Skip to content

查看Linux系统版本

这个命令适用于所有的linux,包括Redhat、SuSE、Debian等发行版

lsb_release -a

LSB Version: 1.3 Distributor ID: RedHatEnterpriseAS Description: Red Hat Enterprise Linux AS release 4 (Nahant) Release: 4 Codename: Nahant

cat /etc/redhat-release

Red Hat Enterprise Linux AS release 4 (Nahant)

rpm -q redhat-release

redhat-release-4AS-2

cat /proc/version

Linux version 2.6.9-5.EL ([email protected]) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 Wed Jan 5 19:22:18 EST 2005

cat /etc/issue

Red Hat Enterprise Linux AS release 4 (Nahant) Kernel \r on an \m

Posted in Linux 命令, 技术.

Tagged with , .

rev="post-574" No comments

By C1G 2009/05/11

Nagios NRPE监控远程主机

参考:http://space.itpub.net/228190/viewspace-578408

示意图:

http://www.nagios.org/images/addons/nrpe/nrpe.png

监控机安装NRPE

wget http://nchc.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz tar zxvf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure –prefix=/usr/local/nagios make all make install-plugin #监控机只需安装到这步

被监控机添加用户

groupadd nagios useradd -g nagios -d /usr/local/nagios -s /sbin/nologin nagios

被监控机安装plugin

wget http://nchc.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.13.tar.gz tar zxf nagios-plugins-1.4.13.tar.gz cd nagios-plugins-1.4.13 ./configure –with-nagios-user=nagios –with-nagios-group=nagios –prefix=/usr/local/nagios –with-ping-command=”/bin/ping” –with-mysql=/opt/mysql make make install #查看播件文件是否已安装在这个目录 ls /usr/local/nagios/libexec

被监控机安装NRPE

wget http://nchc.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz tar zxvf nrpe-2.12.tar.gz cd nrpe-2.12 ./configure –prefix=/usr/local/nagios make all make install-plugin make install-daemon make install-daemon-config chown -R nagios:nagios /usr/local/nagios

配置 NRPE:

vi /usr/local/nagios/etc/nrpe.cfg allowed_hosts=127.0.0.1,192.168.1.91 #Nagios监控机的地址或域名

修改/etc/hosts.allow增加监控机ip

echo ‘nrpe:192.168.1.91’ >> /etc/hosts.allow

启动 NRPE 守护进程:

/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

可以将此命令加入 /etc/rc.local ,以便开机自动启动。

echo “/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d” >> /etc/rc.local

检查 NRPE 是否正常: 在被监控机上

/usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

查看相应的端口:netstat -an |grep 5666 防火墙开启5666 允许局域网IP或固定IP连接

在监控主机上

/usr/local/nagios/libexec/check_nrpe -H $目标主机地址

都应该可以输出 NRPE 的版本: NRPE v2.12

检查可监控的服务 在被监控端的 nrpe.cfg 文件中,可以看到这样的配置: command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20 这是用来检查 CPU 负载的。

如果需要自定参数则使用下面命令 command[check_load]=/usr/local/nagios/libexec/check_load -w $ARG1$ -c $ARG2$ 并开启dont_blame_nrpe =1 开启参数将会带来一定的安全风险

被监控机重启nrpe

ps aux|grep nrpe kill $pid /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

监控机设置 在监控机commands.cfg 添加nrpe的定义

# ‘check_nrpe ‘ command definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ }

增加hostA.cfg 在/usr/local/nagios/etc/objects/ 目录下新建文件:hostA.cfg 把A.cfg添加到nagios主机: echo “cfg_file=/usr/local/nagios/etc/objects/hostA.cfg” >> /usr/local/nagios/etc/nagios.cfg 如果要再添加B机器方法炮制就可以了

hostA.cfg

define host{ use generic-server host_name A alias A address A 的IP } define service{ use generic-service host_name A service_description load check_command check_nrpe!check_load #使用自定参数 #check_command check_nrpe!check_load!6.0,5.0,4.0!15.0,8.0,6.0 }

重启监控机nagios

service nagios reload

访问http://localhost/nagios就可以看到新增的机器了

如何修改nrpe端口 被监控机nrpe.cfg修改server_port为15666 /usr/local/nagios/libexec/check_nrpe -p 15666 -H 127.0.0.1

server_port=15666

重启nrpe

监控机commands.cfg增加-p 15666

define command{ command_name check_nrpe command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 15666 -c $ARG1$ }

重启nagios就可以了

Connection refused or timed out 检查nrpe 端口 检查nrpe.cfg中allowed_hosts是否包含监控机ip地址 检查/etc/hosts.allow文件中监控机ip地址nrpe:192.168.1.91 检查iptables

开放5666端口

iptables -L iptables -A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 5666 -j ACCEPT #注意顺序 iptables -L service iptables save service iptables restart

NRPE: Unable to read output 1.检查客户端nrpe的权限是否可读,可被nagios执行。 2.检查nrpe.cfg里面commands命令路径是否正确。

CHECK_NRPE: Error – Could not complete SSL handshake. 1.查看防火墙 2.nrpe.cfg中授权ip 3./etc/hosts.allow中授权ip

Posted in Nagios, 技术.

Tagged with , .

rev="post-559" 3 comments

By C1G 2009/05/07

Nagios 使用sendEmail 发送邮件

http://yahoon.blog.51cto.com/13184/49722

wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.55.tar.gz tar –zxvf sendEmail-v1.55.tar.gz cd sendEmail-v1.55 cp sendEmail /usr/local/bin chmod 0755 /usr/local/bin/sendEmail /usr/local/bin/sendEmail –f [email protected]–t [email protected] –s mail.test.com –u “from nagios” –xu nagios –xp 123456–m nagios test

解释: -f 表示发送者的邮箱 -t 表示接收者的邮箱 -s 表示SMTP服务器的域名或者ip -u 表示邮件的主题 -xu 表示SMTP验证的用户名 -xp 表示SMTP验证的密码(注意,这个密码貌似有限制,例如我用d!5neyland就不能被正确识别) -m 表示邮件的内容

修改commands.cfg

# ‘notify-by-email’ command definition define command{ command_name notify-by-email command_line /usr/bin/printf “%b” “***** Nagios 2.9 *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$” | /usr/local/bin/sendEmail -f [email protected] -t $CONTACTEMAIL$ -s mail.test.com -u “** $NOTIFICATIONTYPE$ alert – $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **” -xu nagios -xp 123456 }

Posted in Nagios, 技术.

Tagged with , .

rev="post-555" 1 comment

By C1G 2009/05/05

nagios 3.X 安装 pnp 增加绘图功能

参考: http://www.pnp4nagios.org/pnp/start http://www.pnp4nagios.org/pnp/install

Required Software Perl >= 5.x without additional modules RRDtool >= 1.x, better 1.2 but not compulsory Attention: installing RRDtool without a packet manager might lead to missing dejavu fonts. If you see graphs without text then this may be the cause. PHP >= 4.3.8 for Webfrontend PHP-extension zlib and GD. Nagios 2.x oder higher

rrdtool安装参考 https://blog.c1gstudio.com/archives/459 nagios安装参考 https://blog.c1gstudio.com/archives/545

安装pnp

wget http://nchc.dl.sourceforge.net/sourceforge/pnp4nagios/pnp-0.4.14.tar.gz tar -xvzf pnp-0.4.14.tar.gz cd pnp-0.4.14 ./configure checking for rrdtool… no checking rrdtool path … no configure: error: is a directory! PNP needs the Path to the rrdtool binary! export PKG_CONFIG_PATH=/usr/local/rrdtool/lib/pkgconfig export PKG_CONFIG=/usr/local/rrdtool/bin/pkg-config export PATH=/usr/local/rrdtool/bin:$PATH *** Configuration summary for pnp 0.4.14 05-02-2009 *** General Options: ————————- ——————- Nagios user/group: nagios nagios Install directory: /usr/local/nagios HTML Dir: /usr/local/nagios/share/pnp Config Dir: /usr/local/nagios/etc/pnp Location of rrdtool binary: /usr/local/rrdtool/bin/rrdtool Version 1.3.7 RRDs Perl Modules: *** NOT FOUND *** RRD Files stored in: /usr/local/nagios/share/perfdata process_perfdata.pl Logfile: /usr/local/nagios/var/perfdata.log Perfdata files (NPCD) stored in: /usr/local/nagios/var/spool/perfdata/ Review the options above for accuracy. If they look okay, type ‘make all’ to compile. WARNING: The RRDs Perl Modules are not found on your System Using RRDs will speedup things in larger Installtions. make all make install make install-config make install-init

process_perfdata.pl 安装在 /usr/local/nagios/share/ 配置示例文件安装在/usr/local/nagios/libexecs config.php安装于/usr/local/nagios/etc/pnp

修改配置文件

cp /usr/local/nagios/etc/pnp/process_perf data.cfg-sample /usr/local/nagios/etc/pnp/process_perfdata.cfg vi /usr/local/nagios/etc/pnp/process_perfdata.cfg LOG_FILE = /usr/local/nagios/var/perfdata.log # # Loglevel 0=silent 1=normal 2=debug # LOG_LEVEL = 2 #先改为2

在界面上加上小太阳 参考:http://www.pnp4nagios.org/pnp/webfe

修改etc/objects/templates.cfg增加新命令

define host { name host-pnp register 0 action_url /nagios/pnp/index.php?host=$HOSTNAME$ process_perf_data 1 } define service { name srv-pnp register 0 action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$ process_perf_data 1 }

修改etc/objects/localhost.cfg增加相应命令

define host{ use linux-server ,host-pnp ; Name of host templates to use ; This host definition will inherit all variables that are defined ; in (or inherited by) the linux-server host template definition. host_name localhost alias localhost address 127.0.0.1 } define service{ use local-service ,srv-pnp ; Name of service template to use host_name localhost service_description PING check_command check_ping!100.0,20%!500.0,60% }

修改etc/nagios.cfg 找到如下几项,去掉注释

process_performance_data=1 host_perfdata_command=process-host-perfdata service_perfdata_command=process-service-perfdata

修改commands.cfg

# ‘process-host-perfdata’ command definition define command{ command_name process-host-perfdata #command_line /usr/bin/printf “%b” “$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n” >> /usr/local/nagios/var/host-perfdata.out command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl -d HOSTPERFDATA } # ‘process-service-perfdata’ command definition define command{ command_name process-service-perfdata #command_line /usr/bin/printf “%b” “$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n” >> /usr/local/nagios/var/service-perfdata.out command_line /usr/bin/perl /usr/local/nagios/libexec/process_perfdata.pl }

修改pnp的web服务器配置文件nginx.conf,请注意安全问题,我这里未做安全验证。

location /pnp/ { root /usr/local/nagios/share/; location ~ .*\.php?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } }

如果开启了open_basedir还需修改php.ini

open_basedir = “/opt/htdoc:/opt/php/lib/php:/tmp/session:/tmp/upload:/usr/local/nagios/share/pnp:/usr/local/nagios/etc/pnp:/usr/local/nagios/share/perfdata:/usr/local/rrdtool/bin/rrdtool”

重新加载配置文件

service nagios reload /bin/kill -HUP `cat /dev/shm/nginx.pid`

http://localhost/nagios 点击小太阳就可以看到图表了

Posted in Nagios, 技术.

Tagged with , .

rev="post-552" 2 comments

By C1G 2009/05/04

Nagios 安装

nagios nagios

Nagios是一个用来监控主机、服务和网络的开放源码软件,很多大的公司或组织都在使用它。

参考资料: http://yahoon.blog.51cto.com/13184/41300 http://bbs.linuxtone.org/thread-1281-1-1.html http://bbs.linuxtone.org/thread-2269-1-1.html nagios官方文档 http://www.nagios.org/docs/ nagios中文文档 http://www.itnms.net/docs/nagios/cn/build/html/ nagios中文相关讨论区 http://bbs.linuxtone.org/forum-20-1.html http://www.itnms.net/discuz/forumdisplay.php?fid=10&pageD1

nagios下载地址: http://www.nagios.org/download/

这里选用 nagios-3.0.6.tar.gz nagios-plugins-1.4.13.tar.gz nrpe2.12 wget http://downloads.sourceforge.net/sourceforge/nagios/nagios-3.0.6.tar.gz?use_mirror=nchc wget http://downloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.13.tar.gz?use_mirror=nchc wget http://nchc.dl.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz

安装nagios 系统为as4

1.创建用户和用户组

#创建用户和用户组 useradd -m nagios

-s /sbin/nologin 禁止登录,运行命令时可能会有限制,也可以不加本限制

groupadd nagcmd usermod -G nagcmd nagios #将nginx或apache运行用户加入组中 usermod -G nagcmd nobody

2.安装nagios

tar zxvf nagios-3.0.6.tar.gz cd nagios-3.0.6 #gd默认安装路径 #./configure –with-command-group=nagcmd –prefix=/usr/local/nagios –with-gd-lib=/usr/lib64/ –with-gd-inc=/usr/include

./configure –with-command-group=nagcmd –prefix=/usr/local/nagios –with-gd-lib=/usr/local/gd2/lib –with-gd-inc=/usr/local/gd2/include #以下为编译结果

Configuration summary for nagios 3.0.6 12-01-2008 :

General Options:

Nagios executable: nagios Nagios user/group: nagios,nagios Command user/group: nagios,nagcmd Embedded Perl: no Event Broker: yes Install ${prefix}: /usr/local/nagios Lock file: ${prefix}/var/nagios.lock Check result directory: ${prefix}/var/spool/checkresults Init directory: /etc/rc.d/init.d Apache conf.d directory: /etc/httpd/conf.d Mail program: /bin/mail Host OS: linux-gnu

Web Interface Options:

HTML URL: http://localhost/nagios/ CGI URL: http://localhost/nagios/cgi-bin/ Traceroute (used by WAP): /bin/traceroute

Review the options above for accuracy. If they look okay, type ‘make all’ to compile the main program and CGIs.

make all make install make install-init make install-config make install-commandmode

3.安装nagios-plugins

tar zxvf nagios-plugins-1.4.13.tar.gz cd nagios-plugins-1.4.13 ./configure –with-nagios-user=nagios –with-nagios-group=nagios –prefix=/usr/local/nagios

checking for ping6… /bin/ping6 checking for ICMP ping syntax… 到这里就停住了,应该是ipv6问题,加上–with-ping-command参数编译

参考下面地址: http://www.linuxquestions.org/questions/linux-software-2/.configure-script-hangs-at-checking-for-icmp-ping-syntax…l-499235/ http://bbs.bitscn.com/195707 ./configure –with-nagios-user=nagios –with-nagios-group=nagios –prefix=/usr/local/nagios –with-ping-command=”/bin/ping” –enable-perl-modules –with-mysql=/opt/mysql make

–with-apt-get-command: –with-ping6-command: /bin/ping6 -n -U -w %d -c %d %s –with-ping-command: /bin/ping –with-ipv6: yes –with-mysql: /opt/mysql/bin/mysql_config –with-openssl: yes –with-gnutls: no –enable-extra-opts: no –with-perl: /usr/bin/perl –enable-perl-modules: yes –with-cgiurl: /nagios/cgi-bin –with-trusted-path: /bin:/sbin:/usr/bin:/usr/sbin

如果没有mysql关联,libexec目录不会产生check_mysql,utils.pm等文件

make install #查看播件文件是否已安装在这个目录 ls /usr/local/nagios/libexec 4.配置nginx的web口 如果使用apache可以在安装nagios时使用make install-webconf,不需要下面的配置 我的web server是nginx ,编辑nginx.conf location ~ \.cgi$ { root /usr/local/nagios/sbin; allow 192.168.54.83; #充许访问的客户端ip deny all; auth_basic “Restricted”; auth_basic_user_file nagios; rewrite ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break; fastcgi_index index.cgi; fastcgi_pass unix:/dev/shm/perl_cgi-dispatch.sock; fastcgi_param HTTP_ACCEPT_ENCODING gzip,deflate; fastcgi_param SCRIPT_FILENAME /usr/local/nagios/sbin$fastcgi_script_name; include fcgi.conf; } location /nagios/ { alias /usr/local/nagios/share/; allow 192.168.54.83; deny all; auth_basic “Restricted”; auth_basic_user_file nagios; } 5.使用apache的htpasswd生成用户和口令 /opt/apache/bin/htpasswd -c /opt/nginx/conf/nagios nagiosadmin 6.修改nagios配置文件 修改etc/cgi.cfg中的用户为nagiosadmin authorized_for_system_information=nagiosadmin authorized_for_configuration_information=nagiosadmin authorized_for_system_commands=nagiosadmin//多个用户之间用逗号隔开 authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin 测试时可以将use_authentication=0 修改etc/objects/contacts.cfg联系人 define contact{ contact_name nagiosadmin ; Short name of user use generic-contact ; Inherit default values from generic-contact template (defined above) alias Nagios Admin ; Full name of user email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ****** }   修改本机配置etc/objects/localhost.cfg 上传配置文件 检查配置文件 /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg 7.启动nagios #启动 /etc/rc.d/init.d/nagios start #手工启动 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg #重启 /etc/rc.d/init.d/nagios reload 8.reload nginx server /opt/nginx/sbin/nginx -t kill -HUP `cat /opt/nginx/logs/nginx.pid` nagios安装完成 访问http://localhost/nagios/就可以看到了 安装内存监控插件 wget “http://www.nagiosexchange.org/cgi-bin/jump.cgi?ID=1789&view=File1;d=1” mv jump.cgi\?ID\=1789\&view\=File1\;d\=1 check_mem.pl.gz gunzip check_mem.pl.gz mv check_mem.pl /usr/local/nagios/libexec/check_mem chown nagios:nagios check_mem chmod 0755 check_mem ./check_mem -w 95,60 -c 120,80 #测试结果 OK: Memory Usage (W> 95, C> 120): 83% Swap Usage (W> 60, C> 80): 3%|MemUsed=83%;95;120 SwapUsed=3%;60;80 commands.cfg增加 define command{ command_name check_mem command_line $USER1$/check_mem -w $ARG1$ -c $ARG2$ } 监控对像文件localhost.cfg添加 define service{ use local-service ; Name of service template to use host_name localhost service_description memory check_command check_mem!110,50!150,80 notifications_enabled 0 } 重新加载文件 /etc/init.d/nagios reload 访问http://localhost/nagios/ 输入口令后就可以看到界面了 nagios_screen1 疑难杂征 在service detail中看到ping的命令行是黄色的。 Current Status: UNKNOWN (for 3d 17h 46m 12s) Status Information: ping CRITICAL – Could not interpret output from ping command 多数情况为nagios用户没有执行ping的权限 可以先测试下ping命令有无返回 ping 127.0.0.1 nagios用户无执行权权时: root下 chmod u+s /path/ping 参考:http://blog.chinaunix.net/u/9861/showart_1001559.html 路径不正确时: nagios插件编译时使用参数 –with-ping-command=”/bin/ping” 参考:http://marc.info/?l=netsaintplug-help&m=101980226726163&w=2 禁ping时: cat /proc/sys/net/ipv4/icmp_echo_ignore_all #非0执行下面 echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all 还需检查下其它地方有无禁ping设置,如/etc/rc.local nagios里点”3-D Status Map”时提示”打开statuswrl.cgi”的问题 这个问题是玩nagios最常见的问题 nagios的官方网站的faq里都有得说,看这里 意思差不多就是说:“如果要看3-D statusmap CGI (statuswrl.cgi)的输出的话,得为你的web浏览器安装vrml的client(客户端)或plugin(插件)” 然后还推荐了四个 Cortona (Parallel Graphics) Cosmo Player (Computer Associates and NIST) FreeWRLOpenVRML 好像最后两个没有windows版本 所以如果是用windows机器看的话 需要装前两个软件之一,我安装的是Cortona3D Viewer ,支持ie7和firefox 访问本网址可以查看适合的plugin http://cic.nist.gov/vrml/vbdetect.html Firefox添加Nagios插件 https://addons.mozilla.org/en-US/firefox/addon/3607 解决Nagios安装好后statusmap.cgi找不到的问题
  • libgd
  • libgd-devel
  • libpng
  • libpng-devel
  • libjpeg
  • libjpeg-devel
  • zlib
  • zlib-devel
run ‘ make devclean‘ in your Nagios source code distribution directory and rerun the configure script 我的gd安装在/usr/local/gd2/ ./configure –prefix=/usr/local/nagios –with-gd-lib=/usr/local/gd2/lib –with-gd-inc=/usr/local/gd2/include iconv找不时的出错 statusmap.cgi: error while loading shared libraries: libiconv.so.2: cannot open shared object file: No such file or directory ldd /usr/local/nagios/sbin/statusmap.cgi libgd.so.2 => /usr/lib64/libgd.so.2 (0x0000003f16e00000) libiconv.so.2 => not found 找一下libiconv.so.2是不是在/usr/local/lib/中,并且该目录不在/etc/ld.so.conf中 将目录放入动态库中 echo “/usr/local/lib” >> /etc/ld.so.conf ldconfig -v 再刷新下页面,问题解决. 安装NRPE tar zxvf nrpe2.12.tar.gz cd nrpe2.12 ./configure ./make all ./make install-plugin #监控机只需安装到这步

Posted in Nagios, 技术.

Tagged with .

rev="post-545" 4 comments

By C1G 2009/05/04

rrdtool 1.3.7 安装

rrdtool 介绍 (http://www.rrdtool.org) RRDtool是指Round Robin Database 工具(环状数据库)。Round robin是一种处理定量数据、以及当前元素指针的技术。想象一个周边标有点的圆环--这些点就是时间存储的位置。从圆心画一条到圆周的某个点的箭头--这就是指针。就像我们在一个圆环上一样,没有起点和终点,你可以一直往下走下去。过来一段时间,所有可用的位置都会被用过,该循环过程会自动重用原来的位置。这样,数据集不会增大,并且不需要维护。 RRDtool源自MRTG(多路由器流量绘图器)。MRTG是有一个大学连接到互联网链路的使用率的小脚本开始的。MRTG后来被当作绘制其他数据源的工具使用,包括温度、速度、电压、输出量等等。

参考地址 RRDtool中英文翻译使用手册 http://leftleg.hzpub.com/post/634/

rrdtool 教學 http://www.study-area.org/tips/rrdtool/rrdtool.html

安装注意 在安装rrdtool时需要cairo包的支持,而cairo又需要pkg-config、glib、pixman、pang、freetype、fontconfig包的支持 支持包下载地址 http://oss.oetiker.ch/rrdtool/pub/libs/

前面安装失败记录 https://blog.c1gstudio.com/archives/446

下载完rrdtool解压后可以查看它的安装文档 http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.7.tar.gz tar zxvf rrdtool-1.3.7.tar.gz cat rrdtool-1.3.7/doc/rrdbuild.txt

开始安装 设置环境变量 安装临时目录为/tmp/rrdbuild,安装目录为/usr/local/rrdtool

export BUILD_DIR=/tmp/rrdbuild export INSTALL_DIR=/usr/local/rrdtool mkdir -p $BUILD_DIR cd $BUILD_DIR export CFLAGS=”-O3 -fPIC” #export LDFLAGS=”-Wl,–rpath -Wl,${INSTALL_DIR}/lib” export PKG_CONFIG_PATH=${INSTALL_DIR}/lib/pkgconfig export PATH=$INSTALL_DIR/bin:$PATH export PKG_CONFIG=$INSTALL_DIR/bin/pkg-config cd $BUILD_DIR wget -c http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.7.tar.gz tar zxvf rrdtool-1.3.7.tar.gz wget http://pkgconfig.freedesktop.org/releases/pkg-config-0.23.tar.gz tar zxvf pkg-config-0.23.tar.gz cd pkg-config-0.23 ./configure –prefix=$INSTALL_DIR make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/zlib-1.2.3.tar.gz tar zxvf zlib-1.2.3.tar.gz cd zlib-1.2.3 ./configure –prefix=$INSTALL_DIR –shared make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/libpng-1.2.18.tar.gz tar zxvf libpng-1.2.18.tar.gz cd libpng-1.2.18 ./configure –prefix=$INSTALL_DIR make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/freetype-2.3.5.tar.gz tar zxvf freetype-2.3.5.tar.gz cd freetype-2.3.5 ./configure –prefix=$INSTALL_DIR CFLAGS=”-O3 -fPIC” make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/libxml2-2.6.32.tar.gz tar zxvf libxml2-2.6.32.tar.gz cd libxml2-2.6.32 ./configure –prefix=$INSTALL_DIR make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/fontconfig-2.4.2.tar.gz tar zxvf fontconfig-2.4.2.tar.gz cd fontconfig-2.4.2 ./configure –prefix=$INSTALL_DIR –with-freetype-config=$INSTALL_DIR/bin/freetype-config make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/pixman-0.10.0.tar.gz tar zxvf pixman-0.10.0.tar.gz cd pixman-0.10.0 ./configure –prefix=$INSTALL_DIR make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/cairo-1.6.4.tar.gz tar zxvf cairo-1.6.4.tar.gz cd cairo-1.6.4 ./configure –prefix=$INSTALL_DIR \ –enable-xlib=no \ –enable-xlib-render=no \ –enable-win32=no \ FONTCONFIG_CFLAGS=-I/usr/local/rrdtool/include FONTCONFIG_LIBS=”-L/usr/local/rrdtool/lib -lfontconfig ” \ FREETYPE_CFLAGS=-I/usr/local/rrdtool/include/freetype2 FREETYPE_LIBS=”-L/usr/local/rrdtool/lib -lfreetype” pixman_CFLAGS=-I/usr/local/rrdtool/include/pixman-1 pixman_LIBS=”-L/usr/local/rrdtool/lib -lpixman-1″ \ make make install cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/glib-2.15.4.tar.gz tar zxvf glib-2.15.4.tar.gz cd glib-2.15.4 ./configure –prefix=$INSTALL_DIR make make install

#gconvert.c:51:2: #error GNU libiconv not in use but included iconv.h is from libiconv 需带上–with-libiconv

cd $BUILD_DIR wget http://oss.oetiker.ch/rrdtool/pub/libs/pango-1.21.1.tar.bz2 bunzip2 pango-1.21.1.tar.bz2 tar xf pango-1.21.1.tar cd pango-1.21.1 ./configure –prefix=$INSTALL_DIR –without-x make make install cd $BUILD_DIR/rrdtool-1.3.7 ./configure –prefix=$INSTALL_DIR –disable-tcl –disable-python

#和nagios结合时增下下面参数 –with-rrdtool=/usr/local/rrdtool/bin/rrdtool –with-perfdata-dir=/usr/local/nagios/share/perfdata

Find 3rd-Party Libraries checking for cairo_font_options_create in -lcairo… no checking for pkg-config… pkg-config configure: WARNING: —————————————————————————- * I found a copy of pkgconfig, but there is no cairo-png.pc file around. You may want to set the PKG_CONFIG_PATH variable to point to its location. —————————————————————————- configure: WARNING: —————————————————————————- * I could not find a working copy of cairo-png. Check config.log for hints on why this is the case. Maybe you need to set LDFLAGS and CPPFLAGS appropriately so that compiler and the linker can find libcairo and its header files. If you have not installed cairo-png, you can get it either from its original home on http://cairographics.org/releases/ You can find also find an archive copy on http://oss.oetiker.ch/rrdtool/pub/libs The last tested version of cairo-png is 1.4.6. LIBS=-lm LDFLAGS= CPPFLAGS= —————————————————————————- checking for cairo_svg_surface_create in -lcairo… no checking for pkg-config… (cached) pkg-config

有以上信息请检查cairo安装和环境变量

checking in… and out again ordering CD from http://tobi.oetiker.ch/wish …. just kidding ;-) —————————————————————- Config is DONE! With MMAP IO: yes Build rrd_getopt: no Static programs: no Perl Modules: perl_piped perl_shared Perl Binary: /usr/bin/perl Perl Version: 5.8.5 Perl Options: PREFIX=$(DESTDIR)/usr/local/rrdtool LIB=$(DESTDIR)/usr/local/rrdtool/lib/perl/5.8.5 Ruby Modules: Ruby Binary: no Ruby Options: sitedir=$(DESTDIR)/usr/local/rrdtool/lib/ruby Build Tcl Bindings: no Build Python Bindings: no Build rrdcgi: yes Build librrd MT: yes Link with libintl: yes Libraries: -lxml2 -lcairo -lcairo -lcairo -lm -lcairo -lpng12 -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0 Type ‘make’ to compile the software and use ‘make install’ to install everything to: /usr/local/rrdtool. … that wishlist is NO JOKE. If you find RRDtool useful make me happy. Go to http://tobi.oetiker.ch/wish and place an order.

出现以上信息表明离成功不远了哈。

make make install

========================= 2010-7-22更新 RRDtool 1.4.4 安装 https://blog.c1gstudio.com/archives/1057

Posted in Nagios, RRDtool, 技术.

Tagged with .

rev="post-459" 2 comments

By C1G 2009/04/27

rrdtool 安装失败篇

在安装rrdtool时需要cairo包的支持,而cairo又需要pkg-config、glib、pixman、pang、freetype、fontconfig包的支持

pkg-config http://pkgconfig.freedesktop.org/releases/pkg-config-0.23.tar.gz tar zxvf pkg-config-0.23.tar.gz cd pkg-config-0.23 ./configure make make install

其它的安装包 http://oss.oetiker.ch/rrdtool/pub/libs/

pango-1.21.1.tar.bz2 pixman-0.10.0.tar.gz libxml2-2.6.32.tar.gz glib-2.15.4.tar.gz cairo-1.6.4.tar.gz libpng-1.2.18.tar.gz freetype-2.3.5.tar.gz cairo-1.4.10.tar.gz fontconfig-2.4.2.tar.gz libart_lgpl-2.3.17.tar.gz zlib-1.2.3.tar.gz

其中系统中已安装的是(参见https://blog.c1gstudio.com/archives/152) zlib-1.2.3.tar.gz freetype-2.3.5.tar.gz libpng-1.2.31.tar.gz libxml2-2.6.32.tar.gz fontconfig-2.6.0.tar.gz tar zxvf glib-2.15.4.tar.gz cd glib-2.15.4 ./configure –with-libiconv make

Nothing to be done for `all’.

mv /install-prefix/include/glib.h /install-prefix/include/glib.h.del

mv /install-prefix/include/gmodule.h /install-prefix/include/gmodule.h.del make clean make uninstall ./configure –with-libiconv make

还是不行

make clean ./configure –with-libiconv –prefix=/usr make clean make make install

 pkg-config –cflags glib-2.0  pkg-config –libs glib-2.0 ldconfig wget -c http://oss.oetiker.ch/rrdtool/pub/libs/pixman-0.10.0.tar.gz tar zxvf pixman-0.10.0.tar.gz cd pixman-0.10.0 ./configure make make install wget -c http://oss.oetiker.ch/rrdtool/pub/libs/cairo-1.6.4.tar.gz tar zxvf cairo-1.6.4.tar.gz cd cairo-1.6.4 ./configure

configure: error: Cairo requires at least one native font backend. Please install FreeType and fontconfig and try again

make clean cp /usr/local/freetype/include/ft2build.h /usr/local/freetype/include/freetype2/ ./configure FREETYPE_LIBS=/usr/local/freetype/lib/libfreetype.so FREETYPE_CFLAGS=”-I/usr/local/freetype/include/freetype2″ FONTCONFIG_CFLAGS=”-I/usr/local/fontconfig/include” FONTCONFIG_LIBS=/usr/local/fontconfig/lib/libfontconfig.so

cairo (version 1.8.6 [release]) will be compiled with:

make make install

The following surface backends: Image: yes (always builtin) Xlib: no (requires X development libraries) Xlib Xrender: no (requires –enable-xlib) Quartz: no (requires CoreGraphics framework) Quartz-image: no (disabled, use –enable-quartz-image to enable) XCB: no (disabled, use –enable-xcb to enable) Win32: no (requires a Win32 platform) OS2: no (disabled, use –enable-os2 to enable) PostScript: yes PDF: yes SVG: yes glitz: no (disabled, use –enable-glitz to enable) BeOS: no (disabled, use –enable-beos to enable) DirectFB: no (disabled, use –enable-directfb to enable)

The following font backends: User: yes (always builtin) FreeType: yes Win32: no (requires a Win32 platform) Quartz: no (requires CoreGraphics framework)

The following functions: PNG functions: yes

And the following internal features: gcov support: no test surfaces: no (disabled, use –enable-test-surfaces to enable) ps testing: yes pdf testing: no (requires poppler-glib >= 0.9.2) svg testing: no (requires librsvg-2.0 >= 2.15.0)

It is strictly recommended that you enable the native surface backend feature for your platform.

make clean ./configure –prefix=/usr/local/cairo

echo ‘/usr/local/cairo/lib’ >> /etc/ld.so.conf ldconfig -v pkg-config –list-all

会报某些库找不到, 设置链接库路径

export PKG_CONFIG_PATH=/usr/lib/pkgconfig:$PKG_CONFIG_PATH export PKG_CONFIG_PATH=/usr/local/freetype/lib/pkgconfig:$PKG_CONFIG_PATH export PKG_CONFIG_PATH=/usr/local/fontconfig/lib/pkgconfig:$PKG_CONFIG_PATH

每次退出后以上变量需重新设置,可以保存成一个文件如:set_pkg_path.sh,然后source set_pkg_path.sh 如果想避免使用 GTK+ 库之前上述设置的麻烦,可以把上面环境变量的设置在系统的配置文件中(如 /etc/profile)或者自己的用户配置文件中(如 ~/.bash_profile) wget -c http://oss.oetiker.ch/rrdtool/pub/libs/pango-1.21.1.tar.bz2 tar jxvf pango-1.21.1.tar.bz2 cd pango-1.21.1 ./configure –enable-cairo –prefix=/usr make make install  wget http://oss.oetiker.ch/rrdtool/pub/libs/libart_lgpl-2.3.17.tar.gz  tar zxvf libart_lgpl-2.3.17.tar.gz  cd libart_lgpl-2.3.17 make make install wget -c http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.3.7.tar.gz cp /usr/local/cairo/lib/pkgconfig/* /usr/lib/pkgconfig/ export PKG_CONFIG_PATH=/usr/local/cairo/lib/pkgconfig:$PKG_CONFIG_PATH

CPPFLAGS=”-I/usr/local/lib/pkgconfig/ -I/usr/local/include/libart-2.0/ -I/usr/local/freetype/ -I/usr/local/lib/” ./configure –prefix=/usr/local/rrdtool –disable-tcl –disable-python make clean make make install

安装失败,找不到cairo-png,应该是动态链接库路径问题.

请看成功安装篇 https://blog.c1gstudio.com/archives/459

Posted in Nagios.

Tagged with , .

rev="post-446" 1 comment

By C1G 2009/04/24

如何使用shell命令统计某个目录下的文件数(目录中有下级目录)

如何使用shell命令统计某个目录下的文件数(目录中有下级目录)?我想要输出的效果如下: 文件数 目录名 17 ./test/dir1 12 ./test/dir2 16 ./test/dir3/dir4/dir5 15 ./test/dir3/dir4/d …

find . -type f | sed ‘s/\(.*\)\/.*/\1\//’|sort | uniq -c find . -type f | awk ‘BEGIN{FS=OFS=”/”}{$NF=””;a[$0]++}END{for(i in a) print a[i]”\t”i}’

Posted in shell.

Tagged with .

rev="post-454" No comments

By C1G 2009/04/23

网站被挂马

访问时uchome.c1gstudio.com卡巴斯基报木马,nod32和诺顿无反应。

寻找挂马方式 ie8+开发 和用http_watch发现有挂马请求,ie6,ie7+flidder2,firefox 2和3+firebug无法发现请求. 请求地址为(实际地址已隐去,只作示例)

http://xxx.xxxw3.com/a.js

查看首页原码无此请求,但用dom查看器可以发现。 制作一临时html文件,copy首页源代码放入,通过增删代码找到木马放在/source/script_common.js中 ftp到server查看该文件已被修改并在首行有以下请求代码。

document.writeln(“”);

在uchome.c1gstudio.com/下还有一x.php 十分可疑 下载下来是加密过的,破解后为”黑狼PHP木马”. 文件上传日期为2009/04/20.

搜索文件其它域名根目录下也有此文件,立即将其改名禁止攻击者访问。

find /opt/htdocs -name ‘x.php’ -print

攻击者怎么把木马放上来的呢? 搜索近期的web访问日志,看看攻击者都做了什么操作。

cat /opt/nging/logs/uchome.c1gstudio.com.log |grep /x.php

得到攻击者ip后,再查ip

cat /opt/nging/logs/uchome.c1gstudio.com.log |grep 125.70.209.110 125.70.209.110 – – [20/Apr/2009:10:12:16 +0800] “GET / HTTP/1.1” 200 5129 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [20/Apr/2009:10:12:17 +0800] “GET / HTTP/1.1” 200 5130 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [20/Apr/2009:10:12:22 +0800] “-” 400 0 “-” “-” – 125.70.209.110 – – [20/Apr/2009:10:12:35 +0800] “GET //x.php HTTP/1.1” 200 444 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [20/Apr/2009:10:12:35 +0800] “GET /favicon.ico HTTP/1.1” 200 3638 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” –

木马已上传,再换个日期查

cat /opt/nging/logs/uchome.c1gstudio.com.20090419.log |grep 125.70.209.110 125.70.209.110 – – [19/Apr/2009:19:25:01 +0800] “GET /../admin/index.asp HTTP/1.1” 400 170 “-” “-” – 125.70.209.110 – – [19/Apr/2009:19:25:09 +0800] “GET /../admin/default.asp HTTP/1.1” 400 170 “-” “-” – 125.70.209.110 – – [19/Apr/2009:19:25:12 +0800] “GET /../admin/manage.asp HTTP/1.1” 400 170 “-” “-” – 125.70.209.110 – – [19/Apr/2009:19:40:01 +0800] “GET / HTTP/1.1” 200 5234 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:40:48 +0800] “GET /do.php?ac=sendmail&rand=1240141201 HTTP/1.1” 200 35 “http://uchome.c1gstudio.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:40:48 +0800] “GET /favicon.ico HTTP/1.1” 200 3638 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:42:35 +0800] “GET /includes/class.Member.php HTTP/1.1” 404 526 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:42:36 +0800] “GET /favicon.ico HTTP/1.1” 304 0 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:42:45 +0800] “GET /includes/ HTTP/1.1” 404 526 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:42:46 +0800] “GET /favicon.ico HTTP/1.1” 304 0 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:43:19 +0800] “GET / HTTP/1.1” 200 5236 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:43:27 +0800] “GET /do.php?ac=sendmail&rand=1240141399 HTTP/1.1” 200 35 “http://uchome.c1gstudio.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:43:28 +0800] “GET /favicon.ico HTTP/1.1” 200 3638 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:44:17 +0800] “GET /x.php HTTP/1.1” 404 526 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:44:17 +0800] “GET /favicon.ico HTTP/1.1” 304 0 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” –

攻击者在扫描网站,但还未上传x.php,应该不是在这个域名下上传的。 换个域名

125.70.209.110 – – [19/Apr/2009:19:25:36 +0800] “GET /DB%23steer/DBBACK/[email protected] HTTP/1.1” 404 3864 “-” “Mozilla/4.0” – 125.70.209.110 – – [19/Apr/2009:19:25:38 +0800] “GET //guanli/ HTTP/1.1” 302 5 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:38 +0800] “GET //guanli/login.php?gotopage=%2F%2Fguanli%2F HTTP/1.1” 200 984 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:42 +0800] “GET //include/vdimgck.php HTTP/1.1” 200 1304 “http://file.c1gstudio.com//guanli/login.php?gotopage=%2F%2Fguanli%2F” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:44 +0800] “GET /favicon.ico HTTP/1.1” 404 1803 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:51 +0800] “GET //guanli/ruletest.php HTTP/1.1” 200 1152 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:52 +0800] “GET /favicon.ico HTTP/1.1” 404 1803 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:25:59 +0800] “POST //guanli/ruletest.php HTTP/1.1” 200 48 “http://file.c1gstudio.com//guanli/ruletest.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:02 +0800] “GET //guanli/yhs.php HTTP/1.1” 200 35 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:03 +0800] “GET /favicon.ico HTTP/1.1” 404 1803 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:11 +0800] “GET /guanli/yhs.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1” 200 2536 “http://file.c1gstudio.com//guanli/yhs.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:11 +0800] “GET /guanli/yhs.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1” 200 2158 “http://file.c1gstudio.com//guanli/yhs.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:11 +0800] “POST //guanli/yhs.php HTTP/1.1” 200 8617 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:13 +0800] “POST //guanli/yhs.php HTTP/1.1” 200 77 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:40 +0800] “POST //guanli/yhs.php HTTP/1.1” 200 53 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:47 +0800] “GET //guanli/x.php HTTP/1.1” 200 444 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:48 +0800] “GET /favicon.ico HTTP/1.1” 404 1803 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:51 +0800] “POST //guanli/x.php HTTP/1.1” 200 159 “http://file.c1gstudio.com//guanli/x.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” – 125.70.209.110 – – [19/Apr/2009:19:26:54 +0800] “GET /guanli/x.php HTTP/1.1” 200 444 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler ; .NET CLR 2.0.50727)” –

攻击方法 攻击者通过//guanli/ruletest.php 上传yhs.php 并上传x.php木马 通过x.php对文件植入代码

系统漏洞 ruletest.php 为dede cms的安全漏洞

查找感杂文件 查找web文件夹中是否有挂马 find /opt/htdocs -name “.js” -exec grep -I -l “w3.com” {} \; find /opt/htdocs -name “.htm” -exec grep -I -l “w3.com” {} \; find /opt/htdocs -name “.html” -exec grep -I -l “w3.com” {} \; find /opt/htdocs -name “.php” -exec grep -I -l “w3.com” {} \;

查找web文件夹中是否还有后门 find /opt/htdocs -name “x.php” -print;

最近修改过的文件(后门可以自定文件修改时间,所以这个不可靠) find /opt/htdocs -mtime -1 -type f -exec ls -l {} \;

攻击者将多个挂马插入大部分html,js,php,404.htm等也有 改名上传了多个木马在不同目录,并在原有程序上按插上传代码。

修复方法 由于感染太多就将原有web目录移除,并重新上传文件。 删除dede的后台 修改mysql,主机,web等管理密码。

Posted in 安全.

Tagged with , .

rev="post-448" No comments

By C1G 2009/04/23

nginx rewrite 参数和例子

推荐参考地址: Mailing list ARChives 官方讨论区 http://marc.info/?l=nginx

Nginx 常见应用技术指南[Nginx Tips] http://bbs.linuxtone.org/thread-1685-1-1.html


本日志内容来自互联网和平日使用经验,整理一下方便日后参考。

正则表达式匹配,其中:

* ~ 为区分大小写匹配 * ~* 为不区分大小写匹配 * !~和!~*分别为区分大小写不匹配及不区分大小写不匹配



文件及目录匹配,其中:

* -f和!-f用来判断是否存在文件 * -d和!-d用来判断是否存在目录 * -e和!-e用来判断是否存在文件或目录 * -x和!-x用来判断文件是否可执行



flag标记有:

* last 相当于Apache里的[L]标记,表示完成rewrite * break 终止匹配, 不再匹配后面的规则 * redirect 返回302临时重定向 地址栏会显示跳转后的地址 * permanent 返回301永久重定向 地址栏会显示跳转后的地址



一些可用的全局变量有,可以用做条件判断(待补全)

$args $content_length $content_type $document_root $document_uri $host $http_user_agent $http_cookie $limit_rate $request_body_file $request_method $remote_addr $remote_port $remote_user $request_filename $request_uri $query_string $scheme $server_protocol $server_addr $server_name $server_port $uri



结合QeePHP的例子

if (!-d $request_filename) { rewrite ^/([a-z-A-Z]+)/([a-z-A-Z]+)/?(.*)$ /index.php?namespace=user&controller=$1&action=$2&$3 last; rewrite ^/([a-z-A-Z]+)/?$ /index.php?namespace=user&controller=$1 last; break;



多目录转成参数 abc.domian.com/sort/2 => abc.domian.com/index.php?act=sort&name=abc&id=2

if ($host ~* (.*)\.domain\.com) { set $sub_name $1; rewrite ^/sort\/(\d+)\/?$ /index.php?act=sort&cid=$sub_name&id=$1 last; }



目录对换 /123456/xxxx -> /xxxx?id=123456

rewrite ^/(\d+)/(.+)/ /$2?id=$1 last;



例如下面设定nginx在用户使用ie的使用重定向到/nginx-ie目录下:

if ($http_user_agent ~ MSIE) { rewrite ^(.*)$ /nginx-ie/$1 break; }



目录自动加“/”

if (-d $request_filename){ rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent; }



禁止htaccess

location ~/\.ht { deny all; }



禁止多个目录

location ~ ^/(cron|templates)/ { deny all; break; }



禁止以/data开头的文件 可以禁止/data/下多级目录下.log.txt等请求;

location ~ ^/data { deny all; }



禁止单个目录 不能禁止.log.txt能请求

location /searchword/cron/ { deny all; }



禁止单个文件

location ~ /data/sql/data.sql { deny all; }



给favicon.ico和robots.txt设置过期时间; 这里为favicon.ico为99天,robots.txt为7天并不记录404错误日志

location ~(favicon.ico) { log_not_found off; expires 99d; break; } location ~(robots.txt) { log_not_found off; expires 7d; break; }



设定某个文件的过期时间;这里为600秒,并不记录访问日志

location ^~ /html/scripts/loadhead_1.js { access_log off; root /opt/lampp/htdocs/web; expires 600; break; }



文件反盗链并设置过期时间 这里的return 412 为自定义的http状态码,默认为403,方便找出正确的盗链的请求 “rewrite ^/ http://leech.c1gstudio.com/leech.gif;”显示一张防盗链图片 “access_log off;”不记录访问日志,减轻压力 “expires 3d”所有文件3天的浏览器缓存

location ~* ^.+\.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ { valid_referers none blocked *.c1gstudio.com *.c1gstudio.net localhost 208.97.167.194; if ($invalid_referer) { rewrite ^/ http://leech.c1gstudio.com/leech.gif; return 412; break; } access_log off; root /opt/lampp/htdocs/web; expires 3d; break; }



只充许固定ip访问网站,并加上密码

root /opt/htdocs/www; allow 208.97.167.194; allow 222.33.1.2; allow 231.152.49.4; deny all; auth_basic “C1G_ADMIN”; auth_basic_user_file htpasswd;



将多级目录下的文件转成一个文件,增强seo效果 /job-123-456-789.html 指向/job/123/456/789.html

rewrite ^/job-([0-9]+)-([0-9]+)-([0-9]+)\.html$ /job/$1/$2/jobshow_$3.html last;



将根目录下某个文件夹指向2级目录 如/ shanghaijob/ 指向 /area/shanghai/ 如果你将last改成permanent,那么浏览器地址栏显是/location/shanghai/

rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;

上面例子有个问题是访问/shanghai 时将不会匹配

rewrite ^/([0-9a-z]+)job$ /area/$1/ last; rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;

这样/shanghai 也可以访问了,但页面中的相对链接无法使用, 如./list_1.html真实地址是/area/shanghia/list_1.html会变成/list_1.html,导至无法访问。

那我加上自动跳转也是不行咯 (-d $request_filename)它有个条件是必需为真实目录,而我的rewrite不是的,所以没有效果

if (-d $request_filename){ rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent; }

知道原因后就好办了,让我手动跳转吧

rewrite ^/([0-9a-z]+)job$ /$1job/ permanent; rewrite ^/([0-9a-z]+)job/(.*)$ /area/$1/$2 last;



文件和目录不存在的时候重定向:

if (!-e $request_filename) { proxy_pass http://127.0.0.1; }



域名跳转

server { listen 80; server_name jump.c1gstudio.com; index index.html index.htm index.php; root /opt/lampp/htdocs/www; rewrite ^/ http://www.c1gstudio.com/; access_log off; }



多域名转向

server_name www.c1gstudio.com www.c1gstudio.net; index index.html index.htm index.php; root /opt/lampp/htdocs; if ($host ~ “c1gstudio\.net”) { rewrite ^(.*) http://www.c1gstudio.com$1 permanent; }



三级域名跳转

if ($http_host ~* “^(.*)\.i\.c1gstudio\.com$”) { rewrite ^(.*) http://top.c1gstudio.com$1; break; }



域名镜向

server { listen 80; server_name mirror.c1gstudio.com; index index.html index.htm index.php; root /opt/lampp/htdocs/www; rewrite ^/(.*) http://www.c1gstudio.com/$1 last; access_log off; }



某个子目录作镜向

location ^~ /zhaopinhui { rewrite ^.+ http://zph.c1gstudio.com/ last; break; }



discuz ucenter home (uchome) rewrite

rewrite ^/(space|network)-(.+)\.html$ /$1.php?rewrite=$2 last; rewrite ^/(space|network)\.html$ /$1.php last; rewrite ^/([0-9]+)$ /space.php?uid=$1 last;



discuz 7 rewrite

rewrite ^(.*)/archiver/((fid|tid)-[\w\-]+\.html)$ $1/archiver/index.php?$2 last; rewrite ^(.*)/forum-([0-9]+)-([0-9]+)\.html$ $1/forumdisplay.php?fid=$2&page=$3 last; rewrite ^(.*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/viewthread.php?tid=$2&extra=page\%3D$4&page=$3 last; rewrite ^(.*)/profile-(username|uid)-(.+)\.html$ $1/viewpro.php?$2=$3 last; rewrite ^(.*)/space-(username|uid)-(.+)\.html$ $1/space.php?$2=$3 last; rewrite ^(.*)/tag-(.+)\.html$ $1/tag.php?name=$2 last;



给discuz某版块单独配置域名

server_name bbs.c1gstudio.com news.c1gstudio.com; location = / { if ($http_host ~ news\.c1gstudio.com$) { rewrite ^.+ http://news.c1gstudio.com/forum-831-1.html last; break; } }



discuz ucenter 头像 rewrite 优化

location ^~ /ucenter { location ~ .*\.php?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location /ucenter/data/avatar { log_not_found off; access_log off; location ~ /(.*)_big\.jpg$ { error_page 404 /ucenter/images/noavatar_big.gif; } location ~ /(.*)_middle\.jpg$ { error_page 404 /ucenter/images/noavatar_middle.gif; } location ~ /(.*)_small\.jpg$ { error_page 404 /ucenter/images/noavatar_small.gif; } expires 300; break; } }

jspace rewrite

location ~ .*\.php?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; } location ~* ^/index.php/ { rewrite ^/index.php/(.*) /index.php?$1 break; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fcgi.conf; }

wordpress rewrite

location / { index index.html index.php; if (-f $request_filename/index.html){ rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php){ rewrite (.*) $1/index.php; } if (!-e $request_filename) { rewrite (.*) /index.php; } }


2010-1-11更新


discuzx 1.5 rewrite

rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last; rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last; rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last; rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last; rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last; rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last; rewrite ^([^\.]*)/([a-z]+)-(.+)\.html$ $1/$2.php?rewrite=$3 last; if (!-e $request_filename) { return 404; }

动态参数rewrite 以discuz7.2到discuzx1.5为例

if ($query_string ~* tid=([0-9]+)) { set $id $1; rewrite “^(.*)/viewthread.php$” $1/forum.php?mod=viewthread&tid=$id&extra=page%3D&page=1 last; } if ($query_string ~* gid=([0-9]+)) { set $id $1; rewrite “^(.*)/index.php$” $1/forum.php?gid=$id last; } rewrite ^([^\.]*)/archiver/$ $1/forum.php?archiver=1 last;


2011-4-21更新


nginx 嵌套if nginx不支持if and和多层嵌套if,让我头痛很久,需要通过其它方法实现. 下面是把访问镜像网站cnc.c1gstudio.com的爬虫转到www站.

set $needrewrite ”; if ($http_user_agent ~* (baiduspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { set $needrewrite ‘o’; } if ($host ~ cnc\.c1gstudio\.com) { set $needrewrite “${needrewrite}k”; } if ($needrewrite = ok) { #return 403; rewrite ^(.*) http://www.c1gstudio.com$1 permanent; }

reload nginx后可以用curl来做测试 curl -I -A “soso” cnc.c1gstudio.com

apache 转 nginx 规则工具 http://www.ubuntuset.com/apache2nginx

Posted in Nginx, 技术.

Tagged with , .

rev="post-434" 8 comments

By C1G 2009/04/16