CentOS6 에서 방화벽(FIrewall Configuration) 이 작동하지 않을때

Posted by 주원이^^
2019.03.08 14:11 리눅스/trouble shooting

CentOS6 에서 방화벽(FIrewall Configuration) 이 작동하지 않을때



1. system-config-firewall-tui 을 install/update 하는 방법

    프로그램 이름은 system-config-firewall-tui로, GUI를 설치하지 않고도 사용할 수 있습니다. 

    설치(업데이트) 하려면 다음과 같이 명령합니다.


yum install setuptool system-config-firewall-tui

  
    setuptool이 꼭 필요한 것은 아니나 긴 명령어를 사용할 필요가 없어서 설치하는 것입니다.

   setuptool을 설치하지 않았다면 'system-config-firewall-tui' 이와같이 긴 명령을 입력해야 합니다.

   (또는 setup은 되나 firewall Configuration 이 작동하지 않을때 setuptool을 update 합니다.)



2. setup은 동작 하지만 FIrewall Configuration 이 작동하지 않을때 'fw_tui.py' 을 수정하는 방법 

    fw_tui.py 파일을 수정합니다.

         ( /usr/share/system-config-firewall/fw_tui.py)


    vim +34 /usr/share/system-config-firewall/fw_tui.py

    명령줄(34번)을 '#' 주석 처리 합니다 ( import fw_nw  라인)


CentOS-6.6-firewall-set_065139.jpg


    저장 하고 . 

    ‘system-config-firewall-tui’ 명령으로 작동한다. (CentOS6.6에서)  --- Good luck.






참고 (검색 자료에서):

Run these to turn off the firewall in CentOS:

  service iptables save
  service iptables stop
  chkconfig iptables off

프로토콜 기본정보

Posted by 주원이^^
2017.07.31 15:55 리눅스/기본정보(OS)

Common/Popular IANA-Registered Ports

PORTLAYERNAMEDESCRIPTION
1TCPtcpmuxTCP port service multiplexer
5TCPrjeRemote Job Entry
7TCPechoEcho service
9TCPdiscardNull service for connection testing
11TCPsystatSystem Status service for listing connected ports
13TCPdaytimeSends date and time to requesting host
17TCPqotdSends quote of the day to connected host
18TCPmspMessage Send Protocol
19TCPchargenCharacter Generation service; sends endless stream of characters
20TCPftp-dataFTP data port
21TCPftpFile Transfer Protocol (FTP) port; sometimes used by File Service Protocol (FSP)
22TCPsshSecure Shell (SSH) service
23TCPtelnetThe Telnet service
25TCPsmtpSimple Mail Transfer Protocol (SMTP)
37TCPtimeTime Protocol
39TCPrlpResource Location Protocol
42TCPnameserverInternet Name Service
43TCPnicnameWHOIS directory service
49TCPtacacsTerminal Access Controller Access Control System for TCP/IP based authentication and access
50TCPre-mail-ckRemote Mail Checking Protocol
53TCPdomaindomain name services (such as BIND)
63TCPwhois++WHOIS++, extended WHOIS services
67TCPbootpsBootstrap Protocol (BOOTP) services; also used by Dynamic Host Configuration Protocol (DHCP) services
68TCPbootpcBootstrap (BOOTP) client; also used by Dynamic Host Control Protocol (DHCP) clients
69TCPtftpTrivial File Transfer Protocol (TFTP)
70TCPgopherGopher Internet document search and retrieval
71TCPnetrjs-1Remote Job Service
72TCPnetrjs-2Remote Job Service
73TCPnetrjs-3Remote Job Service
73TCPnetrjs-4Remote Job Service
79TCPfingerFinger service for user contact information
80TCPhttpHyperText Transfer Protocol (HTTP) for World Wide Web (WWW) services
88TCPkerberosKerberos network authentication system
95TCPsupdupTelnet protocol extension
101TCPhostnameHostname services on SRI-NIC machines
102TCPiso-tsapISO Development Environment (ISODE) network applications
105TCPcsnet-nsMailbox nameserver; also used by CSO nameserver
107TCPrtelnetRemote Telnet
109TCPpop2Post Office Protocol version 2
110TCPPOP3Post Office Protocol version 3
111TCPsunrpcRemote Procedure Call (RPC) Protocol for remote command execution, used by Network Filesystem (NFS)
113TCPauthAuthentication and Ident protocols
115TCPsftpSecure File Transfer Protocol (SFTP) services
117TCPuucp-pathUnix-to-Unix Copy Protocol (UUCP) Path services
119TCPnntpNetwork News Transfer Protocol (NNTP) for the USENET discussion system
123TCPntpNetwork Time Protocol (NTP)
137TCPnetbios-nsNETBIOS Name Service used in Red Hat Enterprise Linux by Samba
138TCPnetbios-dgmNETBIOS Datagram Service used in Red Hat Enterprise Linux by Samba
139TCPnetbios-ssnNETBIOS Session Service used in Red Hat Enterprise Linux by Samba
143TCPIMAPInternet Message Access Protocol (IMAP)
161TCPsnmpSimple Network Management Protocol (SNMP)
162TCPsnmptrapTraps for SNMP
163TCPcmip-manCommon Management Information Protocol (CMIP)
164TCPcmip-agentCommon Management Information Protocol (CMIP)
174TCPmailqMAILQ email transport queue
177TCPxdmcpX Display Manager Control Protocol (XDMCP)
178TCPnextstepNeXTStep window server
179TCPbgpBorder Gateway Protocol
191TCPprosperoProspero distributed filesystem services
194TCPircInternet Relay Chat (IRC)
199TCPsmuxSNMP UNIX Multiplexer
201TCPat-rtmpAppleTalk routing
202TCPat-nbpAppleTalk name binding
204TCPat-echoAppleTalk echo
206TCPat-zisAppleTalk zone information
209TCPqmtpQuick Mail Transfer Protocol (QMTP)
210TCPz39.50NISO Z39.50 database
213TCPipxInternetwork Packet Exchange (IPX), a datagram protocol commonly used in Novell Netware environments
220TCPIMAP3Internet Message Access Protocol version 3
245TCPlinkLINK / 3-DNS iQuery service
347TCPfatservFATMEN file and tape management server
363TCPrsvp_tunnelRSVP Tunnel
369TCPrpc2portmapCoda file system portmapper
370TCPcodaauth2Coda file system authentication services
372TCPulistprocUNIX LISTSERV
389TCPldapLightweight Directory Access Protocol (LDAP)
427TCPsvrlocService Location Protocol (SLP)
434TCPmobileip-agentMobile Internet Protocol (IP) agent
435TCPmobilip-mnMobile Internet Protocol (IP) manager
443TCPhttpsSecure Hypertext Transfer Protocol (HTTP)
444TCPsnppSimple Network Paging Protocol
445TCPmicrosoft-dsServer Message Block (SMB) over TCP/IP
464TCPkpasswdKerberos password and key changing services
468TCPphoturisPhoturis session key management protocol
487TCPsaftSimple Asynchronous File Transfer (SAFT) protocol
488TCPgss-httpGeneric Security Services (GSS) for HTTP
496TCPpim-rp-discRendezvous Point Discovery (RP-DISC) for Protocol Independent Multicast (PIM) services
500TCPisakmpInternet Security Association and Key Management Protocol (ISAKMP)
535TCPiiopInternet Inter-Orb Protocol (IIOP)
538TCPgdomapGNUstep Distributed Objects Mapper (GDOMAP)
546TCPdhcpv6-clientDynamic Host Configuration Protocol (DHCP) version 6 client
547TCPdhcpv6-serverDynamic Host Configuration Protocol (DHCP) version 6 Service
554TCPrtspReal Time Stream Control Protocol (RTSP)
563TCPnntpsNetwork News Transport Protocol over Secure Sockets Layer (NNTPS)
565TCPwhoamiwhoami user ID listing
587TCPsubmissionMail Message Submission Agent (MSA)
610TCPnpmp-localNetwork Peripheral Management Protocol (NPMP) local / Distributed Queueing System (DQS)
611TCPnpmp-guiNetwork Peripheral Management Protocol (NPMP) GUI / Distributed Queueing System (DQS)
612TCPhmmp-indHyperMedia Management Protocol (HMMP) Indication / DQS
631TCPippInternet Printing Protocol (IPP)
636TCPldapsLightweight Directory Access Protocol over Secure Sockets Layer (LDAPS)
674TCPacapApplication Configuration Access Protocol (ACAP)
694TCPha-clusterHeartbeat services for High-Availability Clusters
749TCPkerberos-admKerberos version 5 (v5) ‘kadmin’ database administration
750TCPkerberos-ivKerberos version 4 (v4) services
765TCPwebsterNetwork Dictionary
767TCPphonebookNetwork Phonebook
873TCPrsyncrsync file transfer services
992TCPtelnetsTelnet over Secure Sockets Layer (TelnetS)
993TCPIMAPSInternet Message Access Protocol over Secure Sockets Layer (IMAPS)
994TCPircsInternet Relay Chat over Secure Sockets Layer (IRCS)
995TCPPOP3sPost Office Protocol version 3 over Secure Sockets Layer (POP3S)

 

UNIX-Specific Ports

PORTLAYERNAMEDESCRIPTION
512TCPexecAuthentication for remote process execution
512UDPbiff [comsat]Asynchrous mail client (biff) and service (comsat)
513TCPloginRemote Login (rlogin)
513UDPwho [whod]whod user logging daemon
514TCPshell [cmd]Remote shell (rshell) and remote copy (rcp) with no logging
514UDPsyslogUNIX system logging service
515printer [spooler]Line printer (lpr) spooler
517UDPtalkTalk remote calling service and client
518UDPntalkNetwork talk (ntalk) remote calling service and client
519utime [unixtime]UNIX time (utime) protocol
520TCPefsExtended Filename Server (EFS)
520UDProuter [route, routed]Routing Information Protocol (RIP)
521ripngRouting Information Protocol for Internet Protocol version 6 (IPv6)
525timed [timeserver]Time daemon (timed)
526/TCPtempo [newdate]Tempo
530TCPcourier [rpc]Courier Remote Procedure Call (RPC) protocol
531TCPconference [chat]Internet Relay Chat
532netnewsNetnews newsgroup service
533UDPnetwallNetwall for emergency broadcasts
540TCPuucp [uucpd]UNIX-to-UNIX copy services
543TCPkloginKerberos version 5 (v5) remote login
544TCPkshellKerberos version 5 (v5) remote shell
548afpovertcpAppletalk Filing Protocol (AFP) over Transmission Control Protocol (TCP)
556remotefs [rfs_server, rfs]Brunhoff’s Remote Filesystem (RFS)

 

Ports Submitted To IANA By Network Community

PORTLAYERNAMECOMMENT
1080socksSOCKS network application proxy services
1236bvcontrol [rmtcfg]Remote configuration server for Gracilis Packeten network switches[a]
1300h323hostcallscH.323 telecommunication Host Call Secure
1433ms-sql-sMicrosoft SQL Server
1434ms-sql-mMicrosoft SQL Monitor
1494icaCitrix ICA Client
1512winsMicrosoft Windows Internet Name Server
1524ingreslockIngres Database Management System (DBMS) lock services
1525prospero-npProspero non-privileged
1645datametrics [old-radius]Datametrics / old radius entry
1646sa-msg-port [oldradacct]sa-msg-port / old radacct entry
1649kermitKermit file transfer and management service
1701l2tp [l2f]Layer 2 Tunneling Protocol (LT2P) / Layer 2 Forwarding (L2F)
1718h323gatediscH.323 telecommunication Gatekeeper Discovery
1719h323gatestatH.323 telecommunication Gatekeeper Status
1720h323hostcallH.323 telecommunication Host Call setup
1758tftp-mcastTrivial FTP Multicast
1759UDPmtftpMulticast Trivial FTP (MTFTP)
1789helloHello router communication protocol
1812radiusRadius dial-up authentication and accounting services
1813radius-acctRadius Accounting
1911mtpStarlight Networks Multimedia Transport Protocol (MTP)
1985hsrpCisco Hot Standby Router Protocol
1986licensedaemonCisco License Management Daemon
1997gdp-portCisco Gateway Discovery Protocol (GDP)
2049nfs [nfsd]Network File System (NFS)
2102zephyr-srvZephyr distributed messaging Server
2103zephyr-cltZephyr client
2104zephyr-hmZephyr host manager
2401cvspserverConcurrent Versions System (CVS) client/server operations
2430TCPvenusVenus cache manager for Coda file system (codacon port)
2430UDPvenusVenus cache manager for Coda file system (callback/wbc interface)
2431TCPvenus-seVenus Transmission Control Protocol (TCP) side effects
2431UDPvenus-seVenus User Datagram Protocol (UDP) side effects
2432UDPcodasrvCoda file system server port
2433TCPcodasrv-seCoda file system TCP side effects
2433UDPcodasrv-seCoda file system UDP SFTP side effect
2600hpstgmgr [zebrasrv]Zebra routing[b]
2601discp-client [zebra]discp client; Zebra integrated shell
2602discp-server [ripd]discp server; Routing Information Protocol daemon (ripd)
2603servicemeter [ripngd]Service Meter; RIP daemon for IPv6
2604nsc-ccs [ospfd]NSC CCS; Open Shortest Path First daemon (ospfd)
2605nsc-posaNSC POSA; Border Gateway Protocol daemon (bgpd)
2606netmon [ospf6d]Dell Netmon; OSPF for IPv6 daemon (ospf6d)
2809corbalocCommon Object Request Broker Architecture (CORBA) naming service locator
3130icpv2Internet Cache Protocol version 2 (v2); used by Squid proxy caching server
3306mysqlMySQL database service
3346trnsprntproxyTransparent proxy
4011pxePre-execution Environment (PXE) service
4321rwhoisRemote Whois (rwhois) service
4444krb524Kerberos version 5 (v5) to version 4 (v4) ticket translator
5002rfeRadio Free Ethernet (RFE) audio broadcasting system
5308cfengineConfiguration engine (Cfengine)
5999cvsup [CVSup]CVSup file transfer and update tool
6000TCPx11 [X]X Window System services
7000afs3-fileserverAndrew File System (AFS) file server
7001afs3-callbackAFS port for callbacks to cache manager
7002afs3-prserverAFS user and group database
7003afs3-vlserverAFS volume location database
7004afs3-kaserverAFS Kerberos authentication service
7005afs3-volserAFS volume management server
7006afs3-errorsAFS error interpretation service
7007afs3-bosAFS basic overseer process
7008afs3-updateAFS server-to-server updater
7009afs3-rmtsysAFS remote cache manager service
9876sdSession Director for IP multicast conferencing
10080amandaAdvanced Maryland Automatic Network Disk Archiver (Amanda) backup services
11371pgpkeyserverPretty Good Privacy (PGP) / GNU Privacy Guard (GPG) public keyserver
11720h323callsigaltH.323 Call Signal Alternate
13720bprdVeritas NetBackup Request Daemon (bprd)
13721bpdbmVeritas NetBackup Database Manager (bpdbm)
13722bpjava-msvcVeritas NetBackup Java / Microsoft Visual C++ (MSVC) protocol
13724vnetdVeritas network utility
13782bpcdVeritas NetBackup
13783vopiedVeritas VOPIE authentication daemon
22273wnn6 [wnn4]Kana/Kanji conversion system
26000quakeQuake (and related) multi-player game servers
26208wnn6-dsWnn6 Kana/Kanji server
33434tracerouteTraceroute network tracking tool

 

 

Red Hat Enterprise Linux (RHEL) Ports

PORTLAYERNAMECOMMENT
15tcpnetstatNetwork Status (netstat)
98tcplinuxconfLinuxconf Linux administration tool
106poppassdPost Office Protocol password change daemon (POPPASSD)
465tcpsmtpsSimple Mail Transfer Protocol over Secure Sockets Layer (SMTPS)
616tcpgiiGated (routing daemon) Interactive Interface
808omirr [omirrd]Online Mirror (Omirr) file mirroring services
871tcpsupfileservSoftware Upgrade Protocol (SUP) server
901tcpswatSamba Web Administration Tool (SWAT)
953rndcBerkeley Internet Name Domain version 9 (BIND 9) remote configuration tool
1127tcpsupfiledbgSoftware Upgrade Protocol (SUP) debugging
1178tcpskkservSimple Kana to Kanji (SKK) Japanese input server
1313tcpxtelFrench Minitel text information system
1529tcpsupport [prmsd, gnatsd]GNATS bug tracking system
2003tcpcfingerGNU finger
2150ninstallNetwork Installation Service
2988afbackupafbackup client-server backup system
3128tcpsquidSquid Web proxy cache
3455prsvpRSVP port
5432postgresPostgreSQL database
4557tcpfaxFAX transmission service (old service)
4559tcphylafaxHylaFAX client-server protocol (new service)
5232sgi-dglSGI Distributed Graphics Library
5354noclogNOCOL network operation center logging daemon (noclogd)
5355hostmonNOCOL network operation center host monitoring
5680tcpcannaCanna Japanese character input interface
6010tcpx11-ssh-offsetSecure Shell (SSH) X11 forwarding offset
6667ircdInternet Relay Chat daemon (ircd)
7100tcpxfsX Font Server (XFS)
7666tcptircproxyTircproxy IRC proxy service
8008http-altHypertext Tranfer Protocol (HTTP) alternate
8080webcacheWorld Wide Web (WWW) caching service
8081tproxyTransparent Proxy
9100tcpjetdirect [laserjet, hplj]Hewlett-Packard (HP) JetDirect network printing service
9359mandelspawn [mandelbrot]Parallel mandelbrot spawning program for the X Window System
10081kamandaAmanda backup service over Kerberos
10082tcpamandaidxAmanda index server
10083tcpamidxtapeAmanda tape server
20011isdnlogIntegrated Services Digital Network (ISDN) logging system
20012vboxdISDN voice box daemon (vboxd)
22305tcpwnn4_KrkWnn Korean input system
22289tcpwnn4_CncWnn Chinese input system
22321tcpwnn4_TwtWnn Chinese input system (Taiwan)
24554binkpBinkley TCP/IP Fidonet mailer daemon
27374aspAddress Search Protocol
60177tfidoIfmail FidoNet compatible mailer service
60179fidoFidoNet electronic mail and news network


'리눅스 > 기본정보(OS)' 카테고리의 다른 글

프로토콜 기본정보  (0) 2017.07.31
fstab 설정하기  (0) 2015.09.15
GPT 2TB 이상 하드디스크 사용 파티셔닝  (0) 2014.07.30
centos 버전 확인  (1078) 2014.06.19
로그 분석하는방법  (482) 2012.02.02
자신의 하드웨어 정보 보기  (2375) 2011.11.19
이 댓글을 비밀 댓글로

모니터링 툴

Posted by 주원이^^
2017.07.20 14:59 리눅스/모니터링

시스템 관리자나 개발자들은 가끔씩 서버의 프로세스, CPU, 메모리, 네트워크, 디스크 등과 같은 리소스 상태를 모니터링 해야 할 필요가 있습니다. 이번 포스팅은 리눅스 커맨트라인 기반의 cpu, memory, network, disk, process 를 실시간 모니터링 하는 툴들을 알아 봅니다. 소개하는 툴들은 통계 기반의 리소스 사용량 정보를 보여주고 실시간으로 그 내용을 업데이트 합니다. 

1. Top

Top 명령어는 프로세스의 cpu와 메모리 사용량을 확인하는 가장 인기있는 툴입니다. 이 명령어는 가장 리소르를 많이 사용하는 순서대로 프로세스 리스트를 정렬해서 보여줍니다. 프로세스 리스트와 함께 cpu와 메모리 사용량을 확인 할 수 있습니다. "h" 키를 누르면 도움말 화면을 보여줍니다. 




2. Htop


Htop은 여러분이 가장 즐겨쓰는 툴이 될 것입니다. Top과 비슷하지만 더 정제되고 다양한 기능들을 보기좋은 UI를 이용해 보여줍니다. Htop은 리눅스에 기본적으로 설치되어 있지는 않지만 Ubuntu, Fedora, CentOS 등에서 쉽게 설치 가능합니다. 



아래는 유용한 htop 단축키들입니다.

M: 메모리 사용량으로 프로세스를 정렬

P: CPU 사용량으로 프로세스를 정렬 

?: 도움말 

k: 현재 또는 선택된 프로세스를 종료 

F2: 디스플레이 옵션 지정을 위한 셋업 메뉴 

/: 프로세스 찾기


3. Atop


Atop은 시스템 리소스와 프로세스를 모니터링 하는 툴입니다. 이것은 현재 cpu, memory, disk, network 의 사용량을 프로세스 별로 보여줍니다. Top 또는 Htop과 비슷한 기능을 제공합니다. 



4. Nmon


Nmon은 cpu, memory, network disk 사용량을 모니터링 하고 프로세스 리스트를 보여주는 사용하기 쉬운 툴이다. Nmon은 간단해서 모니터링 결과를 보여주는 기능은 제공하지만 프로세스를 관리하거나 모니터링 출력 화면을 수정하는 기능은 제공하지 않는다. 하지만 통계 결과를 스트레드시트 파일로 저장할 수 있다. 



5. Glances

파이썬으로 작성된 Glances 는 Nmon과 비슷하게 cpu, 메모리, 네트웤 디스크와 프로세스 정보들에 대한 통계를 보여준다. Nmon과 마찬가지로 통계 정보 외에 다른 기능들은 제공하지 않는다. "h" 키를 누르면 도움말 기능이 실행된다. 




6. Saidar


Saidar는 소개한 모든 툴들 중에 가장 심플한 툴이다. Saidar의 결과 화면은 cpu, 프로세서, 메모리, 스왑, 네트워크 I/O, 디스크 I/O, 파일 시스템 정보들을 보여준다. 하지만 결과 화면에서 현재 작동중인 프로세스 리스트들을 보여주지는 않는다. 




출처: http://minooz.tistory.com/166 [우주 Blog]

'리눅스 > 모니터링' 카테고리의 다른 글

모니터링 툴  (0) 2017.07.20
cockpit 웹UI 모니터링  (0) 2017.07.20
이 댓글을 비밀 댓글로

cockpit 웹UI 모니터링

Posted by 주원이^^
2017.07.20 14:58 리눅스/모니터링

ubunti , centos 7 버전 에서 설치가능


cockpit project 홈페이지 : http://cockpit-project.org/index.html 
cockpit source : https://github.com/cockpit-project/cockpit
project atomic : http://www.projectatomic.io/blog/

'리눅스 > 모니터링' 카테고리의 다른 글

모니터링 툴  (0) 2017.07.20
cockpit 웹UI 모니터링  (0) 2017.07.20
이 댓글을 비밀 댓글로

mysql binlog -> sql 로 변환하기 스크립트

Posted by 주원이^^
2017.03.24 10:40 리눅스/스크립트

Mysql 복구 방법 중 binlog 파일을 이용한 복구 방법이 있다.

하지만 bin 파일이 작게는 수십개 많게는 몇백개 일 경우 

일일이 하나하나 복구하기에는 시간이 너무 소요 된다.


아래 스크립트는 find 명령어로 "*bin.000*" 파일을 긁어 온 다음에 while 문으로 기억 후

bin.0001 파일이 똑같이 순차적으로 0001.sql 로 변환 되는 스크립트. 

#/bin/sh

sql=.sql

find /usr/local/mysql/data/ -name "*bin.000*" |while read fa ; do


asd=`echo $fa|awk -F "." '{print $2}'`


/usr/local/mysql/bin/mysqlbinlog $fa > /usr/local/src/$asd.sql


done


#cd /usr/local/src 경로에 순차적으로 *.sql 파일이 생성 되어있다.

-rw-r--r--   1 root root    37914 2016-09-09 11:50 000001.sql
-rw-r--r--   1 root root  1526478 2016-09-09 11:49 000002.sql
-rw-r--r--   1 root root     1331 2016-09-09 11:49 000003.sql
-rw-r--r--   1 root root      635 2016-09-09 11:49 000004.sql


그럼 이제 

#cat *.sql > test2.sql 

명령어를 통해서 하나의 sql 파일로 만들어 주면 한번에 복구를 해버리면 된다.


그런데 사실 더 어이 없는건 위에 스크립트 상관없이 명령어 1줄로 bin파일을 하나의 sql파일 안에다가 순차적으로 담아낼 수 있으니


/usr/local/mysql/bin/mysqlbinlog mysql-bin.0* > /usr/local/src/test/test.sql


이 명령어 한번이면 끝난다. 그럼 1번부터 마지막 순번까지 순차적으로 내용이 들어가 있을 것이다.

그럼 그대로 복구 명령어 1줄

이렇게 2줄이면 끝난다. 

세상은 넓고 삽질은 끝도 없고 천재는 많으며 나는 오늘도 병신이였다.



출처: http://heartbleed.tistory.com/entry/MySql-binlog-파일-sql-파일로-변환-쉘스크립트 [HeartBleed]

'리눅스 > 스크립트' 카테고리의 다른 글

mysql binlog -> sql 로 변환하기 스크립트  (0) 2017.03.24
실시간 트래픽 체크  (0) 2017.02.02
system 정보보기 스크립트  (0) 2017.01.31
ssh_bruteforce 자동차단  (0) 2016.11.04
웹 트래픽 로그 순위 추출  (0) 2016.11.03
apache 자동다운받기  (0) 2016.03.04
이 댓글을 비밀 댓글로

실시간 트래픽 체크

Posted by 주원이^^
2017.02.02 13:01 리눅스/스크립트
#!/bin/bash 

echo "Time : receive (Kbit/Sec) / transmit (Kbit/Sec)"
while ( true ) ;
do
rx1=`grep eth0 /proc/net/dev | awk '{print $1}' | sed 's/.*://'`
tx1=`grep eth0 /proc/net/dev | awk '{print $9}'`

sleep 3

rx2=`grep eth0 /proc/net/dev | awk '{print $1}' | sed 's/.*://'`
tx2=`grep eth0 /proc/net/dev | awk '{print $9}'`
rx3=$(((rx2-rx1)/128/3))
tx3=$(((tx2-tx1)/128/3))

echo "`date '+%k:%M:%S'` : $rx3 / $tx3"
done


'리눅스 > 스크립트' 카테고리의 다른 글

mysql binlog -> sql 로 변환하기 스크립트  (0) 2017.03.24
실시간 트래픽 체크  (0) 2017.02.02
system 정보보기 스크립트  (0) 2017.01.31
ssh_bruteforce 자동차단  (0) 2016.11.04
웹 트래픽 로그 순위 추출  (0) 2016.11.03
apache 자동다운받기  (0) 2016.03.04
이 댓글을 비밀 댓글로

scp 쓰는법

Posted by 주원이^^
2017.01.31 17:00 리눅스/소프트웨어(Software)

sftp로 사용할 경우 폴더 전체에 있는 파일을 옮기기 쉽지않다.


특히 디렉토리​에 하위 디렉토리가 있을 경우에는 스크립트를 작성하지 않는 이상 어렵다고 할 수 있다.


그래서 찾은 것이 scp 명령어이다.


정리.



서버1. XXX.XXX.XX.93 : 복사해야 할 서버


 - 복사해야할 폴더경로 : /data2/ispdata


서버2. ​XXX.XXX.XX.89 : 복사해서 넣고 싶은 서버


​  - 복사해서 넣고 싶은 폴더 경로 : /data/neos/


1. 폴더가 있는 서버에 접속한다.(175.125.91.89)


2. ​89번에서 scp 명령어를 실행한다. (물론 두 서버간에는 22번 포트가 열려 있어야 한다.)






 89번 서버에서


 root(또는 사용자계정) hostname] $ scpˇ-rvˇ/data2/ispdataˇ (이동해야 할 서버의 계정)@XXX.XXX. 


 XX.93:/data/neos/


 


 - r : 폴더를 복사한다는 옵션


 - v : 복사 과정을 보여주는 옵션 




 

scp -rv /data2/ispdata neos@XXX.XXX.XX.93:/home/ne​​​os/



'리눅스 > 소프트웨어(Software)' 카테고리의 다른 글

scp 쓰는법  (0) 2017.01.31
DNS 설치  (0) 2017.01.31
하드웨어 부하테스트 (Stress)  (0) 2016.07.13
LVS Server2  (0) 2016.04.08
LVS Server1  (0) 2016.04.08
리눅스 본딩셋팅  (0) 2015.09.14
이 댓글을 비밀 댓글로

DNS 설치

Posted by 주원이^^
2017.01.31 16:26 리눅스/소프트웨어(Software)

Chroot 를 사용하지 않는 bind 설치는 매우 쉽다.

일단 bind 를 설치한다.

yum -y install bind

그리고 각종 zone 파일 및 conf 파일을 카피한다.

cp -a /usr/share/doc/*/sample/var/named/* /var/named/

cp -a /usr/share/doc/*/sample/etc/* /var/named/

named.conf 파일을 /etc 및에 심볼릭 링크를 건다.

ln -s /var/named/named.conf /etc/named.conf

 

/etc/named.conf 파일을 수정한다.

vi /etc/named.conf

options
{
        // Those options should be used carefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;

        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

include "/etc/rndc.key";

 

named.conf 파일이 정상 작동 되는지 여부를 확인한다.

 

named-checkconf -z

에러 안나오면 끗!

 

/etc/init.d/named start

 

netstat -an | grep LISTEN

 

이젠 끝!!

 

UDP, TCP 53 Port 가 떳는지 확인해 보자

 

자동 실행 되게 chkconfig 에 등록하자

 

chkconfig --add named

chkconfig --level 2345 named on

'리눅스 > 소프트웨어(Software)' 카테고리의 다른 글

scp 쓰는법  (0) 2017.01.31
DNS 설치  (0) 2017.01.31
하드웨어 부하테스트 (Stress)  (0) 2016.07.13
LVS Server2  (0) 2016.04.08
LVS Server1  (0) 2016.04.08
리눅스 본딩셋팅  (0) 2015.09.14
이 댓글을 비밀 댓글로

system 정보보기 스크립트

Posted by 주원이^^
2017.01.31 16:21 리눅스/스크립트

###########################################################

# Name of the script : syscheck-v1.2.sh

# Date              : 07/26/98

# Modified        : 11/15/04       By Jae. Hwa, Kim

# Version : 1.2

# This script collects System Configuration information.

# tar : sysinfo, error log , hacmp snap, x25backup, sna

###########################################################

DATE=`date +%m%d%y`

SRV=`uname -n`

RPT=./sys.$SRV.$DATE.txt

X25BACK=./x25.$SRV.$DATE.txt

HASNAP=/usr/es/sbin/cluster/snapshots/snap.$SRV.$DATE.*

ERRLOG=./err.$SRV.$DATE.txt

SYSTAR=./`uname -n`.`date +%m%d%y`.check.tar

mkdir ./x25backup

echo "System information will be saved on $RPT"

#TMP="/tmp"

#> ${PRT}

exec >> ${RPT} 2>&1

# Put the server and the date in the report

banner `uname -n`

echo " "

echo "                     %%%%%%%%%%%%%%%%%%%%%%%%%%%"

echo "                     System Configuration Report"

echo "                     %%%%%%%%%%%%%%%%%%%%%%%%%%%"

echo " "

echo `date `

echo " "

# General Information.

echo "######################"

echo "General Information"

echo "######################"

echo " "

prtconf

echo " "

echo " "

echo " "

# CPU_CLOCK.

echo "######################"

echo "CPU_CLOCK"

echo "######################"

echo " "

CPU_CLOCK.exe

echo " "

echo " "

echo " "

# General OS Information.

echo "######################"

echo "General OS Information"

echo "######################"

echo " "

# Check the Operating System Level in the report

echo "=============================================="

echo "<< `uname -n` -- AIX Operating System Level >>"

echo "=============================================="

echo " "

echo "---------------------------------------"

echo "Lists names of known maintenance levels"

echo "---------------------------------------"

echo " "

/usr/bin/oslevel -q

echo " "

echo "-----------------------------------------------------------------"

echo "Lists fileset at levels later than the current maintenance levels"

echo "-----------------------------------------------------------------"

echo " "

/usr/bin/oslevel -r

echo " "

echo " "

echo "===================================="

echo "<< `uname -n` -- Boot Information >>"

echo "===================================="

echo " "

echo "--------------------"

echo "The last boot Device"

echo "--------------------"

echo " "

/usr/sbin/bootinfo -b

echo " "

echo "------------------------------------"

echo "The Booting Kernel Mode(32bit/64bit)"

echo "------------------------------------"

echo "H/W    Mode : "`/usr/sbin/bootinfo -y`" bit"

echo "Kernel Mode : "`/usr/sbin/bootinfo -K`" bit"

echo " "

echo "-----------------"

echo "The System uptime"

echo "-----------------"

uptime

echo " "

echo " "


# Put the system attributes in the report

echo "======================================================================="

echo "<< `uname -n` -- System Attribute information (lsattr -E -H -l sys0) >>"

echo "======================================================================="

echo " "

lsattr -E -H -l sys0

echo " "

# Put the machinetype info in the report

echo "=============================================="

echo "<< `uname -n` -- System Information (lscfg) >>"

echo "=============================================="

echo " "

lscfg -vp

echo " "

# Print the Processor on this server

echo "========================================="

echo "<< `uname -n` -- Processor information >>"

echo "========================================="

echo " "

/usr/sbin/bindprocessor -q

echo " "

# Print the amount of memory on this server

echo "======================================"

echo "<< `uname -n` -- Memory information >>"

echo "======================================"

echo " "

echo "-----------------------"

echo "The Size of real memory"

echo "-----------------------"

echo " "

/usr/sbin/bootinfo -r

echo " "

# Put the OS-dump info in the report

echo "===================================="

echo "<< `uname -n` -- DUMP information >>"

echo "===================================="

echo " "

echo "-------------------"

echo "Current Dump Device"

echo "-------------------"

echo " "

sysdumpdev -l

echo " "

echo "--------------------"

echo " Estimated Dump Size"

echo "--------------------"

echo " "

sysdumpdev -e

echo " "

# Put the OS-page space info in the report

echo "========================================="

echo "<< `uname -n` -- Paging space information"

echo "========================================="

echo " "

lsps -a

echo " "

echo "======================================="

echo "<< `uname -n` -- Disk Usage Information"

echo "======================================="

echo " "

df -tk

echo " "

echo "======================================="

echo "<< `uname -n` -- Slot Information"

echo "======================================="

echo " "

lsslot -c pci

echo " "

# Print physical scsi adapter and disk info

echo "======================================================="

echo "<< `uname -n` -- SCSI adapter and physical disk info >>"

echo "======================================================="

echo " "

lscfg | grep -i scsi | grep -i -E "adapter|controller"

echo " "

lsdev -Cc disk

echo " "

echo "======================================="

echo "<< `uname -n` -- Crontab Information >>"

echo "======================================="

echo " "

crontab -l

echo " "

echo "==============================================="

echo "<< `uname -n` -- File System export Information"

echo "==============================================="

echo " "

exportfs

echo " "

echo "========================================="

echo "<< `uname -n` -- Alog Boot Information >>"

echo "========================================="

echo " "

echo " "

alog -o -f /var/adm/ras/bootlog

echo " "

echo " "

echo " "

echo " "

echo "========================================="

echo "<< `uname -n` -- User License Information"

echo "========================================="

echo " "

echo " "

lslicense

echo " "

echo " "

echo " "

echo " "

# LVM Information

echo "#################"

echo " LVM Information "

echo "#################"

echo " "

echo " "

echo " "

# List all VG

# Find all the disks in the machine then print info

echo "======================================"

echo "<< `uname -n` -- List all volume group"

echo "======================================"

echo " "

echo "-------------"

echo "Volume Groups"

echo "-------------"

echo " "

echo "List Volume Group"

lsvg

echo " "

echo "List On-line Volume Group"

echo " "

lsvg -o

echo " "

echo "----------------"

echo "Physical Volumes"

echo "----------------"

lspv

echo " "

echo " "

echo " "

lsvg | while read VG

do

 echo " "

 echo "The following physical volumes are in Volume Group -- $VG --"

 lsvg -p $VG

 echo " "

 echo "<< Volume group info for $VG"

 lsvg $VG

 echo " "

 echo " "

 echo " "

done

echo " "

# List physical disk info

echo "=========================================================="

echo "<< `uname -n` -- List all physical volumes by volume group"

echo "=========================================================="

echo " "

getlvodm -C | while read VOL

do

 echo " "

 echo "<< Physical volume info for $VOL by PVID >>"

 lspv $VOL

 echo " "

 echo "<< Physical volume info for $VOL by logical volume >>"

 lspv -l $VOL

 echo " "

 echo "<< Physical volume info for $VOL by PP Range >>"

 lspv -p $VOL

 echo " "

 echo " "

 echo " "

done

echo " "

# List all logical volumes by volume group

echo "========================================================="

echo "<< `uname -n` -- List all logical volumes by volume group"

echo "========================================================="

echo " "

lsvg -o | while read VG

do

 echo "<< List of logical volumes defined in volume group $VG >>"

 lsvg -l $VG

 echo " "

 echo "<< List of physical volumes defined in volume group $VG >>"

 lsvg -p $VG

 echo " "

 echo " "

 echo " "

done

echo " "

# Save the mount information in the report

echo "====================================="

echo "<< `uname -n` -- Mount information >>"

echo "====================================="

echo " "

mount

echo " "

# Print the file system information

echo "========================================="

echo "<< `uname -n` -- List all file systems >>"

echo "========================================="

echo " "

lsfs -l

echo " "

# Network Information

echo "###################"

echo "Network Information"

echo "###################"

echo " "

echo " "

# Check Network Option

echo "================================================="

echo "<< `uname -n` -- Network Option Tunable Values >>"

echo "================================================="

echo " "

echo "-------------------------------"

echo "Important Network Option Values"

echo "-------------------------------"

echo " "

no -a | grep thewall

no -a | grep sb_max

no -a | grep tcp_sendspace

no -a | grep tcp_recvspace

no -a | grep udp_sendspace

no -a | grep udp_recvspace

no -a | grep rfc1323

no -a | grep tcp_mssdflt

no -a | grep ipforwarding

no -a | grep tcp_pmtu_discover

no -a | grep udp_pmtu_discover

echo " "

echo " "

# Put the network information in the report

echo "================================================="

echo "<< `uname -n` -- Network information (netstat) >>"

echo "================================================="

echo " "

echo "-----------"

echo "netstat -nr"

echo "-----------"

netstat -nr

echo " "

echo "----------"

echo "netstat -i"

echo "----------"

netstat -i

echo " "

echo "----------"

echo "netstat -m"

echo "----------"

netstat -m

echo " "

echo "----------"

echo "netstat -v"

echo "----------"

netstat -v

echo " "


# Improtant Files

echo "###########################"

echo "Important Files Information"

echo "###########################"

echo " "

echo " "

echo " "

echo "========================================"

echo "<< `uname -n` -- some Important files >>"

echo "========================================"

echo " "

echo "------------"

echo "/etc/inittab"

echo "------------"

cat /etc/inittab

echo " "

#echo " "

echo "----------"

echo "/etc/hosts"

echo "----------"

cat /etc/hosts

echo " "

#echo " "

echo "----------------"

echo "/etc/resolv.conf"

echo "----------------"

cat /etc/resolv.conf

echo " "

#echo " "

echo "---------"

echo "/etc/motd"

echo "---------"

cat /etc/motd

echo " "

#echo " "

echo "-----------"

echo "/etc/passwd"

echo "-----------"

cat /etc/passwd

echo " "

#echo " "

echo "----------"

echo "/etc/group"

echo "----------"

cat /etc/group

echo " "

3echo " "

echo "------------"

echo "/etc/profile"

echo "------------"

cat /etc/profile

echo " "

#echo " "

echo "------------------"

echo "/etc/security/user"

echo "------------------"

cat /etc/security/user

echo " "

#echo " "

echo "--------------------"

echo "/etc/security/limits"

echo "--------------------"

cat /etc/security/limits

echo " "

#echo " "

echo "-----------------------"

echo "/etc/security/login.cfg"

echo "-----------------------"

cat /etc/security/login.cfg

echo " "

#echo " "

echo "---------------------"

echo "/etc/security/environ"

echo "---------------------"

cat /etc/security/environ

echo " "

#echo " "

echo "-------------"

echo "/etc/services"

echo "-------------"

cat /etc/services

echo " "

#echo " "

echo "----------------"

echo "/etc/filesystems"

echo "----------------"

cat /etc/filesystems

echo " "

#echo " "

echo "-----------"

echo "/etc/rc.net"

echo "-----------"

cat /etc/rc.net

echo " "

echo " "

echo " "

echo " "

echo "-----------"

echo "    aio    "

echo "-----------"

lsattr -El aio0

echo " "

echo " "

echo " "

echo " "

# List Software Installed.

echo "####################"

echo "Software Information"

echo "####################"

echo " "

# Get the LPP information

echo "==========================================================="

echo "<< `uname -n` -- List all LPPs installed on this machine >>"

echo "==========================================================="

echo " "

lslpp -L all

echo " "

echo " "

echo " "

echo " "

# SNA config & status & backup

echo "####################"

echo "SNA config & status"

echo "####################"

echo " "

echo "========================="

echo "<< `uname -n` -- SNA >>"

echo "========================="

echo "-----------------------------"

echo "<< `uname -n` -- SNA status >>"

echo "-----------------------------"

mpcinfo

echo " "

ListRAS

echo " "

sna -d l

echo " "

sna -d s

echo " "

echo "==================="

echo "SNA config Backup "

echo "==================="

cat /etc/sna/sna_node.cfg

echo " "

echo " "

# X.25 config & status & backup

echo "####################"

echo "X.25 config & status"

echo "####################"

echo " "

echo "========================="

echo "<< `uname -n` -- x.25  >>"

echo "========================="

echo "-----------------------------"

echo "<< `uname -n` -- x25status >>"

echo "-----------------------------"

x25status

echo " "

echo "-------------------------"

echo "<< `uname -n` -- lsx25 >>"

echo "-------------------------"

lsx25

echo " "

echo "==================="

echo "X.25 config Backup "

echo "==================="

backupx25 -d /x25backup -v

echo " "

echo " "

echo " "

# HACMP config & status & backup

echo "#####################"

echo "HACMP Config & status"

echo "#####################"

echo " "

echo "-----------------------------------"

echo "<< `uname -n` HACMP Daemon status >>"

echo "-----------------------------------"

echo "Cluster status"

lssrc -a |egrep 'svc|ES'

lssrc -ls snmpd

lssrc -ls topsvcs 

lssrc -ls emsvcs 

lssrc -ls emaixos

lssrc -ls grpsvcs

echo " "

echo " "

echo " "

echo "======================================"

echo "<< `uname -n` -- HACMP Information  >>"

echo "======================================"

echo "-------------------------------------"

echo "<< `uname -n` HACMP Cluster config >>"

echo "-------------------------------------"

echo "<< Cluster info >>"

/usr/es/sbin/cluster/utilities/cllsclstr

echo " "

echo "<< Cluster Node info >>"

/usr/es/sbin/cluster/utilities/cllsnode

echo " "

echo "<< Cluster Node interface info >>"

/usr/es/sbin/cluster/utilities/cllsif

echo " "

echo "<< Cluster resources group >>"

/usr/es/sbin/cluster/utilities/cllsgrp

echo " "

echo "<< Cluster resource group information >>"

/usr/es/sbin/cluster/utilities/cllsgrp  | while read REG

do

   echo "-----------------------"$REG" information-----------------------------"

   /usr/es/sbin/cluster/utilities/clshowres -g $REG

   echo " "

done

echo "------------------------------"

echo "<< `uname -n` -- HACMP SNAP >>"

echo "------------------------------"

/usr/es/sbin/cluster/utilities/clsnapshot -c -i -n snap.$SRV.$DATE  -d  'ha snap'

echo "###########################"

echo "`uname -n` system error log"

echo "###########################"

echo "--------------------------------------"

echo "<< `uname -n` -- errpt > $ERRLOG >>"

echo "--------------------------------------"

errpt >> $ERRLOG

echo "--------------------------------------"

echo "<< `uname -n` -- errpt -a >> $ERRLOG >>"

echo "--------------------------------------"

errpt -a >> $ERRLOG

echo " "

echo "==== tar compress ===="

tar cvf $SYSTAR $RPT $HASNAP ./x25backup $ERRLOG

echo "<< End of the Document for `uname -n` >>"

# End of the Script

# remove status file

rm $RPT $HASNAP $X25BACK $ERRLOG

rmdir x25backup

'리눅스 > 스크립트' 카테고리의 다른 글

mysql binlog -> sql 로 변환하기 스크립트  (0) 2017.03.24
실시간 트래픽 체크  (0) 2017.02.02
system 정보보기 스크립트  (0) 2017.01.31
ssh_bruteforce 자동차단  (0) 2016.11.04
웹 트래픽 로그 순위 추출  (0) 2016.11.03
apache 자동다운받기  (0) 2016.03.04
이 댓글을 비밀 댓글로

ssh_bruteforce 자동차단

Posted by 주원이^^
2016.11.04 17:20 리눅스/스크립트

#!/bin/bash

#횟수설정

sshban="15"

##################################

declare -a ssh_deny_ip_array

search_today=`date +'%b %e'`

today=`date +%Y%m`

time=`date +'%Y:%m:%d %H:%M:%S'`

log="/usr/local/logs/ssh_ban_$today"


_check() {

if [ ! -d /usr/local/logs ]; then

mkdir -p /usr/local/logs

fi


if [ ! -f /etc/hosts.deny  ]; then

touch /etc/hosts.deny

fi


if [ ! -f $log ]; then

touch $log

fi

}


_log() {

log_ip_cnt=${#ssh_deny_ip_array[@]}

echo "[ ${time} ]" >> $log

echo "" >> $log


for ((i=0;i<=$log_ip_cnt;i++)); do

echo ${ssh_deny_ip_array[$i]} >> $log

done

echo "" >> $log


}



_common() {

declare -a ssh_ip_ban_list_array

#오늘날짜 검색이후 IP추출 및 비교후 데이터저장

IFS=$'\n' ssh_ip_count_list=(`cat /var/log/secure | grep 'Failed password for' | egrep -v 'invalid user' | grep ${search_today} |  awk '{print $11}' |  sort -rn -k 11 | uniq -c | awk '{print $1}'`)


k="0"

j="1"

for value in "${ssh_ip_count_list[@]}"; do

if [ $value -ge $sshban ]; then

ssh_ip_list=`cat /var/log/secure | grep 'Failed password for' | egrep -v 'invalid user' | grep ${search_today} |  awk '{print $11}' |  sort -rn -k 11 | uniq -c | awk '{print $2}' | sed -n "${j},${j}p"`

ssh_ip_ban_list_array[$k]=`echo $ssh_ip_list`

k=`expr $k + 1`

fi

j=`expr $j + 1`

done



#기존 리스트 비교 후 삽입

declare -a ssh_deny_ip

u=0;

ssh_ip_ban_cnt=${#ssh_ip_ban_list_array[@]}

for ((i=0;i<$ssh_ip_ban_cnt;i++)); do

ssh_deny_ip_switch="n"

while read line; do

if [[ `echo $line | grep ^S` ]] || [[ `echo $line | grep ^s` ]]; then

ssh_deny_ip=`echo $line | awk '{print $3}'`

if [[ "${ssh_ip_ban_list_array[$i]}"  == "$ssh_deny_ip" ]]; then

ssh_deny_ip_switch="y"

break

fi


fi

done < /etc/hosts.deny

if [[ $ssh_deny_ip_switch == "n" ]]; then

echo "sshd : ${ssh_ip_ban_list_array[$i]}" >> /etc/hosts.deny

ssh_deny_ip_array[$u]=${ssh_ip_ban_list_array[$i]}

u=`expr $u + 1`

fi


done


if [ ! -z `echo ${ssh_deny_ip_array[@]}` ]; then

_log

fi

}






_check

_common

'리눅스 > 스크립트' 카테고리의 다른 글

실시간 트래픽 체크  (0) 2017.02.02
system 정보보기 스크립트  (0) 2017.01.31
ssh_bruteforce 자동차단  (0) 2016.11.04
웹 트래픽 로그 순위 추출  (0) 2016.11.03
apache 자동다운받기  (0) 2016.03.04
mysql replication 상태체크  (0) 2016.01.13
이 댓글을 비밀 댓글로