内存信息 / meminfo
返回dict

#!/usr/bin/env python 
def memory_stat(): 
    mem = {} 
    f = open("/proc/meminfo") 
    lines = f.readlines() 
    f.close() 
    for line in lines: 
        if len(line) < 2: continue 
        name = line.split(':')[0] 
        var = line.split(':')[1].split()[0] 
        mem[name] = long(var) * 1024.0 
    mem['MemUsed'] = mem['MemTotal'] - mem['MemFree'] - mem['Buffers'] - mem['Cached'] 
    return mem

CPU信息 / cpuinfo
返回list,每核心一dict

#!/usr/bin/env python 
def cpu_stat(): 
    cpu = [] 
    cpuinfo = {} 
    f = open("/proc/cpuinfo") 
    lines = f.readlines() 
    f.close() 
    for line in lines: 
        if line == 'n': 
            cpu.append(cpuinfo) 
            cpuinfo = {} 
        if len(line) < 2: continue 
        name = line.split(':')[0].rstrip() 
        var = line.split(':')[1] 
        cpuinfo[name] = var 
    return

(更多…)

十二月 12th, 2013

Posted In: python

最近写python常用到时间和日期格式的问题,在网上看到一大神写了点片段,调试完总算满足了自己的需求,相信很多朋友也有这方面的需求,在此发出来和大家分享

#!/usr/bin/env python
#-*- coding: utf-8 -*-
#=============================================================================
#     FileName:
#         Desc:
#       Author: 苦咖啡
#        Email: voilet@qq.com
#     HomePage: http://blog.kukafei520.net
#      Version: 0.0.1
#   LastChange: 
#      History:
#=============================================================================

import datetime

date1 = datetime.datetime.now()
this_week_start_dt = str(date1-datetime.timedelta(days=date1.weekday())).split()[0]
this_week_end_dt = str(date1+datetime.timedelta(days=6-date1.weekday())).split()[0]
print this_week_start_dt,this_week_end_dt

 (更多…)

十二月 11th, 2013

Posted In: python

最近一直在研究saltstack,在此感谢”绿肥@灿哥”和saltstack群里的朋友

saltstack地址http://wiki.saltstack.cn/

1

(更多…)

十二月 11th, 2013

Posted In: linux系统

同志们,朋友们,抛弃phpredis扩展吧,使用nginx直接查redis……真的假的自己看看吧,春哥的模块哦

https://github.com/agentzh/redis2-nginx-module.git

wget 'http://nginx.org/download/nginx-1.2.7.tar.gz'
    tar -xzvf nginx-1.2.7.tar.gz
    cd nginx-1.2.7/

    # Here we assume you would install you nginx under /opt/nginx/.
    ./configure --prefix=/opt/nginx \
                --add-module=/path/to/redis2-nginx-module

    make -j2
    make install
location /foo {
        set $value 'first';
        redis2_query set one $value;
        redis2_pass 127.0.0.1:6379;
    }
 (更多…)

十一月 26th, 2013

Posted In: 网络技术

简介

根据官方文档的定位,Cobbler首要的是快速设置网络安装环境的Linux安装服务器;但其功能不限于此,它还可以管理配置,管理DNS,HDCP,TFTP和rsync,软件包升级和电源管理等;个人感觉有些乱,作为一个开源项目明白自己想要解决什么问题并把这个问题解决到极致就够了。

说明

血与泪的经历:

  • Cobbler2.2(来自CentOS5.5) 安装CentOS5.5和CentOS6.4没有问题,安装Ubuntu12.04失败
  • Cobbler2.4(来自CentOS6.4) 安装CentOS5.5和CentOS6.4没有问题,安装Ubuntu12.04没问题

基本概念

PXE原理

PXE原理

  1. 客户端发起Discover包,通过flag说明自身的PXE拓展信息;
  2. 服务器响应Offer包,告知客户端下边去找哪台服务器;
  3. 客户端发送Request包
  4. 服务器发送ACK包
  5. 客户端通过TFTP协议请求pxelinux.0等文件
  6. 客户端加载并启动系统

Cobbler模型

Cobbler模型

这张图画出了Cobbler的模型,越往上的对象越基础越通用,自上而下不断的添加一些新的东西进来让其满足个性化的需求。这里我们需要重点关注的是distro和profile这两个概念。 (更多…)

十一月 5th, 2013

Posted In: linux系统

在安装python的时候报 python version 2.7 required which was not found in the registry
网上找了下发现有人发以下代码,解决安装找不到路径的问题

# script to register Python 2.0 or later for use with win32all
# and other extensions that require Python registry settings
#
# written by Joakim Loew for Secret Labs AB / PythonWare
#
# source:
# http://www.pythonware.com/products/works/articles/regpy20.htm
#
# modified by Valentine Gogichashvili as described in http://www.mail-archive.com/distutils-sig@python.org/msg10512.html

import sys

from _winreg import *

# tweak as necessary
version = sys.version[:3]
installpath = sys.prefix

regpath = "SOFTWARE\\Python\\Pythoncore\\%s\\" % (version)
installkey = "InstallPath"
pythonkey = "PythonPath"
pythonpath = "%s;%s\\Lib\\;%s\\DLLs\\" % (
    installpath, installpath, installpath
)

def RegisterPy():
    try:
        reg = OpenKey(HKEY_CURRENT_USER, regpath)
    except EnvironmentError as e:
        try:
            reg = CreateKey(HKEY_CURRENT_USER, regpath)
            SetValue(reg, installkey, REG_SZ, installpath)
            SetValue(reg, pythonkey, REG_SZ, pythonpath)
            CloseKey(reg)
        except:
            print "*** Unable to register!"
            return
        print "--- Python", version, "is now registered!"
        return
    if (QueryValue(reg, installkey) == installpath and
        QueryValue(reg, pythonkey) == pythonpath):
        CloseKey(reg)
        print "=== Python", version, "is already registered!"
        return
    CloseKey(reg)
    print "*** Unable to register!"
    print "*** You probably have another Python installation!"

if __name__ == "__main__":
    RegisterPy()

九月 25th, 2013

Posted In: linux系统

引言:关于运维

运维的工作主要在2方面:

1:状态的管理
2:系统性能调优
这里主要简介下运维状态的管理:

对于运维来说,基于状态的配置管理已经向自动化迈进了一大步,以状态为核心的运维,让状态本身有了可管理性;在运维过程中我们会发现,同样的一个配置,我们会在不同的时间,不同的地点一次在一次的配置,这个时候,配置管理就有了重复性;有的甚至是原封不动的重复,而另外一些则是按照一定的规律在发展,这些按照一定规律发展的配置,就是可预测的.综上我认识的,我们运维工作的本身是可管理,可重复,可预测的.基于这样的理念,我们就可以更进一步的推进我们的运维自动化,甚至到智能化. (更多…)

九月 10th, 2013

Posted In: linux系统

前阵子在一朋友blog看到一个python查找 webshell脚本的代码,自己拿过来改了下,新增白名单功能,新增发现恶意代码发送邮件报警功能,现发出来供大家参考,如有需要的可以在自己的服务器上跑下试试

#!/usr/bin/env python
#-*- coding: utf-8 -*-
#=============================================================================
#     FileName:
#         Desc:
#       Author: 苦咖啡
#        Email: voilet@qq.com
#     HomePage: http://blog.kukafei520.net
#      Version: 0.0.1
#      History:
#=============================================================================

import os
import sys
import re
import smtplib

#设定邮件
fromaddr = "smtp.qq.com"
toaddrs = ["voilet@qq.com"]
username = "voilet"
password = "xxxxxx"

#设置白名单
pass_file = ["api_ucenter.php"]

#定义发送邮件函数
def sendmail(toaddrs,sub,content):
    '发送邮件模块'
    # Add the From: and To: headers at the start!
    msg = ("From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n"
           % (fromaddr, ", ".join(toaddrs), sub))
    msg += content
    server = smtplib.SMTP('mail.funshion.com', 25,)
    server.login(username, password)
    server.sendmail(fromaddr, toaddrs, msg)
    server.quit()
 (更多…)

七月 19th, 2013

Posted In: linux系统

#!/usr/local/python2.7/bin/python
# -*- coding:utf-8 -*-
#file:check_list_game.py
#create file 'songxs'
#blog:kukafei520.net

from multiprocessing import Process
import re,sys,urllib,codecs,os
import string
import json,codecs
import smtplib
from email.mime.text import MIMEText
#############
mailto_list=["voilet@qq.com"]
#####################
#设置服务器,用户名、口令以及邮箱的后缀
mail_host="xxxxx.qq.com"
mail_user="用户名"
mail_pass="密码"
mail_postfix="qq.com"
###################### (更多…)

三月 5th, 2013

Posted In: 网络技术

Burp Suite 是用于对web 应用程序进行渗透测试的集成平台。它包含了许多工具,并为这些工具设计了许多接口,以促进加快渗透测试应用程序的过程。所有的工具都共享一个能处理并显示HTTP 消息,持久性,认证,代理,日志,警报的一个强大的可扩展的框架。

20130227095832_97781

下载地址:
百度网盘 (解压密码:freebuf)

来源[sina]

转截: FreebuF.COM

 

三月 1st, 2013

Posted In: 网络技术

最近一直在做安全,看到有一个php的安全测试模块,功能还不错

http://pecl.php.net/package/taint

下载源代码以后, 编译, 安装. 然后在php.ini中要开启这个扩展(建议不要在生产环境开启这个扩展):

/usr/local/php/bin/phpize
./configure –with-php-config=/usr/local/php/bin/php-config
make && make install
然后在php.ini中添下以下配置重启php即可(建议不要在生产环境开启这个扩展):
extension=taint.so
taint.enable=1

启用这个扩展以后, 如果在一些关键函数(或者语句: echo, print, system, exec, 等等), 或者输出的地方*直接*(没有经过转义, 安全过滤处理)使用了来自$_GET, $_POST或者$_COOKIE的数据, 则Taint就会提示你:

一月 18th, 2013

Posted In: 网络技术

在调试naxsi的时候遇到很多的问题,最后在一老外blog发现了这个文章,写的不错,测试能过,目前正在测试其它功能,后期会写一些使用方法和案例

Install the redhat 5 repository package:
rpm -ivh –nosignature http://rpm.axivo.com/redhat/axivo-release-5-1.noarch.rpm

Install the redhat 6 repository package:
rpm -ivh –nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm

yum –disablerepo=* –enablerepo=axivo list available

Install Procedure
For rules or additional configuration settings, please use the Naxsi Wiki.

In this example, we will install Nginx with Naxsi 0.47 firewall module and user interface on CentOS 5 64bits.
This is a list of useful locations installed by Axivo Nginx package:

  • /etc/nginx – stores all global configuration files
  • /etc/nginx.d – stores all host configuration files
  • /var/lib/nginx – stores Nginx cache data
  • /var/log/nginx – stores Nginx logs

If you did not installed yet the Axivo repository, please follow the instructions listed on main page.

1) Install the rpm’s and their dependencies:

2) Enable the nginx and naxsi-ui services:

3) Create a new MySQL database and assign proper permissions to it:

4) Edit the /etc/nginx/naxsi-ui.conf configuration file and adjust the values inside:

Naxsi needs full permissions to create the initial MySQL data. The easiest way to get everything rolling is to use first your root MySQL user ID. Once the table schemas are generated, you can use the naxsiuser ID and password.

5) Edit the /etc/nginx/nginx.conf global configuration and include the /etc/nginx/naxsi_core.rules file:

Code:
http {
	include mime.types;
	...
	include /etc/nginx/naxsi_core.rules;
	include /etc/nginx.d/*.conf;
}

6) Edit the /etc/nginx.d/localhost.conf host configuration, then include the /etc/nginx/naxsi.rules file and proxied requests:

Code:
server {
	listen 192.168.1.8:80 default_server;
	server_name www.axivo.com;
	...
	location / {
		try_files $uri $uri/ /index.html;
		include naxsi.rules;
	}
	...
	location /RequestDenied {
		proxy_pass http://192.168.1.8:8080;
		internal;
	}
	...
}

7) Start the nginx and naxsi-ui daemons:

You are all set, enjoy the new layer of security on your site.

一月 18th, 2013

Posted In: linux系统

NAXSI setup howto

This document describes the full process of configuring NAXSI.

Installing nginx + naxsi : From package

Packages of naxsi exist for :

  • Debian
  • FreeBSD
  • NetBSD
  • CentOS/Redhat (See axivo repositories)

 

If you’re unlucky, refer to source compilation.

Installing nginx + naxsi : From sources

Nginx doesn’t support (by design) loadable modules. Extra modules must be added during compilation. Here we will install it from the source, but (if you’re lucky) you might as well find nginx+naxsi already packaged in your favorite distribution.

If you’re not, here is the way to go :

wget http://nginx.org/download/nginx-x.x.xx.tar.gz
wget http://naxsi.googlecode.com/files/naxsi-x.xx.tar.gz
tar xvzf nginx-x.x.xx.tar.gz 
tar xvzf naxsi-x.xx.tar.gz
cd nginx-x.x.xx/

[install libpcre (and libssl if you want https, along with zlib for gzip support) libs with your favorite package manager, naxsi relies on it for regex]

./configure --add-module=../naxsi-x.xx/naxsi_src/ [add/remove your favorite/usual options]
make
make install

my personal “building” options being, here :

./configure --conf-path=/etc/nginx/nginx.conf  --add-module=../naxsi-x.xx/naxsi_src/   --error-log-path=/var/log/nginx/error.log     --http-client-body-temp-path=/var/lib/nginx/body     --http-fastcgi-temp-path=/var/lib/nginx/fastcgi     --http-log-path=/var/log/nginx/access.log     --http-proxy-temp-path=/var/lib/nginx/proxy     --lock-path=/var/lock/nginx.lock     --pid-path=/var/run/nginx.pid     --with-http_ssl_module     --without-mail_pop3_module     --without-mail_smtp_module     --without-mail_imap_module     --without-http_uwsgi_module     --without-http_scgi_module     --with-ipv6  --prefix=/usr

Important note for source compilation

You need to remember this if you are new to nginx :

NGINX will decide the order of modules according the order of the module’s directive in nginx’s ./configure. So, no matter what (except you reallyknow what you are doing) put naxsi first in your ./configure.

If you don’t do so, you might run into various problems, from random / unpredictable behaviors to non-effective WAF.

Initial setup

I want to configure NAXSI for my company’s website :

www.nbs-system.com

So, let’s have a look at the initial setup :

/etc/nginx/nginx.conf :

user www-data;
worker_processes  1;
worker_rlimit_core  500M;
working_directory   /tmp/;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
    use epoll;
    # multi_accept on;                                                                                                                      
}

http {
    include        /etc/nginx/naxsi_core.rules;
    include       /etc/nginx/mime.types;
    server_names_hash_bucket_size 128;
    access_log  /var/log/nginx/access.log;

    sendfile        on;
    keepalive_timeout  65;
    tcp_nodelay        on;

    gzip  on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    include /etc/nginx/sites-enabled/*;
}

Notice the /etc/nginx/naxsi_core.rules include. This file is provided in the project (naxsi_config/), and it contains the rules. As you might have noticed, these are not signatures, in the classic WAF sense, but simple “score rules”.

Now, let’s have a look at my sites-enabled/default :

server {
 proxy_set_header Proxy-Connection "";
listen       *:80;
access_log  /tmp/nginx_access.log;
error_log  /tmp/nginx_error.log debug;

location / {
     include    /etc/nginx/nbs.rules;
     proxy_pass http://194.213.124.111/;
     proxy_set_header Host www.nbs-system.com;
   }

#This location is where, in learning mode, to-be-forbidden requests will be "copied"
#In non-learning mode, it's where denied request will land, so feel free to do whatever you want, 
#return 418 I'm a teapot, forward to a custom webpage with 
#a captcha to help track false-positives (see contrib for that),
#whatever you want to do !
 location /RequestDenied {
     proxy_pass http://127.0.0.1:4242;
   }
}

/etc/nginx/nbs.rules :

LearningMode; #Enables learning mode
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";

include "/tmp/naxsi_rules.tmp";

## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

/tmp/naxsi_rules.tmp is empty for now, it’ll be filled at runtime by the learning daemon.

Starting the LearningMode phase

Once you performed a bit of browsing, learning daemons db will be populated with generated exceptions. You can as well populate naxsi’s db from log files (options -l of nx_intercept). If you have real users on your website and/or you are not in a hurry, this option might be better, as it allows you not to spend time to do the whitelist configuration. See LearningFromLogFiles for details.

The web interface is minimalist, and has the following features :

  • Whitelist generation : Main goal of the daemon. From naxsi catched exceptions, generate approriate whitelists. Rules are presented in raw form, as well as in optimized form. For example, after some browsing I got the following rules :
 ########### Optimized Rules Suggestion ##################
 # total_count:59 (23.69%), peer_count:1 (100.0%) | parenthesis, probable sql/xss
 BasicRule wl:1011 "mz:$HEADERS_VAR:cookie";
 # total_count:59 (23.69%), peer_count:1 (100.0%) | parenthesis, probable sql/xss
 BasicRule wl:1010 "mz:$HEADERS_VAR:cookie";
 # total_count:59 (23.69%), peer_count:1 (100.0%) | mysql keyword (|)
 BasicRule wl:1005 "mz:$HEADERS_VAR:cookie";
 # total_count:53 (21.29%), peer_count:1 (100.0%) | double encoding !
 BasicRule wl:1315 "mz:$HEADERS_VAR:cookie";

 

  • Statistics generation : You can get reports on source / types of attacks, as well as counts for each kind of exceptions :

The global idea, indeed, is to use the whitelists generated by naxsi, include them into your naxsi’s configuration, and then reload nginx.

For advanced whitelists, such as user forms, please see AdvancedWhitelists section. Following section deals as well with user forms in a more classic way.

user forms

Now comes the “tricky” part of whitelists triggers : USER FORMS !

Yes, fields with ‘free’ user input, such as registration forms, search boxes and so on are typically parts that you should take a great care of.

For example, my company’s website contains a “contact” form with lastname, firstname, email adress, and a free text zone. I decided that I will allow simple/double quotes as well as coma and semi-coma in the last/first names fields, and included as well parenthesis for the free text zone. So, I will simply fill the form and learnign daemons will generate the associated whitelists.

Once I’ve filled the forms, if I look at my nx_extract interface, I will see that new exceptions have been generated :

rule 1007(--) authorized on url for argument 'cf2_field_1' of zone BODY
rule 1010(() authorized on url for argument 'cf2_field_1' of zone BODY
rule 1011()) authorized on url for argument 'cf2_field_1' of zone BODY
rule 1013(') authorized on url for argument 'cf2_field_1' of zone BODY
rule 1015(,) authorized on url for argument 'cf2_field_1' of zone BODY
rule 1306(') authorized on url for argument 'cf2_field_1' of zone BODY
rule 1308(() authorized on url for argument 'cf2_field_1' of zone BODY
rule 1309()) authorized on url for argument 'cf2_field_1' of zone BODY
rule 1007(--) authorized on url for argument 'cf2_field_2' of zone BODY
rule 1013(') authorized on url for argument 'cf2_field_2' of zone BODY
rule 1015(,) authorized on url for argument 'cf2_field_2' of zone BODY
rule 1306(') authorized on url for argument 'cf2_field_2' of zone BODY
rule 1007(--) authorized on url for argument 'cf2_field_3' of zone BODY
rule 1013(') authorized on url for argument 'cf2_field_3' of zone BODY
rule 1015(,) authorized on url for argument 'cf2_field_3' of zone BODY
rule 1306(') authorized on url for argument 'cf2_field_3' of zone BODY
rule 1007(--) authorized on url for argument 'cf2_field_4' of zone BODY
rule 1007(--) authorized on url for argument 'cf2_field_5' of zone BODY
rule 1007(--) authorized on url for argument 'cf2_field_7' of zone BODY
rule 1010(() authorized on url for argument 'cf2_field_7' of zone BODY
rule 1011()) authorized on url for argument 'cf2_field_7' of zone BODY
rule 1013(') authorized on url for argument 'cf2_field_7' of zone BODY
rule 1015(,) authorized on url for argument 'cf2_field_7' of zone BODY
rule 1306(') authorized on url for argument 'cf2_field_7' of zone BODY
rule 1308(() authorized on url for argument 'cf2_field_7' of zone BODY
rule 1309()) authorized on url for argument 'cf2_field_7' of zone BODY
rule 1007(--) authorized on url for argument 'cf_codeerr2' of zone BODY
rule 1315() authorized on url for argument 'cf_codeerr2' of zone BODY
rule 1315() authorized on url for argument 'cf_failure2' of zone BODY
rule 1200(..) authorized on url for argument 'cf_working2' of zone BODY
rule 1315() authorized on url for argument 'cf_working2' of zone BODY

Let’s reload it, and have a look at the generated whitelists ! New rules have been generated, in the style :

BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1010 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1011 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1013 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1015 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1306 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1308 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1309 "mz:$BODY_VAR:cf2_field_1" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_2" ;
BasicRule wl:1013 "mz:$BODY_VAR:cf2_field_2" ;
BasicRule wl:1015 "mz:$BODY_VAR:cf2_field_2" ;
BasicRule wl:1306 "mz:$BODY_VAR:cf2_field_2" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_3" ;
BasicRule wl:1013 "mz:$BODY_VAR:cf2_field_3" ;
BasicRule wl:1015 "mz:$BODY_VAR:cf2_field_3" ;
BasicRule wl:1306 "mz:$BODY_VAR:cf2_field_3" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_4" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_5" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1010 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1011 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1013 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1015 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1306 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1308 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1309 "mz:$BODY_VAR:cf2_field_7" ;
BasicRule wl:1007 "mz:$BODY_VAR:cf_codeerr2" ;
BasicRule wl:1315 "mz:$BODY_VAR:cf_codeerr2" ;
BasicRule wl:1315 "mz:$BODY_VAR:cf_failure2" ;
BasicRule wl:1200 "mz:$BODY_VAR:cf_working2" ;
BasicRule wl:1315 "mz:$BODY_VAR:cf_working2" ;

Once I’ve did the same for the searchbox, my configuration is now over, and we can browse the site, and fill the forms without generating any new exception !

Some side notes

Sometimes, you will want to partially disable naxsi for a part of the website. In the case of my company’s website, I don’t want to configure / enable naxsi for the wordpress back-office, as it’s already protected by a .htaccess.

Then, you can “simply” define another location, where you don’t enable NAXSI :

location / {
     include    /etc/nginx/nbs.rules;
     proxy_pass http://194.213.124.111/;
     proxy_set_header Host www.nbs-system.com;
   }

location /wp-admin {
     proxy_pass https://194.213.124.111/;
     proxy_set_header Host www.nbs-system.com;
 }

And the trick is done 😉

Actually, you can do something way smarter. As wordpress is affected by numerous vulnerabilities in the back-office, I still want to protect it, but without spending too much time on the configuration, so here is what I’m doing :

location /wp-admin {
         include /etc/nginx/nbs.rules;
         BasicRule wl:0 mz:BODY;
         proxy_pass https://194.213.124.111;
         proxy_set_header Host www.nbs-system.com;
}

I’m enabling NAXSI, but I’m disabling all checks on BODY, as it’s the painfull part (posting HTML and so on). In this way, I will still protect WP back-office from vulnerabilities that are exploited through GET requests.

google文档地址:http://code.google.com/p/naxsi/

一月 18th, 2013

Posted In: linux系统

使用方法:
vi /usr/local/nginx/conf/drop_sql.conf
添加以下内容

## Block SQL injections
set $block_sql_injections 0;
if ($query_string ~ "union.*select.*\(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*\(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}

## Block file injections
set $block_file_injections 0;
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
set $block_file_injections 1;
}
if ($block_file_injections = 1) {
return 403;
}

## Block common exploits
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}

## Block spam
set $block_spam 0;
if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
set $block_spam 1;
}
if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
set $block_spam 1;
}
if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
set $block_spam 1;
}
if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
set $block_spam 1;
}
if ($block_spam = 1) {
return 403;
}

## Block user agents
set $block_user_agents 0;

# Don't disable wget if you need it to run cron jobs!
#if ($http_user_agent ~ "Wget") {
# set $block_user_agents 1;
#}

# Disable Akeeba Remote Control 2.5 and earlier
if ($http_user_agent ~ "Indy Library") {
set $block_user_agents 1;
}

# Common bandwidth hoggers and hacking tools.
if ($http_user_agent ~ "libwww-perl") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GetRight") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GetWeb!") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Go!Zilla") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Download Demon") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "Go-Ahead-Got-It") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "TurnitinBot") {
set $block_user_agents 1;
}
if ($http_user_agent ~ "GrabNet") {
set $block_user_agents 1;
}

if ($block_user_agents = 1) {
return 403;
}

在nginx.conf配置文件中的server段中加入
include drop_sql.conf;

重新加载nginx配置文件即可生效
/usr/local/nginx/sbin/nginx -s reload

一月 17th, 2013

Posted In: linux系统

自己在学习python中看到别人写的代码拿过来改了改,只供参考,本段代码是从网易源取rpm包下载地址
因在做puppet集群化管理,在自己做一些rpm安装包,但基础包还是官方出的好,不用重新做,所以就取了官方的源做自己的源

#win python 2.7.x
import re,sys,urllib,codecs
xh = urllib.urlopen("http://mirrors.163.com/centos/5/os/x86_64/CentOS/").read().decode('utf-8')
rc = re.compile(r'href=.*?((?P.*?))>',re.I)
match = rc.finditer(xh)
rcr = re.compile(r'">',re.I)
f = codecs.open("xiaohei.txt", "w", "utf-8")
for i in rc.finditer(xh):
    ss = i.group(0)
    s1 = rcr.sub('',ss)
    s1=s1.replace('href="','wget http://mirrors.163.com/centos/5/os/x86_64/CentOS/')
    print (s1)
    f.write(s1)
f.close()

参考地址:http://www.oschina.net/code/snippet_204035_13570

九月 13th, 2012

Posted In: 网络技术

标签:

« 上一页下一页 »

无觅相关文章插件,快速提升流量