#!/usr/bin/env bash
set -e
LANG=C
PATH="/bin:/usr/sbin:/usr/bin:/sbin:/usr/local/bin:/usr/local/sbin"
# print header
echo -e "Content-type: text/html\n\n";
# print body/command
echo "<html><body>";
# print error
print_error() { echo "$@"; exit 1;}
# run cmd
runcmd() {
[[ "$@" ]] || print_error "No args passed to runcmd()" # exit if no args
bash -c "$@" 2>&1 # run cmd with stderr -> stdout redirection
}
##### USER MAPPING #####
# new array to store all users
declare -a users
mysqld='ps auxww | grep [m]ysqld' # cmd to run
users+=(${!mysqld*}) # push to users array
redis='ps auxww | grep [r]edis'
users+=(${!redis*})
# check for authenticated user
[[ $REMOTE_USER ]] || print_error "REMOTE_USER value not found"
# loop over users array then run cmd if known user found
for user in ${users[@]}
do
[[ $REMOTE_USER == $user ]] && { runcmd "${!user}"; break; }
done
echo "</body></html>";
location / {
gzip off;
auth_basic "auth";
auth_basic_user_file /etc/nginx/conf.d/mydomain.tld.htpasswd;
root /home/http/mydomain.tld/html;
fastcgi_param DOCUMENT_ROOT /home/http/mydomain.tld/html;
fastcgi_param SCRIPT_NAME runme.sh;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /home/http/mydomain.tld/html$fastcgi_script_name;
}
#!/usr/bin/env bash _dir=/home/bundle # app root dir _home=/home/passenger # user home dir _addr="0.0.0.0" _port="8191" _pid="$_home/passenger.pid" _log="$_home/passenger.log" _ngxtpl="$_home/nginx.conf.erb" _args="--address $_addr --port $_port --user passenger --environment production --pid-file $_pid --log-file $_log --nginx-config-template $_ngxtpl --daemonize --sticky-sessions --app-type node --startup-file main.js" [[ -f $_home/.nvm/nvm.sh ]] && source $_home/.nvm/nvm.sh export MONGO_URL='mongodb://localhost:27017/mongodb' export ROOT_URL="http://pro-manage.net:$_port" [[ `whoami 2>/dev/null` == passenger ]] || echo "Run as passenger user" cd $_dir case $@ in stop) passenger stop --port $_port --pid-file $_pid ;; start) passenger start $_args ;; restart) $0 stop $0 start ;; status) passenger status --port $_port --pid-file $_pid ;; *) echo "usage: $0 stop | start | restart | status" ;; esac
apt-get install jq netmask moreutils
wget -P ~/tmp https://gist.githubusercontent.com/kyxap1/5233d86a9649f142e0c894598d4d60b0/raw/b369cf61cea3f20cce96244c33e55a6da0c92b89/aggregate-cidr-addresses.pl chmod +x ~/tmp/aggregate-cidr-addresses.pl
dig +short TXT _spf.google.com \ | grep -oP "(?<=include:).+?\s" \ | xargs dig +short TXT \ | grep -oP "(?<=ip4:).+?\s" \ | xargs netmask -s \ | perl -pne 's#(.+)/(.+)#route \1 \2 vpn_gateway#'
wget -q https://www.gstatic.com/ipranges/goog.json -O - \ | jq '.prefixes[] | select(.ipv4Prefix) | .ipv4Prefix' -r
wget https://ip-ranges.amazonaws.com/ip-ranges.json -O - \ | jq -r ".prefixes[].ip_prefix" \ | ./tmp/aggregate-cidr-addresses.pl \ | sort -V
wget -O - https://api.github.com/meta \ | jq -r ".hooks, .web, .api, .git, .pages, .importer | .[]" \ | ./tmp/aggregate-cidr-addresses.pl \ | sort -V
generate files
for i in $(seq 1 1000000); do echo testing >> $i.txt; done
rm
time rm -f * -bash: /bin/rm: Argument list too long real 0m11.126s user 0m9.673s sys 0m1.278s
find with -exec rm
time find ./ -type f -exec rm {} \;
real 14m51.735s
user 2m24.330s
sys 9m48.743s
find with -delete
time find ./ -type f -delete real 5m11.937s user 0m1.259s sys 0m28.441s
perl
time perl -e 'for(<*>){((stat)[9]<(unlink))}'
real 1m0.488s
user 0m7.023s
sys 0m27.403s
rsync - empty test dir
rsync -a --delete /home/blanktest/ /home/test/ real 2m52.502s user 0m2.772s sys 0m32.649s
clamscan -ri --detect-pua=yes --scan-mail=yes --phishing-sigs=yes --phishing-scan-urls=yes --heuristic-scan-precedence=yes --algorithmic-detection=yes --scan-pe=yes --scan-elf=yes --scan-ole2=yes --scan-pdf=yes --scan-html=yes --scan-archive=yes --detect-broken=yes --block-encrypted=yes /path/to/dir
Задача состояла в разделении точки входа и точки выхода для openvpn.
| Entry node | Exit node | |
|---|---|---|
| OS | Linux CentOS 6.x | FreeBSD 9.x |
| Service | openvpn server | none |
| External IP | 88.32.99.91 | 162.210.201.13 |
| Internal IP | 10.254.10.1 | 10.254.20.1 |
| OpenVPN network | 10.254.0.0/16 | |
#!/usr/bin/env bash # # - create GRE tunnel between two servers # - pass all traffic from specified network to GRE tunel # ####### LINUX ####### PATH="/bin:/usr/sbin:/usr/bin:/sbin:/usr/local/bin:/usr/local/sbin" TUNNEL_IF=gre10 VPN_NETWORK=10.254.0.0/16 # entry node LOCAL_ADDR_EXT=162.210.201.13 LOCAL_ADDR_INT=10.254.10.1 # exit node REMOTE_ADDR_EXT=88.32.99.91 REMOTE_ADDR_INT=10.254.20.1 ##################### # create gre interface ip tunnel add "$TUNNEL_IF" mode gre local "$LOCAL_ADDR_EXT" remote "$REMOTE_ADDR_EXT" ttl 255 # start interface ip link set "$TUNNEL_IF" up # setup internal address on interface ip addr add "$LOCAL_ADDR_INT" dev "$TUNNEL_IF" # add route to exit node route add -net "${REMOTE_ADDR_INT%.*}.0" netmask 255.255.255.0 gw "$LOCAL_ADDR_INT" # create rule for vpn network ip rule add from $VPN_NETWORK table 10 # add default rule for vpn table ip route add default via "$LOCAL_ADDR_INT" table 10
#!/usr/bin/env bash # # - create GRE tunnel between two servers # ####### FREEBSD ####### PATH="/bin:/usr/sbin:/usr/bin:/sbin:/usr/local/bin:/usr/local/sbin" TUNNEL_IF=gre10 # exit node LOCAL_ADDR_EXT=88.32.99.91 LOCAL_ADDR_INT=10.254.20.1 # entry node REMOTE_ADDR_EXT=162.210.201.13 REMOTE_ADDR_INT=10.254.10.1 ####################### # create interface ifconfig "$TUNNEL_IF" create # setup internal address on interface ifconfig "$TUNNEL_IF" "$LOCAL_ADDR_INT" "$REMOTE_ADDR_INT" link1 # up tunnel ifconfig "$TUNNEL_IF" tunnel "$LOCAL_ADDR_EXT" "$REMOTE_ADDR_EXT" # add route to entry node route add -net "${REMOTE_ADDR_INT%.*}" -netmask 255.255.255.0 "$LOCAL_ADDR_INT"
nat from 10.254.0.0/16 to any -> 162.210.201.13
local 88.32.99.91 port 1194 proto tcp dev tun dh /etc/openvpn/ssl/dh1024.pem ca /etc/openvpn/ssl/ca.crt cert /etc/openvpn/ssl/server.crt key /etc/openvpn/ssl/server.key server 10.254.0.0 255.255.255.0 push "dhcp-option DNS 8.8.8.8" push "redirect-gateway def1" keepalive 10 120 verb 0 duplicate-cn comp-lzo persist-key persist-tun
local 88.32.99.91 port 1194 proto udp dev tun dh /etc/openvpn/ssl/dh1024.pem ca /etc/openvpn/ssl/ca.crt cert /etc/openvpn/ssl/server.crt key /etc/openvpn/ssl/server.key server 10.254.1.0 255.255.255.0 push "dhcp-option DNS 8.8.8.8" push "redirect-gateway def1" keepalive 10 120 verb 0 tun-mtu 1500 fragment 0 mssfix 0 duplicate-cn comp-lzo persist-key persist-tun
client remote 88.32.99.91 rport 1194 proto tcp dev tun dh dh1024.pem ca ca.crt cert client.crt key client.key verb 5 comp-lzo redirect-gateway comp-noadapt persist-key persist-tun
[mysqld] tmpdir=/tmp/mysql [mysqldump] tmpdir=/tmp [client] tmpdir=/tmp
MYSQL_TMPDIR=/tmp/mysql if ! /bin/df $MYSQL_TMPDIR | grep -q "^/dev/md[0-9]"; then mkdir -p $MYSQL_TMPDIR mount_mfs -s 1024m -p 0700 -w mysql:mysql -o noexec md5 $MYSQL_TMPDIR fi
MYSQL_TMPDIR=/tmp/mysql mkdir -p $MYSQL_TMPDIR chown mysql:mysql $MYSQL_TMPDIR mount -t tmpfs -osize=1024m,uid=mysql,gid=mysql,mode=0700,relatime tmpfs $MYSQL_TMPDIR
