27
Oct

fail2ban centos 7

   Posted by: admin   in Linúc ếch bợt

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]

action = %(action_)s

rm jail.d/00-firewalld*

Comments Off
15
Apr

Bash convert number

   Posted by: admin   in Mẹo vặt của hiếu râu

Method of converting scientific notation (e) to numbers under Linux (tutorialfor.com)

Method of converting scientific notation (e) to numbers under Linux

Scientific notation uses e to identify values,The idea of ​​turning scientific computing into numbers:press the number to the right of e to move the number of decimal places.If the number to the right of e is negative,Then move the decimal point to the left.Examples are as follows:

    

  1. 1.2345678e2=123.45678
    2. 

  2. 1.2345678e-2=0.012345678
    3. 

  3. 1.7615562e + 06=1761556.2
    4. 

  4. 1.87982e7=18798200
    5. 

  5. 1e3=1000
    6.

So how do you convert scientific notation into numbers in the shell,The method is as follows:Here take “1.7615562e + 06″ (or 1.7615562e6) as an example:

    

  1. [root@kevin ~] #echo "1.7615562e6" | gawk "$1=strtonum ($1)"
    2. 

  2. 1.76156e + 06
    3.

1) Conversion of scientific notation to decimal

    

  1. [root@kevin ~] #printf "%f" 1.7615569e + 06
    2. 

  2. 1761556.900000
    3. 

  3. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
    4. 

  4. 1761556.900000
    5. 

  5. [root@kevin ~] #echo "1.7615569e + 03" | awk "{printf ("%f ", $0)}"
    6. 

  6. 1761.556900
    7. 

  7. [root@kevin ~] #echo "1.7615569e + 04" | awk "{printf ("%f ", $0)}"
    8. 

  8. 17615.569000
    9. 

  9. [root@kevin ~] #echo "1.7615569e-6" | awk "{printf ("%f ", $0)}"
    10. 

  10. 0.000002
    11. 

  11. [root@kevin ~] #echo "1.7615569e-4" | awk "{printf ("%f ", $0)}"
    12. 

  12. 0.000176
    13. 

  13. [root@kevin ~] #echo "1.7615569e-3" | awk "{printf ("%f ", $0)}"
    14. 

  14. 0.001762
    15. 

  15. [root@kevin ~] #echo "1.7615569e-2" | awk "{printf ("%f ", $0)}"
    16. 

  16. 0.017616
    17.

Note:This method,In the conversion result, 6 digits are reserved after the decimal point:

1) If the number after e is positive,6 digits should be reserved after the decimal point, if not enough,Make up with 0.

2) If the number after e is negative,6 digits should be reserved after the decimal point.6 bits are reserved.

2) Convert scientific notation to decimal and retain two decimal places

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 2f ", $0)}"
    2. 

  2. 1761556.90
    3.

Keep three decimal places

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 3f ", $0)}"
    2. 

  2. 1761556.900
    3.

3) Scientific notation is converted to decimal and rounded

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0)}"
    2. 

  2. 1761556
    3. 

  3. [root@kevin ~] #echo "1.7615569e3" | awk "{printf ("%d ", $0)}"
    4. 

  4. 1761
    5. 

  5. [root@kevin ~] #echo "1.7615569e02" | awk "{printf ("%d ", $0)}"
    6. 

  6. 176
    7.

4) Scientific notation is converted to decimal and rounded

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
    2. 

  2. 1761557
    3. 

  3. [root@kevin ~] #echo "1.7615563e + 06" | awk "{printf ("%d ", $0 + 0.5)}"
    4. 

  4. 1761556
    5.

5) How to remove the useless 0 after the decimal point, you can refer to:daily operation and maintenanceIntercept string in shell scriptPractice, that is, using variable expansion

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
    2. 

  2. 1761556.900000
    3. 

  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
    4. 

  4. [root@kevin ~] #echo ${var %%0 *}
    5. 

  5. 1761556.9
    6.

Or use the sed method

    

  1. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"
    2. 

  2. 1761556.900000
    3. 

  3. [root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")
    4. 

  4. [root@kevin ~] #echo "$var" | sed "s/0 * $//"
    5. 

  5. 1761556.9
    6. 

  6. [root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}" | sed "s/0 * $//"
    7. 

  7. 1761556.9
    8.

6) Sed removes the characters after the decimal point

    

  1. [root@kevin ~] #echo "kevin.123" | sed "s /\.*//g"
    2. 

  2. kevin123
    3. 

  3. \ .. * represents 1 or more after the decimal point
    4. 

  4. [root@kevin ~] #echo "kevin.123" | sed "s /\..*//g"
    5. 

  5. kevin
    6. 

  6. [root@kevin ~] #echo "kevin_123" | sed "s/\ _ * //g"
    7. 

  7. kevin123
    8. 

  8. [root@kevin ~] #echo "kevin_123" | sed "s /\_.*//g"
    9. 

  9. kevin
    10.

Command explanation:

* Represents 0 to more. Therefore, \. * Can only replace the decimal point and become empty.\ _ * Similarly.

. * Stands for 1 or more. Therefore, \ .. * removed everything after the decimal point.\ _. * Similarly.

7) Description of numerical calculation in the shell

    

  1. 1) bc method
    2. 

  2. bc is a more commonly used linux computing tool,And supports floating-point operations:
    3. 

  3. [root@kevin ~] #a=`echo 1 + 1 | bc`
    4. 

  4. [root@kevin ~] #echo $a
    5. 

  5. 2
    6. 

  6. This method cannot solve the precision problem of floating point arithmetic,The following floating point calculations are silly x!
    7. 

  7. [root@kevin ~] #a=`echo 1 + 1 | bc`
    8. 

  8. [root@kevin ~] #echo $a
    9. 

  9. 2
    10. 

  10. [root@kevin ~] #b=`echo" 1.2 * 1.2 "| bc`
    11. 

  11. [root@kevin ~] #echo $b
    12. 

  12. 1.4
    13. 

  13. [root@kevin ~] #c=`echo" 5.0/3.0 "| bc`
    14. 

  14. [root@kevin ~] #echo $c
    15. 

  15. 1
    16. 

  16. [root@kevin ~] #d=`echo" scale=2;5.0/3.0 "| bc`
    17. 

  17. [root@kevin ~] #echo $d
    18. 

  18. 1.66
    19. 

  19. [root@kevin ~] #e=`echo" scale=2;5.0/6.0 "| bc`
    20. 

  20. [root@kevin ~] #echo $e
    21. 

  21. .83
    22. 

  22. 2) expr method
    23. 

  23. Does not support floating point calculations,This is a pit,And pay attention to the spaces in numbers and operators.
    24. 

  24. [root@kevin ~] #a=`expr 1 + 1`
    25. 

  25. [root@kevin ~] #echo $a
    26. 

  26. 1 + 1
    27. 

  27. [root@kevin ~] #a=`expr 1 + 1`
    28. 

  28. [root@kevin ~] #echo $a
    29. 

  29. 2
    30. 

  30. [root@kevin ~] #b=`expr 10/2`
    31. 

  31. [root@kevin ~] #echo $b
    32. 

  32. 5
    33. 

  33. 3) $(()) method
    34. 

  34. Same as expr, does not support floating point arithmetic
    35. 

  35. [root@kevin ~] #a=$((1 + 1))
    36. 

  36. [root@kevin ~] #echo $a
    37. 

  37. 2
    38. 

  38. [root@kevin ~] #b=$((1 + 3))
    39. 

  39. [root@kevin ~] #echo $b
    40. 

  40. 4
    41. 

  41. 4) let method
    42. 

  42. Does not support floating point arithmetic,And does not support direct output,Can only be assigned
    43. 

  43. [root@kevin ~] #let a=1 + 1
    44. 

  44. [root@kevin ~] #echo $a
    45. 

  45. 2
    46. 

  46. [root@kevin ~] #let b=50/5
    47. 

  47. [root@kevin ~] #echo $b
    48. 

  48. 10
    49. 

  49. [root@kevin ~] #let c=1.2 * 2
    50. 

  50. -bash:let:c=1.2 * 2:syntax error:invalid arithmetic operator (error token is ".2 * 2")
    51. 

  51. 5) Awk method
    52. 

  52. Common operations:
    53. 

  53. [root@kevin ~] #a=`echo | awk" {print 1.0/2.0} "`
    54. 

  54. [root@kevin ~] #echo $a
    55. 

  55. 0.5
    56. 

  56. control precision:
    57. 

  57. [root@kevin ~] #b=`echo | awk" {printf ("%. 2f", 1.0/2.0)} "`
    58. 

  58. [root@kevin ~] #echo $b
    59. 

  59. 0.50
    60. 

  60. Passing parameters:
    61. 

  61. [root@kevin ~] #c=`echo | awk -v a=1 -v b=3" {printf ("%. 4f", a/b)} "`
    62. 

  62. [root@kevin ~] #echo $c
    63. 

  63. 0.3333
    64. 

  64. Awk combined with begin (retain 6 digits after the decimal point)
    65. 

  65. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (87/500) * 100}"
    66. 

  66. 17.40%
    67. 

  67. [root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (100/300) * 100}"
    68. 

  68. 33.33%
    69.

in summary,Or awk’s method is the most reliable,Other methods have corresponding problems.Therefore, it is recommended to use awk to perform mathematical calculations in daily maintenance scenarios.

Comments Off
11
Mar

Squid Reverse Proxy

   Posted by: admin   in Mẹo vặt của hiếu râu

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_port 80 accel defaultsite=10.98.126.1 vhost
https_port 443 vhost cert=/path/to/domain.crt key=/path/to/domain.key

cache_peer localhost parent 81 0 no-query originserver name=check_dns
acl sites_check_dns dstdomain sub1.domain.com sub2.domain.com
cache_peer_access check_dns allow sites_check_dns
http_access allow sites_check_dns

cache_peer 10.97.124.235 parent 8080 0 no-query originserver name=test
acl sites_test dstdomain test.domain.org
cache_peer_access test allow sites_test
http_access allow sites_test

cache_peer 10.98.126.1 parent 80 0 no-query originserver name=default_org
acl sites_default_org dstdomain .domain.org
cache_peer_access default_org allow sites_default_org
http_access allow sites_default_org

http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

Comments Off
24
Nov

win mười ác ti

   Posted by: admin   in Mẹo vặt của hiếu râu

C:\Windows\system32>slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
C:\Windows\system32>slmgr /skms kms.digiboy.ir
C:\Windows\system32>slmgr /ato
Comments Off
16
Sep

MariaDB audit log

   Posted by: admin   in Mẹo vặt của hiếu râu

INSTALL SONAME ’server_audit’;

SET GLOBAL server_audit_events=’QUERY_DML_NO_SELECT’;

SET GLOBAL server_audit_logging=ON;

SET GLOBAL server_audit_incl_users=’cacti’;

https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/

Comments Off
4
Aug

my fail2ban ssh

   Posted by: admin   in Mẹo vặt của hiếu râu

#!/bin/bash

BLACKLIST=`tail -n 1000 /var/log/secure | grep “Failed password for root from” | sed ’s/  / /g’ | cut -d’ ‘ -f 11 | sort | uniq -c | sort -n -r | grep -v -E ” 1 | 2 | 3 ” | sed ’s/^ *//g’ | cut -d’ ‘ -f 2`;

for i in $BLACKLIST; do

echo “+”${i} > /proc/net/xt_recent/SSH

done

add crontab */6

modprobe xt_recent ip_list_tot=1000

iptables-restore

-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -m recent –rcheck –seconds 86400 –hitcount 1 –name SSH –mask 255.255.255.255 –rsource -j DROP
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -j ACCEPT
Comments Off
16
Dec

ELK packetbeat

   Posted by: admin   in Mẹo vặt của hiếu râu

#yum -y install java-openjdk-devel java-openjdk


cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF








sudo yum clean all
sudo yum makecache


sudo yum -y install elasticsearch


elasticsearch.yml


xpack.ml.enabled: false
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.transport.ssl.enabled: true


/usr/share/elasticsearch/bin/elasticsearch-setup-passwords


vi /etc/elasticsearch/jvm.options


set 4G heap


systemctl enable --now elasticsearch.service 


curl http://127.0.0.1:9200 


yum -y install kibana


vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "kibana.example.com"
elasticsearch.url: "http://localhost:9200"


systemctl enable --now kibana


yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic


curl -s -H "Content-Type: application/json" -XPUT localhost:9200/sniff -d
'{"mappings": { "doc" :  {"properties" : {"@datetime":{"type":"date"}}}}'}


cat json.txt


{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }


{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}

{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }

{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.238″,”sport”:5601,”dest”:”10.10.26.253″,”dport”:57086}

{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }

{”@datetime”:1576812955644,”proto”:”TCP”,”length”:40,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}


curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@json.txt”


tcpdump -i eth1 -nnnn -tt -v not port 22 | php tcparse.php


# cat load.sh

#!/bin/bash


/bin/killall tcpdump

sleep 5

/sbin/tcpdump -i eth7 -nnnn -tt -G 60 -z /_DATA/reload2.sh -w /tmp/PCAP2-%Y-%m-%d-%H-%M-%S &

/sbin/tcpdump -i eth6 -nnnn -tt -G 60 -z /_DATA/reload.sh -w /tmp/PCAP-%Y-%m-%d-%H-%M-%S &


# cat reload.sh

#!/bin/bash


rm -f /_DATA/json.txt

rm -f /_DATA/sql.txt tcpdump -v -nnnn -tt -r $1 not vrrp | php /_DATA/tcparse.php json.txt sql.txt 1

curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@/_DATA/json.txt”

mkdir /_DATA/`date +%Y-%m` > /dev/null 2>&1

mkdir /_DATA/`date +%Y-%m`/`date +%d`  > /dev/null 2>&1

mv $1  /_DATA/`date +%Y-%m`/`date +%d`

/bin/mysql –defaults-extra-file=/_DATA/mysql.ini SNIFF < /_DATA/sql.txt &
Comments Off
30
May

snmp proxy

   Posted by: admin   in Mẹo vặt của hiếu râu

# com2sec6 [-Cn CONTEXT]   SECNAME          SOURCE    COMMUNITY

com2sec   -Cn old14   notConfigUser6   default  10.175.0.14

com2sec   -Cn old15   notConfigUser6   default  10.175.0.15

# group    GROUP           {v1|v2c|usm}     SECNAME

group      OLDSWITCH       v2c              notConfigUser6

# view     VNAME           TYPE             OID   [MASK]

view       all             included         .1

# access   GROUP           CONTEXT          {any|v1|v2c|usm}  LEVEL  PREFX  READ WRITE NOTIFY

access     OLDSWITCH       old        v2c               noauth prefix  all  none  none

# proxy [-Cn CONTEXTNAME]  [SNMPCMD_ARGS]    HOST         OID

proxy   -Cn old14      -v 2c -c public   10.175.0.14  .1.3

proxy   -Cn old15      -v 2c -c public  10.175.0.15  .1.3

Comments Off
22
May

Centos 7 Clone

   Posted by: admin   in Mẹo vặt của hiếu râu

#yum install -y rsync

#vi /root/rsync.excl
/boot
/dev
/tmp
/sys
/proc
/backup
/etc/fstab
/etc/mtab
/etc/mdadm.conf
/etc/sysconfig/network*
#rsync -vPa –exclude-from=/root/rsync.excl -e ssh / DESTIP:/
Comments Off
13
Feb

syslog-ng

   Posted by: admin   in Mẹo vặt của hiếu râu

source s_net {
udp(ip(0.0.0.0) port(514));
};
destination d_net {
file(”/_SYSLOG/$HOST/$YEAR/$MONTH/$FACILITY $DAY”
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) );
};
log { source(s_net); destination(d_net); };
=========client========
/etc/rsyslog.conf
*.*  @server-ip
Comments Off
Back to top
Previous EntriesNext Entries