随机应变 ABCD: Always Be Coding and … : хороший
ip6tables is used to set, manage and check the table of the IPv6 packet filter rules of the Linux kernel. There is a possibility that several different tables are defined. Each table contains a built in chain. It can also contain user-defined chains. Each rule specifies what to do for matched packet. This is called a “target” and sometimes jumps to a user-defined chain in the same table.
# service iptables stop # service ip6tables stop # chkconfig iptables off # chkconfig ip6tables off
“/etc/sudoers” is the configuration file that describe the users that can be changed with the sudo command and the commands that can be executed.
[vagrant@localhost ~]$ sudo cat /etc/sudoers ## Sudoers allows particular users to run various commands as ## the root user, without needing the root password. ## ## Examples are provided at the bottom of the file for collections ## of related commands, which can then be delegated out to particular ## users or groups. ## ## This file must be edited with the 'visudo' command. ## Host Aliases ## Groups of machines. You may prefer to use hostnames (perhaps using ## wildcards for entire domains) or IP addresses instead. # Host_Alias FILESERVERS = fs1, fs2 # Host_Alias MAILSERVERS = smtp, smtp2 ## User Aliases ## These aren't often necessary, as you can use regular groups ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname ## rather than USERALIAS # User_Alias ADMINS = jsmith, mikem ## Command Aliases ## These are groups of related commands... ## Networking # Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ## Installation and management of software # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum ## Services # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig ## Updating the locate database # Cmnd_Alias LOCATE = /usr/bin/updatedb ## Storage # Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount ## Delegating permissions # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp ## Processes # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall ## Drivers # Cmnd_Alias DRIVERS = /sbin/modprobe # Defaults specification # # Refuse to run if unable to disable echo on the tty. # Defaults !visiblepw # # Preserving HOME has security implications since many programs # use it when searching for configuration files. Note that HOME # is already set when the the env_reset option is enabled, so # this option is only effective for configurations where either # env_reset is disabled or HOME is present in the env_keep list. # Defaults always_set_home Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" # # Adding HOME to env_keep may enable a user to run unrestricted # commands via sudo. # # Defaults env_keep += "HOME" Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple ## systems). ## Syntax: ## ## user MACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d
おう、なんか凄いことになってるな。Cmndが多いな。
curl -k
Ignore SSL error and continue processing(-K)
Server-side certificate is invalid, client-side root certificate is invalid, etc.
curl -k http://www.sample.com
curl -L
make redirect(-L)
curl -L http://www.example.com
save the downloaded data as a file
vim.tar.bz2 http://ftp2.jp.vim.org/pub/vim/unix/vim-8.1.tar.bz2
# useradd ${username}
If the user’s password is required, do as follows.
echo "password" | passwd ${username] --stdin
A command to return the package list(yum list installed, rpm -qa)
you can obtain a list of package names you want to search by piping to grep command to search for caracter strings.
[vagrant@localhost ~]$ yum list installed | grep gcc gcc.x86_64 4.4.7-23.el6 @base gcc-c++.x86_64 4.4.7-23.el6 @base libgcc.x86_64 4.4.7-23.el6 @base
うん、インストールされているようだね。
[vagrant@localhost ~]$ yum list installed | grep perl
perl.x86_64 4:5.10.1-144.el6 @base
perl-CPAN.x86_64 1.9402-144.el6 @base
perl-DBD-MySQL.x86_64 4.013-3.el6 @base
perl-DBI.x86_64 1.609-4.el6 @base
perl-Digest-SHA.x86_64 1:5.47-144.el6 @base
perl-Error.noarch 1:0.17015-4.el6 @base
perl-ExtUtils-MakeMaker.x86_64 6.55-144.el6 @base
perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-144.el6 @base
perl-Git.noarch 1.7.1-9.el6_9 @base
perl-Module-Pluggable.x86_64 1:3.90-144.el6 @base
perl-Pod-Escapes.x86_64 1:1.04-144.el6 @base
perl-Pod-Simple.x86_64 1:3.13-144.el6 @base
perl-Test-Harness.x86_64 3.17-144.el6 @base
perl-devel.x86_64 4:5.10.1-144.el6 @base
perl-libs.x86_64 4:5.10.1-144.el6 @base
perl-version.x86_64 3:0.77-144.el6 @base
[vagrant@localhost ~]$ perl -v
This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi
Copyright 1987-2009, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using “man perl” or “perldoc perl”. If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
GNU Compiler Collection
gcc is a compiler developed and published by the GNU project. It is packaged with compilers of various programming languages. It is standardly used in many UNIX based OSs, and in open source OS, it is often used for compiling OS itself.
kernel-devel is necessary to build modules such as devices
On CentOS(rpm-based OS), install Linux Kernel-devel with consistency with kernel
By the way, kernel-devel seems to contain the minimum source necessary for building modules
[vagrant@localhost ~]$ rpm -qa | grep kernel
kernel-devel-2.6.32-754.2.1.el6.x86_64
kernel-2.6.32-754.3.5.el6.x86_64
kernel-firmware-2.6.32-754.3.5.el6.noarch
dracut-kernel-004-411.el6.noarch
kernel-headers-2.6.32-754.3.5.el6.x86_64
kernel-devel-2.6.32-754.3.5.el6.x86_64
kernel-2.6.32-754.2.1.el6.x86_64
kernel-2.6.32-642.el6.x86_64
kernel-devel, kernel-headers ともに入ってますね。
kernel-headers
A C language header file related to the kernel is packaged.
It is necessary for rebuilding the kernel and compiling system related programs.
[vagrant@localhost ~]$ rpm -qi kernel-headers
Name : kernel-headers Relocations: (not relocatable)
Version : 2.6.32 Vendor: CentOS
Release : 754.3.5.el6 Build Date: 2018年08月15日 06時04分13秒
Install Date: 2018年10月07日 19時48分45秒 Build Host: x86-01.bsys.centos.org
Group : Development/System Source RPM: kernel-2.6.32-754.3.5.el6.src.rpm
Size : 2776586 License: GPLv2
Signature : RSA/SHA1, 2018年08月15日 10時59分21秒, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem
URL : http://www.kernel.org/
Summary : Header files for the Linux kernel for use by glibc
Description :
Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs. The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.
ん? Linux kernelのことか?
[vagrant@localhost ~]$ rpm -ql kernel-headers | more
/usr/include/asm
/usr/include/asm-generic
/usr/include/asm-generic/auxvec.h
/usr/include/asm-generic/bitsperlong.h
/usr/include/asm-generic/errno-base.h
/usr/include/asm-generic/errno.h
/usr/include/asm-generic/fcntl.h
/usr/include/asm-generic/int-l64.h
/usr/include/asm-generic/int-ll64.h
/usr/include/asm-generic/ioctl.h
/usr/include/asm-generic/ioctls.h
/usr/include/asm-generic/ipcbuf.h
/usr/include/asm-generic/mman-common.h
/usr/include/asm-generic/mman.h
/usr/include/asm-generic/msgbuf.h
/usr/include/asm-generic/param.h
/usr/include/asm-generic/poll.h
/usr/include/asm-generic/posix_types.h
/usr/include/asm-generic/resource.h
/usr/include/asm-generic/sembuf.h
/usr/include/asm-generic/setup.h
/usr/include/asm-generic/shmbuf.h
/usr/include/asm-generic/shmparam.h
echo nl2br("これ\r\nは\r\nどう表示される");
<?php
$content = $_POST['content'];
if(!empty($content)){
echo nl2br($content);
} else {
}
?>
<form method="post" action="/">
<textarea name="content" rows="4" cols="40"></textarea>
<input type="submit" value="送信">
</form>
なるほどー
あれ、まてよ。pdoでmysqlに入れてみます。
$content = $_POST['content'];
if(!empty($content)){
$value = nl2br($content);
} else {
}
try {
$pdo = new PDO('mysql:host=localhost;dbname=test;charset=utf8','root','',
array(PDO::ATTR_EMULATE_PREPARES => false));
} catch (PDOException $e) {
exit('データベース接続失敗。'.$e->getMessage());
}
$stmt = $pdo -> prepare("INSERT INTO news (content) VALUES (:content)");
$stmt->bindParam(':content', $value, PDO::PARAM_STR);
$stmt->execute();
echo "成功";
?>
<form method="post" action="/">
<textarea name="content" rows="4" cols="40"></textarea>
<input type="submit" value="送信">
</form>
mysql> alter table news change content content varchar(100);
Query OK, 4 rows affected (0.24 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> describe news;
+---------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| content | varchar(100) | YES | | NULL | |
+---------+--------------+------+-----+---------+----------------+
2 rows in set (0.03 sec)
mysql> select * from news;
+----+----------------------------------+
| id | content |
+----+----------------------------------+
| 1 | テスト |
| 2 | 10byte以上を入 |
|
|
| 5 | ほげほげ
ふぉおお |
+----+----------------------------------+
5 rows in set (0.00 sec)
なんだ、行けるじゃん。
textareaで改行した値をmysqlに格納することは可能。
check the status of Apache
[vagrant@localhost ~]$ /etc/init.d/httpd status
httpd status unknown due to insufficient privileges.
restart apache
[vagrant@localhost ~]$ sudo service httpd restart
httpd を停止中: [ OK ]
httpd を起動中: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
Web server configuration file for each directory that can be used in an environment where software such as Apache is used.
When this is installed in a specific directory, the contents described in “.htaccess” are applied to the directory in the installed directory and directory under it.
How to make .htaccess file
1. create and save a file named “.htaccess” with text editor.
2. describe what you want to control and configure with apache and save.
3. uploaded to the server and renamed to “.htaccess”
1. Basic authentication
It is a mechanism for forcing ID and password input with authentication in the directory etc.
If you want to play the site before publishing with users and Google bot.
If you want to publish it only to those who know the ipass.
AuthUserfile /fullpath/.htpasswd AuthGroupfile /dev/null AuthName "Please enter your ID and password" AuthType Basic require valid-user
2. 301 Redirect
It is the transfer method most used in SEO, which can inherit evaluation from old page to new page. It is called permanent relocation, and it is used for URL change and domain transfer.
RewriteEngine on RewriteRule ^old.html$ http://sample.com/new.php [R=301,L]
3. URL normalization
It refers to unifying the URL to one. For example, in the following cases, Google recognizes each as a different URL, but generally the same page is displayed.
RewriteEngine on
RewirteCond %{THE_REQUEST} ^.*/index.html
RewirteRule ^(.*)index.html$ http://sample.com/$1 [R=301,L]
RewriteEngine on
RewirteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^(.*)$ http://sample.com/$1 [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^(.*)$ http://www.sample.com/$1 [R=301,L]
4. Abort of file list display
It is used to eliminate the security concern that the directory structure is exposed to the outside.
When there is an access ending with “/” like http://www.example.com, “index.html” that directory will be called instead.
However, if the index.html file can not be found, the file list in the directory shown.
Publishing the directory in this way will expose the structure of the website and there is certain risk from the security point of view. Therefore, by canceling the file list display in the directory, it is possible to prevent publication of the directory structure.
Options -Indexes
5. Access restriction from specific IP address and domain
You can restrict / deny access from a specific IP address or domain.
Alternatively, you can only allow access from a specific IP address or domain.
order allow,deny allow from all deny from sample.com deny from 192.168.1.1 order deny,allo deny from all allow from sample.com allow from 192.168.1.1 <files test-file.html> order deny,allow deny from all allow from sample.com allow from 192.168.1.1 </files>