linux 配合find 刪除特定檔名的檔案方法

find ./ -name "*.cache" -exec rm -rf {} \

以 mod_evasive 阻擋 D.o.S 攻擊

在 CentOS 下有裝 EPEL 的話，使用 yum 安裝即可
$ yum install mod_evasive
編輯mod_evasive設定檔 

$ vim /etc/httpd/conf.d/mod_evasive.conf

    # 用來儲存黑名單的檔案大小
    DOSHashTableSize    3097
    # 同一個網址在 DOSPageInterval 內被同一個IP存取幾次時，要阻擋此IP
    DOSPageCount        2
    # 同一個IP在 DOSSiteInterval 存取了網站幾次時，要阻擋此IP
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    # 被加入阻擋名單的IP要被擋多久，預設為10秒
    # 若被阻擋期間持續攻擊時，此時間會一直加上去，所以不用設很大
    DOSBlockingPeriod   10

    #用這個目錄來記錄log檔
    DOSLogDir           "/var/lock/mod_evasive"

    # 設定白名單
    DOSWhitelist   127.0.0.1
    DOSWhitelist   192.168.*.*


建立可供 apache 寫入log的 mod_evasive 目錄

$ mkdir /var/lock/mod_evasive; chown apache /var/lock/mod_evasive

重載 apache
$ service httpd reload

安裝DoS Deflate 減輕 DDoS攻擊

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

How To Install (D)DoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

How To UnInstall (D)DoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

How To Edit Configuration File:-

vi /usr/local/ddos/ddos.conf

How To Check The Number Of Connected Ips:-

sh /usr/local/ddos/ddos.sh

How To Restart DDos Deflate:-

sh /usr/local/ddos/ddos.sh -c

更新ClamAv病毒碼！

找到freshclam.conf，然後加入以下三行！
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror clamav.stu.edu.tw
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.net
使系統自動更新病毒碼
在crontab中加入
N * * * * /usr/local/bin/freshclam --quiet
其中的N值要在3~57中間，但不要用偶數值，因為很多工加台都設成偶數值了。

QNAP開機自動執行的方法

Skills required

• must be able to remote login via ssh or telnet (e.g. use SSH PuTTY)
• must know how to edit files using nano, vi, or edit via SFTP (e.g. use WinSCP)

MTD-based method

autorun.sh is a script which will be executed on every startup of the TS-x09, TS-x19 and TS-x39. Editing this file allows you to start your own programs or overwrite config files with your own copies.

Manual edit of autorun.sh

1. Log into your QNAP device using SSH or Telnet, for instance by using Putty
2. Optional: install nano; use ipkg install nano & edit with nano instead of vi
3. Mount config ramblock by finding your specific model below:
   
   TS-201: 
   Mount the config ramblock /dev/mtdblock4:
   # mount -t ext2 /dev/mtdblock4 /tmp/config
   
   1 bay: TS-109, TS-109P, TS-110, TS-119,
   2 bay: TS-209, TS-209P, TS-212, TS-219 (TS-219P II: since the new firmware update you maybe have to use ext4 instead of ext2), 
   4 bay: TS-409 (Marvell ARM), TS-412, TS-419P:
   Mount the config ramblock /dev/mtdblock5:
   # mount -t ext2 /dev/mtdblock5 /tmp/config
   
   TS-439, TS-509, TS-639, TS-809, TS-809U (x86): 
   Mount the config ramblock /dev/sdx6:
   # mount -t ext2 /dev/sdx6 /tmp/config
   
   TS-269L: 
   Mount the config ramblock /dev/sdc6:
   # mount -t ext2 /dev/sdc6 /tmp/config
4. Create/Edit /tmp/config/autorun.sh .
   1. either using vi:

      # vi /tmp/config/autorun.sh

3. Get vi editor into edit mode: press a
4. Edit whatever you need to
5. Exit edit mode: press ESC
   1. 1. Save and exit: press ZZ
   2. or editing it using a desktop PC and e.g. SFTP
6. Ensure that /tmp/config/autorun.sh is executable:

   # chmod +x /tmp/config/autorun.sh

1. IMPORTANT: Unmount the mounted flash partition:

   # umount /tmp/config

editautorun.sh: script to ease autorun.sh edit

If you edit this file regularly you can save some time by creating a shell script (e.g. editautorun.sh) to automate the process. You can call the script by either putting it in the environment path, or add its folder to the path or call it by an alias.

The script contents are:

For TS-201 use ...

mount -t ext2 /dev/mtdblock4 /tmp/config
vi /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
echo .
echo "unmounting /tmp/config..."
umount /tmp/config

For TS-109, TS-109P, TS-119, TS-209, TS-209P, TS-219, TS-412, TS-409 (Marvell ARM) use ...

mount -t ext2 /dev/mtdblock5 /tmp/config
vi /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
echo .
echo "unmounting /tmp/config..."
umount /tmp/config

TS-439, TS-509, TS-639, TS-809, TS-809U (x86) use ...

mount -t ext2 /dev/sdx6 /tmp/config
vi /tmp/config/autorun.sh
chmod +x /tmp/config/autorun.sh
echo .
echo "unmounting /tmp/config..."
umount /tmp/config

autorun.sh: one script to rule them all

Frequently mounting and editing autorun.sh on the flash could be an annoying task. More important, it may reduce the lifetime of some flash blocks. Flash blocks have limited write/erase cycles, and the mtdblock device driver does little to prevent their wear. Read more on this on the http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd" alt="http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd" title="http://www.linux-mtd.infradead.org/faq/general.html#L_ext2_mtd">Linux mtd

web site.

To avoid this, you could configure autorun.sh to launch another script located in the inner drive: in this way there no need to always mount and modify the file inside the flash. but only edit the script file located on your drive.

Create the directory /share/HDA_DATA/.qpkg/autorun and file autorun.sh with:

mkdir /share/HDA_DATA/.qpkg/autorun
cd /share/HDA_DATA/.qpkg/autorun/
touch autorun.sh
chmod +x autorun.sh

The autorun.sh located on the flash could be something like this (just two lines that won't need many changes!):

#!/bin/sh
/share/HDA_DATA/.qpkg/autorun/autorun.sh &

and then edit the file /share/HDA_DATA/.qpkg/autorun/autorun.sh to be used to launch all your startup scripts.

IMPORTANT Notes!

1. Never put any larger files on your flashboot devices and ramdisk; instead, create symbolic links to whatever you want to put there, e.g.:
Create a link from /usr (which is in ramdisk) to /share/MD0_DATA/jre1.6.0_10 (which is on a hard disk) at the mountpoint /usr/java

# ln -sf /share/MD0_DATA/jre1.6.0_10 /usr/java

2. Always use the full system path because locations like /opt/bin or /opt/sbin might not have been exported yet when Autorun.sh is executed, e.g:

No good.

svnserve -d --listen-port=4000 -r /share/subversion

This is better.

/opt/bin/svnserve -d --listen-port=4000 -r /share/subversion

If it still fails to start svnserve, you might try adding this line to your autoexec script:

/bin/ln -sf /opt/bin/ /share/HDA_DATA/opt/bin/

3. Many startup scripts in /etc/init.d overwrite their corresponding configuration files in /etc. In this case overwriting the config file using autorun.sh is not enough; we also have to overwrite the startup script itself. Moreover, many startup scripts get excecuted before autorun, such that we also have to restart the service. In this case an autorun.sh may look like this:

#!/bin/sh

cp /share/MD0_DATA/admin/nfs /etc/init.d/nfs
cp /share/MD0_DATA/admin/exports /etc

/etc/init.d/nfs restart

Very ugly, indeed! However, it seems this is the only way to make it work (unless you want to throw out the QNAP OS and install a 'better' OS on your NAS).

4. On our QNAP TS-879 Pro we were not able to run

/opt/bin/rsyncd-acl.sh start

from the autorun.sh as /opt is not the one from Optware but a directory containing one file, i.e. nasconfig_fs.img.tgz.

Thus we modified /tmp/config/autorun.sh to

#!/bin/sh
log=/share/MD0_DATA/.qpkg/Optware/var/log/autorun
date > $log
# removing bogus /opt
/bin/rm /opt/nasconfig_fs.img.tgz /opt 2>> $log >> $log
/bin/rmdir /opt 2>> $log >> $log
# link correct /opt
/bin/ln -s /share/MD0_DATA/.qpkg/Optware /opt 2>> $log >> $log
# run autorun.sh
/opt/etc/autorun.sh 2>> $log >> $log

created a log file directory

mkdir -p /opt/var/log

and created /opt/etc/autorun.sh on the disk

#!/bin/sh
/opt/bin/rsyncd-acl.sh start

thus no mounting of the flash partition is necessary anymore.

QPKG-based method

With firmware 3.8.2, the #MTD-based_method was broken. With the next firmware update, this bug was corrected, but in the meanwhile, the below workaround has been devised.

This method consists of declaring a dummy QPKG which launches your script at startup.

• Log into your QNAP device using SSH or Telnet, for instance by using Putty
• Edit QPKG config file:

# vi /etc/config/qpkg.conf

• Declare a new dummy package by adding something like that in this file, but take care about the order. e.g. if you would like to start a service from a optware package, be sure optware is initialized before:

[autorun]
Name = autorun
Version = 0.1
Author = neomilium
Date = 2013-05-06
Shell = /share/MD0_DATA/.qpkg/autorun/autorun.sh
Install_Path = /share/MD0_DATA/.qpkg/autorun
Enable = TRUE

As you can see, Shell is the interesting variable: at boot-time, QNAP OS will launch each QPKG's Shell variable content.

Note: if your NAS doesn't have /share/MD0_DATA (i.e. is a one-drive NAS then substitute /share/MD0_DATA by /share/HDA_DATA , on a NAS with the new Storage Manager substitute /share/MD0_DATA by /share/CACHEDEV1_DATA/), put the right directory into the Shell and Install_Pathvariables and adapt the following commands to your needs.

• Create the dummy package directory:

# mkdir /share/MD0_DATA/.qpkg/autorun

• Create the autorun script with the contents of your choice:

# vi /share/MD0_DATA/.qpkg/autorun/autorun.sh

Note: don't forget "#!/bin/sh" at the beginning of script.

• Set the execute bit:

# chmod +x /share/MD0_DATA/.qpkg/autorun/autorun.sh

• Reboot and enjoy!

MTD-based method (old)

This section is here only to make sure existing anchor links continue to work. The meat is in the section MTD-based method.

QPKG-based method (new)

This section is here only to make sure existing anchor links continue to work. The meat is in the section QPKG-based method

Trick & tips

Waiting for encrypted partitions

If your data partition is encrypted, you might have some script that has to wait until the encrypted partition is available. I added a script called waitforenc.sh in my autorun-directory:

#! /bin/sh

# This script ends after the encrypted filesystem has been mounted.

# The following exits successfully (0) if MD0 is mounted
cat /etc/mtab | grep -q MD0
while [[ $? -ne 0 ]] ; do
        sleep 5
        cat /etc/mtab | grep -q MD0
done

And now I'm able to call scripts *after* the encrypted partition is available, without blocking other scripts:

(./waitforenc.sh; /etc/init.d/ldap_server.sh restart ) &

Calling all scripts in a certain directory

Place a file called listoffiles.sh in a directory, create a subdirectory called scripts, add listoffiles.sh to your autorun:

#! /bin/sh
# listoffiles.sh

BASEDIR=$(dirname $0)

echo "" > log/userfiles.log

for i in scripts/*.sh ; do
        if [[ -x $i ]] ; then
                echo -n "$i " >> log/userfiles.log
                echo `date` >> log/userfiles.log
                $i 2>&1 >> log/userfiles.log
                cd $BASEDIR
        fi
done

Optimized networking

• You can also try different values from http://www.speedguide.net/read_articles.php?id=121" alt="http://www.speedguide.net/read_articles.php?id=121" title="http://www.speedguide.net/read_articles.php?id=121">http://www.speedguide.net/read_articles.php?id=121

">SpeedGuide.net

ifconfig eth0 txqueuelen 50000
ifconfig eth1 txqueuelen 50000
echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
echo 2 > /proc/sys/net/ipv4/tcp_frto
echo 2 > /proc/sys/net/ipv4/tcp_frto_response
echo 1 > /proc/sys/net/ipv4/tcp_mtu_probing
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1 > /proc/sys/net/ipv4/tcp_workaround_signed_windows
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 0 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_low_latency
echo 1 > /proc/sys/net/ipv4/tcp_ecn

QNAP mount samb分享的目錄

mount.cifs //192.168.12.34/sharename /share/Public/WindowsShare -o username=user,password=pass

在 Linux 要查詢記憶體大小, 可以用下述指令

在 Linux 要查詢記憶體大小, 可以用下述指令:

• free
• free -m
• cat /proc/meminfo

linux 掛載遠端ftp伺服器的方法

A、安装curlftpfs

A.1、安装DAG repository

Fedora可以直接yum install curlftpfs，CentOS不行，得用DAG repository，所以得先安装DAG repository。

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

A.2、安装 curlftpfs

yum install curlftpfs

B、挂载FTP服务器

B.1、用curlftpfs命令挂载

curlftpfs -o codepage=utf8 ftp://username:password@192.168.192.168 /ftp

也可以用(這是開放權限)curlftpfs -o codepage=utf8 -o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp

codepage：      编码

username：      FTP用户名

password:       FTP密码
192.168.1.111:  FTP地址
/ftp:           准备挂载到的路径

B.2、卸载挂载

fusermount -u /ftp

或

umount /ftp

B.3、开放权限

这样其它用户也能读写了,uid和gid改成你自己的id

sudo curlftpfs –o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp

B.4、开机自动挂载
echo "curlftpfs#username:password@192.168.1.111 /ftp fuse allow_other,uid=0,gid=0 0 0" >> /etc/fstab

兩個NAS掛載其中一台分享出來的資料夾成為本地硬碟！

Steps to do:

On the ARM based QNAP, create the share in common, and grant rights to the NFS Intel based QNAP

On the Intel baed QNAP, create a directory like: / share / MD0_DATA / remotenas

Then type the Following:

mount -t nfs : /   / share / MD0_DATA / remotenas

我的nas檔案同步到其外接USB碟的指令

rsync -avl --delete -exclude-from=/tmp/nonecopy /volume1/ /volumeUSB1/usbshare/LocalBackup/