分类
linux

sftp chroot

# cat /etc/ssh/sshd_config  | grep -vE '^#|^$'
AuthorizedKeysCommand /usr/bin/google_authorized_keys
AuthorizedKeysCommandUser root
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin no
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
ClientAliveInterval 420
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp internal-sftp
Match User user1
   ChrootDirectory /data/chroot/%u
   ForceCommand internal-sftp
   AllowTcpForwarding no
   X11Forwarding no

https://serverfault.com/a/656756

分类
linux

badblocks check disk

家里的 linux 用了好长时间了,运行一下

badblocks -v /dev/sda1 > /tmp/sda1-badsectors.txt
Checking blocks 0 to 3907016703
Checking for bad blocks (read-only test): 
分类
linux

truncate 日志文件

文件过大,大几十G

ls -lhai newrelic_agent.log
truncate -s 0 newrelic_agent.log
ls -lhai newrelic_agent.log

清理前后的 inode number, 文件权限都没有发生变化
清理完之后 tail -f newrelic_agent.log 观察是否能正常写入

https://computingforgeeks.com/how-to-empty-truncate-log-files-in-linux/

分类
linux

ldapsearch 测试 ldap 筛选

ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  > all
ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  '(&(objectclass=posixAccount)(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ipa,dc=mycorp,dc=com)(!(nsAccountLock=TRUE)))'
ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  '(&(uid=*)(!(ipaUserAuthType=*))(!(nsAccountLock=TRUE)))'
分类
linux

Ceph 笔记

# 列出所有的pool
ceph osd lspools
# 创建一个 pool
ceph osd pool create kong 3
# 列出pool中的所有镜像
rbd ls kong
# 创建pool
ceph osd pool create
# 创建一个大小为1G的镜像
rbd create -p tenant_1 xm3gyumgqupmexxmewoome
# 显示一个镜像的详细信息
rbd info -p tenant_1 –image xm3gyumgqupmexxmewoome
# 删除一个镜像
rdb rm -p tenant_1 xm3gyumgqupmexxmewoome

cat /etc/ceph/ceph.client.admin.keyring
ceph auth list
ceph osd pool ls detail
ceph osd pool delete kong
ceph osd pool delete kong kong –yes-i-really-really-mean-it

# k8s查看最近创建的容器
kubectl get pods -n 1 | awk ‘$5 ~ /s|m/ {print}’ | sort -V -k 5

# docker删除exit的容器
docker ps -a | grep Exited | awk ‘{print $1}’ | xargs docker rm