User Tools

Site Tools


Sidebar


Tags Cloud
start

This is an old revision of the document!


Last updates

Использование chroot для sftp подключений

# mkdir -p /srv/ssh/chroot
# mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot
# groupadd sftponly
# useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME
# find /var/www/static -type d -print0 | xargs -0 chmod g+xwr
# find /var/www/static -type f -print0 | xargs -0 chmod g+wr
# chmod 775 /var/www/static /srv/ssh/chroot
# mount -o bind /var/www/static /srv/ssh/chroot
/etc/ssh/sshd_config
Subsystem sftp internal-sftp -u 0002
AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys
Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp -u 0002
  AllowTcpForwarding no
  X11Forwarding no
  PasswordAuthentication no
/etc/fstab
LABEL=cloudimg-rootfs   /               ext4  defaults,discard  0 0
/var/www/static         /srv/ssh/chroot none  bind              0 0
2018/05/10 16:05 · kyxap

Apache-like ~/public_html access

2016/03/13 22:02 · kyxap

ffmpeg-php centos 6.x

atrpms-repo-6-7.el6.x86_64 https://www.mirrorservice.org/sites/dl.atrpms.net/el$releasever-$basearch/atrpms/stable

atrpms.repo
[atrpms]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms
failovermethod=priority
#baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
 
[atrpms-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms - Debug
failovermethod=priority
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/debug/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
 
[atrpms-source]
name=Red Hat Enterprise Linux $releasever - $basearch - ATrpms - Source
failovermethod=priority
baseurl=https://www.mirrorservice.org/sites/dl.atrpms.net/src/el$releasever-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms
#!/usr/bin/env bash

yum --enablerepo=atrpms ffmpeg-devel

SRC_DIR=/opt/src/ffmpeg-php
[[ -d $SRC_DIR ]] || mkdir -p $SRC_DIR
cd $SRC_DIR
git clone https://github.com/tony2001/ffmpeg-php.git
cd ffmpeg-git
grep -ir avcodec_alloc_frame "$SRC_DIR" -l | xargs -I{} sed 's/avcodec_alloc_frame/av_frame_alloc/' -i {}
./configure
2016/01/29 21:43 · kyxap

Shell-wrapper для standalone passenger

/opt/scripts/passenger.sh
#!/usr/bin/env bash
 
_dir=/home/bundle     # app root dir
_home=/home/passenger # user home dir
_addr="0.0.0.0"
_port="8191"
 
_pid="$_home/passenger.pid"
_log="$_home/passenger.log"
_ngxtpl="$_home/nginx.conf.erb"
 
_args="--address $_addr --port $_port --user passenger --environment production --pid-file $_pid --log-file $_log --nginx-config-template $_ngxtpl --daemonize --sticky-sessions --app-type node --startup-file main.js"
 
[[ -f $_home/.nvm/nvm.sh ]] && source $_home/.nvm/nvm.sh
 
export MONGO_URL='mongodb://localhost:27017/mongodb'
export ROOT_URL="http://pro-manage.net:$_port"
 
[[ `whoami 2>/dev/null` == passenger ]] || echo "Run as passenger user"
 
cd $_dir
 
case $@ in
  stop)
    passenger stop --port $_port --pid-file $_pid
    ;;
  start)
    passenger start $_args
    ;;
  restart)
    $0 stop
    $0 start
    ;;
  status)
    passenger status --port $_port --pid-file $_pid
    ;;
  *)
    echo "usage: $0 stop | start | restart | status"
    ;;
esac
2015/04/09 10:16 · kyxap

Получение диапазона IP адресов Google

dig +short TXT _spf.google.com \
  | grep -oP "(?<=include:).+?\s" \
  | xargs dig +short TXT \
  | grep -oP "(?<=ip4:).+?\s" \
  | xargs netmask -s \
  | perl -pne 's#(.+)/(.+)#route \1 \2 vpn_gateway#'
2015/02/28 22:49 · kyxap

Быстрое удаление большого количества файлов

generate files

for i in $(seq 1 1000000); do echo testing >> $i.txt; done

rm

time rm -f *
-bash: /bin/rm: Argument list too long
real    0m11.126s
user    0m9.673s
sys     0m1.278s

find with -exec rm

time find ./ -type f -exec rm {} \;
real    14m51.735s
user    2m24.330s
sys     9m48.743s

find with -delete

time find ./ -type f -delete
real    5m11.937s
user    0m1.259s
sys     0m28.441s

perl

time perl -e 'for(<*>){((stat)[9]<(unlink))}'
real    1m0.488s
user    0m7.023s
sys     0m27.403s

rsync - empty test dir

rsync -a --delete /home/blanktest/ /home/test/
real    2m52.502s
user    0m2.772s
sys     0m32.649s
2015/02/25 21:59 · kyxap

Ключи для запуска clamav

clamscan -ri --detect-pua=yes --scan-mail=yes --phishing-sigs=yes --phishing-scan-urls=yes --heuristic-scan-precedence=yes --algorithmic-detection=yes --scan-pe=yes --scan-elf=yes --scan-ole2=yes --scan-pdf=yes --scan-html=yes --scan-archive=yes --detect-broken=yes --block-encrypted=yes /path/to/dir
2015/02/24 14:18 · kyxap

Использование GRE-туннеля в качестве транспорта для OpenVPN

Задача состояла в разделении точки входа и точки выхода для openvpn.

Entry node Exit node
OS Linux CentOS 6.x FreeBSD 9.x
Service openvpn server none
External IP 88.32.99.91 162.210.201.13
Internal IP 10.254.10.1 10.254.20.1
OpenVPN network 10.254.0.0/16
2015/01/22 07:36 · kyxap

Использование RAM-диска в качестве tmpdir для MySQL

[mysqld]
tmpdir=/tmp/mysql

[mysqldump]
tmpdir=/tmp

[client]
tmpdir=/tmp
2014/12/07 19:36 · kyxap

Простейший скрипт бекапа MySQL

#!/usr/bin/env bash
#
# Daily backup mysql databases
# CLI args: none

#exit on error
set -e

LANG=C
PATH="/bin:/usr/sbin:/usr/bin:/sbin:/usr/local/bin:/usr/local/sbin"

DATE=$(date +%F)
BACKUP_DIR=/home/mysql_backups
DUMP_DIR=$BACKUP_DIR/dumps
LOG=$BACKUP_DIR/backup.log

DAYS=7
DB="all"
OPTS="--order-by-primary --add-drop-database"

#########################

print_error() { echo "$@"; write_log "[ERROR] $@"; exit 1; }
print_info()  { echo "$@"; write_log "[INFO] $@"; }
write_log()   { echo "`date -R -u` $@" >> $LOG; }

##########################

# check dir
[[ -d $DUMP_DIR ]] || mkdir -p $DUMP_DIR

# check permissions on backup dir
if PERMS=$(stat --format="%a" $BACKUP_DIR)
then
  # restore chmod
  [[ $PERMS -eq 700 ]] || chmod 700 $BACKUP_DIR
fi

# check binaries
[[ -f `which mysqldump 2>/dev/null` ]] && MYSQLDUMP=mysqldump || print_error "No mysqldump binary found in $PATH"
[[ -f `which mysql 2>/dev/null` ]] && MYSQL=mysql || print_error "No mysql binary found in $PATH"

# validate $DB and skip default dbs
[[ $DB == all ]] && DB=$(mysql -e 'show databases' | tail -n +2 | grep -v -E "^(information_schema|performance_schema)$")

# create dumps
for db in $DB
do
  # is db exist?
  if ! EXISTS=$($MYSQL -s -N -e "show databases" | tail -n +2 | grep -x $db)
  then
    print_info "No such database: $db"
    break
  fi

  DUMP_FILE=$DUMP_DIR/$DATE/$db.sql.gz
  # is dump exist?
  [[ -s $DUMP_FILE ]] || (
    # log
    print_info "Creating new: $DUMP_FILE"

    # mkdir
    mkdir -p $DUMP_DIR/$DATE

    # add --events to mysql db
    [[ $db == mysql ]] && OPTS+=" --events"

    # dump
    $MYSQLDUMP $OPTS $db | gzip -1 > $DUMP_FILE
  )
done

# remove dirs
if OUTDATED_DIRS=$(find $DUMP_DIR -maxdepth 1 -type d -mtime +$DAYS)
then
  for dir in $OUTDATED_DIRS
  do
    # log
    print_info "Deleting outdated: $dir"

    # rm
    [[ -d $dir ]] && rm -r "$dir" || print_error "Can't remove $dir"
  done
fi

2014/09/01 20:40 · kyxap

Преобразование строк/таблиц/колонок

#!/usr/bin/env bash

export LANG=C # must have

# 1-column to tabs-separated multicolumn
cat 1-col.txt | sort | column

# 1-column to spaces-separated multicolumn
cat 1-col.txt | sort | column | expand

# 1-column to string w/delimiter
cat 1-col.txt | sort | paste -sd:

# multicolumn to 1-column
cat multi-col-spaces.txt | xargs -n 1 | sort

# string w/delimiter to 1-column
cat 1-string-delim.txt | tr ':' '\n' | sort
2014/05/18 04:23 · kyxap

Docker

2014/05/17 18:46 · kyxap
start.1474507241.txt.gz · Last modified: 2016/09/22 01:20 by kyxap