分类 运维技术 下的文章

安装crontab:

yum install crontabs

说明:
/sbin/service crond start //启动服务
/sbin/service crond stop //关闭服务
/sbin/service crond restart //重启服务
/sbin/service crond reload //重新载入配置

查看crontab服务状态:service crond status

手动启动crontab服务:service crond start

查看crontab服务是否已设置为开机启动,执行命令:ntsysv

加入开机自动启动:
chkconfig –level 35 crond on

1,crontab命令

功能说明:设置计时器。

语  法:crontab [-u <用户名称>][配置文件] 或 crontab [-u <用户名称>][-elr]

补充说明:cron是一个常驻服务,它提供计时器的功能,让用户在特定的时间得以执行预设的指令或程序。只要用户会编辑计时器的配置文件,就可以使 用计时器的功能。其配置文件格式如下:
Minute Hour Day Month DayOFWeek Command

参  数:
-e  编辑该用户的计时器设置。
-l  列出该用户的计时器设置。
-r  删除该用户的计时器设置。
-u<用户名称>  指定要设定计时器的用户名称。

2,crontab 格式

基本格式 :
* *  *  *  *  command
分 时 日 月 周  命令

第1列表示分钟1~59 每分钟用*或者 */1表示
第2列表示小时1~23(0表示0点)
第3列表示日期1~31
第4列 表示月份1~12
第5列标识号星期0~6(0表示星期天)
第6列要运行的命令

# Use the hash sign to prefix a comment
# +—————- minute (0 – 59)
# | +————- hour (0 – 23)
# | | +———- day of month (1 – 31)
# | | | +——- month (1 – 12)
# | | | | +—- day of week (0 – 7) (Sunday=0 or 7)
# | | | | |
# * * * * * command to be executed

crontab文件的一些例子:

30 21 * * * /etc/init.d/nginx restart
每晚的21:30重启 nginx。

45 4 1,10,22 * * /etc/init.d/nginx restart
每月1、 10、22日的4 : 45重启nginx。

10 1 * * 6,0 /etc/init.d/nginx restart
每周六、周日的1 : 10重启nginx。

0,30 18-23 * * * /etc/init.d/nginx restart
每天18 : 00至23 : 00之间每隔30分钟重启nginx。

0 23 * * 6 /etc/init.d/nginx restart
每星期六的11 : 00 pm重启nginx。

* */1 * * * /etc/init.d/nginx restart
每一小时重启nginx

* 23-7/1 * * * /etc/init.d/nginx restart
晚上11点到早上7点之间,每 隔一小时重启nginx

0 11 4 * mon-wed /etc/init.d/nginx restart
每月的4号与每周一到周三 的11点重启nginx

0 4 1 jan * /etc/init.d/nginx restart
一月一号的4点重启nginx

*/30 * * * * /usr/sbin/ntpdate 210.72.145.20
每半小时同步一下时间

转载:http://www.ha97.com/910.html

wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar zxf bfd-current.tar.gz
./install.sh
执行程序 —> /usr/local/bfd/bfd
BFD配置文件 —> /usr/local/bfd/bfd/conf.bfd
BFD ftp 规则 —> /usr/local/bfd/rules/proftpd

接下来我们打开BFD的配置文件,对密码错误尝试次数进行限制和配置使用什么防火墙封锁IP。

一、登入失败尝试次数限制

# how many failure events must an address have before being blocked?
# you can override this on a per rule basis in /usr/local/bfd/rules/
TRIG="5"

该设置意思为,登入失败五次执行封锁命令

二、封锁执行程序

如果使用APF防火墙默认即可,如果我们使用CSF作为防火墙,修改为

BAN_COMMAND="/usr/sbin/csf -d $ATTACK_HOST {bfd.$MOD}"

如果使用Iptables则修改为

BAN_COMMAND= "iptables -A INPUT -s $ATTACK_HOST -j DROP"

使用系统 route 命令, 丢弃该IP数据,则

BAN_COMMAND="route add -host $ATTACK_HOST reject"

三、启动BFD

/usr/local/bfd/bfd -q —> (安静输出)

/usr/local/bfd/bfd -s —–> (标准输出)

/usr/local/bfd/bfd -a ——> (尝试错误列表输出)

最后,检查防火墙黑名单文件,检查穷举IP是否被正确封锁。

/etc/csf/csf.deny
/etc/apf/apf.deny

参考:http://corpocrat.com/2010/01/02/preventing-brute-force-attacks-on-ftp-server/

新的VPS给客户安装WDCP后无法安装Wordpress,点击提交数据库资料安装的时候页面被重定向,恢复WP后也无法打开插件、主题等页面。解决方法可以登入ssh,执行下面的命令:

mv /usr/lib64/libsqlite3.so.0.8.6 /usr/lib64/libsqlite3.so.0.8.6.bak

mysql中如果我们开启bin-log日志全在mysql目录发现大量的mysql-bin.000001,mysql-bin.000002等,如果多了会发现占很大的空间,下面我来介绍mysql-bin日志关闭与删除方法。

日记删除
首先使用root权限账户登入mysql
#mysql -u root -pxxxxx
执行:mysql> reset master;
完成后退出:exit;

关闭日记或定时删除
编辑 my.cnf 注释 log-bin=mysql-bin 重启mysql即可
如果需要定时删除则 expire_logs_days = 3
意思为3天删除

为了减少一些误报,我们需要把 Directadmin 的一些值得信赖的服务添加CSF/LFD例外。编辑/etc/csf/csf.pignore 输入以下内容:

cmd:spamd child
exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/bin/fetchmail
exe:/usr/bin/freshclam
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/managesieve
exe:/usr/libexec/dovecot/managesieve-login
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/gam_server
exe:/usr/libexec/hald-addon-acpi
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/local/bin/clamd
exe:/usr/local/bin/freshclam
exe:/usr/local/bin/pureftpd_uploadscan.sh
exe:/usr/local/directadmin/dataskq
exe:/usr/local/directadmin/directadmin
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/mysql-5.1.54-linux-x86_64/bin/mysqld
exe:/usr/local/php53/bin/php53
exe:/usr/local/php53/bin/php-cgi53
exe:/usr/local/php53/bin/php_uploadscan.sh
exe:/usr/local/php53/sbin/php-fpm53
exe:/usr/local/php54/bin/php54
exe:/usr/local/php54/bin/php-cgi54
exe:/usr/local/php54/bin/php_uploadscan.sh
exe:/usr/local/php54/sbin/php-fpm54
exe:/usr/local/php55/bin/php55
exe:/usr/local/php55/bin/php-cgi55
exe:/usr/local/php55/bin/php_uploadscan.sh
exe:/usr/local/php55/sbin/php-fpm55
exe:/usr/local/php56/bin/php56
exe:/usr/local/php56/bin/php-cgi56
exe:/usr/local/php56/bin/php_uploadscan.sh
exe:/usr/local/php56/sbin/php-fpm56
exe:/usr/local/sbin/nginx
exe:/usr/sbin/exim
exe:/usr/sbin/hald
exe:/usr/sbin/httpd
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/sbin/named
exe:/usr/sbin/nginx
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/sshd

然后重启LFD:

/etc/init.d/lfd restart

来自:https://www.plugins-da.net/info/csf-lfd-exceptions-for-directadmin-csf.pignore
p.s. Based on this thread: http://forum.directadmin.com/showthread.php?t=49424

[Sun Sep 21 17:37:10 2014] [emerg] (28)No space left on device: Couldn't create accept lock (/var/log/httpd/accept.lock.8411) (5)

下午收到监控邮件有台DirectAdmin服务器Apache服务无法启动,检查错误日记后,发现如上错误。首先df -h检查硬盘是否饱和,然后ipcs -s检查ipc,发现是ipc不足。如下所示

# ipcs -s 
------ Semaphore Arrays -------- 
key semid owner perms nsems 
0x00000000 19234816 apache 600 1 
0x00000000 19267585 apache 600 1 
0x00000000 19300354 apache 600 1 
0x00000000 19398659 apache 600 1 
0x00000000 19431428 apache 600 1 
0x00000000 19464197 apache 600 1 
0x00000000 19562502 apache 600 1
………………

执行如下命令清除然后重启Apache即可

ipcs -s | grep apache | perl -lane 'print `ipcrm sem $F[1]`'
service httpd restart

引起这个问题的原因可能是apache没有被正确的关闭。写了个简单的shell可以加入crontab定期执行

#!/bin/bash
rm -rf /var/log/weed/ipcs.log
ipcs -s >> /var/log/weed/ipcs.log
ipcslist=`grep -c "" /var/log/weed/ipcs.log`
if [ "$ipcslist" -ge "20" ]; then
ipcs -s | perl -ane '/^0x00000000/ && `ipcrm -s $F[1]`'
echo $(date) "Ipc crowded, clean up" >> /var/log/weed/ipcs_clean.log
fi

#! /bin/bash
#====================================================================
# sys-mon.sh
#
# Copyright (c) 2011, WangYan <webmaster@wangyan.org>
# All rights reserved.
# Distributed under the GNU General Public License, version 3.0.
#
# Monitor system mem and load, if too high, restart some service.
#
# See: https://wangyan.org/blog/sys-mon-shell-script.html
#
# V 0.5, Date: 2011-12-08
#====================================================================
 
# Need to monitor the service name
# Must be in /etc/init.d folder exists
NAME_LIST="httpd nginx mysql"
 
# Single process to allow the maximum CPU (%)
PID_CPU_MAX="25"
 
# The maximum allowed memory (%)
PID_MEM_SUM_MAX="95"
 
# The maximum allowed system load
SYS_LOAD_MAX="6"
 
# Log path settings
LOG_PATH="/var/log/sys-mon.log"
 
# Date time format setting
DATA_TIME=$(date +"%y-%m-%d %H:%M:%S")
 
# Your email address
EMAIL="webmaster@example.com"
 
# Your website url
MY_URL="http://106.187.38.210/p.php"
 
#====================================================================
 
for NAME in $NAME_LIST
do
    PID_CPU_SUM="0";PID_MEM_SUM="0"
    PID_LIST=`ps aux | grep $NAME | grep -v root`
 
    IFS_TMP="$IFS";IFS=$'\n'
    for PID in $PID_LIST
    do
        PID_NUM=`echo $PID | awk '{print $2}'`
        PID_CPU=`echo $PID | awk '{print $3}'`
        PID_MEM=`echo $PID | awk '{print $4}'`
#       echo "$NAME: PID_NUM($PID_NUM) PID_CPU($PID_CPU) PID_MEM($PID_MEM)"
 
        PID_CPU_SUM=`echo "$PID_CPU_SUM + $PID_CPU" | bc`
        PID_MEM_SUM=`echo "$PID_MEM_SUM + $PID_MEM" | bc`
 
        if [ `echo "$PID_CPU >= $PID_CPU_MAX" | bc` -eq 1 ];then
            if [[ "$NAME" = "php-fpm" || "$NAME" = "httpd" ]];then
                sleep 5
                if [ `echo "$PID_CPU >= $PID_CPU_MAX" | bc` -eq 1 ];then
                    echo "${DATA_TIME}: kill ${NAME}($PID_NUM) successful (CPU:$PID_CPU)" | tee -a $LOG_PATH
                    kill $PID_NUM
                fi
            else
                echo "${DATA_TIME}: [WARNING!] ${NAME}($PID_NUM) cpu usage is too high! (CPU:$PID_CPU)" | tee -a $LOG_PATH
            fi
        fi
    done
    IFS="$IFS_TMP"
 
    SYS_LOAD=`uptime | awk '{print $(NF-2)}' | sed 's/,//'`
    SYS_MON="CPU:$PID_CPU_SUM MEM:$PID_MEM_SUM LOAD:$SYS_LOAD"
#   echo -e "$NAME: $SYS_MON\n"
 
    SYS_LOAD_TOO_HIGH=`awk 'BEGIN{print('$SYS_LOAD'>'$SYS_LOAD_MAX')}'`
    PID_MEM_SUM_TOO_HIGH=`awk 'BEGIN{print('$PID_MEM_SUM'>'$PID_MEM_SUM_MAX')}'`
 
    if [[ "$SYS_LOAD_TOO_HIGH" = "1" || "$PID_MEM_SUM_TOO_HIGH" = "1" ]];then
        /etc/init.d/$NAME stop
        sleep 5
        for ((i=1;i<4;i++))
        do
            if [ `pgrep $NAME | wc -l` = "0" ];then
                echo "$DATA_TIME: Stop $NAME successful! ($SYS_MON)" | tee -a $LOG_PATH
                break
            else
                echo "${DATA_TIME}: [WARNING!] Stop $NAME failed[$i]! ($SYS_MON)" | tee -a $LOG_PATH
                pkill $NAME && killall $NAME
            fi
        done
        /etc/init.d/$NAME start
        sleep 5
        for ((ii=1;ii<4;ii++))
        do
            if [ `pgrep $NAME | wc -l` != "0" ];then
                echo "$DATA_TIME: Start $NAME successful!" | tee -a $LOG_PATH
                break
            else
                echo "${DATA_TIME}: [WARNING!] Start $NAME failed[$ii]! ($SYS_MON)" | tee -a $LOG_PATH
                /etc/init.d/$NAME start
                sleep 5
            fi
        done
        if [ `pgrep $NAME | wc -l` != "0" ];then
            echo "${DATA_TIME}: [ERROR!] Start $NAME failed! ($SYS_MON)" | mail -s "Start $NAME failed" $EMAIL
        fi
    fi
done
 
STATUS_CODE=`curl -o /dev/null -s -w %{http_code} $MY_URL`
#echo -e "STATUS CODE: $STATUS_CODE\n"
 
if [ "$STATUS_CODE" != "200" ];then
    sleep 3
    STATUS_CODE=`curl -o /dev/null -s -w %{http_code} $MY_URL`
    if [ "$STATUS_CODE" != "200" ];then
        echo "${DATA_TIME}: [WARNING!] Website Downtime! ($SYS_MON)" | tee -a $LOG_PATH
        echo "${DATA_TIME}: [WARNING!] Website Downtime! ($SYS_MON)" | mail -s "Start $NAME failed" $EMAIL
    fi
fi

#!/usr/bin/env python
#-*- coding: utf-8 -*-
#=============================================================================
#     FileName:
#         Desc:
#       Author: 苦咖啡
#        Email: voilet@qq.com
#     HomePage: http://blog.kukafei520.net
#      Version: 0.0.1
#      History:
#=============================================================================

import os
import sys
import re
import smtplib

#设定邮件
fromaddr = "smtp.qq.com"
toaddrs = ["voilet@qq.com"]
username = "voilet"
password = "xxxxxx"

#设置白名单
pass_file = ["api_ucenter.php"]

#定义发送邮件函数
def sendmail(toaddrs,sub,content):
    '发送邮件模块'
    # Add the From: and To: headers at the start!
    msg = ("From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n"
           % (fromaddr, ", ".join(toaddrs), sub))
    msg += content
    server = smtplib.SMTP('mail.funshion.com', 25,)
    server.login(username, password)
    server.sendmail(fromaddr, toaddrs, msg)
    server.quit()

#设置搜索特征码
rulelist = [
    '(\$_(GET|POST|REQUEST)\[.{0,15}\]\(\$_(GET|POST|REQUEST)\[.{0,15}\]\))',
    '(base64_decode\([\'"][\w\+/=]{200,}[\'"]\))',
    'eval\(base64_decode\(',
    '(eval\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
    '(assert\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
    '(\$[\w_]{0,15}\(\$_(POST|GET|REQUEST)\[.{0,15}\]\))',
    '(wscript\.shell)',
    '(gethostbyname\()',
    '(cmd\.exe)',
    '(shell\.application)',
    '(documents\s+and\s+settings)',
    '(system32)',
    '(serv-u)',
    '(提权)',
    '(phpspy)',
    '(后门)',
    '(webshell)',
    '(Program\s+Files)',
    'www.phpdp.com',
    'phpdp',
    'PHP神盾',
    'decryption',
    'Ca3tie1',
    'GIF89a',
    'IKFBILUvM0VCJD\/APDolOjtW0tgeKAwA',
    '\'e\'\.\'v\'\.\'a\'\.\'l\'',
]

def Scan(path):
    for root,dirs,files in os.walk(path):
        for filespath in files:
            isover = False
            if '.' in filespath:
                ext = filespath[(filespath.rindex('.')+1):]
                if ext=='php' and filespath not in pass_file:
                    file= open(os.path.join(root,filespath))
                    filestr = file.read()
                    file.close()
                    for rule in rulelist:
                        result = re.compile(rule).findall(filestr)
                        if result:
                            print '文件:'+os.path.join(root,filespath)
                            print '恶意代码:'+str(result[0])
                            print '\n\n'
                            sendmail(toaddrs,"增值发现恶意代码",'文件:'+os.path.join(root,filespath)+"\n" + '恶意代码:'+str(result[0]))
                            break

try:
    if os.path.lexists("/home/web_root/"):
        print('\n\n开始扫描:'+ "/home/web_root/")
        print('               可疑文件                 ')
        print('########################################')
        Scan("/home/web_root/")
        print('提示:扫描完成--~')
    else:
        print '提示:指定的扫描目录不存在--- '
except IndexError:
    print "请指定扫描文件目录"

来自:http://blog.kukafei520.net/html/2013/811.html

一个简单的系统监控脚本,有需要的朋友可以参考下。

#!/bin/bash
time=`date +"%Y-%m-%d %H:%M:%S"`
d=`date +%m%d`
N=`ps -ef | grep httpd | grep -v grep | wc -l`
Q=`ps -ef | grep java | grep -v grep | wc -l`
[ -d /root/check_log/ ] || mkdir /root/check_log
IP=`ifconfig eth0 | sed -n '2'p | awk '{print $2}' | awk -F':' '{print $2}'`
M=`uptime | awk '{print $8,$9,$10,$11,$12}'`
O=`ifconfig eth0 | sed -n '8'p | awk '{print $3,$4}'`
P=`ifconfig eth0 | sed -n '8'p | awk '{print $7,$8}'`
R=`ifconfig eth1 | sed -n '8'p | awk '{print $3,$4}'`
S=`ifconfig eth1 | sed -n '8'p | awk '{print $7,$8}'`
A=`top -bn1 | sed -n '2'p | awk '{print $2}'`
B=`top -bn1 | sed -n '2'p | awk '{print $10}'`
echo ****************************$IP**************************** >> /root/check_log/$d.log
echo "系统当前时间:" >> /root/check_log/$d.log
echo $time >> /root/check_log/$d.log
echo "---------------------check system load------------------" >> /root/check_log/$d.log
echo "系统当前负载:" >> /root/check_log/$d.log
echo $M >> /root/check_log/$d.log
echo "---------------------check 总进程数---------------------" >> /root/check_log/$d.log
echo "系统当前总进程数:" >> /root/check_log/$d.log
echo $A >> /root/check_log/$d.log
echo "系统当前僵死进程数:" >> /root/check_log/$d.log
echo $B >> /root/check_log/$d.log
echo "---------------------check 应用进程数--------------------" >> /root/check_log/$d.log
echo "当前apache进程数:" >> /root/check_log/$d.log
echo $N >> /root/check_log/$d.log
echo "当前java进程数" >> /root/check_log/$d.log
echo $Q >> /root/check_log/$d.log
echo "---------------------check Tcp连接状态-------------------" >> /root/check_log/$d.log
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a,S[a]}' >> /root/check_log/$d.log
echo "---------------------check 网卡流量-----------------------" >> /root/check_log/$d.log
echo "当前eth0网卡流量:" >> /root/check_log/$d.log
echo "接收总流量:$O" >> /root/check_log/$d.log
echo "发送总流量:$P" >> /root/check_log/$d.log
echo "当前eth1网卡流量:" >> /root/check_log/$d.log
echo "接收总流量:$R" >> /root/check_log/$d.log
echo "发送总流量:$S" >> /root/check_log/$d.log
echo "-----------------------------check cpu load------------------------------" >> /root/check_log/$d.log
echo "系统当前cpu负载:" >> /root/check_log/$d.log
sar -u 1 10 | grep -v Linux | grep -v ^$ >> /root/check_log/$d.log
echo "-----------------------------check mem load------------------------------" >> /root/check_log/$d.log
echo "系统当前内存信息:" >> /root/check_log/$d.log
cat /proc/meminfo >> /root/check_log/$d.log
echo "-----------------------------check 磁盘空间------------------------------" >> /root/check_log/$d.log
echo "系统当前磁盘容量:" >> /root/check_log/$d.log
df -h >> /root/check_log/$d.log
echo "-----------------------------check io load-------------------------------" >> /root/check_log/$d.log
echo "系统当前io磁盘负载:" >> /root/check_log/$d.log
iostat 1 10 | grep -v ^$ | grep -v Linux | grep -v dm | grep -v hdc >> /root/check_log/$d.log
find /root/check_log/ -mtime +6 |xargs rm -f

来自:http://www.jbxue.com/article/4472.html