在安装了SourceMod之后,SM会自动更改游戏模式。所以使用map命令无法打开真正的写实模式。需要进游戏之后输入:
!rcon sm_cvar mp_gamemode mutation12
来强制更改。
Quit Bash Shell Without Saving Bash History (5 Methods)
Remove Only Current Session Bash History and Leave Older History Untouched
1. Quit Bash Shell Without Saving History: Unset HISTFILE
unset HISTFILE && exit
2. Quit Bash Shell Without Saving History: Kill Console
kill -9 $$
Remove/Delete Bash History Completely
3. Quit Bash Shell Without Saving History: Clear History Option
history -c && exit
4. Quit Bash Shell Without Saving History: Set HISTSIZE to 0 (zero)
HISTSIZE=0 && exit
5. Quit Bash Shell Without Saving History: Delete HISTFILE and Unset HISTFILE
rm -f $HISTFILE && unset HISTFILE && exit
VirtualBox虚拟机禁止时间同步
在一些情况下必须让VirtualBox虚拟客户机的时间和主机不同步,百度了一番终于找到方法:
首先关闭关闭windows time服务
net stop W32time
在VirtualBox虚拟客户机注册表下
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxService项下ImagePath值改为system32\VBoxService.exe –disable-timesync ,加上参数–disable-timesync ,禁止guest addition 启动时时间同步
Restart客户机 不同步了.
黑轴、青轴、茶轴、红轴、白轴的区别,兼机Cherry樱桃G80-3000茶轴版本使用感受
如果说性能,目前台机系统和笔记本系统、超极本系统都已经比较接近,现在玩台机的,一般是看中自己个性化的配置,以及一些经典的外设,包括显示器、机箱、键盘和鼠标。
现在随意进入一个外设论坛,键盘区几乎都在孜孜不倦的讨论机械键盘,机械键盘相对于现在键盘技术发展,似乎有些“倒退”,但实际使用感觉和效果来说,这种回归是很多键盘爱好者的必然选择。键盘的敲击手感和力回馈感觉,以及敲字时爽快、清脆的声音,让我们仿佛又恢复了“创作”的灵感,字符在手指间悄然流出。
关于五种轴的结构和感觉,先用图片给大家看下
黑轴手感描述:
黑轴特性:
超高触发:1.5mm
黄金触点
超长寿命,每个轴的寿命:5000万次。
青轴手感描述:
青轴特性:
超高触发:2.0mm
黄金触点
超长寿命,每个轴的寿命:2000万次。
茶轴手感描述:
茶轴特性:
超高触发:2.0mm
黄金触点
超长寿命,每个轴的寿命:5000万次。
红轴特征
与黑轴相似。但压力克数比黑轴小,起35,终60(黑轴起点为40)。是08年由著名厂商CHERRY出的新轴。手感比较轻盈。敲击时没有段落感,直上直下,触发键程也同为2.0mm,敲击时更加轻松,能很好兼顾游戏和打字的使用需求。目前Cherry已经开放机械红轴的使用权,除了原厂的机械红轴外,目前Filco、PLU、Ducky等都有相关产品。
白轴特征
段落感比茶轴强,由于压力克数较大,所以按起来比较费力,需2.2mm可触发,如果指力较小,很容易疲劳。有人将其比喻为Cherry的冬天,不仅因为它是白色的轴,由于压力克数比黑轴大,所以有一种陷入雪中的段落感,难以描述。从压力克数指数来看,青轴=茶轴<黑轴<白轴,所以在按键感觉上,茶轴和青轴键盘最轻松,而黑轴键盘按键需要的力度就是变大,而白轴会更大。
Convert .png to .eps on Mac
This is one of those tips that seems almost too easy to be true.
My resume and cover letters are written in LaTeX. LaTeX is a typesetting system often used for creating technical documents as it is particularly good at creating complex documents including scientific equations. I have been using it for a few years to draft documents both because it gives me a lot of control over the output and so that I could prepare myself for working with technical documents such as patents which are likely be written in LaTeX.
I wanted to include my signature in a cover letter. In order to do so in LaTeX, it required a graphic in .eps format. However, my signature was a .png image. I searched for awhile until I came across the answer which was so simple I felt silly for not knowing it.
I thought it may prove useful to someone else. This is a command line trick, so if you are not familiar with a terminal, this tip will not be of much help. Without further adieu:
Simply use the convert command line utility to convert it.
$ convert image.png image.eps
Yes, it was that easy! Out came a perfect .eps file which I was able to use in my LaTeX document. The convert command has all sorts of other options for resizing and many other things, but for simply doing a straight conversion, that was all!
Worth noting, while this worked for .png to .eps, it also works for.jpg to .eps and .gif to .eps. Have not tested anything else, but it appears to be pretty versatile!
denyhosts研究
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://linuxroad.blog.51cto.com/765922/673425
我在前天开始研究denyhosts这个软件,本来昨天就想写篇文章的,而直到现在,我还没有得到满意的答案。现在将它总结出来,全当解解气!囧
对于这个denyhosts,我耗费了太多的时间。光看那英文配置文件说明和安装说明我就几乎看了整整一上午。哎,没办法,我英语不好,很多单词不认识,只能用翻译软件翻译后再揣测其意思。大多安装配置文件算是看懂了。后来再参阅网上的文档,有了一定的了解。
只是当我安装后发现如下几个问题:
1,当我把denyhosts安装上启动后,结果/etc/hosts.deny文件中马上就有了我自己的ip地址在里面!晕死,我在安装后根本就还没有偿试登录过啊,又怎么被限制?(已解决)
2,在另一台机器上我设置了DENY_THRESHOLD_ROOT=5 ,安装后结果我root用户才输错一次密码就给我封杀了!按参数意思应该是5次机会啊!不用这么绝吧!(已解决)
3,我设置了PURGE_DENY=3m,即3分钟清除hosts.deny中添加的记录。结果我苦等十分钟还不见/etc/hosts.deny中添加的ip被清除!这不是存心不让我再次登录了吗?好在我当前的ssh连接没断开。要断开了岂不没得连了?(未解决)
4,这个所谓的阻止暴力破解,貌似只对ssh连接有效,我用ftp登录,然后不停的偿试登录,结果却没有被添加进阻止。(未解决)
5,我将hosts.deny文件中的用户列表删除后,不久后竟然又自动给添加进来了!我@#¥¥。。难道硬是不让我再次登录了?!!(已解决)
于是乎
一、自己思考,不停换各种方法偿试
二、找度娘,显然度娘对我的发问不敢兴趣!网上一大把denyhosts的配置文章,但就是没几个说问题的!看来看去说的内容也都几乎千篇一律!不得其果!
三、寻群友帮助,结果发了三群,各发几次,基本没人回应,回应了的也不知道。我狂汗!
四、实在不得已,又跑到官方网站上看那N多的FAQ!从上面找到了一点点的蛛丝马迹….
五、再做各种实验
下面公布我最近的研究战果!
首先贴上配置文件
[root@localhost denyhosts]# cat denyhosts.cfg
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 3m
BLOCK_SERVICE = ALL
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 5
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts
ADMIN_EMAIL =
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 5m
第一个问题:
分析:我在rhel6和centos6上分别安装了denyhosts软件。结果均出现此情况。我想,既然它是根据/var/log/secure文件中登录失败记录来是判断是否违规,那么,会不会是我在安装denyhosts之前的secure中的失败登录记录也被算作违规呢?那么我删了应该就不会有问题了吧。
办法:echo “” > /var/log/secure 即把secure日志文件全部清空!要注意的是,清空后一定要service rsyslog restart 重启日志记数器!因为如果你不重启服务,你会发现secure日志文件会停止记录一切活动了!那么denyhosts也就无效了。
结果:如果安装前就先清空,在安装denyhosts后,就不会自动出现禁止的IP了。
原理:根据官方FAQ上关于denyhosts对监控secure日志文件更新的原理,可以理解上述问题的原因。官方说明大概是这样的:denyhosts在/usr/share/denyhosts/data(即WORK_DIR)中的offset文件中记录了secure的首行记录。
如果说offset文件中的首行记录和现有secure中的首行记录相同,则比较现有secure和offset中最后记录的secure文件的大小,如果现有secure比记录中的secure文件大,则将secure中新增加的部分进行分析,并将新增加的失败登录行记录在了denyhosts记数器中。比如原来记录了root有3次登录失败,这次新增行中又发现了2次,那么一共就5次记录了。当超过DENY_THRESHOLD_ROOT中设立的值时,便将该IP加入hosts.deny中。如果现有secure文件和offset中记录的文件大小相同,则认为secure日志未更新。不做任何操作
如果offset文件中首行记录和现有secure中的首行记录不同,那么则认为secure文件是全新的。那么,offset会重新分析secure日志的所有行。
如果我们刚安装denyhosts,那么offset中并不会有secure日志文件头,也不会有secure日志文件大小的记录,那么denyhosts自然会分析所有的secure日志行,于是乎,我在安装denyhost前一周的所有的登录失败次数被累计起来,如果我在上一周内登录失败记录超过限制数,那么肯定就会在启动denyhosts后马上被加入黑名单了!(为什么是一周之内?因为secure日志文件记录的周期为一个星期!)
第二个问题:
和第一个问题是一个原因。只要先将secure清空再安装,一切就正常了。原因是,root用户在安装前就有了失败的记录,影响到denyhosts的次数判断。如你安装denyHosts之前root已经错误登录4次。那么你再用root登录1次就会发现登录不了了。我的其实安装denyhosts前日志中的记录就已经有4次了,所以马上被封杀了。
第三个问题(未解决):
截取的部分/var/log/denyhosts日志
2011-09-24 06:29:02,211 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:26:02 2011
2011-09-24 06:29:02,215 – denyfileutil: INFO num entries purged: 0
2011-09-24 06:34:02,527 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:31:02 2011
2011-09-24 06:34:02,535 – denyfileutil: INFO num entries purged: 0
2011-09-24 06:36:02,710 – denyhosts : INFO new denied hosts: [‘192.168.1.5’]
2011-09-24 06:39:02,898 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:36:02 2011
2011-09-24 06:39:02,900 – denyfileutil: INFO num entries purged: 0
2011-09-24 06:44:03,212 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:41:03 2011
2011-09-24 06:44:03,220 – loginattempt: INFO purging_hosts: [‘192.168.1.5’]
2011-09-24 06:44:03,223 – denyfileutil: INFO num entries purged: 1
2011-09-24 06:49:03,543 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:46:03 2011
2011-09-24 06:49:03,547 – denyfileutil: INFO num entries purged: 0
配置文件中PURGE_DENY = 3m 即表示每3分钟清除hosts.deny中的IP地址一次,并且计数器+1.如果设定的计数次数达到PURGE_THRESHOLD的值,那么它就永远不会从hosts.deny文件中清除,直到计数器被清零。 DAEMON_PURGE=5m表示每5分钟清零一次计数器。
从下面日志行中可以看出虽然我设置的为3分钟清除,但根本没有3分钟就清除这一说。而且根据我另一个实验,我将DEAMON_PURGE设置为了1h之后,别说3分钟了,一个小时都不会清除hosts.deny中的记录!PURGE_DENY参数真是瞎扯蛋!只不过如果要让它清除得快一点可以将DEAMON_PURGE这个参数的值设小一点,如我把它设为5分钟后,大概过5-10分钟不等的时间就会将hosts.deny中的记录删除。
2011-09-24 06:36:02,710 – denyhosts : INFO new denied hosts: [‘192.168.1.5’]
2011-09-24 06:49:03,543 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:46:03 2011
从下面日志行可以看出,DEAMON_PURGE=5m倒是一直很有效。
2011-09-24 06:29:02,211 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:26:02 2011
2011-09-24 06:29:02,215 – denyfileutil: INFO num entries purged: 0
2011-09-24 06:34:02,527 – denyfileutil: INFO purging entries older than: Sat Sep 24 06:31:02 2011
第四个问题(未解决)
不知道怎么回事。一台机器一开始一直无效,重启后有效了。另一台机器一直无效…同样的安装,同样的配置。不一样的结果!
第五个问题(已解决)
参考了官方文档才发现,原来不能单纯的只删除hosts.deny中的记录,要想删干净,得先service denyhosts stop .然后再把/usr/share/denyhosts/data目录下的其它文件中关于hosts.deny中的IP记录一并清空。再service denyhosts start即可。但有的时候只清除hosts.deny中的文件也可以。
总结:首先承认是我水平不行!但我不得不说的是,这个软件本身肯定也有很多不足之处!给我感觉有点垃圾!简直浪费时间!网络上一大串关于这个软件的配置,我真想问问他们是不是真的都自己做过?还是copy,copy,再copy来的?难道你们就没人遇到过这样的问题吗?
另外,有的文章说安装完后看到阻止自己远程登录的IP就代表生效了。我想问问你们思考过没有,自己IP都阻止了,那你还登录什么?!
有的文章说看到Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).就代表成功了。大哥,麻烦你关闭denyhosts再登录看看行吗?这根本不是denyhostst的阻止成功的效果!真正生效的结果应该是ssh_exchange_identification: Connection closed by remote host !
还有文章标题就说“denyhosts防止ssh和ftp暴力破解。不知道这个防ftp暴力破解你们做过没有?
好了,到此为止吧。全当发泄!再也不搞这烂东西了!简直浪费时间!
本文出自 “小子无名” 博客,请务必保留此出处http://linuxroad.blog.51cto.com/765922/673425
跟创智主机合作的香港合租计划终于开通
因为我个人比较喜欢折腾服务器,而手里又有比较多的服务器,所以决定折腾一下弄个廉价的合租给大家。
之前使用盗版DA做过一次尝试,但是效果非常不好,所以这几天用正版DA重新配置了一下。这次经过测试,运行WordPress已经完全木有问题了~演示站点:http://hk.wzx.me(暂时关闭)
因为是方便大家的,所以定价很低,¥8一个月,一个服10个用户,刚好够这台服务器的费用。基本不限流量,空间只有500M,不过放个网站足够了。因为小水管所以也不建议放大文件下载。
欢迎有需要的或者想弄个廉价的自己挂个Blog什么的亲前来选购。话说禁止放置任何类型的代理程序,被发现一律禁用账号不退款=。=
csgoserver: Counter Strike: Global Offensive Linux Server Manager
http://danielgibbs.co.uk/scripts/csgoserver/
About csgoserver
csgoserver is a command line tool for quick, simple deployment and management of a Counter Strike: Global Offensive Linux dedicated server.
Current Version: 251213
Main features
- Server installer (SteamCMD)
- Start/Stop/Restart server
- Server updater (SteamCMD)
- Server monitor (including email notification)
- Server backup
- Server console
Compatibility
The Linux Server Manager is tested to work on the following Linux systems.
- Debian based distros (Ubuntu, Mint etc.)
- Redhat based distros (CentOS, Fedora etc.)
The scripts are written in BASH and Python and would probably work with other distros.
Installation
The installer will automatically download and configure a Counter Strike: Global Offensive server.
Prerequisites
Before installing, please ensure you have all the dependencies required to run the script.
Ubuntu
Ubuntu 32-bit
apt-get install gdb mailutils postfix
Ubuntu 64-bit
apt-get install gdb mailutils postfix lib32gcc1
Debian
Debian 32-bit
apt-get install gdb mailutils postfix tmux ca-certificates
Debian 64-bit
dpkg --add-architecture i386
apt-get update
apt-get install gdb mailutils postfix tmux ca-certificates lib32gcc1
RHEL 6/CentOS 6
Note: EPEL repository or equivalent is required.
http://fedoraproject.org/wiki/EPEL
RHEL 6/CentOS 6 32-bit
yum install gdb mailx wget nano tmux
RHEL 6/CentOS 6 64-bit
yum install gdb mailx wget nano tmux glibc.i686 libstdc++.i686
Install
1. Create a user and login
adduser csgoserver
passwd csgoserver
su - csgoserver
2. Download the script
wget https://raw.github.com/dgibbs64/linuxgameservers/master/CounterStrikeGlobalOffensive/csgoserver
3. Make it executable
chmod +x csgoserver
4. Run the installer and follow the instructions
./csgoserver install
Usage
Running the server
Start the server
./csgoserver start
Stop the server
./csgoserver stop
Restart the server
./csgoserver restart
Updating the server
The server can be updated automatically using SteamCMD. The update option will stop the server, run the SteamCMD update and start the server again.
./csgoserver update
Monitoring the server
The script can monitor the server to ensure it is online. Should the server go offline, the monitor will attempt to start it again.
./csgoserver monitor
Note: see Automation on how to get monitor to run automatically.
Game Server Query Plugin
The Game Server Query plugin adds improved monitoring over the standard monitoring feature.
gsquery.py query’s the server to see if it responds with its server details. If it fails to respond the server will be restarted.
This is particularly useful for if a server has locked or frozen but the server instance/process is still running.
Install Game Server Query Plugin
Download gsquery.py to the same directory as the main script.
wget https://raw.github.com/dgibbs64/linuxgameservers/master/GameServerQuery/gsquery.py
Make it executable
chmod +x gsquery.py
To test is works run monitor and it will state that gsquery.py was detected.
Email notification
Monitoring can send you an email, should the server go offline, and report details of the issue. See example email below:
Enable email notification
nano csgoserver
# Notification Email # (on|off) emailnotification="on" email="email@example.com"
Test email notification
You can test email notifications are working without restarting the server.
./csgoserver email-test
Debug mode
Use debug mode to help you if you are having issues with the server. Debug allows you to see the output of the server directly to your terminal allowing you to diagnose any problems the server might be having.
./csgoserver debug
Server Details
If you need to get all main server details you can use the following command.
You will be given the following details if applicable to your server:
- Server Name
- Server Ports
- Rcon Password
- WebAdmin Username
- WebAdmin Password
This can be very useful if you have forgotten your servers details.
./cgsoserver details
Console mode
Console allows you to view the live console of a server as it is running and allow you to enter commands to it.
./csgoserver console
To exit the console press “CTRL+b d”
Note: pressing “CTRL+c” will terminate the server
Backup
Backup will allow you to create a complete gzip archive of the whole server.
This is designed to allow you to backup before making changes to the server just in case there is a problem.
Note: this is not designed to be an automated backup solution
./csgoserver backup
Automation
You can use cronjobs to automate the process of updating and monitoring the server. You can either run the cronjob as root or as the csgoserver user.
Server update
Update the server at 5am daily.
Root Cronjob
crontab -e
0 5 * * * su – csgoserver -c ‘/home/csgoserver/csgoserver update’ > /dev/null 2>&1
csgoserver Cronjob
crontab -e
0 5 * * * /home/csgoserver/csgoserver update > /dev/null 2>&1
Server Monitor
Check every 5 mins is the server is online.
Root Cronjob
crontab -e
*/5 * * * * su - csgoserver -c '/home/csgoserver/csgoserver monitor' > /dev/null 2>&1
csgoserver Cronjob
crontab -e
*/5 * * * * /home/csgoserver/csgoserver monitor > /dev/null 2>&1
Configuration
Start parameters
If you need to adjust the start parameters you can edit the ‘parms’ variable under ‘Start vars’ in the script.
parms="-game csgo -console -usercon +game_type 0 +game_mode 0 +mapgroup mg_bomb +map ${defaultmap}"
See this link for all available start parameters.
https://developer.valvesoftware.com/wiki/Command_Line_Options#Source_Dedicated_Server
Config File
The server has a default config file that will allow you to edit many different settings.
To find the config file use the details command.
./csgoserver details
Default ports
Gameport (Inbound): 27015 UDP
Source TV (Inbound): 27020 UDP
Client Port (Outbound): 27005 UDP
Should you need to change the port edit the start variables and amend the port to meet your requirements.
port="27015" sourcetvport="27020" clientport="27005"
Multiple Servers
It is possible to run multiple server instances.
I recommend repeating the installation however create a second user account and change the default ports.
Running as root
The script will not run as root and will error if you try. This is for security and to stop permissions issues. For example, if you run update as root any changed files are then owned by root. This means the csgoserver user will be unable to access the updated files causing the server to fail.
Useful Resources
Here are some useful resources that will help with management and configuration of your server.
Server wiki article: https://developer.valvesoftware.com/wiki/Counter-Strike:_Global_Offensive_Dedicated_Servers
CLI options wiki article: https://developer.valvesoftware.com/wiki/Command_Line_Options
SteamCMD wiki article: https://developer.valvesoftware.com/wiki/SteamCMD
Issues and troubleshooting
If you find a bug or have a suggestion please submit a bug report on GitHub .
https://github.com/dgibbs64/linuxgameservers/issues
If you have a question about the server that is not related to the script please check the games official website.
If you are having issues getting the script to work you probably haven’t followed the instructions correctly. If you are sure you have then please leave a comment below.
GitHub
This script is developed using GitHub you can view the full project here:
https://github.com/dgibbs64/linuxgameservers
Further notes
This script is free to use and you are welcome to customise and change it. I hope the script makes it easier to manage a Counter Strike: Global Offensive server.
Donate
Found my work helpful? Show your appreciation. Please consider donating and help cover my server costs.
PayPal: me@danielgibbs.co.uk
Spread the Word
You can help by spreading the word by letting people know about this script.
Tell your friends, Tweet, Facebook, post on forums or write a blog post.
Also I am interested to know if you are using using this script tweet me.
在CentOS/RHEL 6.2上使用YUM安装PHP5.4
本文适用于所有CentOS6及Red Hat Enterprise Linux6版本上安装php5.4,本人测试安装环境为32位CentOS6系统。
文章来源:PHP 5.4 on CentOS/RHEL 6.2 via Yum http://www.webtatic.com/packages/php54/
php5.4于2012年5月8号发布,从php5.4.0开始php加入了一些新特色如:
- Traits支持
- 内置了一个简单的Web服务器
- 提供了数组简短语法
- 直接对函数返回值进行数组取值
- 最终删除魔术方法及安全模式
你可以在这里看到更新日志。
这里使用 Webtatic EL6的YUM源来安装php5.4,我们首页安装Webtatic EL6 YUM源
- rpm -Uvh http://repo.webtatic.com/yum/el6/latest.rpm
安装php5.4
- yum install php54w
如果安装失败,建议您先卸载以前的php再进行安装,使用yum remove php php-*
附带的php扩展列表:
| Package | Provides |
|---|---|
| php54w | mod_php |
| php54w-bcmath | |
| php54w-cli | php-cgi, php-pcntl, php-readline |
| php54w-common | php-api, php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif, php-fileinfo, php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-json, php-libxml, php-openssl, php-pcre, php-pecl-Fileinfo, php-pecl-phar, php-pecl-zip, php-reflection, php-session, php-shmop, php-simplexml, php-sockets, php-spl, php-tokenizer, php-zend-abi, php-zip, php-zlib |
| php54w-dba | |
| php54w-devel | |
| php54w-embedded | php-embedded-devel |
| php54w-enchant | |
| php54w-fpm | |
| php54w-gd | |
| php54w-imap | |
| php54w-interbase | php_database, php-firebird |
| php54w-intl | |
| php54w-ldap | |
| php54w-mbstring | |
| php54w-mcrypt | |
| php54w-mssql | |
| php54w-mysql | php-mysqli, php_database |
| php54w-odbc | php-pdo_odbc, php_database |
| php54w-pdo | |
| php54w-pgsql | php-pdo_pgsql, php_database |
| php54w-process | php-posix, php-sysvmsg, php-sysvsem, php-sysvshm |
| php54w-pspell | |
| php54w-recode | |
| php54w-snmp | |
| php54w-soap | |
| php54w-tidy | |
| php54w-xml | php-dom, php-domxml, php-wddx, php-xsl |
| php54w-xmlrpc | |
| php54w-zts |
鉴于目前Webtatic对php5.3提供的扩展也就这么多,php5.4也就提供这些。www.linuxidc.com 其它扩展像 opcode caches目前还没有出来,但是Webtatic会努力的尽快公布出来。
注意事项
最新版本中的error_reporting 中E_ALL 现在包含了 E_STRICT,会出现更多的警告及错误提示。默认情况下error_reporting是关闭状态,但是如果是从旧的php版本中升级而来,php.ini可能得不到更新,error_reporting可能开启着。
关于php5.4在centos5上的安装升级
因为centos已经过去的版本了,用的越来越少,把php5.4移植到centos5上也需要大量的工作,估计够呛能完成啊。
Linux主机安全检查
查看版本,某些版本可能会包含特定的漏洞。
/etc/debian_version.
/etc/redhat-release
/etc/fedora-release
lsb_release -a #ubuntu
查看内核版本:
uname -a
查看开机时间,开机时间意味着有多长时间没有升级内核了。
uptime #check last kernel upgrade
查看时区:
cat /etc/timezone
时间服务
ps aux|grep ntp
时间服务log
ntpq -p -n
查看安装的软件包,也许会找到有漏洞的版本:
dpkg -l
查找有setuid的可执行文件:
find / -perm -u+s 2>/dev/null
登录日志记录:
/etc/rsyslog.conf
查看网络接口:
ip addr
查看dns是否被更改:
cat /etc/resolv.conf
查看hosts文件:
cat /etc/hosts
todo:导出shell
检查敏感文件的权限:
/etc/shadow
/etc/shadow.backup
/etc/mysql/my.cnf
备份的文件
检查有root权限的应用:
find / -perm -4000 -ls
检查用户:
cat /etc/passwd
检查用户的uid和guid是否是0:0,如果是0:0意味着他们登录后是root
确认无需登录用户bash是/bin/false或/bin/nologin
检查shadowfile
cat /etc/shadow
密码hash以$和$1$开头的分别是DES和MD5 hash,应当修改。
题外话:
在检查shadow文件的时候有这么一行
|
1
|
root:$6$BPoThzPl$2FDtPs0iYJfIBWVG1Z1BxuzSD7ZYTN.wdjkqyo7R0NlqgRiY9s0qsyQT1PhN.qfLYwYZglpzK72e4sU5Khr1B.:15664:0:99999:7:::
|
这个对应的用户名和密码是root:toor
检查chown和chmod的权限,普通用户应该不能访问这两个命令。
检查sudo配置文件
egrep -v ‘^#|^$’ /etc/sudoers
查看打开的端口和对应的进程
# lsof -i TCP -n -P
# lsof -i UDP -n -P
关闭ssh的root远程访问权限
echo ‘PermitRootLogig off’ >> /etc/ssh/sshd_config
强制ssh使用新版本加密:
echo ‘protocol 2′ >> /etc/ssh/sshd_config
如果无需远程访问mysql的话,将mysql端口绑定到127.0.0.1上:
cat /etc/mysql/my.cnf
[mysqld]
bind-address = 127.0.0.1
mysql登录:
|
1
|
mysql -u root #会有主机没密码么
|
mysql查看版本:
|
1
|
select @@version;
|
mysql查看用户和密码:
|
1
|
select Host, User, Password from mysql.user;
|
mysql查看密码hash:
|
1
|
select password(‘admin’)
|
mysql查看写文件权限:
|
1
|
SELECT user,file_priv FROM mysql.user WHERE FILE_PRIV=’Y’;
|
检查apache运行的用户:
ps aux|grep apache
在apache的配置文件里也能找到
|
1
2
3
4
5
|
#cat /etc/apache2/envvars
…
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
…
|
确认网站目录下的文件权限:
|
1
2
3
4
5
|
#ls -lR /var/www/
/var/www/wordpress/:
total 125
-rwxrwxrwx 1 www-data www-data 395 Jul 11 07:02 index.php
-rwxrwxrwx 1 www-data www-data 19929 Jul 11 07:02 license.txt
|
这个例子中的文件权限应该被改为 -rwx-r–r–
关闭apache在http头中输出版本,这是Debian的设置位置
|
1
|
#echo “ServerTokens Prod;\nServerSignature Off” >> /etc/apache2/conf.d/security
|
关闭文件目录遍历
cat /etc/apache2/sitesenable/000-default
|
1
2
3
4
5
6
|
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
deny from all
|
Php设置
display_errors Off
reviewerror_reporting E_ALL
log_errors On;
safe_mode On;
禁用函数 eval, exec, passthru, shell_exec, system, proc_open,
popen。
allow_url_ Off.