Assuming you still have ssh access (as it's not two-factor protected)
... remove the secondSV.conf from the user profile in question in
/mnt/HDA_ROOT/.config/.qos_config/users/[username]/
如若你要登入的帳號是admin則使用下列指令移除secondSV.conf
rm /mnt/HDA_ROOT/.config/.qos_config/users/admin/secondSV.conf
2016年12月17日 星期六
2016年10月7日 星期五
2016年9月26日 星期一
2016年9月9日 星期五
我個人的學生名冊與成績資料庫更新方式
我個人的學生名冊與成績資料庫更新方式
將舊的資料庫分別匯出為sql與OpenDocument Spreadsheet格式各一份,然後打開OpenDocument Spreadsheet檔,將新一年的學生資料加入,再將其匯入到mysql資料庫裡,這時會是一個所謂的工作表的資料表,再將該資料表裡的資料匯出為sql檔,而後將該sql檔裡的
所有新的人員資料複製,再將原第一次匯出的sql檔裡的人員資料取代,最後再存檔匯入資料庫裡即可!
2016年3月1日 星期二
使用 sed 工具在 Linux 環境下快速完成「搜尋取代」的任務
在 Windows 有 grepWin 可快速執行多檔案的搜尋取代任務,而在 Linux 環境下就非 sed 莫屬了,為了能讓 sed 的功效達到極致,你還需要多瞭解 find 指令與 Regular expression 語法才能對你的搜尋取代任務更靈活的運用,以下是幾個常用的指令與說明。
學習 sed 的流程:
- 先練習單一檔案操作,並練習搜尋取代的語法 (不直接寫入檔案)
- 確認語法正確後,就可以套用 -i 選項參數可將搜尋取代的結果直接寫入該檔案
- 確認無誤後可搭配 find 指令進行多檔案批次搜尋取代 (功能強大、威力十足)
使用 sed 的範例:
1. 針對單一檔案進行搜尋取代 ( 針對每一行第一次出現的搜尋文字 ) ( 區分大小寫 )
sed -e 's/cpu/memory/' test.txt
備註 1:如上例 cpu 為搜尋字串,而 memory 為替代字串,而替代的結果會直接輸出在畫面上。
備註 2:此範例並沒有加上 -i 選項參數,所以替代的結果並不會寫入 test.txt 檔案。
備註 2:此範例並沒有加上 -i 選項參數,所以替代的結果並不會寫入 test.txt 檔案。
2. 針對單一檔案進行搜尋取代 ( 針對每一行第一次出現的搜尋文字 ) ( 不區分大小寫 )
sed -e 's/cpu/memory/g' test.txt
3. 針對單一檔案進行搜尋取代 ( 針對每一行所有出現過的搜尋文字 ) ( 不區分大小寫 )
sed -e 's/cpu/memory/g' test.txt
4. 針對單一檔案進行搜尋取代 ( 針對每一行第一次出現的搜尋文字 ) ( 將搜尋取代的結果直接回寫檔案 )
sed -i -e 's/cpu/memory/g' test.txt
find . -type f -exec sed -e 's/cpu/memory/g' '{}' \;
2016年2月25日 星期四
2016年2月24日 星期三
以 mod_evasive 阻擋 D.o.S 攻擊
在 CentOS 下有裝 EPEL 的話,使用 yum 安裝即可
$ yum install mod_evasive
編輯mod_evasive設定檔
$ vim /etc/httpd/conf.d/mod_evasive.conf
# 用來儲存黑名單的檔案大小
DOSHashTableSize 3097
# 同一個網址在 DOSPageInterval 內被同一個IP存取幾次時,要阻擋此IP
DOSPageCount 2
# 同一個IP在 DOSSiteInterval 存取了網站幾次時,要阻擋此IP
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
# 被加入阻擋名單的IP要被擋多久,預設為10秒
# 若被阻擋期間持續攻擊時,此時間會一直加上去,所以不用設很大
DOSBlockingPeriod 10
#用這個目錄來記錄log檔
DOSLogDir "/var/lock/mod_evasive"
# 設定白名單
DOSWhitelist 127.0.0.1
DOSWhitelist 192.168.*.*
建立可供 apache 寫入log的 mod_evasive 目錄
$ mkdir /var/lock/mod_evasive; chown apache /var/lock/mod_evasive
重載 apache
$ service httpd reload
$ yum install mod_evasive
編輯mod_evasive設定檔
$ vim /etc/httpd/conf.d/mod_evasive.conf
# 用來儲存黑名單的檔案大小
DOSHashTableSize 3097
# 同一個網址在 DOSPageInterval 內被同一個IP存取幾次時,要阻擋此IP
DOSPageCount 2
# 同一個IP在 DOSSiteInterval 存取了網站幾次時,要阻擋此IP
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
# 被加入阻擋名單的IP要被擋多久,預設為10秒
# 若被阻擋期間持續攻擊時,此時間會一直加上去,所以不用設很大
DOSBlockingPeriod 10
#用這個目錄來記錄log檔
DOSLogDir "/var/lock/mod_evasive"
# 設定白名單
DOSWhitelist 127.0.0.1
DOSWhitelist 192.168.*.*
建立可供 apache 寫入log的 mod_evasive 目錄
$ mkdir /var/lock/mod_evasive; chown apache /var/lock/mod_evasive
重載 apache
$ service httpd reload
安裝DoS Deflate 減輕 DDoS攻擊
(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
How To Install (D)DoS Deflate :-
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
How To UnInstall (D)DoS Deflate :-
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
How To Edit Configuration File:-
vi /usr/local/ddos/ddos.conf
How To Check The Number Of Connected Ips:-
sh /usr/local/ddos/ddos.sh
How To Restart DDos Deflate:-
sh /usr/local/ddos/ddos.sh -c
更新ClamAv病毒碼!
找到freshclam.conf,然後加入以下三行!
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror clamav.stu.edu.tw
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.net
使系統自動更新病毒碼
在crontab中加入
N * * * * /usr/local/bin/freshclam --quiet
其中的N值要在3~57中間,但不要用偶數值,因為很多工加台都設成偶數值了。
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror clamav.stu.edu.tw
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.net
使系統自動更新病毒碼
在crontab中加入
N * * * * /usr/local/bin/freshclam --quiet
其中的N值要在3~57中間,但不要用偶數值,因為很多工加台都設成偶數值了。
2016年2月23日 星期二
QNAP開機自動執行的方法
Skills required
- must be able to remote login via ssh or telnet (e.g. use SSH PuTTY)
- must know how to edit files using nano, vi, or edit via SFTP (e.g. use WinSCP)
MTD-based method
autorun.sh is a script which will be executed on every startup of the TS-x09, TS-x19 and TS-x39. Editing this file allows you to start your own programs or overwrite config files with your own copies.
Manual edit of autorun.sh
- Log into your QNAP device using SSH or Telnet, for instance by using Putty
- Optional: install nano; use ipkg install nano & edit with nano instead of vi
- Mount config ramblock by finding your specific model below:
TS-201:
Mount the config ramblock /dev/mtdblock4:# mount -t ext2 /dev/mtdblock4 /tmp/config
1 bay: TS-109, TS-109P, TS-110, TS-119,
2 bay: TS-209, TS-209P, TS-212, TS-219 (TS-219P II: since the new firmware update you maybe have to use ext4 instead of ext2),
4 bay: TS-409 (Marvell ARM), TS-412, TS-419P:
Mount the config ramblock /dev/mtdblock5:# mount -t ext2 /dev/mtdblock5 /tmp/config
TS-439, TS-509, TS-639, TS-809, TS-809U (x86):
Mount the config ramblock /dev/sdx6:# mount -t ext2 /dev/sdx6 /tmp/config
TS-269L:
Mount the config ramblock /dev/sdc6:# mount -t ext2 /dev/sdc6 /tmp/config
- Create/Edit /tmp/config/autorun.sh .
- either using vi:
# vi /tmp/config/autorun.sh
- either using vi:
- Get vi editor into edit mode: press a
- Edit whatever you need to
- Exit edit mode: press ESC
- Save and exit: press ZZ
- or editing it using a desktop PC and e.g. SFTP
- Ensure that /tmp/config/autorun.sh is executable:
# chmod +x /tmp/config/autorun.sh
- IMPORTANT: Unmount the mounted flash partition:
# umount /tmp/config
editautorun.sh: script to ease autorun.sh edit
If you edit this file regularly you can save some time by creating a shell script (e.g. editautorun.sh) to automate the process. You can call the script by either putting it in the environment path, or add its folder to the path or call it by an alias.
The script contents are:
For TS-201 use ...
mount -t ext2 /dev/mtdblock4 /tmp/config vi /tmp/config/autorun.sh chmod +x /tmp/config/autorun.sh echo . echo "unmounting /tmp/config..." umount /tmp/config
For TS-109, TS-109P, TS-119, TS-209, TS-209P, TS-219, TS-412, TS-409 (Marvell ARM) use ...
mount -t ext2 /dev/mtdblock5 /tmp/config vi /tmp/config/autorun.sh chmod +x /tmp/config/autorun.sh echo . echo "unmounting /tmp/config..." umount /tmp/config
TS-439, TS-509, TS-639, TS-809, TS-809U (x86) use ...
mount -t ext2 /dev/sdx6 /tmp/config vi /tmp/config/autorun.sh chmod +x /tmp/config/autorun.sh echo . echo "unmounting /tmp/config..." umount /tmp/config
autorun.sh: one script to rule them all
Frequently mounting and editing autorun.sh on the flash could be an annoying task. More important, it may reduce the lifetime of some flash blocks. Flash blocks have limited write/erase cycles, and the mtdblock device driver does little to prevent their wear. Read more on this on the http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd" alt="http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd" title="http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd">Linux mtd
web site.
To avoid this, you could configure autorun.sh to launch another script located in the inner drive: in this way there no need to always mount and modify the file inside the flash. but only edit the script file located on your drive.
Create the directory /share/HDA_DATA/.qpkg/autorun and file autorun.sh with:
mkdir /share/HDA_DATA/.qpkg/autorun cd /share/HDA_DATA/.qpkg/autorun/ touch autorun.sh chmod +x autorun.sh
The autorun.sh located on the flash could be something like this (just two lines that won't need many changes!):
#!/bin/sh /share/HDA_DATA/.qpkg/autorun/autorun.sh &
and then edit the file /share/HDA_DATA/.qpkg/autorun/autorun.sh to be used to launch all your startup scripts.
IMPORTANT Notes!
1. Never put any larger files on your flashboot devices and ramdisk; instead, create symbolic links to whatever you want to put there, e.g.:
Create a link from /usr (which is in ramdisk) to /share/MD0_DATA/jre1.6.0_10 (which is on a hard disk) at the mountpoint /usr/java
Create a link from /usr (which is in ramdisk) to /share/MD0_DATA/jre1.6.0_10 (which is on a hard disk) at the mountpoint /usr/java
# ln -sf /share/MD0_DATA/jre1.6.0_10 /usr/java
2. Always use the full system path because locations like /opt/bin or /opt/sbin might not have been exported yet when Autorun.sh is executed, e.g:
No good.
svnserve -d --listen-port=4000 -r /share/subversion
This is better.
/opt/bin/svnserve -d --listen-port=4000 -r /share/subversion
If it still fails to start svnserve, you might try adding this line to your autoexec script:
/bin/ln -sf /opt/bin/ /share/HDA_DATA/opt/bin/
3. Many startup scripts in /etc/init.d overwrite their corresponding configuration files in /etc. In this case overwriting the config file using autorun.sh is not enough; we also have to overwrite the startup script itself. Moreover, many startup scripts get excecuted before autorun, such that we also have to restart the service. In this case an autorun.sh may look like this:
#!/bin/sh cp /share/MD0_DATA/admin/nfs /etc/init.d/nfs cp /share/MD0_DATA/admin/exports /etc /etc/init.d/nfs restart
Very ugly, indeed! However, it seems this is the only way to make it work (unless you want to throw out the QNAP OS and install a 'better' OS on your NAS).
4. On our QNAP TS-879 Pro we were not able to run
/opt/bin/rsyncd-acl.sh start
from the autorun.sh as /opt is not the one from Optware but a directory containing one file, i.e. nasconfig_fs.img.tgz.
Thus we modified /tmp/config/autorun.sh to
#!/bin/sh log=/share/MD0_DATA/.qpkg/Optware/var/log/autorun date > $log # removing bogus /opt /bin/rm /opt/nasconfig_fs.img.tgz /opt 2>> $log >> $log /bin/rmdir /opt 2>> $log >> $log # link correct /opt /bin/ln -s /share/MD0_DATA/.qpkg/Optware /opt 2>> $log >> $log # run autorun.sh /opt/etc/autorun.sh 2>> $log >> $log
created a log file directory
mkdir -p /opt/var/log
and created /opt/etc/autorun.sh on the disk
#!/bin/sh /opt/bin/rsyncd-acl.sh start
thus no mounting of the flash partition is necessary anymore.
QPKG-based method
With firmware 3.8.2, the #MTD-based_method was broken. With the next firmware update, this bug was corrected, but in the meanwhile, the below workaround has been devised.
This method consists of declaring a dummy QPKG which launches your script at startup.
- Log into your QNAP device using SSH or Telnet, for instance by using Putty
- Edit QPKG config file:
# vi /etc/config/qpkg.conf
- Declare a new dummy package by adding something like that in this file, but take care about the order. e.g. if you would like to start a service from a optware package, be sure optware is initialized before:
[autorun] Name = autorun Version = 0.1 Author = neomilium Date = 2013-05-06 Shell = /share/MD0_DATA/.qpkg/autorun/autorun.sh Install_Path = /share/MD0_DATA/.qpkg/autorun Enable = TRUE
As you can see, Shell is the interesting variable: at boot-time, QNAP OS will launch each QPKG's Shell variable content.
Note: if your NAS doesn't have /share/MD0_DATA (i.e. is a one-drive NAS then substitute /share/MD0_DATA by /share/HDA_DATA , on a NAS with the new Storage Manager substitute /share/MD0_DATA by /share/CACHEDEV1_DATA/), put the right directory into the Shell and Install_Pathvariables and adapt the following commands to your needs.
- Create the dummy package directory:
# mkdir /share/MD0_DATA/.qpkg/autorun
- Create the autorun script with the contents of your choice:
# vi /share/MD0_DATA/.qpkg/autorun/autorun.sh
Note: don't forget "#!/bin/sh" at the beginning of script.
- Set the execute bit:
# chmod +x /share/MD0_DATA/.qpkg/autorun/autorun.sh
- Reboot and enjoy!
MTD-based method (old)
This section is here only to make sure existing anchor links continue to work. The meat is in the section MTD-based method.
QPKG-based method (new)
This section is here only to make sure existing anchor links continue to work. The meat is in the section QPKG-based method
Trick & tips
Waiting for encrypted partitions
If your data partition is encrypted, you might have some script that has to wait until the encrypted partition is available. I added a script called waitforenc.sh in my autorun-directory:
#! /bin/sh # This script ends after the encrypted filesystem has been mounted. # The following exits successfully (0) if MD0 is mounted cat /etc/mtab | grep -q MD0 while [[ $? -ne 0 ]] ; do sleep 5 cat /etc/mtab | grep -q MD0 done
And now I'm able to call scripts *after* the encrypted partition is available, without blocking other scripts:
(./waitforenc.sh; /etc/init.d/ldap_server.sh restart ) &
Calling all scripts in a certain directory
Place a file called listoffiles.sh in a directory, create a subdirectory called scripts, add listoffiles.sh to your autorun:
#! /bin/sh # listoffiles.sh BASEDIR=$(dirname $0) echo "" > log/userfiles.log for i in scripts/*.sh ; do if [[ -x $i ]] ; then echo -n "$i " >> log/userfiles.log echo `date` >> log/userfiles.log $i 2>&1 >> log/userfiles.log cd $BASEDIR fi done
Optimized networking
- You can also try different values from http://www.speedguide.net/read_articles.php?id=121" alt="http://www.speedguide.net/read_articles.php?id=121" title="http://www.speedguide.net/read_articles.php?id=121">http://www.speedguide.net/read_articles.php?id=121
ifconfig eth0 txqueuelen 50000 ifconfig eth1 txqueuelen 50000 echo 1 > /proc/sys/net/ipv4/tcp_rfc1337 echo 2 > /proc/sys/net/ipv4/tcp_frto echo 2 > /proc/sys/net/ipv4/tcp_frto_response echo 1 > /proc/sys/net/ipv4/tcp_mtu_probing echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 1 > /proc/sys/net/ipv4/tcp_workaround_signed_windows echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse echo 0 > /proc/sys/net/ipv4/tcp_tw_recycle echo 1 > /proc/sys/net/ipv4/tcp_low_latency echo 1 > /proc/sys/net/ipv4/tcp_ecn
QNAP mount samb分享的目錄
mount.cifs //192.168.12.34/sharename /share/Public/WindowsShare -o username=user,password=pass
2016年2月20日 星期六
linux 掛載遠端ftp伺服器的方法
A、安装curlftpfs
A.1、安装DAG repository
Fedora可以直接yum install curlftpfs,CentOS不行,得用DAG repository,所以得先安装DAG repository。
rpm -Uhv
http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
A.2、安装 curlftpfs
yum install curlftpfs
B、挂载FTP服务器
B.1、用curlftpfs命令挂载
curlftpfs -o codepage=utf8 ftp://username:password@192.168.192.168 /ftp
也可以用(這是開放權限)curlftpfs -o codepage=utf8 -o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp
也可以用(這是開放權限)curlftpfs -o codepage=utf8 -o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp
codepage: 编码
username: FTP用户名
password: FTP密码
192.168.1.111: FTP地址
/ftp: 准备挂载到的路径
192.168.1.111:
/ftp:
B.2、卸载挂载
fusermount -u /ftp
或
umount /ftp
B.3、开放权限
这样其它用户也能读写了,uid和gid改成你自己的id
sudo curlftpfs –o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp
B.4、开机自动挂载
echo "curlftpfs#username:password@192.168.1.111 /ftp fuse allow_other,uid=0,gid=0 0 0" >> /etc/fstab
echo "curlftpfs#username:password@192.168.1.111
兩個NAS掛載其中一台分享出來的資料夾成為本地硬碟!
Steps to do:
On the ARM based QNAP, create the share in common, and grant rights to the NFS Intel based QNAP
On the Intel baed QNAP, create a directory like: / share / MD0_DATA / remotenas
Then type the Following:
mount -t nfs : / / share / MD0_DATA / remotenas
2016年2月12日 星期五
我的nas檔案同步到其外接USB碟的指令
rsync -avl --delete -exclude-from=/tmp/nonecopy /volume1/ /volumeUSB1/usbshare/LocalBackup/
2016年1月30日 星期六
mysql取代字串語法
The easiest way I have found is to dump the database to a text file, run a sed command to do the replace, and reload the database back into MySQL.
All commands are bash on Linux, from memory.
Dump database to text file
mysqldump -u user -p databasename > ./db.sql
Run sed command to find/replace target string
sed -i 's/oldString/newString/g' ./db.sql
Reload the database into MySQL
mysql -u user -p databasename < ./db.sql
Easy peasy.
2016年1月28日 星期四
wget 直接下載google硬碟的檔案
首先將檔案設請網際網路上所有使用者均可以找到並檢視
接著用下列語法
wget --no-check-certificate https://googledrive.com/host/ID -O /本地端的檔案儲存路徑與檔名
其中的ID就是若你分享的連結為:https://drive.google.com/file/d/0B7wsIMxK5Td0dTNPdnNFtsdfwv/view?usp=sharing
即為0B7wsIMxK5Td0dTNPdnNFtsdfwv
換言之你的下載完整指令為wget --no-check-certificate https://googledrive.com/host/0B7wsIMxK5Td0dTNPdnNFtsdfwv -O /temp/test.tar.bz2
接著用下列語法
wget --no-check-certificate https://googledrive.com/host/ID -O /本地端的檔案儲存路徑與檔名
其中的ID就是若你分享的連結為:https://drive.google.com/file/d/0B7wsIMxK5Td0dTNPdnNFtsdfwv/view?usp=sharing
即為0B7wsIMxK5Td0dTNPdnNFtsdfwv
換言之你的下載完整指令為wget --no-check-certificate https://googledrive.com/host/0B7wsIMxK5Td0dTNPdnNFtsdfwv -O /temp/test.tar.bz2
2016年1月23日 星期六
2016年1月22日 星期五
在 CentOS 6.x 安裝 ClamAV
在 CentOS 6.x 安裝 ClamAV
ClamAV 是 Linux 最常用來做防毒整合的套件之一,本文將介紹如何在 CentOS 6.x 中安裝 ClamAV。
新增 EPEL 套件來源
1
|
root # rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
|
安裝 ClamAV 套件
1
|
root # yum install clamav clamd clamav-devel -y
|
更新 ClamAV 病毒定議檔
1
|
root # freshclam
|
開機時啟用 ClamAV Daemon
1
|
root # service clamd start
|
測試掃掃檔案
1
|
root # clamscan -r /etc
|
訂閱:
文章 (Atom)