search

henryliangt / wordpress-managment

0 stars 0 forks source link

rsync #2

Open henryliangt opened 3 years ago

henryliangt commented 3 years ago
  1. check rsync ready or not ?
rsync --version
/
rpm -qi rsync
  1. Install rsync

yum install rsync

  1. exclude folders list in here;

/root/exclude-files.txt

/boot /dev /tmp /sys /proc /backup /etc/fstab /etc/mtab /etc/mdadm.conf /etc/sysconfig/network*

  1. rsync -vPa -e 'ssh -o StrictHostKeyChecking=no' --exclude-from=/root/exclude-files.txt / REMOTE-IP:/
henryliangt commented 3 years ago

Linode attach volume

  1. To get started with a new volume, you'll want to create a filesystem on it: mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_rescue_machine_extra_110G"

  2. Once the volume has a filesystem, you can create a mountpoint for it: mkdir "/mnt/rescue_machine_extra_110G"

  3. Then you can mount the new volume: mount "/dev/disk/by-id/scsi-0Linode_Volume_rescue_machine_extra_110G" "/mnt/rescue_machine_extra_110G"

  4. If you want the volume to automatically mount every time your Linode boots, you'll want to add a line like the following to your /etc/fstab file: Mount every time your Linode boots /dev/disk/by-id/scsi-0Linode_Volume_rescue_machine_extra_110G /mnt/rescue_machine_extra_110G ext4 defaults,noatime,nofail 0 2

henryliangt commented 3 years ago

Start ssh in rescue mode.

sudo vi /etc/ssh/sshd_config

a/i/: Esc :x / :wq save&go :w only save :q! just exit

PermitRootLogin yes #允许root登录 PermitEmptyPasswords no #不允许空密码登录 PasswordAuthentication yes # 设置是否使用口令验证。

passwd 输入两次密码

service sshd restart service sshd start service sshd reload

henryliangt commented 3 years ago

How to login key-pair

ssh-keygen

cd .ssh cat id_rsa.pub >> authorized_keys

chmod 600 authorized_keys chmod 700 ~/.ssh

vim /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes

PermitRootLogin yes

PasswordAuthentication no

service sshd restart

id_rsa copy to local machine

henryliangt commented 3 years ago

/var/spool/cron www 的 cron job

1 1 /2 /home/www/.configrc/a/upd>/dev/null 2>&1 @reboot /home/www/.configrc/a/upd>/dev/null 2>&1 5 8 0 /home/www/.configrc/b/sync>/dev/null 2>&1 @reboot /home/www/.configrc/b/sync>/dev/null 2>&1 0 0 /3 /dev/shm/.X81723/.rsync/c/aptitude>/dev/null 2>&1

sudo crontab –u username –l

ls –la /etc/cron.hourly ls –la /etc/cron.daily ls –la /etc/cron.weekly ls –la /etc/cron.monthly

henryliangt commented 3 years ago

安装云锁 ' wget https://download.yunsuo.com.cn/v3/yunsuo_agent_64bit.tar.gz && tar xvzf yunsuo_agent_64bit.tar.gz && chmod +x yunsuo_install/install && yunsuo_install/install

wget https://download.yunsuo.com.cn/v3/yunsuo_agent_64bit.tar.gz tar zxvf yunsuo_agent_64bit.tar.gz chmod +x yunsuo_install/install yunsuo_install/install

/usr/local/yunsuo_agent/agent_smart_tool.sh -u 云锁账号 -p 云锁密码 '

henryliangt commented 3 years ago

安全狗

wget http://down.safedog.cn/safedog_linux64.tar.gz tar xzvf safedog_linux64.tar.gz cd safedog_an_linux64_2.8.21207 chmod +x *.py

yum -y install mlocate yum -y install pciutils

./install.py ngingx =2

sdcloud -u 服云帐号

henryliangt commented 3 years ago

last -- all ip logged in history -- operation logs lastb --failed login user

top not working, then busybox top

wget https://tao-1257166515.cos.ap-chengdu.myqcloud.com/busybox cp busybox /usr/bin/ cd /usr/bin/ chmod 777 /usr/bin/busybox

busybox top

示例病毒: /tmp/.X25-unix/.rsync/c/tsm64 /tmp/.X25-unix/.rsync/c/tsm32 /tmp/.X25-unix/.rsync/a/kswapd0 /usr/bin/systemd-network /usr/bin/kswaped

ls -lh /proc/5445/fd top -H -p 5445 / 找子进程

安装chattr yum install e2fsprogs which chattr echo > authorized_keys cat authorized_keys

kill -9 5445 chattr -i /usr/bin/pamdicks rm /usr/bin/pamdicks rm /tmp/.X25-unix/.rsync/c/lib/64/tsm

抓包: tcpdump -i eth0 '((not port 45695) and (not host 127.0.0.1) and (not host 183.60.83.19))'

henryliangt commented 3 years ago

排查套路

日志: ll -h /var/log/ du -sh /var/log/

密码文件: ll /etc/pass ll /etc/sha

密码内容: more /etc/passwd more /etc/shadow

lastlog - 最近登陆 who - 当前登录用户 last - 历史登陆用户

yum install psacct systemctl enable psacct systemctl start psacct ac -dp -所有用户连接小时数

yum install tcpdump tcpdump - 抓包

yum install iperf3 iperf3 -s - 流量检测

yum install iperf iperf -s - 流量检测 版本不同

cat /var/log/secure | grep -i "accepted password" - 日志。

busybox top ll /proc/29969/ | grep -i exe 虚拟文件系统目录查找该进程的可执行文件 ll /usr/bin/python

proc 文件夹里恢复文件 lsof(list open files) lsof | grep /var/log/secure lsof 里找文件 pid 文件描述符数字 4-8

tail /proc/111-PID-111/fd/4 文件描述符

cat /proc/1264/fd/4 > /var/log/secure 恢复出来

head /var/log/secure

henryliangt commented 3 years ago

内存排查 ps -o pid,user,%mem,command ax | sort -b -k3 -r sudo pmap 6064 | tail -n 1 指定PID内存占用 , 只看汇总第一行 sudo pmap 6064 | tail -n 1 | awk '/[0-9]K/{print $2}' 单位Kb sudo pmap 6988 21407 | grep total

`

!/bin/bash

@author Henry Liang

@github https://github.com/henryliangt

printf "%-10s%-15s%-15s%s\n" "PID" "OWNER" "MEMORY" "COMMAND"

function memory_list_main() {

ALLPROCESS=$(ps -o pid,user,%mem,command ax | grep -v PID | awk '/[0-9]*/{print $1 ":" $2 ":" $4}')

for i in $ALLPROCESS do PID=$(echo $i | cut -d: -f1) OWNER=$(echo $i | cut -d: -f2) COMMAND=$(echo $i | cut -d: -f3) MEMORY=$(pmap $PID | tail -n 1 | awk '/[0-9]K/{print $2}') printf "%-10s%-15s%-15s%s\n" "$PID" "$OWNER" "$MEMORY" "$COMMAND" done

}

memory_list_main | sort -bnr -k3 `

chmod +x mem_list sudo mv -v mem_list /usr/bin

mem_list.txt

henryliangt commented 3 years ago

历史占用 SAR

怀疑CPU存在瓶颈,可用 sar -u 和 sar -q 等来查看 怀疑内存存在瓶颈,可用 sar -B、sar -r 和 sar -W 等来查看 怀疑I/O存在瓶颈,可用 sar -b、sar -u 和 sar -d 等来查看

henryliangt commented 3 years ago

历史占用 pidstat ps -aux | grep pidstat pidstat -u 600 >/var/log/pidstats.log & disown $!

流程记账 accton on

atop

psmon和monit可以监视系统上正在运行的进程, 如果超过了任何阈值(CPU使用率,内存使用率...), 可以设置发送电子邮件报告

henryliangt commented 2 years ago

服务器安全狗安装和卸载。sdsvrd 占用cpu高

不要轻易使用安全狗,我的一台阿里云主机使用了安全狗后CPU一直居高不下。sdsvrd 这个消耗CPU。经过查看原来是安全狗,果断卸载。现在整个世界清净了。

附上一键安装脚本

64版本

wget http://safedog.cn/download/software/safedogfwq_linux64.zip unzip safedogfwq_linux64.zip cd safedog_linux64 tar xzvf safedog_linux64.tar.gz cd safedog_linux64 chmod +x *.py ./install.py cd /etc/safedog wget http://blog.baiduola.com/tools/sd/safedog_user.psf sdui

拆卸: cd /safedog_linux64/safedog_linux64/ chmod +x uninstall.py ./uninstall.py

32 版本 wget http://safedog.cn/download/software/safedogfwq_linux32.zip unzip safedogfwq_linux32.zip cd safedog_linux32 tar xzvf safedog_linux32.tar.gz cd safedog_linux32 chmod +x *.py ./install.py cd /etc/safedog wget http://blog.baiduola.com/tools/sd/safedog_user.psf sdui

拆卸: cd /safedog_linux32/safedog_linux32/ chmod +x uninstall.py ./uninstall.py