分页: 1/2 第一页 1 2 下页 最后页 [ 显示模式: 摘要 | 列表 ]
目录:
0. 配置目的及方案简介
1. 安装KVM
2. 安装配置VNC远程控制
3. 在KVM虚拟机安装CentOS 6
4. NAT网络配置
5. 使用iptables防火墙配置,SSH,FTP
6. 使用反向代理配置Web server
7. 虚拟机中的Mysql配置
8. 后续:iptables规则优化,虚拟机自动快照备份
Tags: , ,

vsftpd调试

[ 2012/07/18 11:10 | by Sonic ]
默认的vsftpd日志很简单。出现问题时,不容易找到原因。
以下参数,打开详细日志。

# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/users/vsftp_nobody/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=NO

#The log_ftp_protocol=YES will log every FTP protocol transaction between the client and the server (this is the most detailed log you can get).
log_ftp_protocol=YES


注意,在log_ftp_protocol=YES时,这一项必须是no:xferlog_std_format=NO。否则会得到:
500 OOPS: bad bool value in config file for: log_ftp_protocol


附件:vsftpd.conf参数详解
Tags: , ,
近年来最累的一次折腾。有必要好好记录一下。跟了网上N个教程,有好几个都走不通。最后自己彻底整理了一次。把自己的经验和配置分享出来。

首先隆重感谢一下至今素未谋面的老熊,真是好人啊。06年的时候就在plesk服务器换ip的事上,帮了我好大的忙。没想到这次在我卡在第6步,最绝望的时候,这只熊的婀娜身影再一次出现在了我的生活中。还在漆黑的深夜中陪伴在我的身边。以下隆重公布一下他的QQ,造福广大网友!QQ: 499******* (后几位号码,为符合当地莫名其妙的“相关法规”,被系统自动屏蔽。。。)

其次要感谢老熊的同事,百忙中写好的防火墙规则,让我10分钟之内,就被兴奋得昏了头的我,给无情覆盖了。以至于下次人家重写之后,很自觉的在/root下给留了个备份。zan
Tags: , ,
本机操作系统为vista,virtualbox版本为3.1.2 r56127,虚拟机为CentOS 5.4 i386。安装vitualbox增强功能的步骤:
1.启动CentOS,以root身份登录,进入桌面环境。
2.在virtualbox菜单中选择“设备-->安装增强功能”,会在桌面上出现一个“VBOXADDITIONS_3.1.2_56127”图标。
3.双击上述图标,打开文件窗口,选择“工具-->打开终端”菜单,进入终端模式。
4.执行如下命令:
#yum install kernel-devel  //执行此命令提示有错误,忽略;
#yum install gcc  //执行此命令提示有错误,忽略;
ln -s /usr/src/kernels/2.6.18-......-i686 /usr/src/linux   //省略号处用TAB键补全
sh VBoxLinuxAdditions-x86.run
5.重启系统即可。
6.更改屏幕分辨率:

 #vi /etc/X11/xorg.conf
  SubSection "Display"
            Viewport 0 0
            Depth     24
            Modes "1024x768" "800x600" "640x480"
  EndSubSection
Tags: , ,
Fail2ban is failing to ban VSFTPD bruteforce:

In my case with VSFTPD, with unresolvable DNS names from /var/log/secure:

Scenario: VSFTP configuration is set for PAM authentication, using xferlog in standard format. Fail2ban for vsftpd is watching /var/log/secure

Problem: PAM sends failed login information to /var/log/secure, but the remote server's IP address has been replaced by a DNS name. Resulting DNS name does not resolve or does not resolve correctly, thus fail2ban is unable to ban the IP address.

Fix: Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch /var/log/vsftpd.log instead. This log file shows the incoming ip address instead of the DNS name.

[ update: you also need to adde'use_localtime=YES' to config file of VSFTPD. otherwise, above trick not working. it took me hours to solve the problem. :(]

Source and more tips.
Tags: , ,

CentOS安装Socks5

[ 2011/08/09 13:51 | by Sonic ]
1.配置编译环境
2.安装socks5必要的包
yum -y install gcc automake make

yum -y install pam-devel openldap-devel cyrus-sasl-devel

3.下载,编译安装ss5(socks5)

wget http://disk.boluo.org/linux/27001-ss5-3.6.1-1.tar.gz
tar zxvf 27001-ss5-3.6.1-1.tar.gz
cd ss5-3.6.1
./configure
make
make install


可以通过修改 /etc/opt/ss5/ss5.conf 设置密码

# SHost                  SPort           Authentication
#
auth 0.0.0.0/0           -                -
# SHost                  SPort           Authentication

#

auth 0.0.0.0/0           -                  u

在 /etc/opt/ss5/ss5.passwd 中添加 用户名和密码 如:

admin   123456

使用用户验证,重启ss5服务

/etc/init.d/ss5 start
Tags: , ,
本文介绍CentOS中自带的系统进程。并给出精简建议。
转自鸟哥网站:http://linux.vbird.org/linux_basic/0560daemons.php
Tags: ,

安装iftop流量监控工具

[ 2011/07/14 12:21 | by Sonic ]

yum install libpcap-devel ncurses-devel
yum install gcc
wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz
tar xvzf iftop-0.17.tar.gz
cd iftop-0.17
./configure -prefix=/usr/local
make ; make install


iftop -n -i eth0
Tags: ,

安装cband控制apache流量

[ 2011/05/17 14:01 | by Sonic ]
wget http://cband.linux.pl/download/mod-cband-0.9.7.4.tgz
tar xzvf mod-cband-0.9.7.4.tgz
cd mod-cband-0.9.7.4
./configure
make
make install


configure之前,可能提示没有apx2。需要先yum install httpd-devel。此时确保Testing.repo关闭。


The make install command should have added the mod_cband module to /etc/apache2/httpd.conf. Run

vi /etc/apache2/httpd.conf


and check if you find a line like this:

LoadModule cband_module       /usr/lib/apache2/modules/mod_cband.so

(If you don't find this line, add it yourself.)
Tags: , , ,

Mysql优化

[ 2011/04/28 17:03 | by Sonic ]
贴一份优化配置,备查
Tags: , ,

清除Linux缓存

[ 2011/04/21 12:59 | by Sonic ]
Writing to this will cause the kernel to drop clean caches, dentries and
inodes from memory, causing that memory to become free.

To free pagecache:
echo 1 > /proc/sys/vm/drop_caches
To free dentries and inodes:
echo 2 > /proc/sys/vm/drop_caches
To free pagecache, dentries and inodes:
echo 3 > /proc/sys/vm/drop_caches

As this is a non-destructive operation and dirty objects are not freeable, the
user should run `sync' first.

[root@server test]# cat /proc/sys/vm/drop_caches
0

/proc/sys/vm/drop_caches的值,默认为0
简单说,清除系统对内存的cache,使用root做下面几步:
sync; echo 3 > /proc/sys/vm/drop_caches
sync; echo 0 > /proc/sys/vm/drop_caches



Tags: ,

CentOS Squid Server 安装配置

[ 2011/04/14 16:38 | by Sonic ]
Squid是一个缓存internet数据的一个软件,它接收用户的下载申请,并自动处理所下载的数据。也就是说,当一个用户象要下载一个主页时,它向 Squid发出一个申请,要Squid替它下载,然后Squid 连接所申请网站并请求该主页,接着把该主页传给用户同时保留一个备份,当别的用户申请同样的页面时,Squid把保存的备份立即传给用户,使用户觉得速度相当快。
Tags: , , ,
分页: 1/2 第一页 1 2 下页 最后页 [ 显示模式: 摘要 | 列表 ]