2014 年 1 月 – Linux Cache

使用SSH管理Dell iDRAC远程控制卡

1 月 212014

使用SSH命令行方式管理Dell iDRAC远程控制卡

登录用户名root默认密码calvin
login as: root
root@192.168.15.80’s password:
WARNING: Default password is configured. Dell highly recommends changing user root’s password immediately
/admin1-> help
[Usage]
show   [<options>] [<target>] [<properties>]
[<propertyname>== <propertyvalue>]
set    [<options>] [<target>] <propertyname>=<value>
cd     [<options>] [<target>]
create [<options>] <target> [<property of new target>=<value>]
[<property of new target>=<value>]
delete [<options>] <target>
exit   [<options>]
reset [<options>] [<target>]
start [<options>] [<target>]
stop   [<options>] [<target>]
version [<options>]
help   [<options>] [<help topics>]
load -source <URI> [<options>] [<target>]
dump -destination <URI> [<options>] [<target>]

/admin1->

进入远程控制卡的管理模式
/admin1-> racadm
racadm>>

查看用户帐户信息
racadm>>racadm getconfig -g cfgUserAdmin -i 2 -v
racadm_commands_options_objects

racadm getconfig -g cfgUserAdmin -i 2 -v
# cfgUserAdminIndex=2
cfgUserAdminUserName=root
# cfgUserAdminPassword=******** (Write-Only)
cfgUserAdminEnable=1 (TRUE)
cfgUserAdminPrivilege=0x000001ff
cfgUserAdminIpmiLanPrivilege=4 (4)
cfgUserAdminIpmiSerialPrivilege=4 (4)
cfgUserAdminSolEnable=1 (TRUE)

racadm>>

修改root用户的密码

racadm>>racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 calvin
racadm_commands_options_objects

racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 calvin
Object value modified successfully

racadm>>

使用浏览器管理Dell iDRAC远程控制卡，需Firefox 浏览器，使用IE登录提示帐户错误无法登录

HOYOYO.COM 2011年-2013年流量统计

未分类 No Responses »

1 月 202014

traffic-hk-2011-01 traffic-hk-2012-02 traffic-hk-2013-03 traffic-tw-2011-04 traffic-tw-2012-05 traffic-tw-2013-06 traffic-jp-2011-07 traffic-jp-2012-08 traffic-jp-2013-09 traffic-sg-2011-10 traffic-sg-2012-11 traffic-sg-2013-12 traffic-cn-2011-13 traffic-cn-2012-14 traffic-cn-2013-15

ASA 8.4.1/8.4.2 ASDM 6.4.1/6.4.5 下载

未分类 No Responses »

1 月 162014

Cisco ASA 5500 Series Configuration Guide using the CLI

适用版本
Software Version 8.4 and 8.6 for the ASA 5505, ASA 5510, ASA 5520, ASA
5540, ASA 5550, ASA 5580, ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA
5545-X, ASA 5555-X, and ASA 5585-X
Released: January 31, 2011

Cisco ASA 5500 Series Configuration Guide using ASDM

适用版本
Software Version 6.4 and 6.6 for the ASA 5505, ASA 5510, ASA 5520, ASA
5540, ASA 5550, ASA 5580, ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA
5545-X, ASA 5555-X, and ASA 5585-X
Released: January 31, 2011
Updated: October 31, 2012

相关下载：
(1) ASA 8.4.1 (2) ASA 8.4.2 (3) ASDM 6.4.1 (4) ASDM 6.4.5

(5) Cisco ASA 5500 Series Configuration Guide using the CLI

(6) Cisco ASA 5500 Series Configuration Guide using ASDM

Cisco ASA 5505 IP与端口映射配置

未分类 No Responses »

1 月 152014

定义对象类型为主机

object network 192.168.15.10
 host 192.168.15.10

定义对象组并添加一条开放3389端口的服务

object-group service 192.168.3.101
 service-object tcp-udp destination eq 3389

添加静态NAT映射

object network 192.168.15.10
 nat (inside,outside) static 192.168.3.101 dns

添加访问控制列表

access-list outside_access extended permit object-group 192.168.3.101 any object 192.168.15.10
access-list outside_access_in extended permit ip any any

应用访问控制列表

access-group outside_access_in in interface outside control-plane
access-group outside_access in interface outside

尝试连接防火墙上开放的服务端口（远程桌面 3389）

asa5505-mapped-ip-01

点连接后提示输入用户名和密码，证实开放端口服务的会话已经开始

asa5505-mapped-ip-02

加密方式对ASA 5505 SSH ASDM的影响

未分类 No Responses »

1 月 152014

使用Chrome浏览器访问已正确启用ASDM的设备IP后返回的错误提示信息

在IE和Firefox浏览器下不返回任何提示

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Error code: ERR_SSL_PROTOCOL_ERROR

asa5505-cipher-ssh-asdm-01

使用putty登录SSH服务时提示使用了不安全的Single-DES加密方法

asa5505-cipher-ssh-asdm-02

申请加密方法License网址

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

输入设备序列号，通过sh run查看

asa5505-cipher-ssh-asdm-03

选择接受License信息的联系人信息

asa5505-cipher-ssh-asdm-04

等待完成请求

asa5505-cipher-ssh-asdm-05

请求成功，提示邮件已经发送至指定的邮箱中。

asa5505-cipher-ssh-asdm-06

查看邮件

asa5505-cipher-ssh-asdm-07

asa5505-cipher-ssh-asdm-08 asa5505-cipher-ssh-asdm-09 asa5505-cipher-ssh-asdm-10

启用SSH v2协议的错误提示
ciscoasa(config)# ssh version 2
ERROR: SSH version 2 requires a VPN-3DES-AES activation key.
ciscoasa(config)#

使用Putty登录的加密方法提示
查看启用和未启用的加密方式
ciscoasa# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: des-sha1
Disabled ciphers: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
ciscoasa#
在Cisco官方网站申请
激活许可证
ciscoasa# activation-key d722c45d 906ea02d eca1c1a8 9418a8e8 c20f1bab
Validating activation key. This may take a few minutes…
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa#
启用可用加密方式
ciscoasa# config t

ciscoasa(config)# ssl encryption 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1

ciscoasa(config)# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: 3des-sha1 rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1
Disabled ciphers: des-sha1 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled
ciscoasa(config)#

启用SSH Version 2不再报错

ciscoasa(config)# ssh version 2
ciscoasa(config)#

开启ASDM访问

ciscoasa(config)# aaa authentication http console LOCAL
ciscoasa(config)# http server enable
ciscoasa(config)# http 0 0 outside

ciscoasa(config)# logging enable
ciscoasa(config)# logging asdm informational

Unlimited hosting space 的定义

未分类 No Responses »

1 月 142014

Unlimited Hosting Space; excessive MySQL files.HostMonster does not set arbitrary limits on the amount of disk space a Subscriber can use for the Subscriber’s website, nor does HostMonster charge additional fees based on an increased amount of storage used, provided the Subscriber’s use of storage complies with these Terms. Please note, however, that the HostMonster service is designed to host websites. HostMonster does NOT provide unlimited space for online storage, backups, or archiving of electronic files, documents, log files, etc., and any such prohibited use of the Services will result in the termination of Subscriber’s account, with or without notice. Accounts with a large number of files (inode count in excess of 200,000) can have an adverse affect on server performance. Similarly, accounts with an excessive number of MySQL/PostgreSQL tables (i.e., in excess of 1000 database tables) or of database size (i.e., in excess of 3GB total MySQL/PostgreSQL usage or 2GB MySQL/PostgreSQL usage in a single database) negatively affect the performance of the server. HostMonster may request that the number of files/inodes, database tables, or total database usage be reduced to ensure proper performance or may terminate the Subscriber’s account, with or without notice.

linuxcache.com 2012/2013年流量统计

未分类 No Responses »

1 月 102014

linuxcache.com-traffic-2013

linuxcache.com-traffic-2012

使用rsync在服务器间进行文件同步

未分类 No Responses »

1 月 102014

服务器端设置

[root@backup ~]# yum install xinetd rsync

[root@www ~]# cat /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = –daemon
log_on_failure += USERID
}
[root@www ~]#
[root@www ~]# cat /etc/rsyncd.secrets
root:ju7ggtu6nji9
[root@www ~]#

[root@www ~]# chmod 600 /etc/rsyncd.secrets
[root@www ~]# cat /etc/rsyncd.conf
port=873
uid = apache
gid = apache
user chroot = no
max connections = 200
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
[backup]
path = /var/www/html
ignore errors
read only = no
list = no
#hosts allow = 192.168.1.0/255.255.255.0
auth users = root
secrets file = /etc/rsyncd.secrets
[root@www ~]#
启动服务
[root@www ~]# rsync –daemon

[root@www ~]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
/usr/bin/rsync –daemon
[root@www ~]#

客户端设置
[root@backup ~]# yum install rsync

[root@backup ~]# cat /etc/rsync.passwd
ju7ggtu6nji9
[root@backup ~]#
定时任务
05 2 * * * root rsync -avz –progress –password-file=/etc/rsync.passwd root@152.101.1.2::backup /var/www/html/
端口TCP873

ESXi克隆虚拟机的MAC与设备名称问题

未分类 No Responses »

1 月 092014

Device eth0 does not seem to be present,delaying initialization.

/etc/udev/rules.d/70-persistent-net.rules

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:50:56:86:71:b6″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:50:56:86:71:bf”, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″
/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:50:56:86:71:bf
TYPE=Ethernet
UUID=ada09be3-2f7a-4dd9-9ed5-3d95cf97e4cf
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp

无需重启