linux security best practices

descriptionShmaddr is in Null,linux and will automatically connect to that memory for the process (recommended)SHMADDR is not null and SHMFLG has no shm_rnd tag, the SHMADDR is the connection address.SHMADDR is not null and SHMFLG sets the shm_rnd tag, the connected address is automatically adjusted downward to an integer multiple of Shmlba. Formula: shmaddr-(shmaddr% Shmlba)shmflg=shm_rdonly, indicating that the connection operation is used for read

Linux security configuration, linux System Security Settings suggestions, you may encounter linux system security problems when learning the linux operating system, here we will introdu

Build Practice lvs+keepalived Load BalancingKeepalived Overview1.keepalived is a powerful auxiliary tool specifically designed for LVS, mainly used to provide failover and health check function-to determine the LVS load Scheduler, node server availability, timely isolation and replacement of the new server, when the failed host to rejoin the cluster after recovery.Overview of the 2.keepalived hot-standby principle keepalived uses the VRRP (Virtual Routing Redundancy Protocol) hot-standby protoco

Original: routing configuration practices interconnection between two LAN hosts VM linux and vmlinux I believe that the network is essential for every O M personnel and developers. Today we want to talk about how to divide the three virtual machines in the vmvm into two local networks to implement different local networks. interconnection: the AC in the figure below communicates with each other through hos

I. Remote Start Principle Before the client is started, there is neither an operating system nor a boot floppy disk or hard disk. It only has the basic components of the computer, such as CPU, memory, and motherboard. But the most important thing is to have the nic and bootrom started. The client can only obtain the operating system through the network. The diskless remote start technology in Linux is different from that in Novell and WinNT. Inste

Azure CLI on Linux, see:http://cloudapps.blog.51cto.com/3136598/18421817. On a Linux virtual machine, download the compressed file uploaded to the blob storage directly using the CLI command from Azure, in the same region, at a speed of approximately 30MB, but the actual speed depends on the network condition and the current load:# Azure Storage blob download upload full0606.zip.650) this.width=650; "Src="

C language basics Lesson 1 Linux environment configuration practices: httpserver and linuxhttpserver C language basics Lesson 1 Linux environment configuration small practice httpserver The first environment requires the redhat virtual machine operating system Enable redhat Firewall 2. Check WWW (HTTP) 3. Click apply. Click Yes. 4. Switch to the

standardGcc-o Test Test.c-lm-std=c99Convert the source file test.c to the appropriate assembler source file Test.sGcc-s test.c20. Time commandThis command is used to measure the execution time of a command (that is, a program). It's very simple to use, just like you would normally enter a command, but add a time to the front of the command, for example:time ./process time ps aux After the program or command has finished running, it outputs three times at the end, respectively:User: CPU time,

.*;/# news.=crit;news.=err;news.=notice;/# *.=debug;*.=info;/# *.=notice;*.=warn/dev/tty8 # Named pipe/dev/xconsole is used for Xconsloe tools. In order to use it, you must take the-file option to invoke the XConsole # $ xconsole-file/dev/xconsole [...] # Note: Adjust the list below, otherwise if you have a fairly busy site, you will get mad daemon.*;mail.* ;/news.err;/*.=debug;*.=info;/*.=notice;*.=warn |/dev/xconsole Some applications also log their health to a specific log file, which is not

Socket programming practices in Linux (7) I/O multiplexing technology-select model Before entering the topic of today's select model, let's take a look at the five I/O models: (1) blocking I/O (this method is used by default) In server socket programming, our common accpet and recv functions are blocked. Taking recv as an example: When the upper-layer application calls the recv system call, if the peer doe

ContainerHello-world:1.docker Run Hello-world2. No image will automatically pull the image and then runRun Ubuntu in the Ubuntu Docker1.docker container run-p 6666:80-it dc86b7b90238 Bash//port map outside of 6666 to inside 802.docker container exec-it 3ce8952ce68d Bash//execute commands in a running container,-IRun CentOS in the Ubuntu Docker1.docker Pull Centos:62. Map the local port to the running container1) Docker commit 6e54eac36507 centos_image1//commits the container in the run as a mir

the input class number 4th ruleIptables-f Clear All RulesTopCommon operations:P: By CPU usage, M: Sort by memory usage, H: Show Help, Q: Exit1: Multi-CPU display, K: Kill Process, R: Set process nice levelView System health Status$ cat/proc/cpuinfo$ cat/proc/loadavgSoftware InstallationYum InstallationRPM InstallationSource Code Compilation InstallationCrontabCrontab: Perform tasks regularlyCrontab-e set up timed tasks:Basic format:　　　　　　* CommandTime-sharing Week(0-59) hours (0-23) days (1-31)

link will not copy the original file, it will only occupy a very small amount of disk space.2. Parameter description-F: Delete the file with the Dist file name at the end of the link-D: Allow system managers to hard-link their own directories-I: Ask before deleting the file with the Dist file name-N: When making a soft link, treat the dist as a generic file-S: Soft junction (symbolic Link)-V: Displays the file name before the link-B: Files that are overwritten or deleted at the time of the link

Read the linux source code and practices-general Linux technology-Linux programming and kernel information. The following is a detailed description. Next we will look at a piece of code: this code will be the beginning of an operating system. BOOTSEG = 0x07c0 Entry start Start: Jmpi go, BOOTSEG Go: mov ax, cs

Linux signal programming practices (1)Interrupted Interruption is the system's response to asynchronous events. During code execution, the process can be interrupted at any time and then run the exception handling program; Computer System interruption scenario: interrupt source sends interrupt signal-> CPU determines whether the interrupt is blocked and protects the site-> CPU (query the interrupt vector ta

construction of Web cluster based on DRBD+GFS2 active/activePlanning and DesignPhase 1: Operating system InstallationPhase 2: Cluster component InstallationPhase 3: Cluster node preparationInstalling Apache ComponentsDual Master DRBD Resource PreparationConfigure StonthTo add a DRBD resource to a clusterTo add a clustered file system resource to a clusterTo add a VIP resource to a clusterAdding Apache resources to the clusterCluster testing9th chapter: Cluster resource managementConfiguring clu

Socket programming practices in Linux (2) introduction to basic socket programming APIs What is Socket? Socket originated from Unix, and one of the basic philosophies of Unix/Linux is "Everything is a file". You can use the "open-> read/write-> close" mode to operate. Socket is an implementation of this mode. socket is a special file, and some socket functions ar

Socket programming practices in Linux (5) solutions for setting socket I/O timeout (1) Use the alarm function to set timeout #include unsigned int alarm(unsigned int seconds); Its main function is to set a signal transmission alarm. The signal SIGALRM is sent to the current process after the specified number of seconds in seconds. If the alarm function is called again within the scheduled uncomp

after the command is executed in the background. By these two points, it can be concluded that the server is black is sure, after that is a lengthy troubleshooting work. Delete the file, kill the process, check whether to set up automatic download, whether to add new users and so on. It took a while to delete the files, because an attack program was deleted and then rebuilt. It was almost like I was going to install the new system. Finally, I found a file that was exactly the same as the point

Lsof IntroductionLsof (list open files) is a tool that lists open files for the current system. In a Linux environment, everything is in the form of files, with files that not only access regular data, but also access to network connectivity and hardware. So, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sockets, the system assigns a file descriptor to the application in the background, regardless of the nature of the fi