話說… 我一直在找不用CD開機而能由網路或windows直接安裝 Debian 的方法… 今天我在 Debian wiki 看到了… 而且還蠻好笑的… 哈~ 那個下載安裝程式的網站,就叫 goodbye-microsoft.com 啦~ 哈哈哈~
In case you would like to install Debian on a system that is running Microsoft Windows you could use the installer (called Debian-Installer Loader) from http://goodbye-microsoft.com/
| **本網站為Web版之推廣光碟,因此僅提供軟體安裝與介紹,並無Live CD功能,欲索取Live CD版,請按此下載。** 自 由軟體鑄造場Open Source Software Foundry(以下簡稱OSSF)是由中央研究院與國科會所共同成立之計畫,由中央研究院資訊科學研究所負責建置營運。為推廣自由/開放源碼軟體的應 用,故結合社群及產業界的夥伴,協同完成自由/開放源碼軟體推廣應用光碟(請參考"關於本光碟")。 本光碟製作為協助自由/開放源碼軟體(以下簡稱FOSS,請參考"關於自由軟體")之推廣,主要內容涵蓋了三個面向,分別是中介軟體、企業應用及一般應用,期望任何擁有本光碟的朋友,都能從光碟中找到適用的自由/開放源碼軟體。以下就針對不同身分的使用者如何運用本光碟進行簡單的說明。 |
一般使用者請參考"一般應用" |
| 一 般應用共分為辦公室應用、網路應用、多媒體應用及快樂應用等四大類,共收錄24種不同的應用軟體, 這些軟體在安裝及使用上,都提供圖形化的介面。為了方便使用者安裝本光碟所介紹的軟體,光碟本身也收錄了所有"一般應用"的軟體,只要利用右上角之"安裝 軟體"按鈕,即可開始進行軟體安裝;如有安裝上的問題,也可以隨時按下"安裝說明"按鈕,幫您解決安裝上的問題。倘若安裝好軟體後,不知道該如何操作,可 以利用"操作說明"按鈕,直接以動畫教學來帶領大家學習;當然您也可以連結"原始網站",以獲得最新的原廠資訊。 |
MIS人員請參考 "企業應用" |
| 企 業應用共分為七個面向,涵蓋客戶關係管理、企業資源規劃、知識管理、群組軟體、入口網站/內容管理系統、工作流程/企業流程管理及學習內容管理系統。隨著 企業的成長,資訊系統需隨時跟得上市場的快速變遷、同業的競爭及全球化的挑戰。MIS人員在評估企業內部所需之資訊系統時,最常考量的問題不外乎是預算、 自行開發的時效及後續維護等問題。自由/開放源碼軟體具有開放源碼、授權免費及不必重新造輪子的特性,除可供無限期評估試用外,更可以讓企業在未來的軟體 維護上,不受制於特定軟體廠商;而授權免費讓企業可以有更多資源,投入在導入過程的顧問服務及教育訓練上;如果輪子剛好夠用那很好,不夠用則稍微客製修改 一下,應該也比自己造輪子來的快,當然也可以再找其他自由/開放源碼軟體,來兜成一部符合企業需求的車子。 |
程式設計師請參考 "中介軟體" |
| 如果想您想先認識一下中介軟體,請參考"中介軟體概論"。 中介軟體共分為六大類,分別為表現層/框架、應用程式平台、流程管理引擎、EAI/ETL、物件儲存/資料庫及資料庫。中介軟體早已是無所不在,多數資訊 系統的背後都有包含了中介軟體,只是使用者並不知道它的存在。在可以預見的未來,程式設計師一定會越來越需要它的幫忙。有鑒於國際中介軟體走向開放原始碼 及開放標準的趨勢,協助企業找到適合的自由/開放源碼軟體元件,也成為OSSF本年度的重點工作。 本光碟當然也收錄了OSSF所提供的相關服務及各項成果供各位參考(請參考"關於OSSF")。 OSSF將持續更新本光碟的內容,期望本光碟能提供完整的體驗環境,更期望所有自由/開放源碼軟體的朋友們本著共同創作的精神,給予我們批評、建議及指教。您的所有意見將是我們進步的動力,任何與自由/開放源碼軟體相關的事宜,都不要吝於讓我們知道,來信請寄至contact@openfoundry.org 如果是針對光碟的任何指教,歡迎直接點選「意見回報」 |
Source: Use Google Linux repositories in Debian -- Debian Admin
by Admin @ 12:00 pm. Filed under General
Google’s Linux software repositories make it easier to download and stay up-to-date with current releases of Google Linux applications. Please choose one of the guides below to help configure your system to use these repositories.
First you need to edit /etc/apt/sources.list file
#vi /etc/apt/sources.list
add the following line
# Google software repository
deb http://dl.google.com/linux/deb/ stable non-free
Save and exit the file
you must download the key and then use apt to install it and refresh your package indexes.
Run these commands as root:
#wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
Now you need to update the source list using the following command
#apt-get update
Install google applications now you can see the following command to install google picasa
#apt-get install picasa
有同樣問題的朋友,我的情況是,在升級到 Debian GNU/Linux r4.0 後,Apache2 預設不會載入 userdir 的 module ,所以使用者就沒有辨法擁有個人網頁了。
我的情況:
當我執行 http://123.45.67.89/~061/打我啊,笨蛋.htm 時,會在 /var/log/apache2/error.log 裏看到 File does not exist: /var/www/~061 而不是 File does not exist: /home/061/public_html/打我啊,笨蛋.htm 。
要確定載入了哪些 modules ,執行 apache2ctl -M 。
在 Debian GNU/Linux r4.0 底下,要讓 Apache2 載入 userdir modules 的做法是,執行:
# cd /etc/apache2/mods-enabled
# ln -s ../mods-available/userdir.load .
# ln -s ../mods-available/userdir.conf .
# apache2ctl -k restart (重新啟動 apache2)
再執行一次 apache2ctl -M ,看看有沒有 userdir ? 就知道有沒有成功了!!
↑↑↑這張圖是我模擬3顆 Router = TP1 , TWIX , KS1
如果喜歡來硬的,完整詳細的介紹… 這邊有英文的 Dynamips / Dynagen Tutorial 。(這篇雖然很長,但是不難,大家最好都看一看)
Dynamips / Dynagen Tutorial 其中的 Introduction,建議大家看一看,先有個概念,不然一大堆東西,都搞不清楚原來 Dynamips 才是模擬器本身,而 dynagen 是 dynamips 的前端程式,可以協助我們建立一個 Lab,並在其中執行好幾顆 router,而且設定哪些 port 互連。(現在不看也行啦,我不小心也把重點介紹完了~)
想玩 lab 的人,很簡單 (因為我不小心建好了,所以把僅有的一點點經驗分享一下,我也是初學,別留言問我呀~ ^^" )
底下的教學,多半是寫給我自己看的,因為我年雖不老但也健忘~
1.先準備好 ios 檔,並且解壓縮(直接加上 .zip 然後丟給winzip就可以解了)(不解也行啦~ 就是載入時比較慢)
2.到 SourceForge.net: Dynamips Configuration Generator 下載 dynagen-0.9.3_dynamips-0.2.7_Win_XP_setup.exe (內含 Dynamips 與 Dynagen )
3.到 WinPcap, the Packet Capture and Network Monitoring Library for Windows 下載 WinPCAP程式 (建議下載穩定版就好了~)
4.安裝 WinPCAP
5.安裝 dynagen-0.9.3_dynamips-0.2.7_Win_XP_setup.exe (預設會裝到C:\Program Files\Dynamips\ ,並且在桌面建立2個捷徑)
6.把ios放到 C:\Program Files\Dynamips\images\ (比如叫 c7200.ios.bin)
7.看一下 Dynamips / Dynagen Tutorial 的 Network Files 這一節,了解一下怎麼設定一個 Lab ,哪個 port 要連到哪個 port ,讓自己有個概念 (當然能全k完更好~)
8.現在就要啟動內附的簡單的lab了,先用記事本打開 C:\Program Files\Dynamips\sample_labs\simple1\simple1.net ,修改其中一行 image = \Program Files\Dynamips\images\c7200.ios.bin(改成像這樣)
9.執行桌面上的捷徑 Dynamips Server (會開啟一個文字模式視窗,我叫它視窗A)
10.點兩下 C:\Program Files\Dynamips\sample_labs\simple1\simple1.net(又開啟另一個文字模式視窗,我叫它視窗B)(這時視窗A會有些訊息表示我們要模擬的Rouer已經啟動囉…)
11.在視窗B中,執行 list 可以看到目前啟動的 Router 有哪幾顆(應該是 R1,R2)
12.在視窗B中,執行 console R1 (Router的名稱有分大小寫哦~) 就會執行 telnet 連到 R1 了, console R2 也是一樣!! (指令 console 也能簡寫成 con 哦~)
13.如果不玩了,就在視窗B執行 stop /all 後就能關閉全部視窗了。(想知道更多? 執行 help 吧~)
14.寫到這邊就行了吧~ 要自己建 lab 或是更深入的研究… 要看上面的英文 paper 哦~
Source: Tips and Tutorials - Linux .: Cisco :. VOIP » Dynamips 這裏有許多建好的 Lab 示範與動畫教學。(一定一定一定要去看呀!!)
想要在 linux 底下玩的話,這邊有一篇動畫示範,開啟後點圖就能看了
http://www.blindhog.net/cisco-dynamips-and-dynagen-install-on-linux/
補充:
1.跑動態路由一直出問題, virtual leased line 沒斷,但是動態路由一直出現對方沒回應的訊息,很有可能就是 CPU loading 太重,所以沒辨法回應… 怎麼減輕 loading 呢? 看這一篇吧! Dynamips / Dynagen Tutorial - Calculating Idle-PC values
2.使用 windows 內建的 telnet.exe 連接到 Router console 時很鱉腳~ 想改用 PuTTY 或 SecureCRT … 改 C:\Program Files\Dynamips\dynagen.ini 即可。(找 telnet = c:\XXXXX\putty.exe)
3.Dynamips / Dynagen Tutorial 裏提到的網路資源
Dynamips (the actual emulator): http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator
Dynamips Blog (where most of the action is): http://www.ipflow.utc.fr/blog/
Dynagen (a front-end to the emulator): http://dyna-gen.sourceforge.net/
Dynagui: http://dynagui.sourceforge.net/
Dynamips / Dynagen Bug tracking: http://www.ipflow.utc.fr/bts/
Hacki’s Dynamips / Dynagen / Dynagui Forum: http://hacki.at/7200emu/index.php
Source: Taiwan Open Source Resource
點選該頁面最右下角的 使用 就能把 土虱的行事曆 加入到自己的 Google 行事曆哦~
8/5 有一場 Debian 的慶生會~
(我好想去哦… 我最愛的 Debian 過生日耶~ 往常都是人家慶生完後,我才看到新聞,難得今年被我逮到機會,偏偏遇上父親節… 我要回家過父親節,所以不能去了~ 說不定蕭蕭又會來耶~ 會到場的人,要準備大砲備用啊~)
慶生地點: Mix Coffee&Tea - 台北市南昌路二段 200 號
http://wiki.debian.org.tw/index.php/DebianBirthdayParty2007
8/14 還有另一場,這一場我一定會到!! ^^y
講題: release of new CJKUnifont
講者: Arne
報名: http://wiki.tossug.org/SignUp
地點: 魯米爺咖啡 ( http://wiki.tossug.org/CafeLumiere )
Source: Linux - No Super Cow Powers for Aptitude?
Although aptitude, the successor to apt-get does not have Super Cow powers (typing "aptitude --help" brings up a help screen that informs you of this at the end), it does have an easter egg.
1.Type "aptitude moo" & press ENTER
aptitude responds with "There are no Easter Eggs in this program."
2.Type "aptitude -v moo" & press ENTER
This time, the response is "There really are no Easter Eggs in this program."
3."aptitude -v -v moo" causes it to respond with "Didn't I already tell you that there are no Easter Eggs in this program?"
4."aptitude -v -v -v moo" causes the response "Stop it!"
5.if you add a fourth -v ("aptitude -v -v -v -v moo"), aptitude responds with "Okay, okay, if I give you an Easter Egg, will you go away?"
6.adding a fifth -v "aptitude -v -v -v -v -v moo") causes it to respond with "All right, you win.", followed by a crude, unrecognizable ASCII drawing.
7.putting the -v six or more times ("aptitude -v -v -v -v -v -v") answers the question of what the drawing is - "What is it? It's an elephant being eaten by a snake, of course."
8. this is a reference to Antoine de St. Exupery's "The Little Prince"
想看蛇吞象是怎樣畫的… 就自己執行看看吧~ ;-)
去 man ntop 就可以到這個說明,在 /etc/init.d/ntop 裏加上 --no-mac 參數後,就解決了。
-o | --no-mac
ntop is a hybrid layer 2/3 network monitor. That is, it uses both the lower level, physical device address - the MAC (Media Access Control) address - and the higher level, logical, tcp/ip address (the familiar www.ntop.org or 131.114.21.9 address). This allows ntop to link the logical addresses to a physical machine with multiple addresses (This occurs with virtual hosts or additional addresses assigned to the interface, etc.) to present consolidated reporting.
This parameter specifies that ntop should not trust the MAC addresses but just use the IP addresses.
Normally, since the MAC address must be globally unique, the dual nature of ntop is a benefit and provides far better information about the network than is available via a pure layer 2 or pure layer 3 monitor.
Under certain circumstances - whenever ntop is started on an interface where MAC addresses cannot be really trusted - you may require this option.
Situations which may require this option include port/VLAN mirror, some cases with switches and spanning tree protocol, and (reportedly) some specific models of Ethernet switches which re-write MAC addresses of the packets they process. Normally, you discover that this option is necessary when you observe that hosts seem to change their addresses or information about different machines get lumped together.
Note that with this option, information which is dependent upon the MAC addresses (non tcp/ip protocols like IPX) will not be collected nor displayed.
Source: Linux.com :: Back up like an expert with rsync
Back up like an expert with rsync
By Joe 'Zonker' Brockmeier on July 17, 2007 (9:00:00 AM)
In the last two months I've been traveling a lot. During the same period my main desktop computer went belly up. I would have been in trouble without rsync at my disposal -- but thanks to my regular use of this utility, my data (or most of it, anyway) was already copied offsite just waiting to be used. It takes a little time to become familiar with rsync, but once you are, you should be able to handle most of your backup needs with just a short script.
What's so great about rsync? First, it's designed to speed up file transfer by copying the differences between two files rather than copying an entire file every time. For example, when I'm writing this article, I can make a copy via rsync now and then another copy later. The second (and third, fourth, fifth, etc.) time I copy the file, rsync copies the differences only. That takes far less time, which is especially important when you're doing something like copying a whole directory offsite for daily backup. The first time may take a long time, but the next will only take a few minutes (assuming you don't change that much in the directory on a daily basis).
Another benefit is that rsync can preserve permissions and ownership information, copy symbolic links, and generally is designed to intelligently handle your files.
You shouldn't need to do anything to get rsync installed -- it should be available on almost any Linux distribution by default. If it's not, you should be able to install it from your distribution's package repositories. You will need rsync on both machines if you're copying data to a remote system, of course.
When you're using it to copy files to another host, the rsync utility typically works over a remote shell, such as Secure Shell (SSH) or Remote Shell (RSH). We'll work with SSH in the following examples, because RSH is not secure and you probably don't want to be copying your data using it. It's also possible to connect to a remote host using an rsync daemon, but since SSH is practically ubiquitous these days, there's no need to bother.
Getting to know rsync
The basic syntax for rsync is simple enough -- just run rsync [options] source destination to copy the file or files provided as the source argument to the destination.
So, for example, if you want to copy some files under your home directory to a USB storage device, you might use rsync -a /home/user/dir/ /media/disk/dir/. By the way, "/home/user/dir/" and "/home/usr/dir" are not the same thing to rsync. Without the final slash, rsync will copy the directory in its entirety. With the trailing slash, it will copy the contents of the directory but won't recreate the directory. If you're trying to replicate a directory structure with rsync, you should omit the trailing slash -- for instance, if you're mirroring /var/www on another machine or something like that.
In this example, I included the archive option (-a), which actually combines several rsync options. It combines the recursive and copy symlinks options, preserves group and owner, and generally makes rsync suitable for making archive copies. Note that it doesn't preserve hardlinks; if you want to preserve them, you will need to add the hardlinks option (-H).
Another option you'll probably want to use most of the time is verbose (-v), which tells rsync to report lots of information about what it's doing. You can double and triple up on this option -- so using -v will give you some information, using -vv will give more, and using -vvv will tell you everything that rsync is doing.
rsync will move hidden files (files whose names begin with a .) without any special options. If you want to exclude hidden files, you can use the option --exclude=".*/". You can also use the --exclude option to prevent copying things like Vim's swap files (.swp) and automatic backups (.bak) created by some programs.
Making local copies
Suppose you have an external USB or FireWire drive, and you want to copy data from your home directory to your external drive. A good way to do this would be to keep all your important data under a single top-level directory and then copy it to a backup directory on the external drive using a command like:
rsync -avh /home/usr/dir/ /media/disk/backup/
If you want to make sure that local files you've deleted since the last time you ran rsync are deleted from the external system as well, you'll want to add the --deleted option, like so:
rsync -avh --delete /home/user/dir/ /media/disk/backup
Be very careful with the delete option; with it, you can whack a bunch of files without meaning to. In fact, while you're getting used to rsync, it's probably a good idea to use the --dry-run option with your commands to run through the transfer first, without actually copying or synching files. If you do start an rsync transfer and realize that you've botched the command in some way that might result in the destruction of data, press Ctrl-c immediately to terminate the transfer. Some files may be gone, but you may be able to save the rest.
Making remote copies
What if you want to copy files offsite to a remote host? No problem -- all you need to do is add the host and user information. So, for instance, if you want to copy the same directory to a remote host, you'd use:
rsync -avhe ssh --delete /home/user/dir/ user@remote.host.com:dir/
If you want to know how fast the transfer is going, and how much remains to be copied, add the --progress option:
rsync --progress -avhe ssh --delete /home/user/dir/ user@remote.host.com:dir/
If you don't want to be prompted for a password each time rsync makes a connection -- and you don't -- make sure that you have rsync set up to log in using an SSH key rather than a password. To do this, create an SSH key on the local machine using ssh-keygen -t dsa, and press Enter when prompted for a passphrase. After the key is created, use ssh-copy-id -i .ssh/id_dsa.pub user@remote.host.com to copy the public key to the remote host.
What if you need to bring back some of the files you copied using rsync? Use the following syntax:
rsync -avze ssh remote.host.com:/home/user/dir/ /local/path/
The z option compresses data during the transfer. If the file you are copying exists on the local host, then rsync will just leave it alone -- the same as if you were copying files to a remote host.
Wrapping it up with a script
Once you've figured out what directory or directories you want to sync up, and you've gotten the commands you need to sync everything, it's easy to wrap it all up with a simple script. Here's a short sample:
rsync --progress -avze ssh --delete /home/user/bin/ user@remote.host.com:bin/
rsync --progress -avze ssh --delete /home/user/local/data/ user@remote.host.com:local/data/
rsync --progress -avze ssh --delete /home/user/.tomboy/ user@remote.host.com:/.tomboy/
Use the --progress option if you're going to be running rsync interactively. If not, there's no need for it.
If you look at the rsync man page, you can easily be confused. However, after a little practice with rsync, you'll find that it's not hard to set up rsync jobs that will help you prepare for the day that your disk drive craps out and you need access to your data right away.
Debian GNU/Linux 預設 mysql 的 binary log 檔會保留10天 ( /var/log/mysql/mysql-bin.xxxxxx ),當硬碟空間(/var分割區)不是很大且mysql的資料量又不小時,常常因為保留太多的 binary log 而造成空間不足。
解法如下:
(開啟 mysql設定檔) vi /etc/mysql/my.cnf
(找到以下部份)
# The following can be used as easy to replay backup logs or for replication.
#server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
(把預設保留天數改成3天)expire_logs_days = 3
改完之後記得重新啟動 mysql 就一切搞定了。 (重新啟動時就會自動刪去超過3天的 binary log)
另外1…
mysqladmin flush-logs 可以立刻 rotate binary log ,如果確定 rotate 過的 log 是不需要的備份,那就能隨意刪除了。
另外2… 底下這篇有很棒的教學,教我們如何自 binary log 中把資料庫還原回來。
Source: Restoring lost data from the Binary Update Log
% mysqlbinlog hostname-bin.001 重播資料庫變動過程
% mysqlbinlog --database=phpBB2 hostname-bin.108 重播 phpBB2 資料庫變動過程
% mysqlbinlog --database=phpBB2 hostname-bin.108 | mysql phpBB2 還原 phpBB2 資料庫
Source: DFB - Debian for Beginners
以下內容乃節錄自上方 DFB 網址。
DFB 的目標為,製作一個非常適合初學者安裝且具備高度親和力的 Debian 發行版本。目前實作使用 Debian 4.0 stable(etch),並且對於中文環境(字型、輸入法及列印)做出自動調效及最佳化,並且絕對 100% 相容 Debian 。
實做規格
* 專案目標:打造成適合初學者安裝的 Debian ,且具備高度親和力的發行版本
* 專案原則:100% 相容 Debian,必須和自己安裝後手動調校的 debian 一樣
* 基礎系統:使用 Debian 4.0 stable(etch)
* 套件庫:使用 Debian 官方套件庫,並加入 Volatile, debian-multimedia.org, backports.org 等
* 中文環境調校:預設啟用 firefly 的 embedded 字型(使用 ttf-arphic-uming)、粗體斜體、中文輸入法及原住民語輸入法
* UTF-8 環境:預設使用 zh_TW.UTF-8 locale
詳細軟體環境
* 中文輸入法:scim
* 瀏覽器:iceweasel(firefox) + Flash plugin + Sun Java5 plugin
* 郵件軟體:evolution
* 辦公室軟體:OpenOffice.org 2
* 繪圖軟體:GIMP, inkscape, dia, freemind
* 秀圖軟體:gthumb
* 照片管理軟體:f-spot
* 漫畫閱讀軟體: comix
* 即時通訊:GAIM (加掛 guification 外掛)、 Skype (請自行啟用 sources.list 內的 skype 官方套件庫安裝)
* P2P:gnome-btdownload
* 有線/無線網路設定:Network Maneger
* 網路防火牆設定工具:Firestarter
* BBS 連線:pcmanx-gtk2
* Java 環境:Sun Java5 以及中文設定
* 編輯器:gedit, gvim 等
* 套件管理:Synaptic
* 檔案管理: pcmanfm, nautilus
* 多媒體播放:MPlayer, xine, totem
* 影像編輯: Kino
* 音樂播放:rhythmbox, audacious
* 光碟燒錄:gnomebaker
* 翻譯軟體:StarDict (包含一套牛津現代英漢雙解詞典 IPA 版)
* PDF 瀏覽:Acrobat Reader, Evince
* 支援 Unicode 的 Terminal:mlterm, rxvt, gnome-terminal
* 壓縮軟體:Fill-Roller
* 遊戲:supertux, ketm, gtetrinet(可連線到 game.debian.org.tw 伺服器進行網路對戰) , frozen-bubble
* 隨插即用:HAL、udev與檔案管理器和系統整合
Source: Debian Administration :: Filtering traffic based on thousands of IPs efficiently
Posted by uljanow on Wed 4 Jul 2007 at 11:11
Trying to insert 70.000 rules in iptables on a recent machine takes about an hour and going through these rules for each packet is even more of a burden. But iptables can send packets to userspace to be handled there. This article describes how to filter network traffic based on thousands of IPs with a new tool called nfqueue efficiently.
nfqueue requires a 2.6.14 kernel or later with the option CONFIG_NETFILTER_XT_TARGET_NFQUEUE enabled (module or build-in). On a standard Debian installation (Etch) the additional packages libnetfilter-queue1 and
Install prerequisites
aptitude install libnetfilter-queue1 libnfnetlink1
Get the Debian nfqueue package and install it
wget http://nfqueue.sf.net/debian/nfqueue_0.11-1_i386.deb
dpkg -i nfqueue_0.11-1_i386.deb
IP ranges are specified in p2p, dat, csv text files or in nfq binary format.
A p2p format looks like this:
foo : 127.0.0.1 - 127.0.0.2
A dat file looks like this:
127.0.0.1, 127.0.0.2, <0-255>, foo
(Values less than 127 are dropped.)
For available lists take a look at /usr/share/doc/nfqueue/README.lists.
Sending packets to userspace is done by using the NFQUEUE target. E.g:
iptables -I INPUT -p all -j NFQUEUE
From userspace there are basically 3 things one can do with packets.
Repeating Packets sends them back to the chain (IN-, OUTPUT or FORWARD) they came from. Since this could lead to endless loops marking packets is possible. The other options Accept and Drop are terminating targets. See "man 1 nfqueue" for more details.
Get the csv file from webhosting.info
wget http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip
Let's assume we want to block the whole US. First we put the ip ranges of the USA into a nfq binary to make loading faster.
unzip -c ip-to-country.csv.zip | grep -i usa | \
nfqueue -t repeat -o usa.nfq -
The easy way now would be to use the /usr/share/doc/nfqueue/nfqueue.sh script which I will explain later. Updating these values is all that needs to be done:
INPUT_FILES=/path/to/usa.nfq
OUTPUT_FILES=/path/to/usa.nfq
Run:
nfqueue.sh start
nfqueue.sh stop
nfqueue.sh status
Packets are filtered in the INPUT and OUTPUT chain. For each new connection (both directions) nfqueue looks if the IP is specified in usa.nfq. If the IP is found then it gets marked and repeated so that it can be rejected by iptables. If the IP is not found nfqueue marks the packet to avoid looping forever and sends it back (repeat again) to be handled by the rest of the iptables configuration.
The script only rejects packets from clients specified in files and the rest is handled by your iptables configuration.
Note that the script rejects packet properly instead of just dropping.
There is also an ipset tool from netfiler.org which requires kernel-patching and some scripting to parse the IPs from files and insert them.
Source: Cisco 7200 Simulator » Blog Archive » Ghost RAM feature
Address : <http://www.ipflow.utc.fr/blog/?p=43>
Source: Dynamips / Dynagen Tutorial
Address : <http://dynagen.org/tutorial.htm>
動畫教學
Source: Tips and Tutorials - Linux .: Cisco :. VOIP » Cisco - Dynagen / Dynamips Basic T1 Configuration
Address : <http://www.blindhog.net/cisco-dynagen-dynamips-basic-t1-configuration/>
更多圖解教學
Source: Cisco - Dynamips simple hub configuration
Address : <http://www.blindhog.net/category/dynamips/>
Buggy routers may cause network problems
If you experience network problems during the installation, this may be caused by a router somewhere between you and the Debian mirror that doesn't correctly handle window scaling. See #401435 and this kerneltrap article for details.
You can work around this issue by disabling TCP window scaling. Activate a shell and enter the following command:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
For the installed system you should probably not completely disable TCP window scaling. The following command will set ranges for reading and writing that should work with almost any router:
echo 4096 65536 65536 >/proc/sys/net/ipv4/tcp_rmem
echo 4096 65536 65536 >/proc/sys/net/ipv4/tcp_wmem
當硬碟的 MBR 被愚蠢的 Windows 拿去時,執行下列動作可以把 grub 重新安裝到 MBR.
To get back our grub first stage boot, here a procedure you can use.
Boot from debian CD choosing linux2.4 kernel (default) Change to console 2 with alt + F2 keystrokes Make a new dir to mount the boot partition, for example /disk mount the root partition on /disk: mount /dev/hda2 /disk (This is /dev/hda2 on my system) Do a chroot to the root partition: issuing chroot /disk Run grub command to enter grub shell: grub Type in the root disk for grub, for example: root (hd0,1) Type the following command to install grub on /dev/hda: setup (hd0) Last step, type quit, exit from chroot, unmount all disks and reboot : quit
VFS : Cannot open root device "802" or unknown-block(8,2)
Please append a corect "root=" boot option
Kernel panic: VFS: Unable to mount root fs on unknown-block(8,2)
我在 IBM Netfinity 3500 與 HP DL370 升級 Linux Kernel 都遇過此問題,也一直不解為何會如此,早知道有解就該多找找 Google ... 冏rz
以下是找到的解法...
這一篇是說明問題,問題在於 升級後的 kernel 的 initrd.img 沒有內含 ext3 的 module (ext3.ko) ,所以開機時就無法讀入 ext3 的分割區,開機當然就失敗啦~
Linux Kernel panic VFS Unable to mount root fs and solution | Frequently Asked Questions
Q. I am using Linux on HP server and I am getting error that read root file system , Linux Kernel panic: VFS: Unable to mount root fs on unknown-block(8,2) . How do I solve this problem?
A. Most modern distributions including Debian uses loadable kernel module for ext3 file system. So to read ext3/ext2 file system kernel must load ext3 kernel module (ext3.ko).
This module is included in an initrd image. If an initrd image is missing or that image does not include suitable kernel modules to access the ext3 filesystem on the partition, an error message (Linux Kernel panic: VFS: Unable to mount root fs on unknown-block(8,2) will be displayed to you.
To solve this problem you need to use mkinitrd script that constructs a directory structure that can serve as an initrd root file system.
解決方法就是,自已再做一個 initrd.img 並把 ext3 的 module 包進入,以下是做法:
Source: Rebuild the initial ramdisk image | Frequently Asked Questions
Q: I think I am missing some driver or my initial ramdisk is corrupted for running kernel how do I Rebuild the initial ramdisk image under Linux?
A: You need ramdisk if you have added new hardware devices such as SCSI or FibreChannel controller to your server as the ramdisk contains the necessary modules (i.e. drivers) to initialize hardware driver. If you modified the /etc/modprob.conf (or modules.conf) file then you need to execute special script called mkinitrd.
The mkinitrd script constructs a directory structure that can serve as an initrd root file system. It then generates an image containing that directory structure using mkcramfs, which can be loaded using the initrd mechanism. The kernel modules for the specified kernel version will be placed in the directory structure. If version is omitted(省略), it defaults to the version of the kernel that is currently running.
Find out your kernel version:
# uname -r 先確認 kernel 版本
2.6.15.4
Make backup of existing ram disk: 做個備份
# cp /boot/initrd.$(uname -r).img /root
To create initial ramdisk image type following command as the root user:
# mkinitrd -o /boot/initrd.$(uname -r).img $(uname -r) 製作 initrd.img
# ls -l /boot/initrd.$(uname -r).img
You may need to modify grub.conf to point out to correct ramdisk image, make sure following line existing in grub.conf file:
initrd /boot/initrd.img-2.6.15.4.img 在 grub.conf 裏指定正確的 initrd.img
When the system boots using an initrd image created by mkinitrd command, the
linuxrc will wait for an amount of time which is configured through mkinitrd.conf, during which it may be interrupted by pressing ENTER. After that, the modules specified in will be loaded.
講了很多 initrd.img ,現在來解釋一下 什麼是 initrd... 簡單說就是 Initial Ramdisk 的縮寫,為了解決開機時有關雞生蛋或蛋生雞的問題… 說明:root file system 是 ext3 ,但是 ext3 並未包含在 kernel 裏,而是做成 loadable module ,這樣開機時 kernel 就讀不到 root file system 了… 即使是 kernel 想載入 ext3 module,可是對這 module 在 ext3 的 file system 裏啊~ 哈 真是有趣,果然是雞跟蛋的問題… 這個initrd 會產生一個 image 檔,裏面會有一個 filesystem ,並也建構了 modules 的目錄與放進了 module,這樣 kernel 就能載入這些 module了,然後就能把 root filesystem 掛載起來,繼續完開機的動作。
Source: Digital Hermit - Kernel-Build-HOWTO
Create Initial RAMDisk
If you have built your main boot drivers as modules (e.g., SCSI host adapter, filesystem, RAID drivers) then you will need to create an initial RAMdisk image. The initrd is a way of sidestepping the chicken and egg problem of booting -- drivers are needed to load the root filesystem but the filesystem cannot be loaded because the drivers are on the filesystem. As the manpage for mkinitrd states:
mkinitrd creates filesystem images which are suitable for use as Linux initial
ramdisk(initrd) images. Such images are often used for preloading the
block device modules (such as IDE, SCSI or RAID) which are needed to access the
root filesystem. mkinitrd automatically loads filesystem modules (such as
ext3 and jbd), IDE modules,all scsi_hostadapter entries in /etc/modules.conf,
and raid modules if the systems root partition is on raid, which makes it
simple to build and use kernels using modular device drivers.
--MKINITRD(8)
To create the initrd, do the following:
$ mkinitrd /boot/initrd-2.6.0.img 2.6.0
Some versions of mkinitrd may require other options to specify the location of the new kernel. On SuSe 9.0, for example, the following syntax is required:
$ mkinitrd -k vmlinux-VERSION -i initrd-VERSION
php4.1.2 起,更改 register_globals off (php.ini)
register_globals boolean
Whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables
as global variables.
As of PHP 4.2.0, this directive defaults to off.
Please read the security chapter on Using register_globals for related information.
Please note that register_globals cannot be set at runtime (ini_set()). Although, you
can use .htaccess if your host allows it as described above. An example .htaccess entry:
php_flag register_globals off.
注: register_globals is affected by the variables_order directive.
This directive was removed in PHP 6.0.0.
關於使用 register_globals On 的風險,請參考
PHP: Using Register Globals - Manual
Address : <http://tw.php.net/manual/tw/security.globals.php>
取得變數可改用以下方式宣告。
建議只用 POST ,以免有 sql injecktion 的風險。
while(list($key, $value) = each($_GET))
{
${$key} = $value;
}
while(list($key, $value) = each($_POST))
{
${$key} = $value;
}
2007-4-26 5:20 紀錄一下,我的第一台Debian 4.0r0 升級完成,過程中還是有出了些問題,升級後apache, bind9也啟動失敗… 嘿嘿嘿 繼續打拼吧~
後記1.
named.conf.options 裏有個 listern-v6 的變數擺放在 log 裏是錯的,所以造成 bind9 無法啟動
後記2.
apache 會依 /etc/hostname 裏的紀錄,去找自己這台電腦對映的 IP , 我的機器沒有 A 紀錄,所以啟動失敗,所性只保留電腦主機名稱,去掉 domain name ,再把 /etc/hosts 裏的紀錄寫好,就正常啦
後記3.
smokeping 重啟也失敗,因為當初建立一些 rrd 檔時,可能就有問題了,所以新版的 smokeping 無法正常寫入 rrd 檔,建議砍掉或修正設定檔… 我選擇砍了,因為有問題的這些資料不太重要,重要的都沒事… 呼~ 還好。
後記4.
cacti 也升級了… 第一次連入時,會重導到升級的頁面,依指示按幾個確定鈕,程式寫的很棒,自動升級沒有任何失誤。
後記5.
整個升級過程中, snmp設定失敗(postconfig),重新執行一次 aptitude upgrade 也不行,最後執行 aptitude install /var/cache/apt/archives/snmp* 就搞定了。
後記6.
ntop 有些 rrd 檔的權限錯誤,對這些檔案執行 chown -R ntop:ntop * 就好了。
後記x.
過程不是完全順利,但還是升級成功了,蠻高興的 哈哈哈~
後記x+1.
簡單寫一下升級指令
確認沒有 hold 的 packages
# dpkg --audit
如果有的話
# aptitude unhold package_name
# dpkg --get-selections "*" > ~/curr-pkgs-list-20070426.txt
備份
# cd / && tar zcvpf /mnt/pc1/debian3-bak/bak-20070426.tgz ~/curr-pkgs-list-20070426.txt etc/* /var/lib/dpkg/* var/cache/bind/*
非官方的source最好暫時拿掉
可以參考 http://www.debian.org/distrib/ftplist
# vi /etc/apt/sources.list
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb-src http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org/ stable/updates main contrib non-free
deb ftp://debian.linux.org.tw/debian/ stable main non-free contrib
deb-src ftp://debian.linux.org.tw/debian/ stable main non-free contrib
deb ftp://ftp.tku.edu.tw/OS/Linux/distributions/debian/ stable main non-free contrib
deb-src ftp://ftp.tku.edu.tw/OS/Linux/distributions/debian/ stable main non-free contrib
# new sources for 4.0r0
deb http://ftp.tw.debian.org/debian/ stable main non-free contrib
deb http://debian.csie.ntu.edu.tw/debian/ stable main non-free contrib
deb http://linux.cdpa.nsysu.edu.tw/debian/ stable main non-free contrib
deb http://opensource.nchc.org.tw/debian/ stable main non-free contrib
deb http://debian.nctu.edu.tw/debian/ stable main non-free contrib
#deb http://mirror.nttu.edu.tw/debian/ stable main non-free contrib
#deb http://debian.csie.nctu.edu.tw/debian/ stable main non-free contrib
也可以把source同步過來後,以 file: 的方式來指定來源
deb file:/var/ftp/debian etch main contrib
或是以 4.0r0 光碟來當來源
改 /etc/fstab 加入 /dev/hdc /cdrom auto defaults,noauto,ro 0 0
確認 mount 後可讀的話就執行 apt-cdrom add 讓系統自動加入
可以錄下安裝過程的畫面
# script -t 2>~/upgrade-etch.time -a ~/upgrade-etch.script
下面是重播過程的指令
# scriptreplay ~/upgrade-etch.time ~/upgrade-etch.script
準備工夫完畢
開始升級
# aptitude update
確認空間足夠 免得失敗 冏~
# aptitude -y -s -f --with-recommends dist-upgrade
# aptitude upgrade
# aptitude install initrd-tools
(This step will automatically upgrade libc6 and locales and will pull in SELinux support libraries (libselinux1).)
我沒裝 X window 所以略過 4.5.4.1 Upgrading a desktop system 與 4.5.4.2 Upgrading a system with some X packages installed ,有的人請自行參考 http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.en.html
升級 kernel
# aptitude install linux-image-2.6-flavor
(我的主機CPU是P3 所以選了 aptitude install linux-image-2.6-686)
大升級
# aptitude dist-upgrade
更新 apt keys
# aptitude update
# /sbin/lilo
-->