Archive for the ‘Mẹo vặt của hiếu râu’ Category

16
Dec

ELK packetbeat

   Posted by: admin

#yum -y install java-openjdk-devel java-openjdk

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF


sudo yum clean all
sudo yum makecache
sudo yum -y install elasticsearch
vi /etc/elasticsearch/jvm.options
set 4G heap
systemctl enable --now elasticsearch.service 
curl http://127.0.0.1:9200 
yum -y install kibana
vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "kibana.example.com"
elasticsearch.url: "http://localhost:9200"
systemctl enable --now kibana
yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic
curl -s -H "Content-Type: application/json" -XPUT localhost:9200/sniff -d
'{"mappings": { "doc" :  {"properties" : {"@datetime":{"type":"date"}}}}'}
cat json.txt

{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }

{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.238″,”sport”:5601,”dest”:”10.10.26.253″,”dport”:57086}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:40,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@json.txt”
tcpdump -i eth1 -nnnn -tt -v not port 22 | php tcparse.php
# cat load.sh
#!/bin/bash

/bin/killall tcpdump
sleep 5
/sbin/tcpdump -i eth7 -nnnn -tt -G 60 -z /_DATA/reload2.sh -w /tmp/PCAP2-%Y-%m-%d-%H-%M-%S &
/sbin/tcpdump -i eth6 -nnnn -tt -G 60 -z /_DATA/reload.sh -w /tmp/PCAP-%Y-%m-%d-%H-%M-%S &

# cat reload.sh
#!/bin/bash

rm -f /_DATA/json.txt
rm -f /_DATA/sql.txt tcpdump -v -nnnn -tt -r $1 not vrrp | php /_DATA/tcparse.php json.txt sql.txt 1
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@/_DATA/json.txt”
mkdir /_DATA/`date +%Y-%m` > /dev/null 2>&1
mkdir /_DATA/`date +%Y-%m`/`date +%d` > /dev/null 2>&1
mv $1 /_DATA/`date +%Y-%m`/`date +%d`
/bin/mysql –defaults-extra-file=/_DATA/mysql.ini SNIFF < /_DATA/sql.txt &

30
May

snmp proxy

   Posted by: admin

# com2sec6 [-Cn CONTEXT]   SECNAME          SOURCE    COMMUNITY

com2sec   -Cn old14   notConfigUser6   default  10.175.0.14

com2sec   -Cn old15   notConfigUser6   default  10.175.0.15

# group    GROUP           {v1|v2c|usm}     SECNAME

group      OLDSWITCH       v2c              notConfigUser6

# view     VNAME           TYPE             OID   [MASK]

view       all             included         .1

# access   GROUP           CONTEXT          {any|v1|v2c|usm}  LEVEL  PREFX  READ WRITE NOTIFY

access     OLDSWITCH       old        v2c               noauth prefix  all  none  none

# proxy [-Cn CONTEXTNAME]  [SNMPCMD_ARGS]    HOST         OID

proxy   -Cn old14      -v 2c -c public   10.175.0.14  .1.3

proxy   -Cn old15      -v 2c -c public  10.175.0.15  .1.3

22
May

Centos 7 Clone

   Posted by: admin

#yum install -y rsync

#vi /root/rsync.excl
/boot
/dev
/tmp
/sys
/proc
/backup
/etc/fstab
/etc/mtab
/etc/mdadm.conf
/etc/sysconfig/network*
#rsync -vPa –exclude-from=/root/rsync.excl -e ssh / DESTIP:/
13
Feb

syslog-ng

   Posted by: admin

source s_net {
udp(ip(0.0.0.0) port(514));
};
destination d_net {
file(”/_SYSLOG/$HOST/$YEAR/$MONTH/$FACILITY $DAY”
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) );
};
log { source(s_net); destination(d_net); };
=========client========
/etc/rsyslog.conf
*.*  @server-ip
16
Aug

contrail

   Posted by: admin

https://github.com/Juniper/contrail-ansible-deployer/wiki/Deployment-Example:-Contrail-and-Kubernetes-and-Openstack

https://www.juniper.net/documentation/en_US/contrail5.0/information-products/pathway-pages/contrail-feature-guide-pwp.pdf

https://www.youtube.com/watch?v=cULuCvB-_b0

==================== EVPN VXLAN ===========================

set interfaces ge-0/0/7 unit 0 family bridge interface-mode access

set interfaces ge-0/0/7 unit 0 family bridge vlan-id 200

set interfaces ge-0/0/8 unit 0 family bridge interface-mode access

set interfaces ge-0/0/8 unit 0 family bridge vlan-id 1000

set interfaces ge-0/0/9 unit 0 family inet address 192.168.122.21/24

set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5B75A36475

set interfaces irb unit 200 family inet address 200.200.200.200/24

set interfaces irb unit 1000 family inet address 10.1.1.122/24

set interfaces lo0 unit 0 family inet address 5.5.5.5/32

set interfaces lo0 unit 11 family inet address 11.11.11.1/32

set routing-options router-id 5.5.5.5

set protocols bgp group contrail type internal

set protocols bgp group contrail family evpn signaling

set protocols bgp group contrail local-as 64512

set protocols bgp group contrail allow 192.168.122.0/24

set routing-instances VRF instance-type vrf

set routing-instances VRF interface irb.200

set routing-instances VRF interface irb.1000

set routing-instances VRF interface lo0.11

set routing-instances VRF route-distinguisher 5.5.5.5:11

set routing-instances VRF vrf-target target:64512:1

set routing-instances VRF vrf-table-label

set routing-instances VRF routing-options auto-export

set routing-instances VS vtep-source-interface lo0.0

set routing-instances VS instance-type virtual-switch

set routing-instances VS interface ge-0/0/8.0

set routing-instances VS route-distinguisher 5.5.5.5:1

set routing-instances VS vrf-target target:64512:1

set routing-instances VS protocols evpn encapsulation vxlan

set routing-instances VS protocols evpn extended-vni-list 1000

set routing-instances VS protocols evpn multicast-mode ingress-replication

set routing-instances VS bridge-domains VLAN1000 domain-type bridge

set routing-instances VS bridge-domains VLAN1000 vlan-id 1000

set routing-instances VS bridge-domains VLAN1000 routing-interface irb.1000

set routing-instances VS bridge-domains VLAN1000 vxlan vni 1000

set routing-instances VS bridge-domains VLAN1000 vxlan ingress-node-replication

set bridge-domains VLAN200 vlan-id 200

set bridge-domains VLAN200 routing-interface irb.200

================ MPLSoGRE =======================

set chassis fpc 0 pic 0 tunnel-services

set interfaces ge-0/0/8 unit 0 description “IP Fabric Int”

set interfaces ge-0/0/8 unit 0 family inet address 9.9.9.9/24

set interfaces ge-0/0/9 unit 0 family inet address 192.168.122.22/24

set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5B76594E6D

set interfaces lo0 unit 0 family inet address 127.0.0.1/32

set routing-options static route 0.0.0.0/0 next-hop 9.9.9.10

set routing-options route-distinguisher-id 192.168.122.22

set routing-options autonomous-system 64512

set routing-options dynamic-tunnels gw-gre source-address 192.168.122.22

set routing-options dynamic-tunnels gw-gre gre

set routing-options dynamic-tunnels gw-gre destination-networks 192.168.122.0/24

set protocols mpls interface all

set protocols bgp group contrail type internal

set protocols bgp group contrail local-address 192.168.122.22

set protocols bgp group contrail family inet-vpn unicast

set protocols bgp group contrail family route-target

set protocols bgp group contrail peer-as 64512

set protocols bgp group contrail local-as 64512

set protocols bgp group contrail allow 192.168.122.0/24

set protocols ldp interface all

set routing-instances admin instance-type vrf

set routing-instances admin interface ge-0/0/8.0

set routing-instances admin vrf-target target:64512:11111

set routing-instances admin routing-options static route 0.0.0.0/0 next-hop 9.9.9.10

====================== L2VXLAN + L3 MPLSoGRE ==========================

set chassis fpc 0 pic 0 tunnel-services

set interfaces ge-0/0/7 unit 0 family inet address 111.111.111.111/24

set interfaces ge-0/0/8 unit 0 family bridge interface-mode access

set interfaces ge-0/0/8 unit 0 family bridge vlan-id 1000

set interfaces ge-0/0/9 unit 0 family inet address 192.168.122.21/24

set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5B75A36475

set interfaces lo0 unit 0 family inet address 9.9.9.9/32

set routing-options static route 1.1.1.1/32 next-hop 192.168.122.10

set routing-options router-id 9.9.9.9

set routing-options route-distinguisher-id 192.168.122.21

set routing-options dynamic-tunnels gw-gre source-address 192.168.122.21

set routing-options dynamic-tunnels gw-gre gre

set routing-options dynamic-tunnels gw-gre destination-networks 192.168.122.0/24

set protocols bgp group contrail type internal

set protocols bgp group contrail family inet-vpn unicast

set protocols bgp group contrail family evpn signaling

set protocols bgp group contrail local-as 64512

set protocols bgp group contrail allow 192.168.122.0/24

set routing-instances net1L2 vtep-source-interface lo0.0

set routing-instances net1L2 instance-type virtual-switch

set routing-instances net1L2 interface ge-0/0/8.0

set routing-instances net1L2 route-distinguisher 9.9.9.9:11111

set routing-instances net1L2 vrf-target target:64512:11111

set routing-instances net1L2 protocols evpn encapsulation vxlan

set routing-instances net1L2 protocols evpn extended-vni-list 1000

set routing-instances net1L2 protocols evpn multicast-mode ingress-replication

set routing-instances net1L2 bridge-domains VLAN1000 domain-type bridge

set routing-instances net1L2 bridge-domains VLAN1000 vlan-id 1000

set routing-instances net1L2 bridge-domains VLAN1000 vxlan vni 1000

set routing-instances net1L2 bridge-domains VLAN1000 vxlan ingress-node-replication

set routing-instances net1L3 instance-type vrf

set routing-instances net1L3 vrf-table-label

set routing-instances net1L3 interface ge-0/0/7.0

set routing-instances net1L3 vrf-target target:64512:11111

set routing-instances net1L3 routing-options static route 0.0.0.0/0 next-hop 111.111.111.112

==================== 2DC ====================

[edit]

root@VMX9999# show | display set | no-more

set chassis fpc 0 pic 0 tunnel-services

set chassis network-services enhanced-ip

set interfaces ge-0/0/0 description “loop back to extL2″

set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk

set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 1000

set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 1002

set interfaces ge-0/0/1 description “loop back to net1L2″

set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk

set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 1000

set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 1002

set interfaces ge-0/0/2 description “server access vlan 1000″

set interfaces ge-0/0/2 unit 0 family bridge interface-mode access

set interfaces ge-0/0/2 unit 0 family bridge vlan-id 1000

set interfaces ge-0/0/3 description “server access vlan 1002″

set interfaces ge-0/0/3 unit 0 family bridge interface-mode access

set interfaces ge-0/0/3 unit 0 family bridge vlan-id 1002

set interfaces ge-0/0/4 description “server L3 172.16.9.9″

set interfaces ge-0/0/4 unit 0 family inet address 172.16.9.21/24

set interfaces ge-0/0/5 description “Internet Peering”

set interfaces ge-0/0/5 unit 0 family inet address 20.1.1.21/24

set interfaces ge-0/0/9 unit 0 family inet address 192.168.122.21/24

set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5B75A36475

set interfaces irb unit 1000 virtual-gateway-accept-data

set interfaces irb unit 1000 family inet address 10.1.1.254/24 virtual-gateway-address 10.1.1.1

set interfaces irb unit 1002 virtual-gateway-accept-data

set interfaces irb unit 1002 family inet address 10.1.2.254/24 virtual-gateway-address 10.1.2.1

set interfaces lo0 unit 0 family inet address 9.9.9.9/32

set interfaces lo0 unit 1 family inet address 9.9.9.10/32

set routing-options static route 0.0.0.0/0 next-hop 20.1.1.1

set routing-options router-id 9.9.9.9

set routing-options route-distinguisher-id 192.168.122.21

set routing-options autonomous-system 64512

set routing-options dynamic-tunnels gw-gre source-address 9.9.9.9

set routing-options dynamic-tunnels gw-gre gre

set routing-options dynamic-tunnels gw-gre destination-networks 192.168.122.0/24

set routing-options dynamic-tunnels gw-gre destination-networks 8.8.8.8/32

set protocols bgp group contrail type internal

set protocols bgp group contrail family inet-vpn unicast

set protocols bgp group contrail family evpn signaling

set protocols bgp group contrail local-as 64512

set protocols bgp group contrail allow 192.168.122.0/24

set protocols bgp group EXT_BGP type external

set protocols bgp group EXT_BGP multihop ttl 5

set protocols bgp group EXT_BGP local-address 9.9.9.9

set protocols bgp group EXT_BGP family inet-vpn unicast

set protocols bgp group EXT_BGP family evpn signaling

set protocols bgp group EXT_BGP neighbor 8.8.8.8 peer-as 64513

set protocols bgp group EXT_BGP neighbor 8.8.8.8 local-as 64512

set routing-instances extL2 vtep-source-interface lo0.0

set routing-instances extL2 instance-type virtual-switch

set routing-instances extL2 interface ge-0/0/0.0

set routing-instances extL2 interface ge-0/0/2.0

set routing-instances extL2 interface ge-0/0/3.0

set routing-instances extL2 route-distinguisher 9.9.9.9:20

set routing-instances extL2 vrf-target target:64512:20

set routing-instances extL2 protocols evpn encapsulation vxlan

set routing-instances extL2 protocols evpn extended-vni-list 100

set routing-instances extL2 protocols evpn extended-vni-list 102

set routing-instances extL2 protocols evpn multicast-mode ingress-replication

set routing-instances extL2 bridge-domains VLAN1000 vlan-id 1000

set routing-instances extL2 bridge-domains VLAN1000 vxlan vni 100

set routing-instances extL2 bridge-domains VLAN1000 vxlan ingress-node-replication

set routing-instances extL2 bridge-domains VLAN1002 vlan-id 1002

set routing-instances extL2 bridge-domains VLAN1002 vxlan vni 102

set routing-instances extL2 bridge-domains VLAN1002 vxlan ingress-node-replication

set routing-instances net1L2 vtep-source-interface lo0.0

set routing-instances net1L2 instance-type virtual-switch

set routing-instances net1L2 interface ge-0/0/1.0

set routing-instances net1L2 route-distinguisher 9.9.9.9:11111

set routing-instances net1L2 vrf-target target:64512:11111

set routing-instances net1L2 protocols evpn encapsulation vxlan

set routing-instances net1L2 protocols evpn extended-vni-list 1000

set routing-instances net1L2 protocols evpn extended-vni-list 1002

set routing-instances net1L2 protocols evpn multicast-mode ingress-replication

set routing-instances net1L2 bridge-domains VLAN1000 domain-type bridge

set routing-instances net1L2 bridge-domains VLAN1000 vlan-id 1000

set routing-instances net1L2 bridge-domains VLAN1000 routing-interface irb.1000

set routing-instances net1L2 bridge-domains VLAN1000 vxlan vni 1000

set routing-instances net1L2 bridge-domains VLAN1000 vxlan ingress-node-replication

set routing-instances net1L2 bridge-domains VLAN1002 domain-type bridge

set routing-instances net1L2 bridge-domains VLAN1002 vlan-id 1002

set routing-instances net1L2 bridge-domains VLAN1002 routing-interface irb.1002

set routing-instances net1L2 bridge-domains VLAN1002 vxlan vni 1002

set routing-instances net1L2 bridge-domains VLAN1002 vxlan ingress-node-replication

set routing-instances net1L3 instance-type vrf

set routing-instances net1L3 interface ge-0/0/4.0

set routing-instances net1L3 interface irb.1000

set routing-instances net1L3 interface irb.1002

set routing-instances net1L3 interface lo0.1

set routing-instances net1L3 vrf-target target:64512:20

set routing-instances net1L3 vrf-table-label

set routing-instances net1L3 routing-options static route 10.1.2.0/24 discard

set routing-instances net1L3 routing-options static route 10.1.1.0/24 discard

[edit]
root@VMX8888# show | display set | no-more
set chassis fpc 0 pic 0 tunnel-services
set interfaces ge-0/0/2 description “server access vlan 1000″
set interfaces ge-0/0/2 unit 0 family bridge interface-mode access
set interfaces ge-0/0/2 unit 0 family bridge vlan-id 1000
set interfaces ge-0/0/3 description “server access vlan 1002″
set interfaces ge-0/0/3 unit 0 family bridge interface-mode access
set interfaces ge-0/0/3 unit 0 family bridge vlan-id 1002
set interfaces ge-0/0/4 description “server L3 172.16.8.8″
set interfaces ge-0/0/4 unit 0 family inet address 172.16.8.22/24
set interfaces ge-0/0/5 description “Internet Peering”
set interfaces ge-0/0/5 unit 0 family inet address 20.2.2.22/24
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5B76594E6D
set interfaces irb unit 1000 virtual-gateway-accept-data
set interfaces irb unit 1000 family inet address 10.1.1.253/24 virtual-gateway-address 10.1.1.1
set interfaces irb unit 1002 virtual-gateway-accept-data
set interfaces irb unit 1002 family inet address 10.1.2.253/24 virtual-gateway-address 10.1.2.1
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set interfaces lo0 unit 1 family inet address 8.8.8.9/32
set routing-options static route 0.0.0.0/0 next-hop 20.2.2.1
set routing-options router-id 8.8.8.8
set routing-options route-distinguisher-id 20.2.2.22
set routing-options autonomous-system 64513
set routing-options dynamic-tunnels gw-gre source-address 8.8.8.8
set routing-options dynamic-tunnels gw-gre gre
set routing-options dynamic-tunnels gw-gre destination-networks 9.9.9.9/32
set protocols bgp group EXT_BGP type external
set protocols bgp group EXT_BGP multihop ttl 5
set protocols bgp group EXT_BGP local-address 8.8.8.8
set protocols bgp group EXT_BGP family inet-vpn unicast
set protocols bgp group EXT_BGP family evpn signaling
set protocols bgp group EXT_BGP neighbor 9.9.9.9 peer-as 64512
set protocols bgp group EXT_BGP neighbor 9.9.9.9 local-as 64513
set routing-instances extL2 vtep-source-interface lo0.0
set routing-instances extL2 instance-type virtual-switch
set routing-instances extL2 interface ge-0/0/2.0
set routing-instances extL2 interface ge-0/0/3.0
set routing-instances extL2 route-distinguisher 8.8.8.8:20
set routing-instances extL2 vrf-target target:64512:20
set routing-instances extL2 protocols evpn encapsulation vxlan
set routing-instances extL2 protocols evpn extended-vni-list 100
set routing-instances extL2 protocols evpn extended-vni-list 102
set routing-instances extL2 protocols evpn multicast-mode ingress-replication
set routing-instances extL2 bridge-domains VLAN1000 vlan-id 1000
set routing-instances extL2 bridge-domains VLAN1000 routing-interface irb.1000
set routing-instances extL2 bridge-domains VLAN1000 vxlan vni 100
set routing-instances extL2 bridge-domains VLAN1000 vxlan ingress-node-replication
set routing-instances extL2 bridge-domains VLAN1002 vlan-id 1002
set routing-instances extL2 bridge-domains VLAN1002 routing-interface irb.1002
set routing-instances extL2 bridge-domains VLAN1002 vxlan vni 102
set routing-instances extL2 bridge-domains VLAN1002 vxlan ingress-node-replication
set routing-instances net1L3 instance-type vrf
set routing-instances net1L3 interface ge-0/0/4.0
set routing-instances net1L3 interface irb.1000
set routing-instances net1L3 interface irb.1002
set routing-instances net1L3 interface lo0.1
set routing-instances net1L3 vrf-target target:64512:20
set routing-instances net1L3 vrf-table-label
set routing-instances net1L3 routing-options static route 10.1.2.0/24 discard
set routing-instances net1L3 routing-options static route 10.1.1.0/24 discard
[edit]
root@VMX8888#
11
Jun

lighttpd

   Posted by: admin

https://www.vultr.com/docs/how-to-install-lighttpd-llmp-stack-on-centos-6

Installing PHP

Install PHP using yum.

yum install lighttpd-fastcgi php-fpm

Configure PHP-FPM user settings.

vi /etc/php-fpm.d/www.conf

We must add the following lines to the either the top or bottom of the configuration:

user = lighttpd

group = lighttpd

Make PHP-FPM start on boot.

php-fpm on

Start PHP-FPM.

service php-fpm start

Configure php.ini.

vi /etc/php.ini

Remove the commenting on the following line.

cgi.fix_pathinfo=1

Tell Lighttpd that PHP exists on this server.

vi /etc/lighttpd/modules.conf

Add the following line.

include “conf.d/fastcgi.conf”

Now we must tell PHP to listen on port 9000 (Lighttpd will send PHP requests there). Using your favorite text editor, edit the fastcgi configuration.

vi /etc/lighttpd/conf.d/fastcgi.conf

At the top of the configuration, add the following lines of code.

fastcgi.server += ( “.php” =>

((

“host” => “127.0.0.1″,

“port” => “9000″,

“broken-scriptfilename” => “enable”

))

)

Restart PHP-FPM and Lighttpd for our changes to take effect.

service php-fpm restart

service lighttpd restart

8
Jun

Docker

   Posted by: admin

#yum install epel-release
#yum install docker-io
#docker search centos
#docker pull centos
#docker images
# docker run -tid –name centos centos
# docker ps -all
#docker exec -ti centos bash

#mkdir /netconf; cd /netconf
#vi Dockerfile

FROM centos

ENV http_proxy http://10.99.0.232:3128

ENV https_proxy http://10.99.0.232:3128

RUN yum -y update

RUN yum -y install httpd mc telnet net-tools less

RUN yum -y install epel-release

RUN rpm -ivh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

RUN yum-config-manager –enable remi-php70

RUN yum -y install php php-pdo php-dom php-devel

EXPOSE 80

CMD /usr/sbin/apachectl -DFOREGROUND

#docker build -t netconf .

# docker run -tid -v /netconf/html:/var/www/html -p 80:80 –cap-add SYS_ADMIN –name netconf netconf

#docker exec -ti netconf bash
#docker stop netconf
#docker rm netconf
#docker rmi netconf

#docker export -o /path/to/file containername

#cat /path/to/file | docker import - imagename

30
Mar

openvz vxlan

   Posted by: admin

download template here https://openvz.org/Download/template/precreated

# vzctl create 350 –ostemplate centos-6-x86_64-minimal
# vzctl set 350 –netif_add eth0 –save
# vzctl start 350

# brctl addbr br0
# brctl addif br0 veth350.0
# brctl show
# ip link add vxlan0 type vxlan id 100 dev eth3
# ifconfig vxlan0 up
# ifconfig br0 up
# brctl addif br0 vxlan0
# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.001851a44308       no              veth350.0
———————————————————————–vxlan0
# bridge fdb append to 00:00:00:00:00:00 dst 10.99.92.5 dev vxlan0
# bridge fdb append to 00:00:00:00:00:00 dst 10.99.92.6 dev vxlan0
# bridge fdb show
00:00:00:00:00:00 dev vxlan0 dst 10.99.92.5 self permanent
00:00:00:00:00:00 dev vxlan0 dst 10.99.92.6 self permanent
27
Mar

apache hardening

   Posted by: admin

ServerTokens Prod

ServerSignature Off
LoadModule reqtimeout_module modules/mod_reqtimeout.so

<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>

TraceEnable Off
Header always append X-Frame-Options SAMEORIGIN

RequestReadTimeout header=10-30,MinRate=500 body=10,MinRate=2000

ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!3DES
php.ini
expose_php = Off
================
disable tcp timestamp
run and put the line to /etc/rc.d/rc.local
#echo 0 > /proc/sys/net/ipv4/tcp_timestamps
disable icmp timestamp
-A INPUT -p icmp –icmp-type 8 -j ACCEPT
5
Jan

apache benchmarking

   Posted by: admin

ab -n 1000 -c 10 http://192.168.100.1/

iptables -A INPUT -p tcp –tcp-flags FIN FIN -j DROP

-A OUTPUT -p tcp  –tcp-flags RST RST -j REJECT –reject-with tcp-reset

two more falgs PSH and FIN

# cd /proc/sys/net/ipv4
# echo 1 > tcp_orphan_retries
# cat tcp_fin_timeout
# echo 5 > tcp_fin_timeout

#for ((i=2;i<255;i++)); do ip addr add 192.168.100.$i dev eth4 ; done

for ((j=1;j<1000;j++)); do

for ((i=2;i<255;i++)); do

usleep 20000;

echo $i; echo -n “GET / HTTP/1.0″ | nc -w 2 192.168.100.1 80 &

done ;

done

# netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n