Submitted by admin on 2016, December 16, 11:13 AM
yum install -y samba
chkconfig --level 35 smb on
vi /etc/samba/smb.conf
[web]
comment = web
path = /data/web
browseable = yes
writable = yes
chown webd.webd web
system user,etc:webd
useradd webd
添加smb用户
/usr/local/samba/bin/smbpasswd -a webd
列出共享目录
smbclient -L 127.0.0.1 -U webd%123456
进入命令行模式
smbclient //127.0.0.1/web -U webd%123456
---------------------------
1,列出某个IP地址所提供的共享文件夹
smbclient -L 198.168.0.1 -U username%password
2,像FTP客户端一样使用smbclient
smbclient //192.168.0.1/tmp -U username%password
执行smbclient命令成功后,进入smbclient环境,出现提示符: smb:/> 这时输入?会看到支持的命令
这里有许多命令和ftp命令相似,如cd 、lcd、get、megt、put、mput等。通过这些命令,我们可以访问远程主机的共享资源。
3,直接一次性使用smbclient命令
smbclient -c "ls" //192.168.0.1/tmp -U username%password
和
smbclient //192.168.0.1/tmp -U username%password
smb:/>ls
功能一样的
例,创建一个共享文件夹
smbclient -c "mkdir share1" //192.168.0.1/tmp -U username%password
如果用户共享//192.168.0.1/tmp的方式是只读的,会提示
NT_STATUS_ACCESS_DENIED making remote directory /share1
4,除了使用smbclient,还可以通过mount和smbcount挂载远程共享文件夹
挂载 mount -t cifs -o username=administrator,password=123456 //192.168.0.1/tmp /mnt/tmp
取消挂载 umount /mnt/tmp
linux | 评论:0
| Trackbacks:0
| 阅读:833
Submitted by admin on 2016, December 16, 11:11 AM
按照节点上的安装方法,安装完成后,再如下操作,完成https的添加和配置
yum install -y openssl-devel
cd /tmp
cd squid-3.1.22
make clean
./configure \
--prefix=/www/wdlinux/squid-3.1.22 \
--with-pthreads \
--enable-storeio="aufs,ufs" \
--enable-async-io \
--disable-internal-dns \
--enable-stacktraces \
--disable-ident-lookups \
--enable-removal-policies='heap,lru' \
--with-aio \
--with-filedescriptors=65536 --enable-ssl
make
make install
完成后,修改下配置文件
vim /www/wdlinux/squid/etc/squid.conf
在 http_port 80 vhost vport 行下面,添加如下一行
https_port 443 cert=/www/wdlinux/squid/etc/3_user_www.zgnpo.com.crt key=/www/wdlinux/squid/etc/4_user_www.zgnpo.com.key defaultsite=www.zgnpo.com
将证书文件传到
/www/wdlinux/squid/etc/目录下
然后重起下服务
service squid restart
就可以了
squid/缓存 | 评论:0
| Trackbacks:0
| 阅读:883
Submitted by admin on 2016, December 16, 11:10 AM
--prefix=/usr/local/squid --enable-dlmalloc --with-pthreads --enable-epoll --enable-stacktrace --enable-removal-policies=heap,lru --enable-delay-pools --enable-storeio=aufs,coss,diskd,ufs --enable-snmp
range_offset_limit -1
quick_abort_min -1 KB
refresh_pattern -i \.flv$ 1440 50% 2880 ignore-reload
http://bbs.linuxtone.org/thread-1933-1-1.html
使用Squid筹建内网视频缓存系统
http://www.myexception.cn/operating-system/2024535.html
squid/缓存 | 评论:0
| Trackbacks:0
| 阅读:852
Submitted by admin on 2016, December 16, 11:08 AM
wdcp 安装vpn成功了,很简单。
机器环境 centos Linux 2.6.32-358.6.2.el6.x86_64 wdcp wdcp_v2.5.8
安装脚本和步骤
第一步:
wget http://www.huzs.net/soft/pptp_onekey/pptpd6.sh
复制代码
第二步:
sh pptpd6.sh
复制代码
安装完成后会提示vpn用户名和密码。
第三步:
在后台---安全管理---防火墙中,查看添加规则。
在目标端口中填写:1723 操作--选择通过。
提示:如果防火墙中已经有了这条规则请先删除再重新添加。
VPN用户管理:
直接编辑文件:,按照相同格式添加用户名和密码即可。
vi /etc/ppp/chap-secrets
我已经成功了,如果你也成功了就顶下吧。
如果第一步脚本地址失效
附上脚本代码,执行即可。
yum remove -y pptpd ppp
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp
arch=`uname -m`
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.$arch.rpm
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers dkms kernel_ppp_mppe ppp
rpm -Uvh pptpd-1.3.4-2.el6.$arch.rpm
mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "localip 172.16.22.254" >> /etc/pptpd.conf
echo "remoteip 172.16.22.1-253" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd
pass=`openssl rand 6 -base64`
if [ "$1" != "" ]
then pass=$1
fi
echo "vpn pptpd ${pass} *" >> /etc/ppp/chap-secrets
iptables -t nat -A POSTROUTING -s 172.16.22.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
iptables -A FORWARD -p tcp --syn -s 172.16.22.0/24 -j TCPMSS --set-mss 1356
iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
service iptables save
chkconfig iptables on
chkconfig pptpd on
service iptables start
service pptpd start
echo "VPN service is installed, your VPN username is vpn, VPN password is ${pass}"
复制代码
linux | 评论:0
| Trackbacks:0
| 阅读:816
Submitted by admin on 2016, December 16, 11:07 AM
wget http://mirrors.sohu.com/mysql/MySQL-5.7/mysql-5.7.12.tar.gz
yum install -y gcc gcc-c++ make sudo autoconf libtool-ltdl-devel gd-devel freetype-devel libxml2-devel libjpeg-devel libpng-devel openssl-devel curl-devel patch libmcrypt-devel libmhash-devel ncurses-devel bzip2 libcap-devel ntp sysklogd diffutils sendmail iptables unzip cmake wget re2c bison icu libicu libicu-devel net-tools psmisc vim-enhanced
cmake . -DCMAKE_INSTALL_PREFIX=/mysql \
-DMYSQL_DATADIR=/mysql/data \
-DSYSCONFDIR=/mysql/etc \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DENABLED_LOCAL_INFILE=1 \
-DENABLE_DTRACE=0 \
-DDEFAULT_CHARSET=utf8mb4 \
-DDEFAULT_COLLATION=utf8mb4_general_ci \
-DWITH_EMBEDDED_SERVER=1 \
-DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr -DENABLE_DOWNLOADS=1
groupadd -g 27 mysql
useradd -g 27 -u 27 -d /dev/null -s /sbin/nologin mysql
/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/mysql --datadir=/mysql/data
groupadd -g 27 mysql
useradd -g 27 -u 27 -d /dev/null -s /sbin/nologin mysql
chown mysql.mysql /mysql/data -R
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod 755 /etc/rc.d/init.d/mysqld
chkconfig --level 35 mysqld on
mysql/db | 评论:0
| Trackbacks:0
| 阅读:759
Submitted by admin on 2016, December 16, 11:06 AM
upstream nginx{
server 192.168.1.10:88 weight=3;
server 192.168.1.11:80 weight=10;
ip_hash;
}
server{
listen 80;
server_name nginx.test.wdlinux.cn;
location / {
index index.html;
root /usr/html;
proxy_pass http://nginx;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# hash $cookie_jsessionid;
hash $remote_addr consistent;
server 192.168.142.128:8080 weight=3;
server 192.168.142.129:80 weight=10;
# hash $cookie_jsessionid;
# server 192.168.142.130:80;
# ip_hash;
# hash_again 1;
# consistent_hash $remote_addr:可以根据客户端ip映射
# consistent_hash $request_uri: 根据客户端请求的uri映射
# consistent_hash $args:根据客户端携带的参数进行映射
nginx | 评论:0
| Trackbacks:0
| 阅读:806
Submitted by admin on 2016, December 16, 11:03 AM
视频加水印
ffmpeg -i 094301010916b3019b0174515.mp4 -vf "movie=logo1.png [logo]; [in][logo] overlay=0:0 [out]" 13.mp4
视频合并
ffmpeg -i concat:"2122180309164d675fa82952.mp4|single_jpg.mp4" -c copy oo.mp4
图片转视频
ffmpeg -f image2 -stream_loop 100 -i vv5851.jpg -b:v 200k -r 10 -s 640x480 -acodec libfaac -y single_jpg.mp4
wget http://ffmpeg.org/releases/ffmpeg-3.1.3.tar.bz2
tar jxvf ffmpeg-3.1.3.tar.bz2
cd ffmpeg-3.1.3
./configure --prefix=/usr --disable-yasm --enable-libx264 --enable-gpl
make
make install
--enable-libmp3lame --enable-libvorbis --enable-gpl --enable-version3 --enable-nonfree --enable-pthreads --enable-libfaac --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libx264 --enable-libxvid --enable-postproc --enable-ffserver --enable-ffplay
#以下脚本保存成.sh文件运行,不会出现中文乱码问题 网上查到用enable关键字控制,实际是draw
#加水印 水印位置由x,y,w,h来控制
#ffmpeg编译时需--enable-libfreetype才能用此功能
#!/bin/bash
ffmpeg -y -i jiushu.mpg -acodec libfaac -b:a 30k -ar 44100 -r 15 -ac 2 -s 480x272 -vcodec libx264 -refs 2 -x264opts keyint=150:min-keyint=15 -vprofile baseline -level 20 -b:v 200k -vf "drawtext=fontfile=/mnt/hgfs/zm/simhei.ttf: text=‘来源:迅雷‘:x=100:y=x/dar:fontsize=24:fontcolor=yellow@0.5:shadowy=2" drawtext.mp4
#加水印,显示10秒
#!/bin/bash
ffmpeg -y -i jiushu.mpg -acodec libfaac -b:a 30k -ar 44100 -r 15 -ac 2 -s 480x272 -vcodec libx264 -refs 2 -x264opts keyint=150:min-keyint=15 -vprofile baseline -level 20 -b:v 200k -vf "drawtext=fontfile=/mnt/hgfs/zm/simhei.ttf: text=‘来源:迅雷‘:x=100:y=x/dar:draw=‘if(gt(n,0),lt(n,250))‘:fontsize=24:fontcolor=yellow@0.5:shadowy=2" drawtext.mp4
#加水印,每3秒显示1秒
#!/bin/bash
ffmpeg -y -i jiushu.mpg -acodec libfaac -b:a 30k -ar 44100 -r 15 -ac 2 -s 480x272 -vcodec libx264 -refs 2 -x264opts keyint=150:min-keyint=15 -vprofile baseline -level 20 -b:v 200k -vf "drawtext=fontfile=/mnt/hgfs/zm/simhei.ttf: text=‘来源:迅雷‘:x=w-100:y=100:draw=lt(mod(t\,3)\,1):fontsize=24:fontcolor=yellow@0.5:shadowy=2" drawtext.mp4
http://suncom.diandian.com/post/2013-09-12/40053016139
ffmpeg -y -i 007.mp4 -acodec libfaac -b:a 30k -ar 44100 -r 15 -ac 2 -s 480x272 -vcodec libx264 -refs 2 -x264opts keyint=150:min-keyint=15 -vprofile baseline -level 20 -b:v 200k -vf "drawtext=fontfile=/root/ffmpeg/simhei.ttf: text='vv5851':x=w-100:y=100:draw=lt(mod(t\,3)\,1):fontsize=24:fontcolor=yellow@0.5:shadowy=2" n007.mp4
--enable-libx264
ftp://ftp.videolan.org/pub/x264/snapshots/last_x264.tar.bz2
./configure --enable-shared --disable-asm && make && make install
编译FAAC-1.28时遇到错误:
mpeg4ip.h:126: error: new declaration ‘char* strcasestr(const char*, const char*)’
解决方法:
从123行开始修改此文件mpeg4ip.h,到129行结束。
修改前:
#ifdef __cplusplus
extern "C" {
#endif
char *strcasestr(const char *haystack, const char *needle);
#ifdef __cplusplus
}
#endif
修改后:
#ifdef __cplusplus
extern "C++" {
#endif
const char *strcasestr(const char *haystack, const char *needle);
#ifdef __cplusplus
}
#endif
linux | 评论:0
| Trackbacks:0
| 阅读:796
Submitted by admin on 2016, December 16, 11:02 AM
Below is my iptables rules set. This works like a charm. I have created a https transparent intercept proxy and send all traffic through that proxy server.
Using this iptables rules, I can control the network.
2086, 2087, 2095 ports are open because we use WHM cpanel and cpanel web mail.
8080 for additional web server.
192.168.2.0 is the local network.
IPTables rule:
#Generated by iptables-save v1.4.8 on Tue Mar 10 15:03:01 2015
*nat
:PREROUTING ACCEPT [470:38063]
:POSTROUTING ACCEPT [9:651]
:OUTPUT ACCEPT [1456:91962]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.2.1:3127
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Mar 10 15:03:01 2015
# Generated by iptables-save v1.4.8 on Tue Mar 10 15:03:01 2015
*filter
:INPUT ACCEPT [2106:729397]
:FORWARD ACCEPT [94:13475]
:OUTPUT ACCEPT [3252:998944]
-A INPUT -p tcp -m tcp --dport 3127 -j ACCEPT
-A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "peer_id=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "info_hash" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "get_peers" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce_peer" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "find_node" --algo bm --to 65535 -j DROP
-A FORWARD -s 192.168.2.0/24 -p tcp -m tcp --sport 1024:65535 --dport 8080 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -p tcp -m tcp --sport 1024:65535 --dport 2086 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -p tcp -m tcp --sport 1024:65535 --dport 2087 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -p tcp -m tcp --sport 1024:65535 --dport 2095 -j ACCEPT
-A FORWARD -s 192.168.2.0/24 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.2.0/24 -p udp -m udp --sport 1024:65535 --dport 1024:65535 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Mar 10 15:03:01 2015
---------------------------------------------------
iptables -t mangle -I OUTPUT -p tcp -m ipp2p --ares --soul --winmx --apple --dc -j DROP
iptables -t mangle -I OUTPUT -m ipp2p --edk --kazaa --bit --gnu -j DROP
iptables -t mangle -I INPUT -m ipp2p --edk --kazaa --bit --gnu -j DROP
iptables -t mangle -I INPUT -p tcp -m ipp2p --ares --soul --winmx --apple --dc -j DROP
iptables -t mangle -L INPUT -nvx --line-numbers
curl -Lk https://mirrors.dwhd.org/kernel-ml-aufs/kernel-ml-auf.repo >/etc/yum.repos.d/kernel-ml-aufs.repo
yum -y remove kernel-headers
yum install gcc gcc-c++ make automake unzip zip xz kernel-devel iptables-devel perl-Text-CSV_XS -y
curl -Lk https://sourceforge.net/projects/xtables-addons/files/Xtables-addons/2.11/xtables-addons-2.11.tar.xz|xz -d|tar x -C /usr/src/ && \
cd /usr/src/xtables-addons-2.11/
./configure && \
make -j `awk '/processor/{a++}END{print a}' /proc/cpuinfo` && make install
-----------
wget http://mirrors.dwhd.org/Kernel/v4.x/linux-4.2.tar.xz
tar xf linux-4.2.tar.xz -C /usr/src/
cd /usr/src/linux-4.2/
cp /boot/config-`uname -r` .config
sh -c 'yes "" | make oldconfig'
make -j `awk '/processor/{a++}END{print a}' /proc/cpuinfo` bzImage
make -j `awk '/processor/{a++}END{print a}' /proc/cpuinfo` modules
make -j `awk '/processor/{a++}END{print a}' /proc/cpuinfo` modules_install
make install
sed -ri 's/(default=).*/\10/' /boot/grub/grub.conf
reboot
安装ipp2p扩展
yum install -y http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
yum clean all && yum makecache
yum install gcc gcc-c++ make automake unzip zip xz kernel-devel iptables-devel perl-Text-CSV_XS -y
wget http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/xtables-addons-2.10.tar.xz
tar xf xtables-addons-2.10.tar.xz
cd xtables-addons-2.10/
./configure
make -j `awk '/processor/{a++}END{print a}' /proc/cpuinfo` && make install && cd geoip/
./xt_geoip_dl
./xt_geoip_build GeoIPv6.csv
./xt_geoip_build GeoIPCountryWhois.csv
mkdir -p /usr/share/xt_geoip/
cp -a BE LE /usr/share/xt_geoip/
来看看ipp2p的用法格式
iptables -m ipp2p --help | sed -n -e '/ipp2p/,//p'
ipp2p v0.10 match options:
--edk [tcp,udp] All known eDonkey/eMule/Overnet packets
--dc [tcp] All known Direct Connect packets
--kazaa [tcp,udp] All known KaZaA packets
--gnu [tcp,udp] All known Gnutella packets
--bit [tcp,udp] All known BitTorrent packets
--apple [tcp] All known AppleJuice packets
--winmx [tcp] All known WinMX
--soul [tcp] All known SoulSeek
--ares [tcp] All known Ares
EXPERIMENTAL protocols:
--mute [tcp] All known Mute packets
--waste [tcp] All known Waste packets
--xdcc [tcp] All known XDCC packets (only xdcc login)
ipp2p扩展的具体用法演示
##下面的是封IPv4出本机的P2P
iptables -t mangle -I OUTPUT -p tcp -m ipp2p --ares --soul --winmx --apple --dc -j DROP
iptables -t mangle -I OUTPUT -m ipp2p --edk --kazaa --bit --gnu -j DROP
##下面是封进入本机的P2P
iptables -t mangle -I INPUT -m ipp2p --edk --kazaa --bit --gnu -j DROP
iptables -t mangle -I INPUT -p tcp -m ipp2p --ares --soul --winmx --apple --dc -j DROP
iptables -t mangle -L INPUT -nvx --line-numbers
http://www.52codes.net/article/1088.html
linux | 评论:0
| Trackbacks:0
| 阅读:835
