27
Oct
fail2ban centos 7
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s",actionstart_on_demand=false]
action = %(action_)s
rm jail.d/00-firewalld*
xe sr-create name-label=ISO_IMAGES_LOCAL type=iso device-config:location=/_ISOs deviceconfig:legacy_mode=true content-type=iso
cfdisk /dev/sdb
vgcreate
xe sr-create name-label=”2TB” shared=false device-config:device=/dev/sdb type=lvm
lvdisplay
15
Apr
Bash convert number
Method of converting scientific notation (e) to numbers under Linux (tutorialfor.com)
Scientific notation uses e to identify values,The idea of turning scientific computing into numbers:press the number to the right of e to move the number of decimal places.If the number to the right of e is negative,Then move the decimal point to the left.Examples are as follows:
1.2345678e2=123.456781.2345678e-2=0.0123456781.7615562e + 06=1761556.21.87982e7=187982001e3=1000
So how do you convert scientific notation into numbers in the shell,The method is as follows:Here take “1.7615562e + 06″ (or 1.7615562e6) as an example:
[root@kevin ~] #echo "1.7615562e6" | gawk "$1=strtonum ($1)"1.76156e + 06
1) Conversion of scientific notation to decimal
[root@kevin ~] #printf "%f" 1.7615569e + 061761556.900000[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"1761556.900000[root@kevin ~] #echo "1.7615569e + 03" | awk "{printf ("%f ", $0)}"1761.556900[root@kevin ~] #echo "1.7615569e + 04" | awk "{printf ("%f ", $0)}"17615.569000[root@kevin ~] #echo "1.7615569e-6" | awk "{printf ("%f ", $0)}"0.000002[root@kevin ~] #echo "1.7615569e-4" | awk "{printf ("%f ", $0)}"0.000176[root@kevin ~] #echo "1.7615569e-3" | awk "{printf ("%f ", $0)}"0.001762[root@kevin ~] #echo "1.7615569e-2" | awk "{printf ("%f ", $0)}"0.017616
Note:This method,In the conversion result, 6 digits are reserved after the decimal point:
1) If the number after e is positive,6 digits should be reserved after the decimal point, if not enough,Make up with 0.
2) If the number after e is negative,6 digits should be reserved after the decimal point.6 bits are reserved.
2) Convert scientific notation to decimal and retain two decimal places
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 2f ", $0)}"1761556.90
Keep three decimal places
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%. 3f ", $0)}"1761556.900
3) Scientific notation is converted to decimal and rounded
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0)}"1761556[root@kevin ~] #echo "1.7615569e3" | awk "{printf ("%d ", $0)}"1761[root@kevin ~] #echo "1.7615569e02" | awk "{printf ("%d ", $0)}"176
4) Scientific notation is converted to decimal and rounded
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%d ", $0 + 0.5)}"1761557[root@kevin ~] #echo "1.7615563e + 06" | awk "{printf ("%d ", $0 + 0.5)}"1761556
5) How to remove the useless 0 after the decimal point, you can refer to:daily operation and maintenanceIntercept string in shell scriptPractice, that is, using variable expansion
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"1761556.900000[root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")[root@kevin ~] #echo ${var %%0 *}1761556.9
Or use the sed method
[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}"1761556.900000[root@kevin ~] #var=$(echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}")[root@kevin ~] #echo "$var" | sed "s/0 * $//"1761556.9[root@kevin ~] #echo "1.7615569e + 06" | awk "{printf ("%f ", $0)}" | sed "s/0 * $//"1761556.9
6) Sed removes the characters after the decimal point
[root@kevin ~] #echo "kevin.123" | sed "s /\.*//g"kevin123\ .. * represents 1 or more after the decimal point[root@kevin ~] #echo "kevin.123" | sed "s /\..*//g"kevin[root@kevin ~] #echo "kevin_123" | sed "s/\ _ * //g"kevin123[root@kevin ~] #echo "kevin_123" | sed "s /\_.*//g"kevin
Command explanation:
* Represents 0 to more. Therefore, \. * Can only replace the decimal point and become empty.\ _ * Similarly.
. * Stands for 1 or more. Therefore, \ .. * removed everything after the decimal point.\ _. * Similarly.
7) Description of numerical calculation in the shell
1) bc methodbc is a more commonly used linux computing tool,And supports floating-point operations:[root@kevin ~] #a=`echo 1 + 1 | bc`[root@kevin ~] #echo $a2This method cannot solve the precision problem of floating point arithmetic,The following floating point calculations are silly x![root@kevin ~] #a=`echo 1 + 1 | bc`[root@kevin ~] #echo $a2[root@kevin ~] #b=`echo" 1.2 * 1.2 "| bc`[root@kevin ~] #echo $b1.4[root@kevin ~] #c=`echo" 5.0/3.0 "| bc`[root@kevin ~] #echo $c1[root@kevin ~] #d=`echo" scale=2;5.0/3.0 "| bc`[root@kevin ~] #echo $d1.66[root@kevin ~] #e=`echo" scale=2;5.0/6.0 "| bc`[root@kevin ~] #echo $e.832) expr methodDoes not support floating point calculations,This is a pit,And pay attention to the spaces in numbers and operators.[root@kevin ~] #a=`expr 1 + 1`[root@kevin ~] #echo $a1 + 1[root@kevin ~] #a=`expr 1 + 1`[root@kevin ~] #echo $a2[root@kevin ~] #b=`expr 10/2`[root@kevin ~] #echo $b53) $(()) methodSame as expr, does not support floating point arithmetic[root@kevin ~] #a=$((1 + 1))[root@kevin ~] #echo $a2[root@kevin ~] #b=$((1 + 3))[root@kevin ~] #echo $b44) let methodDoes not support floating point arithmetic,And does not support direct output,Can only be assigned[root@kevin ~] #let a=1 + 1[root@kevin ~] #echo $a2[root@kevin ~] #let b=50/5[root@kevin ~] #echo $b10[root@kevin ~] #let c=1.2 * 2-bash:let:c=1.2 * 2:syntax error:invalid arithmetic operator (error token is ".2 * 2")5) Awk methodCommon operations:[root@kevin ~] #a=`echo | awk" {print 1.0/2.0} "`[root@kevin ~] #echo $a0.5control precision:[root@kevin ~] #b=`echo | awk" {printf ("%. 2f", 1.0/2.0)} "`[root@kevin ~] #echo $b0.50Passing parameters:[root@kevin ~] #c=`echo | awk -v a=1 -v b=3" {printf ("%. 4f", a/b)} "`[root@kevin ~] #echo $c0.3333Awk combined with begin (retain 6 digits after the decimal point)[root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (87/500) * 100}"17.40%[root@ss-server ~] #awk "begin {printf"%.2f %%\ n ", (100/300) * 100}"33.33%
in summary,Or awk’s method is the most reliable,Other methods have corresponding problems.Therefore, it is recommended to use awk to perform mathematical calculations in daily maintenance scenarios.
11
Mar
Squid Reverse Proxy
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_port 80 accel defaultsite=10.98.126.1 vhost
https_port 443 vhost cert=/path/to/domain.crt key=/path/to/domain.key
cache_peer localhost parent 81 0 no-query originserver name=check_dns
acl sites_check_dns dstdomain sub1.domain.com sub2.domain.com
cache_peer_access check_dns allow sites_check_dns
http_access allow sites_check_dns
cache_peer 10.97.124.235 parent 8080 0 no-query originserver name=test
acl sites_test dstdomain test.domain.org
cache_peer_access test allow sites_test
http_access allow sites_test
cache_peer 10.98.126.1 parent 80 0 no-query originserver name=default_org
acl sites_default_org dstdomain .domain.org
cache_peer_access default_org allow sites_default_org
http_access allow sites_default_org
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
24
Nov
win mười ác ti
C:\Windows\system32>slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
C:\Windows\system32>slmgr /skms kms.digiboy.ir
C:\Windows\system32>slmgr /ato
16
Sep
MariaDB audit log
INSTALL SONAME ’server_audit’;
SET GLOBAL server_audit_events=’QUERY_DML_NO_SELECT’;
SET GLOBAL server_audit_logging=ON;
SET GLOBAL server_audit_incl_users=’cacti’;
https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/
4
Aug
my fail2ban ssh
#!/bin/bash
BLACKLIST=`tail -n 1000 /var/log/secure | grep “Failed password for root from” | sed ’s/ / /g’ | cut -d’ ‘ -f 11 | sort | uniq -c | sort -n -r | grep -v -E ” 1 | 2 | 3 ” | sed ’s/^ *//g’ | cut -d’ ‘ -f 2`;
for i in $BLACKLIST; do
echo “+”${i} > /proc/net/xt_recent/SSH
done
add crontab */6
modprobe xt_recent ip_list_tot=1000
iptables-restore
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -m recent –rcheck –seconds 86400 –hitcount 1 –name SSH –mask 255.255.255.255 –rsource -j DROP
-A INPUT -p tcp -m multiport –dports 8443 -m state –state NEW -j ACCEPT
16
Dec
ELK packetbeat
#yum -y install java-openjdk-devel java-openjdk
cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
sudo yum clean all
sudo yum makecache
sudo yum -y install elasticsearch
elasticsearch.yml
xpack.ml.enabled: false
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
xpack.security.transport.ssl.enabled: true
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords
vi /etc/elasticsearch/jvm.options
set 4G heap
systemctl enable --now elasticsearch.service
curl http://127.0.0.1:9200
yum -y install kibana
vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "kibana.example.com"
elasticsearch.url: "http://localhost:9200"
systemctl enable --now kibana
yum install filebeat auditbeat metricbeat packetbeat heartbeat-elastic
curl -s -H "Content-Type: application/json" -XPUT localhost:9200/sniff -d
'{"mappings": { "doc" : {"properties" : {"@datetime":{"type":"date"}}}}'}
cat json.txt
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:52,”source”:”10.10.26.238″,”sport”:5601,”dest”:”10.10.26.253″,”dport”:57086}
{ “index” : { “_index” : “sniff” , “_type” : “_doc” } }
{”@datetime”:1576812955644,”proto”:”TCP”,”length”:40,”source”:”10.10.26.253″,”sport”:57086,”dest”:”10.10.26.238″,”dport”:5601}
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@json.txt”
tcpdump -i eth1 -nnnn -tt -v not port 22 | php tcparse.php
# cat load.sh
#!/bin/bash
/bin/killall tcpdump
sleep 5
/sbin/tcpdump -i eth7 -nnnn -tt -G 60 -z /_DATA/reload2.sh -w /tmp/PCAP2-%Y-%m-%d-%H-%M-%S &
/sbin/tcpdump -i eth6 -nnnn -tt -G 60 -z /_DATA/reload.sh -w /tmp/PCAP-%Y-%m-%d-%H-%M-%S &
# cat reload.sh
#!/bin/bash
rm -f /_DATA/json.txt
rm -f /_DATA/sql.txt tcpdump -v -nnnn -tt -r $1 not vrrp | php /_DATA/tcparse.php json.txt sql.txt 1
curl -s -H “Content-Type: application/x-ndjson” -XPOST localhost:9200/_bulk –data-binary “@/_DATA/json.txt”
mkdir /_DATA/`date +%Y-%m` > /dev/null 2>&1
mkdir /_DATA/`date +%Y-%m`/`date +%d` > /dev/null 2>&1
mv $1 /_DATA/`date +%Y-%m`/`date +%d`
/bin/mysql –defaults-extra-file=/_DATA/mysql.ini SNIFF < /_DATA/sql.txt &
30
May
snmp proxy
# com2sec6 [-Cn CONTEXT] SECNAME SOURCE COMMUNITY
com2sec -Cn old14 notConfigUser6 default 10.175.0.14
com2sec -Cn old15 notConfigUser6 default 10.175.0.15
# group GROUP {v1|v2c|usm} SECNAME
group OLDSWITCH v2c notConfigUser6
# view VNAME TYPE OID [MASK]
view all included .1
# access GROUP CONTEXT {any|v1|v2c|usm} LEVEL PREFX READ WRITE NOTIFY
access OLDSWITCH old v2c noauth prefix all none none
# proxy [-Cn CONTEXTNAME] [SNMPCMD_ARGS] HOST OID
proxy -Cn old14 -v 2c -c public 10.175.0.14 .1.3
proxy -Cn old15 -v 2c -c public 10.175.0.15 .1.3
22
May
Centos 7 Clone
#yum install -y rsync
#vi /root/rsync.excl
/boot
/dev
/tmp
/sys
/proc
/backup
/etc/fstab
/etc/mtab
/etc/mdadm.conf
/etc/sysconfig/network*
#rsync -vPa –exclude-from=/root/rsync.excl -e ssh / DESTIP:/