Star life » Tech Script http://liuchangjun.com 无欲速 无见小利 欲速则不达 见小利则大事不成 Wed, 13 Jul 2011 15:00:25 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Howto: Update php 5.1 to 5.2 in CentOS 5 http://liuchangjun.com/2010/11/09/howto-update-php-5-1-to-5-2-in-centos-5/ http://liuchangjun.com/2010/11/09/howto-update-php-5-1-to-5-2-in-centos-5/#comments Tue, 09 Nov 2010 06:54:04 +0000 star http://liuchangjun.com/?p=231 使用yum升级php

# uname -a Linux hzserver2 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux

# cat /etc/yum.repos.d/CentOS-Testing.repo [c5-testing] name=CentOS-5 Testing #baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/ baseurl=http://dev.centos.org/centos/5/testing/i386/ enabled=1 gpgcheck=1 gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing includepkgs=php*

# yum update php

Refer to: PHP 5.1 To 5.2

]]> 使用yum升级php

# uname -a
Linux hzserver2 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux

# cat /etc/yum.repos.d/CentOS-Testing.repo
[c5-testing]
name=CentOS-5 Testing
#baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
baseurl=http://dev.centos.org/centos/5/testing/i386/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
includepkgs=php*

# yum update php

Refer to:
PHP 5.1 To 5.2

]]> http://liuchangjun.com/2010/11/09/howto-update-php-5-1-to-5-2-in-centos-5/feed/ 0 PHP header warning: Cannot modify header information – headers already sent by … http://liuchangjun.com/2009/12/29/php_header_warning_header_already_sent/ http://liuchangjun.com/2009/12/29/php_header_warning_header_already_sent/#comments Tue, 29 Dec 2009 07:36:35 +0000 star http://liuchangjun.com/?p=174 学习Wordpress插件中,出现PHP错误告警信息: Cannot modify header information – headers already sent by …… 参考下面的文章,使用工具去除PHP代码中的BOM,问题解决。

Refer to: Cannot modify header information – headers already sent by错误解决办法

]]> 学习Wordpress插件中,出现PHP错误告警信息:
Cannot modify header information – headers already sent by ……
参考下面的文章,使用工具去除PHP代码中的BOM,问题解决。

Refer to:
Cannot modify header information – headers already sent by错误解决办法

]]> http://liuchangjun.com/2009/12/29/php_header_warning_header_already_sent/feed/ 0 CSS Nuggets, a cool CSS slide share! http://liuchangjun.com/2009/11/12/css-nuggets/ http://liuchangjun.com/2009/11/12/css-nuggets/#comments Thu, 12 Nov 2009 02:33:28 +0000 star http://liuchangjun.com/?p=168 View more presentations from Anna Debenham. [...]]]> CSS Nuggets

]]> http://liuchangjun.com/2009/11/12/css-nuggets/feed/ 0 Howto: 如何创建和发布自己的WordPress插件 http://liuchangjun.com/2009/09/25/howto-create-wordpress-plugin/ http://liuchangjun.com/2009/09/25/howto-create-wordpress-plugin/#comments Fri, 25 Sep 2009 08:55:17 +0000 star http://liuchangjun.com/?p=153 Refer to: http://wordpress.org/extend/plugins/about/

第一步:注册插件开发的账号
http://wordpress.org/extend/plugins/register.php
注:该账号可以开发和提交插件和主题。

第二步:提交插件申请
http://wordpress.org/extend/plugins/add/
注:因为是人工审批,一般提交后1到2天才能完成。

第三步:提交插件

任务1:提交新的插件
# 创建插件目录
$ mkdir my-local-dir
# Check out 版本
$ svn co http://svn.wp-plugins.org/your-plugin-name my-local-dir
# 复制插件文件
$ cd my-local-dir/
my-local-dir/$ cp ~/my-plugin.php trunk/my-plugin.php
my-local-dir/$ cp ~/readme.txt trunk/readme.txt
# 添加文件到版本
my-local-dir/$ svn add trunk/*
> A trunk/my-plugin.php
> A trunk/readme.txt
# Check in 版本
my-local-dir/$ svn ci -m ‘Adding first version of my plugin’
> Adding trunk/my-plugin.php
> Adding trunk/readme.txt
> Transmitting file data .
> Committed revision 11326.

任务2:修改插件
# 更新本地版本
$ cd my-local-dir/
my-local-dir/$ svn up
> At revision 11326.
# 修改本地插件
my-local-dir/$ vi trunk/my-plugin.php
# 检查哪些文件修改过
my-local-dir/$ svn stat
> M trunk/my-plugin.php
# 检查文件修改的内容
my-local-dir/$ svn diff
> * What comes out is essentially the result of a
* standard `diff -u` between your local copy and the
* original copy you downloaded.
# Check in 版本
my-local-dir/$ svn ci -m “fancy new feature: now you can foo *and* bar at the same time”
> Sending trunk/my-plugin.php
> Transmitting file data .
> Committed revision 11327.

任务3:标记新版本
# 复制最新的文件到到新版本目录
my-local-dir/$ svn cp trunk tags/2.0
> A tags/2.0
# Check in 新版本目录
my-local-dir/$ svn ci -m “tagging version 2.0″
> Adding tags/2.0
> Adding tags/2.0/my-plugin.php
> Adding tags/2.0/readme.txt
> Committed revision 11328.
注:如果只需要保存最新版本,可以省略这个步骤。

SVN链接和具体操作步骤:
Wordpress plugin SVN Link: http://plugins.svn.wordpress.org/XXX/
Wordpress plugin SVN Howto: http://wordpress.org/extend/plugins/about/svn/

插件的说明文件需要符合标准:
FAQ: http://wordpress.org/extend/plugins/about/faq/
readme.txt standard: http://wordpress.org/extend/plugins/about/readme.txt
readme.txt validator:: http://wordpress.org/extend/plugins/about/validator/
注:XXX就是提交的插件名称;官网上提供插件说明文件的验证。

]]> http://liuchangjun.com/2009/09/25/howto-create-wordpress-plugin/feed/ 0 Apply one ssh account from blockcn.com http://liuchangjun.com/2009/08/14/apply-one-ssh-account-from-blockcn-com/ http://liuchangjun.com/2009/08/14/apply-one-ssh-account-from-blockcn-com/#comments Fri, 14 Aug 2009 15:57:51 +0000 star http://liuchangjun.com/?p=139 For Linux study and access the internet unlimited, I applied one ssh account from blockcn.com.

Ps.

Tutorial of CheDong

Putty Homepage

# plink user@ssh.server -D 127.0.0.1:7070

]]> For Linux study and access the internet unlimited, I applied one ssh account from blockcn.com.

Ps.

Tutorial of CheDong

Putty Homepage

# plink user@ssh.server -D 127.0.0.1:7070

]]> http://liuchangjun.com/2009/08/14/apply-one-ssh-account-from-blockcn-com/feed/ 0 OpenVPN server install and config the bridge on Fedora 10 http://liuchangjun.com/2009/06/30/openvpn-server-install-and-config-the-bridge-on-fedora-10/ http://liuchangjun.com/2009/06/30/openvpn-server-install-and-config-the-bridge-on-fedora-10/#comments Tue, 30 Jun 2009 04:50:31 +0000 Liu Changjun http://liuchangjun.com/?p=123 Transfered from my journal.

Note: It is easy to install and config OpenVPN server on Windows XP. We should remember add the bridge (桥接) between the local network interface and the virtual network interface.

Official document: OpenVPN 2.0 HOWTO Ethernet Bridging Useful document: OpenVPN—-桥接 常见问题 1.拨通vpn后ping不通vpn server的内网ip 原因:server.conf中dev 配置有问题 解决方案:将dev tap设置为dev tap0 2.各个vpn客户端之间不能互通 原因:server.conf中client-to-client配置没有打开 解决方案:将此项加入到server.conf中

[...]]]> Transfered from my journal.

Note: It is easy to install and config OpenVPN server on Windows XP. We should remember add the bridge (桥接) between the local network interface and the virtual network interface.

Official document:
OpenVPN 2.0 HOWTO
Ethernet Bridging

Useful document:
OpenVPN—-桥接
常见问题
1.拨通vpn后ping不通vpn server的内网ip
原因:server.conf中dev 配置有问题
解决方案:将dev tap设置为dev tap0
2.各个vpn客户端之间不能互通
原因:server.conf中client-to-client配置没有打开
解决方案:将此项加入到server.conf中

Required package:
bridge-utils rpm build for : Fedora 10
Content of RPM :
/usr/sbin/brctl
/usr/share/doc/bridge-utils-1.2
/usr/share/doc/bridge-utils-1.2/AUTHORS
/usr/share/doc/bridge-utils-1.2/COPYING
/usr/share/doc/bridge-utils-1.2/FAQ
/usr/share/doc/bridge-utils-1.2/HOWTO
/usr/share/man/man8/brctl.8.gz

System environment:

#> uname -a
Linux frontend 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 i386 GNU/Linux

#> ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth0
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 eth1

Installed configuration:

#> cat /etc/rc.d/rc.local
# Start OpenVPN service
/etc/openvpn/bridge-start
/sbin/service openvpn start
# Add route
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1
#route add default gw 10.4.3.1 eth0
route add default gw 10.4.3.1 br0
Note 1:
We should add the default gateway after we started the OpenVPN server, the bridge-start script will clear the default gateway.
Note2:
The default route should changed to br0 not eth0 – the bridged interface.

#> ifconfig -a
br0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48639 errors:0 dropped:0 overruns:0 frame:0
TX packets:15365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4152487 (3.9 MiB) TX bytes:1727401 (1.6 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

tap0 Link encap:Ethernet HWaddr AE:11:02:37:F7:88
inet6 addr: fe80::ac11:2ff:fe37:f788/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:301 errors:0 dropped:0 overruns:0 frame:0
TX packets:34402 errors:0 dropped:17 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:30484 (29.7 KiB) TX bytes:3010000 (2.8 MiB)

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth1
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 br0

#> ls /etc/openvpn
bridge-start sample-keys
bridge-stop server.conf

#> cat /etc/openvpn/bridge-start
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br=”br0″

# Define list of TAP interfaces to be bridged,
# for example tap=”tap0 tap1 tap2″.
tap=”tap0″

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth=”eth0″
eth_ip=”10.4.3.17″
eth_netmask=”255.255.255.0″
eth_broadcast=”10.4.3.255″

for t in $tap; do
openvpn –mktun –dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

#> cat /etc/openvpn/bridge-stop
#!/bin/bash

####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br=”br0″

# Define list of TAP interfaces to be bridged together
tap=”tap0″

ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn –rmtun –dev $t
done

#> cat /etc/openvpn/server.conf
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# “C:\\Program Files\\OpenVPN\\config\\foo.key” #
# #
# Comments are preceded with ‘#’ or ‘;’ #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
;port 5000

# TCP or UDP server?
;proto tcp
proto udp

# “dev tun” will create a routed IP tunnel,
# “dev tap” will create an ethernet tunnel.
# Use “dev tap0″ if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use “dev-node” for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap0
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don’t need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the “easy-rsa” directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see “pkcs12″ directive in man page).
ca sample-keys/tmp-ca.crt
cert sample-keys/server.crt
key sample-keys/server.key # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh sample-keys/dh1024.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
;ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS’s bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
server-bridge 10.4.3.17 255.255.0.0 10.4.3.221 10.4.3.230

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push “route 192.168.10.0 255.255.255.0″
;push “route 192.168.20.0 255.255.255.0″
push “route 10.4.0.0 255.255.0.0 10.4.3.1″

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory “ccd” for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name “Thelonious”
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious’ private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using “dev tun” and “server” directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client’s network config if
# client’s local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client’s local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push “redirect-gateway”

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push “dhcp-option DNS 10.8.0.1″
;push “dhcp-option WINS 10.8.0.1″

# Uncomment this directive to allow different
# clients to be able to “see” each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server’s TUN/TAP interface.
;client-to-client
client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE “COMMON NAME”,
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an “HMAC firewall”
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn –genkey –secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be ’0′
# on the server and ’1′ on the clients.
;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It’s a good idea to reduce the OpenVPN
# daemon’s privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the “\Program Files\OpenVPN\log” directory).
# Use log or log-append to override this default.
# “log” will truncate the log file on OpenVPN startup,
# while “log-append” will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

]]> http://liuchangjun.com/2009/06/30/openvpn-server-install-and-config-the-bridge-on-fedora-10/feed/ 2 Sun Solaris 10 Jumpstart installation http://liuchangjun.com/2009/06/30/sun-solaris-10-jumpstart-installation/ http://liuchangjun.com/2009/06/30/sun-solaris-10-jumpstart-installation/#comments Tue, 30 Jun 2009 04:49:35 +0000 Liu Changjun http://liuchangjun.com/?p=121 Transfered from my journal.

Sun installation document: 820-5239 <<Solaris 10 10/08 Installation Guide: CustomJumpStart and Advanced Installations>> 820-5237 <<Solaris 10 10/08 Installation Guide:Network-Based Installations>> Create installation directory: CD 1 #> /cdrom/s0/Solaris_10/Tools/setup_install_server /export/install10 CD 2-5 #> /cdrom/Solaris_10/Tools/add_to_install_server /export/install10 Solaris 10 patch #> unzip /export/install10/patchdb/5.10/sparc/10_Recommended.zip

Update /etc/hosts 192.168.1.45 autotest

Update /etc/ethers 0:17:4f:0f:42:b0 autotest

Update /etc/dfs/dfstab share -F [...]]]> Transfered from my journal.

Sun installation document:
820-5239
<<Solaris 10 10/08 Installation Guide: CustomJumpStart and Advanced Installations>>
820-5237
<<Solaris 10 10/08 Installation Guide:Network-Based Installations>>

Create installation directory:
CD 1
#> /cdrom/s0/Solaris_10/Tools/setup_install_server /export/install10
CD 2-5
#> /cdrom/Solaris_10/Tools/add_to_install_server /export/install10
Solaris 10 patch
#> unzip /export/install10/patchdb/5.10/sparc/10_Recommended.zip

Update /etc/hosts
192.168.1.45 autotest

Update /etc/ethers
0:17:4f:0f:42:b0 autotest

Update /etc/dfs/dfstab
share -F nfs -o ro,anon=0 /jstart
share -F nfs -o ro,anon=0 /export/install10
#> shareall
#> /etc/init.d/nfs.server stop|start

Update Jumpstart config file
cp –pr /export/install10/Solaris_10/Misc/jumpstart_sample /jstart

Update /jstart/sysidcfg
keyboard=English
system_locale=en_US
timezone=US/Central
terminal=vt100
timeserver=localhost
name_service=none
nfs4_domain=dynamic
root_password=IbIPT4W6ebNWc
network_interface=primary
{
default_route=10.4.3.1
netmask=255.255.255.0
protocol_ipv6=no
}
security_policy=none
service_profile=open

Update /jstart/rules
hostname cbtmsu1 – any_machine.280 10recommended

Update /jstart/any_machine.280
install_type initial_install
system_type server
partitioning explicit
filesys c1t0d0s0 2048 swap
filesys c1t0d0s1 free /

Check the Jumpstart config
#> /jstart/check

Update /jstart/10recommended
LUPATCHHOST=10.4.3.250
LUPATCHPATHROOT=/export/install10/patchdb

Update client
#> /export/install10/Solaris_10/Tools/add_install_client -s 10.4.3.250:/export/install10 -c 10.4.3.250:/jstart -p 10.4.3.250:/jstart autotest sun4u
/etc/bootparams will be updated
autotest root=vgtui_1:/export/install10/Solaris_10/Tools/Boot install=10.4.3.250:/export/install10 boottype=:in sysid_config=10.4.3.250:/jstart install_config=10.4.3.250:/jstart rootopts=:rsize=8192

Install client
ok boot net – install

  == 准备jumpstart ==
  开始jumpstart之前,需要做以下准备:
  # 了解jumpstart基本知识,请google一下 <br>
  # 我们实验室已经建好了jumpstart server,通过frontend可以直接访问,hostname/usr/password: jstart/root/voip <br>
  # 了解jumpstart目标机器(也就是待安装机器),通过ifconfig -a获得其一个网卡物理地址并记录下来,安装时网线必须连接此网口,暂时称此网口为jumpstart网口 <br>
  # 将jstart的第一个网口(已经配置好专用于jumpstart)和目标机器的jumpstart网口连接到一个独立的hub上去,这样它们将位于一个独立的网络,jumpstart安装时目标机器需要通过广播包从jstart获得其IP地址然后进行下一步操作 <br>

  == 配置jumpstart server ==
  === 设置hosts和ethers ===
  # hosts中为目标机器选择一个IP地址和机器名称 <br>
  # ethers中则是指定目标地址的网卡物理地址,也就是上面记录的jumpstart网口对应的网卡物理地址 <br>

  === jumpstart专用配置 ===
  jstart上有一个jumpstart专用目录:/jstart <br>
  需要设置以下3个jumpstart配置文件: <br>
  # rules。注意:设置完此文件后需要运行一下./check <br>
  # any_machine.xxx。你会发现/jstart目录下有很多any_machine.大头的文件,文件的后缀名则是服务器种类,这类文件都是用来设置安装时目标机器分区用的,一般来说对于已有的服务器种类不需要再修改其any_machine文件,只需要在后面引用即可 <br>
  # client_dev.sh。这个shell脚本的主要作用是设置tftp,tftp是jumpstart安装时目标机器从jumpstart server下载文件用的,配置完后运行一下./client_dev.sh。 <br>

  注意: <br>
  以上配置完成之后,需要检查以下几个地方: <br>
  # /etc/ethers <br>
  # /etc/inet/hosts <br>
  # /tftpboot(目录),检查rm.xxx中有没有对应目标机器的配置文件 <br>
  # /etc/inet/inetd.conf (见案例2) <br>
  # /etc/bootparams (见案例1) <br>
  # /etc/dfs/dfstab <br>

  == 开始安装 ==
  步骤如下: <br>
  # 串口连接目标机器,运行init 0进入standalone无网络ok状态 <br>
  # 在ok提示状态下运行boot net – install <br>
  之后所有的安装将自动进行 <br>

FAQ:

=== 案例1 ===
某次jumpstart solaris 10时下载完安装包后便报以下错误: <br>
Completed software installation

Solaris 9 software installation succeeded

Customizing system files
– Mount points table (/etc/vfstab)
– Network host addresses (/etc/hosts)
– Network host addresses (/etc/hosts)
WARNING: Could not set file attributes (/a/var/svc/profile/name_service.xml)

ERROR: Unable to copy a temporary file to it’s final location

ERROR: System installation failed
Solaris installation program exited.
检查/etc/bootparams文件后发现是client_dev.sh中的安装包路径搞错了 <br>

=== 案例2 ===
某次jumpstart时下载不了安装包,注:可以在jstart上snoop -v监控jumpstart安装过程的IP包 <br>
最后检查/etc/inetd.conf配置发现tftp中启用了udp6所致,应该为如下配置: <br>
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

=== 案例3 ===
某次jumpstart时发现,目标地址第一步动作——从jumpstart获取IP地址——失败,而snoop -v能够抓到目标机器的广播包。 <br>
检查/etc/ethers文件发现有重复的物理地址,去掉之后就正常了。<br>
<br>
也有几次get IP地址失败竟然是因为插在hub上的网线松了。<br>

=== 案例4 ===
有台机器的首个网口坏掉了,可以用以下方法jumpstart:<br>
ok devalias
此命令能够列出所有设备,可以发现有多个网络设备,它们的命名方式一般是net, net1, net2, net3 <br>
ok boot net1 – install
从net1(也就是第二个网口)启动并开始jumpstart

=== 案例5 ===
ok boot net – install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: – install
SunOS Release 5.10 Version Generic_118833-17 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
SUNW,eri0 : 100 Mbps full duplex link up
whoami: no domain name
Configuring devices.
Using RPC Bootparams for network configuration information.
Attempting to configure interface eri1…
Skipped interface eri1
Attempting to configure interface eri0…
Configured interface eri0
Beginning system identification…
Searching for configuration file(s)…
Using sysid configuration file 10.4.3.250:/jumpstart/sysidcfg
Search complete.
Discovering additional network configuration…
Completing system identification…
Starting remote procedure call (RPC) services: done.
System identification complete.
Starting Solaris installation program…
Searching for JumpStart directory…
not found
Warning: Could not find matching rule in rules.ok
Press the return key for an interactive Solaris install program…
已解决:
修改/etc/netmasks,使所有的netmask保持一致。
a. /etc/netmasks;
b. sysidcfg中网络接口的配置;
c. /export/install10/Solaris_10/Tools/Boot/netmask
d. #ifconfig -a; —- 你的目标网卡设置的掩码是255.0.0.0,而其他几个的设置为255.255.255.0
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.4.3.250 netmask ff000000 broadcast 10.255.255.255
ether 0:3:ba:9f:f7:d6

]]> http://liuchangjun.com/2009/06/30/sun-solaris-10-jumpstart-installation/feed/ 0 SUN Netra-T1 LOM Usage http://liuchangjun.com/2009/06/30/sun-netra-t1-lom-usage/ http://liuchangjun.com/2009/06/30/sun-netra-t1-lom-usage/#comments Tue, 30 Jun 2009 04:47:30 +0000 Liu Changjun http://liuchangjun.com/?p=119 Transfered from my journal.

Netra-T1 AC200 LOM Usage (SunSolve Document ID 40507, Date 17 Oct 2001) http://www.aaven.com/UNIX/Solaris/lom_commands.asp

lom => ok lom> bootmode reset_nvram lom> power / reset

ok => # ok boot net – install

# => lom #> #. There are three prompts available on the Netra-t1. ok> ——————– (normal prompt when the OS [...]]]> Transfered from my journal.

Netra-T1 AC200 LOM Usage (SunSolve Document ID 40507, Date 17 Oct 2001)
http://www.aaven.com/UNIX/Solaris/lom_commands.asp

lom => ok
lom> bootmode reset_nvram
lom> power / reset

ok => #
ok boot net – install

# => lom
#> #.

There are three prompts available on the Netra-t1.
ok> ——————– (normal prompt when the OS is not running)
lom> ——————– (available whether OS is running or not)
# ——————– (the OS prompt)

To move between the “ok>” prompt and the “lom>” prompt, type:
ok> #. There must be less than 1 second between the “#” and “.”
lom> ——> This is the prompt you get

Root can change this character sequence:
# lomctl <new first character>

Only the first character (“#”) can be changed. You don’t need
to know the previous character to do this.

To find out the current sequence do an “init 5″:
# init 5
This shuts down the system and gives you the “lom>” prompt

Then to show the current two-character sequence type:
lom> show escape

To move between the “lom>” prompt and the “ok>” prompt type:
lom> console

See Infodoc 27372 for a flow chart of how to jump around between the “lom>”,
“ok>” and “OS” prompts.

Some useful lom> commands are:

lom> poweron ————- (powers on the netra)
lom> poweroff ———— (powers off the netra)
lom> reset ————— (the same as the ok> reset command)
lom> reset -x ———— (resets the CPU only- externally initiated
reset XIR)
lom> break ————— (goes to the ok> prompt from the OS- “Stop-a”)
lom> environment ——— (current status of all components in system)
lom> check ————— (updates component status after repairing it-
run “lom> environment” again)
lom> show eventlog ——- (show last 10 events on the system)
lom> set faulton ——— (turns on the fault LED)
lom> set faultoff ——– (turns off the fault LED)
lom> set alarmon [1-3] — (sets 1 of 3 alarms on)
lom> set alarmoff [1-3] — (sets 1 of 3 alarms off)
lom> show model ———- (show the server model)
lom> show hostname ——- (same as uname -n)
lom> show —————- (help for the “show” command)
lom> help —————- (list of LOM commands)

You can set the boot mode of a netra using the below “lom>” command:

lom> bootmode [-u][normal|forth|reset_nvram|diag|skip_diag]

-u allows sharing of the console and LOM device

normal server boots using the OBP environment settings
-must reset server to take effect

forth server stops at the “ok>” prompt- same as “Stop-f”
-must reset server to take effect

reset_nvram -”ok> set-defaults” or “Stop-n”
-must reset server to take effect

diag runs full POST- “ok> diag-switch? true” or “Stop-d”
-must power off server and back on within 10 minutes

skip_diag – ok> setenv diag-switch? false”
-must power off server and back on within 10 minutes

Also see related Infodocs:

27372 How do I jump to LOM prompt on the the Netra T?
26009 Installing the Netra T1 Model AC200 or DC200 from cdrom using
Solaris 8 Update 2 (10/00) or Solaris 8 Update 3 (01/01)
26310 Reinstalling Solaris 8 on the Netra X1 including LOM (Lights
out Management) packages
26667 Connecting a serial cable from a Netra T1 AC/DC200 server to
a laptop

——————————————————————————–
Complete List of Commands
Command Effect
alarmoff n Set alarm n off.
(Where n is 1, 2, or 3.) These three alarms are software flags. They are associated with no specific conditions but are available to be set by your own processes.
alarmon n Set alarm n on.
(Where n is 1, 2, or 3.) These three alarms are software flags. They are associated with no specific conditions but are available to be set by your own processes.
break Takes the server down to the OK prompt.
bootmode mode Determines the behavior of the server during the boot process.
check Resets monitoring to report all failures.
If a monitored component has failed, the LOMlite2 device will not continue to report the same failure. To check the status of the component, for example, after attempting to fix it, issue the check command. This updates the status of all monitored components.
console The command takes you out of the LOMlite2 shell and back to the Solaris prompt. It returns control of the serial connection to the console.
environment Displays the temperature of the server and the status of the fans, the power supply, the over-temperature monitors, the supply rails and circuit breakers, the alarms, and the fault LED.
faulton Sets the Fault LED to On.
faultoff Sets the Fault LED to Off.
help Displays the list of LOM commands.
loghistory Displays all the events in the LOMlite2 device’s Event Log.
logout This command is for use by named users you have set up with password access to the LOMlite2 device. It returns them to the LOM user login prompt.
poweron Powers the server On.
poweroff Powers the server Off.
reset Resets the Netra T1 server.
show model Displays the server model.
show hostname Displays the server name (this command is equivalent to the Solaris uname -n command.
show eventlog Displays the LOMlite2 device’s event log.
The event log is the list of the last 10 events to have been stored in the LOMlite2 device. The most recent event is the one at the bottom of the list.
show escape Displays the current LOMlite2 escape sequence.
show Displays all the information available with the show command.
useradd Adds a user to the LOMlite2 device’s list of permitted users.
userdel Deletes a user to the LOMlite2 device’s list of permitted users.
usershow user Displays the details for the LOMlite2 account user.
userpassword Sets or changes a user’s password
userperm Sets the permission levels for a named user.
version Displays the version number of the LOMlite2 device.

Note:
[Sparc] 任何时候通过Stop+a(SUN键盘)或者ctrl+break(PC键盘)进入到OBP提示符下
ok

]]> http://liuchangjun.com/2009/06/30/sun-netra-t1-lom-usage/feed/ 5 Fedora 10 配置服务 http://liuchangjun.com/2009/06/30/fedora-10-%e9%85%8d%e7%bd%ae%e6%9c%8d%e5%8a%a1/ http://liuchangjun.com/2009/06/30/fedora-10-%e9%85%8d%e7%bd%ae%e6%9c%8d%e5%8a%a1/#comments Tue, 30 Jun 2009 04:45:01 +0000 Liu Changjun http://liuchangjun.com/?p=117 Transfered from my journal.

http://trech.blogspot.com/2007/05/basics-cn.html Fedora里面有两种管理服务的方式, 一是使用图形化工具, 另一个就是仅仅使用命令行. 如果你不在图形化的环境中, 就需要用命令行方式. #> ntsysv #> service servicename status/start/stop http://blog.csdn.net/InnerSea/archive/2009/01/09/3742168.aspx Fed…… http://trech.blogspot.com/2007/05/basics-cn.html Fedora里面有两种管理服务的方式, 一是使用图形化工具, 另一个就是仅仅使用命令行. 如果你不在图形化的环境中, 就需要用命令行方式. #> ntsysv #> service servicename status/start/stop http://blog.csdn.net/InnerSea/archive/2009/01/09/3742168.aspx Fedora 10 配置服务 ConsoleKit(除非使用gdm和gnome) NetworkManager, NetworkManagerDispathcer(ADSL用户和需要切换网络的用户不要关闭此服务) avahi-daemon(除非使用ZeroConf) autofs(除非不使用U盘,不可能吧?) bluetooth(除非拥有蓝牙模块) capi(除非拥有ISDN设备) cups(打印服务) dund(蓝牙拨号软件) firstboot(只在首次启动时有用) gpm(终端下的鼠标支持) httpd(web服务) ip6tables(IPv6防火墙) irda(除非拥有红外线设备) isdn(除非拥有蓝牙模块) kudzu(检测硬件设备更新) lisa(类似网上邻居,使用samba或NFS时可以关闭) mdmonitor(除非使用RAID或LVM) netconsole(初始化网络控制台登录) netfs(自动挂载网络上的文件系统,不使用samba或NFS时可以关闭) nfs, [...]]]> Transfered from my journal.

http://trech.blogspot.com/2007/05/basics-cn.html
Fedora里面有两种管理服务的方式, 一是使用图形化工具, 另一个就是仅仅使用命令行. 如果你不在图形化的环境中, 就需要用命令行方式.
#> ntsysv
#> service servicename status/start/stop

http://blog.csdn.net/InnerSea/archive/2009/01/09/3742168.aspx
Fedora 10 配置服务
ConsoleKit(除非使用gdm和gnome)
NetworkManager, NetworkManagerDispathcer(ADSL用户和需要切换网络的用户不要关闭此服务)
avahi-daemon(除非使用ZeroConf)
autofs(除非不使用U盘,不可能吧?)
bluetooth(除非拥有蓝牙模块)
capi(除非拥有ISDN设备)
cups(打印服务)
dund(蓝牙拨号软件)
firstboot(只在首次启动时有用)
gpm(终端下的鼠标支持)
httpd(web服务)
ip6tables(IPv6防火墙)
irda(除非拥有红外线设备)
isdn(除非拥有蓝牙模块)
kudzu(检测硬件设备更新)
lisa(类似网上邻居,使用samba或NFS时可以关闭)
mdmonitor(除非使用RAID或LVM)
netconsole(初始化网络控制台登录)
netfs(自动挂载网络上的文件系统,不使用samba或NFS时可以关闭)
nfs, nfslock(除非拥有Linux-Linux的局域网)
nscd(除非使用NIS, NIS+, LDAP, 或hesiod)
pand(用过蓝牙构建局域网)
pcscd(使用PC/SC访问智能卡)
rdisc(发现局域网路由器)
restorecond(不使用SELinux时可以关闭)
rpcbind, rpcgssd, rpcidmapd, rpcsvcgssd(除非使用NFS)
saslauthd
sendmail(mail服务)
setroubleshoot(不使用SELinux时可以关闭)
smolt(跟踪硬件兼容性,没啥用)
sshd(ssh服务,远程登录时才需要)
wpa_supplicant(除非拥有无线网卡)
ypbind(除非使用NIS)

http://unix-cd.com/unixcd12/article_6258.html
Fedora Core 6 Linux服务详解

下面我们将对&nbspFedora&nbspCore&nbsp6 中的各种服务(services)作简要的介绍,并提供使用建议。

认识服务(services)
请先阅读&nbspFedora 服务管理指南。了解什么是服务/后台进程(services/daemons),什么是运行级别(runlevels)以及各种用于管理服务(sevices)的工具。

你可以在命令行下使用&nbspchkonfig 或&nbspntsysv 命令来管理服务(services),或者使用具有图形用户界面的&nbspsystem-config-services 命令。GNOME 用户:系统-》管理-》服务器设置-》Services。

单个服务介绍
现在我们介绍&nbspFedora&nbspCore&nbsp6 中所包含的各种服务(services)的功能,并提供使用建议。这不是一份详尽的清单。小心:不要关闭你不确定或不知道的服务(services)。

不要关闭以下服务(除非你有充足的理由):
acpid,&nbsphaldaemon,&nbspmessagebus,&nbspklogd,&nbspnetwork,&nbspsyslogd 

请确定修改的是运行级别&nbsp3 和&nbsp5。

NetworkManager,&nbspNetworkManagerDispatcher

NetworkManager 是一个自动切换网络连接的后台进程。很多笔记本用户都需要启用该功能,它让你能够在无线网络和有线网络之间切换。大多数台式机用户应该关闭该服务。一些&nbspDHCP 用户可能需要开启它。

acpid

ACPI(全称&nbspAdvanced&nbspConfiguration&nbspand&nbspPower&nbspInterface)服务是电源管理接口。建议所有的笔记本用户开启它。一些服务器可能不需要&nbspacpi。支持的通用操作有:“电源开关“,”电池监视“,” 笔记本&nbspLid 开关“,“笔记本显示屏亮度“,“休眠”, “挂机”,等等。

anacron,&nbspatd,&nbspcron

这几个调度程序有很小的差别。 建议开启&nbspcron,如果你的电脑将长时间运行,那就更应该开启它。对于服务器,应该更深入了解以确定应该开启哪个调度程序。大多数情况下,笔记本/台式机应该关闭&nbspatd 和&nbspanacron。注意:一些任务的执行需要&nbspanacron,比如:清理 /tmp 或 /var。

apmd

一些笔记本和旧的硬件使用&nbspapmd。如果你的电脑支持&nbspacpi,就应该关闭&nbspapmd。如果支持&nbspacpi,那么&nbspapmd 的工作将会由&nbspacpi 来完成。

autofs

该服务自动挂载可移动存储器(比如&nbspUSB 硬盘)。如果你使用移动介质(比如移动硬盘,U 盘),建议启用这个服务。

avahi-daemon,&nbspavahi-dnsconfd

Avahi 是&nbspzeroconf 协议的实现。它可以在没有&nbspDNS 服务的局域网里发现基于&nbspzeroconf 协议的设备和服务。它跟&nbspmDNS 一样。除非你有兼容的设备或使用&nbspzeroconf 协议的服务,否则应该关闭它。我把它关闭。

bluetooth,&nbsphcid,&nbsphidd,&nbspsdpd,&nbspdund,&nbsppand

蓝牙(Bluetooth)是给无线便携设备使用的(非&nbspwifi,&nbsp802.11)。很多笔记本提供蓝牙支持。有蓝牙鼠标,蓝牙耳机和支持蓝牙的手机。很多人都没有蓝牙设备或蓝牙相关的服务,所以应该关闭它。其他蓝牙相关的服务有:hcid 管理所有可见的蓝牙设备,hidd 对输入设备(键盘,鼠标)提供支持,&nbspdund 支持通过蓝牙拨号连接网络,pand 允许你通过蓝牙连接以太网。

capi

仅仅对使用&nbspISDN 设备的用户有用。大多数用户应该关闭它。

cpuspeed

该服务可以在运行时动态调节&nbspCPU 的频率来节约能源(省电)。许多笔记本的&nbspCPU 支持该特性,现在,越来越多的台式机也支持这个特性了。如果你的&nbspCPU 是:Petium- M,Centrino,AMD&nbspPowerNow,&nbspTransmetta,Intel&nbspSpeedStep,Athlon- 64,Athlon-X2,Intel&nbspCore&nbsp2 中的一款,就应该开启它。如果你想让你的&nbspCPU 以固定频率运行的话就关闭它。

cron

参见&nbspanacron。

cupsd,&nbspcups-config-daemon

打印机相关。如果你有能在&nbspFedora 中驱动的&nbspCUPS 兼容的打印机,你应该开启它。

dc_client,&nbspdc_server

磁盘缓存(Distcache)用于分布式的会话缓存。主要用在&nbspSSL/TLS 服务器。它可以被&nbspApache 使用。大多数的台式机应该关闭它。

dhcdbd

这是一个让&nbspDBUS 系统控制&nbspDHCP 的接口。可以保留默认的关闭状态。

diskdump,&nbspnetdump

磁盘转储(Diskdump)用来帮助调试内核崩溃。内核崩溃后它将保存一个 “dump“ 文件以供分析之用。网络转储(Netdump)的功能跟&nbspDiskdump 差不多,只不过它可以通过网络来存储。除非你在诊断内核相关的问题,它们应该被关闭。

dund

参见&nbspbluetooth。

firstboot

该服务是&nbspFedora 安装过程特有的。它执行在安装之后的第一次启动时仅仅需要执行一次的特定任务。它可以被关闭。

gpm

终端鼠标指针支持(无图形界面)。如果你不使用文本终端(CTRL-ALT-F1,&nbspF2..),那就关闭它。不过,我在运行级别&nbsp3 开启它,在运行级别&nbsp5 关闭它。

hidd

参见&nbspbluetooth。 

hplip,&nbsphpiod,&nbsphpssd

HPLIP 服务在&nbspLinux 系统上实现&nbspHP 打印机支持,包括&nbspInkjet,DeskJet,OfficeJet,Photosmart,Business&nbspInkJet 和一部分&nbspLaserJet 打印机。这是&nbspHP 赞助的惠普&nbspLinux 打印项目(HP&nbspLinux&nbspPrinting&nbspProject)的产物。如果你有相兼容的打印机,那就启用它。

iptables

它是&nbspLinux 标准的防火墙(软件防火墙)。如果你直接连接到互联网(如,cable,DSL,T1),建议开启它。如果你使用硬件防火墙(比如:D-Link,Netgear,Linksys 等等),可以关闭它。强烈建议开启它。

ip6tables

如果你不知道你是否在使用&nbspIPv6,大部分情况下说明你没有使用。该服务是用于&nbspIPv6 的软件防火墙。大多数用户都应该关闭它。阅读这里了解如何关闭&nbspFedora 的&nbspIPv6 支持。

irda,&nbspirattach

IrDA 提供红外线设备(笔记本,PDA's,手机,计算器等等)间的通讯支持。大多数用户应该关闭它。

irqbalance

在多处理器系统中,启用该服务可以提高系统性能。大多数人不使用多处理器系统,所以关闭它。但是我不知道它作用于多核&nbspCPU's 或 超线程&nbspCPU's 系统的效果。在单&nbspCPU 系统中关闭它应该不会出现问题。

isdn

这是一种互联网的接入方式。除非你使用&nbspISDN 猫来上网,否则你应该关闭它。

kudzu

该服务进行硬件探测,并进行配置。如果更换硬件或需要探测硬件更动,开启它。但是绝大部分的台式机和服务器都可以关闭它,仅仅在需要时启动。

lm_sensors

该服务可以探测主板感应器件的值或者特定硬件的状态(一般用于笔记本电脑)。你可以通过它来查看电脑的实时状态,了解电脑的健康状况。它在&nbspGKrellM 用户中比较流行。查看&nbsplm_sensors 的主页获得更多信息。如果没有特殊理由,建议关闭它。

mctrans

如果你使用&nbspSELinux 就开启它。默认情况下&nbspFedora&nbspCore 开启&nbspSELinux。

mdmonitor

该服务用来监测&nbspSoftware&nbspRAID 或&nbspLVM 的信息。它不是一个关键性的服务,可以关闭它。

mdmpd

该服务用来监测&nbspMulti-Path 设备(该类型的存储设备能被一种以上的控制器或方法访问)。它应该被关闭。

messagebus

这是&nbspLinux 的&nbspIPC(Interprocess&nbspCommunication,进程间通讯)服务。确切地说,它与&nbspDBUS 交互,是重要的系统服务。强烈建议开启它。

netdump

参见&nbspdiskdump。 

netplugd

Netplugd 用于监测网络接口并在接口状态改变时执行指定命令。建议保留它的默认关闭状态。

netfs

该服务用于在系统启动时自动挂载网络中的共享文件空间,比如:NFS,Samba 等等。如果你连接到局域网中的其它服务器并进行文件共享,就开启它。大多数台式机和笔记本用户应该关闭它。

nfs,&nbspnfslock

这是用于&nbspUnix/Linux/BSD 系列操作系统的标准文件共享方式。除非你需要以这种方式共享数据,否则关闭它。

ntpd

该服务通过互联网自动更新系统时间。如果你能永久保持互联网连接,建议开启它,但不是必须的。

pand

参见&nbspbluetooth。

pcscd

该服务提供智能卡(和嵌入在信用卡,识别卡里的小芯片一样大小)和智能卡读卡器支持。如果你没有读卡器设备,就关闭它。

portmap

该服务是&nbspNFS(文件共享)和&nbspNIS(验证)的补充。除非你使用&nbspNFS 或&nbspNIS 服务,否则关闭它。

readahead_early,&nbspreadahead_later

该服务通过预先加载特定的应用程序到内存中以提供性能。如果你想程序启动更快,就开启它。

restorecond

用于给&nbspSELinux 监测和重新加载正确的文件上下文(file&nbspcontexts)。它不是必须的,但如果你使用&nbspSELinux 的话强烈建议开启它。

rpcgssd,&nbsprpcidmapd,&nbsprpcsvcgssd

用于&nbspNFS&nbspv4。除非你需要或使用&nbspNFS&nbspv4,否则关闭它。

sendmail

除非你管理一个邮件服务器或你想 在局域网内传递或支持一个共享的&nbspIMAP 或&nbspPOP3 服务。大多数人不需要一个邮件传输代理。如果你通过网页(hotmail/yahoo/gmail)或使用邮件收发程序(比如:Thunderbird,&nbspKmail,Evolution 等等)收发邮件。你应该关闭它。

smartd

SMART&nbspDisk&nbspMonitoring 服务用于监测并预测磁盘失败或磁盘问题(前提:磁盘必须支持&nbspSMART)。大多数的桌面用户不需要该服务,但建议开启它,特别是服务器。

smb

SAMBA 服务是在&nbspLinux 和&nbspWindows 之间共享文件必须的服务。如果有&nbspWindows 用户需要访问&nbspLinux 上的文件,就启用它。查看如何在&nbspFedora&nbspCore&nbsp6 下配置&nbspSamba。

sshd

SSH 允许其他用户登录到你的系统并执行程序,该用户可以和你同一网络,也可以是远程用户。开启它存在潜在的安全隐患。如果你不需要从其它机器或不需要从远程登录,就应该关闭它。

xinetd

(该服务默认可能不被安装)它是 一个特殊的服务。它可以根据特定端口收到的请求启动多个服务。比如:典型的&nbsptelnet 程序连接到&nbsp23 号端口。如果有&nbsptelent 请求在&nbsp23 号端口被&nbspxinetd 探测到,那&nbspxinetd 将启动&nbsptelnetd 服务来响应该请求。为了使用方便,可以开启它。运行&nbspchkconfig&nbsp--list, 通过检查&nbspxinetd 相关的输出可以知道有哪些服务被&nbspxinetd 管理。 

http://unix-cd.com/unixcd12/article_6259.html
Redhat、Fedora Linux常见守护进程(服务)列表

Fedora&nbspCore&nbsp6对于服务进程的变化
bluetooth相关的服务有bluetooth,hcid,hidd,sdpd,dund,pand
capi 仅针对ISDN用户
mctrans&nbspSELINUX必须的服务。
mdmpd 监视多路设备的服务
pcscd 支持智能卡的服务,这是FC6加入智能卡支持的特征之一

补充几个Fedora&nbspCore&nbsp5等新系统下的新服务:
NetworkManager,&nbspNetworkManagerDispatcher
在不同的网络联接服务中切换,特别适合笔记本用户在固定网络联接和移动联接中切换,建议笔记本用户启用这个;

avahi-daemon,avahi-dnsconfd
zeroconf配置的具体现实,对于没有DNS情况下的本地网络服务很有用,有点类似于mDNS,一般可以disable;

bluetooth,hcid,hidd,sdpd
蓝牙设备相关的服务;hcid管理设备,hidd提供输入设备的支持;对于普通没有蓝牙用户应该可以禁止该功能的!

dc_client,dc_server
用语apache的SSL/TLS服务,一般桌面和服务器没有用;

dhcdbd
DBUS系统控制DHCP的接口,默认禁止;

diskdump,netdump
用于kernel调试的dump服务,一般用户没有用;

hplip,hpiod,hpssd
Linux下支持HP打印机的服务,只有用HP打印机的用户才需要;

im_sensors
主板监控传感器服务;

netplugd
监视网络接口变化的服务,一般可以禁止;

更新于&nbsp2006 年&nbsp4 月&nbsp29 日

1.&nbspalsasound :Alsa声卡驱动守护程序。Alsa声卡驱动程序本来是为了 一种声卡Gravis
UltraSound(GUS)而写的,该程序被证 明很优秀,于是作者就开始为一般的声卡写 驱动程序。&nbspAlsa和OSS/Free
及OSS/Linux兼容,但是有自己的接 口,甚至比OSS优秀。
2.&nbspacpid:acpid(Advanced&nbspConfiguration&nbspand&nbspPower&nbspInterface)是为替代传统的APM电源管理标准而推出的新型电源管理标准。通常笔记本电脑需要启动电源进行管理。

3.&nbspatalk:AppleTalk网络守护进程。注意不要在后台运行该程序,该程序的数据结构必须在运行其他进程前先花一定时间初始化。

4.&nbspamd: 自动安装NFS守护进程。

5.&nbspanacron:一个自动化运行任务守护进程。Red&nbspHat&nbspLinux 随带四个自动化任务的工具:cron、&nbspanacron、at、和
batc。当你的Linux服务器并不是全天运行,这个anacron就可以帮你执行在”crontab”设定的时间内没有执行的工作。

6.&nbspapmd:apmd(Advanced&nbspPower&nbspManagement)是高级电源管理。传统的电源管理标准,对于笔记本电脑比较有用,可以了解系统的电池电量信息。并将相关信息通过syslogd 写入日志。也可以用来在电源不足时关机。

7.&nbsparptables_jf :为arptables网络的用户控制过滤的守护进程。

8.&nbsparpwatch: 记录日志并构建一个在LAN接口上看到的以太网地址和IP地址对数据库 。

atd:at和batch命令守护进程,用户用at命令调度的任务。Batch用于在系统负荷比较低时 运行批处理任务。

9.&nbspautofs:自动安装管理进程automount,与NFS相关,依赖于NIS服务器。

10.&nbspbootparamd:引导参数服务器,为LAN上的无盘工作站提供引导所需的相关信息。

11.&nbspbluetooch:蓝牙服务器守护进程。

12.&nbspcrond :cron是Unix下的一个传统程序,该程序周期地运行用户 调度的任务。比起传统的Unix版本,Linux版本添加了不少属性,而且更安全,配置更简单。类似计划任务。

13.&nbspchargen:使用tcp协议的 chargen&nbspserver,chargen(Character&nbspGenerator&nbspProtocol)是一种网络服务,主要功能是提供类似远程打字的功能。

14.&nbspchargen-udp:使用UDP协议的chargen&nbspserver。

15.&nbspcpuspeed:监测系统空闲百分比,降低或加快CPU时钟速度和电压从而在系统空闲时将能源消耗降为最小,而在系统繁忙时最大化加快系统执行速度。

16.&nbspdhcpd:动态主机控制协议(Dynamic&nbspHost&nbspControl&nbspProtocol)的服务守护进程。

17.&nbspcups:&nbspcups(Common&nbspUNIX&nbspPrinting&nbspSystem)是通用UNIX打印守护进程,为Linux提供第三代打印功能。

18.&nbspcups-config-daemons:cups打印系统切换守护进程。

19.&nbspcups-lpd:cups行打印守护进程。

20.&nbspdaytime:使用TCP 协议的Daytime守护进程,该协议为客户机实现从远程服务器获取日期 和时间的功能。预设端口:13。

21.&nbspdaytime-udp:使用UDP 协议的Daytime守护进程。

22.&nbspdc_server:使用SSL安全套接字的代理服务器守护进程。

23.&nbspdc_client:使用SSL安全套接字的客户端守护进程。

24.&nbspdiskdump:服务器磁盘备份守护进程。

25.&nbspecho:服务器回显客户数据服务守护进程。

26.&nbspecho-udp:使用UDP协议的服务器回显客户数据服务守护进程。

27.&nbspeklogin:接受rlogin会话鉴证和用kerberos5加密的一种服务的守护进程。

28.&nbspgated :网关路由守护进程。它支持各种路由协议,包括RIP版本1和2、DCN&nbspHELLO协议、&nbspOSPF版本2以及EGP版本2到4。

29.&nbspgpm:gpm(General&nbspPurpose&nbspMouse&nbspDaemon )守护进程为文本模式下的Linux程序如mc(Midnight&nbspCommander)提供了鼠标的支持。它也支持控制台下鼠标 的拷贝,粘贴操作以及弹出式菜单。

30.&nbspgssftp: 使用kerberos&nbsp5认证的ftp守护进程

31.&nbsphttpd:Web服务器Apache守护进程,可用来提供HTML文件以 及CGI动态内容服务。

32.&nbspinetd :因特网操作守护程序。监控网络对各种它管理的服务的需求,并在必要的时候启动相应的服务程序。在Redhat 和 Mandrake&nbsplinux中被xinetd代替。Debian,&nbspSlackware,&nbspSuSE 仍然使用。

33.&nbspinnd:Usenet新闻服务器守护进程。

34.&nbspiiim:中文输入法服务器守护进程。

35.&nbspiptables:iptables防火墙守护进程。

36.&nbspirda:红外端口守护进程。

37.&nbspisdn:isdn启动和中止服务守护进程。

38.&nbspkrb5-telnet:使用kerberos&nbsp5认证的telnet守护进程。

39.&nbspklogin:远程登陆守护进程。

40.&nbspkeytable: 该进程的功能是转载在/etc/sysconfig/keyboards里定义的键盘映射表,该表可以通过kbdconfig工具进行选择。您应该使该程序处于激活状态。

41.&nbspirqbalance:对多个系统处理器环境下的系统中断请求进行负载平衡的守护程序。如果你只安装了一个CPU,就不需要加载这个守护程序。

42.&nbspkshell :kshell守护进程。

43.
kudzu:硬件自动检测程序,会自动检测硬件是否发生变动,并相应进行硬件的添加、删除工作。当系统启动时,kudzu会对当前的硬件进行检测,并且和
存储在
/etc/sysconfig/hwconf中的硬件信息进行对照,如果某个硬件从系统中被添加或者删除时,那么kudzu就会察觉到,并且通知用户是
否进行相关配置,然后修改etc/sysconfig/hwconf,使硬件资料与系统保持同步。如果/etc/sysconfig/hwconf这个文
件不存在,那么kudzu将会从/etc/modprobe.conf,/etc/sysconfig/network-scripts/和
etc/X11/XF86Config中探测已经存在的硬件。如果你不打算增加新硬件,那么就可以关闭这个启动服务,以加快系统启动时间。

44.&nbspldap:ldap(Lightweight&nbspDirectory&nbspAccess&nbspProtocol)目录访问协议服务器守护进程。

45.&nbsplm_seroems:检测主板工作情况守护进程。

46.&nbsplpd :lpd是老式打印守护程序,负责将lpr等程序提交给打印 作业。

47.&nbspmdmonitor:RAID相关设备的守护程序。

48.&nbspmessagebus:D-BUS是一个库,为两个或两个以上的应用程序提供一对一的通讯。
dbus-daemon-1是一个应用程序,它使用这个库来实现messagebus守护程序。多个应用程序通过连接messagebus守护程序可以实
现与其他程序交换信息。

49.&nbspmicrocode_ctl:可编码以及发送新的微代码到内核以更新Intel&nbspIA32系列处理器守护进程。

50.&nbspmysqld: 一个快速高效可靠的轻型SQL数据库引擎守护进程。

51.&nbspnamed:DNS(BIND)服务器守护进程。

52.&nbspnetplugd:netplugd(network&nbspcable&nbsphotplug&nbspmanagement&nbspdaemon)守护程序,用于监控一个或多个网络接口的状态,当某些事件触发时运行一个外部脚本程序。

53.&nbspnetdump:远程网络备份服务器守护进程。

54.&nbspnetfs:Network&nbspFilesystem&nbspMounter,该进程安装和卸载NFS、SAMBA和NCP网络文件系统。

55.&nbspnfs:网络文件系统守护进程。

56.&nbspnfslock:NFS是一个流行的通过TCP/IP网络共享文件的协议,此守护进程提供了NFS文件锁定功能。

57.&nbspntpd:Network&nbsptime&nbspProtocol&nbspdaemon(网络时间校正协议)。ntpd是用来使系统和一个精确的时间源保持时间同步的协议守护进程。

58.&nbspnetwork:激活/关闭启动时的各个网络接口守护进程。

59.&nbsppsacct:该守护进程包括几个工具用来监控进程活动的工具,包括ac,lastcomm,&nbspaccton 和sa。

60.&nbsppcmcia:主要用于支持笔记本电脑接口守护进程。

61.&nbspportmap:该守护进程用来支持RPC连接,RPC被用于NFS以及NIS 等服务。

62.&nbsppostgresql:&nbspPostgreSQL 关系数据库引擎。

63.&nbspproftpd:&nbspproftpd 是Unix下的一个配置灵活的ftp服务器的守护程序。

64.&nbsppppoe:ADSL连接守护进程。

65.&nbsprandom :保存和恢复系统的高质量随机数生成器,这些随机数是系 统一些随机行为提供的。

66.&nbsprawdevices:在使用集群文件系统时用于加载raw设备的守护进程。

67.&nbspreadahead、readahead_early:readahead和readahead_early是在Fedora
core
2中最新推出的两个后台运行的守护程序。其作用是在启动系统期间,将启动系统所要用到的文件首先读取到内存中,然后在内存中进行执行,以加快系统的启动速
度。

68.&nbsprhnsd:Red&nbspHat 网络服务守护进程。通知官方的安全信息以及为系统打补丁。

69.&nbsprouted :该守护程序支持RIP协议的自动IP路由表维护。RIP主要 使用在小型网络上,大一点的网络就需要复杂一点的协议。

70.&nbsprsync:remote&nbspsync远程数据备份守护进程。

71.&nbsprsh :远程主机上启动一个shell,并执行用户命令。

72.&nbsprwhod: 允许远程用户获得运行rwho守护程序的机器上所有已登录用户的列表。

73.&nbsprstatd:一个为LAN上的其它机器收集和提供系统信息的守候进程。

74.&nbspruserd:远程用户定位服务,这是一个基于RPC的服务,它提供关于当前记录到LAN上一个机器日志中的用户信息

75.&nbsprwalld:激活rpc.rwall服务进程,这是一项基于RPC的服务,允许用户给每个注册到LAN机器上的其他终端写消息 。

76.&nbsprwhod:激活rwhod服务进程,它支持LAN的rwho和ruptime服务。

77.&nbspsaslauthd: 使用SASL的认证守护进程。

78.&nbspsendmail:邮件服务器sendmail守护进程。

79.&nbspsmb:Samba文件共享/打印服务守护进程。

80.&nbspsnmpd:本地简单网络管理守护进程。

81.&nbspsquid:代理服务器squid守护进程。

82.&nbspsshd:OpenSSH服务器守护进程。Secure&nbspShell&nbspProtocol可以实现安全地远程管理主机。

83.&nbspsmartd:Self&nbspMonitor&nbspAnalysis&nbspand&nbspReporting&nbspTechnology&nbspSystem,监控你的硬盘是否出现故障。

84.&nbspsyslog:一个让系统引导时起动syslog和klogd系统日志守候进程的脚本。

85.&nbsptime :该守护进程从远程主机获取时间和日期,采用TCP协议。

86.&nbsptime-udp: 该守护进程从远程主机获取时间和日期,采用UDP协议。

87.&nbsptux:在Linux内核中运行apache服务器的守护进程。

88.&nbspvsftpd:vsftpd服务器的守护进程。

89.&nbspvncserver:&nbspVNC (Virtual&nbspNetwork&nbspComputing,虚拟网络计算),它提供了一种在本地系统上显示远程计算机整个”桌面”的轻量型协议。

90.&nbspxfs:X&nbspWindow字型服务器守护进程,为本地和远程X服务器提供字型集。

91.&nbspxinetd:支持多种网络服务的核心守护进程。

92.&nbspypbind:为NIS(网络信息系统)客户机激活ypbind服务进程 。

93.&nbspyppasswdd:NIS口令服务器守护进程。

94.&nbspypserv:NIS主服务器守护进程。

95.&nbspyum:RPM操作系统自动升级和软件包管理守护进程。
]]> http://liuchangjun.com/2009/06/30/fedora-10-%e9%85%8d%e7%bd%ae%e6%9c%8d%e5%8a%a1/feed/ 0 Linux gateway configuration (Fedora 10) http://liuchangjun.com/2009/06/30/linux-gateway-configuration-fedora-10/ http://liuchangjun.com/2009/06/30/linux-gateway-configuration-fedora-10/#comments Tue, 30 Jun 2009 04:42:20 +0000 Liu Changjun http://liuchangjun.com/?p=115 Transfered from my journal.

http://www.laxjyj.com/www/web/4718544.html

http://bbs.linuxpk.com/thread-4016-2-1.html

/etc/sysconfig/network -> /etc/sysconfig/networking/devices/ifcfg-eth0 -> /etc/sysconfig/networking/devices/ifcfg-eth1 -> /etc/sysconfig/network-scripts/ifcfg-eth0 -> /etc/sysconfig/network-scripts/ifcfg-eth1

cat network NETWORKING=yes HOSTNAME=frontend GATEWAY=10.4.3.1

cat /etc/rc.d/rc.local route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1 route add default gw 10.4.3.1 eth0

#>ip r #>route -n

]]> Transfered from my journal.

http://www.laxjyj.com/www/web/4718544.html

http://bbs.linuxpk.com/thread-4016-2-1.html

/etc/sysconfig/network ->
/etc/sysconfig/networking/devices/ifcfg-eth0 ->
/etc/sysconfig/networking/devices/ifcfg-eth1 ->
/etc/sysconfig/network-scripts/ifcfg-eth0 ->
/etc/sysconfig/network-scripts/ifcfg-eth1

cat network
NETWORKING=yes
HOSTNAME=frontend
GATEWAY=10.4.3.1

cat /etc/rc.d/rc.local
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1
route add default gw 10.4.3.1 eth0

#>ip r
#>route -n

]]> http://liuchangjun.com/2009/06/30/linux-gateway-configuration-fedora-10/feed/ 0