随笔-122  评论-194  文章-0  trackbacks-0
  2010年4月20日
http://mathias-kettner.de/checkmk_livestatus.html下载并解压最新的包:
check_mk-1.2.1i3.tar.gz

再解压其中的到livestatus目录:
livestatus.tar.gz

进入:livestatus/src

再:make clean livestatus.o

会发现一堆错误,根据编译NDO的选项:
ndoutils-1.4b7/src:
make clean ndomod-3x.o gcc -fno-common -g -O2 -DHAVE_CONFIG_H -D BUILD_NAGIOS_3X -o ndomod-3x.o ndomod.c io.o utils.o -bundle -flat_namespace -undefined suppress -lz

在最后的编译选项里添上:
-flat_namespace -undefined suppress -lz

就可以编译出: livestatus.o



--------------------------
livecheck编不过,报找不到n_short:
ip_icmp.h:92: error: expected specifier-qualifier-list before ‘n_short’

vi ./check_icmp.c 
把这个调整到INCLUDE序列的最后即可:
#include "/usr/include/netinet/ip_icmp.h"
posted @ 2012-12-21 07:00 我爱佳娃 阅读(1389) | 评论 (0)编辑 收藏
     摘要:

场景

想要用到的场景:用户访问WEB服务,WEB访问非WEB服务1,服务1又再访问2、3,合并计算后,把数据返回给WEB及前端用户。想让访问链上的所有服务都能得到认证和鉴权,认为本次请求确实是来自用户的。所以想到用CAS,让用户在一点登录,所有服务都到此处认证和鉴权。

  阅读全文

posted @ 2012-12-01 10:43 我爱佳娃 阅读(8623) | 评论 (3)编辑 收藏

Setting Up SSL on Tomcat in 5 minutes (https://localhost:8443)

June 30, 2011 | By 

This tutorial will walk you through how to configure SSL (https://localhost:8443 access) on Tomcat in 5 minutes.

apache tomcat Setting Up SSL on Tomcat in 5 minutes (https://localhost:8443)

For this tutorial you will need:

  • Java SDK (used version 6 for this tutorial)
  • Tomcat (used version 7 for this tutorial)

The set up consists in 3 basic steps:

  1. Create a keystore file using Java
  2. Configure Tomcat to use the keystore
  3. Test it
  4. (Bonus ) Configure your app to work with SSL (access through https://localhost:8443/yourApp)

1 – Creating a Keystore file using Java

Fisrt, open the terminal on your computer and type:

Windows:

cd %JAVA_HOME%/bin 

Linux or Mac OS:

cd $JAVA_HOME/bin 

The $JAVA_HOME on Mac is located on “/System/Library/Frameworks/JavaVM.framework/Versions/{your java version}/Home/

You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named keytool. This guy is responsible for generating the keystore file for us.

Next, type on the terminal:

keytool -genkey -alias tomcat -keyalg RSA 

When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):

loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA Enter keystore password:  password Re-enter new password: password What is your first and last name?   [Unknown]:  Loiane Groner What is the name of your organizational unit?   [Unknown]:  home What is the name of your organization?   [Unknown]:  home What is the name of your City or Locality?   [Unknown]:  Sao Paulo What is the name of your State or Province?   [Unknown]:  SP What is the two-letter country code for this unit?   [Unknown]:  BR Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?   [no]:  yes  Enter key password for 	(RETURN if same as keystore password):  password Re-enter new password: password 

It will create a .keystore file on your user home directory. On Windows, it will be on: C:\Documents and Settings\[username]; on Mac it will be on /Users/[username] and on Linux will be on /home/[username].

2 – Configuring Tomcat for using the keystore file – SSL config

Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.

Find the following declaration:

<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"     maxThreads="150" scheme="https" secure="true"     clientAuth="false" sslProtocol="TLS" /> --> 

Uncomment it and modify it to look like the following:

Connector SSLEnabled="true" acceptCount="100" clientAuth="false"     disableUploadTimeout="true" enableLookups="false" maxThreads="25"     port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"     protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"     secure="true" sslProtocol="TLS" /> 

Note we add the keystoreFilekeystorePass and changed the protocol declarations.

3 – Let’s test it!

Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.

Note if you try to access the default 8080 port it will be working too: http://localhost:8080

4 – BONUS - Configuring your app to work with SSL (access through https://localhost:8443/yourApp)

To force your web application to work with SSL, you simply need to add the following code to your web.xml file (before web-app tag ends):

<security-constraint> 	<web-resource-collection> 		<web-resource-name>securedapp</web-resource-name> 		<url-pattern>/*</url-pattern> 	</web-resource-collection> 	<user-data-constraint> 		<transport-guarantee>CONFIDENTIAL</transport-guarantee> 	</user-data-constraint> </security-constraint> 

The url pattern is set to /* so any page/resource from your application is secure (it can be only accessed with https). The transport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL.

If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply changeCONFIDENTIAL to NONE.

Referencehttp://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html (this tutorial is a little confusing, that is why I decided to write another one my own).

Happy Coding!

posted @ 2012-11-12 23:17 我爱佳娃 阅读(2972) | 评论 (0)编辑 收藏
EXTJS和D3都很强大,不解释了,把D3绘的图直接放到一个EXT的TAB里,直接上图上代码:


代码中的D3例子来自:
https://github.com/mbostock/d3/wiki/Force-Layout
可用于绘制拓扑结构图.
Ext.define('EB.view.content.SingleView', {
    extend : 'Ext.panel.Panel',
    alias : 'widget.singleview',

    layout : 'fit',

    title : 'single view',

    initComponent : function() {
        this.callParent(arguments);
    },

    onRender : function() {
        var me = this;

        me.doc = Ext.getDoc();
        me.callParent(arguments);

        me.drawMap();
    },

    drawMap : function() {
        var width = 960, height = 500

        var target = d3.select("#" + this.id+"-body");

        var svg = target.append("svg").attr("width", width).attr("height",
                height);

        var force = d3.layout.force().gravity(.05).distance(100).charge(-100)
                .size([width, height]);

                // get from: https://github.com/mbostock/d3/wiki/Force-Layout
                
// example: force-directed images and labels
        d3.json("graph.json", function(json) {
            force.nodes(json.nodes).links(json.links).start();

            var link = svg.selectAll(".link").data(json.links).enter()
                    .append("line").attr("class", "link");

            var node = svg.selectAll(".node").data(json.nodes).enter()
                    .append("g").attr("class", "node").call(force.drag);

            node.append("image").attr("xlink:href",
                    "https://github.com/favicon.ico").attr("x", -8).attr("y",
                    -8).attr("width", 16).attr("height", 16);

            node.append("text").attr("dx", 12).attr("dy", ".35em").text(
                    function(d) {
                        return d.name
                    });

            force.on("tick", function() {
                        link.attr("x1", function(d) {
                                    return d.source.x;
                                }).attr("y1", function(d) {
                                    return d.source.y;
                                }).attr("x2", function(d) {
                                    return d.target.x;
                                }).attr("y2", function(d) {
                                    return d.target.y;
                                });

                        node.attr("transform", function(d) {
                                    return "translate(" + d.x + "," + d.y + ")";
                                });
                    });
        });
    }

});
posted @ 2012-09-27 07:38 我爱佳娃 阅读(4146) | 评论 (0)编辑 收藏
到这里下载最新PKG:
http://www.mysql.com/downloads/

下来后先装:mysql-5.5.27-osx10.6-x86_64.pkg
它是装到/usr/local/mysql,到此目录运行下:
./scripts/mysql_install_db --user mysql

通过这个启动:
./bin/mysqld_safe

排错:
看下上面的LOG提示.
Can't find file: './mysql/host.frm' :一般是没权限,把DATA目录删除,再用上面命令建一次
unknow option:把/etc/my.cnf删除掉,里面有新版本不认识的上一版本遗留配置
说mysql.sock找不到,这个版本是在/tmp/目录下哦!

再把剩下两个包装了,就可以通过配置面板启动了:
MySQL.prefPane
MySQLStartupItem.pkg

下次升级可能要给下/usr/local/mysql/data目录的权限
posted @ 2012-08-05 16:43 我爱佳娃 阅读(2454) | 评论 (0)编辑 收藏
     摘要: 非常浅显易懂的PERL编码说明.
一目了然PERL编码,注意是转的  阅读全文
posted @ 2011-10-09 08:04 我爱佳娃 阅读(2961) | 评论 (0)编辑 收藏

下面以MAC为例,如果是LINUX需要把DYLD发为LD


把下面代码加到代码开头,它就可以自启动了,不需要再EXPORT或者-I


BEGIN {

        #需要加到LOADPATH的路径

my $need = '/usr/local/nagios/pkg/ebase/';


push @INC, $need;

if ( $^O !~ /MSWin32/ ) {

my $ld = $ENV{DYLD_LIBRARY_PATH};

if ( !$ld ) {

$ENV{DYLD_LIBRARY_PATH} = $need;

}

elsif ( $ld !~ m#(^|:)\Q$need\E(:|$)# ) {

$ENV{DYLD_LIBRARY_PATH} .= ':' . $need;

}

else {

$need = "";

}

if ($need) {

exec 'env', $^X, $0, @ARGV;

}

}

}

@import url(http://www.blogjava.net/CuteSoft_Client/CuteEditor/Load.ashx?type=style&file=SyntaxHighlighter.css);@import url(/css/cuteeditor.css);
posted @ 2011-10-03 21:37 我爱佳娃 阅读(1566) | 评论 (0)编辑 收藏

限制用在自己目文件:

建立nagiosdnld

指向软链接:/usr/local/nagios/dnld -> /Users/nagiosdnld/dnld

编辑/etc/sshd_config


Match User nagiosdnld

        X11Forwarding no

        AllowTcpForwarding no

        ForceCommand internal-sftp

        ChrootDirectory /Users/nagiosdnld


下服:

launchctl stop org.openbsd.ssh-agent

launchctl start org.openbsd.ssh-agent


@import url(http://www.blogjava.net/CuteSoft_Client/CuteEditor/Load.ashx?type=style&file=SyntaxHighlighter.css);@import url(/css/cuteeditor.css);
posted @ 2011-10-03 03:15 我爱佳娃 阅读(1615) | 评论 (0)编辑 收藏
     摘要: iostat 输出解析


1. /proc/partitions

对于kernel 2.4, iostat 的数据的主要来源是 /proc/partitions,而对于kernel 2.6, 数据主要来自/proc/diskstats或者/sys/block/[block-device-name]/stat。

先看看 /proc/partitions 中有些什么。

# cat /proc/partitions
major minor #blocks name rio rmerge rsect ruse wio wmerge wsect wuse running use aveq
  阅读全文
posted @ 2011-09-17 11:37 我爱佳娃 阅读(1471) | 评论 (0)编辑 收藏
@import url(http://www.blogjava.net/CuteSoft_Client/CuteEditor/Load.ashx?type=style&file=SyntaxHighlighter.css);@import url(/css/cuteeditor.css); @import url(http://www.blogjava.net/CuteSoft_Client/CuteEditor/Load.ashx?type=style&file=SyntaxHighlighter.css);@import url(/css/cuteeditor.css);
编译:
修改Makefile.PL:
$archname="universal64-macosx";

去除生成的makefile中所有-arch i386 -Werror

make all


最后把所有可执行文件拷到同一目录,再用
export DYLD_LIBRARY_PATH=/tmp/test
即可直接运行:

eb:tmp$ ls ./test/
Sigar.bundle cpu_info.pl
Sigar.pm libsigar-universal64-macosx.dylib
eb:tmp popeyecai$ perl -I./test ./test/cpu_info.pl 
2 total CPUs..
Vendor........Intel
Model.........Macmini4,1
Mhz...........2660
Cache size....3072
Vendor........Intel
Model.........Macmini4,1
Mhz...........2660
Cache size....3072
posted @ 2011-09-10 10:45 我爱佳娃 阅读(601) | 评论 (0)编辑 收藏
     摘要: Stl 删除元素注意事项      STL中的容器按存储方式分为两类,一类是按以数组形式存储的容器(如:vector 、deque);另一类是以不连续的节点形式存储的容器(如:list、set、map)。在使用erase方法来删除元素时,需要注意一些问题。      在使用 list、set 或 m...  阅读全文
posted @ 2011-07-18 17:02 我爱佳娃 阅读(1364) | 评论 (0)编辑 收藏
目的:
限制用户在特定目录(不能看到上级或者根目录)
只能执行scp或者sftp拷贝特别目录下的文件
不能SSH登陆,其它命令不能执行

机制:
SSH登陆成功后,scponly会接管SHELL,并CHROOT到特别目录,让用户“以为”这个目录就是根目录
它只会响应SFTP和SCP命令
只影响配置SHELL为SCPONLY的用户,其它用户不受影响

MAC下安装:
LINUX下安装SCPONLY非常简单,不多说,特说下MAC的
GOOGLE一下scponly,下载解压后编译安装:
./configure --enable-chrooted-binary --enable-rsync-compat --enable-scp-compat --enable-sftp-logging-compat --with-sftp-server=/usr/libexec/sftp-server
make clean all
sudo make install

会安装好:/usr/local/sbin/scponlyc

用workgroup manager建立下载用户,比方说是dnld,并配置其login shell到上述路径

因为CHROOT后执行的命令都以用户目录/Users/dnld做为根目录,所以要把scponly用到的scp和sftp-server两个可执行文件和信赖库拷到其下。以ROOT用户登录,且CD至/Users/dnld,执行以下脚本就会把这件事做好:
perl ./printlib.pl /usr/bin/scp
perl ./printlib.pl /usr/libexec/sftp-server
我写的脚本源码,自动搜索信赖关系,并在当前目录建立目录结构:
#!/bin/perl
%result=();
$result{$ARGV[0]}=1;


sub addlib{
@a = `otool -\"$_[0]\"`;
#print @a;
for $i (@a){
    
if ($i =~/\s*([a-z|A-Z|\.|0-9|\/|\+|\-]*)\s*/){
        
#print "$1\n";
        $result{$1}=1;
    }
}
}

$before  = 1;
$after = 0;

while ($before != $after){
$before = scalar keys %result;

for $i (keys %result){
    addlib(
$i);
}
$after = scalar keys %result;
print "before $before, after $after\n";
}

for $i (keys %result){
#print "$i\n";
if ($i =~ /(.*)\/([~\/]*)/){
system ("mkdir -p \.$1");
system ("cp $i \.$1/");

}
}


调试:
加大LOG级别:
cat 7 /usr/local/scponly/etc/scponly/debuglevel

从其它机器或者本机用dnld用户来拷贝文件,看登陆LOG:
tail -f /var/log/*

dstruss类似strace来看进程在做什么

直接到SCPONLY里加LOG,这个最直接了。
posted @ 2011-07-13 02:25 我爱佳娃 阅读(613) | 评论 (0)编辑 收藏
brew install openssl安装完SSL库后,

Update the configure file for Mac OS X compatibility
  • vim ./configure
  • on line 6673 change the text to read
    • if test -f “$dir/libssl.dylib”; then

这个是用BREW装的SSL,貌似MAC下是64位的,这个还用不了:
./configure --enable-command-args --with-ssl-inc=/usr/local/Cellar/openssl/0.9.8r/include --with-ssl-lib=/usr/local/Cellar/openssl/0.9.8r/lib

只能用MAC自带的成功了:
        ./configure --enable-command-args --with-ssl-inc=/Developer/SDKs/MacOSX10.6.sdk/usr/inclue/openssl --with-ssl-lib=/Developer/SDKs/MacOSX10.6.sdk/usr/lib



posted @ 2011-06-03 21:29 我爱佳娃 阅读(259) | 评论 (0)编辑 收藏
创建如下文件和内容:/etc/yum.repos.d/dag.repo
运行:yum install rrdtool
[dag]
name
=Dag RPM Repository for Red Hat Enterprise Linux
baseurl
=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck
=1
gpgkey
=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
enabled
=1
posted @ 2011-02-03 21:38 我爱佳娃 阅读(1445) | 评论 (2)编辑 收藏

SSH和系统两边都配置对才行,其实也很简单:
用命令:
dpkg-reconfigure locales

进去后只选择zh_CN.UTF-8,并设置成默认字符集。

再到/root/.bashrc里加上:
export LC_ALL=zh_CN.UTF-8

SSH客户端使用UTF-8字符集,如SECURECRT就在SESSION OPTIONS->APPERANCE->CHARACTER ENCODING里选择UTF-8


posted @ 2010-05-08 09:58 我爱佳娃 阅读(1266) | 评论 (0)编辑 收藏
一、设置YUM源

cd /etc/yum.repos.d/ 

wget http://centos.ustc.edu.cn/CentOS-Base.repo.5 

mv CentOS-Base.repo.5 CentOS-Base.repo 

因为默认的配置文件中服务器地址用的版本号是变量$releasever,所以需要将其替换为实际的版本号,否则是无法连接到服务器的,当前CentOS 最新版是5.3,所以我们修改CentOS-Base.repo 

vi CentOS-Base.repo 

在vi编辑器中进行全文件替换 

:%s/$releasever/5.3/

二、安装
1:安装apache

yum install httpd httpd-devel


2:安装mysql

yum install mysql mysql-server mysql-devel


3:安装php

yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml

4:启动apache

   测试php

   建立以下文件/var/www/html/test.php
   编辑其内容

// test.php
<?php
phpinfo();
?>

5:测试
   在浏览器中输入:http://IP/test.php
   看是否显示PHP的信息

6:设置开机启动

chkconfig httpd on

posted @ 2010-04-20 09:56 我爱佳娃 阅读(2117) | 评论 (0)编辑 收藏