真实的工作中:员工生成好私钥和公钥(千万要记得设置私钥密码),然后把公钥发给运维人员,运维人员会登记你的公钥,为你开通一台或者多台服务器的权限,然后员工就可以通过一个私钥,登录他有权限的服务器做系统维护等工作,所以,员工是有责任保护他的私钥的,如果被别人恶意拷贝,你又没有设置私钥密码,那么,服务器就全完了,员工也可以放长假了。 继续阅读

Enabling Perfect Forward Secrecy

To encrypt communications between you and your end users, you purchase a SSL Certificate, install it on your server, and then configure your website to use the certificate to protect these communications. The SSL connection begins when the end user’s browser reaches out to shake hands with your website.

During this handshake, information regarding the ability of the browser and server are exchanged, validation occurs, and a session key that meets both the browser’s and server’s criteria is created. Once the session key is created, the rest of the conversation between the end user and your site is encrypted and thus secured. Historically, the most common method for negotiating the session key involved the RSA public-key cryptosystem. The RSA approach uses the server’s public key to protect the session key parameters created by the browser once they are sent the server. The server is able to decrypt this handshake with its corresponding private key. 继续阅读

How to assign multiple IP addresses to one network interface on CentOS

The practice of configuring multiple IP addresses on a particular network interface is called IP aliasing. IP aliasing is useful when you set up multiple sites on virtual web hosting on a single interface, or maintain multiple connections to a network each of which serves a different purpose. You can assign multiple IP addresses to one network interface from a single subnet or completely different ones.

All existing Linux distributions including CentOS supports IP aliasing. Here is how to bind multiple IP addresses to a single network interface on CentOS.

If you would like to set up IP aliasing on the fly, there are two ways to do it. One way is to use ifconfig, and the other method is to use ip command. Using these two methods, let me show you how to add two extra IP addresses to eth0. 继续阅读

How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are widely open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection.

1. Preliminary Note

For this tutorial, I am using CentOS 6.4 in the 32bit version. The same steps will work on CentOS 7 as well. The tutorial result will show how a client can be provided with access to the SFTP server but unable to login to the server itself by SSH.





1 Introduction



Understanding ModSecurity


1、  加密解密

2、  破坏HTTP请求的入站连接流

3、  部分性解析HTTP请求

4、  引导modsecurity,选择正确的配置文本(<VirtualHost>,<Location>等)

5、  De-chunks必需的请求体


1、  请求转发到后端服务器(SSL或者非SSL)

2、  部分性解析HTTP响应

3、  De-chunks必需的响应体


Install package network:ha-clustering:Stable / crmsh

For RedHat RHEL-6 run the following as root:

cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/network:ha-clustering:Stable/RedHat_RHEL-6/network:ha-clustering:Stable.repo
yum install crmsh

For Fedora 25 run the following as root:

dnf config-manager --add-repo http://download.opensuse.org/repositories/network:ha-clustering:Stable/Fedora_25/network:ha-clustering:Stable.repo
dnf install crmsh

For CentOS CentOS-7 run the following as root:

cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/network:ha-clustering:Stable/CentOS_CentOS-7/network:ha-clustering:Stable.repo
yum install crmsh

For CentOS CentOS-6 run the following as root:

cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/network:ha-clustering:Stable/CentOS_CentOS-6/network:ha-clustering:Stable.repo
yum install crmsh


1. Installing Informix Client SDK for Linux x86_64

1.1 Download Informix Client SDK 3.70 for Linux x86_64 from IBM website, https://www-01.ibm.com/marketing/iwm/tnd/search.jsp?rs=ifxdl

1.2 Extract the file, `cd /opt/informix; tar -xvf clientsdk.3.70.FC8DE.LINUX.tar`

1.3 Start installation, `./installclientsdk`, install all

2. Installing PDO Informix

2.1 Download PDO Informix 1.3.1, `wget https://pecl.php.net/get/PDO_INFORMIX-1.3.1.tgz`

2.2 Extract the file, `tar -xvf PDO_INFORMIX-1.3.1.tgz`

2.3 `cd PDO_INFORMIX-1.3.1` and compiling

2.3.1 `phpize`

2.3.2 `./configure –with-pdo-informix=/opt/informix`, if getting error `configure: error: Cannot find php_pdo_driver.h`, do `ln -s /usr/include/php5 /usr/include/php` and try again.

2.3.3 `make`

2.3.4 `make install`

3. Include pdo_informix.so in php.ini

Other reference: http://stackoverflow.com/questions/19909075/php-and-informix-on-debian-how-to-install-configure-the-pdo

Sample Code:


$db = new PDO("informix:host=hostname_or_ipaddr; service=port;database=dbname; server=instancename; protocol=onsoctcp;EnableScrollableCursors=1;", "username", "password");

print "Connection Established!\n\n";

$stmt = $db->query("select * from tablename");
$res = $stmt->fetch( PDO::FETCH_BOTH );
$rows = $res[0];
echo "Table contents: $rows.\n";




ModSecurity是一款免费的开源主机waf软件(@http://www.modsecurity.org/),目前官网最新版本为2.9.1,支持nginx/apache/iis(32、64位)。它主要是作为上述web应用的扩展模块形式存在,通过相关的规则文件,对外部恶意的web攻击进行识别,并作出进一步的丢弃操作。  继续阅读



# vi /etc/profile    //在文件末尾添加以下内容,然后保存退出重新登陆即可
HISTTIMEFORMAT='%F %T '     //注意有个空格,为了显示时日期与命令之间有空格分割。
HISTSIZE="3000"    //默认保留1000条。


2015-07-27 10:33:58 echo from1
export HISTTIMEFORMAT='%F %T'   //%T少了个空格,日期与命令就连在一起了
2015-07-27 10:33:58echo from1