鹰击长空yuetao.org

2月 12
inotifywait(1) - Linux man page

Name

inotifywait - wait for changes to files using inotify
Synopsis

inotifywait [-hcmrq] [-e <event> ] [-t <seconds> ] [--format <fmt> ] [--timefmt <fmt> ] <file> [ ... ]
Description

inotifywait efficiently waits for changes to files using Linux's inotify(7) interface. It is suitable for waiting for changes to files from shell scripts. It can either exit once an event occurs, or continually execute and output events as they occur.
Output

inotifywait will output diagnostic information on standard error and event information on standard output. The event output can be configured, but by default it consists of lines of the following form:
watched_filename EVENT_NAMES event_filename

watched_filename
is the name of the file on which the event occurred. If the file is a directory, a trailing slash is output.
EVENT_NAMES
are the names of the inotify events which occurred, separated by commas.
event_filename
is output only when the event occurred on a directory, and in this case the name of the file within the directory which caused this event is output.
By default, any special characters in filenames are not escaped in any way. This can make the output of inotifywait difficult to parse in awk scripts or similar. The --csv and --format options will be helpful in this case.

Options

-h, --help
Output some helpful usage information.
@<file>
When watching a directory tree recursively, exclude the specified file from being watched. The file must be specified with a relative or absolute path according to whether a relative or absolute path is given for watched directories. If a specific path is explicitly both included and excluded, it will always be watched.
Note: If you need to watch a directory or file whose name starts with @, give the absolute path.

--fromfile <file>
Read filenames to watch or exclude from a file, one filename per line. If filenames begin with @ they are excluded as described above. If <file> is '-', filenames are read from standard input. Use this option if you need to watch too many files to pass in as command line arguments.
-m, --monitor
Instead of exiting after receiving a single event, execute indefinitely. The default behaviour is to exit after the first event occurs.
-d, --daemon
Same as --monitor, except run in the background logging events to a file that must be specified by --outfile. Implies --syslog.
-o, --outfile <file>
Output events to <file> rather than stdout.
-s, --syslog
Output errors to syslog(3) system log module rather than stderr.
-r, --recursive
Watch all subdirectories of any directories passed as arguments. Watches will be set up recursively to an unlimited depth. Symbolic links are not traversed. Newly created subdirectories will also be watched.
Warning: If you use this option while watching the root directory of a large tree, it may take quite a while until all inotifywatches are established, and events will not be received in this time. Also, since one inotify watch will be established per subdirectory, it is possible that the maximum amount of inotify watches per user will be reached. The default maximum is 8192; it can be increased by writing to /proc/sys/fs/inotify/max_user_watches.

-q, --quiet
If specified once, the program will be less verbose. Specifically, it will not state when it has completed establishing allinotify watches.
If specified twice, the program will output nothing at all, except in the case of fatal errors.

--exclude <pattern>
Do not process any events whose filename matches the specified POSIX extended regular expression, case sensitive.
--excludei <pattern>
Do not process any events whose filename matches the specified POSIX extended regular expression, case insensitive.
-t <seconds>, --timeout <seconds>
Exit if an appropriate event has not occurred within <seconds> seconds. If <seconds> is zero (the default), wait indefinitely for an event.
-e <event>, --event <event>
Listen for specific event(s) only. The events which can be listened for are listed in the EVENTS section. This option can be specified more than once. If omitted, all events are listened for.
-c, --csv
Output in CSV (comma-separated values) format. This is useful when filenames may contain spaces, since in this case it is not safe to simply split the output at each space character.
--timefmt <fmt>
Set a time format string as accepted by strftime(3) for use with the '%T' conversion in the --format option.
--format <fmt>
Output in a user-specified format, using printf-like syntax. The event strings output are limited to around 4000 characters and will be truncated to this length. The following conversions are supported:
%w
This will be replaced with the name of the Watched file on which an event occurred.
%f
When an event occurs within a directory, this will be replaced with the name of the File which caused the event to occur. Otherwise, this will be replaced with an empty string.
%e
Replaced with the Event(s) which occurred, comma-separated.
%Xe
Replaced with the Event(s) which occurred, separated by whichever character is in the place of 'X'.
%T
Replaced with the current Time in the format specified by the --timefmt option, which should be a format string suitable for passing to strftime(3).
Exit Status

The program executed successfully, and an event occurred which was being listened for.
An error occurred in execution of the program, or an event occurred which was not being listened for. The latter generally occurs if something happens which forcibly removes the inotify watch, such as a watched file being deleted or the filesystem containing a watched file being unmounted.
The -t option was used and an event did not occur in the specified interval of time.
Events

The following events are valid for use with the -e option:
access
A watched file or a file within a watched directory was read from.
modify
A watched file or a file within a watched directory was written to.
attrib
The metadata of a watched file or a file within a watched directory was modified. This includes timestamps, file permissions, extended attributes etc.
close_write
A watched file or a file within a watched directory was closed, after being opened in writeable mode. This does not necessarily imply the file was written to.
close_nowrite
A watched file or a file within a watched directory was closed, after being opened in read-only mode.
close
A watched file or a file within a watched directory was closed, regardless of how it was opened. Note that this is actually implemented simply by listening for both close_write and close_nowrite, hence all close events received will be output as one of these, not CLOSE.
open
A watched file or a file within a watched directory was opened.
moved_to
A file or directory was moved into a watched directory. This event occurs even if the file is simply moved from and to the same directory.
moved_from
A file or directory was moved from a watched directory. This event occurs even if the file is simply moved from and to the same directory.
move
A file or directory was moved from or to a watched directory. Note that this is actually implemented simply by listening for both moved_to and moved_from, hence all close events received will be output as one or both of these, notMOVE.
move_self
A watched file or directory was moved. After this event, the file or directory is no longer being watched.
create
A file or directory was created within a watched directory.
delete
A file or directory within a watched directory was deleted.
delete_self
A watched file or directory was deleted. After this event the file or directory is no longer being watched. Note that this event can occur even if it is not explicitly being listened for.
unmount
The filesystem on which a watched file or directory resides was unmounted. After this event the file or directory is no longer being watched. Note that this event can occur even if it is not explicitly being listened to.
Examples

Example 1

Running inotifywait at the command-line to wait for any file in the 'test' directory to be accessed. After running inotifywait, 'cat test/foo' is run in a separate console.
% inotifywait test Setting up watches. Watches established. test/ ACCESS foo
Example 2

A short shell script to efficiently wait for httpd-related log messages and do something appropriate.
#!/bin/sh while inotifywait -e modify /var/log/messages; do   if tail -n1 /var/log/messages | grep httpd; then     kdialog --msgbox "Apache needs love!"   fi done
Example 3

A custom output format is used to watch '~/test'. Meanwhile, someone runs 'touch ~/test/badfile; touch ~/test/goodfile; rm ~/test/badfile' in another console.
% inotifywait -m -r --format '%:e %f' ~/test Setting up watches.  Beware: since -r was given, this may take a while! Watches established. CREATE badfile OPEN badfile ATTRIB badfile CLOSE_WRITE:CLOSE badfile CREATE goodfile OPEN goodfile ATTRIB goodfile CLOSE_WRITE:CLOSE goodfile DELETE badfile
Tags:
2月 11
1.   使用背景
需要接入两个网络,一个是部署环境所在内网环境,这个环境是上不了外网, 外网环境很可能是一个无线网络。如果两者都连接上,很可能导致有一方不能起作用,即外网或内网上不了,常常需要使用繁琐的“禁用网络连接”、“启用网络连接”的操作来进行内外网的切换,甚是麻烦。

为了解决这个问题,可以使用route命令来使得同时内外网都可用。

2.   route命令
route命令是在本地 IP 路由表中显示和修改条目网络命令。

route命令的语法如下:

route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]
route命令常用的命令如下:

1)route delete:删除路由;
2)route print:打印路由的Destination;
3)route add:添加路由;
4)route change:更改现存路由。

一般使用route delete、route add、route print这三条命令可解决路由的所有功能。

2.1 打印路由信息

       打印路由信息使用命令:route print。

===========================================================================
Interface List
0x1  MS TCP Loopback interface
0x2 00 26 18 31 4f d1  Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ether
net NIC - 数据包计划程序微型端口
0x50004 00 53 45 00 00 00  WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0   116.69.106.119 116.69.106.119       1
          0.0.0.0          0.0.0.0    192.168.2.226    192.168.2.79       20
    115.168.64.94 255.255.255.255   116.69.106.119 116.69.106.119       1
   116.69.106.119 255.255.255.255        127.0.0.1       127.0.0.1       50
 116.255.255.255 255.255.255.255   116.69.106.119 116.69.106.119       50
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.2.0    255.255.255.0     192.168.2.79    192.168.2.79       20
     192.168.2.79 255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.2.255 255.255.255.255     192.168.2.79    192.168.2.79       20
        224.0.0.0        240.0.0.0     192.168.2.79    192.168.2.79       20
        224.0.0.0        240.0.0.0   116.69.106.119 116.69.106.119       1
 255.255.255.255 255.255.255.255   116.69.106.119 116.69.106.119       1
 255.255.255.255 255.255.255.255     192.168.2.79    192.168.2.79       1
Default Gateway:    116.69.106.119
===========================================================================
Persistent Routes:
 None
第一列是网络目的地址。列出了路由器连接的所有的网段。

第二行网络掩码列提供这个网段本身的子网掩码,而不是连接到这个网段的网卡的子网掩码。这基本上能够让路由器确定目的网络的地址类。

第三列是网关。一旦路由器确定它要把这个数据包转发到哪一个目的网络,路由器就要查看网关列表。网关表告诉路由器这个数据包应该转发到哪一个IP地址才能达到目的网络。

第四列接口列告诉路由器哪一个网卡连接到了合适的目的网络。从技术上说,接口列仅告诉路由器分配给网卡的IP地址。那个网卡把路由器连接到目的网络。然而,路由器很聪明,知道这个地址绑定到哪一个物理网卡。

第五列是测量。测量本身是一种科学。该值越小的,可信度越高

下面说说每一行内容代表的内容:
Network Destination      Netmask          Gateway         Interface      Metric  
0.0.0.0                    0.0.0.0          116.69.106.119  116.69.106.119      1  
   这表示发向任意网段的数据通过本机接口116.69.106.119被送往一个默认的网关:116.69.106.119,它的管理距离是1,管理距离指的是在路径选择的过程中信息的可信度,管理距离越小的,可信度越高。

第二行的内容:
Network Destination      Netmask          Gateway         Interface      Metric  
0.0.0.0                    0.0.0.0          192.168.2.226  192.168.2.79      20
   这表示发向任意网段的数据通过本机接口192.168.2.79被送往网关192.168.2.226,但是因为该行的管理距离(Metric)比第一行大,即表示第二行的可信度没有第一行高,所以在默认情况下会优先选择第一行的网关出去。

第三行的内容:
Network Destination      Netmask          Gateway         Interface          Metric  
115.168.64.94           255.255.255.255    116.69.106.119 116.69.106.119       1

第四行的内容:
Network Destination      Netmask          Gateway         Interface          Metric  
116.69.106.119          255.255.255.255    127.0.0.1        127.0.0.1             50
      表示从自己的主机发送到自己主机的数据包,如果使用的是自己主机的IP地址,跟使用回环地址效果相同,通过同样的途径被路由,也就是如果我有自己的站点,我要浏览自己的站点,在IE地质栏里面输入localhost与116.69.106.119是一样的,尽管localhost被解析为 127.0.0.1。 

 第五行的内容:
Network Destination      Netmask          Gateway         Interface          Metric  
116.255.255.255          255.255.255.255    116.69.106.119 116.69.106.119       50
   这里的目的地址是一个局域广播地址,系统对这样的数据包的处理方法是把本机116..69.106.119作为网关,发送局域广播帧,这个帧将被路由器过滤。 

第六行的内容:
Network Destination      Netmask          Gateway         Interface          Metric  
127.0.0.0                   255.0.0.0          127.0.0.1       127.0.0.1           1

2.2 删除路由信息
所用的命令为:

route delete 网络目的地址 [mask] [子网掩码]
   例如想要删除网络目的地址为192.168.2.0,子网掩码为255.255.255.0的路由,可用:

route delete 192.168.2.0 mask 255.255.0.0
    删除路由时还可以用模糊匹配,例如要删除以115开头的IP路由表中的所有路由时,可用:

route delete 115*

2.3 添加路由信息

       添加路由信息使用如下命令:

route add 网络目的地址 mask 子网掩码网关 [metric] [测量值]
   例如若要向带有255.255.0.0子网掩码、10.27.0.1网关,测量值为7的10.41.0.0的目标地址添加一条路由,可使用如下命令:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7
3.   应用实例

以调试环境为例,需要接入内网进行调试,内网地址为5.0.217.47。另外接了个无线,可以上外网自动分配了个192.168.2.110。
插上内网网线,并成功连接上外网后,此时内网是通的,但是外网连接不上。在命令窗口使用ipconfig和route print命令可以打印出当前的信息:

route print
===========================================================================
Interface List
0x1  MS TCP Loopback interface
0x2 00 26 18 31 4f d1  Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ether
net NIC - 数据包计划程序微型端口
0x3 00 24 2c e7 57 11  Atheros AR5006X Wireless Network Adapter - 数据
包计划程序微型端口

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0        5.0.217.1      5.0.217.47       10
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.110       25
        5.0.217.0 255.255.255.192       5.0.217.47      5.0.217.47       10
       5.0.217.47 255.255.255.255        127.0.0.1       127.0.0.1       10
    5.255.255.255 255.255.255.255       5.0.217.47      5.0.217.47       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.110   192.168.1.110       25
    192.168.1.110 255.255.255.255        127.0.0.1       127.0.0.1       25
    192.168.1.255 255.255.255.255    192.168.1.110   192.168.1.110       25
        224.0.0.0        240.0.0.0       5.0.217.47      5.0.217.47       10
        224.0.0.0        240.0.0.0    192.168.1.110   192.168.1.110       25
 255.255.255.255 255.255.255.255       5.0.217.47      5.0.217.47       1
 255.255.255.255 255.255.255.255    192.168.1.110   192.168.1.110       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
 None

ipconfig

Windows IP Configuration
Ethernet adapter 本地连接:
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 5.0.217.47
        Subnet Mask . . . . . . . . . . . : 255.255.255.192
        Default Gateway . . . . . . . . . :
Ethernet adapter 无线网络连接:
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 192.168.1.110
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
由route print命令的结果的第一行可以看到,只所以访问不到外网,是因为默认的情况是通过5.0.217.1的内网的网关出去的。

为了达到能同时访问内外网的需求,只需要删除掉0.0.0.0的路由后,添加两条路由即可,将5开头的地址都通过5.0.217.1网关路由出去,而其余的地址都通过无线的网关192.168.1.110出去。参考如下:

route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 5.0.0.0 mask 255.0.0.0 5.0.217.1

此时运行route print命令,可看到运行结果如下:
route print
===========================================================================
Interface List
0x1  MS TCP Loopback interface
0x2 00 26 18 31 4f d1  Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ether
net NIC - 数据包计划程序微型端口
0x3 00 24 2c e7 57 11  Atheros AR5006X Wireless Network Adapter - 数据
包计划程序微型端口
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.110       1
          5.0.0.0        255.0.0.0        5.0.217.1      5.0.217.47       1
        5.0.217.0 255.255.255.192       5.0.217.47      5.0.217.47       10
       5.0.217.47 255.255.255.255        127.0.0.1       127.0.0.1       10
    5.255.255.255 255.255.255.255       5.0.217.47      5.0.217.47       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.110   192.168.1.110       25
    192.168.1.110 255.255.255.255        127.0.0.1       127.0.0.1       25
    192.168.1.255 255.255.255.255    192.168.1.110   192.168.1.110       25
        224.0.0.0        240.0.0.0       5.0.217.47      5.0.217.47       10
        224.0.0.0        240.0.0.0    192.168.1.110   192.168.1.110       25
 255.255.255.255 255.255.255.255       5.0.217.47      5.0.217.47       1
 255.255.255.255 255.255.255.255    192.168.1.110   192.168.1.110       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
 None
   可看到默认是通过无线的192.168.1.110出去的,此时内外网都可以同时用了
Tags:
2月 10
#!/bin/bash
#统一写下接收监控邮件的邮箱
mail_account="xxxxx@qq.com"


#监控系统负载与CPU、内存、硬盘、登录用户数,超出警戒值则发邮件告警。

#提取本服务器的IP地址信息
IP=`/sbin/ifconfig eth1 | grep "inet addr" | cut -f 2 -d ":" | cut -f 1 -d " "`

# 1、监控系统负载的变化情况,超出时发邮件告警:

#抓取cpu的总核数
cpu_num=`grep -c 'model name' /proc/cpuinfo`

#抓取当前系统15分钟的平均负载值
load_15=`uptime | awk '{print $12}'`

#计算当前系统单个核心15分钟的平均负载值,结果小于1.0时前面个位数补0。
average_load=`echo "scale=2;a=$load_15/$cpu_num;if(length(a)==scale(a)) print 0;print a" | bc`

#取上面平均负载值的个位整数
average_int=`echo $average_load | cut -f 1 -d "."`

#设置系统单个核心15分钟的平均负载的告警值为0.70(即使用超过70%的时候告警)。
load_warn=0.70

#当单个核心15分钟的平均负载值大于等于1.0(即个位整数大于0) ,直接发邮件告警;如果小于1.0则进行二次比较
if (($average_int > 0)); then
echo "$IP服务器15分钟的系统平均负载为$average_load,超过警戒值1.0,请立即处理!!!" | mutt -s "$IP 服务器系统负载严重告警!!!" $mail_account
else

#当前系统15分钟平均负载值与告警值进行比较(当大于告警值0.70时会返回1,小于时会返回0 )
load_now=`expr $average_load \> $load_warn`

#如果系统单个核心15分钟的平均负载值大于告警值0.70(返回值为1),则发邮件给管理员
#if (($load_now == 1)); then
#echo "$IP服务器15分钟的系统平均负载达到 $average_load,超过警戒值0.70,请及时处理。" | mutt -s "$IP 服务器系统负载告警" $mail_account
#fi

fi

# 2、监控系统cpu的情况,当使用超过80%的时候发告警邮件:

#取当前空闲cpu百份比值(只取整数部分)
cpu_idle=`top -b -n 1 | grep Cpu | awk '{print $5}' | cut -f 1 -d "."`

#设置空闲cpu的告警值为20%,如果当前cpu使用超过80%(即剩余小于20%),立即发邮件告警
if (($cpu_idle < 20)); then
echo "$IP服务器cpu剩余$cpu_idle%,使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器CPU告警" $mail_account
fi

# 3、监控系统交换分区swap的情况,当使用超过80%的时候发告警邮件:

#系统分配的交换分区总量
swap_total=`free -m | grep Swap | awk '{print $2}'`

#当前剩余的交换分区free大小
swap_free=`free -m | grep Swap | awk '{print $4}'`

#当前已使用的交换分区used大小
swap_used=`free -m | grep Swap | awk '{print $3}'`

if (($swap_used != 0)); then
#如果交换分区已被使用,则计算当前剩余交换分区free所占总量的百分比,用小数来表示,要在小数点前面补一个整数位0
swap_per=0`echo "scale=2;$swap_free/$swap_total" | bc`

#设置交换分区的告警值为20%(即使用超过80%的时候告警)。
swap_warn=0.20

#当前剩余交换分区百分比与告警值进行比较(当大于告警值(即剩余20%以上)时会返回1,小于(即剩余不足20%)时会返回0 )
swap_now=`expr $swap_per \> $swap_warn`

#如果当前交换分区使用超过80%(即剩余小于20%,上面的返回值等于0),立即发邮件告警
if (($swap_now == 0)); then
echo "$IP服务器swap交换分区只剩下 $swap_free M 未使用,剩余不足20%,使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器内存告警" $mail_account
fi

fi

# 4、监控系统硬盘分区使用的情况,当使用超过80%的时候发告警邮件:

for i in `df -h | grep -v Filesystem | awk '{ print $5 }' | cut -f 1 -d '%'`; do
if (( $i >= 80 ));then
echo "$IP 服务器硬盘使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器硬盘告警" $mail_account
fi
done


#取当前根分区(/dev/sda3)已用的百份比值(只取整数部分)
#disk_sda2=`df -h | grep /dev/sda2 | awk '{print $5}' | cut -f 1 -d "%"`

#设置空闲硬盘容量的告警值为80%,如果当前硬盘使用超过80%,立即发邮件告警
#if (($disk_sda2 > 80)); then
#echo "$IP 服务器 /根分区 使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器硬盘告警" $mail_account
#fi
#########usr分区监控###########
#disk_sda5=`df -h | grep /dev/sda5 | awk '{print $5}' | cut -f 1 -d "%"`

#设置空闲硬盘容量的告警值为80%,如果当前硬盘使用超过80%,立即发邮件告警
#if (($disk_sda5 > 80)); then
#echo "$IP 服务器 /usr 使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器硬盘告警" $mail_account
#fi
#########home分区监控###########
#disk_sda8=`df -h | grep /dev/sda8 | awk '{print $5}' | cut -f 1 -d "%"`

#设置空闲硬盘容量的告警值为80%,如果当前硬盘使用超过80%,立即发邮件告警
#if (($disk_sda8 > 80)); then
#echo "$IP 服务器 /home 使用率已经超过80%,请及时处理。" | mutt -s "$IP 服务器硬盘告警" $mail_account
#fi

##############################################################################################################################
#5、监控系统用户登录的情况,当用户数超过3个的时候发告警邮件:

#取当前用户登录数(只取数值部分)
users=`uptime | awk '{print $6}'`

#设置登录用户数的告警值为3个,如果当前用户数超过3个,立即发邮件告警
if (($users >= 5)); then
echo "$IP 服务器用户数已经达到$users个,请及时处理。" | mutt -s "$IP 服务器用户数告警" $mail_account
fi

#6、监控网络连接数的情况,连接数大于2000时发告警邮件
conn_num=`netstat -nat | grep -i "80" | wc -l`

#设置网络连接数告警值为2000,如果连接数超过2000,立即发邮件告警
if (($conn_num >= 5000)); then
echo "$IP 服务器网络连接数已经达到$conn_num个,请及时处理。" | mutt -s "$IP 服务器并发连接数" $mail_account
fi

#7、监控服务器账号表,用md5sum方法加密,存储到一个文件内,两个对比,如果不匹配发出报警
default_md5=`cat /script/md5`
Check_md5=`md5sum /etc/passwd | awk '{print $1}'`
#用户表发生变化,理解发出报警
if [ "$Check_md5"x != "$default_md5"x ]; then
echo "$IP 服务器用户表发生变化,请及时处理。" | mutt -s "$IP 服务器用户表告警" $mail_account
fi 

#8、监控服务器密码表,用md5sum方法加密,存储到一个文件内,两个对比,如果不匹配发出报警
default_passwd5=`cat /script/passwdmd5`
Check_passwd5=`md5sum /etc/shadow | awk '{print $1}'`
#用户表发生变化,理解发出报警
if [ "$Check_passwd5"x != "$default_passwd5"x ]; then
echo "$IP 服务器密码发生变化,请及时处理。" | mutt -s "$IP 服务器用户表告警" $mail_account
fi



2月 9
1.修改puref-ftpd配置文件 /usr/local/pureftpd/pure-ftpd.conf


2. 搜索 Alt 找到下面这行
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)

AltLog                     w3c:xxx



3. 将其中的xxx改为日志保存的路径
AltLog                     w3c:/home/wwwlogs/pureftpd.log


4.重启pure-ftpd
/etc/init.d/pureftpd restart
Tags:
2月 2
vi /var/named/domain.zone

$TTL 86400
@  IN  SOA  ns.domain.com. root(1 1D 1H 1W 3H)
@  IN  NS  192.168.0.166
ns  IN  A  192.168.0.166
*       IN  A  192.168.0.166



-----------------------

vi /etc/named.rfc1912.zones


zone "." IN {
  type master;
  file "domain.zone";
}



-----------------------------


/etc/init.d/named restart
分页: 6/61 第一页 上页 1 2 3 4 5 6 7 8 9 10 下页 最后页 [ 显示模式: 摘要 | 列表 ]