iptables屏蔽常规邮件端口

iptables -A INPUT -p tcp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A INPUT -p udp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A OUTPUT -p tcp -m multiport --dport 25,110,465:587,993:995 -j DROP
iptables -A OUTPUT -p udp -m multiport --dport 25,110,465:587,993:995 -j DROP
/etc/init.d/iptables save

bash升级5.0

yum -y -q  install wget gcc patch 
wget https://ftp.gnu.org/gnu/bash/bash-5.0.tar.gz -O - | tar xz
cd bash-5.0
wget -r -nd -np http://ftp.gnu.org/gnu/bash/bash-5.0-patches/
for BP in `ls bash50-*|grep -v sig`; do patch -p0 < $BP; done
./configure 
make
make install

centos7编译php7.3

yum -y install epel-release -y
                                                                                                                                                                                        
yum -y --skip-broken install gcc  vim-enhanced gcc-c++ libtool-libs libtool autoconf subversion zip unzip  wget crontabs iptables file bison patch mlocate flex diffutils automake imake make cmake kernel-devel cpp zlib-devel \
libevent-devel libxml2-devel freetype-devel  gd gd-devel libjpeg-devel libpng-devel ncurses-devel  \
curl-devel readline-devel openssl-devel  glibc-devel  glib2-devel bzip2-devel e2fsprogs-devel libidn-devel  gettext-devel expat-devel libcap-devel  libtool-ltdl-devel pam-devel \
libxslt-devel libc-client-devel freetds-devel unixODBC-devel  libXpm-devel krb5-devel libicu-devel icu   sqlite-devel oniguruma-devel
                                                                                                                                                                                        
cd /tmp
wget https://nih.at/libzip/libzip-1.2.0.tar.gz  -O - | tar xz
cd libzip-*
./configure --prefix=/usr
make && make install
cp /usr/lib/libzip/include/zipconf.h  /usr/local/include/zipconf.h
ldconfig
                                                                                                                                                                                        
cd /tmp
wget -c http://us2.php.net/distributions/php-7.3.10.tar.gz -O - | tar xz
cd php-7.3*
./configure  --with-config-file-path=/opt/php7/etc --with-config-file-scan-dir=/opt/php7/etc/php.d --prefix=/opt/php7/usr --enable-fpm --enable-bcmath --enable-exif --enable-ftp --enable-mbstring --enable-soap --enable-sockets --enable-zip --with-curl --with-freetype-dir=/usr --with-gettext --with-openssl --with-xmlrpc --with-png-dir  --with-jpeg-dir --with-gd --with-libxml-dir=/usr  --with-mhash  --with-mysql-sock=/var/lib/mysql/mysql.sock --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-imap --with-imap-ssl --with-kerberos --with-zlib --enable-intl=shared --enable-xml --disable-rpath --enable-shmop --enable-sysvsem --enable-mbregex  --with-iconv-dir --enable-pcntl --enable-opcache --enable-exif  --with-sqlite3 --with-pdo-sqlite --enable-calendar --enable-wddx --with-libdir=lib64 ;
make -j `grep name /proc/cpuinfo|wc -l`
make install
mkdir -p /opt/php7/etc/
cp php.ini-production /opt/php7/etc/php.ini
#cp ./sapi/fpm/php-fpm /etc/init.d/php-fpm
cp ./sapi/fpm/php-fpm.service /usr/lib/systemd/system/
sed -i 's#expose_php = On#expose_php = Off#'  /opt/php7/etc/php.ini
sed -i 's/;date.timezone =/date.timezone = PRC/g'  /opt/php7/etc/php.ini
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /opt/php7/etc/php.ini
sed -i 's#enable_dl = Off#enable_dl = On#'  /opt/php7/etc/php.ini
sed -i 's#short_open_tag = Off#short_open_tag = On#'  /opt/php7/etc/php.ini
sed -i 's#output_buffering = Off#output_buffering = On#'  /opt/php7/etc/php.ini
sed -i 's/memory_limit = 32M/memory_limit = 128M/g' /opt/php7/etc/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /opt/php7/etc/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 16M/g' /opt/php7/etc/php.ini
sed -i 's#allow_call_time_pass_reference = Off#allow_call_time_pass_reference = On#' /opt/php7/etc/php.ini
sed -i 's/disable_functions =/disable_functions="exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,ini_alter,dl,popen,chown,chroot,chgrp,ini_restore,dbmopen,dbase_open"/g' /opt/php7/etc/php.ini





Centos7新装系统sshd安全设置

firewall-cmd --zone=public --add-port=3001/tcp --permanent
firewall-cmd --reload
sed -i  's/#Port 22/Port 3001/g' /etc/ssh/sshd_config
service sshd restart

Centos7下通过grub2引导进行网络自动重装系统

Shell大致流程

1.获取网络IP配置参数

2.写入自定义grub引导内核

 2.1 http://103.xxx.xxx.xxx/kickstart.php/rh?end=1&amp;ethworkaround=1是预设定的anaconda-ks自动响应安装脚本。
3.修改grub默认配置参数等待时间和指定引导顺序。

4. 重新生成grub2配置

5.重启等待安装完成。

最后建议在NoVNC或者IPMi辅助的情况下使用。

vmlinuz的网络参数还有一种写法是 ip=address::gateway:netmask:hostname:interface:method

getETH=`ip -4 route list 0/0 |awk '{ print $5 }'`
getGATEWAY=`ip -4 route list 0/0 |awk '{ print $3 }'`
getNETMASK=`ifconfig $getETH | awk '/mask /{ print $4;}'`
getIPADDR=`ifconfig $getETH | awk '/inet /{ print $2;}'`

cat>>/etc/grub.d/40_custom<<EOF
menuentry 'Netinstall' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod xfs
set root='hd0,gpt2'
linux16 /vmlinuz ro ks='http://103.xxx.xxx.xxx/kickstart.php/rh?end=1&ethworkaround=1' net.ifnames=0 biosdevname=0 crashkernel=auto gateway=$getGATEWAY ip=$getIPADDR nameserver=8.8.8.8 ksdevice=$getETH  netmask=$getNETMASK
initrd16 /initrd.img
}
EOF
 sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=60/g'  /etc/default/grub
 sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=Netinstall/g'  /etc/default/grub
 grub2-mkconfig --output=/boot/grub2/grub.cfg
 reboot

RouterOS导入key登陆ssh

Linux或者Mac OS生成一个key

ssh-keygen -t rsa

用scp上传到Mikrotik

scp -P端口 ~/.ssh/id_rsa.pub [email protected]:id_rsa.pub

在Mikrotik内导入key

[[email protected]] > /user ssh-keys import public-key-file=id_rsa.pub user=admin

打印查看

[[email protected]] > /user ssh-keys print
Flags: R - RSA, D - DSA        
 #   USER                       BITS KEY-OWNER        
 0 R admin                      2048 XXXXXXX

ipmitool获取mac地址

抓取主板第一个网卡mac地址

ipmitool  raw 0x30 0x21 | tail -c 18 |sed 's/ /:/g'

抓取BMC网口mac地址

ipmitool raw 0x0c 0x02 0x01 0x05 0x00 0x00|tail -c18| sed 's/ /:/g'
or
ipmitool lan print | grep "MAC Address" |tail -c18

转载:How To Connect To Cisco Devices Via Serial Port Using GNU/Linux

原文链接 :https://acidborg.wordpress.com/2010/12/30/how-to-connect-to-cisco-devices-via-serial-port-using-gnulinux/
原文标题:How To Connect To Cisco Devices Via Serial Port Using GNU/Linux

Filed under: Linux, SysAdmin — acidborg @ 10:17
Description: to connect your computer to a Cisco device via its console port, you usually need a RJ45 rolled cable. You can use a RJ-45 to DB-9 Female if your computer has a serial port.

RJ-45 to DB-9 Female

To communicate through the serial port with the Cisco device, you need Minicom, a terminal emulator software.

阅读剩余部分...

RouterOS软路由常用命令

修改用户密码

[[email protected]]>/user                               #进入操作路径
[[email protected]]/user>print                           #显示RouterOS用户
[[email protected]]/user>set admin password=123456        #修改admin用户密码为123456
[[email protected]] /user> /                              #返回根目录

在当前用户下修改密码

[[email protected]]>password                             #修改本目录用户密码备份命令

阅读剩余部分...

dd安装Routeros

wget http://download2.mikrotik.com/routeros/6.43.8/chr-6.43.8.img.zip -O chr.img.zip && \
gunzip -c chr.img.zip > chr.img && \
mount -o loop,offset=33554944 chr.img /mnt && \
ADDRESS0=`ip addr show eth0 | grep global | cut -d' ' -f 6 | head -n 1` && \
GATEWAY0=`ip route list | grep default | cut -d' ' -f 3` && \
echo "/ip address add address=$ADDRESS0 interface=[/interface ethernet find where name=ether1]
/ip route add gateway=$GATEWAY0
" > /mnt/rw/autorun.scr && \
umount /mnt && \
echo u > /proc/sysrq-trigger && \
dd if=chr.img bs=1024 of=/dev/vda && \
reboot

CentOS7重新生成 /boot/grub2/grub.cfg

修改/etc/default/grub

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us rhgb quiet"

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto enforcing=0 vconsole.keymap=us rhgb quiet"

添加 enforcing=0 或者net.ifnames=0 biosdevname=0

GRUB_DISABLE_LINUX_UUID=true

存盘退出

执行 grub2-mkconfig --output /boot/grub2/grub.cfg



MacOS修改单个应用程序默认语言

背景

Mac系统语言设置的是英文,安装的Office语言默认也是英文。由于习惯了中文Office的使用,想把Office的语言设置成中文,    
方法之一就是直接修改系统的默认语言设置,但并不希望直接修改系统语言,仅想修改Office软件的默认语言

实现

1获取App的Bundle Identifier

Bundle Identifier是应用软件的标识,以Microsoft Word为例,Terminal中输入命令:

mdls -name kMDItemCFBundleIdentifier /Applications/Microsoft\ Word.app

2得到结果:

kMDItemCFBundleIdentifier = "com.microsoft.Word"

3修改应用程序默认语言

该操作需要用到第一步查到的应用程序Bundle Identifier,本例中是com.microsoft.Word,Terminal中输入命令:

defaults write com.microsoft.Word AppleLanguages '("zh_CN")'

阅读剩余部分...

RHEL7 禁用NetworkManager

systemctl stop NetworkManager

systemctl disable NetworkManager

一个LSI ​MegaCli的收集py脚本

前两天在电报群里面看到屌鸡在问这玩意顺道捡来的,我平时还是喜欢用MegaCli直接看。

这玩意其实就是把MegaCli的命令做了个集合输出,在使用前得先安装有MegaCli和python。

安装包地址:http://dl.kvm.la/lsi/MegaCli_All_OS

wget  https://raw.githubusercontent.com/eLvErDe/hwraid/master/wrapper-scripts/megaclisas-status
python megaclisas-status

supervisor+inotify监控管理nginx项目

安装supervisor

yum install epel-release -y
yum install supervisor inotify-tools -y
chkconfig --add supervisord
chkconfig --level 235 supervisord on

/etc/supervisord.conf增加的内容如下

[program:inotifywait]
command="/opt/inotifywait.sh"
numprocs=1


/opt/inotifywait.sh的配置内容如下:

cat  /opt/inotifywait.sh
#!/bin/bash
inotifywait -mrqe delete,create /opt/nginx | while read file
do nginx -s reload
echo `date`>>/tmp/rsync.log
done

supervisorctl常用命令

supervisorctl reload  //重载supervisor
supervisorctl update //更新supervisor
supervisorctl status //查看状态
supervisorctl update //更新新的配置到supervisord
supervisorctl start [all]|[x]     //启动所有/指定的程序进程
supervisorctl stop [all]|[x]      //关闭所有/指定的程序进程
supervisord          //启动supervisor
supervisord -c supervisor.conf   //通过配置文件启动supervisor
supervisorctl start test  //开启test服务