备忘录-Populating /dev

6.8.1. Creating Initial Device Nodes

When the kernel boots the system, it requires the presence of a few device nodes, in particular the console and null devices. The device nodes will be created on the hard disk so that they are available before udev has been started, and additionally when Linux is started in single user mode (hence the restrictive permissions onconsole). Create the devices by running the following commands:

mknod -m 600 /dev/console c 5 1
mknod -m 666 /dev/null c 1 3

阅读剩余部分...

IPMITOOLS常用备忘

yum install ipmitool -y
modprobe ipmi_watchdog
modprobe ipmi_poweroff
modprobe ipmi_devintf
modprobe ipmi_si

Cheat sheet

阅读剩余部分...

nginx过滤ApacheBench和WordPress的简单cc请求攻击

加入server段然后reload配置可以过滤掉低能的cc攻击。

if ($http_user_agent ~* (ApacheBench|pingback|WordPress|MJ12bot|AhrefsBot|360JK|PHP|php|Jorgee) ) {return 400;}
if ($http_user_agent = "" ) {return 101;}
if ( $request = "POST /reg.html HTTP/1.1" ) {return 400;}
if ( $request = "POST / HTTP/1.1" ) {return 400;}
if ( $request = "POST / HTTP/1.0" ) {return 400;}
if ( $request = "POST // HTTP/1.0" ) {return 400;}

OpenVZ master node部署后续

wget http://download.openvz.org/openvz.repo -O /etc/yum.repos.d/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
yum update -y
yum install vzkernel -y
yum install vzctl vzquota -y
wget  http://dl.kvm.la/shell/bash_profile -O /root/.bash_profile
wget http://dl.kvm.la/conf/ve-vswap-solus.conf-sample -O /etc/vz/conf/ve-vswap-solus.conf-sample
wget http://down.kvm.la/conf/sysctl.conf -O /etc/sysctl.conf
yum install -y epel-release
yum install -y denyhosts rsync iftop tcpdump ploop mtr fuse-sshfs fuse-devel

阅读剩余部分...

封常用邮件端口

iptables -A INPUT -p tcp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A INPUT -p udp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A OUTPUT -p tcp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A OUTPUT -p udp -m multiport --dport 25,110,465:587,993:995 -j DROP
/etc/init.d/iptables save

SS libev脚本

wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev.sh
sh shadowsocks-libev.sh
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
chmod +x shadowsocksR.sh
./shadowsocksR.sh 2>&1 | tee shadowsocksR.log

kloxo-mr安装脚本

cd /tmp
yum update -y
yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip telnet wget -y
setenforce 0 >> /dev/null 2>&1
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
wget https://github.com/mustafaramadhan/kloxo/raw/release/kloxo-mr.repo --no-check-certificate  -O /etc/yum.repos.d/kloxo-mr.repo
yum clean all
yum install kloxomr7 -y
sh /usr/local/lxlabs/kloxo/install/setup.sh
sh /script/upcp
wget -c http://down.kvm.la/kloxo/kloxo_cn.tar.gz
tar zxf kloxo_cn.tar.gz -C /usr/local/lxlabs/kloxo/httpdocs/lang
sh /script/update --class=sp_specialplay --name=client-admin --subaction=skin --v-specialplay_b_s_language=cn

ssh client走socks5代理跳板连接服务器

解决一些特殊情况问题,例如网络差,或者需要进入内网时候用得到,转抄回来存档。

ssh -o ProxyCommand='nc -x ${proxy_server}:${proxy_server_port} %h %p' xxx.xxx.xxx.xxx

如:

ssh -o ProxyCommand='nc -x 127.0.0.1:7070 %h %p' 8.8.8.8

需要注意的是,nc需要使用 OpenBSD 版本,非 Linux 默认版本(该版本不支持)通常,类 Debian 的衍生版本,都可以通过如下命令直接安装:

apt-get install netcat-openbsd

转抄自:http://blog.chenxiaosheng.com/posts/2013-12-20/ssh-through-socks-proxy.html