分类目录归档:Linux

Linux

Segfault in libnss when using libcurl from php

$ tools/php-5.2.17/bin/php test1.php
* About to connect() to www.google.com port 443 (#0)
* Trying 74.125.192.103… * connected
* Connected to www.google.com (74.125.192.103) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
Segmentation fault (core dumped)When the url in the script is changed to use HTTP instead of HTTPS, there is no segfault.
Steps To Reproduce Run the script:
$ cat test1.php
< ?php
$urlEndPoint = “https://www.google.com/search”;
$headerArray = array();
$ch = curl_init();
curl_setopt($ch,CURLOPT_POST,true);curl_setopt($ch,CURLOPT_URL, $urlEndPoint);
/*curl_setopt($ch,CURLOPT_HTTPHEADER, $headerArray);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postArray); */

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_HEADER, true);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, ‘Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0’);
curl_setopt($ch, CURLOPT_VERBOSE, true);

if (!$result = curl_exec($ch)) {
print (curl_error($ch));
}

curl_close ($ch);

echo print_r($result,true);
?>

内核日志:
tail -f /var/log/messages
kernel: php[26564]: segfault at 8048 ip 00007f7a72fede9c sp 00007fffec90edf0 error 4 in libsqlite3.so.0.8.6[7f7a72fd1000+8c000]
gdb记录:
Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9651e9c in sqlite3_file_control () from /usr/lib64/libsqlite3.so.0

 

在Centos的bug列表中,能够找到关于这个bug的说明:

https://bugs.centos.org/view.php?id=7399

https://www.mankier.com/5/cert9.db

Quick fix:

mv /etc/pki/nssdb /etc/pki/nssdb.bak
yum -y reinstall nss

Shell批量登陆和执行安全基线检查脚本

脚本说明

1.将本目录所有文件都放入到一台自己的本地linux主机同一目录下

2.将服务器IP、普通账号、普通账号密码、root密码依次按以下格式写入到hosts.txt中(注意“~”作为hosts.txt的分隔符):

192.168.1.81~user~123456~nothing

192.168.1.10~user~123456~nothing

192.168.1.11~user~123456~nothing

3.执行sh login.sh,脚本将自动批量上传checklinux.sh到服务器/tmp目录下,并且自动执行和自动上传结果到本地linux主机上

4.最后将服务器上传的脚本和结果自动删除 继续阅读

RHEL / Centos Linux 7: Change and Set Hostname Command

On a CentOS Linux 7 server you can use any one of the following tool to manage hostnames:

 

  1. hostnamectl command : Control the system hostname. This is recommended method.
  2. nmtui command : Control the system hostname using text user interface (TUI).
  3. nmcli command : Control the system hostname using CLI part of NetworkManager.

Types of hostnames

The hostname can be configured as follows

  1. Static host name assigned by sysadmin. For example, “server1”, “wwwbox2”, or “server42.cyberciti.biz”.
  2. Transient/dynamic host name assigned by DHCP or mDNS server at run time.
  3. Pretty host name assigned by sysadmin/end-users and it is a free-form UTF8 host name for presentation to the user. For example, “Vivek’s netbook”.

Static – The static host name is traditional host which can be chosen by the user and is stored in /etc/hostname file.

Transient – The transient host name is maintained by kernel and can be changed by DHCP and mDNS.

Pretty – It is a free form UTF -8 host name for the presentation to the user.

继续阅读

ext4 file systems and the 16 TB limit – how to *solve* it

File systems do have limits. Thats no surprise. ext3 had a limit at 16 TB file system size. If you needed more space you´d have to use another file system for instance XFS or JFS or spilt the capacity into multiple mount points.

ext4 was designed to allow far more larger file systems than ext3. According to wikipedia ext4 has a maximum file system size of 1 EiB (approx. one exabyte or 1024 PB or 1024*1024 TB).

Now if you´d try to create one single large file system with ext4 on every linux distribution out there (including OEL 6.1; as of 18th August 2011) you will end up with:

[root@localhost ~]# mkfs.ext4 /dev/iscsi/test mke4fs 1.41.9 (22-Aug-2009)
mkfs.ext4: Size of device /dev/iscsi/test too big to be expressed in 32 bit susing a blocksize of 4096.

This post is about how to solve the issue. 继续阅读

PHP编译安装时常见错误解决办法

PHP编译安装时常见错误解决办法

configure: error: xslt-config not found. Please reinstall the libxslt >= 1.1.0 distribution

yum -y install libxslt-devel

configure: error: Could not find net-snmp-config binary. Please check your net-snmp installation.

yum -y install net-snmp-devel

configure: error: Please reinstall readline – I cannot find readline.h

yum -y install readline-devel

configure: error: Cannot find pspell

yum -y install aspell-devel

checking for unixODBC support… configure: error: ODBC header file ‘/usr/include/sqlext.h’ not found!

yum -y install unixODBC-devel

configure: error: Unable to detect ICU prefix or /usr/bin/icu-config failed. Please verify ICU install prefix and make sure icu-config works.

yum -y install libicu-devel

configure: error: utf8mime2text() has new signature, but U8TCANONICAL is missing. This should not happen. Check config.log for additional information.

yum -y install libc-client-devel 继续阅读

HOWTO: SS5 SOCKS5 Proxy server on CentOS 6 x64

SS5 is a high performance SOCKS proxy server implementing SOCK4 and SOCKS5 protocols. This step-by-step guide describes installation and configuration of SS5 with user/password authentication on a CentOS 5.x/6.x server.
1. Download the latest source rpm from sourceforge.net
wget http://pilotfiber.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.src.rpm
2. Build the source rpm
This requires the rpmbuild tool provided by rpm-build package. Also, ss5 requires openldap-devel, pam-devel and openssl-devel development packages. Install these packages using YUM package manager:

For 32 bit Linux:
yum install gcc rpm-build openldap-devel pam-devel openssl-devel -y
For 64 bit Linux:
yum install yum install gcc.x86_64 rpm-build.x86_64 openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 libgssapi-devel -y

Now build ss5 source rpm to create the binary rpm package:

rpmbuild –rebuild ss5-3.8.9-8.src.rpm

3. Install SS5 rpm package
On CentOS 5.x, the RPM package will be created in /usr/src/redhat/RPMS/. On CentOS 6.x, RPM package will we created in the subdirectory rpmbuild/RPMS/ of build directory. You can install the RPM package using following command:

On CentOS 5,
rpm -ivh /usr/src/redhat/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 64 bit Linux)
rpm -ivh /usr/src/redhat/RPMS/i386/ss5-3.8.9-8.x86_64.rpm (for 32 bit Linux)

On CentOS 6,
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 64 bit Linux)
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-8.x86_64.rpm (for 32 bit Linux)

4. Run SS5 as root and change the port to 8899 (default port is 1080)
Edit /etc/init.d/ss5 and put following lines at the top after shabang(#!/bin/sh):
export SS5_SOCKS_PORT=8899
export SS5_SOCKS_USER=root

You can use any available port you want. Make sure that the port is opened in the server firewall, if any.
5. User/password authentication
SS5 configuration file is /etc/opt/ss5/ss5.conf. The ‘auth’ directive sets the authentication policy.

For no authentication,
auth 0.0.0.0/0 – –
For user/pass authentication,
auth 0.0.0.0/0 – u

The user/password pairs are stored in /etc/opt/ss5/ss5.passwd. Make sure that this file is readable only by root:

chown root.root /etc/opt/ss5/ss5.passwd
chmod 750 /etc/opt/ss5/ss5.passwd

In /etc/opt/ss5/ss5.passwd, put user and password separated by a space and one user/password per line.
E.g.
user1 pass1
user2 pass2

6. Set permission
Allow all hosts to connect:

permit – 0.0.0.0/0 – 0.0.0.0/0 – – – – –

7. Start ss5

service ss5 start

If you see an error message like the following,
Can’t create pid file /var/run/ss5/ss5.pid
Can’t unlink pid file /var/run/ss5/ss5.pid
create the directory /var/run/ss5 and start ss5 again.
That’s all.

The OCF Resource Agent Developer’s Guide

The OCF Resource Agent Developer’s Guide

Florian Haas

hastexo

License information

The text of and illustrations in this document are licensed under a Creative Commons Attribution–Share Alike 3.0 Unported license (“CC-BY-SA”).

Revision History
Revision 1.0.3 July 26, 2012 FGH
Revision 1.0.2 November 18, 2011 FGH
Revision 1.0.1 January 3, 2011 FGH
Revision 1.0.0 December 13, 2010 FGH

继续阅读

Testing resource agents

10.1. Testing with ocf-tester

The resource agents repository (and hence, any installed resource agents package) contains a utility named ocf-tester. This shell script allows you to conveniently and easily test the functionality of your resource agent.

ocf-tester is commonly invoked, as root, like this:

ocf-tester -n <name> [-o <param>=<value> ... ] <resource agent>
  • <name> is an arbitrary resource name.
  • You may set any number of <param>=<value> with the -o option, corresponding to any resource parameters you wish to set for testing.
  • <resource agent> is the full path to your resource agent.

When invoked, ocf-tester executes all mandatory actions and enforces action behavior as explained in Section 5, “Resource agent actions”. 继续阅读

CentOS 6.x下配置iSCSI网络存储

一、简介

iSCSI(internet SCSI)技术由IBM公司研究开发,是一个供硬件设备使用的、可以在IP协议的上层运行的SCSI指令集,这种指令集合可以实现在IP网络上运行SCSI协议,使其能够在诸如高速千兆以太网上进行路由选择。iSCSI技术是一种新储存技术,该技术是将现有SCSI接口与以太网络(Ethernet)技术结合,使服务器可与使用IP网络的储存装置互相交换资料。

iSCSI是一种基于TCP/IP 的协议,用来建立和管理IP存储设备、主机和客户机等之间的相互连接,并创建存储区域网络(SAN)。SAN 使得SCSI 协议应用于高速数据传输网络成为可能,这种传输以数据块级别(block-level)在多个数据存储网络间进行。SCSI 结构基于C/S模式,其通常应用环境是:设备互相靠近,并且这些设备由SCSI 总线连接。

iSCSI 的主要功能是在TCP/IP 网络上的主机系统(启动器 initiator)和存储设备(目标器 target)之间进行大量数据的封装和可靠传输过程。 继续阅读

Linux Shell参数替换

Bash中的$符号的作用是参数替换,将参数名替换为参数所代表的值。对于$来说,大括号是可选的,即$A和${A}代表同一个参数。

${}带冒号的有下面几种表达式:

${parameter:-word}

如果parameter为null或者未设置,整个参数替换表达式值为word

${parameter:=word}

如果parameter为null或者未设置,整个参数替换表达式值为word,并且parameter参数值设置为word

${parameter:?word}

如果parameter为null或者未设置,则打印出错误信息。否则,整个参数替换表达式值为$parameter

${parameter:+word}

如果parameter不为null或者未设置,则整个参数替换表达式值为word

${parameter:offset}

${parameter:offset:length}

继续阅读