月度归档:2016年08月

Scripts and templates for nginx

Nginx – http://nginx.net/

Provide graphing nginx clients statistics (active, reading, writing, waiting) and nginx socket statistics (accepts, handled, requests). It’s a formal devision used only for graphs usability.

For use do next steps:

1. Enable nginx http_stub_status_module at configure stage (if requared).

2. Enable stub status. Add to nginx.conf (in any server context):
location /nginx_status {
stub_status on;
# disable access_log if requared
access_log off;
#allow XX.YY.AA.ZZ;
#allow YY.ZZ.JJ.CC;
#deny all;
}

Restart nginx. 继续阅读

Monitor the statistics of Nginx with Cacti

First, add the next lines to configuration file of nginx

 location /server_status {
    stub_status on;
    access_log off;
    # Only me can access this
    #allow 10.0.0.12;
    #deny all;
 }

Run nginx -t to make sure the configuration file is correct. Then run kill -1 nginx_pid, nginx will reload the configuration. After nginx reload it, try to access the url: http://server/server_status/, the browser will display like this:

 Active connections: 303 
 server accepts handled requests
  6314384 6314384 34931986 
 Reading: 3 Writing: 5 Waiting: 295

Next, create the script to get the status data from the nginx server. I wrote a python tool to get these data. 继续阅读

invcol: /lib/ld-linux.so.2: bad ELF interpreter

If you get this while starting srvadmin-services.sh:
/opt/dell/srvadmin/sbin/invcol: ./invcol: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

Try this:

yum install compat-libstdc++-33-3.2.3-69.el6.i686 zlib.i686

[root@tgt1 ~]# ./invcol: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory

[root@tgt1 ~]# find / -name “libstdc++*”
/usr/lib64/libstdc++.so.6.0.13
/usr/lib64/libstdc++.so.6
/usr/lib/libstdc++.so.5
/usr/lib/libstdc++.so.5.0.7
[root@tgt1 ~]# invcol: error while loading shared libraries: libstdc++.so.6: cannot open shared object file^C
[root@tgt1 ~]# yum whatprovides libstdc++.so.6
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: mirrors.yun-idc.com
* updates: centos.ustc.edu.cn
libstdc++-4.4.7-17.el6.i686 : GNU Standard C++ Library
Repo        : base
Matched from:
Other       : libstdc++.so.6

[root@tgt1 ~]# yum install libstdc++-4.4.7-17.el6.i686

戴尔OpenManage Essentials – 详介、安装、部署与配置

简介

OpenManage Essentials (OME)是一款系统管理控制台,可提供简便、基本的戴尔硬件管理,而且可以免费下载。

Dell OpenManage Essentials的最新版本为OME 2.0,已于2014年9月8日发布。此版本为这款产品引入了诸多出色的新功能。OpenManage Essentials 2.0是一款易于安装、直观易用的系统管理控制台解决方案,为监控和管理戴尔企业级以及远程办公室/商务办公室级硬件进行了优化。

OpenManage Essentials 2.0版新增的功能包括:支持第13代服务器、改进了针对旧式PowerEdge服务器以及第12代/第13代服务器的服务器发现和免代理更新操作、引入一些流程来自动完成裸机服务器和操作系统部署以及可快速检测生产环境中的服务器配置偏离情况。      继续阅读

CentOS 6.x下配置iSCSI网络存储

一、简介

iSCSI(internet SCSI)技术由IBM公司研究开发,是一个供硬件设备使用的、可以在IP协议的上层运行的SCSI指令集,这种指令集合可以实现在IP网络上运行SCSI协议,使其能够在诸如高速千兆以太网上进行路由选择。iSCSI技术是一种新储存技术,该技术是将现有SCSI接口与以太网络(Ethernet)技术结合,使服务器可与使用IP网络的储存装置互相交换资料。

iSCSI是一种基于TCP/IP 的协议,用来建立和管理IP存储设备、主机和客户机等之间的相互连接,并创建存储区域网络(SAN)。SAN 使得SCSI 协议应用于高速数据传输网络成为可能,这种传输以数据块级别(block-level)在多个数据存储网络间进行。SCSI 结构基于C/S模式,其通常应用环境是:设备互相靠近,并且这些设备由SCSI 总线连接。

iSCSI 的主要功能是在TCP/IP 网络上的主机系统(启动器 initiator)和存储设备(目标器 target)之间进行大量数据的封装和可靠传输过程。 继续阅读

How to configure fail2ban to protect Apache HTTP server

An Apache HTTP server in production environments can be under attack in various different ways. Attackers may attempt to gain access to unauthorized or forbidden directories by using brute-force attacks or executing evil scripts. Some malicious bots may scan your websites for any security vulnerability, or collect email addresses or web forms to send spams to.

Apache HTTP server comes with comprehensive logging capabilities capturing various abnormal events indicative of such attacks. However, it is still non-trivial to systematically parse detailed Apache logs and react to potential attacks quickly (e.g., ban/unban offending IP addresses) as they are perpetrated in the wild. That is when fail2ban comes to the rescue, making a sysadmin‘s life easier.

fail2ban is an open-source intrusion prevention tool which detects various attacks based on system logs and automatically initiates prevention actions e.g., banning IP addresses with iptables, blocking connections via /etc/hosts.deny, or notifying the events via emails. fail2ban comes with a set of predefined “jails” which use application-specific log filters to detect common attacks. You can also write custom jails to deter any specific attack on an arbitrary application.

In this tutorial, I am going to demonstrate how you can configure fail2ban to protect your Apache HTTP server. I assume that you have Apache HTTP server and fail2ban already installed. Refer to another tutorial for fail2ban installation. 继续阅读

Linux Shell参数替换

Bash中的$符号的作用是参数替换,将参数名替换为参数所代表的值。对于$来说,大括号是可选的,即$A和${A}代表同一个参数。

${}带冒号的有下面几种表达式:

${parameter:-word}

如果parameter为null或者未设置,整个参数替换表达式值为word

${parameter:=word}

如果parameter为null或者未设置,整个参数替换表达式值为word,并且parameter参数值设置为word

${parameter:?word}

如果parameter为null或者未设置,则打印出错误信息。否则,整个参数替换表达式值为$parameter

${parameter:+word}

如果parameter不为null或者未设置,则整个参数替换表达式值为word

${parameter:offset}

${parameter:offset:length}

继续阅读