喜欢这个,够简单。
ubuntu初始化iptables的做法。
[
| 
2008/02/25 10:28]
| 2008/02/25 10:28]
简要描述:ubuntu里面没有像RedHat系列里面现成的iptables脚本,需要自己来手动编写。所以自己弄一个吧。下面提供了一个。其次,对于sys V这些东西需要安装附件软件来控
制。如:rcconf,将脚本添加至/etc/init.d下可以自动运行。
简要脚本如下:
#!/bin/bash
case "$1" in
start)
echo -n "Staring to write your Iptbales:..."
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP
echo "Ok"
;;
stop)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
echo "Ok"
;;
restart)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
echo "Ok"
echo -n "Staring to write your Iptbales:..."
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP
echo "Ok"
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
exit 0
添加到其它启动级别
apt-get install rcconf
从误删除/etc/apache2目录谈rpm与dpkg的包对比管理。
[| 2007/10/31 16:04]
| 2007/10/31 16:04]
从误删除/etc/apache2目录谈rpm与dpkg的包对比管理。
那天一个同事由于不爽配置文件出错。一怒之下将ubnut 7.04下/etc/apache2目录删除了。我当时好奇做过去研究了一下。发现/etc/apache2目录下多半是由apache2-common这个包产生的。于是想到了覆盖安装。心想,这个还不简单。在rpm使用下,可以一个--froce搞定。先不说如何解决的。先来复习一下rpm的常用查询命令。并且做了个列表用来对比。
1:查询某个文件属于哪个软件包
-------------------------------------------------------------------------------------
[root@server ~]# rpm -qf /etc/httpd/conf/httpd.conf
httpd-2.2.3-6.el5
-------------------------------------------------------------------------------------
root@fixip:/etc/apache2# dpkg -S /etc/apache2/apache2.conf
apache2.2-common: /etc/apache2/apache2.conf
-------------------------------------------------------------------------------------
2:查询某个包产生的文件列表
-------------------------------------------------------------------------------------
[root@server Server]# rpm -ql tree (未安装的包可以用p参数:-qpl 完整包名)
/usr/bin/tree
/usr/share/doc/tree-1.5.0
/usr/share/doc/tree-1.5.0/README
/usr/share/man/man1/tree.1.gz
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -L tree (可以用-c 必须用完整包名)
/.
/usr
/usr/bin
/usr/bin/tree
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/tree.1.gz
/usr/share/doc
/usr/share/doc/tree
/usr/share/doc/tree/README
/usr/share/doc/tree/copyright
/usr/share/doc/tree/changelog.gz
/usr/share/doc/tree/changelog.Debian.gz
-------------------------------------------------------------------------------------
3:查询已所有的安装包
[root@server Server]# rpm -qa
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -l
.......
ii time 1.7-21build1 The GNU time program for measuring cpu resource usage
ii tzdata 2007f-3ubuntu1 time zone and daylight-saving time data
ii ubuntu-keyring 2007.06.11 GnuPG keys of the Ubuntu archive
ii ubuntu-minimal 1.79 Minimal core of Ubuntu
ii ubuntu-standard 1.79 The Ubuntu standard system
ii ucf 3.001 Update Configuration File: preserves user changes to config
.......
-------------------------------------------------------------------------------------
4:查询安装包的信息
-------------------------------------------------------------------------------------
[root@server Server]# rpm -qi tree
Name : tree Relocations: /usr
Version : 1.5.0 Vendor: Red Hat, Inc.
Release : 4 Build Date: Sat 15 Jul 2006 11:08:46 AM CST
Install Date: Mon 15 Oct 2007 10:07:08 AM CST Build Host: hs20-bc2-2.build.redhat.com
Group : Applications/File Source RPM: tree-1.5.0-4.src.rpm
Size : 41796 License: GPL
Signature : DSA/SHA1, Fri 19 Jan 2007 12:22:37 AM CST, Key ID 5326810137017186
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://mama.indstate.edu/users/ice/tree/
Summary : A utility which displays a tree view of the contents of directories.
Description :
The tree utility recursively displays the contents of directories in a
tree-like format. Tree is basically a UNIX port of the DOS tree
utility.
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -p tree (当查询未安装包,用I)
Package: tree
Priority: optional
Section: utils
Installed-Size: 92
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Architecture: i386
Version: 1.5.1.1-1
Depends: libc6 (>= 2.6-1)
Size: 28414
Description: displays directory tree, in color
Displays an indented directory tree, using the same color assignments as
ls, via the LS_COLORS environment variable.
.
Homepage: http://mama.indstate.edu/users/ice/tree/
Original-Maintainer: Florian Ernst <florian@debian.org>
-------------------------------------------------------------------------------------
5:检验包完整
rpm -V
dpkg -s
下面说一下,处理那个安装包的问题。google了半天没有解决办法。自己man解决掉了。
1:首先判断一下/etc/apache2是谁提供的。(切忌:目录后面不要加"/".)
root@fixip:~# dpkg -S /etc/apache2
apache2.2-common: /etc/apache2
2:那就查一下覆盖命令(从dpkg -h获取):
root@fixip:~# dpkg --force-help
dpkg forcing options - control behaviour when problems found:
warn but continue: --force-<thing>,<thing>,...
stop with error: --refuse-<thing>,<thing>,... | --no-force-<thing>,...
Forcing things:
all [!] Set all force options
downgrade [*] Replace a package with a lower version
configure-any Configure any package which may help this one
hold Process incidental packages even when on hold
bad-path PATH is missing important programs, problems likely
not-root Try to (de)install things even when not root
overwrite Overwrite a file from one package with another
overwrite-diverted Overwrite a diverted file with an undiverted version
bad-verify Install a package even if it fails authenticity check
depends-version [!] Turn dependency version problems into warnings
depends [!] Turn all dependency problems into warnings
confnew [!] Always use the new config files, don't prompt
confold [!] Always use the old config files, don't prompt
confdef [!] Use the default option for new config files if one
is available, don't prompt. If no default can be found,
you will be prompted unless one of the confold or
confnew options is also given
confmiss [!] Always install missing config files
conflicts [!] Allow installation of conflicting packages
architecture [!] Process even packages with wrong architecture
overwrite-dir [!] Overwrite one package's directory with another's file
remove-reinstreq [!] Remove packages which require installation
remove-essential [!] Remove an essential package
WARNING - use of options marked [!] can seriously damage your installation.
Forcing options marked [*] are enabled by default.
3:
那天一个同事由于不爽配置文件出错。一怒之下将ubnut 7.04下/etc/apache2目录删除了。我当时好奇做过去研究了一下。发现/etc/apache2目录下多半是由apache2-common这个包产生的。于是想到了覆盖安装。心想,这个还不简单。在rpm使用下,可以一个--froce搞定。先不说如何解决的。先来复习一下rpm的常用查询命令。并且做了个列表用来对比。
1:查询某个文件属于哪个软件包
-------------------------------------------------------------------------------------
[root@server ~]# rpm -qf /etc/httpd/conf/httpd.conf
httpd-2.2.3-6.el5
-------------------------------------------------------------------------------------
root@fixip:/etc/apache2# dpkg -S /etc/apache2/apache2.conf
apache2.2-common: /etc/apache2/apache2.conf
-------------------------------------------------------------------------------------
2:查询某个包产生的文件列表
-------------------------------------------------------------------------------------
[root@server Server]# rpm -ql tree (未安装的包可以用p参数:-qpl 完整包名)
/usr/bin/tree
/usr/share/doc/tree-1.5.0
/usr/share/doc/tree-1.5.0/README
/usr/share/man/man1/tree.1.gz
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -L tree (可以用-c 必须用完整包名)
/.
/usr
/usr/bin
/usr/bin/tree
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/tree.1.gz
/usr/share/doc
/usr/share/doc/tree
/usr/share/doc/tree/README
/usr/share/doc/tree/copyright
/usr/share/doc/tree/changelog.gz
/usr/share/doc/tree/changelog.Debian.gz
-------------------------------------------------------------------------------------
3:查询已所有的安装包
[root@server Server]# rpm -qa
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -l
.......
ii time 1.7-21build1 The GNU time program for measuring cpu resource usage
ii tzdata 2007f-3ubuntu1 time zone and daylight-saving time data
ii ubuntu-keyring 2007.06.11 GnuPG keys of the Ubuntu archive
ii ubuntu-minimal 1.79 Minimal core of Ubuntu
ii ubuntu-standard 1.79 The Ubuntu standard system
ii ucf 3.001 Update Configuration File: preserves user changes to config
.......
-------------------------------------------------------------------------------------
4:查询安装包的信息
-------------------------------------------------------------------------------------
[root@server Server]# rpm -qi tree
Name : tree Relocations: /usr
Version : 1.5.0 Vendor: Red Hat, Inc.
Release : 4 Build Date: Sat 15 Jul 2006 11:08:46 AM CST
Install Date: Mon 15 Oct 2007 10:07:08 AM CST Build Host: hs20-bc2-2.build.redhat.com
Group : Applications/File Source RPM: tree-1.5.0-4.src.rpm
Size : 41796 License: GPL
Signature : DSA/SHA1, Fri 19 Jan 2007 12:22:37 AM CST, Key ID 5326810137017186
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://mama.indstate.edu/users/ice/tree/
Summary : A utility which displays a tree view of the contents of directories.
Description :
The tree utility recursively displays the contents of directories in a
tree-like format. Tree is basically a UNIX port of the DOS tree
utility.
-------------------------------------------------------------------------------------
root@fixip:/var/cache/apt/archives# dpkg -p tree (当查询未安装包,用I)
Package: tree
Priority: optional
Section: utils
Installed-Size: 92
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
Architecture: i386
Version: 1.5.1.1-1
Depends: libc6 (>= 2.6-1)
Size: 28414
Description: displays directory tree, in color
Displays an indented directory tree, using the same color assignments as
ls, via the LS_COLORS environment variable.
.
Homepage: http://mama.indstate.edu/users/ice/tree/
Original-Maintainer: Florian Ernst <florian@debian.org>
-------------------------------------------------------------------------------------
5:检验包完整
rpm -V
dpkg -s
下面说一下,处理那个安装包的问题。google了半天没有解决办法。自己man解决掉了。
1:首先判断一下/etc/apache2是谁提供的。(切忌:目录后面不要加"/".)
root@fixip:~# dpkg -S /etc/apache2
apache2.2-common: /etc/apache2
2:那就查一下覆盖命令(从dpkg -h获取):
root@fixip:~# dpkg --force-help
dpkg forcing options - control behaviour when problems found:
warn but continue: --force-<thing>,<thing>,...
stop with error: --refuse-<thing>,<thing>,... | --no-force-<thing>,...
Forcing things:
all [!] Set all force options
downgrade [*] Replace a package with a lower version
configure-any Configure any package which may help this one
hold Process incidental packages even when on hold
bad-path PATH is missing important programs, problems likely
not-root Try to (de)install things even when not root
overwrite Overwrite a file from one package with another
overwrite-diverted Overwrite a diverted file with an undiverted version
bad-verify Install a package even if it fails authenticity check
depends-version [!] Turn dependency version problems into warnings
depends [!] Turn all dependency problems into warnings
confnew [!] Always use the new config files, don't prompt
confold [!] Always use the old config files, don't prompt
confdef [!] Use the default option for new config files if one
is available, don't prompt. If no default can be found,
you will be prompted unless one of the confold or
confnew options is also given
confmiss [!] Always install missing config files
conflicts [!] Allow installation of conflicting packages
architecture [!] Process even packages with wrong architecture
overwrite-dir [!] Overwrite one package's directory with another's file
remove-reinstreq [!] Remove packages which require installation
remove-essential [!] Remove an essential package
WARNING - use of options marked [!] can seriously damage your installation.
Forcing options marked [*] are enabled by default.
3:
今天在Ubuntu7.04下的一个错误!
[| 2007/09/06 14:19]
| 2007/09/06 14:19]
今天想安装一个CentOS 5在一台已有Ubuntu7.04的操作系统上。
当时想用网络安装的方法,做个USB安装盘。正好用这个Ubuntu7.04做一下吧。
当时执行了:
dd if=diskboot.img of=/dev/sda
哈哈!正是这个命令,让我的数据都丢了。郁闷啊!
知道为什么吗?因为那个sda是我的ata硬盘,不知道为什么7.04的版本会将以前的hda直接变成sda。所以本应是sda的移动硬盘,现在其实是sdb,怪我自己,当时为什么不fdisk -l一下。记得当时好像也执行了。不过没有注意。
最搞笑的是,启动后我竟然完全没有发觉。因为它确实启动到了CentOS 5 的安装画面。哈哈!搞笑啊!
直到提示我,我的硬盘是一个loop镜像,我才意识到。疏忽啊!
待解决:为什么hda会是sda???
当时想用网络安装的方法,做个USB安装盘。正好用这个Ubuntu7.04做一下吧。
当时执行了:
dd if=diskboot.img of=/dev/sda
哈哈!正是这个命令,让我的数据都丢了。郁闷啊!
知道为什么吗?因为那个sda是我的ata硬盘,不知道为什么7.04的版本会将以前的hda直接变成sda。所以本应是sda的移动硬盘,现在其实是sdb,怪我自己,当时为什么不fdisk -l一下。记得当时好像也执行了。不过没有注意。
最搞笑的是,启动后我竟然完全没有发觉。因为它确实启动到了CentOS 5 的安装画面。哈哈!搞笑啊!
直到提示我,我的硬盘是一个loop镜像,我才意识到。疏忽啊!
待解决:为什么hda会是sda???
Ubuntu下CGI的安装
[| 2007/07/18 16:51]
| 2007/07/18 16:51]
参考文档:
http://www.kingmx.com/Manual/ApacheMenu/howto/cgi.html
http://forum.ubuntu.org.cn/about60473.html&sid=ba2da03f87e156f358667ad6a4741f3c
第二篇文档代码那里有错误。请参照第一个文档的代码。先解决这个错误。
错误提示:apache 的日志显示 “Premature end of script headers”
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
即使不熟悉Perl语言,你也应该能看出它干了什么。第一行,告诉Apache这个文件可以用/usr/bin/perl(或者任何你正在使用的shell)解释并执行。第二行,打印上述要求的内容类型说明,并带有两个换行,在头后面留出空行,以示HTTP头的结束。第三行,打印文字"Hello, World."。程序到此结束。
安装过程参考:
I:安装模块
sudo apt-get install libapache2-mod-perl2
II:修改apache2.conf,
将原
#AddHandler cgi-script .cgi
修改为
AddHandler cgi-script .cgi .pl
III:默认虚拟主机修改
<Directory "/home/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
VI:编写第一个CGI程序
root@kook:/home/cgi-bin# cat > /home/cgi-bin/helloworld.pl << EOF
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
EOF
V:查看效果,访问http://127.0.0.1/cgi-bin/helloworld.pl
http://www.kingmx.com/Manual/ApacheMenu/howto/cgi.html
http://forum.ubuntu.org.cn/about60473.html&sid=ba2da03f87e156f358667ad6a4741f3c
第二篇文档代码那里有错误。请参照第一个文档的代码。先解决这个错误。
错误提示:apache 的日志显示 “Premature end of script headers”
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
引用
即使不熟悉Perl语言,你也应该能看出它干了什么。第一行,告诉Apache这个文件可以用/usr/bin/perl(或者任何你正在使用的shell)解释并执行。第二行,打印上述要求的内容类型说明,并带有两个换行,在头后面留出空行,以示HTTP头的结束。第三行,打印文字"Hello, World."。程序到此结束。
安装过程参考:
I:安装模块
sudo apt-get install libapache2-mod-perl2
II:修改apache2.conf,
将原
#AddHandler cgi-script .cgi
修改为
AddHandler cgi-script .cgi .pl
III:默认虚拟主机修改
<Directory "/home/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
VI:编写第一个CGI程序
root@kook:/home/cgi-bin# cat > /home/cgi-bin/helloworld.pl << EOF
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
EOF
V:查看效果,访问http://127.0.0.1/cgi-bin/helloworld.pl
修改Debian,Ubuntu的默认编辑器。
[| 2007/06/13 17:13]
| 2007/06/13 17:13]
如下:
root@kook:~# update-alternatives --config editor
There are 3 alternatives which provide `editor'.
Selection Alternative
-----------------------------------------------
1 /usr/bin/vim.tiny
2 /bin/ed
*+ 3 /bin/nano
Press enter to keep the default[*], or type selection number: 1
Using `/usr/bin/vim.tiny' to provide `editor'.
root@kook:~# update-alternatives --config editor
There are 3 alternatives which provide `editor'.
Selection Alternative
-----------------------------------------------
1 /usr/bin/vim.tiny
2 /bin/ed
*+ 3 /bin/nano
Press enter to keep the default[*], or type selection number: 1
Using `/usr/bin/vim.tiny' to provide `editor'.
