sport”:5601,”dest”:”10.10.26.253″,”dport”:57086}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:40,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@json.txt”
tcpdump -i eth1 -nnnn -tt -v not port 22 | php tcparse.php
# cat load.sh
#!/bin/bash

/bin/killall tcpdump
sleep 5
/sbin/tcpdump -i eth7 -nnnn -tt -G 60 -z /_DATA/reload2.sh -w /tmp/PCAP2-%Y-%m-%d-%H-%M-%S &
/sbin/tcpdump -i eth6 -nnnn -tt -G 60 -z /_DATA/reload.sh -w /tmp/PCAP-%Y-%m-%d-%H-%M-%S &

# cat reload.sh
#!/bin/bash

rm -f /_DATA/json.txt
rm -f /_DATA/sql.txt tcpdump -v -nnnn -tt -r $1 not vrrp | php /_DATA/tcparse.php json.txt sql.txt 1
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@/_DATA/json.txt”
mkdir /_DATA/`date +%Y-%m` > /dev/null 2>&1
mkdir /_DATA/`date +%Y-%m`/`date +%d` > /dev/null 2>&1
mv $1 /_DATA/`date +%Y-%m`/`date +%d`
/bin/mysql –defaults-extra-file=/_DATA/mysql.ini SNIFF < /_DATA/sql.txt &

30
May

snmp proxy

   Posted by: admin   in Mẹo vặt của hiếu râu

# com2sec6 [-Cn CONTEXT]   SECNAME          SOURCE    COMMUNITY

com2sec   -Cn old14   notConfigUser6   default  10.175.0.14

com2sec   -Cn old15   notConfigUser6   default  10.175.0.15

# group    GROUP           {v1|v2c|usm}     SECNAME

group      OLDSWITCH       v2c              notConfigUser6

# view     VNAME           TYPE             OID   [MASK]

view       all             included         .1

# access   GROUP           CONTEXT          {any|v1|v2c|usm}  LEVEL  PREFX  READ WRITE NOTIFY

access     OLDSWITCH       old        v2c               noauth prefix  all  none  none

# proxy [-Cn CONTEXTNAME]  [SNMPCMD_ARGS]    HOST         OID

proxy   -Cn old14      -v 2c -c public   10.175.0.14  .1.3

proxy   -Cn old15      -v 2c -c public  10.175.0.15  .1.3

22
May

Centos 7 Clone

   Posted by: admin   in Mẹo vặt của hiếu râu

#yum install -y rsync

#vi /root/rsync.excl
/boot
/dev
/tmp
/sys
/proc
/backup
/etc/fstab
/etc/mtab
/etc/mdadm.conf
/etc/sysconfig/network*
#rsync -vPa –exclude-from=/root/rsync.excl -e ssh / DESTIP:/
13
Feb

syslog-ng

   Posted by: admin   in Mẹo vặt của hiếu râu

source s_net {
udp(ip(0.0.0.0) port(514));
};
destination d_net {
file(”/_SYSLOG/$HOST/$YEAR/$MONTH/$FACILITY $DAY”
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) );
};
log { source(s_net); destination(d_net); };
=========client========
/etc/rsyslog.conf
*.*  @server-ip