2015/4/29

自然輸入法無法在win 2003底下安裝



詢問IQTechnology Customer Service客服,解決方式有三:
1.將安裝檔重新命名為Setup.exe
2.
使用控制台的新增或移除程式>選擇新增程式(CD或磁片)>選擇自然輸入法安裝檔

3.C:\Documents and Settings\(使用者名稱)\底下新增一個資料夾名為Windows之後於此資料夾下同樣新增一個資料夾名為Fonts

keep text formate in vim useing pietty copy-paste


From:How can I keep the code formated as original source when I paste them to vim?

When I copy some code from webpages and paste it to VIM,I find it becomes a mess style like a ladder as follows
xxxxxx
   xxxxxx
      xxxxxx
         xxxxxxxxxx
Since it messed so regularly so I think maybe there's something wrong with my .vimrc which is as below:

Answer:

Do this before:
:set paste
Then after:
:set nopaste

useing Log4J2 with Hibernate and slf4J,logger example




<?xml version="1.0" encoding="UTF-8"?>
<configuration xsixmlns="Log4j-config.xsd">
    <Appenders>
        <Console name="CONSOLE" target="SYSTEM_OUT">
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" />
        </Console>

        <RollingFile name="RollingFile_Listener" fileName="logs/SocketServerListener.log"
            filePattern="logs/$${date:yyyy-MM}/SockServerListener-%d{MM-dd-yyyy}-%i.log.gz">
            <Filters>
                <ThresholdFilter level="INFO" onMatch="ACCEPT"
                    onMismatch="DENY" />
            </Filters>
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" />
            <Policies>
                <TimeBasedTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="500 MB" />
            </Policies>
            <DefaultRolloverStrategy max="20" />
        </RollingFile>

        <RollingFile name="RollingFile_TRACE" fileName="logs/SocketServerTRACE.log"
            filePattern="logs/$${date:yyyy-MM}/SockServerTRACE-%d{MM-dd-yyyy}-%i.log.gz">
            <Filters>
                <ThresholdFilter level="INFO" onMatch="DENY"
                    onMismatch="NEUTRAL" />
                <ThresholdFilter level="DEBUG" onMatch="DENY"
                    onMismatch="NEUTRAL" />
                <ThresholdFilter level="TRACE" onMatch="ACCEPT"
                    onMismatch="DENY" />
            </Filters>
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" />
            <Policies>
                <TimeBasedTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="100 MB" />
            </Policies>
            <DefaultRolloverStrategy max="10" />
        </RollingFile>
        <RollingFile name="RollingFile_DEBUG" fileName="logs/SocketServerDEBUG.log"
            filePattern="logs/$${date:yyyy-MM}/SockServerDEBUG-%d{MM-dd-yyyy}-%i.log.gz">
            <Filters>
                <ThresholdFilter level="INFO" onMatch="DENY"
                    onMismatch="NEUTRAL" />
                <ThresholdFilter level="DEBUG" onMatch="ACCEPT"
                    onMismatch="DENY" />
            </Filters>
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" />
            <Policies>
                <TimeBasedTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="200 MB" />
            </Policies>
            <DefaultRolloverStrategy max="10" />
        </RollingFile>

        <RollingFile name="RollingFile_INFO" fileName="logs/SocketServer.log"
            filePattern="logs/$${date:yyyy-MM}/SockServer-%d{MM-dd-yyyy}-%i.log.gz">
            <Filters>
                <ThresholdFilter level="INFO" onMatch="ACCEPT"
                    onMismatch="DENY" />
            </Filters>
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n" />
            <Policies>
                <TimeBasedTriggeringPolicy />
                <SizeBasedTriggeringPolicy size="500 MB" />
            </Policies>
            <DefaultRolloverStrategy max="20" />
        </RollingFile>

    </Appenders>
    <Loggers>
        <logger name="org.hibernate.SQL">
            <level value="INFO" />
        </logger>
        <logger name="org.hibernate">
            <level value="INFO" />
        </logger>
        <logger name="SocketServerStatusListener" level="INFO"
            additivity="false">
            <AppenderRef ref="RollingFile_Listener" />
        </logger>
        <Root level="INFO">
            <AppenderRef ref="RollingFile_INFO" />
            <AppenderRef ref="RollingFile_TRACE" />
            <AppenderRef ref="RollingFile_DEBUG" />
            <AppenderRef ref="CONSOLE" />
        </Root>
    </Loggers>
</configuration>
 important:
myCLASSPATH=./JAR/JSON.jar:./JAR/c3p0-0.9.1.jar:./JAR/hibernate41.jar:./JAR/slf4j-api-1.7.6.jar:./JAR/log4j-api-2.1.jar:./JAR/log4j-core-2.1.jar:./JAR/log4j-1.2-api-2.1.jar:./JAR/slf4j-log4j12-1.7.6.jar:./JAR/httpclient-4.4.jar:./JAR/fluent-hc-4.4.jar:./JAR/httpclient-cache-4.4.jar:./JAR/httpclient-win-4.4.jar:./JAR/httpcore-4.4.jar:./JAR/httpmime-4.4.jar:./JAR/jna-4.1.0.jar:./JAR/jna-platform-4.1.0.jar:./JAR/commons-logging-1.2.jar:./JAR/hibernate-entitymanager-4.1.4.Final.jar:./JAR/antlr-2.7.7.jar:./JAR/dom4j-1.6.1.jar:./JAR/hibernate-commons-annotations-4.0.1.Final.jar:./JAR/hibernate-core-4.1.4.Final.jar:./JAR/hibernate-jpa-2.0-api-1.0.1.Final.jar:./JAR/hibernate-validator-4.2.0.Final.jar:./JAR/javassist-3.15.0-GA.jar:./JAR/jboss-logging-3.1.0.GA.jar:./JAR/jboss-transaction-api_1.1_spec-1.0.0.Final.jar:./JAR/hibernate-envers-4.1.4.Final.jar:./JAR/c3p0-0.9.1.jar:./JAR/hibernate-c3p0-4.1.4.Final.jar:./JAR/ehcache-core-2.4.3.jar:./JAR/hibernate-ehcache-4.1.4.Final.jar:./JAR/hibernate-infinispan-4.1.4.Final.jar:./JAR/infinispan-core-5.1.4.FINAL.jar:./JAR/jboss-marshalling-1.3.11.GA.jar:./JAR/jboss-marshalling-river-1.3.11.GA.jar:./JAR/jgroups-3.0.9.Final.jar:./JAR/rhq-pluginAnnotations-3.0.4.jar:./JAR/stax2-api-3.1.1.jar:./JAR/woodstox-core-asl-4.1.1.jar:./JAR/hibernate-proxool-4.1.4.Final.jar:./JAR/proxool-0.8.3.jar:./JAR/mysql-connector-java-5.0.8-bin.jar:./JAR/jboss-logging-3.1.3.GA.jar:./JAR/jboss-logging-annotations-1.2.0.Beta1.jar::./JAR/dom4j-1.6.1_2.jar:./JAR/xml-apis-1.0.b2.jar:./JAR/javassist-3.18.1-GA.jar:./JAR/antlr-2.7.7_2.jar:./JAR/jandex-1.1.0.Final.jar:./JAR/mysql-connector-java-5.0.5.jar:./JAR/log4j-1.2.17.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar

Sendmail, Spamassassin, ClamAV statistics in cacti on CentOS 6 ver 1--draft

Draft...........................................until into work
still a draft,Might finish in one day
from:http://forums.cacti.net/about38434.html



Installation:

1) compile the source using:
Code:
gcc -o maillog_watcher maillog_watcher.c -lpthread

2) move the executable and the maillog_watcher_read.sh file to /opt/maillog_watcher/

3) add the following lines to your snmpd.conf
Code:
exec .1.3.6.1.4.100.2 maillog_received /opt/maillog_watcher/maillog_watcher_read.sh received
exec .1.3.6.1.4.100.4 maillog_sent /opt/maillog_watcher/maillog_watcher_read.sh sent
exec .1.3.6.1.4.100.5 maillog_virus /opt/maillog_watcher/maillog_watcher_read.sh virus
exec .1.3.6.1.4.100.6 maillog_spam /opt/maillog_watcher/maillog_watcher_read.sh spam
exec .1.3.6.1.4.100.7 maillog_rejected /opt/maillog_watcher/maillog_watcher_read.sh rejected
change to:
exec .1.3.6.1.4.100.2.101.1 maillog_received /opt/maillog_watcher/maillog_watcher_read.sh received
exec .1.3.6.1.4.100.4.101.1 maillog_sent /opt/maillog_watcher/maillog_watcher_read.sh sent
exec .1.3.6.1.4.100.5.101.1 maillog_virus /opt/maillog_watcher/maillog_watcher_read.sh virus
exec .1.3.6.1.4.100.6.101.1 maillog_spam /opt/maillog_watcher/maillog_watcher_read.sh spam
exec .1.3.6.1.4.100.7.101.1 maillog_rejected /opt/maillog_watcher/maillog_watcher_read.sh rejected



4) for logrotate to work, modify your /etc/logrotate.d/syslog file to send a HUP signal to maillog_watcher. mine looks like this:
Code:
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/maillog_watcher.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

5) You can now start the maillog_watcher
Attachments:
File comment: maillog_watcher_read.sh file used to read the stats
maillog_watcher_read.sh [118 Bytes]
Downloaded 196 times
File comment: maillog_watcher source file
maillog_watcher.c [8.06 KiB]
Downloaded 209 times
File comment: maillog_watcher graph and data templates
cacti_graph_template_maillog_watcher.xml [41.22 KiB]
Downloaded 167 times






SNMP Get interface "End of MIB" ?

vi /etc/snmp/snmpd.conf
What I did was renaming the standard snmpd.conf to snmpd.conf.old
then creating a new one with only "rocommunity public <ip>"

another message about cacti:
http://tosian.blogspot.tw/2008/08/snmp-on-linux-server.html


Postfix status in cacti using CentOS6.6--with SElinux allow perl Script



from:
http://forums.cacti.net/viewtopic.php?f=12&t=6657
http://tosian.blogspot.tw/2008/08/snmp-on-linux-server.html
http://linux.die.net/man/8/snmpd_selinux
https://access.redhat.com/solutions/892923

=================================================================================================
洋蔥爸的工作雜記:SNMP on LINUX server 實作

1.首先找一下 com2sec notConfigUser default public 這一段,然後改成如下所示:(其中 10.16.25.25 是 SNMP server 的 IP address)
#com2sec notConfigUser default public
com2sec local localhost public
com2sec mynetwork 10.16.25.25 public
2. 再來是找 group notConfigGroup v1 notConfigUser 這一段,然後改成如下所示:
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
3. 接著是找 view all included .1 80 這一段,然後改成如下所示:(把前面的 # 去掉)
## incl/excl subtree mask
view all included .1 80
4. 找到 #access MyROGroup "" any noauth 0 all none none 這一段,改成如下所示:
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
access MyROGroup "" any noauth prefix all none none
access MyRWGroup "" any noauth prefix all all all
5. 再找一下 syslocation Unknown (configure /etc/snmp/snmp.conf)這一段,改成如下所示:(其中 syslocation 用來告知你機器所在的位置)
syslocation GangShan
syscontact Root (configure /etc/snmp/snmp.local.conf)

 =================================================================================================
from:Walkthrough on Postifx monitoring with Cacti

download:http://forums.cacti.net/download/file.php?id=4091
Installation:
1) Configure SNMP agent on Mail server and make sure it is set up right.
2) Unzip fetch_mail_statistics.pl script in place of your choice. (I used /usr/local/bin)
3) Check that your perl path in script points to perl executable
4) Add following line in snmpd.conf file
Code:
pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255

5) Adjust your maillog filename and path corresponding to your system. mailstats.db are used for internal script data storage, place it anywhere.
6) Import template in cacti.
==================================================================================================
in /var/log/audit/audit.log:
 type=AVC msg=audit(1430250421.774:158725): avc:  denied  { read } for  pid=22972 comm="fetch_mail_stat" name="maillog" dev=dm-0 ino=1444277 scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1430250421.774:158725): arch=c000003e syscall=2 success=no exit=-13 a0=1813590 a1=0 a2=1b6 a3=7f65bb021d50 items=0 ppid=2219 pid=22972 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21015 comm="fetch_mail_stat" exe="/usr/bin/perl" subj=unconfined_u:system_r:snmpd_t:s0 key=(null)
type=AVC msg=audit(1430250421.781:158726): avc:  denied  { read } for  pid=22973 comm="fetch_mail_stat" name="maillog" dev=dm-0 ino=1444277 scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
 HOW DO I FIX(SKIP) this security Deny?
Let's find the GOOGLE (YA!.......  )

 =================================================================================================
from SELinux denial when running a script from snmp.conf that needs to create files in the /var/log/ directory
  • The snmpd process only has access to files in /var/log labeled snmpd_log_t. The fix is to label the the file it needs to access correctly
  • If its a single file then change the label on the file it needs to access. If its multiple files, then put these files in the /var/log/snmpd directory
  # chcon -t snmpd_log_t /path/to/file
 =================================================================================================
from:snmpd_selinux(8) - Linux man page

Process Types

SELinux defines process types (domains) for each process running on the system
You can see the context of a process using the -Z option to ps
Policy governs the access confined processes have to files. SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
The following process types are defined for snmpd:
snmpd_t
Note: semanage permissive -a snmpd_t
can be used to make the process type snmpd_t permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.

File Contexts

SELinux requires files to have an extended attribute to define the file type.
You can see the context of a file using the -Z option to ls
Policy governs the access confined processes have to these files. SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible.
The following file types are defined for snmpd:
snmpd_exec_t
- Set files with the snmpd_exec_t type, if you want to transition an executable to the snmpd_t domain.
snmpd_initrc_exec_t
- Set files with the snmpd_initrc_exec_t type, if you want to transition an executable to the snmpd_initrc_t domain.
snmpd_log_t
- Set files with the snmpd_log_t type, if you want to treat the data as snmpd log data, usually stored under the /var/log directory.
snmpd_var_lib_t
- Set files with the snmpd_var_lib_t type, if you want to store the snmpd files under the /var/lib directory.
snmpd_var_run_t
- Set files with the snmpd_var_run_t type, if you want to store the snmpd files under the /run directory.
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database. You will need to use restorecon to apply the labels.

 =================================================================================================
finally work:

[root@ECserver log]# ls -aZ mailstats.db
-rw-r--r--. root root unconfined_u:object_r:snmpd_log_t:s0 mailstats.db
[root@ECserver log]# ls -aZ /usr/local/bin/fetch_mail_statistics.pl
-rwxrwxr-x. otaku119 otaku119 unconfined_u:object_r:bin_t:s0   /usr/local/bin/fetch_mail_statistics.pl
[root@ECserver log]# chcon -R -t snmpd_exec_t /usr/local/bin/fetch_mail_statistics.pl
[root@ECserver log]# ls -aZ /usr/local/bin/fetch_mail_statistics.pl
-rwxrwxr-x. otaku119 otaku119 unconfined_u:object_r:snmpd_exec_t:s0 /usr/local/bin/fetch_mail_statistics.pl

2015/4/23

java.security.InvalidKeyException: Illegal key size or default parameters



from:http://blog.csdn.net/shangpusp/article/details/7416603


使用AES加密時,當密鑰大於128時,代碼會拋出java.security.InvalidKeyException: Illegal key size or default parameters
Illegal key size or default parameters是指密鑰長度是受限制的,java運行時環境讀到的是受限的policy文件。文件位於${java_home}/jre/lib/security
這種限制是因為美國對軟件出口的控制。



解決辦法:

去掉這種限制需要下載Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.網址如下。
下載包的readme.txt 有安裝說明。就是替換${java_home}/jre/lib/security/ 下面的local_policy.jar和US_export_policy.jar

jdk 5: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-1.5.0-oth-JPR
jdk6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

2015/4/22

如何在 Linux 下大量屏蔽惡意 IP 地址

感想:要裝一堆東西,然後透過IPTABLES來管控

from:http://blog.jobbole.com/84478/


很多情況下,你可能需要在Linux下屏蔽IP地址。比如,作為一個終端用戶,你可能想要免受間諜軟件或者IP追蹤的困擾。或者當你在運行P2P軟 件時。你可能想要過濾反P2P活動的網絡鏈接。如果你是一名系統管理員,你可能想要禁止垃圾IP地址訪問你們的公司郵件服務器。或者你因一些原因想要禁止 某些國家訪問你的web服務。在許多情況下,然而,你的IP地址屏蔽列表可能會很快地增長到幾萬的IP。該如何處理這個?

Netfilter/IPtables 的問題

在Linux中,可以很簡單地用netfilter/iptables框架禁止IP地址:
1
$ sudo iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
如果你想要完全屏蔽一個IP地址段,你可以用下面的命令很簡單地做到:
1
$ sudo iptables -A INPUT -s 1.1.2.0/24 -p TCP -j DROP
然而,當你有1000個獨立IP地址,且不帶CIDR(無類別域間路由)前綴,你該怎麼做?你要有1000條iptable規則!這顯然這並不適於大規模屏蔽。
1
2
3
4
$ sudo iptables -A INPUT -s 1.1.1.1 -p TCP -j DROP
$ sudo iptables -A INPUT -s 2.2.2.2 -p TCP -j DROP
$ sudo iptables -A INPUT -s 3.3.3.3 -p TCP -j DROP
. . . .

什麼是IP集?

這時候就是IP集登場了。IP集是一個內核特性,它允許多個(獨立)IP地址、MAC地址或者甚至是端口號被編碼和有效地存儲在位圖/哈希內核數據結構中。一旦IP集創建之後,你可以創建一條iptables規則來匹配這個集合。
你馬上就會看見IP集合的好處了,它可以讓你用一條iptable規則匹配多個ip地址!你可以用多個IP地址和端口號的方式來構造IP集,並且可以動態地更新規則而沒有性能影響。

在Linux中安裝IPset工具

為了創建和管理IP集,你需要使用稱為ipset的用戶空間工具。
要在Debian、Ubuntu或者Linux Mint上安裝:
1
$ sudo apt-get install ipset
Fedora或者CentOS/RHEL 7上安裝:
1
$ sudo yum install ipset

使用IPset命令禁止IP

讓我通過簡單的示例告訴你該如何使用ipset命令。
首先,讓我們創建一條新的IP集,名為banthis(名字任意):
1
$ sudo ipset create banthis hash:net
第二個參數(hash:net)是必須的,代表的是集合的類型。IP集有多個類型。hash:net類型的IP集使用哈希來存儲多個CIDR塊。如果你想要在一個集合中存儲單獨的IP地址,你可以使用hash:ip類型。
一旦創建了一個IP集之後,你可以用下面的命令來檢查:
1
$ sudo ipset list

這顯示了一個可用的IP集合列表,並有包含了集合成員的詳細信息。默認上,每個IP集合可以包含65536個元素(這裡是CIDR塊)。你可以通過追加」maxelem N」選項來增加限制。
1
$ sudo ipset create banthis hash:net maxelem 1000000
現在讓我們來增加IP塊到這個集合中:
1
2
3
4
$ sudo ipset add banthis 1.1.1.1/32
$ sudo ipset add banthis 1.1.2.0/24
$ sudo ipset add banthis 1.1.3.0/24
$ sudo ipset add banthis 1.1.4.10/24
你會看到集合成員已經改變了。
1
$ sudo ipset list

現在是時候去創建一個使用IP集的iptables規則了。這裡的關鍵是使用」-m set –match-set 「選項。
現在讓我們創建一條讓之前那些IP塊不能通過80端口訪問web服務的iptable規則。可以通過下面的命令:
1
$ sudo iptables -I INPUT -m set --match-set banthis src -p tcp --destination-port 80 -j DROP
如果你願意,你可以保存特定的IP集到一個文件中,以後可以從文件中還原:
1
2
3
$ sudo ipset save banthis -f banthis.txt
$ sudo ipset destroy banthis
$ sudo ipset restore -f banthis.txt
上面的命令中,我使用了destory選項來刪除一個已有的IP集來看看我是否可以還原它。

自動IP地址禁用

現在你應該看到了IP集合的強大了。維護IP黑名單是一件繁瑣和費時的工作。實際上,有很多免費或者收費的服務可以來幫你完成這個。一個額外的好處是,讓我們看看如何自動將IP黑名單加到IP集中。
首先讓我們從iblocklist.com得到免費的黑名單,這個網站有不同的免費和收費的名單。免費的版本是P2P格式。
接下來我要使用一個名為iblocklist2ipset的開源Python工具來將P2P格式的黑名單轉化成IP集。
首先,你需要安裝了pip(參考這個指導來安裝pip)。
使用的下面命令安裝iblocklist2ipset。
1
$ sudo pip install iblocklist2ipset
在一些發行版如Fedora,你可能需要運行:
1
$ sudo python-pip install iblocklist2ipset
現在到iblocklist.com,抓取任何一個P2P列表的URL(比如」level1〞列表)。

粘帖URL到下面的命令中。
1
2
3
$ iblocklist2ipset generate \
--ipset banthis "http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz" \
> banthis.txt
上面的命令運行之後,你會得到一個名為banthis.txt的文件。如果查看它的內容,你會看到像這些:
1
2
3
4
5
6
7
8
create banthis hash:net family inet hashsize 131072 maxelem 237302
add banthis 1.2.4.0/24
add banthis 1.2.8.0/24
add banthis 1.9.75.8/32
add banthis 1.9.96.105/32
add banthis 1.9.102.251/32
add banthis 1.9.189.65/32
add banthis 1.16.0.0/14
你可以用下面的ipset命令來加載這個文件:
1
$ sudo ipset restore -f banthis.txt
現在可以查看自動創建的IP集:
1
$ sudo ipset list banthis
在寫這篇文章時候,「level1」類表包含了237,000個屏蔽的IP列表。你可以看到很多IP地址已經加入到IP集中了。
最後,創建一條iptables命令來屏蔽這些壞蛋!

總結

這篇文章中,我描述了你該如何用強大的ipset來屏蔽不想要的IP地址。同時結合了第三方工具iblocklist2ipset,這樣你就可以流 暢地維護你的IP屏蔽列表了。那些對ipset的性能提升好奇的人,下圖顯示了iptables在使用和不使用ipset的基準測試結果(注意時間坐標 軸)。

告訴我你多麼喜歡這個。:-)

2015/4/20

Monting SQL server 2012 Express in cacti using wmic


建立了cacti ,使用WMIC來監控SQL server 2012 Express狀態
發現一直給我


[wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0x80041010 - NT code 0x80041010
一直尋找,終於在這邊找到一部份原因:

https://support.microsoft.com/en-us/kb/820847/en-us

o confirm that this problem is occurring, you can use the WbemTest.exe tool that is provided with Microsoft Windows Server 2003. To use the WbemTest.exe tool, follow these steps:
  1. Click Start, click Run, type Wbemtest, and then click OK.
  2. In Windows Management Instrumentation Tester, click Connect.
  3. In the Namespace box, type root\cimv2, and the click Connect.
  4. Click Enum Classes.
  5. In the Enter superclass name box, type Win32_Perf, click Recursive, and then click OK.
  6. In Query Results, you will not see results for the counters that are not transferred to WMI.
For example, the counter object for Exchange Server 2003 routing is OBJECT_SDSMTP_ROUTING_009_NAME=SMTP Routing. If this counter does not exist, you will not see the following lines in Query Results:
  • Win32_PerfFormattedData_SDSMTPROUTING_SMTPRouting
  • Win32_PerfRawData_SDSMTPROUTING_SMTPRouting

歸納如下:
1.我升級到標準版,一樣監控不到,原因是:WMI的emun class名字沒變(意思就是:不要搞升級,重新安裝)
2.真的要監控express版本,WQL:"SELECT * FROM Win32_PerfRawData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSTransactions",
正式版本的
WQL:"SELECT * FROM Win32_PerfFormattedData_MSSQLSERVER_SQLServerDatabases"

所以:自己努力改CACTI的template吧



2015/4/16

Configuring Windows for Remote Monitoring with WMI

網路上範例很多
節錄其中一個

補充:
如果LINUX上面用wmic要抓資料
還需要將使用者加入到

Performance Monitor USER

還需要將使用者加入到

Performance Monitor USER

還需要將使用者加入到

Performance Monitor USER



因為很重要所以要說三次
REMARK:
 Remote Desktop Users加入這個群組之後,才能抓到2003的TS 數目

from:
https://support.software.dell.com/zh-cn/foglight-for-virtualization-enterprise-edition/kb/129359

Minimum Requirements for Windows Management Instrumentation


STEPS:
To grant DCOM permissions to a remote user:
1. On the monitored host machine, at the Windows Run prompt, type DCOMCNFG and press Enter.
2. In the Component Services dialog box that opens, navigate to Component Services > Computers > My Computer.
3. Right-click My Computer and click Properties.
4. In the My Computer Properties dialog box, click the COM Security tab.
5. In the Launch and Activation Permissions area, click Edit Limits.
6. In the Launch Permission dialog box, add the user or group name necessary for the remote user.
7. Grant the remote user all the permissions available in the Permissions for Administrators area by enabling all the check boxes in the Allow column.
8. Click OK and close the dialog boxes.
To grant minimum WMI permissions to a remote user:
1. On the monitored host machine, right-click on My Computer, and navigate to Manage > Services and Applications > WMI Control.

2. Right-click WMI Control and click Properties.

3. In the WMI Control Properties dialog box, click the Security tab.

4. Expand the Root node and select CIMV2, then click Security.

5. In the Security for ROOT\CIMV2 dialog box Security list, select the remote user.

6. Enable the following check boxes in the Allow column:

a. Execute Methods
b. Enable Account
c. Remote Enable
d. Read Security


7. Click Apply and then click OK.

 

JPA+complex key+custom Query

  來源: https://www.cnblogs.com/520playboy/p/6512592.html   整個來說,就是有複合主鍵 然後要使用  public interface XxXXxx DAO extends CrudRepository<Tc...