Posts

Showing posts from July, 2008

Edit /etc/inittab After Changes Without Rebooting Server

# Type the command as follows after updating /etc/inittab
kill -HUP 1

Hide BIND DNS Sever Version

# Open your named.conf
options
{
query-source port 53;
query-source-v6 port 53;
listen-on { 174.ttt.xx.yy; };
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
dnssec-enable yes;
recursion no;
allow-notify { 174.zzz.yy.zz; 172.xx.yy.zz; };
version "BIND";
};

# Save and close the file. Restart named, enter:
service bind9 restart

# How do I see bind version?
dig @ns1.softlayer.com -c CH -t txt version.bind

Limit disk I/O for rsync Tool

# rsync --delete --numeric-ids --relative --delete-excluded --bwlimit=10000 /path/to/source /path/to/dest/

Tunnel X Windows Securely over SSH

SSH is frequently used to tunnel insecure traffic over the Internet in a secure way. Simply type the following command:

$ ssh -X user@remote.node

You can requests compression of all data to improve up user experience (good for a low speed link such as wan link) using -c option:
$ ssh -c -X user@remote.node

Once logged in type any X windows program name such as:
$ xeys &
$ oowriter &

To start kde type:
$ startkde &

To start default desktop type:
$ startx

SSH port forwarding bypass Firewall (tunneling)

ssh -f -L {local-port}:localhost:{remote-server-port} user@remote.server.com

#The following example tunnels port 3001 session from client machine 127.0.0.1 (localhost) to remote server called "server.node"
ssh -f -L 3001:localhost:3001 user@server.node
#The connection is forwarded to port 3001 on the remote server. If 3001 is web based app, open a web browser and type the url http://localhost:3001/


You can also create a script as follows (open.3001):
$ vi ~/open.3001

#Append following code:
#!/bin/bash
ME="$(basename $0)"
SSHUSER=username
SERVER=remote.example.com
[ $ME == "open.3001" ] && ssh -N -f -L 3001:localhost:3001 ${SSHUSER}@${SERVER} || :
[ $ME == "open.10000" ] && ssh -N -f -L 10000:localhost:10000 ${SSHUSER}@${SERVER} || :
[ $ME == "open.3000" ] && ssh -N -f -L 3000:localhost:3000 ${SSHUSER}@${SERVER} || :

# Set permissions, enter:
$ chmod +x ~/open.3001

# Create soft-link, enter:
$ ln -s ~/open.3001 ~/open.10000
$ …

Use pam_access to restrict SSH connection

# Open file /etc/security/access.conf
vi /etc/security/access.conf

# Append following line:
-: ALL EXCEPT root username:123.123.123.123
# only accept login access from root/username from IP address 123.123.123.123

# Save the file and Open /etc/pam.d/sshd file :
vi /etc/pam.d/sshd

# Append following entry
account required pam_access.so


Other examples:

-:root:ALL EXCEPT LOCAL
# allow any users except root from anywhere, and root only from localhost.
-:root:ALL EXCEPT 123.123.123.123
# allow any users except root from anywhere, and root only from 123.123.123.123.

-:ALL EXCEPT root username:ALL
# Deny network and local login to all users except for user root and username

+ : root : 192.168.1.0/24
# Only allow root user login from 192.168.1.0/24 network:


Linux - SSH basic security setting

拳王

笑到碌地

Speed up NTFS

# disbale "last erad access"
c:\> Fsutil behavior set disablelastaccess 1

Linux - VirtualBox Guest Additions limits Screen Resolution

When guest systems with the Guest Additions installed are started using the graphical frontend (the normal VirtualBox application), they will not be allowed to use screen 1249 Advanced topics resolutions greater than the host’s screen size unless the user manually resizes them by dragging the window, switching to fullscreen or seamless mode or sending a video mode hint using VBoxManage. This behavior is what most users will want, but if you have different needs, it is possible to change it by issuing one of the following commands from the command line:

Remove all limits on guest resolutions
VBoxManage setextradata global GUI/MaxGuestResolution any
Restores the default settings
VBoxManage setextradata global GUI/MaxGuestResolution auto

Change the listening port for Remote Desktop

1. Start Registry Editor.
regedit

2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

3. On the Edit menu, click Modify, and then click Decimal.

4. Type the new port number, and then click OK.

5. Quit Registry Editor.

6. Reboot

NTLDR 毀損可能是不正常系統重開機

NTLDR 毀損可能是不正常系統重開機或硬體不良造成也有可能是因為誤刪檔案所造成

恢復方法如下:
1. 請先進入Bios改成光碟機開機
2. 放入Windows XP安裝光碟並且啟動 Windows xp 至修復主控台
(就是按 R 進入修復模式)
3. 輸入所安裝的 Windows 作業系統,如只有一個作業系統,請輸入 1 後按Enter
4. 輸入 Administrator 的密碼後按Enter、沒有設密碼者請直接按Enter
5. 輸入 map 然後按 Enter 則出現光碟機代號
6. 畫面會跳到 C:\WINDOWS>
請輸入 cd\ 跳到 C:\
7. 輸入以下指令並按下Enter、(光碟機以 E 為例)
copy E:\i386\ntldr c:\
copy E:\i386\ntdetect.com c:\
8. 系統會詢問是否覆蓋檔案請按 Y 然後 Enter
9. 輸入 Exit 並取出光碟重新啟動
10.如果以上都不行、請直接重裝作業系統,重裝時選擇不要刪除現有磁碟切割區,
仍然把系統安裝在先前的系統磁區,如此可以保存原有的資料。

IBM ~ Linux

電單車表演

sysbench Can't create TCP/IP socket

使用sysbench測試MySQL最大並發連接,出現上面的錯誤。原因是操作系統對一個進程打開的文件句柄數量有限制,其中包含打開的SOCKET數量。

ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 4
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 1024
cpu time (seconds, -t) unlimited
max user processes (-u) 7168
virtual memory (kbytes, -v) unlimited

注意上面open files是1024,因此我發現當建立了1024個連接之後就會報錯。

這個值通常不能用ulimit命令來改(除非是在root下測試)。需要修改/etc/security/limits.conf,增加如:
gulei hard nofile 16384
gulei soft nofile 16384

最左側是用戶名,即對gulei用戶進程打開文件的限制。
這樣設置以後,如果是用ssh登錄的,可能還無法生效。需要再執行一下su $USER才能生效。
比如:
ulimit -a

core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 4
max memory size (kbytes, -m) unlimited
open files …

Configure Your Linux Login From Serial Port

1. /etc/grub/grub.conf
# Insert "serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1" in Globle Config .
# Insert "console=tty0 console=ttyS0,9600n8" in Kernel parameter .
# About 9600 Speed you can modified make to 38400 , 115200 , 230000.......any number..!!

default=0
timeout=5
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal serial --timeout=10 serial console

splashimage=(hd0,1)/boot/grub/splash.xpm.gz
title RH8.0 (2.4.18-14)
root (hd0,1)
kernel /boot/vmlinuz-2.4.18-14 ro root=LABEL=/ console=tty0 console=ttyS0,9600n8
initrd /boot/initrd-2.4.18-14.img



2. /etc/inittab
# Insert "2:2345:respawn:/sbin/agetty ttyS0 9600 vt100"
# Because mingetty not support Serial Port

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
# 2:2345:respawn:/sbin/mingetty tty2
2:2345:respawn:/sbin/agetty ttyS0 9600 vt100
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty t…

Linux - Stuck at "grub loading stage2 ..."

1. Boot from CD
2. linux rescue mode
3. execute:
# chroot /mnt/sysimage
# /sbin/grub-install /dev/hda
# exit
# reboot

解決開機時出現 NTLDR is missing 的問題

恢復方法如下:
1. 請先進入Bios改成光碟機開機
2. 放入Windows XP安裝光碟並且啟動 Windows xp 至修復主控台
(就是按 R 進入修復模式)
3. 輸入所安裝的 Windows 作業系統,如只有一個作業系統,請輸入 1 後按Enter
4. 輸入 Administrator 的密碼後按Enter、沒有設密碼者請直接按Enter
5. 輸入 map 然後按 Enter 則出現光碟機代號
6. 畫面會跳到 C:\WINDOWS>
請輸入 cd\ 跳到 C:\
7. 輸入以下指令並按下Enter、(光碟機以 E 為例)
copy E:\i386\ntldr c:\
copy E:\i386\ntdetect.com c:\
8. 系統會詢問是否覆蓋檔案請按 Y 然後 Enter
9. 輸入 Exit 並取出光碟重新啟動
10.如果以上都不行、請直接重裝作業系統,重裝時選擇不要刪除現有磁碟切割區,
仍然把系統安裝在先前的系統磁區,如此可以保存原有的資料。