OPTION: -f apache log file,default=/var/log/nginx/access.log -n output the last K lines {full|500000},default=full -t threshold for the number of requests from same IP address,default=1000 -c threshold for the number of requests from same class C IP address,default=3000 -m show number of IP,default=100 -s show IP allow list -i show IP location -v show this information RESULT: IP Count: ./log/kickleech_manual_ip_count.log Class C IP Count: ./log/kickleech_manual_ipc_count.log IP Detail: ./log/kickleech_manual_ip_info.log IP Result: ./log/kickleech_manual_ip_bad.log
301 Moved Permanently:该方式将所有的 HTTP 请求重定向到 HTTPS 上,并且该重定向是永久性的。客户端在收到 301 响应后,会自动将 HTTP 请求转为 GET 请求,同时将请求地址修改为重定向后的地址。这意味着,如果原始请求是 POST 请求,那么 301 重定向会将其转变为 GET 请求。此外,浏览器会缓存 301 响应,下一次请求时会直接跳转到 HTTPS 上。
302 Found / 303 See Other:这两种方式将所有的 HTTP 请求临时性地重定向到 HTTPS 上。302 Found 的响应会将请求方法保持不变,同时将请求地址修改为重定向后的地址。而 303 See Other 则会将所有请求方法转变为 GET 方法,并将请求地址修改为重定向后的地址。这两种方式都不会缓存响应,下一次请求时会再次发起请求。
307 Temporary Redirect:该方式将所有的 HTTP 请求临时性地重定向到 HTTPS 上,并且会保留原始的请求方法。这意味着,如果原始请求是 POST 请求,那么重定向后的请求仍然是 POST 请求。同时,请求地址也会被修改为重定向后的地址。与 302 Found 类似,307 Temporary Redirect 不会缓存响应,下一次请求时会再次发起请求。
iptables开放内网端口4505和4506 iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 -m multiport –dports 4505,4506 -j ACCEPT /etc/init.d/iptables save
启动 /etc/init.d/salt-master start
开机启动 chkconfig salt-master on chkconfig –list salt-master
查看当前salt版本 salt –version salt 3000.5
查看当前salt组件版本 salt –versions-report Salt Version: Salt: 3000.5
Dependency Versions: cffi: Not Installed cherrypy: Not Installed dateutil: Not Installed docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 2.8.1 libgit2: Not Installed M2Crypto: Not Installed Mako: Not Installed msgpack-pure: Not Installed msgpack-python: 0.6.2 mysql-python: Not Installed pycparser: Not Installed pycrypto: 2.6.1 pycryptodome: Not Installed pygit2: Not Installed Python: 2.7.13 (default, May 8 2020, 22:36:22) python-gnupg: Not Installed PyYAML: 3.11 PyZMQ: 14.5.0 smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.0.5
System Versions: dist: centos 6.7 Final locale: UTF-8 machine: x86_64 release: 2.6———.el6.x86_64 system: Linux version: CentOS 6.7 Final
3.安装 minion 端
在minion机 配置yum源 wget -O /etc/yum.repos.d/salt.repo https://archive.repo.saltproject.io/yum/redhat/6/x86_64/saltstack-rhel6.repo sed -i ‘s/repo.saltstack.com/archive.repo.saltproject.io/g’ /etc/yum.repos.d/salt.repo
yum list |grep salt
修复[Errno 14]ssl错误 Loading mirror speeds from cached hostfile https://archive.repo.saltproject.io/yum/redhat/6/x86_64/latest/repodata/repomd.xml: [Errno 14] problem making ssl connection Trying other mirror. 关闭salt源,修改salt.repo 将里面的enabled=1改成enabled=0 sed -i ‘s/enabled=1/enabled=0/g’ /etc/yum.repos.d/salt.repo sed -n ‘/^enabled=/p’ /etc/yum.repos.d/salt.repo
2.编辑组 不要用I@ 会匹配不到 vim /etc/salt/master.d/group.conf nodegroups: proxy: ‘E@c1g-w0[1-7]’ nginx: ‘E@c1g-w0[8-9] or E@c1g-w[1][0-9] or E@c1g-w2[0-3] or E@c1g-w3[3-6] or L@c1g-w31’ bak: ‘L@c1g-w37’ manage: ‘E@c1g-w2[4-8] or E@c1g-w3[0-2]’
无需重启
3.测试组 salt -N proxy test.version salt -N nginx test.version c1g-w35: 3000.5 c1g-w36: 3000.5
默认的规则是使用glob匹配minion id salt ‘‘ test.ping salt ‘node‘ test.ping 正则表达式 salt ‘node[1|2]’ test.ping salt ‘node[!2]’ test.ping salt -E ‘server[1-3]’ test.ping salt -E ‘node(1|2)’ test.ping 指定列表 salt -L ‘server2,server3’ test.ping 指定ip salt -S ‘192.168.0.13’ test.ping 指定ip段 salt -S ‘192.168.0.0/24’ test.ping
测试 salt ‘*’ test.echo ‘hello’
网络 https://docs.saltproject.io/en/latest/ref/modules/all/salt.modules.network.html salt ‘‘ network.ping baidu.com # 使用ping命令测试到某主机的连通性 salt ‘‘ network.connect baidu.com 80 # #测试minion至某一台服务器的网络是否连通 salt ‘‘ network.default_route #查看默认路由 network.get_route #查询到一个目标网络的路由信息 network.netstat #返回所有打开的端口和状态 network.routes #返回当前路由表 salt ‘‘ network.get_hostname # 获取主机名 salt ‘‘ network.active_tcp # 返回所有活动的tcp连接 salt ‘‘ network.ip_addrs # 返回一个IPv4的地址列表 salt ‘‘ network.get_fqdn # 查看主机的fqdn(完全限定域名) salt ‘‘ network.interfaces
salt ‘‘ service.available sshd # 查看ssh服务是否可达 salt ‘‘ service.get_all # 查看所有启动的服务 salt ‘‘ service.status nginx # 查看指定服务是否在线 salt ‘‘ state.show_top # 查看top_file情况 salt ‘*’ disk.usage
查看进程 salt c1g-w01 cmd.run ‘ps aux|grep titanagent’ c1g-w01:
查看chconfig zabbix是否开启 salt ‘c1g-w01’ cmd.run ‘chkconfig –list|grep zabbix_agentd’ salt -N bak cmd.run ‘chkconfig –list|grep zabbix_agentd’ salt ‘*’ cmd.run ‘chkconfig –list|grep zabbix_agentd’
echo 'no-poll' >> /etc/dnsmasq.conf
echo 'strict-order' >> /etc/dnsmasq.conf
echo 'resolv-file=/etc/dnsmasq.d/resolv.dnsmasq.conf' >> /etc/dnsmasq.conf
echo 'addn-hosts=/etc/dnsmasq.d/dnsmasq.hosts' >> /etc/dnsmasq.conf
echo 'log-queries' >> /etc/dnsmasq.conf
echo 'cache-size=1024' >> /etc/dnsmasq.conf
echo 'listen-address=127.0.0.1,10.100.131.1' >> /etc/dnsmasq.conf
cp /etc/hosts /etc/dnsmasq.d/dnsmasq.hosts
vi /etc/resolv.conf
nameserver 127.0.0.1
vi /etc/dnsmasq.d/resolv.dnsmasq.conf
nameserver 114.114.114.114
nameserver 223.5.5.5
dnsmasq --test
dnsmasq: syntax check OK.
/etc/init.d/dnsmasq start
chkconfig dnsmasq on
iptables -A INPUT -p tcp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m state -s 192.168.0.0/24 --state NEW --dport 53 -j ACCEPT
/etc/init.d/iptables save
客户端 vi /etc/resolv.conf nameserver 192.168.0.56
dnsmasq -v Dnsmasq version 2.48 Copyright (C) 2000-2009 Simon Kelley Compile time options IPv6 GNU-getopt DBus no-I18N DHCP TFTP “–bind-interfaces with SO_BINDTODEVICE”
This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free software, and you are welcome to redistribute it under the terms of the GNU General Public License, version 2 or 3.
checking for a Python interpreter with version >= 2.5… none configure: error: no suitable Python interpreter found configure: error: ./configure.gnu failed for modules/afamqp/rabbitmq-c
tar -zxvf eventlog_0.2.12.tar.gz cd eventlog-0.2.12 ./configure –prefix=/usr/local/eventlog_0.2.12 make && make install cd /usr/local/ ln -s eventlog_0.2.12 eventlog cd –
2.安装libol mv files?path=%2Flibol%2F0.3%2Flibol-0.3.18.tar.gz libol-0.3.18.tar.gz tar -zxvf libol-0.3.18.tar.gz cd libol-0.3.18 ./configure –prefix=/usr/local/libol-0.3.18 make && make install cd /usr/local/ ln -s libol-0.3.18 libol cd –
tar -zxvf syslog-ng_3.3.9.tar.gz cd syslog-ng-3.3.9 ./configure –prefix=/usr/local/syslog-ng_3.3.9 –with-libol=/usr/local/libol/ –enable-pcre –disable-ipv6 make && make install cd /usr/local/ ln -s syslog-ng_3.3.9 syslog-ng
/usr/local/syslog-ng_3.3.9/sbin/syslog-ng -V
二.方式1配置
vi /opt/nginx/conf/nginx.conf access_log syslog:local5:notice:/dev/log:adminsyslog.c1gstudio.com access ;
近期评论