关注互联网、网页设计、Web开发、服务器运维优化、项目管理、网站运营、网站安全…
编写连接数巨大的高负载服务器程序时,经典的多线程模式和select模式都不再适用。
应当抛弃它们,采用epoll/kqueue/dev_poll来捕获I/O事件。
C10K问题 由来
网络服务在处理数以万计的客户端连接时,往往出现效率低下甚至完全瘫痪,这被称为
C10K问题。随着互联网的迅速发展,越来越多的网络服务开始面临C10K问题,作为大型
网站的开发人员有必要对C10K问题有一定的了解。
C10K问题的最大特点是:设计不够良好的程序,其性能和连接数及机器性能的关系往往
是非线性的。举个例子:如果没有考虑过C10K问题,一个经典的基于select的程序能在
旧服务器上很好处理1000并发的吞吐量,它在2倍性能新服务器上往往处理不了并发
2000的吞吐量。
这是因为在策略不当时,大量操作的消耗和当前连接数n成线性相关。会导致单个任务
的资源消耗和当前连接数的关系会是O(n)。而服务程序需要同时对数以万计的socket进
行I/O处理,积累下来的资源消耗会相当可观,这显然会导致系统吞吐量不能和机器性
能匹配。为解决这个问题,必须改变对连接提供服务的策略。
rev="post-648" No comments
– 2009/05/26
版权声明:可以任意转载,但转载时必须标明原作者charlee、原始链接http://tech.idv2.com/2007/02/10/trac-intro/以及本声明。
Trac,一个基于Web的bug管理系统。
Trac拥有强大的bug管理功能,并集成了Wiki用于文档管理。它还支持代码管理工具Subversion,这样可以在 bug管理和Wiki中方便地参考程序源代码。
bug管理
在Trac中,项目中出现的问题称为ticket。像bug、功能改进、 TODO等都可以写成一个ticket。
Subversion集成
通过Subversion集成,开发者可在Trac中以Web方式浏览代码库中各个版本的代码和代码的修改历史,并可方便地比较各个版本间的差别。
Wiki
支持常用的Wiki语法。同时增加了许多bug管理的专用标记,可以方便地创建到ticket、代码行甚至修改历史的链接。
Trac使用Python写成,后台使用SQLite或PostgreSQL数据库,因此构筑一个完整的Trac系统需要安装以下软件:
Posted in 项目管理.
rev="post-645" No comments
– 2009/05/26
最近上海移动机房在做调整(调到现在还没搞完…都换了几次IP了),导致nagios服务器不能连通应用服务器。
然后nagios每半小时就给我发短信囧,受不了了
1.hostescalation定义格式;蓝色为可选项
| define hostescalation{ | ||
| host_name | host_name | |
| hostgroup_name | hostgroup_name | |
| contacts | contacts | |
| contact_groups | contactgroup_name | |
| first_notification | # | |
| last_notification | # | |
| notification_interval | # | |
| escalation_period | timeperiod_name | |
| escalation_options | [d,u,r] | |
| } | ||
2.定义hostescalation将报警频率延长
vi /usr/local/nagios/etc/objects/lavida.cfg
define host{
use linux-server,host-pnp
host_name lavida
alias apply
address 192.168.1.2
check_command check-host-alive
max_check_attempts 5
check_period 24×7
contact_groups admins
notification_interval 60 #正常报警频率改成60分钟
notification_period 24×7
notification_options d,u,r
}
#第三次到第五次报警频率为120分钟
define hostescalation{
host_name lavida
first_notification 3
last_notification 5
notification_interval 120
contact_groups admins
}
#第6次以后为240分钟一次
define hostescalation{
host_name lavida
first_notification 6 #第六次
last_notification 0 #不限次数
notification_interval 240 #4小时,也可以改小成10分钟等
contact_groups admins #可以增加组如:admins,managers
}
3.检查nagios配置
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
4.重启nagios
service nagios reload
针对service的定义方法
define serviceescalation{
host_name lavida
service_description Root Partition
first_notification 6
last_notification 0
notification_interval 240
contact_groups admins
}
参考:
http://nagios.sourceforge.net/docs/3_0/objectdefinitions.html#hostescalation
http://nagios.sourceforge.net/docs/3_0/escalations.html
rev="post-640" No comments
– 2009/05/25
转自linuxtone.org 哈密瓜
http://bbs.linuxtone.org/thread-2776-1-1.html
有时候nginx,apache,mysql,php编译完了想看看编译参数可以用以下方法
nginx编译参数:
#/usr/local/nginx/sbin/nginx -V
nginx version: nginx/0.6.32
built by gcc 4.1.2 20071124 (Red Hat 4.1.2-42)
configure arguments: –user=www –group=www –prefix=/usr/local/nginx/ –with-http_stub_status_module –with-openssl=/usr/local/openssl
apache编译参数:
# cat /usr/local/apache2/build/config.nice
#! /bin/sh
#
# Created by configure
“./configure” \
“–prefix=/usr/local/apache2” \
“–with-included-apr” \
“–enable-so” \
“–enable-deflate=shared” \
“–enable-expires=shared” \
“–enable-rewrite=shared” \
“–enable-static-support” \
“–disable-userdir” \
“$@”
php编译参数:
# /usr/local/php/bin/php -i |grep configure
Configure Command => ‘./configure’ ‘–prefix=/usr/local/php’ ‘–with-apxs2=/usr/local/apache2/bin/apxs’ ‘–with-config-file-path=/usr/local/php/etc’ ‘–with-mysql=/usr/local/mysql’ ‘–with-libxml-dir=/usr/local/libxml2/bin’ ‘–with-gd=/usr/local/gd2’ ‘–with-jpeg-dir’ ‘–with-png-dir’ ‘–with-bz2’ ‘–with-xmlrpc’ ‘–with-freetype-dir’ ‘–with-zlib-dir’
mysql编译参数:
# cat /usr/local/mysql/bin/mysqlbug|grep configure
# This is set by configure
CONFIGURE_LINE=”./configure ‘–prefix=/usr/local/mysql’ ‘–localstatedir=/var/lib/mysql’ ‘–with-comment=Source’ ‘–with-server-suffix=-Linuxtone’ ‘–with-mysqld-user=mysql’ ‘–without-debug’ ‘–with-big-tables’ ‘–with-charset=gbk’ ‘–with-collation=gbk_chinese_ci’ ‘–with-extra-charsets=all’ ‘–with-pthread’ ‘–enable-static’ ‘–enable-thread-safe-client’ ‘–with-client-ldflags=-all-static’ ‘–with-mysqld-ldflags=-all-static’ ‘–enable-assembler’ ‘–without-isam’ ‘–without-innodb’ ‘–without-ndb-debug'”
我补充下mysql_config也可以获得编译参数
Posted in Apache, Mysql, Nginx, PHP, 技术.
rev="post-631" No comments
– 2009/05/21
在phpmyadmin的状态页经常会看到”尝试失败”次数
但没有相关的日志可供查看,这里通过修改mysql参数来记录下”尝试失败”的操作。
1.修改my.conf
#默认为1,设为大于1时会记录’Access denied ‘
log-warnings =2
log = /opt/mysql/var/query_log.log
2.restart mysql 注意不是reload
/opt/mysql/bin/mysql.servier restart
3.测试非法用户访问
/opt/mysql/bin/mysql -u abc
/opt/mysql/bin/mysql -u test
4.查看日志
tail /opt/mysql/var/query_log.log
或者
cat /opt/mysql/var/query_log.log|grep ‘Access denied’
Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock
Time Id Command Argument
090521 11:44:26 1 Connect Access denied for user ‘abc’@’localhost’ (using password: NO)
090521 11:44:51 2 Connect Access denied for user ‘test’@’localhost’ (using password: NO)
结论:
使用telnet 192.168.1.92 3306 或ie 访问192.168.1.92:3306 将不会记录在日志中;
但在phpmyadmin中看到尝试失败次数是统计在内的;
开启query_log会将所有的查询都存起来,所以慎用;
从5.1.6开始通–log-output 参数可以将query_log输出到table;
这一牛人通过改代码让query_log只输出“access denied”
http://dev.mysql.com/tech-resources/articles/advanced-bazaar.html
rev="post-624" No comments
– 2009/05/21
1.The error log
错误日志
执行/opt/mysql/bin/mysql.server restart 命令后的日志片段
cat /opt/mysql/var/localdev.c1gstudio.com.err
090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: Normal shutdown
090521 11:44:20 [Note] Event Scheduler: Purging the queue. 0 events
090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: Shutdown complete
090521 11:44:20 mysqld_safe mysqld from pid file /opt/mysql/var/localdev.c1gstudio.com.pid ended
090521 11:44:20 mysqld_safe Starting mysqld daemon with databases from /opt/mysql/var
090521 11:44:20 [Note] Plugin ‘InnoDB’ disabled by command line option
090521 11:44:20 [Note] Event Scheduler: Loaded 0 events
090521 11:44:20 [Note] /opt/mysql/libexec/mysqld: ready for connections.
Version: ‘5.1.26-rc-log’ socket: ‘/opt/mysql/mysql.sock’ port: 3306 Source distribution
2.The general query log
查询日志
如何开启?
修改my.conf
log = /opt/mysql/var/query_log.log
#log-warnings=2 默认1,大于1时记录“access denied”连接
然后重启mysql
/opt/mysql/bin/mysql.server restart
浏览phpmyadmin系统变量页面时的日志片段
cat /opt/mysql/var/query_log.log
/opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock
Time Id Command Argument
090521 11:38:22 1 Connect root@localhost on
1 Query SELECT VERSION()
1 Query SET NAMES utf8
1 Query SET collation_connection = ‘utf8_unicode_ci’
1 Query SET NAMES utf8
1 Query SET collation_connection = ‘utf8_unicode_ci’
1 Query SHOW SESSION VARIABLES LIKE ‘collation_connection’
1 Query SHOW SESSION VARIABLES LIKE ‘character_set_connection’
1 Query SHOW CHARACTER SET
1 Query SHOW COLLATION
1 Query SHOW DATABASES
1 Query SHOW VARIABLES LIKE ‘profiling’
1 Query SELECT COUNT(*) FROM mysql.user
1 Query SELECT COUNT(*) FROM mysql.user
1 Init DB mysql
1 Query SHOW MASTER LOGS
1 Query SHOW GLOBAL STATUS
1 Query SHOW GLOBAL VARIABLES
1 Query SELECT UNIX_TIMESTAMP() – 5
1 Quit
090521 11:38:29 2 Connect root@localhost on
2 Query SELECT VERSION()
3.The binary log
二进制日志
恢复时可用以下命令
mysqlbinlog mysql-bin.000007 mysql-bin.000008 | mysql
4.The Slow Query Log
慢查询日志
如何开启?
编辑my.conf
long_query_time = 8 #单位秒
log-slow-queries = /opt/mysql/var/slow.log
#log-queries-not-using-indexes 未使用索引
然后重启mysql
/opt/mysql/bin/mysql.server restart
cat /opt/mysql/var/slow.log
/opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock
Time Id Command Argument
/opt/mysql/libexec/mysqld, Version: 5.1.26-rc-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /opt/mysql/mysql.sock
Time Id Command Argument
# Time: 090505 10:22:46
# User@Host: c1g[c1g] @ localhost []
# Query_time: 9.016973 Lock_time: 0.000332 Rows_sent: 500 Rows_examined: 1107538
use db4;
SET timestamp=1241490166;
SELECT distinct(c.id) FROM db4_member_p_config c,db4_member_p_f_forjobs j,db4_member_p_global g WHERE c.id = j.id AND c.uid = g.uid AND c.property = ‘1’ AND c.percent >= ’60’ AND g.education >= ‘5’ AND g.lProvince = ’25’ AND g.graduateSchool1 = ’25’ ORDER BY c.lastupdate DESC LIMIT 500;
参考
http://dev.mysql.com/doc/refman/5.1/en/server-logs.html
rev="post-618" No comments
– 2009/05/21
ibm appscan
AppScan 是一个面向 Web 应用安全检测的自动化工具,使用它可以自动化检测 Web 应用的安全漏洞,比如跨站点脚本攻击(Cross Site Scripting Flaws)、注入式攻击(Injection Flaws)、失效的访问控制(Broken Access Control)、缓存溢出问题(Buffer Overflows)等等。这些安全漏洞大多包括在 OWASP(Open Web Application Security Project,开放式 Web 应用程序安全项目)所公布的 Web 应用安全漏洞中
IBM站点可以免费注册,然后下载相应的版本即可.
商业版大约100万台币,没错是一百万台币,折和人民币20W左右
这里说大概近50W左右
http://www.softwarelist.cn/?fsid=56&id=5302&cpath=ABAI
IBM Rational AppScan Enterprise Edition 7.7.654安装程序、破解文件及注册机可升级(已测试)分七个部分,请分别下载然后放到同一文件夹中解压
http://download.csdn.net/source/840431
http://download.csdn.net/source/840498
http://download.csdn.net/source/840544
http://download.csdn.net/source/840569
http://download.csdn.net/source/840606
http://download.csdn.net/source/840643
http://download.csdn.net/source/840657
Hp Webinspect
HP Application Security Center软件产品能全面分析现在构建于新一代Web 2.0技术之上的复杂web应用。HP Application Security Center软件应用范围广泛,具有快速扫描功能且能提供准确的Web应用扫描结果。
HP的工具出现误报的几率相对较大
商业版好像也要一百万,不知道啥币种
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200%5e9570_4000_100__
Acunetix Web Vulnerability
通过网络爬虫测试你的网站安全,检测流行的攻击 ,如交叉站点脚本,sql 注入等。在被黑客攻击前扫描购物车,表格、安全区域和其他Web应用程序。
短小精干,同时速度也快,适合入门级的朋友
商业版一万四左右
http://www.lengmo.net/post/1332/
N-Stalker
N-Stalker Web Application Security Scanner是N-Stalker公司研发的一个顶级的安全评估工具。通过与知名的N-Stealth HTTP Security Scanner及其35,000个web攻击签名数据库合并,以及正在申请专利的web应用程序安全评估技术组件,N-Stalker能为你的web应用程序彻底消除大量普遍的安全隐患,包括跨站点的脚本和SQL injection,缓冲溢出,篡改参数攻击等等。
商业版一万四左右
http://www.3ddown.com/soft/32913.htm
google ratproxy
google 审计 XSS 的开源工具
http://code.google.com/p/ratproxy/
Ratproxy 工作流程:
1) 运行脚本后,会在本地启动一个代理服务器,默认端口是 8080 ;
2) 浏览器设置这个地址 (http://localhost:8080)为 代理地址 ;
3) 浏览要测试的 Web 页面,进行实际登录,填写表单等操作(这些动作会被代理服务器捕捉并做点”手脚”发给待检测的页面),ratproxy 会在后台记录相关的 Log ;
4) 用 ratproxy 提供的工具解析 Log 并输出 HTML 进行分析;
5) 修正比较严重的问题后,跳回到第一步,直到评估通过为止。
rev="post-614" 2 comments
– 2009/05/20
不要通过Internet传送明文(未加密的)数据。该信息可以被有足够时间和能力来截取它并用于个人目的的任何人访问。相反,应使用加密协议,例如SSL或SSH。MySQL支持内部SSL连接,例如版本 4.0.0。可以使用SSH端口映射为通信创建加密(并压缩)的隧道。
· 学会使用tcpdump和strings工具。在大多数情况下,你可以使用下面的命令检查是否MySQL数据流未加密:
· shell> tcpdump -l -i eth0 -w – src or dst port 3306 | strings
(该命令在Linux中可以工作,在其它系统中经过小小的修改后应可以工作)。 警告:如果你没有看见明文数据,并不一定说明信息实际上被加密了。如果你需要较高级别的安全,你应咨询安全专家。
Posted in Linux 命令, Mysql, 安全, 技术.
rev="post-612" No comments
– 2009/05/19
nagios_plugin安装时正确关联mysql后会在libexec下产生check_mysql文件
/usr/local/nagios/libexec/check_mysql -h
check_mysql v2034 (nagios-plugins 1.4.13)
Copyright (c) 1999-2007 Nagios Plugin Development Team
This program tests connections to a mysql server
Usage: check_mysql [-d database] [-H host] [-P port] [-s socket]
[-u user] [-p password] [-S]
Options:
-h, –help
Print detailed help screen
-V, –version
Print version information
-H, –hostname=ADDRESS
Host name, IP Address, or unix socket (must be an absolute path)
-P, –port=INTEGER
Port number (default: 3306)
-s, –socket=STRING
Use the specified socket (has no effect if -H is used)
-d, –database=STRING
Check database with indicated name
-u, –username=STRING
Connect using the indicated username
-p, –password=STRING
Use the indicated password to authenticate the connection
==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!! <==
Your clear-text password could be visible as a process table entry
-S, --check-slave
Check if the slave thread is running properly.
-w, --warning
Exit with WARNING status if slave server is more than INTEGER seconds
behind master
-c, --critical
Exit with CRITICAL status if slave server is more then INTEGER seconds
behind master
There are no required arguments. By default, the local database is checked
using the default unix socket. You can force TCP on localhost by using an
IP address or FQDN ('localhost' will use the socket as well).
Send email to [email protected] if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to [email protected]
创建nagdb空数据库和naguser用户
create database nagemptydb;
GRANT select ON nagemptydb.* TO naguser@localhost identified by ‘password123’;
FLUSH PRIVILEGES ;
测试check_mysql
sudo -u nagios /usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p password123
Uptime: 45850 Threads: 1 Questions: 493233 Slow queries: 0 Opens: 159 Flush tables: 1 Open tables: 153 Queries per second avg: 10.757
修改被子监控机nrpe.cfg增加监控命令
vi /usr/local/nagios/etc/nrpe.cfg
command[check_mysql_status]=/usr/local/nagios/libexec/check_mysql -H localhost -u naguser -d nagemptydb -p ‘password123’
重启被监控机nrpe
ps aux |grep nrpe
kill $pid
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
监控机polo.cfg增加
vi /etc/local/nagios/etc/objects/polo.cfg
define service{
use local-service ; Name of service template to use
host_name polo
service_description mysql_status
check_command check_nrpe!check_mysql_status
notifications_enabled 0
}
重载入监控机nagios
service nagios reload
访问http://localhost/nagios的service detail
mysql_status
Notifications for this service have been disabled
PENDING N/A 0d 0h 0m 35s+ 1/4 Service check scheduled for Tue May 19 15:01:30 CST 2009
等一会
mysql_status
Notifications for this service have been disabled
OK 05-19-2009 15:01:30 0d 0h 1m 5s 1/4 Uptime: 46758 Threads: 1 Questions: 513579 Slow queries: 0 Opens: 160 Flush tables: 1 Open tables: 154 Queries per second avg: 10.983
rev="post-602" 3 comments
– 2009/05/19
今天服务器上/tmp下的php上传目录upload又没了,不是第一次了,郁闷的很
google下后找到原因,原来是tmpwath干的好事。
cat /etc/cron.daily/tmpwatch
tmpwatch 文件内容
/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix 240 /tmp
/usr/sbin/tmpwatch 720 /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
if [ -d “$d” ]; then
/usr/sbin/tmpwatch -f 720 $d
fi
done
系统每天会用tmpwatch命令检查并删除 /tmp 下超过240小时未访问过的文件和目录
tmpwatch简介
功能说明:删除暂存文件。
语 法:tmpwatch [-afqv][–test][超期时间][目录…]
补充说明:执行tmpwatch指令可删除不必要的暂存文件,您可以设置文件超期时间,单位以小时计算。
参 数:
-a或–all 删除任何类型的文件。
-f或–force 强制删除文件或目录,其效果类似rm指令的”-f”参数。
-q或–quiet 不显示指令执行过程。
-v或–verbose 详细显示指令执行过程。
-test 仅作测试,并不真的删除文件或目录。
php.ini中设置
#临时文件的上传目录
upload_tmp_dir = “/tmp/upload”
#session 分采用分级目录
session.save_path = “1;/tmp/session”
; 4 bits: 0-9, a-f
; 5 bits: 0-9, a-v
; 6 bits: 0-9, a-z, A-Z, “-“, “,”
session.hash_bits_per_character = 4
解决方法
-x 可以排除删除某些目录
-d 可以不删除空目录
/usr/sbin/tmpwatch -x /tmp/.X11-unix -x /tmp/.XIM-unix -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix -x /tmp/session -x /tmp/upload 240 /tmp
/usr/sbin/tmpwatch 720 /var/tmp
for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do
if [ -d “$d” ]; then
/usr/sbin/tmpwatch -f 720 $d
fi
done
参考:
http://haka.sharera.com/blog/BlogTopic/21687.htm
http://linux.chinaunix.net/bbs/archiver/?tid-979112.html
rev="post-600" 3 comments
– 2009/05/15
关注互联网、网页设计、Web开发、服务器运维优化、项目管理、网站运营、网站安全…
近期评论