关注互联网、网页设计、Web开发、服务器运维优化、项目管理、网站运营、网站安全…
一开始以为是程序有漏洞,看了source\include\spacecp\spacecp_pm.php代码才知道有开关可以控制.
后台->站点功能->其它->
全站是否默认只接受好友短消息:
是 否
选择“是”将在个人短消息设置中,默认只接收好友的短消息
选择”是”
用户->用户组->(选择起始的几个用户组)->基本设置->允许发送短消息:
是否可以给任何人发短消息:
是 否
选择否的话,当对方设置为只接受好友短消息,将无法对其发送短消息
选择”否”
并可以相应结合24小时内发布短消息最大数,并设置发送短消息需消耗积分能设置.
Posted in Discuz/Uchome/Ucenter.
rev="post-1737" No comments
– 2014/11/21
haproxy机器
http://haproxy.1wt.deu
需翻墙
tar zxvf haproxy-1.4.25.tar.gz
cd haproxy-1.4.25
make TARGET=linux26
make install
mkdir -p /usr/local/haproxy/
chown nobody:nobody /usr/local/haproxy/
mkdir /etc/haproxy/
cp examples/haproxy.cfg /etc/haproxy/
cp examples/haproxy.init /etc/init.d/haproxy
chown root:root /etc/init.d/haproxy
chmod 700 /etc/init.d/haproxy
修改haproxy启动脚本
/usr/sbin/$BASENAME
改成
/usr/local/sbin/$BASENAME
sed -i -r ‘s|/usr/sbin|/usr/local/sbin|’ /etc/init.d/haproxy
编辑配置文件
vi /etc/haproxy/haproxy.cfg
global
#log 127.0.0.1 local0
log 127.0.0.1 local3 info
#log loghost local0 info
maxconn 4096
chroot /usr/local/haproxy
uid nobody
gid nobody
daemon
debug
#quiet
defaults
log global
mode tcp
#option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend mysql
bind 192.168.0.107:3306
maxconn 3000
default_backend mysql_slave
backend mysql_slave
#cookie SERVERID rewrite
mode tcp
balance roundrobin
#balance source
#balance leastconn
contimeout 10s
timeout check 2s
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
server mysql_192_168_0_104_3306 192.168.0.104:3306 weight 1 check port 9300 inter 5s rise 2 fall 3
server mysql_192_168_0_104_3307 192.168.0.104:3307 weight 1 check port 9301 inter 5s rise 2 fall 3
#server mysql_192_168_0_106_3306 192.168.0.106:3306 weight 1 check port 9300 inter 5s rise 2 fall 3
listen admin_status
mode http
bind 192.168.0.107:8000
option httplog
log global
stats enable
stats refresh 30s
stats hide-version
stats realm Haproxy\ Statistics
stats uri /admin-status
stats auth admin:123456
stats admin if TRUE
打开监控的iptables
iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 –dport 8000 -j ACCEPT
添加自启动并启动haproxy服务
chkconfig –add haproxy
chkconfig haproxy on
service haproxy start
被监控机上
我这里是单机双实例,所以有2个脚本,单机只需一个脚本和一个服务端口就行
编辑mysql检测3306脚本
vi /opt/shell/mysqlchk_status_3306.sh
#!/bin/bash
#
# /usr/local/bin/mysqlchk_status.sh
#
# This script checks if a mysql server is healthy running on localhost. It will
# return:
#
# “HTTP/1.x 200 OK\r” (if mysql is running smoothly)
#
# – OR –
#
# “HTTP/1.x 503 Internal Server Error\r” (else)
#
MYSQL_HOST=”localhost”
MYSQL_PORT=”3306″
MYSQL_USERNAME=”mysqlcheck”
MYSQL_PASSWORD=”paSSword”
MYSQL_PATH=”/opt/mysql/bin/”
#
# We perform a simple query that should return a few results
#${MYSQL_PATH}mysql -h${MYSQL_HOST} -P${MYSQL_PORT} -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show slave status\G;” >/tmp/rep${MYSQL_PORT}.txt
${MYSQL_PATH}mysql -h${MYSQL_HOST} -P${MYSQL_PORT} -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show full processlist;” >/tmp/processlist${MYSQL_PORT}.txt
${MYSQL_PATH}mysql -h${MYSQL_HOST} -P${MYSQL_PORT} -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show slave status\G;” >/tmp/rep${MYSQL_PORT}.txt
iostat=`grep “Slave_IO_Running” /tmp/rep${MYSQL_PORT}.txt |awk ‘{print $2}’`
sqlstat=`grep “Slave_SQL_Running” /tmp/rep${MYSQL_PORT}.txt |awk ‘{print $2}’`
result=$(cat /tmp/processlist${MYSQL_PORT}.txt|wc -l)
echo iostat:$iostat and sqlstat:$sqlstat
# if slave_IO_Running and Slave_sql_Running ok,then return 200 code
if [ “$result” -gt “3” ] && [ “$iostat” = “Yes” ] && [ “$sqlstat” = “Yes” ];
then
# mysql is fine, return http 200
/bin/echo -e “HTTP/1.1 200 OK\r\n”
else
# mysql is down, return http 503
/bin/echo -e “HTTP/1.1 503 Service Unavailable\r\n”
fi
vi /opt/shell/mysqlchk_status_3307.sh
#!/bin/bash
#
# /usr/local/bin/mysqlchk_status.sh
#
# This script checks if a mysql server is healthy running on localhost. It will
# return:
#
# “HTTP/1.x 200 OK\r” (if mysql is running smoothly)
#
# – OR –
#
# “HTTP/1.x 503 Internal Server Error\r” (else)
#
MYSQL_HOST=”localhost”
MYSQL_PORT=”3307″
MYSQL_USERNAME=”mysqlcheck”
MYSQL_PASSWORD=”paSSword”
MYSQL_PATH=”/opt/mysql/bin/”
#
# We perform a simple query that should return a few results
#${MYSQL_PATH}mysql -h${MYSQL_HOST} -P${MYSQL_PORT} -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show slave status\G;” >/tmp/rep${MYSQL_PORT}.txt
${MYSQL_PATH}mysql -S/data/mysql/mysql.sock -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show full processlist;” >/tmp/processlist${MYSQL_PORT}.txt
${MYSQL_PATH}mysql -S/data/mysql/mysql.sock -u${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e “show slave status\G;” >/tmp/rep${MYSQL_PORT}.txt
iostat=`grep “Slave_IO_Running” /tmp/rep${MYSQL_PORT}.txt |awk ‘{print $2}’`
sqlstat=`grep “Slave_SQL_Running” /tmp/rep${MYSQL_PORT}.txt |awk ‘{print $2}’`
result=$(cat /tmp/processlist${MYSQL_PORT}.txt|wc -l)
#echo iostat:$iostat and sqlstat:$sqlstat
echo $result
# if slave_IO_Running and Slave_sql_Running ok,then return 200 code
if [ “$result” -gt “3” ] && [ “$iostat” = “Yes” ] && [ “$sqlstat” = “Yes” ];
then
# mysql is fine, return http 200
/bin/echo -e “HTTP/1.1 200 OK\r\n”
else
# mysql is down, return http 503
/bin/echo -e “HTTP/1.1 503 Service Unavailable\r\n”
fi
chmod 775 /opt/shell/mysqlchk_status_3306.sh
chmod 775 /opt/shell/mysqlchk_status_3307.sh
在mysql slave另行建立一个具有process和slave_client权限的账号。
CREATE USER ‘mysqlcheck’@’localhost’ IDENTIFIED BY ‘PaSSword’;
GRANT PROCESS , REPLICATION CLIENT ON * . * TO ‘mysqlcheck’@’localhost’ IDENTIFIED BY ‘PaSSword’ WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
flush privileges;
测试脚本
./mysqlchk_status_3306.sh
添加服务
绑定内网ip,运行于930端口,只开放给192.168.0内网
yum install -y xinetd
vim /etc/xinetd.d/mysql_status
service mysqlchk_status3306
{
flags = REUSE
socket_type = stream
bind = 192.168.0.104
port = 9300
wait = no
user = nobody
server = /opt/shell/mysqlchk_status_3306.sh
log_type = FILE /dev/null
log_on_failure += USERID
disable = no
only_from = 192.168.0.0/24
}
service mysqlchk_status3307
{
flags = REUSE
socket_type = stream
bind = 192.168.0.104
port = 9301
wait = no
user = nobody
server = /opt/shell/mysqlchk_status_3307.sh
log_type = FILE /dev/null
log_on_failure += USERID
disable = no
only_from = 192.168.0.0/24
}
bind和only_from的ip地址要有haproxy能请求的权限,使用drbd用0.0.0.0
user要用server脚本的执行权限
port端口要在/etc/service 中声明
chattr -i /etc/services
vi /etc/services
mysqlchk_status3306 9300/tcp #haproxy mysql check
mysqlchk_status3307 9301/tcp #haproxy mysql check
services中的mysqlchk_status3306 要和xinetd.d中service名对应
打开iptables
iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 –dport 9300 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 –dport 9301 -j ACCEPT
/etc/init.d/iptables save
添加自启动及启动服务
chkconfig xinetd –level 345 on
/etc/init.d/xinetd start
查看是否运行
netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9300 0.0.0.0:* LISTEN 4863/xinetd
tcp 0 0 0.0.0.0:9301 0.0.0.0:* LISTEN 4863/xinetd
如果没有的话注意检测下bind地址及服务端口
在监控机运行测试
telnet 192.168.0.104 9300
Trying 192.168.0.104…
Connected to 192.168.0.104 (192.168.0.104).
Escape character is ‘^]’.
/opt/shell/mysqlchk_status_3306.sh: line 24: /tmp/processlist3306.txt: Permission denied
/opt/shell/mysqlchk_status_3306.sh: line 25: /tmp/rep3306.txt: Permission denied
HTTP/1.1 200 OK
Connection closed by foreign host.
之前用root运行过所以报错,在被监控机删除临时文件
rm -f /tmp/processlist3306.txt /tmp/processlist3307.txt
rm -f /tmp/rep3306.txt /tmp/rep3307.txt
没有输出则需检查mysqlchk_status_3306.sh脚本执行权限
启动后/var/log/messages 中会有很多日志
Oct 23 14:37:00 lova xinetd[11057]: START: mysqlchk_status3306 pid=11464 from=192.168.0.22
Oct 23 14:37:00 lova xinetd[11057]: EXIT: mysqlchk_status3306 status=0 pid=11464 duration=0(sec)
Oct 23 14:37:05 lova xinetd[11057]: START: mysqlchk_status3306 pid=11494 from=192.168.0.22
Oct 23 14:37:05 lova xinetd[11057]: EXIT: mysqlchk_status3306 status=0 pid=11494 duration=0(sec)
在haproxy配置中将日志输出到黑洞
log_type = FILE /dev/null
查看监控
直接访问localhost是503
http://localhost/
503 Service Unavailable
No server is available to handle this request.
加上admin-status
http://localhost/admin-status
应用时需在slave mysql上的mysql添加通过haproxy的用户权限
haproxy的命令
/etc/init.d/haproxy
Usage: haproxy {start|stop|restart|reload|condrestart|status|check}
附
优化time_wait,防止端口耗尽
vi /etc/sysctl.conf
net.ipv4.ip_local_port_range = 1025 65000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_tw_buckets = 35000
sysctl -p
使用nginx反向代理haprox后台
#省略
listen admin_status
mode http
bind 192.168.0.107:8000
option httplog
log global
stats enable
stats refresh 30s
stats hide-version
stats realm Haproxy\ Statistics
#stats uri /admin-status
stats uri /haproxy/
#stats auth admin:123456
#stats admin if TRUE
nginx.conf
#省略
location ~* ^/haproxy/
{
proxy_pass http://192.168.0.107:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
}
#省略
参考:
http://linux.die.net/man/5/xinetd.conf
http://adslroot.blogspot.com/2013/12/haproxy-mysql.html
Posted in haproxy/Atlas, 技术.
rev="post-1728" No comments
– 2014/11/07
同一机柜其它机器都在千兆模式但有几台却是百兆,调整速度后还自动降速到百兆.
最后让机房换了网线立马解决问题,数据库的进程排队也降低了
查看网卡信息,网卡支持千兆但工作在百兆.
ethtool eth2
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
调整到千兆
ethtool -s eth2 speed 1000 duplex full
tail /var/log/messages
Oct 23 10:17:22 C1g kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Oct 23 10:17:23 C1g kernel: e1000e: eth2 NIC Link is Down
Oct 23 10:17:33 C1g kernel: e1000e: eth2 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None
Oct 23 10:17:33 C1g kernel: 0000:03:00.1: eth2: 10/100 speed: disabling TSO
又变回到百兆
ethtool备注
ethtool ethX //查询ethX网口基本设置
ethtool –h //显示ethtool的命令帮助(help)
ethtool –i ethX //查询ethX网口的相关信息
ethtool –d ethX //查询ethX网口注册性信息
ethtool –r ethX //重置ethX网口到自适应模式
ethtool –S ethX //查询ethX网口收发包统计
ethtool –s ethX [speed 10|100|1000]\ //设置网口速率10/100/1000M
[duplex half|full]\ //设置网口半/全双工
[autoneg on|off]\ //设置网口是否自协商
Posted in linux 维护优化.
rev="post-1721" No comments
– 2014/10/23
禁止微软蜘蛛,爬的太疯狂了,还不带流量…
同时降低频率到60秒间隔.
在web根目录下编辑robots.txt
User-agent: Bingbot
Disallow: /
User-agent: Adidxbot
Disallow: /
User-agent: MSNBot
Disallow: /
User-agent: BingPreview
Disallow: /
User-agent: *
Disallow:
Crawl-delay: 60
Disallow: /api/
Disallow: /data/
参考:
http://www.bing.com/webmaster/help/which-crawlers-does-bing-use-8c184ec0
http://tool.chinaz.com/robots/
rev="post-1717" No comments
– 2014/10/23
MySQL可以为多个列创建索引。一个索引可以包括15个列。
CREATE TABLE test (
id INT NOT NULL,
cola CHAR(30) NOT NULL,
colb CHAR(30) NOT NULL,
PRIMARY KEY (id),
INDEX name (cola ,colb )
);
select * from tables where colb=’2014′;
select * from tables where cola=’c1g’ or colb=’2014′;
SELECT * from tbltables where keycola LIKE ‘%c1g%’;
select * from tables order by cola asc,colb desc;
select * from tables order by cola desc,colb asc;
以上是用不到索引的
select * from tables where cola=’c1g’
select * from tables where cola=’c1g’ and colb=’2014′;
select * from tables where cola=’c1g’ and colb>’2000′ and colb<'2015';
select * from tables where cola='c1g' and (colb='2000' and colb='2015');
SELECT * from tbltables where keycola LIKE 'c1g%';
select * from tables order by cola asc,colb asc;
select * from tables order by cola desc,colb desc;
以上是可以用到索引的.
用于排序的column的排序顺序必须一致。
Posted in Mysql.
rev="post-1714" No comments
– 2014/10/16
今天需DUMP个本地MYSQL db时遇到的奇怪问题,用mysql_multi起的多实例,连接到localhost时-P端口无效.
mysqldump和mysql一样无效
常规连接mysql数据库命令为,没问题
mysql -hlocalhost -uroot -p
连接本地其它端口老是跑到3306去,但是用其它机器加IP是可以连接.
mysql -hlocalhost -P3308 -uroot -p
暂时用socket连接解决问题,只导出结构.
mysqldump -s/tmp/mysql_3308.sock -uroot -p -d mydb > mydb createdb.sql
Posted in Mysql.
rev="post-1712" No comments
– 2014/10/15
近日曝出OpenSSH SFTP 远程溢出漏洞。OpenSSH服务器中如果OpenSSH服务器中没有配置”ChrootDirectory”,普通用户就可以访问所有文件系统的资源,包括 /proc,在>=2.6.x的Linux内核上,/proc/self/maps会显示你的内存布局,/proc/self/mem可以让你任意在当前进程上下文中读写,而综合两者特性则可以造成远程溢出。
目前受影响的版本是<=OpenSSH 6.6,安恒信息建议使用该系统的用户尽快升级到最新版本OpenSSH 6.7, OpenSSH 6.7包含了降低风险的方案:sftp-server使用prctl()来阻止直接访问/proc/self/{mem,maps}。Grsecurity/PaX直接禁止了/proc/pid/mem的可写,所以如果您的生产环境中部署了Grsecurity/PaX的话这个漏洞可以不用担心。 OpenSSH 6.7下载地址: ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz
参考信息:
http://seclists.org/fulldisclosure/2014/Oct/35
注:首先你需要有权限登录的用户才能干点事。
Posted in 安全通告.
rev="post-1710" No comments
– 2014/10/11
20140925曝出的来的漏洞,该漏洞对电脑用户构成的威胁可能比今年4月发现的“心脏流血”(Heartbleed)漏洞更大.
网络安全公司Rapid7工程部经理托德·贝尔德斯利(Tod Beardsley)警告称,Bash漏洞的严重级别为“10”,意味着它对用户电脑的威胁最大。Bash漏洞的利用复杂度级别为“低”,意味着黑客可以相对轻松地利用它发动攻击。
测试方法,执行下面命令
$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
出现上面文字侧需要打补丁了.
我试了下centos5.4 5.5 6.0等都有问题
GNU bash, version 3.2.25(1)-release-(x86_64-redhat-linux-gnu)
GNU bash, version 4.1.2(1)-release-(x86_64-unknown-linux-gnu)
补救
yum -y update bash
升级后再测
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
如上显示就已修复
参考:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Posted in 安全通告.
rev="post-1707" No comments
– 2014/09/25
系统插上PCI网卡每次重启后顺序可能都会不同,影响nagios检控准确度.
在CentOS6中,具体网卡的配置文件在/etc/udev/rules.d/70-persistent-net.rules
cat /etc/udev/rules.d/70-persistent-net.rules
# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:02″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″
# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:03″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″
# USB device 0x9710:0x7830 (usb) (custom name provided by external tool)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:60:6e:xx:xx:f6″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″
# PCI device 0x14e4:0x165a (tg3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:10:18:xx:xx:51″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth3″
# PCI device 0x8086:0x10c9 (igb)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a1″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth4″
# PCI device 0x8086:0x10c9 (igb)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a0″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth5″
删除(usb),(tg3)并调整bnx2及igb的名称,调整后如下
# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:02″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″
# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:03″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″
# PCI device 0x8086:0x10c9 (igb)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a1″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″
# PCI device 0x8086:0x10c9 (igb)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a0″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth3″
配置网卡文件
同时修改/etc/sysconfig/network-scripts/ifcfg-eth*网卡配置文件,修改设备名和MAC地址和udev对应.
同时注意ip地址和网关.
重启服务器
reboot
dmesg中看到intel的pci网卡先于内置网卡
e1000e: Intel(R) PRO/1000 Network Driver – 1.4.4-k
e1000e: Copyright(c) 1999 – 2011 Intel Corporation.
e1000e 0000:03:00.0: Disabling ASPM L1
GSI 25 sharing vector 0x52 and IRQ 25
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 38 (level, low) -> IRQ 82
PCI: Setting latency timer of device 0000:03:00.0 to 64
EDAC MC: Ver: 2.0.1 Feb 21 2012
e1000e 0000:03:00.0: eth0: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c4
e1000e 0000:03:00.0: eth0: Intel(R) PRO/1000 Network Connection
e1000e 0000:03:00.0: eth0: MAC: 0, PHY: 4, PBA No: D28207-005
e1000e 0000:03:00.1: Disabling ASPM L1
GSI 26 sharing vector 0x62 and IRQ 26
ACPI: PCI Interrupt 0000:03:00.1[B] -> GSI 45 (level, low) -> IRQ 98
PCI: Setting latency timer of device 0000:03:00.1 to 64
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 0:0:1:0: Attached scsi generic sg1 type 0
scsi 3:0:0:0: Attached scsi generic sg2 type 5
e1000e 0000:03:00.1: eth1: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c5
e1000e 0000:03:00.1: eth1: Intel(R) PRO/1000 Network Connection
e1000e 0000:03:00.1: eth1: MAC: 0, PHY: 4, PBA No: D28207-005
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
GSI 27 sharing vector 0x72 and IRQ 27
ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 36 (level, low) -> IRQ 114
PCI: Setting latency timer of device 0000:01:00.0 to 64
eth2: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da000000, IRQ 114, node addr 0024e86cd577
GSI 28 sharing vector 0x7A and IRQ 28
ACPI: PCI Interrupt 0000:01:00.1[B] -> GSI 48 (level, low) -> IRQ 122
PCI: Setting latency timer of device 0000:01:00.1 to 64
eth3: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem dc000000, IRQ 122, node addr 0024e86cd578
sr0: scsi3-mmc drive: 24x/24x cd/rw xa/form2 cdda tray
cat /etc/udev/rules.d/60-net.rules
ACTION==”add”, SUBSYSTEM==”net”, IMPORT{program}=”/lib/udev/rename_device”
SUBSYSTEM==”net”, RUN+=”/etc/sysconfig/network-scripts/net.hotplug”
查看driver和bus-info
ethtool -i eth0
driver: bnx2
version: 2.1.11
firmware-version: bc 4.6.4 NCSI 1.0.6
bus-info: 0000:01:00.0
ethtool -i eth1
driver: bnx2
version: 2.1.11
firmware-version: bc 4.6.4 NCSI 1.0.6
bus-info: 0000:01:00.1
ethtool -i eth2
driver: e1000e
version: 1.4.4-k
firmware-version: 5.11-2
bus-info: 0000:03:00.0
ethtool -i eth3
driver: e1000e
version: 1.4.4-k
firmware-version: 5.11-2
bus-info: 0000:03:00.1
编辑顺序
DRIVER指driver: e1000e
ID是指bus-info:PCI ID
vi /etc/udev/rules.d/60-net.rules
DRIVER==”bnx2″,ID==”0000:01:00.0″,NAME=”eth0″
DRIVER==”bnx2″,ID==”0000:01:00.1″,NAME=”eth1″
DRIVER==”e1000e”,ID==”0000:03:00.0″,NAME=”eth2″
DRIVER==”e1000e”,ID==”0000:03:00.1″,NAME=”eth3″
重启
reboot
input: PC Speaker as /class/input/input0
bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011)
GSI 25 sharing vector 0x52 and IRQ 25
ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 36 (level, low) -> IRQ 82
PCI: Setting latency timer of device 0000:01:00.0 to 64
eth0: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da000000, IRQ 82, node addr 0024e86cd577
GSI 26 sharing vector 0x5A and IRQ 26
ACPI: PCI Interrupt 0000:01:00.1[B] -> GSI 48 (level, low) -> IRQ 90
PCI: Setting latency timer of device 0000:01:00.1 to 64
eth1: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem dc000000, IRQ 90, node addr 0024e86cd578
EDAC MC: Ver: 2.0.1 Feb 21 2012
e1000e: Intel(R) PRO/1000 Network Driver – 1.4.4-k
e1000e: Copyright(c) 1999 – 2011 Intel Corporation.
e1000e 0000:03:00.0: Disabling ASPM L1
GSI 27 sharing vector 0x62 and IRQ 27
ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 38 (level, low) -> IRQ 98
PCI: Setting latency timer of device 0000:03:00.0 to 64
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 0:0:1:0: Attached scsi generic sg1 type 0
scsi 3:0:0:0: Attached scsi generic sg2 type 5
e1000e 0000:03:00.0: eth2: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c4
e1000e 0000:03:00.0: eth2: Intel(R) PRO/1000 Network Connection
e1000e 0000:03:00.0: eth2: MAC: 0, PHY: 4, PBA No: D28207-005
e1000e 0000:03:00.1: Disabling ASPM L1
GSI 28 sharing vector 0x72 and IRQ 28
ACPI: PCI Interrupt 0000:03:00.1[B] -> GSI 45 (level, low) -> IRQ 114
PCI: Setting latency timer of device 0000:03:00.1 to 64
e1000e 0000:03:00.1: eth3: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c5
e1000e 0000:03:00.1: eth3: Intel(R) PRO/1000 Network Connection
e1000e 0000:03:00.1: eth3: MAC: 0, PHY: 4, PBA No: D28207-005
sr0: scsi3-mmc drive: 24x/24x cd/rw xa/form2 cdda tray
nagios的check_traffic.sh脚本查看顺序
./check_traffic.sh -V 2c -C privatepass -H localhost -L
List Interface for host localhost.
Interface index 1 orresponding to lo
Interface index 2 orresponding to eth0
Interface index 3 orresponding to eth1
Interface index 4 orresponding to eth2
Interface index 5 orresponding to eth3
Posted in linux 维护优化.
rev="post-1703" No comments
– 2014/09/24
安装redis支持
perl -MCPAN -e shell
cpan>install Redis
下载check_redis.pl
http://exchange.nagios.org/directory/Plugins/Databases/check_redis-2Epl/details
https://github.com/willixix/WL-NagiosPlugins
测试
./check_redis.pl -H 192.168.0.130 -p 6379 -a ‘connected_clients,blocked_clients’ -w ~,~ -c ~,~ -f
OK: REDIS 2.6.12 on 192.168.0.130:6379 has 1 databases (db0) with 49801 keys, up 3 days 14 hours – connected_clients is 1, blocked_clients is 0 | connected_clients=1 blocked_clients=0
commands.cfg添加
define command {
command_name check_redis
command_line $USER1$/check_redis.pl -H $HOSTADDRESS$ -p $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -f
}
加入主机监控
define service{
use local-service ; Name of service template to use
host_name c1gredis
service_description redis
check_command check_redis!6379!’connected_clients,blocked_clients’!~,~!~,~
notifications_enabled 0
}
重新载入配置。
/etc/init.d/nagios reload
参考:
http://exchange.nagios.org/directory/Plugins/Databases/check_redis-2Epl/details
http://www.ttlsa.com/nagios/nagios-redis-monitor/
http://bbs.linuxtone.org/thread-6241-1-1.html
Posted in Nagios.
rev="post-1700" No comments
– 2014/09/22
关注互联网、网页设计、Web开发、服务器运维优化、项目管理、网站运营、网站安全…
近期评论