Question: How to turn on scsi extended debug messages? What are the field/flag definitions of scsi_logging_level?Additional scsi logging messages can be enabled by writing to /proc/sys/dev/scsi/logging_level either via use of the echo or preferably the sysctl command. The kernel parameter consists of ten packed fields, each 3 bits in length. Each field can have a value of 0 to 7. The higher the field’s value, the more verbose the logging of messages associated with that field type.NOTE: Turning on high levels of extended logging and/or multiple types of extended logging can slow down system performance, especially during boot and shutdown. Unless needed, avoid turning on scsi logging during boot up.Run Time1. Enable :# sysctl -q -w dev.scsi.logging_level=[N]or# echo [N] > /proc/sys/dev/scsi/logging_levelWhere N specifies which fields to enable and at what level of verbosity.2. Disable:# sysctl -q -w dev.scsi.logging_level=0or# echo 0 > /p...

What is Chronyd ServiceIn CentOS/RHEL 7 and 8, the operating system’s time is set on every boot based on the hardware clock, which is a small-battery driven clock located on the motherboard of your computer. Often, this clock is too inaccurate or has not been set right, therefore it’s better to get your system time from a reliable source over the Internet (that uses real atomic time). The chrony daemon, chronyd, sets and maintains system time through a process of synchronization with a remote server using the NTP protocol for communication.In this post, we will learn to enable debug mode for chronyd service, which comes in very handy while troubleshooting any chronyd related issues. The configuration file used by chronyd service is /etc/sysconfig/chronyd.1. Edit the configuration file /etc/sysconfig/chronyd as a root user:# vi /etc/sysconfig/chronyd2. Add or Modify below line.OPTIONS="-dd"3. Copy /lib/systemd/system/chronyd.service to /etc/sys...

Configure Squid as HTTP and HTTPS Transparent ProxyLinux, Squid Proxyby adminThese days, it is really important to have proxy server to analyze web traffic of the organization. Among proxy servers, the Squid is very famous, because of it’s flexibility and easy of configuration. Squid can be operated at non-transparent and transparent mode which is going to discuss here. Main benefit of transparent mode is, clients are not aware that their requests are processed through the proxy. Simply there is no configuration at client side. So let’s look at how to configure Squid as HTTP and HTTPS Transparent Proxy Before begin please adjust the ip and other configuration as per your requirement. Below values are used only for demonstration.Internet –> ethointerface IP :- 192.168.2.39/24 Gateway:- 192.168.2.1LAN –> eth1interface IP :- 192.168.231.126/24  Gateway:- 0.0.0.0 If you have single interface no need to worry. you can create virtual interface wh...

   nginx使用 TCP代理sftp,实现访问目录文件 本文章向大家介绍nginx代理sftp，主要包括nginx代理sftp使用实例、应用技巧、基本知识点总结和需要注意事项，具有一定的参考价值，需要的朋友可以参考一下。 最近需要使用一个sftp协议的代理服务器，查了一下nginx1.9之后已经支持了，尝试一下： The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the --with-stream configuration parameter. nginx从1.9.0版本开始，新增了ngx_stream_core_module模块。默认编译的时候该模块并未编译进去，需要编译的时候添加--with-stream，使其支持stream代理。 [root@baseline opt]# / http:---- ::-- http:正在解析主机 nginx.org (nginx.org)... :1af8::a004:::e3, ., .|:1af8::a004:::e3|: (890K) [application/octet--..%[================================================================================================================================>] , 357KB/s 用...

环境 OS: Centos6-x86_64 Nginx: 1.12.1 编译安装Nginx 从1.9.0开始，nginx就支持对TCP的转发，而到了1.9.13时，UDP转发也支持了。提供此功能的模块为ngx_stream_core。不过Nginx默认没有开启此模块，所以需要手动安装。 cd /usr/local/src wget http://nginx.org/download/nginx-1.12.1.tar.gz tar zxf nginx-1.12.1.tar.gz cd nginx-1.12.1 ./configure --prefix=/usr/local/nginx --with-stream --without-http make && make install Note：由于是传输层转发，本着最小化原则，就关闭了http功能。 配置Nginx TCP转发 目标：通过3000端口访问本机Mysql(其中mysq...

windows 2K server安装绿色版JDK与tomcat,并打包发布平时安装tomcat时，需要下载jdk安装包，我这里直接使用绿色版，不用安装。就可使用JDK与tomcat.可以先下载JTM，安装后，将jdk与tomcat目录提取出来。当然 也可以自行下载windows 版本的tomcat8与JDK安装包，然后将JDK安装好。然后将JTM的jdk目录或是自行安装的JDK目录复制到tomcat中然后再到 tomcat/bin目录中，将service.bat 中添加JDK环境变量set JAVA_HOME=H:\tomcat8\jdkset JRE_HOME=H:\tomcat8\jdk\jre在startup.bat中添加环境变量，可以使用相对路径。set JAVA_HOME=..\jdkset JRE_HOME=..\jdk\jre再使用管理员权限打开CMD或是PowerShell, 切换到tomcat/bin目录下。执行 service.bat install ,将 tomcat 安装包自动启动服务中。具体如下图，注意要有JDK环境，不能空，不然没法打开服务。正常安装后， 服务 中查看会有tomcat8 ，点启动后能正常启动。访问本机8080端口正常。

apache tomcat慢速HTTP拒绝服务攻击安全问题解决办法问题说明：HTTP协议的设计要求服务器在处理之前完全接收到请求。如果HTTP请求未完成，或者传输速率非常低，则服务器将保持其资源占用等待剩余的数据。如果服务器占用的资源太多，则会造成拒绝服务。漏洞危害：一台机器可在对自身带宽、无关服务和端口影响较小的情况下大量占用另一台机器的服务器资源，导致受害服务器拒绝服务。解决方案：1.修改配置文件server.xml，设置connectiontimeout值，默认为20000ms，修改为8000ms；此方案修改之前，请将tomcat升级到最新版本2.如果使用了jquery，设置ajax的请求超时时间。设置AJAX的全局timeout时间（默认为30000ms） $.ajaxSetup({timeout:8000});使用jQuery的$.ajaxSetup方法可以设置AJAX请求的默认参数选项，当程序中需要发起多个AJAX请求时，则不用再为每一个请求配置请求的参数。需要注意的是用$.ajaxSetup函数所设置的默认值不会应用到load()命令上。对于实用工具函数，如$.get()和$.post()，其HTTP方法不会因为使用这些默认值而被覆盖。设置GET的默认类型不会导致$.post()使用HTTP的GET方法。 3.如果使用了数据库连接池，则设置适当的超时时间。例如： < Con...

CentOS7/RHEL7制作openssh-8.2p1的RPM安装包,去掉版本号,规避漏洞扫描为了方便，这个制作了一个RPM版本的安装包，可以在centos7、RHEL7系统安装，确认正常。安装方法，先下载附件中的openssh8.2p1的RPM包，执行下列命令#：   yum -y install gcc gcc-c++ zlib zlib-devel openssl openssl-devel  pam-devel pam-devel rpm-build pam-devel openssl pam libedit pam-devel  initscripts libXt-devel imake gtk2-devel unzip 安装依赖包，不是所有包都需要。#：  rpm -e `rpm -qa |grep openssh` --nodeps#：  rm -rf /etc/ssh删除旧版openssh软件包与旧程序文件。#：  rpm -ivh *.rpm    安装所有新版openssh8.2p1安装包。#： systemctl enable sshd 如果不删除旧的ssh目录或是不删除旧版本ssh软件，直接使用rpm -Uvh 来升级openssh，需要 修改密钥权限后才能正重启ssh服务。#： chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_keyopenssh-82p1_el7.x86_64.zip

一、安装前环境Centos 7 最小化安装 | 4G内存 | 100GB硬盘注：Ansible-Tower目前支持7.4+的版本，可以使用yum update -y命令更新同时机器一定要联网，因为执行./setup的时候会联网安装很多的依赖包，安装速度和你的网速有关二、安装Ansible1.安装Ansible的epel源yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmyum update -y2.清空缓存，安装Ansibleyum clean allyum install -y ansible至此Ansible安装成功注意，将centos的yum源，更换成国内的比如163,阿里源。不然会出现软件不能下载问题。三、安装Ansible-Tower1.下载解压所需的安装包cd /homeyum install -y wgetwget http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gztar zxvf ansible-tower-setup-latest.tar.gz2.移动安装包到/usr/local下mv ansible-tower-setup-3.6.3/ /opt/ansible-tower3.配置inventory文件  进入/opt/ansible-tower目录下， 更改配置如下：# cat inventory [tower]localhost ansible_connection=local[database][all:vars]admin_password='admin' #增加，默认无pg_host=''pg_port=''pg_database='awx'pg_usernam...

  Ansible实现zookeeper集群安装 1.软件准备[root@node1 soft]# ll total 37535744 -rw-r--r-- 1 root root 255201772 Sep 19 10:15 flink-1.9.0-bin-scala_2.11.tgz -rw-r--r-- 1 root root 195094741 Jul 6 00:09 jdk-8u221-linux-x64.tar.gz -rw-r--r-- 1 root root 37535744 Sep 20 14:49 zookeeper-3.4.14.tar.gz 2.hosts配置[jdk] 172.17.16.4 172.17.16.12 172.17.16.13 #此处的index最终会写入到myid [zookeeper] 172.17.16.4 ansible_index=0 172.17.16.12 ansible_index=1 172.17.16.13 ansible_index=2 3.JDK安装见Ansible实现JDK批量安装4.yaml编写 - hosts: zookeeper   remote_user: root   vars:      name: "zookeeper"      install_path: /data/cloud      work_path: /data/work   tasks:    - name: "1.初始化工作目录"      shell: mkdir -p&n...