分类目录归档:系统管理

Windows\Linux\*nix系统管理

diff和patch使用指南

diff和patch是一对工具,在数学上来说,diff是对两个集合的差运算,patch是对两个集合的和运算。
diff比较两个文件或文件集合的差异,并记录下来,生成一个diff文件,这也是我们常说的patch文件,即补丁文件。
patch能将diff文件运用于 原来的两个集合之一,从而得到另一个集合。举个例子来说文件A和文件B,经过diff之后生成了补丁文件C,那么着个过程相当于 A -B = C ,那么patch的过程就是B+C = A 或A-C =B。
因此我们只要能得到A, B, C三个文件中的任何两个,就能用diff和patch这对工具生成另外一个文件。

这就是diff和patch的妙处。下面分别介绍一下两个工具的用法。 继续阅读

PowerShell 远程执行任务

基础

MS 定义了一个叫做 WS-Management 的协议,这个协议为计算机设备远程交换管理数据提供了一个公开的标准。在 Windows 平台上,MS 通过 Windows 远程管理服务(Windows Remote Management service,简称 WinRM) 实现了 WS-Management 协议。这就是我们可以通过 PowerShell 执行远程操作的基础,因为 PowerShell 就是通过 WinRM 服务来进行远程操作的。 继续阅读

How to Convert Certificate Encodings (DER, JKS, PEM) for TLS/SSL Clients and Services

Client and server processes require specific certificate and keystore file formats. For example, when configured for TLS Level 2, Cloudera Manager Server requires a Java KeyStore (JKS) formatted truststore and certificate to present to requesting Cloudera Manager Agent hosts. The Hue client also connects to Cloudera Manager Server, but Hue requires a PEM-formatted certificate.

Certificates issued by a CA in one format (encoding) can be used to create certificates in a different format using Java Keytool and OpenSSL as detailed below. 继续阅读

Lynis:面向Linux系统的安全审查和扫描工具

 

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis 2.2.0 :面向Linux系统的安全审查和扫描工具

Lynis是最可靠的自动化审查工具之一,可用于基于Unix/Linux的系统中的软件补丁管理、恶意软件扫描和安全漏洞检测。这款工具适用于审查人员、网络及系统管理员、安全专家和渗透测试人员。

经过几个月开发后,现在发布了一个新的主要升级版:Lynis 2.2.0,它随带一些新的功能和测试以及许多小的改进之处。我鼓励所有Linux用户测试并升级到Lynis的这个最新版本。

我们在本文中将介绍在Linux系统中如何使用tarball源文件安装Lynis 2.2.0(Linux审查工具)。 继续阅读

Nginx配置WebService、MySQL、SQL Server、ORACLE等代理

nginx配置webservice

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    upstream esbServer {   
        server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;   
    }

    #gzip  on;

    server {
        listen       8081;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /ladder_web {
            proxy_set_header X-real-ip $remote_addr;
            proxy_pass http://esbServer;
        }

       
    }

}

nginx 配置mysql代理 — 基于nginx1.9以上 stream module 继续阅读

Command Line-Version (SetACL.exe) – Syntax and Description

For a quick start, tell SetACL the following:

  • Object name (-on): This is the path to the object SetACL should operate on (file/directory/registry key/network share/service/printer).
  • Object type (-ot): What kind of object does the object name refer to: file or directory (file), registry key (reg), service (srv), printer (prn), network share (shr)?
  • Action (-actn): What should SetACL do with the object specified?

Example:

SetACL.exe -on c:\Windows -ot file -actn list

SetACL.exe -on c:\Windows -ot file -actn list

This lists the permissions set on the Windows directory in the default list format (CSV).

Have a look at the examples section to get an idea what more complex commands look like. 继续阅读

CentOS / RHEL 7 : How to disable IPv6

https://wiki.centos.org/FAQ/CentOS7

Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

To disable in the running system:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

or

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

Additional note #1: If problems with X forwarding are encountered on systems with IPv6 disabled, edit /etc/ssh/sshd_config and make either of the following changes:

(1) Change the line

#AddressFamily any

to

AddressFamily inet

(inet is ipv4 only; inet6 is ipv6 only)

or

(2) Remove the hash mark (#) in front of the line

#ListenAddress 0.0.0.0

Then restart ssh.

Additional note #2: If problems with starting postfix are encountered on systems with IPv6 disabled, either

(1) edit /etc/postfix/main.cf and comment out the localhost part of the config and use ipv4 loopback.

#inet_interfaces = localhost
inet_interfaces = 127.0.0.1

or

(2) take out the ipv6 localhost from /etc/hosts .

Additional Note #3 : To disable RPCBIND ipv6 (rpcbind, rpc.mountd, prc.statd) remark out the udp6 and tcp6 lines in /etc/netconfig:

udp        tpi_clts      v     inet     udp     -       -
tcp        tpi_cots_ord  v     inet     tcp     -       -
#udp6       tpi_clts      v     inet6    udp     -       -
#tcp6       tpi_cots_ord  v     inet6    tcp     -       -
rawip      tpi_raw       -     inet      -      -       -
local      tpi_cots_ord  -     loopback  -      -       -
unix       tpi_cots_ord  -     loopback  -      -       -

继续阅读

How To Setup SSH Keys on a Linux / Unix System

I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?

I am assuming that you are using Linux or Unix-like server and client with the following software:

  • OpenSSH SSHD server
  • OpenSSH ssh client and friends on Linux (Ubuntu, Debian, {Free,Open,Net}BSD, RHEL, CentOS, MacOS/OSX, AIX, HP-UX and co).

继续阅读

SSL证书格式转换工具

一. 转换PEM 证书

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b 
-certfile CACert.cer

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in 
certificate.crt -certfile CACert.crt

二. 转换P7B 证书

继续阅读

How to change Registry Permissions with RegIni.exe (VBScript)

Today I’ll show how we can set the following permissions on a registry key with RegIni.exe and a VBScript:

– Creator Owner Full Control
– Users Full Control
– Power Users Full Control
– Administrators Full Control
– System Full Control

I will set the permissions here for testing purposes:

– HKEY_CLASSES_ROOT\AlejaCMaTypelib
– HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp

And for that I will need to create a special regini.exe script which will have the following contents:

HKEY_LOCAL_MACHINE\Software\Classes\AlejaCMaTypelib [1 5 7 11 17]
HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp [1 5 7 11 17]

Notes:
– With regini.exe I won’t be able to set Users Full Control, but Everyone Full Control.
– HKEY_CLASSES_ROOT = HKEY_LOCAL_MACHINE\Software\Classes 继续阅读