本站用于记录日常工作内容,虚拟化云计算,系统运维,数据库DBA,网络与安全。
环境:centos 7.1.1503 最小化安装依赖包下载:  yum -y install lrzsz zlib-devel perl gcc pam-devel1、安装openssl ,选用最新发布的版本:openssl-1.1.1g.tar.gz1)openssl下载地址:https://www.openssl.org/source/openssl-1.1.1g.tar.gz2)卸载系统预装的openssl ,这一步可以不做rpm -qa | grep openssl | grep -v libyum -y remove openssl-1.0.1e-42.el7.x86_64 3)安装步骤:tar -zxvf openssl-1.1.1g.tar.gzcd openssl-1.1.1g./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl -Wl,-rpath,/usr/local/openssl/lib sharedmake && make install4)创建软链接ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslln -s /usr/local/openssl/include/openssl /usr/include/openssl5)更新系统配置echo "/usr/local/openssl/lib" >> /etc/ld.so.conf/sbin/ldconfig6)检查版本openssl version 2、安装openssh,选用最新发布的版本:openssh-8.3p1.tar.gz1)openssh下载地址:https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz2)卸载系统预装的opensshrpm -qa | grep opens...
Question: How to turn on scsi extended debug messages? What are the field/flag definitions of scsi_logging_level?Additional scsi logging messages can be enabled by writing to /proc/sys/dev/scsi/logging_level either via use of the echo or preferably the sysctl command. The kernel parameter consists of ten packed fields, each 3 bits in length. Each field can have a value of 0 to 7. The higher the field’s value, the more verbose the logging of messages associated with that field type.NOTE: Turning on high levels of extended logging and/or multiple types of extended logging can slow down system performance, especially during boot and shutdown. Unless needed, avoid turning on scsi logging during boot up.Run Time1. Enable :# sysctl -q -w dev.scsi.logging_level=[N]or# echo [N] > /proc/sys/dev/scsi/logging_levelWhere N specifies which fields to enable and at what level of verbosity.2. Disable:# sysctl -q -w dev.scsi.logging_level=0or# echo 0 > /p...
What is Chronyd ServiceIn CentOS/RHEL 7 and 8, the operating system’s time is set on every boot based on the hardware clock, which is a small-battery driven clock located on the motherboard of your computer. Often, this clock is too inaccurate or has not been set right, therefore it’s better to get your system time from a reliable source over the Internet (that uses real atomic time). The chrony daemon, chronyd, sets and maintains system time through a process of synchronization with a remote server using the NTP protocol for communication.In this post, we will learn to enable debug mode for chronyd service, which comes in very handy while troubleshooting any chronyd related issues. The configuration file used by chronyd service is /etc/sysconfig/chronyd.1. Edit the configuration file /etc/sysconfig/chronyd as a root user:# vi /etc/sysconfig/chronyd2. Add or Modify below line.OPTIONS="-dd"3. Copy /lib/systemd/system/chronyd.service to /etc/sys...
Configure Squid as HTTP and HTTPS Transparent ProxyLinux, Squid Proxyby adminThese days, it is really important to have proxy server to analyze web traffic of the organization. Among proxy servers, the Squid is very famous, because of it’s flexibility and easy of configuration. Squid can be operated at non-transparent and transparent mode which is going to discuss here. Main benefit of transparent mode is, clients are not aware that their requests are processed through the proxy. Simply there is no configuration at client side. So let’s look at how to configure Squid as HTTP and HTTPS Transparent Proxy Before begin please adjust the ip and other configuration as per your requirement. Below values are used only for demonstration.Internet –> ethointerface IP :- 192.168.2.39/24 Gateway:- 192.168.2.1LAN –> eth1interface IP :- 192.168.231.126/24  Gateway:- 0.0.0.0 If you have single interface no need to worry. you can create virtual interface wh...
   nginx使用 TCP代理sftp,实现访问目录文件 本文章向大家介绍nginx代理sftp,主要包括nginx代理sftp使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。 最近需要使用一个sftp协议的代理服务器,查了一下nginx1.9之后已经支持了,尝试一下: The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the --with-stream configuration parameter. nginx从1.9.0版本开始,新增了ngx_stream_core_module模块。默认编译的时候该模块并未编译进去,需要编译的时候添加--with-stream,使其支持stream代理。 [root@baseline opt]# / http:---- ::-- http:正在解析主机 nginx.org (nginx.org)... :1af8::a004:::e3, ., .|:1af8::a004:::e3|: (890K) [application/octet--..%[================================================================================================================================>] , 357KB/s 用...
环境 OS: Centos6-x86_64 Nginx: 1.12.1 编译安装Nginx 从1.9.0开始,nginx就支持对TCP的转发,而到了1.9.13时,UDP转发也支持了。提供此功能的模块为ngx_stream_core。不过Nginx默认没有开启此模块,所以需要手动安装。 cd /usr/local/src wget http://nginx.org/download/nginx-1.12.1.tar.gz tar zxf nginx-1.12.1.tar.gz cd nginx-1.12.1 ./configure --prefix=/usr/local/nginx --with-stream --without-http make && make install Note:由于是传输层转发,本着最小化原则,就关闭了http功能。 配置Nginx TCP转发 目标:通过3000端口访问本机Mysql(其中mysq...
windows 2K server安装绿色版JDK与tomcat,并打包发布平时安装tomcat时,需要下载jdk安装包,我这里直接使用绿色版,不用安装。就可使用JDK与tomcat.可以先下载JTM,安装后,将jdk与tomcat目录提取出来。当然 也可以自行下载windows 版本的tomcat8与JDK安装包,然后将JDK安装好。然后将JTM的jdk目录或是自行安装的JDK目录复制到tomcat中然后再到 tomcat/bin目录中,将service.bat 中添加JDK环境变量set JAVA_HOME=H:\tomcat8\jdkset JRE_HOME=H:\tomcat8\jdk\jre在startup.bat中添加环境变量,可以使用相对路径。set JAVA_HOME=..\jdkset JRE_HOME=..\jdk\jre再使用管理员权限打开CMD或是PowerShell, 切换到tomcat/bin目录下。执行 service.bat install ,将 tomcat 安装包自动启动服务中。具体如下图,注意要有JDK环境,不能空,不然没法打开服务。正常安装后, 服务 中查看会有tomcat8 ,点启动后能正常启动。访问本机8080端口正常。
apache tomcat慢速HTTP拒绝服务攻击安全问题解决办法问题说明:HTTP协议的设计要求服务器在处理之前完全接收到请求。如果HTTP请求未完成,或者传输速率非常低,则服务器将保持其资源占用等待剩余的数据。如果服务器占用的资源太多,则会造成拒绝服务。漏洞危害:一台机器可在对自身带宽、无关服务和端口影响较小的情况下大量占用另一台机器的服务器资源,导致受害服务器拒绝服务。解决方案:1.修改配置文件server.xml,设置connectiontimeout值,默认为20000ms,修改为8000ms;此方案修改之前,请将tomcat升级到最新版本2.如果使用了jquery,设置ajax的请求超时时间。设置AJAX的全局timeout时间(默认为30000ms) $.ajaxSetup({timeout:8000});使用jQuery的$.ajaxSetup方法可以设置AJAX请求的默认参数选项,当程序中需要发起多个AJAX请求时,则不用再为每一个请求配置请求的参数。需要注意的是用$.ajaxSetup函数所设置的默认值不会应用到load()命令上。对于实用工具函数,如$.get()和$.post(),其HTTP方法不会因为使用这些默认值而被覆盖。设置GET的默认类型不会导致$.post()使用HTTP的GET方法。 3.如果使用了数据库连接池,则设置适当的超时时间。例如: < Con...
    总共46页,当前第1页 | 页数:
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11