C1G军火库 http://blog.c1gstudio.com 关注互联网、网页设计、Web开发、服务器运维优化、项目管理、网站运营... Fri, 12 Mar 2010 07:53:17 +0000 http://wordpress.org/?v=2.7.1 en hourly 1 使用Oracle JRockit 提高tomcat性能 http://blog.c1gstudio.com/archives/954 http://blog.c1gstudio.com/archives/954#comments Tue, 09 Mar 2010 05:07:24 +0000 C1G http://blog.c1gstudio.com/?p=954 http://www.oracle.com/technology/software/products/jrockit/index.html

这里选择Oracle JRockit Real Time 3.1.2 for Java version 61 Linux x86-64 大概121M

http://download.oracle.com/otn/bea/jrockit/jrrt-3.1.2-1.6.0-linux-x64.bin

必需要登录后才能下载,wget不好使,用windows下载后再传到服务器上。

chmod u+x jrrt-3.1.2-1.6.0-linux-x64.bin
./jrrt-3.1.2-1.6.0-linux-x64.bin
根据提示一步步安装。
我安装在/usr/jrrt-3.1.2-1.6.0 目录下,做个软连接到/usr/jrrt
ln -s /usr/jrrt-3.1.2-1.6.0 /usr/jrrt

修改环境变量,如果之前有设置,只需修改JAVA_HOME到新路径
vi /etc/profile

  1. #set for j2sdk
  2.   JAVA_HOME=/usr/jrrt
  3.   export JAVA_HOME
  4.   CLASSPATH=$JAVA_HOME/jre/lib/ext/jcert.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/jpda.jar:$JAVA_HOME/lib/tools.jar
  5.   export CLASSPATH
  6.   PATH=.:$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin
  7.   export PATH

关闭tomcat
source /etc/profile
启动tomcat,完成

参考:
http://javaworld.org.ru/java_2344.html

]]> http://blog.c1gstudio.com/archives/954/feed Red Hat Certified Engineer (RHCE) http://blog.c1gstudio.com/archives/952 http://blog.c1gstudio.com/archives/952#comments Thu, 04 Mar 2010 07:42:37 +0000 C1G http://blog.c1gstudio.com/?p=952  

Exam Preparation

Courses you should take: Level of Linux Expertise:
None Some Much Expert
Standard Track * Rapid Track **
RH033 Red Hat Linux Essentials yes      
RH131 Red Hat System Administration
or
RH133 Red Hat Linux Administration (and RHCT Exam)		 yes yes    
RH253 Red Hat Linux Networking and Security Administration yes yes    
RH300 Red Hat Rapid Track Course (and RHCE Exam)     yes  
RH302 RHCE Exam yes yes   yes

http://www.redhat.com/certification/rhce/

]]> http://blog.c1gstudio.com/archives/952/feed The RHCSS, RHCDS & RHCA Exam Prep Guides are now available on the web. http://blog.c1gstudio.com/archives/948 http://blog.c1gstudio.com/archives/948#comments Thu, 04 Mar 2010 07:32:54 +0000 C1G http://blog.c1gstudio.com/?p=948  

RHCSS Prep Guide URLs:
https://www.redhat.com/certification/ex333/prep_guide/
https://www.redhat.com/certification/ex423/prep_guide/
https://www.redhat.com/certification/ex429/prep_guide/

RHCDS Prep Guide URLs:
https://www.redhat.com/certification/ex401/prep_guide/
https://www.redhat.com/certification/ex423/prep_guide/
https://www.redhat.com/certification/ex436/prep_guide/

RHCA Prep Guide URLs:
https://www.redhat.com/certification/ex333/prep_guide/
https://www.redhat.com/certification/ex401/prep_guide/
https://www.redhat.com/certification/ex423/prep_guide/
https://www.redhat.com/certification/ex436/prep_guide/
https://www.redhat.com/certification/ex442/prep_guide/

Course Outline

rh436 https://www.redhat.com/courses/rh436_red_hat_enterprise_clustering_and_s...
rh333 https://www.redhat.com/courses/rhs333_red_hat_enterprise_security_networ...
rh410 https://www.redhat.com/courses/rh401_red_hat_enterprise_deployment_virtu...
rh423 https://www.redhat.com/courses/rh423_red_hat_enterprise_directory_servic...
rh442 https://www.redhat.com/courses/rh442_red_hat_enterprise_system_monitorin...

]]> http://blog.c1gstudio.com/archives/948/feed TinyMCE中只对部分Textarea起作用 http://blog.c1gstudio.com/archives/946 http://blog.c1gstudio.com/archives/946#comments Thu, 04 Mar 2010 07:28:54 +0000 C1G http://blog.c1gstudio.com/?p=946 方法一:mode与elements是搭配使用

mode与elements是搭配使用的,用来指定渲染name在elements中的HTML元素为TinyMCE编辑器(可以是DIV或者Textarea),比如:
mode : "exact",elements : "example_textarea"
也可以单独用 mode : "textareas",这样页面中所有的Textarea元素都会被渲染。

  1. tinyMCE.init({
  2. mode : "exact",
  3. elements : "example_textarea",
  4. });

方法二:选项editor_selector和editor_deselector

这个选项指定一个CSS class 名,当textarea要被转换时需要。它让你通过在属性中增加CSS class 名选择特定的 textareas 转换。如果选项没有被设值,这个选项不会有任何作用。而由 mode 来指定要转换的textarea。如果你想要转换所有的编辑器,而排除特定的编辑器,请查看 editor_deselector 选项。

editor_selector 选项的使用示例:

  1. tinyMCE.init({
  2.         ...
  3.         editor_selector : "mceEditor"
  4. });

在 HTML 中的使用示例:

  1. <textarea id="myarea1" class="mceEditor">This will be a editor.</textarea>
  2. <textarea id="myarea2">This will NOT be a editor.</textarea>

选项:editor_deselector

这个选项指定一个 CSS class 名,这样就不会将含有该class名的 textareas 转换成编辑器实例。如果没有设任何值,这个选项没有任何作用。而是由mode 选项来指定要转换的 textarea。 选项的默认值是 "mceNoEditor",因此如果将 mceNoEditor 加入一个 textarea 的 class 属性中,这个 textarea 则不会被转换。

editor_deselector 选项的使用示例:

  1. tinyMCE.init({
  2. ...
  3. editor_deselector : "mceNoEditor"
  4. });

在 HTML 中的使用示例:

  1. <textarea id="myarea1" class="mceNoEditor">This will be a NOT be a editor.</textarea>
  2. <textarea id="myarea2">This will be a editor.</textarea>

参考:
http://www.visame.org/entry/12016/

]]> http://blog.c1gstudio.com/archives/946/feed 去除/var/log/messages中crond信息 http://blog.c1gstudio.com/archives/943 http://blog.c1gstudio.com/archives/943#comments Thu, 04 Mar 2010 06:52:06 +0000 C1G http://blog.c1gstudio.com/?p=943 messages含有过多的crond重复信息,影响阅读

tail /var/log/messages

  1. Mar  4 14:18:01 localhost crond(pam_unix)[625]: session opened for user root by (uid=0)
  2. Mar  4 14:18:01 localhost crond[626]: (root) CMD (/bin/sh /opt/shell/session_gc.sh > /dev/null 2>&1)
  3. Mar  4 14:18:01 localhost crond(pam_unix)[625]: session closed for user root
  4. Mar  4 14:19:01 localhost crond(pam_unix)[761]: session opened for user root by (uid=0)
  5. Mar  4 14:19:01 localhost crond[762]: (root) CMD (/bin/sh /opt/shell/session_gc.sh > /dev/null 2>&1)
  6. Mar  4 14:19:01 localhost crond(pam_unix)[761]: session closed for user root
  7. Mar  4 14:20:01 localhost crond(pam_unix)[1172]: session opened for user root by (uid=0)
  8. Mar  4 14:20:01 localhost crond[1174]: (root) CMD (if [ -x /usr/bin/vnstat ] && [ `ls /var/lib/vnstat/ | wc -l` -ge 1 ]; then /usr/bin/vnstat -u; fi)
  9. Mar  4 14:20:01 localhost crond(pam_unix)[1173]: session opened for user root by (uid=0)
  10. Mar  4 14:20:01 localhost crond[1175]: (root) CMD (/bin/sh /opt/shell/session_gc.sh > /dev/null 2>&1)

修改syslog.conf,在messages的输出中增加cron.none;auth.none
cron和认证信息可以在/var/log/secure和/var/log/cron中查看
vi /etc/syslog.conf

  1. *.info;mail.none;authpriv.none;cron.none;auth.none              /var/log/messages

重启服务
/etc/init.d/crond restart

参考:
http://www.chinarhcx.com/node/7

]]> http://blog.c1gstudio.com/archives/943/feed Java虚拟机的最大内存限制 http://blog.c1gstudio.com/archives/941 http://blog.c1gstudio.com/archives/941#comments Wed, 03 Mar 2010 08:48:26 +0000 C1G http://blog.c1gstudio.com/?p=941 tomcat有内存限制,增加内存后可能会起不来.

tail /opt/tomcat/logs/catalina.out

  1. Could not create the Java virtual machine.
  2. Error occurred during initialization of VM
  3. Could not reserve enough space for object heap
  4. Could not create the Java virtual machine.
  5. Error occurred during initialization of VM
  6. Could not reserve enough space for object heap
  7. Could not create the Java virtual machine.

反复调试到3650M可以起来

  1. CATALINA_OPTS='-Xms2800m -Xmx3650m'
  2. JAVA_OPTS='-Xms2800m -Xmx3650m

系统环境
centos5.2 64bit
8G mem
2G swap

java version "1.6.0"
OpenJDK Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)

]]> http://blog.c1gstudio.com/archives/941/feed linux下查看硬盘型号等信息 http://blog.c1gstudio.com/archives/939 http://blog.c1gstudio.com/archives/939#comments Mon, 01 Mar 2010 02:57:12 +0000 C1G http://blog.c1gstudio.com/?p=939 在准备替换或加装硬盘时,如何得到硬盘信息?
可以用smartctl,hdparm等命令来查询。

在日志中显示硬盘有坏扇区
tail /var/log/messages

  1. Mar  1 09:42:55 c1g smartd[1848]: Device: /dev/hda, 2 Currently unreadable (pending) sectors
  2. Mar  1 09:42:55 c1g smartd[1848]: Device: /dev/hda, 2 Offline uncorrectable sectors

dmesg中也有错误信息
dmesg

  1. ide: failed opcode was: unknown
  2. hda: no DRQ after issuing WRITE
  3. ide0: reset: success
  4. hda: status timeout: status=0xd0 { Busy }

对硬盘做一下健康检查
smartctl -H /dev/hda

  1. smartctl version 5.33 [i386-redhat-linux-gnu] Copyright (C) 2002-4 Bruce Allen
  2. Home page is http://smartmontools.sourceforge.net/
  3.  
  4. === START OF READ SMART DATA SECTION ===
  5. SMART overall-health self-assessment test result: PASSED

检测通过,保险起见还是准备换硬盘。
查看下当前硬盘的型号,可以得到硬盘接口为SATAII,及尺寸大小3.5"
smartctl -a /dev/hda

  1. smartctl version 5.33 [i386-redhat-linux-gnu] Copyright (C) 2002-4 Bruce Allen
  2. Home page is http://smartmontools.sourceforge.net/
  3.  
  4. === START OF INFORMATION SECTION ===
  5. Device Model:     ST3160815AS
  6. Serial Number:    6RA7DWM4
  7. Firmware Version: 4.AAB
  8. User Capacity:    160,040,803,840 bytes
  9. Device is:        Not in smartctl database [for details use: -P showall]
  10. ATA Version is:   7
  11. ATA Standard is:  Exact ATA specification draft version not indicated
  12. Local Time is:    Mon Mar  1 10:36:55 2010 CST
  13. SMART support is: Available - device has SMART capability.
  14. SMART support is: Enabled
  15.  
  16. === START OF READ SMART DATA SECTION ===
  17. SMART overall-health self-assessment test result: PASSED

hdparm也可以得到硬盘型号
hdparm -i /dev/hda

  1. /dev/hda:
  2.  
  3.  Model=ST3160815AS, FwRev=4.AAB, SerialNo=6RA7DWM4
  4.  Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% }
  5.  RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
  6.  BuffType=unknown, BuffSize=8192kB, MaxMultSect=16, MultSect=off
  7.  CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=268435455
  8.  IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
  9.  PIO modes:  pio0 pio1 pio2 pio3 pio4
  10.  DMA modes:  mdma0 mdma1 mdma2
  11.  UDMA modes: udma0 udma1 udma2
  12.  AdvancedPM=no WriteCache=enabled
  13.  Drive conforms to: device does not report version:
  14.  
  15.  * signifies the current active mode

也可以通过主板型号来得知支持的硬盘
dmidecode

  1. System Information
  2.                 Manufacturer: Gigabyte Technology Co., Ltd.
  3.                 Product Name: 945GCM-S2L
]]> http://blog.c1gstudio.com/archives/939/feed 如何确认处理器是否支持xen虚拟化 http://blog.c1gstudio.com/archives/936 http://blog.c1gstudio.com/archives/936#comments Thu, 25 Feb 2010 05:43:52 +0000 C1G http://blog.c1gstudio.com/?p=936 半虚似化要求 (Para-virtualization)
64位cpu都支持,32位cpu需支持(PAE)
以Intel (R) Pentium(R) Dual CPU E2140 @ 1.60GHz为例

  1. cat /proc/cpuinfo | grep flags
  2. flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm pni monitor ds_cpl est tm2 xtpr

以上包含了pae

全虚似化要求(Fully-virtualization)
需Intel VT(vmx)和AMD’s AMD-V(svm)功能
以Intel Xeon CPU E5504 @ 2.00GHz为例

  1. cat /proc/cpuinfo |grep flags
  2. flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx rdtscp lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr popcnt lahf_lm

包含了pae及vmx

注:
.一些厂商禁止了机器BIOS中的VT选项, 这种方式下VT不能被重新打开.
./proc/cpuinfo仅从Linux 2.6.15(Intel)和Linux 2.6.16(AMD)开始显示虚拟化方面的信息. 请使用uname -r命令查询您的内核版本.

参考:
http://linux.vbird.org/linux_enterprise/xen.php

]]> http://blog.c1gstudio.com/archives/936/feed KVM虚拟化常见问题 http://blog.c1gstudio.com/archives/934 http://blog.c1gstudio.com/archives/934#comments Thu, 25 Feb 2010 05:32:27 +0000 C1G http://blog.c1gstudio.com/?p=934 你将需要一台运行最新linux内核的Intel处理器(含VT虚拟化技术)或AMD处理器(含SVM安全虚拟机技术的AMD处理器, 也叫AMD-V).

     什么是Intel VT/AMD-V?

      Intel VT和AMD’s AMD-V是一套与支持该技术的虚拟机监视器相结合的硬件增强特性(指令集扩展). kvm可在原始硬件速度下通过运行完全隔离的虚拟机来执行任务.
      如何确认处理器含有Intel VT或AMD-V技术?

      在最新的Linux内核下运行:
     egrep ‘^flags.*(vmx|svm)’ /proc/cpuinfo

      如有显示, 您的处理器具有VT功能. 你也可以通过厂商网站查询处理器型号的名称(在/proc/cpuinfo).

     注:
    .一些厂商禁止了机器BIOS中的VT选项, 这种方式下VT不能被重新打开.
./proc/cpuinfo仅从Linux 2.6.15(Intel)和Linux 2.6.16(AMD)开始显示虚拟化方面的信息. 请使用uname -r命令查询您的内核版本.

       如有疑问, 请联系硬件厂商.

      kvm支持哪些用户空间工具?

     kvm使用稍改动的qemu程序来创建虚拟机. 一旦运行后, 虚拟机是一个标准的进程. 你可以使用top(1),kill(1),taskset(1)和类似的工具来管理虚拟机.

    kvm支持哪些虚拟磁盘格式?

    kvm从qemu继承了丰富的磁盘格式, 包括裸映象(raw images), 原始qemu格式(qcow), VMware格式和更多.

     kvm和Xen有何区别?

     Xen是一个外部的hypervisor程序(虚拟机管理程序);它能够控制虚拟机和给多个客户机分配资源. 另一方面, kvm是linux的一部分, 可使用通常的linux调度器和内存管理. 这意味着kvm更小更易使用.

    另一方面, Xen同时支持全虚拟化和半虚拟化(修改过的客户机能有更好的性能). kvm当前不支持半虚拟化.

    kvm和VMware有何区别?

    VMware是一个专利产品. kvm是一个遵守GPL­的自由(开源)软件.

     kvm和QEMU有何区别?

   Qemu使用模拟器; kvm使用处理器扩展实现虚拟化.

   kvm有windows上的版本吗?

    当前没有.

     kvm支持哪些内核版本?

     kvm可以运行在最新的内核版本下(2.6.16或更高, 最好是用最新的内核)

      我需要多什么RAM(内存)才能运行kvm?

    你需要足够的内存在主机上运行单个或多个虚拟机. 建议主机内存至少1GB.

   KVM上的虚拟机支持哪些操作系统?

     我们已经测试了Linux(32/64位)和Windows(32位). 其它也许能够运行或不能运行.
不支持64位的Windows操作系统, 该问题会在qemu-0.83发布和整合后修复.
Intel处理器上几个Linux发行版在启动时候会挂起. 工作区需要取消grub中的splashscreen选项.

        KVM支持动态迁移功能吗(在不离线的情况下把虚拟机从一个主机移到另一个主机上)?

      现在kvm支持非动态迁移, 当内存数据需转移的时候, 系统需要停止. 动态迁移功能正在开发当中.

       kvm能够在64为主机上运行32位的客户机吗? 什么是PAE?

       kvm支持在64位主机上运行32位客户机, 也可以是任何PAE或非PAE客户机和主机组合. 但不支持在32位主机上运行64位客户机.

         如果我对一个VM进程使用kill -9将会发生什么?

        从客户机的角度来看, 就如你猛地把电源线从主机上拔出一样. 从主机的角度来看, 进程被杀掉, 进程占用的所有资源被施放.

        kvm支持SMP主机吗?

        支持.

         如何安装windows客户机?

         当前Windows客户机安装存在一点问题, 问题在APIC的实现上. 现在APIC由qemu来模拟, 而qemu还没有完全整合到kvm虚拟cpu中. 我们正加紧在kvm中实现APIC功能.

        到现在, 启动qemu请使用-no-acpi参数. 如果你的客户机需使用APIC HAL, 建议参考下面步骤:

        1. 关闭kvm运行客户机(-no-kvm)
My Computer -> Properties -> Hardware -> Device Manager -> [Whatever under Computer] -> Properties -> Update Driver -> Not at this time -> Next -> Install from a list -> Next -> Don’t search -> Next -> Standard PC -> Next.
   “Standard PC”是无acpi支持的HAL.

         Qumranet提供哪些产品?
       Qumranet是一家由Qequoia Capital和Norwest Venture Partners (NVP)投资的初创公司, 当前公司处于准备运营当中(正在加紧开发公司的产品).
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/JDMBA/archive/2007/03/08/1524365.aspx

]]> http://blog.c1gstudio.com/archives/934/feed 网站挂马 http://blog.c1gstudio.com/archives/931 http://blog.c1gstudio.com/archives/931#comments Thu, 04 Feb 2010 02:29:52 +0000 C1G http://blog.c1gstudio.com/?p=931 收到google小组的邮件

主题: Malware notification regarding www.c1gstudio.com

Dear site owner or webmaster of www.c1gstudio.comm,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

http://www.c1gstudio.com/?q=Asp
http://www.c1gstudio.com/?q=CPA
http://www.c1gstudio.com/?q=LTE

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//www.c1gstudio.com/%3Fq%3DAsp

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you've secured your site, you can request that the warning be removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,
Google Search Quality Team

1.在网页查到恶意js代码

  1. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return
  2. ...

2.粗览下web根目录,没有找到可疑文件
在日志报告中也没找到可疑请求
用命令搜一下特征码,找出所有被感染的文件。

  1. grep -R 'eval' /opt/htdocs > /tmp/eval

3.过滤出可能含用木马的php文件

  1. cat /tmp/eval |grep '.php' > /tmp/evalphp

在evalphp中找到木马

  1. eval(gzinflate(base64_decode('ZJ1Hj4NsloX3/Uf6k1iQkzSaFjmaYEzctMg5Z379UOspqRZ2VWF4773nnAew6z//+z//marpX//Kj7j7p3zqoejiLf8ni
  2. ....

4.确认是dede文章的漏洞

5.把木马改名
在web日志中找访问时文件的请求,可以得攻击者ip,并可查看都做了什么操作
参照
http://blog.c1gstudio.com/archives/448
打上补丁,恢复被感染文件
dede程序真不告谱,给其加上ip限制。

]]> http://blog.c1gstudio.com/archives/931/feed