-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathatom.xml
More file actions
677 lines (361 loc) · 366 KB
/
atom.xml
File metadata and controls
677 lines (361 loc) · 366 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Sevge's Blog</title>
<link href="/atom.xml" rel="self"/>
<link href="https://sevge.github.io/about/"/>
<updated>2020-04-17T15:35:41.275Z</updated>
<id>https://sevge.github.io/about/</id>
<author>
<name>Sevge</name>
</author>
<generator uri="http://hexo.io/">Hexo</generator>
<entry>
<title>值班心情</title>
<link href="https://sevge.github.io/about/2020/04/17/baidu-work/"/>
<id>https://sevge.github.io/about/2020/04/17/baidu-work/</id>
<published>2020-04-16T20:24:18.000Z</published>
<updated>2020-04-17T15:35:41.275Z</updated>
<content type="html"><![CDATA[<p>记于第一次值周</p><p>深夜思绪万千,却发现根本找不到人倾诉,这就是北漂么?</p><p>大厂能镀金?以后好跳槽?朋友和亲人的一致称赞?这种外界的认可可能是我唯一在这里坚持的原因了……</p><p>真正的工作感受只有自己知道。</p><p>扫地打杂般的工作,平日工作压榨了我极大部分的时间,周一到周五从醒来脑子里就围绕着工作在转,晚上十点多到家洗洗也该睡了,要命的是值周时周末也不能好好放松。</p><p>以前的一些爱好,现在对我来说都是奢侈品,每天过得没有一点盼头,活像一台工作机器……</p><p>来这里五个月了,从第一个月的不适应,到现在的痛苦、焦虑、自我怀疑,我想这个地方打一开始就不适合我。</p><p>从早到晚,手机电脑一直叮咚叮咚地响,一度让我到奔溃边缘。现在是凌晨四点,再度被傻逼电话闹醒,很想砸键盘。</p><p>人生所有的痛苦与纠结,都是因为还有无数明天。如果没有的话,我现在就裸辞,太不开心了。</p>]]></content>
<summary type="html">
<p>记于第一次值周</p>
<p>深夜思绪万千,却发现根本找不到人倾诉,这就是北漂么?</p>
<p>大厂能镀金?以后好跳槽?朋友和亲人的一致称赞?这种外界的认可可能是我唯一在这里坚持的原因了……</p>
<p>真正的工作感受只有自己知道。</p>
<p>扫地打杂般的工作,平日
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>喜欢和坚持</title>
<link href="https://sevge.github.io/about/2020/04/05/hobby-and-persistence/"/>
<id>https://sevge.github.io/about/2020/04/05/hobby-and-persistence/</id>
<published>2020-04-05T13:22:26.000Z</published>
<updated>2020-04-05T14:36:28.600Z</updated>
<content type="html"><![CDATA[<p>今天是2020年4月5日,周日,清明节假期,距离2019年7月10日已经过去270天,经历了漫长的疫情封闭,孤独、迷茫与焦虑环绕在我的心间。</p><p>为什么突然又特地把以前博客内容copy回来呢?偶然翻到了以前的博客,18年、19年,看着github上的提交历史,最远可以追溯到两年前……从博客的措辞来看,以前的我心态乐观,还带一丝丝幽默,这就是无忧无虑环境中孕育出的特质吧。最初写博客,主要是希望找工作时能派上一些用场,偶尔写着,就像写日记一般,其实也没有人来看吧。即使如此,我想,在往前走的时候偶尔也要停下来记录一些东西,就像游戏存档一样,免得时间过去了,再回首好像没有留下过什么东西,仿佛那段时光凭空消失了一般。</p><p>最近又拿起了很久没碰的滑板,滑板真是一个让我又爱又恨的玩意。最初入坑是偶然看到一部滑板片,当时只觉得很酷,我也想要做出那样的动作。滑板买回来以后,玩了两周一个人学会了基础的滑行和荡板,之后立马练习进阶的ollie,但这个动作一直是新手“大杀器”,很多新手卡在这个门槛,随后就让滑板吃灰了。我也不例外。</p><p>正式参与工作以后,宿舍-公司,两点一线的生活让我厌烦,在北京也没有朋友,远在家乡的同学、亲人沟通起来也不能感同身受。我买了一块滑板,在练ollie的过程中,我突然发现周围原来也有同样爱好的人,大家的职业、年龄各异,但是玩到满身汗水坐下来聊天时,那种惬意的感觉是我来北京第一次体会到的。我喜欢滑板,准确的说,我喜欢玩滑板时交到的朋友们,喜欢和朋友们聊天玩耍,喜欢玩到筋疲力尽时的畅快,喜欢躺在地板上休息时的放松。</p><p>玩了一年多滑板了,ollie基本能跳了,但是仍然不敢过障碍,有时我也会想,我是不是练习的时间不够?我是不是不够聪明?我是不是年龄大了???!!!搬家到海淀,离开了望京的滑板好友们,一个人真的很难坚持下去,孤独、工作压力是我迈不过去的槛,最近这段日子我也在想,我的年龄似乎真的也大了,20岁以前我没想过以后,现在我不敢想以后。</p><p>春天到了,天气转暖,到用友科技园继续磕ollie。一个人,周围也有玩小滑板的小孩。以前看过一篇文章,说“坚持”其实是一个贬义词,只有不喜欢的事情才会去“坚持”,只有目标不明确才会去“坚持”,只有不太聪明的人才会“坚持”。我想我现在就是这种坚持吧,因为我现在也说不上喜欢滑板了,练好ollie似乎也不能得到什么,只是心中的一股执念让我去完成这项使命。今天摔了一跤,真的很痛,心情很down,自己爬起来继续练习。</p><p>在孤独、迷茫与焦虑中,我抓不到任何东西。离开这里,我能去哪?我能干啥?我真正喜欢的是什么?</p>]]></content>
<summary type="html">
<p>今天是2020年4月5日,周日,清明节假期,距离2019年7月10日已经过去270天,经历了漫长的疫情封闭,孤独、迷茫与焦虑环绕在我的心间。</p>
<p>为什么突然又特地把以前博客内容copy回来呢?偶然翻到了以前的博客,18年、19年,看着github上的提交历史,最远
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>线性回归上证指数</title>
<link href="https://sevge.github.io/about/2020/04/05/sz_index/"/>
<id>https://sevge.github.io/about/2020/04/05/sz_index/</id>
<published>2020-04-05T13:22:26.000Z</published>
<updated>2020-04-05T15:16:50.566Z</updated>
<content type="html"><![CDATA[<h1 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h1><p>巴菲特曾经这样描述过价值投资,他说价值投资就好像一个人牵着一条小狗去散步一般。有时候这条小狗会跑到人的前面,而有的时候这条小狗会跑到人的后面,但是最终这条小狗始终会回到人的身边。<br>大道至简,用最基本的线性回归预测一下上证指数2020年的走势。</p><h1 id="数据支撑"><a href="#数据支撑" class="headerlink" title="数据支撑"></a>数据支撑</h1><p>从<a href="http://quotes.money.163.com/trade/lsjysj_zhishu_000001.html" target="_blank" rel="noopener">网易财经</a>下载得到上证指数历史数据,仅使用每日收盘价。</p><h1 id="无干预预测"><a href="#无干预预测" class="headerlink" title="无干预预测"></a>无干预预测</h1><p>第7200个交易日的预测价格:3454.41<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://imgchr.com/i/GrK4IO" alt="pic1" title=""> </div> <div class="image-caption">pic1</div> </figure></p><h1 id="人工干预预测"><a href="#人工干预预测" class="headerlink" title="人工干预预测"></a>人工干预预测</h1><p>干预2008年、2015年泡沫为均值<br>第7200个交易日的预测价格:3238.38<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://imgchr.com/i/GrKhdK" alt="pic2" title=""> </div> <div class="image-caption">pic2</div> </figure></p><h1 id="根据gdp增速预测"><a href="#根据gdp增速预测" class="headerlink" title="根据gdp增速预测"></a>根据gdp增速预测</h1><p>2015年泡沫后2016年2月谷底2688点,距今4年,按<a href="http://data.eastmoney.com/cjsj/gdp.html" target="_blank" rel="noopener">东方财富</a>的历史gdp数据<br>2688*1.067*1.069*1.066*1.0610=3467<br>2008年泡沫后谷底11月1717点<br>1717*1.094*1.106*1.095*1.079*1.078*1.073*1.069*1.067*1.069*1.066*1.0610=3915</p><h1 id="定投策略"><a href="#定投策略" class="headerlink" title="定投策略"></a>定投策略</h1><p>目前未考虑止盈(还远着)<br>买入策略:<br>(当前指数 - 2780 \ **4/800,$index_correlations 2780为一个基准值,该值越大越乐观,即在当前指数较高时仍会买入较多,800代表震荡区间,该值越大买入越谨慎<br>(当前跌幅/历史跌幅) $change 这里历史跌幅取排序后20分位,即每5天可能出现一个的跌幅,一周买入一次<br>$confidence 自主设置<br>$base 投入基数与以上变量求积,得到的结果即最终买入</p>]]></content>
<summary type="html">
<h1 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h1><p>巴菲特曾经这样描述过价值投资,他说价值投资就好像一个人牵着一条小狗去散步一般。有时候这条小狗会跑到人的前面,而有的时候这条小狗会跑到人的后面
</summary>
<category term="投资" scheme="https://sevge.github.io/about/categories/%E6%8A%95%E8%B5%84/"/>
</entry>
<entry>
<title>海量数据面试题</title>
<link href="https://sevge.github.io/about/2019/06/07/multi-data_test/"/>
<id>https://sevge.github.io/about/2019/06/07/multi-data_test/</id>
<published>2019-06-07T12:16:27.000Z</published>
<updated>2019-06-07T12:35:33.893Z</updated>
<content type="html"><![CDATA[<p><a href="https://www.cnblogs.com/btdxqz/p/6895068.html" target="_blank" rel="noopener">十道面试题与十个海量数据处理方法总结</a></p><h2 id="面试题"><a href="#面试题" class="headerlink" title="面试题"></a>面试题</h2><h3 id="海量日志数据,提取出某日访问百度次数最多的那个IP。"><a href="#海量日志数据,提取出某日访问百度次数最多的那个IP。" class="headerlink" title="海量日志数据,提取出某日访问百度次数最多的那个IP。"></a>海量日志数据,提取出某日访问百度次数最多的那个IP。</h3><p> 首先是这一天,并且是访问百度的日志中的IP取出来,逐个写入到一个大文件中。注意到IP是32位的,最多有个2^32个IP。同样可以采用映射的方法,比如模1000,把整个大文件映射为1000个小文件,再找出每个小文中出现频率最大的IP(可以采用hash_map进行频率统计,然后再找出频率最大的几个)及相应的频率。然后再在这1000个最大的IP中,找出那个频率最大的IP,即为所求。<br>或者如下阐述(雪域之鹰):<br>算法思想:分而治之+Hash<br>1.IP地址最多有2^32=4G种取值情况,所以不能完全加载到内存中处理;<br>2.可以考虑采用“分而治之”的思想,按照IP地址的Hash(IP)%1024值,把海量IP日志分别存储到1024个小文件中。这样,每个小文件最多包含4MB个IP地址;<br>3.对于每一个小文件,可以构建一个IP为key,出现次数为value的Hash map,同时记录当前出现次数最多的那个IP地址;<br>4.可以得到1024个小文件中的出现次数最多的IP,再依据常规的排序算法得到总体上出现次数最多的IP;</p><h3 id="搜索引擎会通过日志文件把用户每次检索使用的所有检索串都记录下来,每个查询串的长度为1-255字节。"><a href="#搜索引擎会通过日志文件把用户每次检索使用的所有检索串都记录下来,每个查询串的长度为1-255字节。" class="headerlink" title="搜索引擎会通过日志文件把用户每次检索使用的所有检索串都记录下来,每个查询串的长度为1-255字节。"></a>搜索引擎会通过日志文件把用户每次检索使用的所有检索串都记录下来,每个查询串的长度为1-255字节。</h3><p> 假设目前有一千万个记录(这些查询串的重复度比较高,虽然总数是1千万,但如果除去重复后,不超过3百万个。一个查询串的重复度越高,说明查询它的用户越多,也就是越热门。),请你统计最热门的10个查询串,要求使用的内存不能超过1G。<br>典型的Top K算法,还是在这篇文章里头有所阐述,详情请参见:<a href="https://blog.csdn.net/v_JULY_v/article/details/6256463" target="_blank" rel="noopener">从头到尾彻底解析Hash表算法</a></p><p>文中,给出的最终算法是:<br>第一步、先对这批海量数据预处理,在O(N)的时间内用Hash表完成统计(之前写成了排序,特此订正。July、2011.04.27);<br>第二步、借助堆这个数据结构,找出Top K,时间复杂度为N‘logK。<br>即,借助堆结构,我们可以在log量级的时间内查找和调整/移动。因此,维护一个K(该题目中是10)大小的小根堆,然后遍历300万的Query,分别和根元素进行对比所以,我们最终的时间复杂度是:O(N) + N’*O(logK),(N为1000万,N’为300万)。ok,更多,详情,请参考原文。</p><p>或者:采用trie树,关键字域存该查询串出现的次数,没有出现为0。最后用10个元素的最小推来对出现频率进行排序。</p><h3 id="有一个1G大小的一个文件,里面每一行是一个词,词的大小不超过16字节,内存限制大小是1M。返回频数最高的100个词。"><a href="#有一个1G大小的一个文件,里面每一行是一个词,词的大小不超过16字节,内存限制大小是1M。返回频数最高的100个词。" class="headerlink" title="有一个1G大小的一个文件,里面每一行是一个词,词的大小不超过16字节,内存限制大小是1M。返回频数最高的100个词。"></a>有一个1G大小的一个文件,里面每一行是一个词,词的大小不超过16字节,内存限制大小是1M。返回频数最高的100个词。</h3><p> 方案:顺序读文件中,对于每个词x,取hash(x)%5000,然后按照该值存到5000个小文件(记为x0,x1,…x4999)中。这样每个文件大概是200k左右。</p><p>如果其中的有的文件超过了1M大小,还可以按照类似的方法继续往下分,直到分解得到的小文件的大小都不超过1M。<br>对每个小文件,统计每个文件中出现的词以及相应的频率(可以采用trie树/hash_map等),并取出出现频率最大的100个词(可以用含100个结点的最小堆),并把100个词及相应的频率存入文件,这样又得到了5000个文件。下一步就是把这5000个文件进行归并(类似与归并排序)的过程了。</p><h3 id="有10个文件,每个文件1G,每个文件的每一行存放的都是用户的query,每个文件的query都可能重复。要求你按照query的频度排序。"><a href="#有10个文件,每个文件1G,每个文件的每一行存放的都是用户的query,每个文件的query都可能重复。要求你按照query的频度排序。" class="headerlink" title="有10个文件,每个文件1G,每个文件的每一行存放的都是用户的query,每个文件的query都可能重复。要求你按照query的频度排序。"></a>有10个文件,每个文件1G,每个文件的每一行存放的都是用户的query,每个文件的query都可能重复。要求你按照query的频度排序。</h3><p>还是典型的TOP K算法,解决方案如下:<br>方案1:<br>顺序读取10个文件,按照hash(query)%10的结果将query写入到另外10个文件(记为)中。这样新生成的文件每个的大小大约也1G(假设hash函数是随机的)。</p><p>找一台内存在2G左右的机器,依次对用hash_map(query, query_count)来统计每个query出现的次数。利用快速/堆/归并排序按照出现次数进行排序。将排序好的query和对应的query_cout输出到文件中。这样得到了10个排好序的文件(记为)。</p><p>对这10个文件进行归并排序(内排序与外排序相结合)。</p><p>方案2:<br>一般query的总量是有限的,只是重复的次数比较多而已,可能对于所有的query,一次性就可以加入到内存了。这样,我们就可以采用trie树/hash_map等直接来统计每个query出现的次数,然后按出现次数做快速/堆/归并排序就可以了。</p><p>方案3:<br>与方案1类似,但在做完hash,分成多个文件后,可以交给多个文件来处理,采用分布式的架构来处理(比如MapReduce),最后再进行合并。</p><h3 id="给定a、b两个文件,各存放50亿个url,每个url各占64字节,内存限制是4G,让你找出a、b文件共同的url?"><a href="#给定a、b两个文件,各存放50亿个url,每个url各占64字节,内存限制是4G,让你找出a、b文件共同的url?" class="headerlink" title="给定a、b两个文件,各存放50亿个url,每个url各占64字节,内存限制是4G,让你找出a、b文件共同的url?"></a>给定a、b两个文件,各存放50亿个url,每个url各占64字节,内存限制是4G,让你找出a、b文件共同的url?</h3><p>方案1:可以估计每个文件安的大小为5G×64=320G,远远大于内存限制的4G。所以不可能将其完全加载到内存中处理。考虑采取分而治之的方法。</p><p>遍历文件a,对每个url求取hash(url)%1000,然后根据所取得的值将url分别存储到1000个小文件(记为a0,a1,…,a999)中。这样每个小文件的大约为300M。</p><p>遍历文件b,采取和a相同的方式将url分别存储到1000小文件(记为b0,b1,…,b999)。这样处理后,所有可能相同的url都在对应的小文件(a0vsb0,a1vsb1,…,a999vsb999)中,不对应的小文件不可能有相同的url。然后我们只要求出1000对小文件中相同的url即可。</p><p>求每对小文件中相同的url时,可以把其中一个小文件的url存储到hash_set中。然后遍历另一个小文件的每个url,看其是否在刚才构建的hash_set中,如果是,那么就是共同的url,存到文件里面就可以了。</p><p>方案2:如果允许有一定的错误率,可以使用Bloom filter,4G内存大概可以表示340亿bit。将其中一个文件中的url使用Bloom filter映射为这340亿bit,然后挨个读取另外一个文件的url,检查是否与Bloom filter,如果是,那么该url应该是共同的url(注意会有一定的错误率)。</p><p>Bloom filter日后会在本BLOG内详细阐述。</p><h3 id="在2-5亿个整数中找出不重复的整数,注,内存不足以容纳这2-5亿个整数。"><a href="#在2-5亿个整数中找出不重复的整数,注,内存不足以容纳这2-5亿个整数。" class="headerlink" title="在2.5亿个整数中找出不重复的整数,注,内存不足以容纳这2.5亿个整数。"></a>在2.5亿个整数中找出不重复的整数,注,内存不足以容纳这2.5亿个整数。</h3><p>方案1:采用2-Bitmap(每个数分配2bit,00表示不存在,01表示出现一次,10表示多次,11无意义)进行,共需内存2^32 * 2 bit=1 GB内存,还可以接受。然后扫描这2.5亿个整数,查看Bitmap中相对应位,如果是00变01,01变10,10保持不变。所描完事后,查看bitmap,把对应位是01的整数输出即可。</p><p>方案2:也可采用与第1题类似的方法,进行划分小文件的方法。然后在小文件中找出不重复的整数,并排序。然后再进行归并,注意去除重复的元素。</p><h3 id="腾讯面试题:给40亿个不重复的unsigned-int的整数,没排过序的,然后再给一个数,如何快速判断这个数是否在那40亿个数当中?"><a href="#腾讯面试题:给40亿个不重复的unsigned-int的整数,没排过序的,然后再给一个数,如何快速判断这个数是否在那40亿个数当中?" class="headerlink" title="腾讯面试题:给40亿个不重复的unsigned int的整数,没排过序的,然后再给一个数,如何快速判断这个数是否在那40亿个数当中?"></a>腾讯面试题:给40亿个不重复的unsigned int的整数,没排过序的,然后再给一个数,如何快速判断这个数是否在那40亿个数当中?</h3><p>与上第6题类似,我的第一反应时快速排序+二分查找。以下是其它更好的方法:<br>方案1:oo,申请512M的内存,一个bit位代表一个unsigned int值。读入40亿个数,设置相应的bit位,读入要查询的数,查看相应bit位是否为1,为1表示存在,为0表示不存在。</p><p>dizengrong:<br>方案2:这个问题在《编程珠玑》里有很好的描述,大家可以参考下面的思路,探讨一下:<br>又因为2^32为40亿多,所以给定一个数可能在,也可能不在其中;<br>这里我们把40亿个数中的每一个用32位的二进制来表示<br>假设这40亿个数开始放在一个文件中。</p><p>然后将这40亿个数分成两类:<br>1.最高位为0<br>2.最高位为1<br>并将这两类分别写入到两个文件中,其中一个文件中数的个数<=20亿,而另一个>=20亿(这相当于折半了);<br>与要查找的数的最高位比较并接着进入相应的文件再查找</p><p>再然后把这个文件为又分成两类:<br>1.次最高位为0<br>2.次最高位为1</p><p>并将这两类分别写入到两个文件中,其中一个文件中数的个数<=10亿,而另一个>=10亿(这相当于折半了);<br>与要查找的数的次最高位比较并接着进入相应的文件再查找。<br>…….<br>以此类推,就可以找到了,而且时间复杂度为O(logn),方案2完。</p><p>附:这里,再简单介绍下,位图方法:<br>使用位图法判断整形数组是否存在重复<br>判断集合中存在重复是常见编程任务之一,当集合中数据量比较大时我们通常希望少进行几次扫描,这时双重循环法就不可取了。</p><p>位图法比较适合于这种情况,它的做法是按照集合中最大元素max创建一个长度为max+1的新数组,然后再次扫描原数组,遇到几就给新数组的第几位置上1,如遇到5就给新数组的第六个元素置1,这样下次再遇到5想置位时发现新数组的第六个元素已经是1了,这说明这次的数据肯定和以前的数据存在着重复。这种给新数组初始化时置零其后置一的做法类似于位图的处理方法故称位图法。它的运算次数最坏的情况为2N。如果已知数组的最大值即能事先给新数组定长的话效率还能提高一倍。</p><p>欢迎,有更好的思路,或方法,共同交流。</p><h3 id="怎么在海量数据中找出重复次数最多的一个?"><a href="#怎么在海量数据中找出重复次数最多的一个?" class="headerlink" title="怎么在海量数据中找出重复次数最多的一个?"></a>怎么在海量数据中找出重复次数最多的一个?</h3><p>方案1:先做hash,然后求模映射为小文件,求出每个小文件中重复次数最多的一个,并记录重复次数。然后找出上一步求出的数据中重复次数最多的一个就是所求(具体参考前面的题)。</p><h3 id="上千万或上亿数据(有重复),统计其中出现次数最多的钱N个数据。"><a href="#上千万或上亿数据(有重复),统计其中出现次数最多的钱N个数据。" class="headerlink" title="上千万或上亿数据(有重复),统计其中出现次数最多的钱N个数据。"></a>上千万或上亿数据(有重复),统计其中出现次数最多的钱N个数据。</h3><p>方案1:上千万或上亿的数据,现在的机器的内存应该能存下。所以考虑采用hash_map/搜索二叉树/红黑树等来进行统计次数。然后就是取出前N个出现次数最多的数据了,可以用第2题提到的堆机制完成。</p><h3 id="一个文本文件,大约有一万行,每行一个词,要求统计出其中最频繁出现的前10个词,请给出思想,给出时间复杂度分析。"><a href="#一个文本文件,大约有一万行,每行一个词,要求统计出其中最频繁出现的前10个词,请给出思想,给出时间复杂度分析。" class="headerlink" title="一个文本文件,大约有一万行,每行一个词,要求统计出其中最频繁出现的前10个词,请给出思想,给出时间复杂度分析。"></a>一个文本文件,大约有一万行,每行一个词,要求统计出其中最频繁出现的前10个词,请给出思想,给出时间复杂度分析。</h3><p>方案1:这题是考虑时间效率。用trie树统计每个词出现的次数,时间复杂度是O(n<em>le)(le表示单词的平准长度)。然后是找出出现最频繁的前10个词,可以用堆来实现,前面的题中已经讲到了,时间复杂度是O(n</em>lg10)。所以总的时间复杂度,是O(n<em>le)与O(n</em>lg10)中较大的哪一个。</p><h3 id="100w个数中找出最大的100个数。"><a href="#100w个数中找出最大的100个数。" class="headerlink" title="100w个数中找出最大的100个数。"></a>100w个数中找出最大的100个数。</h3><p>方案1:在前面的题中,我们已经提到了,用一个含100个元素的最小堆完成。复杂度为O(100w*lg100)。</p><p>方案2:采用快速排序的思想,每次分割之后只考虑比轴大的一部分,知道比轴大的一部分在比100多的时候,采用传统排序算法排序,取前100个。复杂度为O(100w*100)。</p><p>方案3:采用局部淘汰法。选取前100个元素,并排序,记为序列L。然后一次扫描剩余的元素x,与排好序的100个元素中最小的元素比,如果比这个最小的要大,那么把这个最小的元素删除,并把x利用插入排序的思想,插入到序列L中。依次循环,知道扫描了所有的元素。复杂度为O(100w*100)。</p><p><a href="http://www.cnblogs.com/youwang/" target="_blank" rel="noopener">致谢</a></p><h2 id="十个海量数据处理方法大总结"><a href="#十个海量数据处理方法大总结" class="headerlink" title="十个海量数据处理方法大总结"></a>十个海量数据处理方法大总结</h2><p>ok,看了上面这么多的面试题,是否有点头晕。是的,需要一个总结。接下来,本文将简单总结下一些处理海量数据问题的常见方法,而日后,本BLOG内会具体阐述这些方法。</p><p>下面的方法对海量数据的处理方法进行了一个一般性的总结,当然这些方法可能并不能完全覆盖所有的问题,但是这样的一些方法也基本可以处理绝大多数遇到的问题。下面的一些问题基本直接来源于公司的面试笔试题目,方法不一定最优,如果你有更好的处理方法,欢迎讨论。</p><h3 id="Bloom-filter"><a href="#Bloom-filter" class="headerlink" title="Bloom filter"></a>Bloom filter</h3><p> 适用范围:可以用来实现数据字典,进行数据的判重,或者集合求交集</p><p> 基本原理及要点:<br> 对于原理来说很简单,位数组+k个独立hash函数。将hash函数对应的值的位数组置1,查找时如果发现所有hash函数对应位都是1说明存在,很明显这个过程并不保证查找的结果是100%正确的。同时也不支持删除一个已经插入的关键字,因为该关键字对应的位会牵动到其他的关键字。所以一个简单的改进就是 counting Bloom filter,用一个counter数组代替位数组,就可以支持删除了。</p><p> 还有一个比较重要的问题,如何根据输入元素个数n,确定位数组m的大小及hash函数个数。当hash函数个数k=(ln2)<em>(m/n)时错误率最小。在错误率不大于E的情况下,m至少要等于n</em>lg(1/E)才能表示任意n个元素的集合。但m还应该更大些,因为还要保证bit数组里至少一半为0,则m应该>=nlg(1/E)*lge 大概就是nlg(1/E)1.44倍(lg表示以2为底的对数)。</p><p> 举个例子我们假设错误率为0.01,则此时m应大概是n的13倍。这样k大概是8个。</p><p> 注意这里m与n的单位不同,m是bit为单位,而n则是以元素个数为单位(准确的说是不同元素的个数)。通常单个元素的长度都是有很多bit的。所以使用bloom filter内存上通常都是节省的。</p><p> 扩展:<br> Bloom filter将集合中的元素映射到位数组中,用k(k为哈希函数个数)个映射位是否全1表示元素在不在这个集合中。Counting bloom filter(CBF)将位数组中的每一位扩展为一个counter,从而支持了元素的删除操作。Spectral Bloom Filter(SBF)将其与集合元素的出现次数关联。SBF采用counter中的最小值来近似表示元素的出现频率。</p><p> 问题实例:给你A,B两个文件,各存放50亿条URL,每条URL占用64字节,内存限制是4G,让你找出A,B文件共同的URL。如果是三个乃至n个文件呢?</p><p> 根据这个问题我们来计算下内存的占用,4G=2^32大概是40亿*8大概是340亿,n=50亿,如果按出错率0.01算需要的大概是650亿个bit。现在可用的是340亿,相差并不多,这样可能会使出错率上升些。另外如果这些urlip是一一对应的,就可以转换成ip,则大大简单了。</p><h3 id="Hashing"><a href="#Hashing" class="headerlink" title="Hashing"></a>Hashing</h3><p> 适用范围:快速查找,删除的基本数据结构,通常需要总数据量可以放入内存</p><p> 基本原理及要点:<br> hash函数选择,针对字符串,整数,排列,具体相应的hash方法。<br> 碰撞处理,一种是open hashing,也称为拉链法;另一种就是closed hashing,也称开地址法,opened addressing。</p><p>扩展:<br> d-left hashing中的d是多个的意思,我们先简化这个问题,看一看2-left hashing。2-left hashing指的是将一个哈希表分成长度相等的两半,分别叫做T1和T2,给T1和T2分别配备一个哈希函数,h1和h2。在存储一个新的key时,同时用两个哈希函数进行计算,得出两个地址h1[key]和h2[key]。这时需要检查T1中的h1[key]位置和T2中的h2[key]位置,哪一个位置已经存储的(有碰撞的)key比较多,然后将新key存储在负载少的位置。如果两边一样多,比如两个位置都为空或者都存储了一个key,就把新key存储在左边的T1子表中,2-left也由此而来。在查找一个key时,必须进行两次hash,同时查找两个位置。</p><p> 问题实例:<br> 1).海量日志数据,提取出某日访问百度次数最多的那个IP。<br> IP的数目还是有限的,最多2^32个,所以可以考虑使用hash将ip直接存入内存,然后进行统计。</p><h3 id="bit-map"><a href="#bit-map" class="headerlink" title="bit-map"></a>bit-map</h3><p> 适用范围:可进行数据的快速查找,判重,删除,一般来说数据范围是int的10倍以下</p><p> 基本原理及要点:使用bit数组来表示某些元素是否存在,比如8位电话号码</p><p> 扩展:bloom filter可以看做是对bit-map的扩展</p><p> 问题实例:<br> 1)已知某个文件内包含一些电话号码,每个号码为8位数字,统计不同号码的个数。<br> 8位最多99 999 999,大概需要99m个bit,大概10几m字节的内存即可。<br> 2)2.5亿个整数中找出不重复的整数的个数,内存空间不足以容纳这2.5亿个整数。</p><p> 将bit-map扩展一下,用2bit表示一个数即可,0表示未出现,1表示出现一次,2表示出现2次及以上。或者我们不用2bit来进行表示,我们用两个bit-map即可模拟实现这个2bit-map。</p><h3 id="堆"><a href="#堆" class="headerlink" title="堆"></a>堆</h3><p> 适用范围:海量数据前n大,并且n比较小,堆可以放入内存</p><p> 基本原理及要点:最大堆求前n小,最小堆求前n大。方法,比如求前n小,我们比较当前元素与最大堆里的最大元素,如果它小于最大元素,则应该替换那个最大元素。这样最后得到的n个元素就是最小的n个。适合大数据量,求前n小,n的大小比较小的情况,这样可以扫描一遍即可得到所有的前n元素,效率很高。</p><p> 扩展:双堆,一个最大堆与一个最小堆结合,可以用来维护中位数。</p><p> 问题实例:<br> 1)100w个数中找最大的前100个数。<br> 用一个100个元素大小的最小堆即可。</p><h3 id="双层桶划分"><a href="#双层桶划分" class="headerlink" title="双层桶划分"></a>双层桶划分</h3><p>其实本质上就是【分而治之】的思想,重在“分”的技巧上!<br> 适用范围:第k大,中位数,不重复或重复的数字<br> 基本原理及要点:因为元素范围很大,不能利用直接寻址表,所以通过多次划分,逐步确定范围,然后最后在一个可以接受的范围内进行。可以通过多次缩小,双层只是一个例子。</p><p> 扩展:<br> 问题实例:<br> 1).2.5亿个整数中找出不重复的整数的个数,内存空间不足以容纳这2.5亿个整数。<br> 有点像鸽巢原理,整数个数为2^32,也就是,我们可以将这2^32个数,划分为2^8个区域(比如用单个文件代表一个区域),然后将数据分离到不同的区域,然后不同的区域在利用bitmap就可以直接解决了。也就是说只要有足够的磁盘空间,就可以很方便的解决。</p><p> 2).5亿个int找它们的中位数。<br> 这个例子比上面那个更明显。首先我们将int划分为2^16个区域,然后读取数据统计落到各个区域里的数的个数,之后我们根据统计结果就可以判断中位数落到那个区域,同时知道这个区域中的第几大数刚好是中位数。然后第二次扫描我们只统计落在这个区域中的那些数就可以了。</p><p> 实际上,如果不是int是int64,我们可以经过3次这样的划分即可降低到可以接受的程度。即可以先将int64分成2^24个区域,然后确定区域的第几大数,在将该区域分成2^20个子区域,然后确定是子区域的第几大数,然后子区域里的数的个数只有2^20,就可以直接利用direct addr table进行统计了。</p><h3 id="数据库索引"><a href="#数据库索引" class="headerlink" title="数据库索引"></a>数据库索引</h3><p> 适用范围:大数据量的增删改查</p><p> 基本原理及要点:利用数据的设计实现方法,对海量数据的增删改查进行处理。</p><h3 id="倒排索引-Inverted-index"><a href="#倒排索引-Inverted-index" class="headerlink" title="倒排索引(Inverted index)"></a>倒排索引(Inverted index)</h3><p> 适用范围:搜索引擎,关键字查询</p><p> 基本原理及要点:为何叫倒排索引?一种索引方法,被用来存储在全文搜索下某个单词在一个文档或者一组文档中的存储位置的映射。</p><p> 以英文为例,下面是要被索引的文本:<br>T0 = “it is what it is”<br>T1 = “what is it”<br>T2 = “it is a banana”</p><p>我们就能得到下面的反向文件索引:</p><p>“a”: {2}<br>“banana”: {2}<br>“is”: {0, 1, 2}<br>“it”: {0, 1, 2}<br>“what”: {0, 1}</p><p> 检索的条件”what”,”is”和”it”将对应集合的交集。</p><p> 正向索引开发出来用来存储每个文档的单词的列表。正向索引的查询往往满足每个文档有序频繁的全文查询和每个单词在校验文档中的验证这样的查询。在正向索引中,文档占据了中心的位置,每个文档指向了一个它所包含的索引项的序列。也就是说文档指向了它包含的那些单词,而反向索引则是单词指向了包含它的文档,很容易看到这个反向的关系。</p><p> 扩展:<br> 问题实例:文档检索系统,查询那些文件包含了某单词,比如常见的学术论文的关键字搜索。</p><h3 id="外排序"><a href="#外排序" class="headerlink" title="外排序"></a>外排序</h3><p> 适用范围:大数据的排序,去重</p><p> 基本原理及要点:外排序的归并方法,置换选择败者树原理,最优归并树</p><p> 扩展:</p><p> 问题实例:<br> 1).有一个1G大小的一个文件,里面每一行是一个词,词的大小不超过16个字节,内存限制大小是1M。返回频数最高的100个词。</p><p> 这个数据具有很明显的特点,词的大小为16个字节,但是内存只有1m做hash有些不够,所以可以用来排序。内存可以当输入缓冲区使用。</p><h3 id="trie树"><a href="#trie树" class="headerlink" title="trie树"></a>trie树</h3><p> 适用范围:数据量大,重复多,但是数据种类小可以放入内存</p><p> 基本原理及要点:实现方式,节点孩子的表示方式</p><p> 扩展:压缩实现。</p><p> 问题实例:<br> 1).有10个文件,每个文件1G,每个文件的每一行都存放的是用户的query,每个文件的query都可能重复。要你按照query的频度排序。<br> 2).1000万字符串,其中有些是相同的(重复),需要把重复的全部去掉,保留没有重复的字符串。请问怎么设计和实现?<br> 3).寻找热门查询:查询串的重复度比较高,虽然总数是1千万,但如果除去重复后,不超过3百万个,每个不超过255字节。</p><h3 id="分布式处理-mapreduce"><a href="#分布式处理-mapreduce" class="headerlink" title="分布式处理 mapreduce"></a>分布式处理 mapreduce</h3><p> 适用范围:数据量大,但是数据种类小可以放入内存</p><p> 基本原理及要点:将数据交给不同的机器去处理,数据划分,结果归约。</p><p> 扩展:<br> 问题实例:<br> 1).The canonical example application of MapReduce is a process to count the appearances of<br>each different word in a set of documents:<br> 2).海量数据分布在100台电脑中,想个办法高效统计出这批数据的TOP10。<br> 3).一共有N个机器,每个机器上有N个数。每个机器最多存O(N)个数并对它们操作。如何找到N^2个数的中数(median)?</p><h2 id="经典问题分析"><a href="#经典问题分析" class="headerlink" title="经典问题分析"></a>经典问题分析</h2><p> 上千万or亿数据(有重复),统计其中出现次数最多的前N个数据,分两种情况:可一次读入内存,不可一次读入。</p><p> 可用思路:trie树+堆,数据库索引,划分子集分别统计,hash,分布式计算,近似统计,外排序</p><p> 所谓的是否能一次读入内存,实际上应该指去除重复后的数据量。如果去重后数据可以放入内存,我们可以为数据建立字典,比如通过 map,hashmap,trie,然后直接进行统计即可。当然在更新每条数据的出现次数的时候,我们可以利用一个堆来维护出现次数最多的前N个数据,当然这样导致维护次数增加,不如完全统计后在求前N大效率高。</p><p> 如果数据无法放入内存。一方面我们可以考虑上面的字典方法能否被改进以适应这种情形,可以做的改变就是将字典存放到硬盘上,而不是内存,这可以参考数据库的存储方法。</p><p> 当然还有更好的方法,就是可以采用分布式计算,基本上就是map-reduce过程,首先可以根据数据值或者把数据hash(md5)后的值,将数据按照范围划分到不同的机子,最好可以让数据划分后可以一次读入内存,这样不同的机子负责处理各种的数值范围,实际上就是map。得到结果后,各个机子只需拿出各自的出现次数最多的前N个数据,然后汇总,选出所有的数据中出现次数最多的前N个数据,这实际上就是reduce过程。</p><p> 实际上可能想直接将数据均分到不同的机子上进行处理,这样是无法得到正确的解的。因为一个数据可能被均分到不同的机子上,而另一个则可能完全聚集到一个机子上,同时还可能存在具有相同数目的数据。比如我们要找出现次数最多的前100个,我们将1000万的数据分布到10台机器上,找到每台出现次数最多的前 100个,归并之后这样不能保证找到真正的第100个,因为比如出现次数最多的第100个可能有1万个,但是它被分到了10台机子,这样在每台上只有1千个,假设这些机子排名在1000个之前的那些都是单独分布在一台机子上的,比如有1001个,这样本来具有1万个的这个就会被淘汰,即使我们让每台机子选出出现次数最多的1000个再归并,仍然会出错,因为可能存在大量个数为1001个的发生聚集。因此不能将数据随便均分到不同机子上,而是要根据hash 后的值将它们映射到不同的机子上处理,让不同的机器处理一个数值范围。<br> 而外排序的方法会消耗大量的IO,效率不会很高。而上面的分布式方法,也可以用于单机版本,也就是将总的数据根据值的范围,划分成多个不同的子文件,然后逐个处理。处理完毕之后再对这些单词的及其出现频率进行一个归并。实际上就可以利用一个外排序的归并过程。</p>]]></content>
<summary type="html">
<p><a href="https://www.cnblogs.com/btdxqz/p/6895068.html" target="_blank" rel="noopener">十道面试题与十个海量数据处理方法总结</a></p>
<h2 id="面试题"><a href="#
</summary>
<category term="收藏" scheme="https://sevge.github.io/about/categories/%E6%94%B6%E8%97%8F/"/>
</entry>
<entry>
<title>利用frp实现内网穿透</title>
<link href="https://sevge.github.io/about/2019/03/17/frp/"/>
<id>https://sevge.github.io/about/2019/03/17/frp/</id>
<published>2019-03-17T09:35:30.000Z</published>
<updated>2019-03-17T10:13:03.130Z</updated>
<content type="html"><![CDATA[<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p> 人在学校外,想要查学分?想要查成绩?想要上知网?很多时候不想麻烦别人,这个时候就需要自己折腾折腾了。。。<br> 之前有了解过内网穿透的方式,可以使用ngrok、natapp、autossh,但是我想要的是外网机器最终达到如在内网一样的环境,最终选定了frp。</p><h2 id="关于frp"><a href="#关于frp" class="headerlink" title="关于frp"></a>关于frp</h2><p> 引一段官网的话:</p><blockquote><p>frp是一个高性能的反向代理应用,可以帮助您轻松地进行内网穿透,对外网提供服务,支持 tcp, http, https 等协议类型,并且 web 服务支持根据域名进行路由转发。</p></blockquote><p> 我的理解如图:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/17/Aed5ex.jpg" alt="frp" title=""> </div> <div class="image-caption">frp</div> </figure></p><h2 id="准备"><a href="#准备" class="headerlink" title="准备"></a>准备</h2><ul><li>内网机器一台(10.8.<em>.</em>)</li><li>外网机器一台(47.<em>.</em>.<em>)<br> <br> 首先在内网机器(10.8.</em>.*)上搭建好softether服务,可以参照<a href="https://blog.csdn.net/qq_35422558/article/details/78018089" target="_blank" rel="noopener">这里</a>,搭建完成,创建登陆用户、开启虚拟路由器和虚拟DHCP、启用Openvpn克隆server功能,这里我选择UDP类型的2333端口。<figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/17/AeNjO0.jpg" alt="openvpn" title=""> </div> <div class="image-caption">openvpn</div> </figure> 点击‘为Openvpn Client生成配置样本文件’,保存到本地,修改remote地址为公网服务器地址:<figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/17/Aea8C4.jpg" alt="config" title=""> </div> <div class="image-caption">config</div> </figure></li></ul><h2 id="开始使用"><a href="#开始使用" class="headerlink" title="开始使用"></a>开始使用</h2><h3 id="外网机器-47"><a href="#外网机器-47" class="headerlink" title="外网机器(47...*)"></a>外网机器(47.<em>.</em>.*)</h3><p> 外网机器作为frp server端,点击<a href="http://diannaobos.iok.la:81/frp/frp-v0.20.0/frp_0.20.0_linux_amd64.tar.gz" target="_blank" rel="noopener">这里</a>下载tar包。wget下来,tar解压,编辑配置文件,如我的frps.ini:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">[common]</span><br><span class="line">bind_addr = 0.0.0.0</span><br><span class="line">bind_port = 7000</span><br><span class="line">auto_token = 123456</span><br><span class="line"></span><br><span class="line">dashboard_port = 7500</span><br><span class="line">dashboard_user = admin</span><br><span class="line">dashboard_pwd = admin</span><br></pre></td></tr></table></figure></p><p>[common]部分是必须有的配置,其中bind_port是自己设定的frp服务端端口,auto_token必须与frpc端配置一致。后三行启用dashboard,可以选择配置。<br>最终启动: <code>nohup ./frps -c ./frps.ini &</code></p><h3 id="内网机器-10-8"><a href="#内网机器-10-8" class="headerlink" title="内网机器(10.8..)"></a>内网机器(10.8.<em>.</em>)</h3><p> 内网机器作为frp client端,tar包同上。编辑配置文件,如我的frpc.ini:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line">[common]</span><br><span class="line">server_addr = 47.*.*.*</span><br><span class="line">server_port = 7000</span><br><span class="line">auto_token = 123456</span><br><span class="line"></span><br><span class="line">[ssh]</span><br><span class="line">type = tcp</span><br><span class="line">local_ip = 127.0.0.1 # ssh服务的地址</span><br><span class="line">local_port = 22 # ssh服务的端口</span><br><span class="line">remote_port = 2277 # 最终公网对外开放的ssh端口</span><br><span class="line"></span><br><span class="line">[p2p]</span><br><span class="line">type = tcp</span><br><span class="line">local_ip = 127.0.0.1</span><br><span class="line">local_port = 5555</span><br><span class="line">remote_port = 5555</span><br><span class="line"></span><br><span class="line">[openvp]</span><br><span class="line">type = udp</span><br><span class="line">local_ip = 127.0.0.1</span><br><span class="line">local_port = 2333</span><br><span class="line">remote_port = 2333</span><br></pre></td></tr></table></figure></p><p> 保存配置,运行frp客户端:<code>nohup ./frpc -c ./frpc.ini &</code></p><h2 id="完成"><a href="#完成" class="headerlink" title="完成"></a>完成</h2><p> Done!<br> 之前试用softether客户端,可以点击连接,但是在分配ip地址时出现问题,而openvpn客户端可以正常连接。</p>]]></content>
<summary type="html">
<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p> 人在学校外,想要查学分?想要查成绩?想要上知网?很多时候不想麻烦别人,这个时候就需要自己折腾折腾了。。。<br> 之前有了解过内网穿透
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>常用Linux性能分析工具</title>
<link href="https://sevge.github.io/about/2019/03/03/Linux-performance-analysis-tools/"/>
<id>https://sevge.github.io/about/2019/03/03/Linux-performance-analysis-tools/</id>
<published>2019-03-03T09:17:41.000Z</published>
<updated>2019-03-04T09:33:18.453Z</updated>
<content type="html"><![CDATA[<h2 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h2><p> 具备背景知识是分析性能问题时需要了解的。比如硬件 cache;再比如操作系统内核。应用程序的行为细节往往是和这些东西互相牵扯的,这些底层的东西会以意想不到的方式影响应用程序的性能,比如某些程序无法充分利用 cache,从而导致性能下降。比如不必要地调用过多的系统调用,造成频繁的内核 / 用户切换等。这里只是为本文的后续内容做一些铺垫,关于调优还有很多东西,我所不知道的比知道的要多的多,希望大家能共同学习进步。<br> 转自:<a href="http://rdc.hundsun.com/portal/article/731.html?ref=myrea" target="_blank" rel="noopener">http://rdc.hundsun.com/portal/article/731.html?ref=myrea</a><br> 更多参考: <a href="http://www.brendangregg.com/linuxperf.html" target="_blank" rel="noopener">http://www.brendangregg.com/linuxperf.html</a></p><h2 id="性能分析工具"><a href="#性能分析工具" class="headerlink" title="性能分析工具"></a>性能分析工具</h2><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kO7pUH.png" alt="analysis tools" title=""> </div> <div class="image-caption">analysis tools</div> </figure><p>上图是Brendan Gregg 的一次性能分析的分享,这里面的所有工具都可以通过man来获得它的帮助文档,下问简单介绍介绍一下常规的用法。</p><h3 id="vmstat–虚拟内存统计"><a href="#vmstat–虚拟内存统计" class="headerlink" title="vmstat–虚拟内存统计"></a>vmstat–虚拟内存统计</h3><p>vmstat(VirtualMeomoryStatistics,虚拟内存统计) 是Linux中监控内存的常用工具,可对操作系统的虚拟内存、进程、CPU等的整体情况进行监视。</p><p>vmstat的常规用法:vmstat interval times即每隔interval秒采样一次,共采样times次,如果省略times,则一直采集数据,直到用户手动停止为止。<br>简单举个例子:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kO7ZqS.png" alt="vmstat" title=""> </div> <div class="image-caption">vmstat</div> </figure><br>可以使用ctrl+c停止vmstat采集数据。</p><p>第一行显示了系统自启动以来的平均值,第二行开始显示现在正在发生的情况,接下来的行会显示每5秒间隔发生了什么,每一列的含义在头部,如下所示:</p><ul><li><p>procs:r这一列显示了多少进程在等待cpu,b列显示多少进程正在不可中断的休眠(等待IO)。</p></li><li><p>memory:swapd列显示了多少块被换出了磁盘(页面交换),剩下的列显示了多少块是空闲的(未被使用),多少块正在被用作缓冲区,以及多少正在被用作操作系统的缓存。</p></li><li><p>swap:显示交换活动:每秒有多少块正在被换入(从磁盘)和换出(到磁盘)。</p></li><li><p>io:显示了多少块从块设备读取(bi)和写出(bo),通常反映了硬盘I/O。</p></li><li><p>system:显示每秒中断(in)和上下文切换(cs)的数量。</p></li><li><p>cpu:显示所有的cpu时间花费在各类操作的百分比,包括执行用户代码(非内核),执行系统代码(内核),空闲以及等待IO。</p></li></ul><p>内存不足的表现:free memory急剧减少,回收buffer和cacher也无济于事,大量使用交换分区(swpd),页面交换(swap)频繁,读写磁盘数量(io)增多,缺页中断(in)增多,上下文切换(cs)次数增多,等待IO的进程数(b)增多,大量CPU时间用于等待IO(wa)</p><h3 id="iostat–用于报告中央处理器统计信息"><a href="#iostat–用于报告中央处理器统计信息" class="headerlink" title="iostat–用于报告中央处理器统计信息"></a>iostat–用于报告中央处理器统计信息</h3><p> iostat用于报告中央处理器(CPU)统计信息和整个系统、适配器、tty 设备、磁盘和 CD-ROM 的输入/输出统计信息,默认显示了与vmstat相同的cpu使用信息,使用以下命令显示扩展的设备统计:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kO7QGn.png" alt="iostat" title=""> </div> <div class="image-caption">iostat</div> </figure></p><p>第一行显示的是自系统启动以来的平均值,然后显示增量的平均值,每个设备一行。</p><p>常见linux的磁盘IO指标的缩写习惯:rq是request,r是read,w是write,qu是queue,sz是size,a是verage,tm是time,svc是service。</p><ul><li><p>rrqm/s和wrqm/s:每秒合并的读和写请求,“合并的”意味着操作系统从队列中拿出多个逻辑请求合并为一个请求到实际磁盘。</p></li><li><p>r/s和w/s:每秒发送到设备的读和写请求数。</p></li><li><p>rsec/s和wsec/s:每秒读和写的扇区数。</p></li><li><p>avgrq –sz:请求的扇区数。</p></li><li><p>avgqu –sz:在设备队列中等待的请求数。</p></li><li><p>await:每个IO请求花费的时间。</p></li><li><p>svctm:实际请求(服务)时间。</p></li><li><p>%util:至少有一个活跃请求所占时间的百分比。</p></li></ul><h3 id="dstat–系统监控工具"><a href="#dstat–系统监控工具" class="headerlink" title="dstat–系统监控工具"></a>dstat–系统监控工具</h3><p> dstat显示了cpu使用情况,磁盘io情况,网络发包情况和换页情况,输出是彩色的,可读性较强,相对于vmstat和iostat的输入更加详细且较为直观。在使用时,直接输入命令即可,当然也可以使用特定参数。</p><p>如下:dstat –cdlmnpsy<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kO7GrT.png" alt="dstat" title=""> </div> <div class="image-caption">dstat</div> </figure></p><h3 id="iotop–LINUX进程实时监控工具"><a href="#iotop–LINUX进程实时监控工具" class="headerlink" title="iotop–LINUX进程实时监控工具"></a>iotop–LINUX进程实时监控工具</h3><p> iotop命令是专门显示硬盘IO的命令,界面风格类似top命令,可以显示IO负载具体是由哪个进程产生的。是一个用来监视磁盘I/O使用状况的top类工具,具有与top相似的UI,其中包括PID、用户、I/O、进程等相关信息。<br> 可以以非交互的方式使用:iotop –bod interval,查看每个进程的I/O,可以使用pidstat,pidstat –d instat。</p><h3 id="pidstat–监控系统资源情况"><a href="#pidstat–监控系统资源情况" class="headerlink" title="pidstat–监控系统资源情况"></a>pidstat–监控系统资源情况</h3><p> pidstat主要用于监控全部或指定进程占用系统资源的情况,如CPU,内存、设备IO、任务切换、线程等。<br> 使用方法:pidstat –d interval;pidstat还可以用以统计CPU使用信息:pidstat –u interval;统计内存信息:Pidstat –r interval。</p><h3 id="top"><a href="#top" class="headerlink" title="top"></a>top</h3><p>top命令的汇总区域显示了五个方面的系统性能信息:</p><ul><li><p>1.负载:时间,登陆用户数,系统平均负载;</p></li><li><p>2.进程:运行,睡眠,停止,僵尸;</p></li><li><p>3.cpu:用户态,核心态,NICE,空闲,等待IO,中断等;</p></li><li><p>4.内存:总量,已用,空闲(系统角度),缓冲,缓存;</p></li><li><p>5.交换分区:总量,已用,空闲</p></li></ul><p>任务区域默认显示:进程ID,有效用户,进程优先级,NICE值,进程使用的虚拟内存,物理内存和共享内存,进程状态,CPU占用率,内存占用率,累计CPU时间,进程命令行信息。</p><h3 id="htop"><a href="#htop" class="headerlink" title="htop"></a>htop</h3><p>htop 是Linux系统中的一个互动的进程查看器,一个文本模式的应用程序(在控制台或者X终端中),需要ncurses。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kO7UIJ.png" alt="htop" title=""> </div> <div class="image-caption">htop</div> </figure></p><p>Htop可让用户交互式操作,支持颜色主题,可横向或纵向滚动浏览进程列表,并支持鼠标操作。</p><p>与top相比,htop有以下优点:</p><ul><li><p>可以横向或者纵向滚动浏览进程列表,以便看到所有的进程和完整的命令行。</p></li><li><p>在启动上,比top更快。</p></li><li><p>杀进程时不需要输入进程号。</p></li><li><p>htop支持鼠标操作。</p></li></ul><h3 id="mpstat"><a href="#mpstat" class="headerlink" title="mpstat"></a>mpstat</h3><p> mpstat 是Multiprocessor Statistics的缩写,是实时系统监控工具。其报告与CPU的一些统计信息,这些信息存放在/proc/stat文件中。在多CPUs系统里,其不但能查看所有CPU的平均状况信息,而且能够查看特定CPU的信息。常见用法:mpstat –P ALL interval times。</p><h3 id="netstat"><a href="#netstat" class="headerlink" title="netstat"></a>netstat</h3><p>Netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。<br>常见用法:<br>netstat –npl 可以查看你要打开的端口是否已经打开。</p><p>netstat –rn 打印路由表信息。</p><p>netstat –in 提供系统上的接口信息,打印每个接口的MTU,输入分组数,输入错误,输出分组数,输出错误,冲突以及当前的输出队列的长度。</p><h3 id="ps"><a href="#ps" class="headerlink" title="ps"></a>ps</h3><p>显示当前进程的状态<br>ps参数太多,具体使用方法可以参考man ps,常用的方法:ps aux #hsserver;ps –ef |grep #hundsun</p><ul><li><p>杀掉某一程序的方法:ps aux | grep mysqld | grep –v grep | awk ‘{print $2 }’ xargs kill -9</p></li><li><p>杀掉僵尸进程:ps –eal | awk ‘{if ($2 == “Z”){print $4}}’ | xargs kill -9</p></li></ul><h3 id="strace"><a href="#strace" class="headerlink" title="strace"></a>strace</h3><p> 跟踪程序执行过程中产生的系统调用及接收到的信号,帮助分析程序或命令执行中遇到的异常情况。</p><p>举例:查看mysqld在linux上加载哪种配置文件,可以通过运行下面的命令:strace –e stat64 mysqld –print –defaults > /dev/null</p><h3 id="uptime"><a href="#uptime" class="headerlink" title="uptime"></a>uptime</h3><p> 能够打印系统总共运行了多长时间和系统的平均负载,uptime命令最后输出的三个数字的含义分别是1分钟,5分钟,15分钟内系统的平均负荷。</p><h3 id="lsof"><a href="#lsof" class="headerlink" title="lsof"></a>lsof</h3><p>lsof(list open files)是一个列出当前系统打开文件的工具。通过lsof工具能够查看这个列表对系统检测及排错,常见的用法:</p><p>查看文件系统阻塞 lsof /boot</p><p>查看端口号被哪个进程占用 lsof -i : 3306</p><p>查看用户打开哪些文件 lsof –u username</p><p>查看进程打开哪些文件 lsof –p 4838</p><p>查看远程已打开的网络链接 lsof –i @192.168.34.128</p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p> 结合以上常用的性能测试命令并联系文初的性能分析工具的图,就可以初步了解到性能分析过程中哪个方面的性能使用哪方面的工具(命令)。</p>]]></content>
<summary type="html">
<h2 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h2><p> 具备背景知识是分析性能问题时需要了解的。比如硬件 cache;再比如操作系统内核。应用程序的行为细节往往是和这些东西互相牵扯的,这些底层
</summary>
<category term="Linux" scheme="https://sevge.github.io/about/categories/Linux/"/>
</entry>
<entry>
<title>缓冲(buffer)与缓存(cache)</title>
<link href="https://sevge.github.io/about/2018/12/23/buffer-and-cache/"/>
<id>https://sevge.github.io/about/2018/12/23/buffer-and-cache/</id>
<published>2018-12-23T05:41:27.000Z</published>
<updated>2019-03-04T08:46:47.959Z</updated>
<content type="html"><![CDATA[<h2 id="关于缓冲-buffer"><a href="#关于缓冲-buffer" class="headerlink" title="关于缓冲(buffer)"></a>关于缓冲(buffer)</h2><h3 id="什么是缓冲区"><a href="#什么是缓冲区" class="headerlink" title="什么是缓冲区"></a>什么是缓冲区</h3><p> 缓冲区(buffer),它是内存空间的一部分。也就是说,在内存空间中预留了一定的存储空间,这些存储空间用来缓冲输入或输出的数据,这部分预留的空间就叫做缓冲区,显然缓冲区是具有一定大小的。</p><p> 缓冲区根据其对应的是输入设备还是输出设备,分为输入缓冲区和输出缓冲区。</p><h3 id="为什么要引入缓冲区"><a href="#为什么要引入缓冲区" class="headerlink" title="为什么要引入缓冲区"></a>为什么要引入缓冲区</h3><p>我们为什么要引入缓冲区呢?</p><p> 高速设备与低速设备的不匹配,势必会让高速设备花时间等待低速设备,我们可以在这两者之间设立一个缓冲区。</p><h4 id="缓冲区的作用:"><a href="#缓冲区的作用:" class="headerlink" title="缓冲区的作用:"></a>缓冲区的作用:</h4><ul><li><p>1.可以解除两者的制约关系,数据可以直接送往缓冲区,高速设备不用再等待低速设备,提高了计算机的效率。例如:我们使用打印机打印文档,由于打印机的打印速度相对较慢,我们先把文档输出到打印机相应的缓冲区,打印机再自行逐步打印,这时我们的CPU可以处理别的事情。</p></li><li><p>2.可以减少数据的读写次数,如果每次数据只传输一点数据,就需要传送很多次,这样会浪费很多时间,因为开始读写与终止读写所需要的时间很长,如果将数据送往缓冲区,待缓冲区满后再进行传送会大大减少读写次数,这样就可以节省很多时间。例如:我们想将数据写入到磁盘中,不是立马将数据写到磁盘中,而是先输入缓冲区中,当缓冲区满了以后,再将数据写入到磁盘中,这样就可以减少磁盘的读写次数,不然磁盘很容易坏掉。</p></li></ul><p> 简单来说,缓冲区就是一块内存区,它用在输入输出设备和CPU之间,用来存储数据。它使得低速的输入输出设备和高速的CPU能够协调工作,避免低速的输入输出设备占用CPU,解放出CPU,使其能够高效率工作。</p><h3 id="缓冲区的类型"><a href="#缓冲区的类型" class="headerlink" title="缓冲区的类型"></a>缓冲区的类型</h3><p>缓冲区分为三种类型:全缓冲、行缓冲和不带缓冲。</p><h4 id="1、全缓冲"><a href="#1、全缓冲" class="headerlink" title="1、全缓冲"></a>1、全缓冲</h4><p> 在这种情况下,当填满标准I/O缓存后才进行实际I/O操作。全缓冲的典型代表是对磁盘文件的读写。</p><h4 id="2、行缓冲"><a href="#2、行缓冲" class="headerlink" title="2、行缓冲"></a>2、行缓冲</h4><p> 在这种情况下,当在输入和输出中遇到换行符时,执行真正的I/O操作。这时,我们输入的字符先存放在缓冲区,等按下回车键换行时才进行实际的I/O操作。典型代表是键盘输入数据。</p><h4 id="3、不带缓冲"><a href="#3、不带缓冲" class="headerlink" title="3、不带缓冲"></a>3、不带缓冲</h4><p>也就是不进行缓冲,标准出错情况stderr是典型代表,这使得出错信息可以直接尽快地显示出来。</p><h3 id="缓冲区的刷新"><a href="#缓冲区的刷新" class="headerlink" title="缓冲区的刷新"></a>缓冲区的刷新</h3><p>下列情况会引发缓冲区的刷新:<br>缓冲区满时;<br>关闭文件。<br>可见,缓冲区满或关闭文件时都会刷新缓冲区,进行真正的I/O操作。</p><p> 大家要仔细理解缓冲区刷新的意思,刷新字面上的意思是用刷子刷,把原来旧的东西变新了,这里就是改变的意思,例如像缓冲区溢出的时候,多余出来的数据会直接将之前的数据覆盖,这样缓冲区里的数据就发生了改变。</p><p> 比如在Linux下,操作命令行就属于常见的行缓冲模式 输入一行命令例如ls,命令ls就会进入到缓冲区内,不输入回车的话,什么也不会发生,当输入回车就会执行真正的IO操作</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kOIQ8x.png" alt="test1" title=""> </div> <div class="image-caption">test1</div> </figure><p>还有一种情况,并不需要输入回车。</p><p> 例如在vim的正常模式下,输入dd可以直接删除某一行,并不需要输入回车。这种情况貌似就是直接把信号传送到内存中。</p><p> 我个人的想法是:键盘把dd输入到缓冲区,然后vim直接就从缓冲区把数据读出来了,不需要人为的干预,当然这只是我个人的假想( ╯□╰ )。</p><p>关于缓冲区的大小:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kOIrM8.jpg" alt="test2" title=""> </div> <div class="image-caption">test2</div> </figure><p> 在这种情况下,输出的信息特别多,我们可以通过滑动条来进行上下移动。这种情况属于缓冲区比较大的情况。</p><p>在真正的linux终端下:</p><p>执行find / ls 命令的话。</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s2.ax1x.com/2019/03/04/kOIssS.jpg" alt="test3" title=""> </div> <div class="image-caption">test3</div> </figure><p> 只能显示最后几行,因为在linux终端的缓冲区很小,出现了缓冲区溢出的现象,缓冲区里的数据被直接覆盖了。</p><p> 为此linux提供了管道符 | 与less,more组合,可以一页一页的查看。</p><h2 id="关于缓存(cache)"><a href="#关于缓存(cache)" class="headerlink" title="关于缓存(cache)"></a>关于缓存(cache)</h2><h3 id="什么是缓存"><a href="#什么是缓存" class="headerlink" title="什么是缓存"></a>什么是缓存</h3><p>cache是一个非常大的概念。</p><ul><li><p>一、CPU的Cache,它中文名称是高速缓冲存储器,读写速度很快,几乎与CPU一样。由于CPU的运算速度太快,内存的数据存取速度无法跟上CPU的速度,所以在cpu与内存间设置了cache为cpu的数据快取区。当计算机执行程序时,数据与地址管理部件会预测可能要用到的数据和指令,并将这些数据和指令预先从内存中读出送到Cache。一旦需要时,先检查Cache,若有就从Cache中读取,若无再访问内存,现在的CPU还有一级cache,二级cache。简单来说,Cache就是用来解决CPU与内存之间速度不匹配的问题,避免内存与辅助内存频繁存取数据,这样就提高了系统的执行效率。</p></li><li><p>二、磁盘也有cache,硬盘的cache作用就类似于CPU的cache,它解决了总线接口的高速需求和读写硬盘的矛盾以及对某些扇区的反复读取。</p></li><li><p>三、浏览器缓存(Browser Caching)是为了节约网络的资源加速浏览,浏览器在用户磁盘上对最近请求过的文档进行存储,当访问者再次请求这个页面时,浏览器就可以从本地磁盘显示文档,这样就可以加速页面的阅览,并且可以减少服务器的压力。这个过程与下载非常类似,不过下载是用户的主动过程,并且下载的数据一般是长时间保存,游览器的缓存的数据只是短时间保存,可以人为的清空</p></li><li><p>四、同样cache也有大小,例如现在市面上购买的CPU的cache越大,级数越多,CPU的访问速度越快。cache在很多方面都有应用,就不一一列举了。</p></li></ul><h2 id="缓存(cache)与缓冲-buffer-的主要区别"><a href="#缓存(cache)与缓冲-buffer-的主要区别" class="headerlink" title="缓存(cache)与缓冲(buffer)的主要区别"></a>缓存(cache)与缓冲(buffer)的主要区别</h2><p> Buffer的核心作用是用来缓冲,缓和冲击。比如你每秒要写100次硬盘,对系统冲击很大,浪费了大量时间在忙着处理开始写和结束写这两件事嘛。用个buffer暂存起来,变成每10秒写一次硬盘,对系统的冲击就很小,写入效率高了,日子过得爽了。极大缓和了冲击。</p><p> Cache的核心作用是加快取用的速度。比如你一个很复杂的计算做完了,下次还要用结果,就把结果放手边一个好拿的地方存着,下次不用再算了。加快了数据取用的速度。</p><p> 简单来说就是buffer偏重于写,而cache偏重于读。</p><p> 有时候大家好好理解这些专有名词字面上的意思,对理解这些概念有好处,缓冲:缓解冲击,缓存:临时存储</p>]]></content>
<summary type="html">
<h2 id="关于缓冲-buffer"><a href="#关于缓冲-buffer" class="headerlink" title="关于缓冲(buffer)"></a>关于缓冲(buffer)</h2><h3 id="什么是缓冲区"><a href="#什么是缓冲区" c
</summary>
<category term="Linux" scheme="https://sevge.github.io/about/categories/Linux/"/>
</entry>
<entry>
<title>Wi-FireMan的总结与传承</title>
<link href="https://sevge.github.io/about/2018/10/06/WIFI-Sentry/"/>
<id>https://sevge.github.io/about/2018/10/06/WIFI-Sentry/</id>
<published>2018-10-06T08:06:57.000Z</published>
<updated>2018-10-06T10:19:28.076Z</updated>
<content type="html"><![CDATA[<h3 id="作品简介"><a href="#作品简介" class="headerlink" title="作品简介"></a>作品简介</h3><p> 该作品主体是运行在无线网络环境下用于侦测自身WIFI并分析安全状况的一套系统。<br> 它可以监测收集周围无线环境内无线路由设备的SSID、MAC地址、信道、频率、信号强度等信息。根据收集到的这些信息进行统计和分析,判断所在Wi-Fi的安全程度。对于有威胁的事件配置警告措施若检测到某种攻击时,能发出滴滴警报声,并同时发送攻击项目数据报告邮件给用户。配合日志管理系统,通过WEB端,利用图形化界面方便直观地查看收集到的数据内容。</p><h3 id="相关名词"><a href="#相关名词" class="headerlink" title="相关名词"></a>相关名词</h3><h4 id="站点STA(Station)"><a href="#站点STA(Station)" class="headerlink" title="站点STA(Station)"></a>站点STA(Station)</h4><p> 所谓的站点,是指具有WIFI通信功能的,并且连接到无线网络中的终端设备,如手机、平板电脑、笔记本电脑等。</p><h4 id="接入点AP(Access-Point)"><a href="#接入点AP(Access-Point)" class="headerlink" title="接入点AP(Access Point)"></a>接入点AP(Access Point)</h4><p> 就是我们平常所说的WIFI热点,更通俗一点,就是我们家里的无线路由器。那么它的作用是什么呢?当我们需要从互联网上获取数据到手机上显示时,那么接入点就相当于一个转发器,将互联网上其他服务器上的数据转发给我们的手机上,当然这只是一个粗略的说法。同时,接入点也属于站点的一种。</p><h4 id="服务集识别码SSID(Service-Set-IDentifier)"><a href="#服务集识别码SSID(Service-Set-IDentifier)" class="headerlink" title="服务集识别码SSID(Service Set IDentifier)"></a>服务集识别码SSID(Service Set IDentifier)</h4><p> 当我们去到一个新地方的时候,开口第一句就是:“请问WIFI账号和密码是多少?”,这里的WIFI账号就是SSID。SSID是通过接入点广播出来了。同时,我们在设置无线路由器时,可修改SSID的名称。</p><h4 id="身份认证(Authentication)"><a href="#身份认证(Authentication)" class="headerlink" title="身份认证(Authentication)"></a>身份认证(Authentication)</h4><p> 实体安全防护在有线局域网络安全解决方案中是不可或缺的一部分。网络和连接点(attachment point)受到限制,通常只有位于外围访问控制设备(perimeter access control device)之后的办公区才能加以访问。网络设备可以通过加锁的配线柜(locked wiring closet)加以保护,而办公室与隔间的网络插座只在必要时才连接至网络。无线网络无法提供相同层次的实体保护,因此必须依赖额外的身份认证程序,以保证访问网络的用户已获得授权。身份认证是关联的必要前提,唯有经过身份认证的用户才允许使用网络。 站点与无线网络连接的过程中,可能必须经过多次身份认证。关联之前,站点会先以本身的MAC地址来跟基站进行基本的身份认证。此时的身份认证,通常称为802.11身份认证,有别于后续所进行、牢靠而经过加密的用户身份认证。</p><h4 id="解除认证(Deauthentication)"><a href="#解除认证(Deauthentication)" class="headerlink" title="解除认证(Deauthentication)"></a>解除认证(Deauthentication)</h4><p> 解除认证用来终结一段认证关系。因为获准使用网络之前必须经过身份认证,解除认证的副作用就是终止目前的关联。在强健安全网络中,解除认证也会清除密钥信息。</p><h3 id="WiFi接入原理"><a href="#WiFi接入原理" class="headerlink" title="WiFi接入原理"></a>WiFi接入原理</h3><p> 现在常见的WiFi基本上都带有一个锁头,即它本身是经过了加密,需要经过认证后才能连接上它。一次连接大致需要三个步骤:扫描(Scanning)、认证(Authentication)、关联(Association)。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HV2dwRGJzWnM3aE9kOENkRHEvN1hDaXRyZWtqMUk2SVJnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="WiFi接入过程" title=""> </div> <div class="image-caption">WiFi接入过程</div> </figure></p><h4 id="扫描"><a href="#扫描" class="headerlink" title="扫描"></a>扫描</h4><p> 要加入一个无线网络,首先我们需要找到它的网络名称,即SSID。这个SSID其实是接入点(Access Point)回应工作站扫描时所带的参数,还有其它的网络参数,包括BSSID(可理解为接入点的MAC地址)、信号强度、加密和认证方式等。<br> 扫描类型分两种,一种是主动扫描(active scanning),另一种是被动扫描(passivescanning)。</p><h5 id="主动扫描(activescanning)"><a href="#主动扫描(activescanning)" class="headerlink" title="主动扫描(activescanning)"></a>主动扫描(activescanning)</h5><p> 即我们的手机(工作站STA)以主动的方式,在每个信道上发出Probe Request帧,请求某个特定无线网络予以回应。主动扫描是主动寻找网络,而不是静候无线网络声明本身的存在。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HZVlFYSt4eThubXhIOFlhTDRrVjZPSmNkcllzbHdRenRnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="主动扫描" title=""> </div> <div class="image-caption">主动扫描</div> </figure></p><h5 id="被动扫描(passivescanning)"><a href="#被动扫描(passivescanning)" class="headerlink" title="被动扫描(passivescanning)"></a>被动扫描(passivescanning)</h5><p> 现在大部分移动电子产品都是采用被动扫描(passive scanning)的方式,原因是扫描过程中不需要传送任何信号,可以省电。在被动扫描中,工作站会在信道列表(channel list)所列的各个信道之间不断切换,并静候Beacon帧的到来。所收到的任何帧都会被暂存起来,以便取出传送这些帧的BSS 的相关数据。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HVzI2anJvMTVDVmtaTTkwTTNLTk1RMkRTNUhYbVRxVU9nPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="被动扫描" title=""> </div> <div class="image-caption">被动扫描</div> </figure></p><h4 id="认证"><a href="#认证" class="headerlink" title="认证"></a>认证</h4><p> 由于无线网络的最大缺陷就是安全性,进行身份认证是必须的,同时认证的连接工作也必须予以加密,以防未经授权的使用者访问。<br> 扫描完成后,我们会选择想要加入的WIFI热点。此时,加密后的网络会弹出一个输入密码的提示框。这个过程叫做:认证(Authentication)。<br>早期的IEEE802.11定义了两种认证方式:</p><ul><li>开放系统认证(OpenSystem authentication),</li><li>共享密钥认证(SharedKey authentication)。</li></ul><p> 开放系统认证是IEEE802.11默认的认证方式,实质上并没有做认证。连接无线网络时,基站并没有验证工作站的真实身份。认证过程由以下两个步骤组成:第一,工作站发送身份声明和认证请求;第二,基站应答认证结果,如果返回的结果是“successful”,表示两者已相互认证成功。共享密钥认证依赖于WEP(Wired Equivalent Privacy,有线等效加密)机制,这种加密机制非常不安全,可以使用Kali上集成的Aircrack-ng轻松破解出密码,因此WEP渐渐被淘汰。<br> WPA(Wi-Fi Protected Access)是WIFI联盟制定的安全性标准,WPA2是第二个版本。PSK(PreShared Key)叫做预共享密钥。经过这种加密方式后,无线网络中的数据包几乎是不可能解密的了。</p><h4 id="关联"><a href="#关联" class="headerlink" title="关联"></a>关联</h4><p> 认证完成后,下一步就是关联(Association)。工作站与基站进行关联,以便获得网络的完全访问权。一旦移动式工作站与基站完成认证,便可送出关联请求(Association Request)帧。尚未经过身份认证的工作站,会在基站的答复中收到一个解除关联(Deauthenticaton)帧。一旦关联请求获准,基站就会以代表成功的状态代码0及关联识别码(Association ID,简称 AID)来回应。关联请求如果失败,就只会返回状态码,并且中止整个过程。<br> 最后,基站开始为移动式工作站处理帧。在常见的产品中,所使用的分布式系统媒介通常是Ethernet。在交换式Ethernet 里,该工作站的MAC地址得以跟某个特定的交换端口(Switch Port)形成关联。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HZFJGTTBPT3ZPWnFZQ0NYUnhpTmtYMUJUSEV5RUlnTVd3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="关联过程" title=""> </div> <div class="image-caption">关联过程</div> </figure></p><p> 以上,就是一次WiFi连接的整个过程,在这一整套过程都通过以后,用户即获得该无线网络的完全访问权限。</p><h3 id="系统架构"><a href="#系统架构" class="headerlink" title="系统架构"></a>系统架构</h3><p>在了解以上知识后,介绍一下我们的作品所需要的设备以及整体的架构:<br> 作为微型计算机的树莓派,提供多个接口,外接保持监控模式的无线网卡是最适合的。此外,树莓派成本低,功耗低,适合7*24工作以持续地在自己的WiFi中巡逻。我们使用云服务器是考虑到终端用户达到一定数量,它们收集的日志都能直接通过云服务器来处理,以简化流程。开源的日志管理系统Graylog,部署维护简单、内置简单的告警、提供简单的聚合统计功能、提供友好的UI,我们在此基础上汉化了相关内容,优化了界面,提升了它的易用性。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFlGTTVtbnVobUpvUm5mV0RUUDdRMzNST2hrZ2F0MG1XRXNtZXhGbmtuR1d3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="arch" title=""> </div> <div class="image-caption">arch</div> </figure></p><h3 id="安全问题和解决思路"><a href="#安全问题和解决思路" class="headerlink" title="安全问题和解决思路"></a>安全问题和解决思路</h3><p> 由于WIFI网络具有移动性,同时WIFI以无线电波作为传输媒介,这种媒介本质上是开放的,且容易被拦截,因此它是整个网络系统中最为薄弱的一环,常常受到各种攻击。这里以MDK3为例,展示常见的WiFi标准下的攻击以及所带来的影响。</p><h4 id="Beacon-Flood"><a href="#Beacon-Flood" class="headerlink" title="Beacon Flood"></a>Beacon Flood</h4><p> 这个模式可以产生大量死亡SSID来充斥无线客户端的无线列表,从而扰乱无线使用者;我们甚至还可以自定义发送死亡SSID的BSSID和ESSID、加密方式(如wep/wpa2)等。<br>常用命令:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">mdk3 mon0 b </span><br><span class="line"> -n <ssid> #自定义ESSID</span><br><span class="line"> -f <filename> #读取ESSID列表文件</span><br><span class="line"> -v <filename> #自定义ESSID和BSSID对应列表文件</span><br><span class="line"> -d #自定义为Ad-Hoc模式</span><br><span class="line"> -w #自定义为wep模式</span><br><span class="line"> -g #54Mbit模式</span><br><span class="line"> -t # WPA TKIP encryption</span><br><span class="line"> -a #WPA AES encryption</span><br><span class="line"> -m #读取数据库的mac地址</span><br><span class="line"> -c <chan> #自定义信道</span><br><span class="line"> -s <pps> #发包速率mdk3 --help b #查看详细内容</span><br></pre></td></tr></table></figure></p><p>检测效果:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HV1NDbGtmekFqdGx0UFJncmFONW8xenFLRkRRNWFlemNRPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="beacon flood" title=""> </div> <div class="image-caption">beacon flood</div> </figure></p><h4 id="Authentication-DoS"><a href="#Authentication-DoS" class="headerlink" title="Authentication DoS"></a>Authentication DoS</h4><p> 这是一种验证请求攻击模式:在这个模式里,软件自动模拟随机产生的mac向目标AP发起大量验证请求,可以导致AP忙于处理过多的请求而停止对正常连接客户端的响应;这个模式常见的使用是在reaver穷据路由PIN码,当遇到AP被“pin死”时,可以用这个模式来直接让AP停止正常响应,迫使AP主人重启路由!<br>常用命令:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">mdk3 mon0 a</span><br><span class="line"> -a <ap_mac> #测试指定BSSID</span><br><span class="line"> -m #使用有效数据库中的客户端mac地址</span><br><span class="line"> -c #对应 -a ,不检查是否测试成功</span><br><span class="line"> -i <ap_mac> #对指定BSSID进行智能攻击</span><br><span class="line"> -s <pps> #速率,默认50</span><br></pre></td></tr></table></figure></p><p>检测效果:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HZnJtOEE4UWlhbVdlSittaG9GTTZTcXhYdkRONy9LSFpBPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="auth dos" title=""> </div> <div class="image-caption">auth dos</div> </figure></p><h4 id="Deauthentication-Disassociation-Amok"><a href="#Deauthentication-Disassociation-Amok" class="headerlink" title="Deauthentication/Disassociation Amok"></a>Deauthentication/Disassociation Amok</h4><p> 强制解除验证解除连接。在这个模式下,软件会向周围所有可见AP发起循环攻击……可以造成一定范围内的无线网络瘫痪(当然有白名单,黑名单模式),直到手动停止攻击!<br>常用命令:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">mdk3 mon0 d</span><br><span class="line"> -w <filename> #白名单mac地址列表文件</span><br><span class="line"> -b <filename> #黑名单mac地址列表文件</span><br><span class="line"> -s <pps> #速率,这个模式下默认无限制</span><br><span class="line"> -c [chan,chan,chan,...] #信道,可以多填,如 2,4,5,1</span><br></pre></td></tr></table></figure></p><p>检测效果:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HYmRxWTMwTWFuY2pyZEpjOEFESWNuS01qdmJRUll5cUNBPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="deauth amok" title=""> </div> <div class="image-caption">deauth amok</div> </figure></p><h4 id="Brute-forcing-access"><a href="#Brute-forcing-access" class="headerlink" title="Brute-forcing access"></a>Brute-forcing access</h4><p> 其实以上攻击方式的共性就是干扰合法用户与接入点的通信,而在用户与接入点重新认证与关联的过程中,攻击者可以抓取这个过程中的握手包。握手包一般在10KB-1000KB不等,但这个数据包中包含了接入点的正确秘钥。攻击者在抓取到握手包以后,可以安安心心地回家使用EWSA工具暴力破解这个数据包的密钥,当得到密钥后,即得到了原接入点的访问权。<br> 这种攻击方式一般没有特别好的防御方式,通常来说就是在察觉到有干扰通信的时候,定期修改一次密码,且保障密码的复杂性。</p><h4 id="Rogue-access-points"><a href="#Rogue-access-points" class="headerlink" title="Rogue access points"></a>Rogue access points</h4><p> 钓鱼热点是WiFi环境下最常用且最容易获取用户凭证的一种攻击方式,类似WiFiPhsher、Fluxion等工具就可以开启高度定制化的钓鱼热点。在基于以上干扰用户连接的前提下,让用户错连接到攻击者开启的钓鱼热点,以此窃取用户凭证。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFlGTTVtbnVobUpvWWZLSGNCRE9hY29CTmFXSGFSdHhjWUhlYi9mdS9YRlh3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="rogue" title=""> </div> <div class="image-caption">rogue</div> </figure><br> 虽然用户可能很难发现钓鱼热点与真实热点的细微差别,但我们的作品就能放大这其中的巨大变化。</p><h5 id="SSID白名单"><a href="#SSID白名单" class="headerlink" title="SSID白名单"></a>SSID白名单</h5><p> 每一个WiFi接入点都有自己的MAC地址,而MAC地址也是它会发送的数据的其中一部分。一种检测流氓热点的方法就是设置一个可信接入点白名单,然后用MAC地址做标识来进行热点匹配。某些攻击者可能通过简单地伪装与原接入点相同的SSID名称来骗取用户的信任。</p><h5 id="变化的Beacon帧数值"><a href="#变化的Beacon帧数值" class="headerlink" title="变化的Beacon帧数值"></a>变化的Beacon帧数值</h5><p> 前面说到的被动扫描中有说到Beacon帧,接入点向外发送的Beacon帧数值应当是规律且稳定的。若一个流氓接入点同时开启,那么,这个数量值就会成倍地增长。</p><h5 id="错误的信道"><a href="#错误的信道" class="headerlink" title="错误的信道"></a>错误的信道</h5><p> 一般来说,一个接入点同一时刻只会使用一条信道,且不会经常去切换。因此,可以设置一个列表来存储所有受信任接入点的信道,如果信道不同,则说明该接入点有问题。</p><h5 id="信号强度异常"><a href="#信号强度异常" class="headerlink" title="信号强度异常"></a>信号强度异常</h5><p> 同上,接入点的物理位置通常都不会变化,所以它的相对信号质量会非常稳定。若一个流氓接入点在另一个地点开启,那么信号质量会有较大的波动。下面的图中,因为是实验环境,我的攻击网卡设备和接入点离得很近,因此这个图表没有较大的变化。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUGFMZGVTbGw4ZE9HZDNNSjVQbktHMmF5U3lwbkdZMTVEb3hYWTkvSGN6ai9RPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="rogue detection" title=""> </div> <div class="image-caption">rogue detection</div> </figure></p><h3 id="参考"><a href="#参考" class="headerlink" title="参考"></a>参考</h3><p><a href="http://ju.outofmemory.cn/entry/148457" target="_blank" rel="noopener">无线攻击神器–MDK3 使用方法</a><br><a href="https://blog.csdn.net/superhcq/article/category/6704440" target="_blank" rel="noopener">WiFi接入原理-CSDN-小韩同学的博客</a><br><a href="https://www.cnblogs.com/qiyeboy/category/901758.html" target="_blank" rel="noopener">无线局域网安全-博客园-七夜的故事</a><br><a href="https://wtf.horse/2017/09/19/common-wifi-attacks-explained/" target="_blank" rel="noopener">common-wifi-attacks</a></p>]]></content>
<summary type="html">
<h3 id="作品简介"><a href="#作品简介" class="headerlink" title="作品简介"></a>作品简介</h3><p> 该作品主体是运行在无线网络环境下用于侦测自身WIFI并分析安全状况的一套系统。<br> 它可以监测收集周围无线环境内无
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>图说CDN</title>
<link href="https://sevge.github.io/about/2018/10/04/cdn/"/>
<id>https://sevge.github.io/about/2018/10/04/cdn/</id>
<published>2018-10-04T09:00:27.000Z</published>
<updated>2018-10-04T09:38:18.723Z</updated>
<content type="html"><![CDATA[<h4 id="什么是CDN"><a href="#什么是CDN" class="headerlink" title="什么是CDN?"></a>什么是CDN?</h4><p> 618电商节、双11购物狂欢节,到底是什么在支撑数以万计的秒杀活动?这就不得不提一直隐姓埋名的 CDN 了,其全称是 Content Delivery Network,即内容分发网络。<br> 那到底 CDN 是什么鬼,我们还得从西天取经说起……<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4Vkc0UkcxRHEyd2JiOGFLMHMwd0pFdlBHK2E0Q1QwSEJRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="0" title=""> </div> <div class="image-caption">0</div> </figure></p><h4 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h4><p> 1300年前,唐僧师徒取经要跋涉十万八千里,历经九九八十一难,一路打怪升级,最终才能修成正果,悟空加冕“斗战胜佛”。<br> 1300年后,西游互联网已经开通,雷音寺官网上线,取经只需打开网站,点击下载,凡夫俗子也可以轻易取得真经。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4Vkc0UkcxRHEyd2Jqc0xROWlHWHAxd0FoVzg2aTdYQld3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="1" title=""> </div> <div class="image-caption">1</div> </figure><br> 初时,唐僧师徒觉得当年的辛苦付出颇为不值,慨叹世事变迁,法术高强敌不过科技进步。<br>然四大部洲善男信女众多,扎堆前往雷音寺官网下载经书,网站不堪重负,信徒叫苦不迭,神通广大的如来使出“Scacleup + Scaleout”心法,扩容雷音官网,仍不得其解,遂差遣悟空一查究竟。</p><h4 id="八十一难"><a href="#八十一难" class="headerlink" title="八十一难"></a>八十一难</h4><p> 悟空火眼金睛,半晌就把原因查了个一清二楚,原来信徒要想美美的访问雷音网,需要打败四个妖怪:</p><h5 id="第一怪,首里魔"><a href="#第一怪,首里魔" class="headerlink" title="第一怪,首里魔"></a>第一怪,首里魔</h5><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4UmNkNXdxbHBveFZ5V2FacUJLbzk0T29HWk4yblZ0VW9nPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="首里魔" title=""> </div> <div class="image-caption">首里魔</div> </figure><p> “首里魔”又称“第一公里魔”,把持网站服务器接入西游互联网的路口带宽,这个带宽决定了能为信徒提供的访问速度和并发访问量。</p><h5 id="第二怪,骨干精"><a href="#第二怪,骨干精" class="headerlink" title="第二怪,骨干精"></a>第二怪,骨干精</h5><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4VjRTcEw0Q2JiUHdGN2pGOUw3SHIyOHhkWXk5b3NhTHhnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="骨干精" title=""> </div> <div class="image-caption">骨干精</div> </figure><p> “骨干精”藏于西游互联网的长途传输要道,出没于IDC、骨干网、城域网、接入网等洞穴,使用“时延”和“拥塞”两个妖术作法。</p><h5 id="第三怪,互联妖"><a href="#第三怪,互联妖" class="headerlink" title="第三怪,互联妖"></a>第三怪,互联妖</h5><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4UXR0eVRNVXM1V0M2N29Od2M0by9EZTFOWHg4TFBhdS9nPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="互联妖" title=""> </div> <div class="image-caption">互联妖</div> </figure><p> 西游互联网覆盖四大部洲,各部洲的网络独立运营,“互联妖”善于挑拨离间,让洲与洲之间的互联带宽成为瓶颈。</p><h5 id="第四怪,末里兽"><a href="#第四怪,末里兽" class="headerlink" title="第四怪,末里兽"></a>第四怪,末里兽</h5><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4UzNMeVZ2Z3VpTXBGcVI4MEswQjBKNzJuT3lmMTR1eVZBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="末里兽" title=""> </div> <div class="image-caption">末里兽</div> </figure><p> “末里兽”又称“最后一公里兽”,蹲守在上网信徒的家门口,把持用户访问西游互联网的通路,收取买路钱,钱少只能走羊肠小道。 </p><h4 id="悟空显神通"><a href="#悟空显神通" class="headerlink" title="悟空显神通"></a>悟空显神通</h4><p> 悟空看罢大怒,原来是这些妖孽作怪!<br> 于是拔下一根毫毛,使出“CDN”大法,变作几百只小猴子,一声令下,每猴背熟一些经文,纷纷潜入到各大部洲的 IDC 山洞中,就近为善男信女们提供讲经服务,这些小猴子被俗称为“cache猴”。<br> 小猴子们基于这样的规则干活:<br>A.当某个信徒需要阅读经书,大家就挑选能最快到达信徒家的猴子前去讲经(可能距离最近,也可能是路最好走);<br>B.如果某部经书被很多信徒需要,它就会被距离这些信徒最近的小猴子烂熟于心。<br> 可是猴子很多又生性顽劣,管好还是很费神的,于是悟空叫来了师父和师弟们帮忙,师徒同心,其利断金。</p><h5 id="沙僧"><a href="#沙僧" class="headerlink" title="沙僧"></a>沙僧</h5><p> 沙和尚任劳任怨,悟空让他承担“分发服务”:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4WC9DaGF1eWh3a0xtbmIzeVdKQXg1ZnBaa1dxaU1oVUN3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="沙僧" title=""> </div> <div class="image-caption">沙僧</div> </figure><br> 老沙的主要职责是将经书内容从雷音寺中心向各部洲的“cache猴”推送和存储,承担实际的佛经流量全网分发工作和面向最终信徒的阅读请求服务。</p><h5 id="八戒"><a href="#八戒" class="headerlink" title="八戒"></a>八戒</h5><p> 猪八戒肠肥肚圆,悟空让他承担“负载均衡”:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4YjE4V3pNQjE1UnhCSkZqRkN0WHhUa0pzNzFET2swcTVRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="八戒" title=""> </div> <div class="image-caption">八戒</div> </figure><br> 八戒负责对所有发起阅经请求的信徒进行访问调度,确定提供给信徒的最终实际访问地址,告诉信徒那个小猴子最适合他。</p><h5 id="三藏"><a href="#三藏" class="headerlink" title="三藏"></a>三藏</h5><p> 唐三藏高瞻远瞩,悟空请他承担“运营管理”:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFkyTmVGdU5NMVF4VlpWUHQxY2tZbGY1cVk4YWJkVGNZVldrajBQQlYwaFB3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="三藏" title=""> </div> <div class="image-caption">三藏</div> </figure><br> 唐僧负责对日常事务的监管、收支核算、团队状态的检查、分析,也承担与大客户–佛祖“疏通”关系等职责。 </p><h4 id="美满结局"><a href="#美满结局" class="headerlink" title="美满结局"></a>美满结局</h4><p> 在师徒四人的通力合作下,四个妖怪被打败,如来佛祖的心病治愈了,天下苍生得以美美滴上网取经。<br> 雷音寺赚得盆满钵满,不断推出新的服务,原来只有经书下载,现在可以在线浏览经书,还可以视频直播,观看佛祖在线讲经。<br> 于是唐僧师徒的 CDN 服务从原来只提供文件传输加速服务,到后来增加为流媒体加速服务、网页浏览加速服务等等。<br> 从此,天下再没有难取的经,悟空得到佛祖嘉奖,从“斗战胜佛”升级为“斗站胜佛”!</p><h4 id="完"><a href="#完" class="headerlink" title="完"></a>完</h4><p> 好了,西游记的故事讲完了,小伙伴们也明白什么是 CDN 了。</p><h4 id="关于"><a href="#关于" class="headerlink" title="关于"></a>关于</h4><p> CSDN上看到的一篇很有趣的文章,用西天取经的故事生动形象地展示了CDN的那些事。<br> 个人觉得写的非常好,遂搬运。如涉侵权,请告知。</p>]]></content>
<summary type="html">
<h4 id="什么是CDN"><a href="#什么是CDN" class="headerlink" title="什么是CDN?"></a>什么是CDN?</h4><p> 618电商节、双11购物狂欢节,到底是什么在支撑数以万计的秒杀活动?这就不得不提一直隐姓埋名的 CD
</summary>
<category term="收藏" scheme="https://sevge.github.io/about/categories/%E6%94%B6%E8%97%8F/"/>
</entry>
<entry>
<title>简易资产管理平台</title>
<link href="https://sevge.github.io/about/2018/09/16/my-cmdb/"/>
<id>https://sevge.github.io/about/2018/09/16/my-cmdb/</id>
<published>2018-09-16T03:00:27.000Z</published>
<updated>2018-09-16T06:04:32.098Z</updated>
<content type="html"><![CDATA[<h3 id="已实现的功能"><a href="#已实现的功能" class="headerlink" title="已实现的功能"></a>已实现的功能</h3><h4 id="资产数据收集接口"><a href="#资产数据收集接口" class="headerlink" title="资产数据收集接口"></a>资产数据收集接口</h4><p>在<code>/assets/report</code>下提供一个接受post请求的开放接口<br>能接收任意来源的数据。</p><h4 id="仪表盘页面"><a href="#仪表盘页面" class="headerlink" title="仪表盘页面"></a>仪表盘页面</h4><p>从数据库调出已有资产的设备状态和数量统计,发送给前端页面展示:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFlzK3dhNFJtSHc3R3BhdVpjN3dETWpTSURBMWRNNFdWUmc0ekkxZVNZUlF3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="dashboard" title=""> </div> <div class="image-caption">dashboard</div> </figure></p><h4 id="资产列表"><a href="#资产列表" class="headerlink" title="资产列表"></a>资产列表</h4><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUFlzK3dhNFJtSHc3TjNrU0FOT0E1YXZXVWNhU3RNMlI4V3FZT0lTWUU3QVFnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="datatables" title=""> </div> <div class="image-caption">datatables</div> </figure><h4 id="资产详情"><a href="#资产详情" class="headerlink" title="资产详情"></a>资产详情</h4><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUFlzK3dhNFJtSHc3RDJTbVIvUERWT09nVUxxd09KL1JHZVFJWXFiR3M4TW93PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="detail" title=""> </div> <div class="image-caption">detail</div> </figure><h3 id="待完善"><a href="#待完善" class="headerlink" title="待完善"></a>待完善</h3><h4 id="客户端"><a href="#客户端" class="headerlink" title="客户端"></a>客户端</h4><p>目前服务端展示的数据都是通过测试脚本发送的虚拟数据,仍需要解决客户端自动收集自身设备信息并自动发送给服务端的功能。</p><h4 id="服务端"><a href="#服务端" class="headerlink" title="服务端"></a>服务端</h4><p>需要日志功能,记录并展示以往添加或更新的资产数据。<br>另外,仍需实现平台的登陆验证功能,以保证信息的相对安全性。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFlzK3dhNFJtSHc3QWV0dFowQm5QTTJOZ1ZWTzNTVG04QUR4VEQ1ZnRLalZRPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="login_require" title=""> </div> <div class="image-caption">login_require</div> </figure></p>]]></content>
<summary type="html">
<h3 id="已实现的功能"><a href="#已实现的功能" class="headerlink" title="已实现的功能"></a>已实现的功能</h3><h4 id="资产数据收集接口"><a href="#资产数据收集接口" class="headerlink"
</summary>
<category term="Python" scheme="https://sevge.github.io/about/categories/Python/"/>
</entry>
<entry>
<title>高可用业务集群实验</title>
<link href="https://sevge.github.io/about/2018/09/11/linux-enterprise-cluster/"/>
<id>https://sevge.github.io/about/2018/09/11/linux-enterprise-cluster/</id>
<published>2018-09-11T00:47:18.000Z</published>
<updated>2018-09-11T01:10:20.378Z</updated>
<content type="html"><![CDATA[<h3 id="准备工作"><a href="#准备工作" class="headerlink" title="准备工作"></a>准备工作</h3><p>老惯例,SELINX和IPTABLES先清一下<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">setenforce 0</span><br><span class="line">service firewalld stop</span><br></pre></td></tr></table></figure></p><p>整体架构如下:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3OEVQUDBYeU5HRWZ0a3RUMnNJTlVVeEZlYmp3bWN1UDBBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="架构图" title=""> </div> <div class="image-caption">架构图</div> </figure></p><h3 id="配置最外层的防火墙(路由)"><a href="#配置最外层的防火墙(路由)" class="headerlink" title="配置最外层的防火墙(路由)"></a>配置最外层的防火墙(路由)</h3><ol><li>先在虚拟机上添加一块网卡,采用桥接模式</li><li>复制/etc/sysconfig/network-script/ifcfg-ens33一份到/etc/sysconfig/network-script/ifcfg-ens37</li><li>记得修改其中的内容为ens37,UUID也修改为唯一</li><li>配置SNAT,让内部服务器可以上网,DNAT将端口映射出去:<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"># 安装iptables防火墙</span><br><span class="line">yum install -y iptables-services</span><br><span class="line"># 对iptables进行初始化</span><br><span class="line">iptables -F</span><br><span class="line">iptables -t nat -F</span><br><span class="line"># 打开系统的IP转发功能</span><br><span class="line">echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf </span><br><span class="line"># 不用重启,立即生效</span><br><span class="line"></span><br><span class="line"># 配置iptables的NAT转发(重点)</span><br><span class="line">iptables -t nat -A POSTROUTING -s 192.168.177.0/24 -j SNAT --to 192.168.0.177</span><br><span class="line">iptables -t nat -A PREROUTING -d 192.168.0.177 -p tcp --dport 22 -j DNAT --to 192.168.177.2</span><br><span class="line">iptables -t nat -A PREROUTING -d 192.168.0.177 -p tcp --dport 80 -j DNAT --to 192.168.177.101</span><br><span class="line">iptables -t nat -A PREROUTING -d 192.168.0.177 -p tcp --dport 3306 -j DNAT --to 192.168.177.102</span><br><span class="line">...</span><br><span class="line"></span><br><span class="line"># 保存并启动</span><br><span class="line">iptables-save > /etc/sysconfig/iptables</span><br><span class="line">systemctl start iptables</span><br><span class="line">systemctl enable iptables</span><br></pre></td></tr></table></figure></li></ol><h3 id="lvs-keepalived-nginx-gunicorn部署自己的django项目并实现高可用性"><a href="#lvs-keepalived-nginx-gunicorn部署自己的django项目并实现高可用性" class="headerlink" title="lvs + keepalived + nginx + gunicorn部署自己的django项目并实现高可用性"></a>lvs + keepalived + nginx + gunicorn部署自己的django项目并实现高可用性</h3><h4 id="环境"><a href="#环境" class="headerlink" title="环境"></a>环境</h4><ul><li>LoadBalancer master:192.168.177.3</li><li>LoadBalancer backup:192.168.177.4</li><li>Web1:192.168.177.5</li><li>Web2:192.168.177.6</li><li>NFS:192.168.177.7</li><li><p>vip:192.168.177.101</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">vi /etc/sysconfig/network-script/ifcfg-ens33</span><br><span class="line">BOOTPROTO=static</span><br><span class="line">ONBOOT=yes</span><br><span class="line">IPADDR=192.168.177.3</span><br><span class="line">NETMASK=255.255.255.0</span><br><span class="line">GATEWAY=192.168.177.1</span><br><span class="line">DNS1=119.29.29.29</span><br></pre></td></tr></table></figure></li><li><p>配置两台Director节点</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br></pre></td><td class="code"><pre><span class="line">yum install -y ipvsadm keepalived</span><br><span class="line">echo 1 > /proc/sys/net/ipv4/ip_forward # 开启路由转发</span><br><span class="line">ifconfig ens33 down</span><br><span class="line">ifconfig ens33 192.168.177.101 broadcast 192.168.177.101 netmask 255.255.255.255 up</span><br><span class="line">route add -host 192.168.177.101 dev ens33</span><br><span class="line">ipvsadm -C</span><br><span class="line">ipvsadm -A -t 192.168.177.101:80 -s wrr</span><br><span class="line">ipvsadm -a -t 192.168.177.101 -r 192.168.177.5:80 -g -w 3</span><br><span class="line">ipvsadm -a -t 192.168.177.101 -r 1 92.168.166.6 -g -w 3</span><br><span class="line">====</span><br><span class="line">/etc/keepalived/keepalived.conf</span><br><span class="line">! Configuration File for keepalived</span><br><span class="line"></span><br><span class="line">global_defs {</span><br><span class="line"> notification_email {</span><br><span class="line"> acassen@firewall.loc</span><br><span class="line"> failover@firewall.loc</span><br><span class="line"> sysadmin@firewall.loc</span><br><span class="line"> }</span><br><span class="line"> notification_email_from Alexandre.Cassen@firewall.loc</span><br><span class="line"> smtp_server 192.168.200.1</span><br><span class="line"> smtp_connect_timeout 30</span><br><span class="line"> router_id LVS_DEVEL</span><br><span class="line"> vrrp_skip_check_adv_addr</span><br><span class="line"> # vrrp_strict</span><br><span class="line"> vrrp_garp_interval 0</span><br><span class="line"> vrrp_gna_interval 0</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">vrrp_instance VI_1 {</span><br><span class="line"> state MASTER</span><br><span class="line"> interface ens33</span><br><span class="line"> virtual_router_id 17</span><br><span class="line"> priority 110</span><br><span class="line"> advert_int 1</span><br><span class="line"> authentication {</span><br><span class="line"> auth_type PASS</span><br><span class="line"> auth_pass 123123</span><br><span class="line"> }</span><br><span class="line"> virtual_ipaddress {</span><br><span class="line"> 192.168.177.101</span><br><span class="line"> }</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">virtual_server 192.168.177.101 80 { #设置虚拟服务器,需要指定虚拟ip和服务端口</span><br><span class="line"> delay_loop 3 #健康检查时间间隔</span><br><span class="line"> lb_algo rr #负载均衡调度算法</span><br><span class="line"> lb_kind DR #负载均衡转发规则</span><br><span class="line"> persistence_timeout 50 #设置会话保持时间,对动态网页非常有用</span><br><span class="line"> protocol TCP #指定转发协议类型,有TCP和UDP两种</span><br><span class="line"></span><br><span class="line"> real_server 192.168.177.5 80 { #配置服务器节点1,需要指定real server的真实IP地址和端口</span><br><span class="line"> weight 1 #设置权重,数字越大权重越高</span><br><span class="line"> TCP_CHECK { #realserver的状态监测设置部分单位秒</span><br><span class="line">connect_timeout 3 #超时时间</span><br><span class="line">nb_get_retry 3 #重试次数</span><br><span class="line">delay_before_retry 3 #重试间隔</span><br><span class="line"> connect_port 80 #监测端口</span><br><span class="line"> }</span><br><span class="line">}</span><br><span class="line"> real_server 192.168.177.6 80 {</span><br><span class="line"> weight 1</span><br><span class="line"> TCP_CHECK {</span><br><span class="line"> connect_timeout 3</span><br><span class="line"> nb_get_retry 3</span><br><span class="line"> delay_before_retry 3</span><br><span class="line"> connect_port 80</span><br><span class="line"> }</span><br><span class="line"> } </span><br><span class="line"></span><br><span class="line">}</span><br><span class="line">serviced keepalived start</span><br></pre></td></tr></table></figure></li><li><p>配置两台Real Server:</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">ifconfig lo 192.168.177.101 broadcast 192.168.177.101 netmask 255.255.255.255 up</span><br><span class="line">route add -host 192.168.177.101 lo</span><br><span class="line">echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore</span><br><span class="line">echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce</span><br><span class="line">echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore</span><br><span class="line">echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce</span><br></pre></td></tr></table></figure></li></ul><p>外面访问<code>192.168.0.177</code>,当出现如下结果即成功搭建好了lvs+nginx的高可用web服务。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3MkN2YkFkWVBHT2VERVdDTjJuei9ka1A4RjNhZUIrYVd3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="nginx" title=""> </div> <div class="image-caption">nginx</div> </figure></p><h4 id="搭建NFS服务"><a href="#搭建NFS服务" class="headerlink" title="搭建NFS服务"></a>搭建NFS服务</h4><h5 id="环境-1"><a href="#环境-1" class="headerlink" title="环境"></a>环境</h5><ul><li>NFS服务器 192.168.177.7</li><li>客户端(web服务器)192.168.177.5/6</li></ul><p>配置服务器192.168.177.7<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"># scp /tmp/ali_research root@192.168.177.7:/NFS/django_project</span><br><span class="line">yum -y install nfs-utils rpcbind</span><br><span class="line">mkdir /NFS/django_project</span><br><span class="line">chmod 666 /NFS/django_project</span><br><span class="line">echo '/NFS/djagno_peoject 192.168.177.0/24(rw,no_root_squash,no_all_squash,sync)' > /etc/exports</span><br><span class="line"># 配置生效</span><br><span class="line">exportfs -r</span><br><span class="line"># 启动rpcbind、nfs服务</span><br><span class="line">service rpcbind start</span><br><span class="line">service nfs start</span><br><span class="line"># 查阅NFS服务</span><br><span class="line">showmount -e localhost</span><br></pre></td></tr></table></figure></p><ul><li>客户端配置 192.168.177.5/6<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">yum install -y nfs-utils</span><br><span class="line">mkdir /django_project</span><br><span class="line">showmount -e 192.168.177.7</span><br><span class="line"># 挂载</span><br><span class="line">mount -t nfs</span><br><span class="line">192.168.177.7:/NFS/django_peoject /django_project proto=tcp -o nolock</span><br><span class="line"># 查看挂载结果</span><br><span class="line">df -h</span><br></pre></td></tr></table></figure></li></ul><h4 id="部署django项目"><a href="#部署django项目" class="headerlink" title="部署django项目"></a>部署django项目</h4><p>安装必要组件、修改django项目settings文件:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line">yum install python36</span><br><span class="line">python36 -m ensurepip 安装pip3软件</span><br><span class="line">pip3 install django==1.11 -i https://pypi.tuna.tsinghua.edu.cn/simple/</span><br><span class="line">pip3 install django-ckeditor Pillow -i https://pypi.tuna.tsinghua.edu.cn/simple/</span><br><span class="line">pip3 install gunicorn</span><br><span class="line"></span><br><span class="line">vi /django_project/ali_research/ali_research/settings.py</span><br><span class="line"> DEBUG=False</span><br><span class="line"> ALLOWED_HOSTS = ['*',]</span><br><span class="line"> STATIC_URL = '/static/'</span><br><span class="line"> #STATICFILES_DIRS = [os.path.join(BASE_DIR, "static"), ]</span><br><span class="line"> STATIC_ROOT = os.path.join(BASE_DIR, 'static')</span><br><span class="line">cd /django_project/ali_research</span><br><span class="line">gunicorn -w 4 -b 127.0.0.1:8000 -D --access-logfile=/var/log/gunicorn.log ali_research.wsgi:application</span><br><span class="line">ps aux|grep gunicorn 查看进程</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">vim /etc/nginx/nginx.conf</span><br><span class="line">user root #用户需要改为root,否则报403</span><br><span class="line">location / {</span><br><span class="line"> proxy_pass http://127.0.0.1:8000;</span><br><span class="line"> proxy_set_header Host $host;</span><br><span class="line"> proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line">location /static/ {</span><br><span class="line"> root /django_project/ali_research/;</span><br><span class="line">}</span><br></pre></td></tr></table></figure></p><h4 id="安装supervisor监控gunicorn和nginx服务"><a href="#安装supervisor监控gunicorn和nginx服务" class="headerlink" title="安装supervisor监控gunicorn和nginx服务"></a>安装supervisor监控gunicorn和nginx服务</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre></td><td class="code"><pre><span class="line"># 参照https://www.cnblogs.com/gjack/p/8076419.html</span><br><span class="line">yum install wget </span><br><span class="line">wget https://bootstrap.pypa.io/get-pip.py</span><br><span class="line">python get-pip.py</span><br><span class="line">pip install supervisor</span><br><span class="line">echo_supervisord_conf > /etc/supervisor.conf # 生成 supervisor 默认配置文件</span><br><span class="line"></span><br><span class="line">vim /etc/supervisor.conf # 修改 supervisor 配置文件,在末尾添加进程管理:</span><br><span class="line">[program:aliapp]</span><br><span class="line">command=gunicorn -w 4 -b 127.0.0.1:8000 -D --access-logfile=/var/log/gunicorn.log ali_research.wsgi:application ; supervisor启动命令</span><br><span class="line">directory=/django_project/ali_research ; 项目的文件夹路径</span><br><span class="line">startsecs=0 ; 启动时间</span><br><span class="line">stopwaitsecs=0 ; 终止等待时间</span><br><span class="line">autostart=True ; 是否自动启动</span><br><span class="line">autorestart=True ; 是否自动重启</span><br><span class="line">stdout_logfile=/var/log/supervisor_gunicorn.log ; log 日志</span><br><span class="line">stderr_logfile=/var/log/supervisor_gunicorn.err ; 错误日志</span><br><span class="line"></span><br><span class="line">[program:nginx]</span><br><span class="line">command=service nginx start</span><br><span class="line">startsecs=0</span><br><span class="line">stopwaitsecs=0</span><br><span class="line">autostart=True</span><br><span class="line">autorestart=True</span><br><span class="line">stdout_logfile=/var/log/supervisor_nginx.log</span><br><span class="line">stderr_logfile=/var/log/supervisor_nginx.err</span><br><span class="line">supervisor的基本使用命令</span><br><span class="line"></span><br><span class="line">supervisord -c supervisor.conf 通过配置文件启动supervisor</span><br><span class="line">supervisorctl -c supervisor.conf status 察看supervisor的状态</span><br><span class="line">supervisorctl -c supervisor.conf reload 重新载入 配置文件</span><br><span class="line">supervisorctl -c supervisor.conf start [all]|[appname] 启动指定/所有 supervisor管理的程序进程</span><br><span class="line">supervisorctl -c supervisor.conf stop [all]|[appname] 关闭指定/所有 supervisor管理的程序进程</span><br><span class="line"></span><br><span class="line">若报错“Error: Another program is already listening on a port that one of our HTTP servers is configured to use. Shut this program down first before starting”</span><br><span class="line">解决方法:</span><br><span class="line">find / -name supervisor.sock</span><br><span class="line">unlink /name/supervisor.sock</span><br></pre></td></tr></table></figure><h3 id="MysqlRouter-Mariadb实现主从而复制和读写分离"><a href="#MysqlRouter-Mariadb实现主从而复制和读写分离" class="headerlink" title="MysqlRouter+Mariadb实现主从而复制和读写分离"></a>MysqlRouter+Mariadb实现主从而复制和读写分离</h3><ul><li>环境<ul><li>192.168.177.8:Mysql Router</li><li>192.168.177.9:Mariadb Master</li><li>192.168.177.10:Mariadb Slave</li><li>192.168.177.11:Mariadb Backup</li></ul></li></ul><p>先配置主从复制功能:</p><h4 id="192-168-177-9-Master"><a href="#192-168-177-9-Master" class="headerlink" title="192.168.177.9:Master"></a>192.168.177.9:Master</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">yum install -y mariadb mariadb-server</span><br><span class="line"></span><br><span class="line"># 在my.cnf添加如下内容:</span><br><span class="line">vi /etc/my.cnf</span><br><span class="line">#binary log</span><br><span class="line">server-id=1</span><br><span class="line">log-bin</span><br><span class="line"></span><br><span class="line">service mariadb restart </span><br><span class="line">mysql--></span><br><span class="line">show master status;</span><br><span class="line"># 建立授权用户</span><br><span class="line">grant replication slave on *.* to 'rep'@'192.168.177.%' identified by '123123';</span><br><span class="line">flush privileges;</span><br><span class="line">show grants for 'rep'@'192.168.177.%';</span><br></pre></td></tr></table></figure><h4 id="192-168-177-10-Slave"><a href="#192-168-177-10-Slave" class="headerlink" title="192.168.177.10:Slave"></a>192.168.177.10:Slave</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">yum install -y mariadb mariadb-server</span><br><span class="line"></span><br><span class="line"># 在my.cnf添加如下内容:</span><br><span class="line">vi /etc/my.cnf</span><br><span class="line">server-id=2</span><br><span class="line">log-bin</span><br><span class="line"></span><br><span class="line">service mariadb restart</span><br><span class="line">mysql --></span><br><span class="line">change master to </span><br><span class="line">master_host='192.168.177.9',</span><br><span class="line">master_user='rep',</span><br><span class="line">master_password='123123',</span><br><span class="line">master_port=3306,</span><br><span class="line">master_log_file='mariadb-bin.000001',</span><br><span class="line">master_log_pos=245;</span><br><span class="line"></span><br><span class="line">show slave status\G; # 注意Slave_IO_Running,Slave_SQL_Running为Yes即成功开启</span><br><span class="line">stop slave</span><br><span class="line">start slave</span><br></pre></td></tr></table></figure><h4 id="192-168-177-11:Backup"><a href="#192-168-177-11:Backup" class="headerlink" title="192.168.177.11:Backup"></a>192.168.177.11:Backup</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line">vi /etc/my.cnf</span><br><span class="line">server-id=3</span><br><span class="line">log-bin</span><br><span class="line"></span><br><span class="line">mysql --></span><br><span class="line">change master to </span><br><span class="line">master_host='192.168.177.9',</span><br><span class="line">**master_delay=300,** # 延时5min,以防止误操作的备份</span><br><span class="line"># 需要mariadb10.3.8版本以上或Mysql</span><br><span class="line"> vi /etc/yum.repo.d/CentOS-MariaDB.repo:</span><br><span class="line"> # MariaDB 10.3 CentOS repository list - created 2018-05-26 07:55 UTC</span><br><span class="line"> # http://downloads.mariadb.org/mariadb/repositories/</span><br><span class="line"> [mariadb]</span><br><span class="line"> name = MariaDB</span><br><span class="line"> #baseurl = http://yum.mariadb.org/10.3/centos7-amd64</span><br><span class="line"> baseurl = https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.3.9/yum/rhel74-amd64/</span><br><span class="line"> yum clean all</span><br><span class="line"> yum makecache</span><br><span class="line"> yum install mariadb-sever</span><br><span class="line">master_user='rep',</span><br><span class="line">master_password='123123',</span><br><span class="line">master_port=3306,</span><br><span class="line">master_log_file='mariadb-bin.000001',</span><br><span class="line">master_log_pos=245;</span><br><span class="line"></span><br><span class="line">start slave</span><br></pre></td></tr></table></figure><h4 id="192-168-177-8:Router"><a href="#192-168-177-8:Router" class="headerlink" title="192.168.177.8:Router"></a>192.168.177.8:Router</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">wget https://dev.mysql.com/get/Downloads/MySQL-Router/mysql-router-8.0.11-1.el7.x86_64.rpm</span><br><span class="line">rpm -ivh mysql-router-8.0.11-1.el7.x86_64.rpm</span><br><span class="line">vi /eetc/mysqlrouter.conf</span><br><span class="line"># 添加如下内容</span><br><span class="line">[routing:read_write]</span><br><span class="line">bind_address = 192.168.177.8 #是mysql-router服务器的ip地址</span><br><span class="line">bind_port = 7001</span><br><span class="line">mode = read-write</span><br><span class="line">destinations = 192.168.177.9:3306</span><br><span class="line">max_connections = 65535</span><br><span class="line">max_connect_errors = 100</span><br><span class="line">client_connect_timeout = 9</span><br><span class="line"> </span><br><span class="line">[routing:read_only]</span><br><span class="line">bind_address = 192.168.177.8</span><br><span class="line">bind_port = 7002</span><br><span class="line">mode = read-only</span><br><span class="line">destinations = 192.168.177.10:3306</span><br><span class="line">max_connections = 65535</span><br><span class="line">max_connect_errors = 100</span><br><span class="line">client_connect_timeout = 9</span><br><span class="line"></span><br><span class="line"># BACKUP由于是备份,数据有延时,因此既不提供读也不提供写。</span><br><span class="line"></span><br><span class="line">service mysqlrouter start</span><br></pre></td></tr></table></figure><h5 id="此时可以测试"><a href="#此时可以测试" class="headerlink" title="此时可以测试"></a>此时可以测试</h5><ul><li>[root@mysql-master ~]# mysql -h 192.168.177.8 -uwong -p’123123’ -P 7001 # 写的测试</li><li>[root@mysql-master ~]# mysql -h 192.168.177.8 -uwong -p’123123’ -P 7002 # 读的测试</li><li>修改Master数据库的内容,Slave马上同步,而Backup不回立即同步。</li></ul><h3 id="使用Docker容器的Nginx代理两个域名"><a href="#使用Docker容器的Nginx代理两个域名" class="headerlink" title="使用Docker容器的Nginx代理两个域名"></a>使用Docker容器的Nginx代理两个域名</h3><ul><li><p>安装redis</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">yum install epel-release</span><br><span class="line">yum install docker</span><br><span class="line">service docker start</span><br><span class="line">docker pull redis</span><br><span class="line">docker images</span><br><span class="line">docker run -d -p 6379:6379 --name redis docker.io/redis</span><br></pre></td></tr></table></figure></li><li><p>安装三个nginx容器,其中一个用来做代理转发,另外两个充当web服务器。</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"># https://blog.csdn.net/u011164906/article/details/73135836?locationNum=5&fps=1</span><br><span class="line">docker pull nginx</span><br><span class="line">docker run -d --name web1 -p 8081:80 -v /root/docker_nginx/web1.html:/usr/share/nginx/html/index.html docker.io/nginx</span><br><span class="line">docker run -d --name web2 -v /root/docker_nginx_conf/web2.html:/usr/share/nginx/html/index.html -p 8082:80 docker.io/nginx</span><br><span class="line">docker run -d --name nginx_agent --link web1:nginxa --link web2:nginxb -v /root/docker_nginx_conf/nginx.conf:/etc/nginx/nginx.conf -p 8080:80 docker.io/nginx</span><br><span class="line">#docker的对应顺序为:真实机:容器</span><br></pre></td></tr></table></figure></li></ul><p>使用命令<code>docker inspect -f '\{\{\.Name\}\} - \{\{range \.NetworkSettings\.Networks\}\}\{\{\.IPAddress\}\}\{\{end\}\}' $(docker ps -aq)</code>可以看到各个容器名对应的IP地址:</p><ul><li>172.17.0.2:d_redis</li><li>172.17.0.3:web1</li><li>172.17.0.4:web2</li><li>172.17.0.5:nginx_agent</li></ul><p>接下来配置/root/docker_nginx/nginx.conf:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br></pre></td><td class="code"><pre><span class="line">worker_processes 1;</span><br><span class="line">events {</span><br><span class="line"> worker_connections 1024;</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">http {</span><br><span class="line"> include /etc/nginx/mime.types;</span><br><span class="line"> default_type application/octet-stream;</span><br><span class="line"></span><br><span class="line"> log_format main '$remote_addr - $remote_user [$time_local] "$request" '</span><br><span class="line"> '$status $body_bytes_sent "$http_referer" '</span><br><span class="line"> '"$http_user_agent" "$http_x_forwarded_for"';</span><br><span class="line"></span><br><span class="line"> access_log /var/log/nginx/access.log main;</span><br><span class="line"></span><br><span class="line"> sendfile on;</span><br><span class="line"> #tcp_nopush on;</span><br><span class="line"></span><br><span class="line"> keepalive_timeout 65;</span><br><span class="line"></span><br><span class="line"> #gzip on;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"> # include /etc/nginx/conf.d/*.conf;</span><br><span class="line"></span><br><span class="line"> server</span><br><span class="line"> {</span><br><span class="line"> listen 80; # 在容器中监听的端口为80</span><br><span class="line"> server_name www.wangtao.com;</span><br><span class="line"> location / {</span><br><span class="line"> proxy_redirect off;</span><br><span class="line"> proxy_set_header Host $host;</span><br><span class="line"> proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line"> proxy_pass http://nginxa; # 大坑--link的名称nginxa,链接另一个容器的端口80</span><br><span class="line"> <!--#root@8f63042bbc29:/# cat /etc/hosts --></span><br><span class="line"> <!--127.0.0.1localhost--></span><br><span class="line"> <!--::1localhost ip6-localhost ip6-loopback--></span><br><span class="line"> <!--fe00::0ip6-localnet--></span><br><span class="line"> <!--ff00::0ip6-mcastprefix--></span><br><span class="line"> <!--ff02::1ip6-allnodes--></span><br><span class="line"> <!--ff02::2ip6-allrouters--></span><br><span class="line"> <!--172.17.0.3nginxa eba80887d700 web1--></span><br><span class="line"> <!--172.17.0.4nginxb 247ed0475876 web2--></span><br><span class="line"> <!--172.17.0.58f63042bbc29--></span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line"> server</span><br><span class="line"> {</span><br><span class="line"> listen 80;</span><br><span class="line"> server_name www.sevge.com;</span><br><span class="line"> location / {</span><br><span class="line"> proxy_redirect off;</span><br><span class="line"> proxy_set_header Host $host;</span><br><span class="line"> proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line"> proxy_pass http://nginxb;</span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure></p><p>注意容器间的连接如下:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3L01jNCtBc2FsYm9WL0xFM1ozaXVEWHMyeFZOdUZCNWFRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="docker容器间的连接" title=""> </div> <div class="image-caption">docker容器间的连接</div> </figure></p><p>修改windows机器里的hosts文件,修改web1、web2对应的html文件,运行docker容器(docker run -d -p 8081:80 -v /root/html/web1.html:/usr/share/nginx/html/index.html –name web1 docker.io/nginx、docerk run -d -p 8082:80 -v /root/html/web2.html:/usr/share/nginx/html/index.html –name web2 docker.io/nginx、docker run -d -p 8080:80 -v /root/nginx_conf:/etc/nginx/nginx.conf –name nginx_agent docker.io/nginx),分别访问可以看到:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3eEJCditvUGJZSXZPRm9MR2hrcmloeXVWZEpPWmFqQUV3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="web1" title=""> </div> <div class="image-caption">web1</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3MmdrL2J4ZGlsTEZoRzFRZExHZGRpeUViWVRaTFB2dmFRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="web2" title=""> </div> <div class="image-caption">web2</div> </figure></p><h3 id="配置和使用Ansible"><a href="#配置和使用Ansible" class="headerlink" title="配置和使用Ansible"></a>配置和使用Ansible</h3><ul><li>192.168.177.14<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br></pre></td><td class="code"><pre><span class="line">yum install epel-release</span><br><span class="line">yum install ansible</span><br><span class="line">yum install expect</span><br><span class="line"># 所有机器配置免秘钥认证,编写expect脚本</span><br><span class="line">===</span><br><span class="line">cat for.sh</span><br><span class="line">#!/bin/bash</span><br><span class="line"></span><br><span class="line">for i in {1..13}</span><br><span class="line">do</span><br><span class="line">expect ssh_key.sh 192.168.177.${i}</span><br><span class="line">done</span><br><span class="line">===</span><br><span class="line">cat ssh_key.sh</span><br><span class="line">#!/usr/bin/expect</span><br><span class="line"></span><br><span class="line">set ip [lindex $argv 0]</span><br><span class="line"></span><br><span class="line">spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ip</span><br><span class="line">expect "(yes/no)?"</span><br><span class="line">send "yes\n"</span><br><span class="line">expect "password:"</span><br><span class="line">send "123123\n"</span><br><span class="line">expect eof</span><br><span class="line"></span><br><span class="line">exit</span><br><span class="line">===</span><br><span class="line"># 所有机器免秘钥认证完成,接下来配置ansible的hosts文件,在末尾添加vi /etc/ansible/hosts:</span><br><span class="line">[weblb]</span><br><span class="line">192.168.177.3</span><br><span class="line">192.168.177.4</span><br><span class="line"></span><br><span class="line">[webserver]</span><br><span class="line">192.168.177.5</span><br><span class="line">192.168.177.6</span><br><span class="line"></span><br><span class="line">[nfs]</span><br><span class="line">192.168.177.7</span><br><span class="line"></span><br><span class="line">[sshd]</span><br><span class="line">192.168.177.2</span><br><span class="line"></span><br><span class="line">[dblb]</span><br><span class="line">192.168.177.8</span><br><span class="line"></span><br><span class="line">[db]</span><br><span class="line">192.168.177.9</span><br><span class="line">192.168.177.10</span><br><span class="line">192.168.177.11</span><br><span class="line"></span><br><span class="line">[docker]</span><br><span class="line">192.168.177.12</span><br><span class="line"></span><br><span class="line">[zabbix]</span><br><span class="line">192.168.177.13</span><br><span class="line">===</span><br><span class="line"># 配置playbook并执行</span><br><span class="line">cat my_play.yaml</span><br><span class="line">- hosts: all</span><br><span class="line"> remote_user: root</span><br><span class="line"> tasks:</span><br><span class="line"> - name: allow host</span><br><span class="line"> shell: echo sshd:192.168.177.2 >> /etc/hosts.allow</span><br><span class="line"> - name: allow host2</span><br><span class="line"> shell: echo sshd:192.168.177.14 >> /etc/hosts.allow</span><br><span class="line"> - name: deny host</span><br><span class="line"> shell: echo sshd:all >> /etc/hosts.deny</span><br><span class="line">- hosts: sshd</span><br><span class="line"> remote_user: root</span><br><span class="line"> tasks:</span><br><span class="line"> - name: allow host</span><br><span class="line"> shell: echo sshd:all >> /etc/hosts.allow</span><br><span class="line"> </span><br><span class="line">===</span><br><span class="line">ansible-playbook my_play.yaml</span><br><span class="line"></span><br><span class="line">PLAY [all] ******************************************************************************</span><br><span class="line"></span><br><span class="line">TASK [Gathering Facts] ******************************************************************</span><br><span class="line">ok: [192.168.177.13]</span><br><span class="line">ok: [192.168.177.5]</span><br><span class="line">ok: [192.168.177.12]</span><br><span class="line">ok: [192.168.177.6]</span><br><span class="line">ok: [192.168.177.8]</span><br><span class="line">ok: [192.168.177.7]</span><br><span class="line">ok: [192.168.177.2]</span><br><span class="line">ok: [192.168.177.3]</span><br><span class="line">ok: [192.168.177.4]</span><br><span class="line">ok: [192.168.177.11]</span><br><span class="line">ok: [192.168.177.9]</span><br><span class="line">ok: [192.168.177.10]</span><br><span class="line"></span><br><span class="line">TASK [allow host] ***********************************************************************</span><br><span class="line">changed: [192.168.177.13]</span><br><span class="line">changed: [192.168.177.2]</span><br><span class="line">changed: [192.168.177.8]</span><br><span class="line">changed: [192.168.177.5]</span><br><span class="line">changed: [192.168.177.7]</span><br><span class="line">changed: [192.168.177.6]</span><br><span class="line">changed: [192.168.177.12]</span><br><span class="line">changed: [192.168.177.9]</span><br><span class="line">changed: [192.168.177.10]</span><br><span class="line">changed: [192.168.177.11]</span><br><span class="line">changed: [192.168.177.3]</span><br><span class="line">changed: [192.168.177.4]</span><br><span class="line"></span><br><span class="line">TASK [deny host] ************************************************************************</span><br><span class="line">changed: [192.168.177.8]</span><br><span class="line">changed: [192.168.177.13]</span><br><span class="line">changed: [192.168.177.7]</span><br><span class="line">changed: [192.168.177.2]</span><br><span class="line">changed: [192.168.177.5]</span><br><span class="line">changed: [192.168.177.6]</span><br><span class="line">changed: [192.168.177.12]</span><br><span class="line">changed: [192.168.177.9]</span><br><span class="line">changed: [192.168.177.10]</span><br><span class="line">changed: [192.168.177.11]</span><br><span class="line">changed: [192.168.177.3]</span><br><span class="line">changed: [192.168.177.4]</span><br><span class="line"></span><br><span class="line">PLAY RECAP ******************************************************************************</span><br><span class="line">192.168.177.10 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.11 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.12 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.13 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.2 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.3 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.4 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.5 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.6 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.7 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.8 : ok=3 changed=2 unreachable=0 failed=0 </span><br><span class="line">192.168.177.9 : ok=3 changed=2 unreachable=0 failed=0</span><br></pre></td></tr></table></figure></li></ul><h3 id="配置Zabbix监控所有服务器"><a href="#配置Zabbix监控所有服务器" class="headerlink" title="配置Zabbix监控所有服务器"></a>配置Zabbix监控所有服务器</h3><ul><li><p>192.168.177.13</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br></pre></td><td class="code"><pre><span class="line">https://www.cnblogs.com/clsn/p/7885990.html</span><br><span class="line">#安装zabbix源、aliyun YUM源</span><br><span class="line">curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo</span><br><span class="line">curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo</span><br><span class="line">rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm</span><br><span class="line"></span><br><span class="line">#安装zabbix </span><br><span class="line">yum install -y zabbix-server-mysql zabbix-web-mysql</span><br><span class="line"></span><br><span class="line">#安装启动 mariadb数据库</span><br><span class="line">yum install -y mariadb-server</span><br><span class="line">systemctl start mariadb.service</span><br><span class="line"></span><br><span class="line">#创建数据库</span><br><span class="line">mysql -e 'create database zabbix character set utf8 collate utf8_bin;'</span><br><span class="line">mysql -e 'grant all privileges on zabbix.* to zabbix@localhost identified by "zabbix";'</span><br><span class="line"></span><br><span class="line">#导入数据</span><br><span class="line">zcat /usr/share/doc/zabbix-server-mysql-3.0.21/create.sql.gz|mysql -uzabbix -pzabbix zabbix</span><br><span class="line"></span><br><span class="line">#配置zabbixserver连接mysql</span><br><span class="line">sed -i.ori '115a DBPassword=zabbix' /etc/zabbix/zabbix_server.conf</span><br><span class="line"></span><br><span class="line">#添加时区</span><br><span class="line">sed -i.ori '18a php_value date.timezone Asia/Shanghai' /etc/httpd/conf.d/zabbix.conf</span><br><span class="line"></span><br><span class="line">#解决中文乱码</span><br><span class="line">yum -y install wqy-microhei-fonts</span><br><span class="line">\cp /usr/share/fonts/wqy-microhei/wqy-microhei.ttc /usr/share/fonts/dejavu/DejaVuSans.ttf</span><br><span class="line"></span><br><span class="line">#启动服务</span><br><span class="line">systemctl start zabbix-server</span><br><span class="line"></span><br><span class="line">#修改/etc/httpd/conf/http.conf的监听端口为1234</span><br><span class="line">service httpd restart</span><br><span class="line"></span><br><span class="line"># 路由添加一条规则(192.168.177.1)</span><br><span class="line">iptables -t nat -A PREROUTING -d 192.168.0.177 -p tcp --dport 1234 -j DNAT --to 192.168.177.13</span><br><span class="line"># 此时windows访问192.168.0.177:1234/zabbix可以看到zabbix的setup界面</span><br><span class="line"><!--[root@localhost ~]# cat for_hosts.sh --></span><br><span class="line"><!--for i in {3..14}--></span><br><span class="line"><!--do--></span><br><span class="line"><!--expect allow.sh 192.168.177.${i}--></span><br><span class="line"><!--done--></span><br><span class="line"><!--[root@localhost ~]# cat allow.sh --></span><br><span class="line"><!--set ip [lindex $argv 0]--></span><br><span class="line"></span><br><span class="line"><!--spawn ssh $ip--></span><br><span class="line"><!--expect "*password:"--></span><br><span class="line"><!--send "123123\n"--></span><br><span class="line"><!--expect "*#"--></span><br><span class="line"><!--send "echo 'sshd:192.168.177.14' >> /etc/hosts.allow\n"--></span><br><span class="line"><!--expect "*#"--></span><br><span class="line"><!--send "exit\n"--></span><br><span class="line"><!--expect eof--></span><br><span class="line"><!--exit--></span><br><span class="line"><!--# expect和send后的内容必须使用双引号,单引号报错!!!--></span><br></pre></td></tr></table></figure></li><li><p>客户端配置</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"># 为了监听177网段所有主机,需要借助ansible(192.168.177.14)一步配置所有服务器</span><br><span class="line"># 编写部署zabbix-agent的脚本</span><br><span class="line">[root@localhost ~]# cat zabbix_client_set.sh </span><br><span class="line">#安装zabbix源、aliyu nYUM源</span><br><span class="line">curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo</span><br><span class="line">curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo</span><br><span class="line">rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm</span><br><span class="line"></span><br><span class="line">#安装zabbix客户端</span><br><span class="line">yum install zabbix-agent -y</span><br><span class="line">sed -i 's/Server=127.0.0.1/Server=192.168.177.13/g' /etc/zabbix/zabbix_agentd.conf</span><br><span class="line">systemctl start zabbix-agent.service</span><br><span class="line"># 将这个脚本发送给各个机器</span><br><span class="line">[root@localhost ~]# cat cp_sh.sh </span><br><span class="line">for i in {1..14}</span><br><span class="line">do</span><br><span class="line">scp /root/zabbix_client_set.sh 192.168.177.${i}:/root</span><br><span class="line">done</span><br><span class="line"># ansible的playbook:</span><br><span class="line">[root@localhost ~]# cat zabbix_client_set.yaml </span><br><span class="line">- hosts: all</span><br><span class="line"> remote_user: root</span><br><span class="line"> tasks:</span><br><span class="line"> - name: zabbix agent</span><br><span class="line"> shell: bash zabbix_client_set.sh</span><br><span class="line"></span><br><span class="line">ansible-playbook zabbox_client-set.yaml</span><br></pre></td></tr></table></figure></li><li><p>回到zabbix服务器,配置zabbix服务</p></li></ul><p>登录这里,用户名是Admin(大写A),密码为zabbix。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3N1J6R3ZRdkQ0NWFEQU00SjFrRjhFdUhVOHlHc2hDODdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="zabbix_login" title=""> </div> <div class="image-caption">zabbix_login</div> </figure></p><p>接着添加主机,为主机添加模板,那里不会点哪里…<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><!--zabbix_server中agent配置文件的Server地址为127.0.0.1--></span><br><span class="line"><!--看到状态和可用性亮绿灯即成功 --></span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUFoyU01OdGZmc2E3NnllTkNGTGtKTW9BWlRpWm83UXZNYlJYUFo4eVFhQklnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="zabbix_status" title=""> </div> <div class="image-caption">zabbix_status</div> </figure>]]></content>
<summary type="html">
<h3 id="准备工作"><a href="#准备工作" class="headerlink" title="准备工作"></a>准备工作</h3><p>老惯例,SELINX和IPTABLES先清一下<br><figure class="highlight plain"><ta
</summary>
<category term="Linux" scheme="https://sevge.github.io/about/categories/Linux/"/>
</entry>
<entry>
<title>九月心情</title>
<link href="https://sevge.github.io/about/2018/08/29/lol/"/>
<id>https://sevge.github.io/about/2018/08/29/lol/</id>
<published>2018-08-29T14:47:18.000Z</published>
<updated>2018-09-11T00:07:11.907Z</updated>
<content type="html"><![CDATA[<h3 id=""><a href="#" class="headerlink" title=" "></a> </h3><p>象牙塔</p><p>总是给人生猛的幻想 </p><p>却又从清晰到模糊 </p><p>努力回忆时才发现 </p><p>我已经记不清通往教学楼的路 </p><p>也记不住有多少个夜晚 </p><p>我们通宵游戏嬉笑卧谈 </p><p>记不住打败了多少个对手 </p><p>无畏无惧一路向前 </p><p>记不住街边的小摊 </p><p>我们一罐一罐喝到了多晚 </p><p>记不住憧憬未来每一张灿烂的笑脸下 </p><p>偷偷计算离别的伤害 </p><p>只记得从那天起 </p><p>我们没课了 </p><p>以后也没课了 </p>]]></content>
<summary type="html">
<h3 id=""><a href="#" class="headerlink" title=" "></a> </h3><p>象牙塔</p>
<p>总是给人生猛的幻想 </p>
<p>却又从清晰到模糊 </p>
<p>努力回忆时才发现 </p>
<p>我已经记不清通往教学楼的路
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>城市映像@《Her》上海取景地</title>
<link href="https://sevge.github.io/about/2018/08/21/her/"/>
<id>https://sevge.github.io/about/2018/08/21/her/</id>
<published>2018-08-21T10:16:18.000Z</published>
<updated>2018-09-11T01:06:15.481Z</updated>
<content type="html"><![CDATA[<p>  有幸参加中国大学生计算机设计大赛决赛,来到了上海这座美丽而又梦幻的乌托邦。大家都亲切地称呼上海为“魔都”,“魔都”这个词在我印象中最早是在小时候看的动画片《中华小当家》中出现过的称谓,但我一直不解,“魔”是魔在哪里?</p><p>  从烈日炎炎的长沙出发,来到上海,恰逢台风天气,天气阴晴不定。但比起高温的长沙,这里时而刮过的微风不禁令人心旷神怡。比赛完后,怀着对“魔都”神秘感的向往,我和我的小伙伴打算一起探索一番这座城市。</p><p>  大多数人对上海的印象无非是东方明珠、环球金融中心和外滩,今天恰是周末,我掐指一算,这些地方必定人山人海。我提议,索性以我一直怀念的电影《Her》的视角来探索上海吧!</p><p>  《Her》是讲述在不远的未来人与人工智能系统相爱的科幻爱情电影,这让人不禁思考人与人之间语言沟通和情感交流的问题。<br>  表达和理解都是需要习得的技能,大多数人张着急于诉说的嘴,却很少有人戴着倾听的耳朵,所以这个世界才变得如此聒噪乏味又孤独吧。</p><p>  首先是五角场<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOaURWOXI0YWEwWFN3TkVLWHFNZnBoamJYTlFNM1l4RzlRPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="五角场" title=""> </div> <div class="image-caption">五角场</div> </figure></p><p>  然后到国际客运中心<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOcGw5SEUxTWl1TnJmOEtOeVB1Q1B2aTVDeWVqaWNFbnl3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="国际客运中心1" title=""> </div> <div class="image-caption">国际客运中心1</div> </figure><br>  这个建筑很有意思~<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOaTUvM3ZCRjNLZUNIaDNtSFluSjR4V0dOTEZKYnRVUWxBPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="国际客运中心2" title=""> </div> <div class="image-caption">国际客运中心2</div> </figure><br>  从这边看东方明珠风景挺不错,人也非常少<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOcURRblRFRFBVeURvT3lnOEVkK1N2OS9NWTVITXRNaVFnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="国际客运中心3" title=""> </div> <div class="image-caption">国际客运中心3</div> </figure></p><p>  地铁二号线<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOZ21Ec1NQRFdJbUczbFBvT3V5dHR5eml3OHdFSGtIMFdnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="地铁二号线" title=""> </div> <div class="image-caption">地铁二号线</div> </figure></p><p>  之后是陆家嘴环形天桥<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOdi9KZjhTUjJhaHF3U2RFdkplTXgrcEhjcW9yeDUyWlVRPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="陆家嘴天桥" title=""> </div> <div class="image-caption">陆家嘴天桥</div> </figure><br>  天桥上人非常多,但我注意到天桥边上商场的楼顶环境不错。爬上去看风景甚好,且这楼顶上也没有其他游客。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOZ2tGUC9kSnJzbkwzOXd0V1Z5NXBOTDdCMVM4SXhLM1J3PT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="楼顶" title=""> </div> <div class="image-caption">楼顶</div> </figure></p><p>  最后,在上海中心大厦俯瞰<br>  配合最近的台风天气,阳光从浓密的白云中穿过,不得不说气势恢宏!<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn0.126.net/img/c09lVS9TR3YrUGE5QzAwM3BtaUhOa1dpR0hUS0xPb3JXVk9UOHZZdzY3TGZiRzl2c2swTzNnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="上海中心" title=""> </div> <div class="image-caption">上海中心</div> </figure></p><p>  我想我知道为什么魔都常常作为各个电影的取景地了,她由内而外散发着一种魅力吸引着来自五湖四海的人,她象征的就是一座未来乌托邦,她就是未来城市发展的轨迹。<br>  再见!上海。</p>]]></content>
<summary type="html">
<p>&emsp;&emsp;有幸参加中国大学生计算机设计大赛决赛,来到了上海这座美丽而又梦幻的乌托邦。大家都亲切地称呼上海为“魔都”,“魔都”这个词在我印象中最早是在小时候看的动画片《中华小当家》中出现过的称谓,但我一直不解,“魔”是魔在哪里?</p>
<p>&emsp;&em
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>基于”会动的简历“写给成哥的信</title>
<link href="https://sevge.github.io/about/2018/05/22/VuePage/"/>
<id>https://sevge.github.io/about/2018/05/22/VuePage/</id>
<published>2018-05-22T02:28:41.000Z</published>
<updated>2018-09-11T01:01:48.075Z</updated>
<content type="html"><![CDATA[<h3 id="0x01"><a href="#0x01" class="headerlink" title="0x01"></a>0x01</h3><p>毕业季又悄然来临,<br>掐指一算,还有14天就高考了。<br>虽然我早已经过了高考这道槛,<br>但这也意味着学校即将换届。<br>成哥是我大一刚入学以来的助班,<br>助班的职责是带领大一的学弟学妹军训。<br>但成哥做的远远不止于此,<br>他在之后的日子也同样关心着我们这个班级,<br>每年平安夜都将苹果送到每一个同学手中。<br>我想成哥是所有助班中的唯一了</p><h3 id="0x02"><a href="#0x02" class="headerlink" title="0x02"></a>0x02</h3><p>成哥对我们的好,大家都是记得的。<br>班级瞒着成哥悄悄准备一场聚会,<br>并要求每个同学写一些寄语给他。<br>很多同学是通过书信的方式来留言,<br>我想,既然是计算机系的,<br>怎么能用这么老土的方式?</p><h3 id="0x03"><a href="#0x03" class="headerlink" title="0x03"></a>0x03</h3><p>之前在群里看到过一个<a href="http://www.sitexa.org/anires/public/?from=groupmessage&isappinstalled=0" target="_blank" rel="noopener">会动的简历模板</a>,<br>感觉很有意思。<br>之后辗转得到了<a href="https://jirengu-inc.github.io/animating-resume/public/" target="_blank" rel="noopener">最初的版本</a>,<br>在github上得到了<a href="https://github.com/jirengu-inc/animating-resume" target="_blank" rel="noopener">源码</a>。<br>索性打算使用这种方式来把我的想法传达给成哥了。</p><h3 id="0x04"><a href="#0x04" class="headerlink" title="0x04"></a>0x04</h3><p>按照README.md的说明,克隆项目到本地。<br>修改项目名,修改<code>config/index.js</code>第十行的路径名。<br>修改<code>src</code>目录下的<code>App.vue</code>和<code>Mobile.vue</code>,<br>之后执行:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">npm install</span><br><span class="line">npm run dev</span><br></pre></td></tr></table></figure></p><p>等待几分钟,本地页面部署完成。<br>打开<code>http://localhost:8080</code>可以看到效果。<br>接下来得把它部署到公网上去。</p><h3 id="0x05"><a href="#0x05" class="headerlink" title="0x05"></a>0x05</h3><p>最初使用最粗暴的方法,<br>直接在我的阿里云服务器上安装Git和Nodejs,<br>然后同本地部署方法一样<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">npm install</span><br><span class="line">npm run dev&</span><br></pre></td></tr></table></figure></p><p>这样就能直接通过访问我的<a href="http://39.107.244.191:8080" target="_blank" rel="noopener">公网IP</a>来查看。<br>之后部署到GiteePage上,<br>按照说明,需要先本地编译再上传:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">npm run build</span><br><span class="line">git add .</span><br><span class="line">git commit -m "upup"</span><br><span class="line">git push -u origin master -f</span><br></pre></td></tr></table></figure></p><p>等待上传后,可以访问<a href="http://sevge.gitee.io/public/" target="_blank" rel="noopener">GiteePage</a>来查看内容了。</p><p><strong> 这里需要吐槽的是通过WC或QQ把GiteePage分享出去,<br>腾讯认定为危险网站???!!! </strong></p><div id="music163player"><br><iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="330" height="86" src="//music.163.com/outchain/player?type=2&id=362450&auto=1&height=66"></iframe><br></div>]]></content>
<summary type="html">
<h3 id="0x01"><a href="#0x01" class="headerlink" title="0x01"></a>0x01</h3><p>毕业季又悄然来临,<br>掐指一算,还有14天就高考了。<br>虽然我早已经过了高考这道槛,<br>但这也意味着学校即将换届
</summary>
<category term="前端" scheme="https://sevge.github.io/about/categories/%E5%89%8D%E7%AB%AF/"/>
</entry>
<entry>
<title>DXF客户端及环境部署过程</title>
<link href="https://sevge.github.io/about/2018/05/15/win7-double-system/"/>
<id>https://sevge.github.io/about/2018/05/15/win7-double-system/</id>
<published>2018-05-15T08:22:30.000Z</published>
<updated>2018-09-11T00:48:11.080Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>最近自己搭建了一个毒奶粉私服玩,服务器搭建过程可以看<a href="http://note.youdao.com/noteshare?id=7c1896fcc95e48a8607a7bf79915c155" target="_blank" rel="noopener">这里</a>。<br>客户端搭建也需要一定折腾,所以不想折腾的童鞋可以点击右上角的”X”了。</p><h2 id="配置环境"><a href="#配置环境" class="headerlink" title="配置环境"></a>配置环境</h2><p>受WIN8/10某些系统补丁的影响,客户端本体只能在WIN7环境下才能正常运行。因此,第一步就是准备游戏所需的基本环境——WIN7系统。<br>鉴于在添加启动项的过程中有一些敏感操作,建议在整个过程开始前将所有安(liu)全(mang)软件关闭。</p><h2 id="下载软件"><a href="#下载软件" class="headerlink" title="下载软件"></a>下载软件</h2><p>目前国内已经有对应的软件能直接一键完成这些任务。以下提供对应的链接和操作过程:</p><h3 id="下载分区助手"><a href="#下载分区助手" class="headerlink" title="下载分区助手"></a>下载分区助手</h3><p>进入<a href="https://www.disktool.cn/download.html" target="_blank" rel="noopener">分区助手</a>下载页面,下载绿色版本,免于安装。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZabFFuWEI2TnNVSXRJSXpIa2tGSzYwK0pzK1FJbndmenBRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img1" title=""> </div> <div class="image-caption">img1</div> </figure></p><h3 id="下载软媒魔方"><a href="#下载软媒魔方" class="headerlink" title="下载软媒魔方"></a>下载软媒魔方</h3><p>进入<a href="http://mofang.ruanmei.com/" target="_blank" rel="noopener">软媒魔方</a>官网下载绿色版本。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZaaXBNZCs4VXBEb3hwc0l3VkZ0V20veU0xbzdrcWRXS1pRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img2" title=""> </div> <div class="image-caption">img2</div> </figure></p><h2 id="分区和装载"><a href="#分区和装载" class="headerlink" title="分区和装载"></a>分区和装载</h2><p>下载完成以后,分别将以上得到的压缩包解压到相应的目录。</p><h3 id="分区"><a href="#分区" class="headerlink" title="分区"></a>分区</h3><p>在分区助手的目录下找到”PartAssit”,双击打开。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZadkFocEYwRkttRmRCY1NlcHA5ZU9NV2JLVWVYMmNJSGNBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img3" title=""> </div> <div class="image-caption">img3</div> </figure><br>查看界面上磁盘的使用情况,选择一块剩余空间比较大的磁盘。<br>选中,右键单击选择切割分区。<br>我选择分给它50G。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZaa2YzY0tPcnc3MTlta3VrNyt3MEhxK3hMQWEwZFpZNWtnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img4" title=""> </div> <div class="image-caption">img4</div> </figure></p><h3 id="装载"><a href="#装载" class="headerlink" title="装载"></a>装载</h3><p>在软媒魔方的目录下找到”hdboot”,双击打开。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZabWZEd1JjdE5wZWQwUldZdXZGR0xhRXRNUk9HcmFOTnlBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img5" title=""> </div> <div class="image-caption">img5</div> </figure><br>按照软件提供的必要参数,选择镜像文件,推荐MSDN吧提供的<a href="http://tieba.baidu.com/p/3946202816" target="_blank" rel="noopener">WIN7旗舰版</a>。<br>镜像解压位置选择刚刚分区分出来的一块盘。<br>第三第四选项根据自己需要选择,我的启动项描述为”WIN-7”。<br>最后,点击开始装机。<br><strong>!!!这里需要注意的是,在装机之前,可能需要在BIOS里设置一下SECURE BOOT为DISABLE,BOOT MODE设置为LEGACY AND UEFI BOTH。<br>这一步很重要,否则在装WIN7的过程中出现很多不可描述的错误!</strong></p><h2 id="安装驱动"><a href="#安装驱动" class="headerlink" title="安装驱动"></a>安装驱动</h2><p>装上陈旧的WIN7后,一般因为没有自带驱动,声卡、网卡、显卡等设备可能没有正常运行。<br>推荐先从另外一台设备下载”驱动精灵万能网卡版”,复制到本地安装。<br>接着,老老实实把需要的驱动都安装上吧。<br>安装完成后,驱动精灵自动帮我们安装网卡驱动。只要有网络了,一切都好办了。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZabmJJcFM2b2xlMi83QUNDZW5xaFlQSWNMWmNrdEpJRlNnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img6" title=""> </div> <div class="image-caption">img6</div> </figure></p><h2 id="安装DNF客户端"><a href="#安装DNF客户端" class="headerlink" title="安装DNF客户端"></a>安装DNF客户端</h2><p>前面环境终于搭建好了!看到这里的兄弟给自己点32个赞!!!<br>到了这一步,说明一切都准备就绪了!接下来的操作就很简单了:</p><blockquote><p>下载<a href="https://pan.baidu.com/s/1A5tUCmYcDtzjSqXkWRw1nA" target="_blank" rel="noopener">客户端文件</a>,下载<a href="https://pan.baidu.com/s/1149huNIdUPonCtVz2nclVg" target="_blank" rel="noopener">PVF文件</a>,下载<a href="https://pan.baidu.com/s/1Ox243M7IabZPbUiNxX2sgg" target="_blank" rel="noopener">客户端登录器</a>。<br>解压客户端文件(地下城与勇士10.4G)<br>参照斩龙pvf3.0的使用说明将对应的文件放入游戏对应的文件夹<br>将客户端登录器放入游戏根目录</p></blockquote><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZaczhpQnBpdU5KRG4xUnROU3lubWlMbk8zUXEydU9HOWhBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img7" title=""> </div> <div class="image-caption">img7</div> </figure><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlGcGNpOFIzNHZablk3c0JzTlg5eHl2S3lvZnJqK01MRWJGaEhHL1A1UjZBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="img8" title=""> </div> <div class="image-caption">img8</div> </figure><h2 id="完成"><a href="#完成" class="headerlink" title="完成"></a>完成</h2><p>至此,说明你已经跨越重重险阻。<br>接下来,打开游戏目录下的”DNFLogin”,享受惬意的游戏吧!</p><div id="music163player"><br><center><br><iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="420" height="86" src="//music.163.com/outchain/player?type=2&id=37240594&auto=1&height=66"></iframe><br></center><br></div>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>最近自己搭建了一个毒奶粉私服玩,服务器搭建过程可以看<a href="http://note.youdao.com/noteshare?id
</summary>
<category term="WINDOWS" scheme="https://sevge.github.io/about/categories/WINDOWS/"/>
</entry>
<entry>
<title>阿里云轻量应用服务器下部署Graylog2</title>
<link href="https://sevge.github.io/about/2018/04/21/gongwanggraylog/"/>
<id>https://sevge.github.io/about/2018/04/21/gongwanggraylog/</id>
<published>2018-04-21T13:00:27.000Z</published>
<updated>2018-09-11T00:45:20.145Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>前面有折腾过在树莓派上部署Graylog,受限于树莓派的性能,最终还是放弃用树莓派来干这么重的活了。<br>正好同学买了一台轻量级应用服务器(Ubuntu 16.04 1核2G)闲置着,本着不折腾不舒服的原则,我又借过来玩一玩。</p><h2 id="步骤"><a href="#步骤" class="headerlink" title="步骤"></a>步骤</h2><p>前人有写过<a href="https://www.aliyun.com/jiaocheng/118555.html?spm=5176.100033.2.5.hkYTKX" target="_blank" rel="noopener">教程</a><br>安装JAVA JDK、Elasticsearch、Mongodb,配置好Graylog,一路顺畅,Graylog顺利启动。<br>服务器本地测试没有问题,在我的浏览器中可以打开页面<br>本地测试<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">curl -X GET http://localhost:9000</span><br></pre></td></tr></table></figure></p><p>浏览器测试<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">http://公网IP:9000</span><br></pre></td></tr></table></figure></p><p>一切顺畅,真是简单啊……<br>但是,在我的浏览器Graylog显示加载完成后,报出服务不可用的错误。</p><h2 id="踩的坑"><a href="#踩的坑" class="headerlink" title="踩的坑"></a>踩的坑</h2><p>本以为之前在树莓派上踩过的坑够多,在这云服务器上搭建只是三五分钟的事情。<br>但是这个问题很是匪夷所思,服务器本地测试通过,按道理服务应该是成功启动了。<br>先是检查服务器防火墙问题,然后看阿里云控制台那边,试着将所有端口打开。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">getenforce</span><br><span class="line">iptables -L -n</span><br></pre></td></tr></table></figure></p><p>无果……<br>又试着修改Graylog中<code>rest_listen_uri</code>和<code>web_listen_uri</code>的端口和地址。<br>无果……<br>自己不能解决,最后谷歌在官方论坛找到<a href="https://community.graylog.org/t/server-currently-unavailable-error-is-coming-while-trying-to-access-from-browser/503/3" target="_blank" rel="noopener">答案</a></p><blockquote><p>okay I seem to have it working.<br>Set the rest_listen_uri to the private ip on the host that the public ip NATs to.<br>set the web_listen_uri to the private ip on the host that the public ip NATs to<br>set the web_endpoint_uri to <a href="http://public" target="_blank" rel="noopener">http://public</a> 26 IP :9000/api/ ( this is basically the same as the rest_listen_uri but with the public ip instead of the private IP )</p></blockquote><p>在Graylog配置文件中,将<code>rest_listen_uri</code>和<code>web_listen_uri</code> 这两项设置为内网IP地址,将注释掉的内容<code>web_endpoint_uri</code>设置为公网IP地址,完成后重启服务。</p><h2 id="解决"><a href="#解决" class="headerlink" title="解决"></a>解决</h2><p>完美解决!<br>果然网上的老哥个个都是人才,说的话好听又管用!</p>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>前面有折腾过在树莓派上部署Graylog,受限于树莓派的性能,最终还是放弃用树莓派来干这么重的活了。<br>正好同学买了一台轻量级应用服务器
</summary>
<category term="阿里云" scheme="https://sevge.github.io/about/categories/%E9%98%BF%E9%87%8C%E4%BA%91/"/>
</entry>
<entry>
<title>和莎莫的500天</title>
<link href="https://sevge.github.io/about/2018/04/13/shamo500/"/>
<id>https://sevge.github.io/about/2018/04/13/shamo500/</id>
<published>2018-04-13T04:22:26.000Z</published>
<updated>2020-04-05T13:06:29.786Z</updated>
<content type="html"><![CDATA[<p>男生以为有一种东西叫做fate。有一种情感可以被形容为love。有一种邂逅是meant to be。<br>所以当Tom看到Summer的时候,他真真切切的告诉自己,这个人就是自己一生的挚爱。<br>他傻傻的用留恋的目光追随她的影子。他惶恐不安的揣测她的每一个phrase。他不可自拔的沦陷了。<br>于是关于她的一切都是美好的。<br>黑色的头发。说话前抿一下嘴巴。胸口心形的胎记。笑起来咯咯的声音。沉沉的睡过去的样子。<br>甚至连周围一切的景观都被他主观的赋予了鲜艳的色彩。<br>世界不复存在,只有你。</p><p>女生从来不相信关于爱情的童话。一切都只是虚幻的感情。没有什么是fate。没有什么可以被形容为true love。没有一种偶遇是meant to be。<br>relationship的意义只是have fun。仅此而已。<br>于是当他们在Ikea里面开心的玩闹的时候,她会认真的跟他说,well…I don’t wanna get into something serious…is that ok?<br>Tom苦涩的笑了,但还是很快的说了sure。因为他还是抱有幻想,有一天Summer心里的那堵墙终于会因为自己而坍塌。只是因为自己。<br>所以当Summer把他带到属于自己的空间里的时候,他天真的以为自己终于把那堵墙无声无息的敲碎了。<br>所以当Summer跟他说I have never told anyone else before,他几乎百分之百的肯定,自己在对方心中也是以同样的地位存在。</p><p>然而幻想终究只是幻想。</p><p>Tom: I just wanna know….what are we?<br>Summer: I don’t know….well I don’t care. I’m happy, aren’t you happy?<br>Tom: …yea..I am happy.</p><p>300天之后,不安终于变的强烈起来。</p><p>不再因为水槽的笑话而大笑。不再因为喜欢同一个歌手而欣喜。不再放肆的比赛讲粗口。<br>于是关于她的一切都变的令人厌恶。<br>黑色的头发。说话前抿一下嘴巴。胸口心形的胎记。笑起来咯咯的声音。沉沉的睡过去的样子。</p><p>终于还是分手了。原因不明。<br>这一段被认定是命中注定的恋情,终于痛苦的,不堪的,结束了。<br>然而故事并没有完。</p><p>500天,他们再次重逢。<br>男生终于意识到,原来真的没有什么是fate。没有什么可以被形容为true love。没有一种偶遇是meant to be。<br>女生却突然醒悟,其实有一种东西叫做fate。有一种情感可以被形容为love。有一种邂逅是meant to be。<br>多么的讽刺。同样一段恋情,却让两个人走上了截然不同的道路。<br>Tom在黑板上涂满了理想中建筑的设计图。<br>Summer却戴上了别人递过来的钻戒。</p><p>其实又何必去追究是不是有fate,true love, or meant to be呢。<br>或者说其实人都是这样天真的生物。<br>当自己沉浸在热恋中的时候,就会坚定的相信自己的感情很真实很坚定很持久。<br>但是一旦破裂了,便会灰心丧气,一瞬间觉得一切关于爱情的描述都应该去死。<br>其实一切的一切只是在于你自己而已。<br>我们真正爱的,只是我们自己而已。<br>所以归根到底,对于爱情的态度只是为了自我安慰。<br>现在我爱你所以一定是真爱一定能坚持很久一定可以击退一切困难。<br>现在我不爱你了所以爱情其实只是谎言不可能有什么天长地久。<br>而当下一个人出现的时候,很有可能我们又会很没出息的回到之前的mindset。</p><p>这样的cycle是不是很可笑呢。</p><p>真的不用把自己的情感分析的那么清晰透彻的。又不要你交report。<br>有的时候真的不用去想what are we。谁知道会不会一觉醒来就突然想结婚了呢。<br>也不用把失恋当成世界末日拼死拼活的叫喊着就是这个人除了这个人我再也不会爱上其他人。<br>因为When Summer is gone, Autumn is here.</p>]]></content>
<summary type="html">
<p>男生以为有一种东西叫做fate。有一种情感可以被形容为love。有一种邂逅是meant to be。<br>所以当Tom看到Summer的时候,他真真切切的告诉自己,这个人就是自己一生的挚爱。<br>他傻傻的用留恋的目光追随她的影子。他惶恐不安的揣测她的每一个phrase。
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>名企行记</title>
<link href="https://sevge.github.io/about/2018/04/12/mingqixing/"/>
<id>https://sevge.github.io/about/2018/04/12/mingqixing/</id>
<published>2018-04-12T12:27:38.000Z</published>
<updated>2018-09-11T00:43:42.753Z</updated>
<content type="html"><![CDATA[<p>  4月12日,闷热的上午。原本一直在写作业的我突然想到今天是“名企行”的日子,于是也顾不上吃午饭,火急火燎地赶到十三教。天公仿佛看到我这个狼狈的样子,再给我加上了一场“倾盆大雨”套餐。这伞也打不住的雨依旧阻挡不了我去十三教的路,还好最后没有迟到。</p><p>  很久没有坐过这种大巴车,让我有种回到小学时候春游的感觉。这样一想,心情也豁然开朗。</p><p>  大巴车开得很快,比原本预计的时间要早上很多。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByd1ZZWXdteDRKMmNDUzNleHJ6d3VOVW9IbjJhRHNxeTlRPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="rain" title=""> </div> <div class="image-caption">rain</div> </figure><br>  首先我们来到了“众元网络”,讲师把我们带到一个宽敞的教室,讲了一些未来IT职业相关的信息以及如何定位自己是走“开发”还是“网络”方向。</p><p>  讲师说我们来的早,不知不觉却讲得比预计的时间要长。</p><p>  接着,我们终于来到了我向往的“深信服”。“深信服”这个公司是我早有耳闻的,因此一直想找机会了解一下。接待我们的是11届毕业的学长,他一直笑眯眯的,给人一种和蔼可亲的感觉。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByNEFNVnJMYzYxTGRXREhPb1FEUUhnSkUwOWVYdDNJK1hnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="shenxinfu1" title=""> </div> <div class="image-caption">shenxinfu1</div> </figure><br>  首先我们来到了公司一楼的展厅。第一次来这类科技公司的展厅,我感觉到它的房屋构造、物品摆放、灯光设计这些都充满了浓厚的未来科技感。然后学长带我们参观了公司六楼的健身房、二至五楼的办公区。最后带领我们来到会议室,详细地介绍了“深信服”这个公司的历史、发展和员工福利。其中最让我印象深刻的是“亲子假期”,若公司能这样温柔地对待员工,我想员工必定会努力工作以回报公司吧。学长讲的是热情澎湃,可以看出他对这个公司是爱得深沉,把公司当成了第二个家。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByMldWMFJ3R0lJeVBvOEROWnVNN0liaW1YZzd6U3E3TFNnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="shenxinfu2" title=""> </div> <div class="image-caption">shenxinfu2</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByL2h6dlptZ3RoYlA2NlozSWlpaUZSdFhSalFzQ0FVa05RPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="shenxinfu3" title=""> </div> <div class="image-caption">shenxinfu3</div> </figure><br>  这次“名企行”很快就结束了,但切实让我们这一行人紧密的接触了真实的公司内部,并学习到了优秀的企业文化和运营方式。重要的是,在这之后,我也认识到在认真学习好自身专业知识的同时,根据自身兴趣爱好自学其他专业技能,为未来的工作做准备也是非常必要的。</p>]]></content>
<summary type="html">
<p>&emsp;&emsp;4月12日,闷热的上午。原本一直在写作业的我突然想到今天是“名企行”的日子,于是也顾不上吃午饭,火急火燎地赶到十三教。天公仿佛看到我这个狼狈的样子,再给我加上了一场“倾盆大雨”套餐。这伞也打不住的雨依旧阻挡不了我去十三教的路,还好最后没有迟到。</p
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>生活艰难,也要快乐</title>
<link href="https://sevge.github.io/about/2018/04/10/shenghuojiannan/"/>
<id>https://sevge.github.io/about/2018/04/10/shenghuojiannan/</id>
<published>2018-04-10T00:22:50.000Z</published>
<updated>2018-09-11T00:34:56.752Z</updated>
<content type="html"><![CDATA[<div id="music163player"><br><center><br><iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="420" height="86" src="//music.163.com/outchain/player?type=2&id=34218355&auto=1&height=66"></iframe><br></center><br></div><p>  很久以前看过的电影,最近重温了三部曲,颇有感慨。剧情偏向平淡的日常,但总给人一种温暖的感觉。</p><p>  从以前我就羡慕他们间的情谊。运动场上一个个飞奔的身影,之后互相勾肩搭背去小卖部买饮料的身影,互相开玩笑然后嬉闹的身影。像电影里的,大家一起的日子,在回忆里闪闪发光。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByMmJ2K3NFQzhyRk8wSlpzYW5OdmxjeWR6MTNQUUFIdkFnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="lan" title=""> </div> <div class="image-caption">lan</div> </figure><br>  一直很喜欢日语里的这个词:一生悬命。当然本意只是努力而已,但按照中国汉字的理解,就更有青春里莽撞与激情的味道。我们不要变成那样的大人,于是我们要毁掉那艘船。我们一生悬命的去做一件事情。是多么美好。</p><p>  02年的夏天,他们还都是毛头小子,青涩,但青春的让人喜欢。那年的子俊笑得真甜,那年的二狗像是乘着风的少年。不管我抱着多么膜拜的态度前进,我都好想说,好想跟你们一起大笑着前进,在不同的轨道上,继续前进。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByeFRzN1lnL1pRTC9Cc3BmVmY3QmJJNGt2ZE1vMFBIeVpnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="ergong" title=""> </div> <div class="image-caption">ergong</div> </figure><br>  随着年岁的增长,父母竖起的屏障渐渐无法遮风挡雨,生活在少年们眼前显出原本残酷的模样,满身锐气往往换来满身伤痕,少年们此时才能理解父亲对上级的点头哈腰,母亲日复一日的絮絮叨叨。在理解大人的同时,少年也成长为了大人,一面舔平生活给予的创口,一面忍痛磨平自己的棱角。他们告诉自己,社会就是这样,成为大人就是这样,忙是应该的,苦是应该的,不快乐也是应该的,反正日复一日如此,最终连“不快乐”这种情绪也会被时光磨平。只有在昔日友人提起年轻时代的事情时,才会满脸沉重,相对叹息。每一个带着不同色彩的花样少年,最后全被生活染成一片灰色。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByNjFkTGtaOVdnTC96VUJwTkhZU3FOWHR6OVNDV1BrVCtBPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="Chu_Takuma" title=""> </div> <div class="image-caption">Chu_Takuma</div> </figure><br> 把机车当成赛车使,每次为顾客变上几个不一样的小魔术,无论做什么都像对待自己的梦想一样全力以赴,一生悬命,因为打不准哪天就因公殉职。生命就是这样,如果你不自己去发现乐趣,那么每一天都是一模一样,只要想象将它增加到一定的倍数,相互交织,或者仅仅是简单地呈线性铺展开,就能看到自己的一生,一眼望得到头,单调乏味地让人难以忍受。<br>  自己给自己制造小惊喜,每天都用力留下印记,就能活得不一样。五子一直说的“活在当下”,并不是指安于现状,大概就是指,未来能实现梦想,今天好好过;未来不能实现梦想,今天好好过——其实大人的生活没有那么不堪,只是你自己放弃了生活。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByekVLTUo1NkNTVVB1NHYyZUEzY00xbDR4MjZmRTRRYTdnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="Tauma_Chu" title=""> </div> <div class="image-caption">Tauma_Chu</div> </figure><br>  青春是永恒的话题,一代又一代人,它伴随着我成长。喜欢你们的青春,喜欢你们。我也即将长成所谓的”大人”,愿未来的日子带着梦想前进,不忘快乐的初心。</p>]]></content>
<summary type="html">
<div id="music163player"><br><center><br><iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="420" height="86" src="/
</summary>
<category term="随笔" scheme="https://sevge.github.io/about/categories/%E9%9A%8F%E7%AC%94/"/>
</entry>
<entry>
<title>RASPBIAN下从0部署GRAYLOG及其环境</title>
<link href="https://sevge.github.io/about/2018/03/20/Install-graylog/"/>
<id>https://sevge.github.io/about/2018/03/20/Install-graylog/</id>
<published>2018-03-20T03:36:40.000Z</published>
<updated>2018-06-06T09:54:35.804Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>虽然在树莓派上安装的同样是Linux系统,但是官方文档基本都是基于AMD64的操作,在部署过程中遇到了一些麻烦无从解决。期间折腾了很多,还尝试通过docker安装,甚至还为此专门看了一遍docker文档。。。</p><p>不多废话,从0开始记录一下这中间正确的过程。</p><h2 id="准备工作"><a href="#准备工作" class="headerlink" title="准备工作"></a>准备工作</h2><p>使用”SD FORMATTER”格式化sd卡;”WIN32 DISK IMAGEER”烧录官方系统RASPBIAN;完成后,在SD卡(boot)根目录下新建文本文件,重命名为ssh(无后缀);拔出sd卡,放入树莓派中启动。我这边树莓派通过网线接入了无线路由器,电脑直接通过ssh连接:(pi,raspberry)<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6UkFWTzhYRkxRRVEvYzJFbnZZaXFsTXVaU1A4VmdtT3BBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="x-shell" title=""> </div> <div class="image-caption">x-shell</div> </figure><br>习惯性设置:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">pi@raspberrypi:~ $ sudo passwd root</span><br><span class="line">Enter new UNIX password: </span><br><span class="line">Retype new UNIX password: </span><br><span class="line">passwd: password updated successfully</span><br><span class="line">pi@raspberrypi:~ $ su root</span><br><span class="line">Password:</span><br><span class="line">root@raspberrypi:/home/pi# sed -i 's|mirrordirector.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list</span><br><span class="line">root@raspberrypi:/home/pi# sed -i 's|archive.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list</span><br><span class="line">root@raspberrypi:/home/pi# apt-get update</span><br><span class="line">root@raspberrypi:/home/pi# apt-get install vim</span><br></pre></td></tr></table></figure></p><p>树莓派ram只有1g,要安装并使用Graylog的话内存有点欠, <code>vim /etc/dphys-swapfile</code>, 将默认为 <code>CON_SWAPSIZE= 100 M</code>的交换空间, 更改为<code>1024 M</code>。重新启动dphys-swapfile 文件服务:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi# vim /etc/dphys-swapfile </span><br><span class="line">root@raspberrypi:/home/pi# /etc/init.d/dphys-swapfile restart</span><br><span class="line">[ ok ] Restarting dphys-swapfile (via systemctl): dphys-swapfile.service.</span><br><span class="line">root@raspberrypi:/home/pi# free -m</span><br><span class="line"> total used free shared buff/cache available</span><br><span class="line">Mem: 927 84 387 12 454 776</span><br><span class="line">Swap: 1023 0 1023</span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6WDZsSDF3cFgwOExXcmhJY2I0eWg4eUpxWFhUUjg0OHdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="swap" title=""> </div> <div class="image-caption">swap</div> </figure><p>最后,在bashrc中添加一条别名记录<code>alias ls=’ls –color’</code><br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi/software# vim ~/.bashrc </span><br><span class="line">root@raspberrypi:/home/pi/software# exit</span><br><span class="line">root@raspberrypi:/home/pi/software# su root</span><br></pre></td></tr></table></figure></p><h2 id="安装依赖"><a href="#安装依赖" class="headerlink" title="安装依赖"></a>安装依赖</h2><p>官方文档给出的依赖如下:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6UlY2VzZubnJ6YXVTTnhkZDlUUUJHSzUrQ2diNzY1WkVBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="requirements" title=""> </div> <div class="image-caption">requirements</div> </figure></p><p>经过测试,树莓派仓库里的mongodb版本为2.4可以直接使用,jdk也可以通过仓库安装,但是elasticsearch版本达不到标准。</p><h3 id="安装JAVA"><a href="#安装JAVA" class="headerlink" title="安装JAVA"></a>安装JAVA</h3><p>在安装时遇到一个错误:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi# apt-get install openjdk-8-jre</span><br><span class="line">Error: missing `server' JVM at `/usr/lib/jvm/java-8-openjdk-armhf/jre/lib/arm/server/libjvm.so'.</span><br><span class="line">Please install or use the JRE or JDK that contains these missing components.</span><br><span class="line">E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.</span><br><span class="line">done.</span><br><span class="line">Setting up libatk-wrapper-java (0.33.3-13+deb9u1) ...</span><br><span class="line">Processing triggers for hicolor-icon-theme (0.15-1) ...</span><br><span class="line">dpkg: dependency problems prevent configuration of openjdk-8-jre-headless:armhf:</span><br><span class="line"> openjdk-8-jre-headless:armhf depends on ca-certificates-java; however:</span><br><span class="line"> Package ca-certificates-java is not configured yet.</span><br><span class="line"></span><br><span class="line">dpkg: error processing package openjdk-8-jre-headless:armhf (--configure):</span><br><span class="line"> dependency problems - leaving unconfigured</span><br><span class="line">dpkg: dependency problems prevent configuration of openjdk-8-jre:armhf:</span><br><span class="line"> openjdk-8-jre:armhf depends on openjdk-8-jre-headless (= 8u151-b12-1~deb9u1); however:</span><br><span class="line"> Package openjdk-8-jre-headless:armhf is not configured yet.</span><br><span class="line"></span><br><span class="line">dpkg: error processing package openjdk-8-jre:armhf (--configure):</span><br><span class="line"> dependency problems - leaving unconfigured</span><br><span class="line">Setting up libatk-wrapper-java-jni:armhf (0.33.3-13+deb9u1) ...</span><br><span class="line">Processing triggers for libc-bin (2.24-11+deb9u3) ...</span><br><span class="line">Errors were encountered while processing:</span><br><span class="line"> ca-certificates-java</span><br><span class="line"> openjdk-8-jre-headless:armhf</span><br><span class="line"> openjdk-8-jre:armhf</span><br><span class="line">E: Sub-process /usr/bin/dpkg returned an error code (1)</span><br></pre></td></tr></table></figure></p><p>谷歌一下,在<a href="https://www.raspberrypi.org/forums/viewtopic.php?t=197824" target="_blank" rel="noopener">树莓派官方论坛</a>找到解决方案:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">sudo apt-get purge openjdk-8-jre-headless</span><br><span class="line">sudo apt-get install openjdk-8-jre-headless</span><br><span class="line">sudo apt-get install openjdk-8-jre</span><br><span class="line">sudo apt-get install openjdk-8-jdk</span><br></pre></td></tr></table></figure></p><p><strong> 2018.06.06 </strong><br>在之后的过程中发现一个问题,树莓派每次开机启动WLAN0、WLAN1、WLAN2命名是不确定的。<br>树莓派板载无线网卡不支持监控模式,USB网卡配置文件中设置使用固定的无线网卡名WLAN0、WLAN1,混乱的命名就导致了整个服务无法正常启动。<br>于是,还是得将板载无线网卡的默认名称修改,谷歌上也有个<a href="https://raspberrypi.stackexchange.com/questions/63749/how-do-you-unconfuse-raspbian-when-it-has-wlan0-and-wlan1-reversed?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa" target="_blank" rel="noopener">相同问题</a>的童鞋,最终解决方法如下:<br>新建一个文件<code>/etc/udev/rules.d/70-my_network_interfaces.rules</code>,其中<code>ATTR</code>、<code>NAME</code>根据实际修改,文件内容如下:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># Built-in wifi interface used in hostapd - identify device by MAC address</span><br><span class="line">SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="b8:27:eb:01:02:03", NAME="WlanBorad"</span><br></pre></td></tr></table></figure></p><h3 id="安装MONGODB"><a href="#安装MONGODB" class="headerlink" title="安装MONGODB"></a>安装MONGODB</h3><p>直接通过仓库安装:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">apt-get install mongodb</span><br><span class="line">root@raspberrypi:/home/pi# systemctl enable mongodb</span><br><span class="line">Failed to enable unit: File mongo.service: No such file or directory</span><br><span class="line">root@raspberrypi:/home/pi# systemctl enable mongodb</span><br><span class="line">Synchronizing state of mongodb.service with SysV service script with /lib/systemd/systemd-sysv-install.</span><br><span class="line">Executing: /lib/systemd/systemd-sysv-install enable mongodb</span><br><span class="line">root@raspberrypi:/home/pi# systemctl start mongodb</span><br></pre></td></tr></table></figure></p><p>安装后测试一下是否可用:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2/bin# mongo</span><br><span class="line">MongoDB shell version: 2.4.14</span><br><span class="line">connecting to: test</span><br><span class="line">Server has startup warnings: </span><br><span class="line">Fri Mar 16 12:13:53.806 [initandlisten] </span><br><span class="line">Fri Mar 16 12:13:53.806 [initandlisten] ** NOTE: This is a 32 bit MongoDB binary.</span><br><span class="line">Fri Mar 16 12:13:53.806 [initandlisten] ** 32 bit builds are limited to less than 2GB of data (or less with --journal).</span><br><span class="line">Fri Mar 16 12:13:53.806 [initandlisten] ** See http://dochub.mongodb.org/core/32bit</span><br><span class="line">Fri Mar 16 12:13:53.819 [initandlisten]</span><br></pre></td></tr></table></figure></p><h3 id="安装ELASTICSEARCH"><a href="#安装ELASTICSEARCH" class="headerlink" title="安装ELASTICSEARCH"></a>安装ELASTICSEARCH</h3><p>上面提到,目前最新版本的graylog2.4.3还不支持elasticsearch 6.x,这里选择下载安装5.x版本。<br>这里参考了<a href="https://www.jianshu.com/p/05052dfc21f6" target="_blank" rel="noopener">简书</a>“水车3060”的源码安装方式。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi# mkdir software</span><br><span class="line">root@raspberrypi:/home/pi# cd software/</span><br><span class="line">root@raspberrypi:/home/pi/software# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.2.tar.gz</span><br><span class="line">root@raspberrypi:/home/pi/software# tar -xzvf elasticsearch-5.5.2.tar.gz</span><br></pre></td></tr></table></figure></p><p>修改<code>/elasticsearch-5.5.2/config</code>目录下的配置文件:<code>elasticsearch.yml</code>和<code>jvp.option</code>:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6VUgxWmtSNENWekVpZytCUFJzTEI5TVAvM25Dc212TVlRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="cluster_name" title=""> </div> <div class="image-caption">cluster_name</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6ZEhCVmp2amJJSmxhUmpaUVpxUWVUUHJqdW51Z2k0TDFRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="XMxs" title=""> </div> <div class="image-caption">XMxs</div> </figure><br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2# groupadd elsearch</span><br><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2# useradd elsearch -g elsearch</span><br><span class="line">root@raspberrypi:/home/pi/software# chown -R elsearch:elsearch elasticsearch-5.5.2</span><br><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2# cd bin/</span><br><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2/bin# ./elasticsearch&</span><br></pre></td></tr></table></figure></p><p>安装后测试一下是否可用:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi/software/elasticsearch-5.5.2/bin# curl 127.0.0.1:9200</span><br><span class="line">{</span><br><span class="line"> "name" : "dEcU6MS",</span><br><span class="line"> "cluster_name" : "graylog",</span><br><span class="line"> "cluster_uuid" : "1XH8EGmsRC-NIChy7aRkmQ",</span><br><span class="line"> "version" : {</span><br><span class="line"> "number" : "5.5.2",</span><br><span class="line"> "build_hash" : "b2f0c09",</span><br><span class="line"> "build_date" : "2017-08-14T12:33:14.154Z",</span><br><span class="line"> "build_snapshot" : false,</span><br><span class="line"> "lucene_version" : "6.6.0"</span><br><span class="line"> },</span><br><span class="line"> "tagline" : "You Know, for Search"</span><br><span class="line">}</span><br></pre></td></tr></table></figure></p><h2 id="安装和配置GRAYLOG"><a href="#安装和配置GRAYLOG" class="headerlink" title="安装和配置GRAYLOG"></a>安装和配置GRAYLOG</h2><p>参照<a href="http://docs.graylog.org/en/2.4/pages/installation/manual_setup.html" target="_blank" rel="noopener">官方文档</a>,下载tarball:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ tar xvfz graylog-VERSION.tgz</span><br><span class="line">$ cd graylog-VERSION</span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6U01OU3NrYXp5RHhvbm1tVVVSYUNtYkFYT2VveENXYnd3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="graylog_conf1" title=""> </div> <div class="image-caption">graylog_conf1</div> </figure><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6ZUpOZXdXVi8rUUZQTnRkWktIM012SkRCTUNPaTRqdXRRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="graylog_conf2" title=""> </div> <div class="image-caption">graylog_conf2</div> </figure><p>根据官方给出的示例,自己配置一下:</p><blockquote><p>password_secret =<br>root_password_sha2 =<br>root_timezone = Asia/Shanghai<br>rest_listen_uri = <a href="http://0.0.0.0:9000/api/" target="_blank" rel="noopener">http://0.0.0.0:9000/api/</a><br>web_listen_uri = <a href="http://0.0.0.0:9000/" target="_blank" rel="noopener">http://0.0.0.0:9000/</a><br>allow_highlighting = true (运行查询结果高亮)<br>elasticsearch_shards = 1 (当前只安装了一个elasticsearch)<br>elasticsearch_index_prefix = graylog</p></blockquote><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">root@raspberrypi:/home/pi/software/graylog-2.4.3# cd bin/</span><br><span class="line">root@raspberrypi:/home/pi/software/graylog-2.4.3/bin# ./graylogctl start</span><br></pre></td></tr></table></figure><h2 id="完成"><a href="#完成" class="headerlink" title="完成"></a>完成</h2><p>等待一段时间(以树莓派的CPU,你懂得),可以使用浏览器打开<code>graylog-server-address</code>(192.168.0.177)页面管理日志了。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFPeFZ3QW9IMkYwRHVwQUpkM1JGeFVKNmVjVnZOWGFLTnlSeDUxazZEM21nPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="getting_started" title=""> </div> <div class="image-caption">getting_started</div> </figure><br>不过,使用一些天以后发现,部署Graylog及其环境运行在树莓派下,就像大象骑在蚱蜢身上,真的很慢很慢,HAH。。。。。。。</p>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>虽然在树莓派上安装的同样是Linux系统,但是官方文档基本都是基于AMD64的操作,在部署过程中遇到了一些麻烦无从解决。期间折腾了很多,还尝
</summary>
<category term="树莓派" scheme="https://sevge.github.io/about/categories/%E6%A0%91%E8%8E%93%E6%B4%BE/"/>
</entry>
<entry>
<title>Common WiFi Attacks And How To Detect Them</title>
<link href="https://sevge.github.io/about/2018/01/19/Common-WiFi-attacks-and-how-to-detect-them/"/>
<id>https://sevge.github.io/about/2018/01/19/Common-WiFi-attacks-and-how-to-detect-them/</id>
<published>2018-01-19T03:36:57.000Z</published>
<updated>2018-04-14T02:35:18.914Z</updated>
<content type="html"><![CDATA[<h2 id="原版"><a href="#原版" class="headerlink" title="原版"></a>原版</h2><h3 id="The-issue-with-802-11-Management-frames"><a href="#The-issue-with-802-11-Management-frames" class="headerlink" title="The issue with 802.11 Management frames"></a>The issue with 802.11 Management frames</h3><p>The 802.11 WiFi standard contains a special frame (think “packets” in classic, wired networking) type for network and connection management. For example, your computer is not actively “scanning for networks” when you hit the tray icon to see all networks in range, but it passively listens for so-called “beacon” management frames from access points broadcasting to the world that they are there and available.</p><p>Another management frame is the “probe-request” (“Hi, is my home network in range?”) that your devices are sending to see if networks they connected before are in range. If such a network is in range, the relevant access points would respond with a “probe-response” frame (“Hi, yes I’m here! You can connect to me without waiting for a beacon frame.”)</p><p>The problem with management frames is that they are completely unencrypted. This makes WiFi easy to use because, for example, you can see networks and their names around you without exchanging some key or password first, but it also makes WiFi networks prone to many kinds of attacks.<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFyM1dJczg1WlByMjhxSUdLbUYrUnhhZWcyY0xDajJod2h5bm5QZ1YzVkpBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="wifi" title=""> </div> <div class="image-caption">wifi</div> </figure></p><h3 id="Common-attacks-explained"><a href="#Common-attacks-explained" class="headerlink" title="Common attacks explained"></a>Common attacks explained</h3><h4 id="Sniffing-traffic"><a href="#Sniffing-traffic" class="headerlink" title="Sniffing traffic"></a>Sniffing traffic</h4><p>Virtually all WiFi traffic can be sniffed with adapters in monitor mode. Most Linux distributions support to put certain WiFi chipsets into this special mode that will process all traffic in the air and not only that of a network you are connected to. Everyone can get WiFi adapters with such a chipset from Amazon, some for less than $20.</p><p>Encrypted networks will also not really protect you. WEP encryption can be cracked in a matter of minutes and even WPA2-PSK is not secure if you know the passphrase of a network (for example, because it’s the office network and you work there, of because the local coffee shop has it written on the door) and can listen to the association process of the device. This works because the device-specific encryption between you and the access point uses a combination of the network passphrase and another key that is publicly exchanged (remember, management frames are not encrypted) during the association process. An attacker could force a new authentication process by spoofing a deauthentication frame that will disconnect your device for a moment. (more on that below)</p><h4 id="Detecting-sniffers"><a href="#Detecting-sniffers" class="headerlink" title="Detecting sniffers"></a>Detecting sniffers</h4><p>Sniffing traffic is passive and cannot be detected. As a user, consider all WiFi traffic on open or closed to be public and make sure to use encryption on higher layers, like HTTPs. (Really, you should be doing this anyways, in any network.)</p><h4 id="Brute-forcing-access"><a href="#Brute-forcing-access" class="headerlink" title="Brute-forcing access"></a>Brute-forcing access</h4><p>Like any other password, passphrases for wireless networks can be brute-forced. WEP can be cracked by analyzing recorded traffic within minutes and has been rendered useless. For WPA secured networks you’d need a standard dictionary attack that just tries a lot of passwords.</p><h4 id="Detecting-brute-force-attacks"><a href="#Detecting-brute-force-attacks" class="headerlink" title="Detecting brute force attacks"></a>Detecting brute force attacks</h4><p>Brute-forcing by actually authenticating to an access point is extremely slow and not even necessary. Most brute force cracking tools work against recorded (sniffed) WiFi traffic. An attacker could just quietly sit in the car in front of your office, recording traffic for some time and then crack the password at home.</p><p>Like sniffing, this approach cannot be detected. The only protection is to use a strong password and to avoid WEP.</p><h4 id="Jamming"><a href="#Jamming" class="headerlink" title="Jamming"></a>Jamming</h4><p>The obvious way of jamming WiFi networks would be just to pump the relevant frequencies full of garbage. However, this would require fairly specialist equipment and maybe even quite some transmitting power.</p><p>Surprisingly, the 802.11 standard brings a much easier way: Deauthentication and disassociation frames. Those “deauth” frames are supposed to be used in different scenarios, and the standard has more than 40 pre-defined reason codes. I selected a few to give you an idea of some legitimate use-cases:</p><blockquote><ol><li>Previous authentication no longer valid</li><li>Disassociated due to inactivity</li><li>Disassociated because AP is unable to handle all currently associated STAs</li><li>Association denied due to requesting STA not supporting all of the data rates in the BSSBasicRateSet parameter</li><li>Requested from peer STA as the STA is leaving the BSS (or resetting)</li></ol></blockquote><p>Because deauth frames are management frames, they are unencrypted, and anyone can spoof them even when not connected to a network.</p><p>Attackers in range can send constant deauth frames that appear to come from the access point you are connected to (by just setting the “transmitter” address in the frame) and your device will listen to that instruction. There are “jammer” scripts that sniff out a list of all access points and clients, while constantly sending deauth frames to all of them.</p><h4 id="Detecting-jammers"><a href="#Detecting-jammers" class="headerlink" title="Detecting jammers"></a>Detecting jammers</h4><p>A tool like nzyme (to be released - see introduction) would sniff out the deauth frames, and Graylog could alert on unusual levels of this frame subtype.</p><h4 id="Rogue-access-points"><a href="#Rogue-access-points" class="headerlink" title="Rogue access points"></a>Rogue access points</h4><p>Let’s talk about how your phone automatically connects to WiFi networks it thinks it knows. There are two different ways this can happens:</p><blockquote><p> It picks up beacon frames (“Hi, I’m network X and I’m here.”) of a network it knows and starts associating with the closest (strongest signal) access point.</p></blockquote><blockquote><p> It sends a probe-request frame (“Hello, is an access point serving network X around?”) for a known network and an access point serving such a network responds with a probe-response frame. (“Hello, yep I’m here!”) Your phone will then connect to that access point.</p></blockquote><p>Here is the problem: Any device can send beacon and probe-response frames for any network.</p><p>Attackers can walk around with a rogue access point that responds to any probe-request with a probe-response, or they could start sending beacons for a corporate network they are targeting.</p><p>Some devices now have protections and will warn you if you they are about to connect to a network that is not encrypted but was previously encrypted. However, this does not help if an attacker knows the password or just targets an unencrypted network of your coffee shop. Your phone would blindly connect, and now you have an attacker sitting in the middle of your connection, listening to all your communications or starting attacks like DNS or ARP poisoning. An attacker could even show you a malicious captive portal (the sign-in website some WiFi networks show you before they’ll let you in) to phish or gather more information about your browser.</p><p>Take a look at a miniaturized attack platform like the famous <a href="https://www.wifipineapple.com/" target="_blank" rel="noopener">WiFi Pineapple</a> to get an idea of how easy it is to launch these kinds of attacks.</p><p>Rogue access points are notoriously hard to spot because it’s complicated to locate them physically and they usually blend into the existing access point infrastructure quite well - at least on the surface. Here are some ways to still spot them using my to-be-released tool nzyme and Graylog:</p><h4 id="Detecting-rogue-access-points"><a href="#Detecting-rogue-access-points" class="headerlink" title="Detecting rogue access points"></a>Detecting rogue access points</h4><h5 id="BSSID-whitelisting"><a href="#BSSID-whitelisting" class="headerlink" title="BSSID whitelisting"></a>BSSID whitelisting</h5><p>Like other network devices, every WiFi access point has a MAC address that is part of every message it sends. A simple way to detect rogue access points is to keep a list of your trusted access points and their MAC addresses and to match this against the MAC addresses that you see in the air. The problem is that an attacker can easily spoof the MAC address and, by doing that, circumvent this protective measure.</p><h5 id="Non-synchronized-MAC-timestamps"><a href="#Non-synchronized-MAC-timestamps" class="headerlink" title="Non-synchronized MAC timestamps"></a>Non-synchronized MAC timestamps</h5><p>It is important that every access point that spawns the same network has a highly synchronized internal clock. For that reason, the access points are constantly exchanging timestamps for synchronization in their beacon frames. The unit here is microseconds, and the goal is to stay synchronized within a delta of 25µs.</p><p>Most rogue access points will not attempt to synchronize the timestamps properly, and you can detect that slip.</p><h5 id="Wrong-channel"><a href="#Wrong-channel" class="headerlink" title="Wrong channel"></a>Wrong channel</h5><p>You could keep a list of what channels your access points are operating on and find out if a rogue access point is using a channel your infrastructure is not supposed to use. For an attacker, being detected by this method is extremely easy: Recon the site first and configure the rogue access point to only use already used channels. Another caveat here is that many access points will dynamically switch channels based on capacity anyways.</p><h5 id="Crypto-drop"><a href="#Crypto-drop" class="headerlink" title="Crypto drop"></a>Crypto drop</h5><p>An attacker who does not know the password of an encrypted network she targets might start a rogue access point that spins up an open network instead. Search for networks with your name, but no (or the wrong) encryption.</p><h5 id="Signal-strength-anomalies"><a href="#Signal-strength-anomalies" class="headerlink" title="Signal strength anomalies"></a>Signal strength anomalies</h5><p>There are many ways to spot a rogue access point by analyzing signal strength baselines and looking for anomalies. If an attacker sits on the parking lot and is spoofing one of your access points, including its MAC address (BSSID), it will suddenly have a change in the mean signal strength because he is further away from the sensor (nzyme) then the real access point.</p><p><a href="https://wtf.horse/2017/09/19/common-wifi-attacks-explained/" target="_blank" rel="noopener">Written by Lennart Koopmann</a></p><h2 id="翻译"><a href="#翻译" class="headerlink" title="翻译"></a>翻译</h2><h3 id="802-11管理帧存在的问题"><a href="#802-11管理帧存在的问题" class="headerlink" title="802.11管理帧存在的问题"></a>802.11管理帧存在的问题</h3><p>802.11 WiFi标准包含一种专门针对网络和连接管理的特殊帧类型。比如说,当你点击电脑左下方的托盘图标来查看当前范围内的所有可用网络时,你的电脑并不会主动“扫描网络”,但它会被动监听WiFi热点所广播出来的“beacon”管理帧(用来表明该热点可用)。</p><p>另一种管理帧名叫“probe-request”,它的作用是代表WiFi网络的可访问距离,你的设备会发送这种管理帧来查看之前连接过的网络当前是否在周围。如果距离内存在已访问过的网络,相应的热点将会用“probe-response”帧予以响应。</p><p>而这些管理帧存在的问题就是,它们完全没有经过任何的加密。这样做的目的是为了增加WiFi的易用性,因为你完全不需要进行任何的密钥交换或密码确认就可以查看到周围的WiFi网络以及热点名称,但这也增加了WiFi网络的攻击面。</p><h3 id="常见攻击技术介绍"><a href="#常见攻击技术介绍" class="headerlink" title="常见攻击技术介绍"></a>常见攻击技术介绍</h3><h4 id="嗅探流量"><a href="#嗅探流量" class="headerlink" title="嗅探流量"></a>嗅探流量</h4><p>实际上,所有的WiFi流量都是可以通过监听模式的适配器来嗅探的。大多数Linux发行版都支持WiFi芯片切换到这种特殊模式,并处理周围环境中的所有WiFi流量(不仅是你连接到的网络)。任何人都可以直接在X宝买到带有这种芯片的无线网卡,而且价格都不贵。</p><p>而且,加密网络其实也保护不了你。破解WEP加密也只是几分钟的时间而已,甚至连WPA2-PSK都是不安全的(如果你知道密码的话)。比如说,你可以窃听办公室的WiFi网络,因为你知道密码,楼下咖啡厅的WiFi也不安全,因为他们的WiFi密码一般都写在桌子上。因为你和热点之间设备特定的加密使用的是一套网络密码组合,而另一个密钥是在协商过程中通过公开交换获取的(别忘了管理帧是没有经过加密的)。攻击者将能够通过伪造去认证帧来强制发起新的认证过程,而这将导致你的设备跟热点之间出现短暂的掉线。</p><h4 id="检测网络嗅探活动"><a href="#检测网络嗅探活动" class="headerlink" title="检测网络嗅探活动"></a>检测网络嗅探活动</h4><p>嗅探流量是一种被动行为,所以它是不能被检测到的。作为一名用户而言,你可以认为所有的WiFi流量都是开放的,所以你一定要确保使用了更高层的加密手段,例如HTTPS。</p><h4 id="暴力破解访问"><a href="#暴力破解访问" class="headerlink" title="暴力破解访问"></a>暴力破解访问</h4><p>对热点进行暴力破解攻击其实是非常耗时间的,而且也完全没有必要,大多数暴力破解工具都可以记录(嗅探)WiFi流量。攻击者可以安静地坐在你办公室楼下的咖啡厅,记录你办公室网络的流量,然后回家再慢慢破解你的WiFi密码。</p><p>与流量嗅探一样,这种行为同样是无法被检测到的。我唯一能给你的建议就是使用健壮的WiFi密码,并且不要使用WEP。</p><h4 id="WiFi干扰"><a href="#WiFi干扰" class="headerlink" title="WiFi干扰"></a>WiFi干扰</h4><p>一般来说,检测WiFi干扰行为将需要相对专业的设备才进行,而且有时甚至还需要使用到信号发射塔。但是有趣的是,802.11标准给我们提供了一种更简单的方法:去认证帧和去关联帧。这些“去认证”帧可以被用于多种不同的场景,而且该标准提供了超过40种预定义的原因代码。下面给出的是一些合法的常用示例:</p><blockquote><ol><li>之前的身份认证失效;</li><li>由于不活动而导致的连接断开;</li><li>由于访问点无法处理当前所有的关联STA而导致的连接断开;</li><li>由于SAT不支持BSSBasicRateSet参数种的数据率而导致的拒绝连接;</li></ol></blockquote><p>因为去认证帧属于管理帧的一种,所以它们是没有经过加密的,而攻击者甚至可以在无需连接该网络的情况下伪造这种帧。信号范围内的攻击者可以向目标用户所连接的热点发送连续的去认证帧来达到干扰WiFi的目的。</p><h4 id="检测WiFi干扰器"><a href="#检测WiFi干扰器" class="headerlink" title="检测WiFi干扰器"></a>检测WiFi干扰器</h4><p>类似nzyme(即将发布)这样的工具可以发现这种去认证帧,而且我们还可以通过查看WiFi日志来发现这种帧。</p><h4 id="流氓热点"><a href="#流氓热点" class="headerlink" title="流氓热点"></a>流氓热点</h4><p>接下来,我们讨论一下手机在自动连接至WiFi网络时会发生什么情况。一般来说,这种情况主要会发生在以下两种场景:</p><blockquote><p>手机获取已知WiFi网络的beacon帧,然后开始与距离最近(信号最强)的热点进行连接。</p></blockquote><blockquote><p>手机给已知WiFi网络发送一个probe-request帧,可提供网络服务的接入点将响应一个probe-response帧。接下来,你的手机将会跟这个响应接入点进行连接。</p></blockquote><p>这里的问题就在于:任何设备都可以给任何网络发送beacon帧和probe-response帧。</p><p>攻击者可以搭建一个便携式的流氓接入点,这个接入点不仅能够响应(probe-response)任何的probe-request帧,而且它们还能够给任何的目标网络发送beacon帧。</p><p>现在的很多设备也都部署了相应的保护机制,如果你准备连接到一个之前加密但当前未加密的网络,那么设备将会给你发出警告提醒。不过,如果攻击者知道你之前所连接的WiFi密码或者说本身他攻击的就是一个开放网络的话,这种保护机制就没有任何效果了。此时,你的手机将会毫不犹豫地连接到流氓热点,而攻击者将能够获取到你所有的网络流量(类似中间人攻击)。除此之外,攻击者甚至还可以让用户的浏览器呈现恶意页面并发动网络钓鱼攻击。关于这个方面,大家可以参考一下著名的网络钓鱼攻击平台WiFi Pineapple,你很快就会知道这种攻击是有多么简单了。</p><p>其实大家都知道,流氓接入点是很难被发现的。我们不仅很难去对它们进行物理定位,而且我们也无法从众多合法热点中发现那些流氓接入点。</p><h4 id="检测流氓接入点"><a href="#检测流氓接入点" class="headerlink" title="检测流氓接入点"></a>检测流氓接入点</h4><h5 id="BSSID白名单"><a href="#BSSID白名单" class="headerlink" title="BSSID白名单"></a>BSSID白名单</h5><p>跟其他网络设备一样,每一个WiFi接入点都有自己的MAC地址,而MAC地址也是它会发送的数据的其中一部分。一种检测流氓热点的方法就是设置一个可信接入点白名单,然后用MAC地址做标识来进行热点匹配。但是问题就在于,攻击者仍然可以轻而易举地伪造MAC地址。</p><h5 id="非同步的MAC时间戳"><a href="#非同步的MAC时间戳" class="headerlink" title="非同步的MAC时间戳"></a>非同步的MAC时间戳</h5><p>生成相同网络的接入点都会拥有高度同步的内部时钟。因此,接入点会不断地交换时间戳以实现同步,这个时间是毫秒级的,同步增量为25微秒。大多数流氓热点在尝试进行时间戳同步时往往会出现各种各样的错误,你可以通过检测这种错误来发现流氓热点。</p><h5 id="错误的信道"><a href="#错误的信道" class="headerlink" title="错误的信道"></a>错误的信道</h5><p>你可以设置一个列表来存储所有受信任接入点的信道,如果信道不同,则说明该接入点有问题。但是对于攻击者来说,这种保护方式也是能够轻松绕过的。</p><h5 id="丧失加密"><a href="#丧失加密" class="headerlink" title="丧失加密"></a>丧失加密</h5><p>如果攻击者不知道他的目标加密网络的密码,一般会启动一个开放的网络,启动一个相同名称的网络,但通常没有加密。</p><h5 id="信号强度异常"><a href="#信号强度异常" class="headerlink" title="信号强度异常"></a>信号强度异常</h5><p>我们还可以通过分析WiFi信号的强度来检测流氓热点。如果攻击者伪造了一个接入点的话,你会发现其MAC地址(BBSID)和信号强度会突然发生改变。</p><p><a href="http://www.freebuf.com/articles/wireless/148773.html" target="_blank" rel="noopener">参照FREEBUF</a></p>]]></content>
<summary type="html">
<h2 id="原版"><a href="#原版" class="headerlink" title="原版"></a>原版</h2><h3 id="The-issue-with-802-11-Management-frames"><a href="#The-issue-with
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>使用Fluxion钓鱼</title>
<link href="https://sevge.github.io/about/2017/12/18/fluxion/"/>
<id>https://sevge.github.io/about/2017/12/18/fluxion/</id>
<published>2017-12-18T00:35:41.000Z</published>
<updated>2018-04-14T02:17:06.049Z</updated>
<content type="html"><![CDATA[<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p>之前介绍了无线密码攻击的几种方式,使用Aircrack-ng的弊端是暴力破解最终可能得不到正确的秘钥。</p><p>这里介绍的另外一种新姿势,就是针对用户进行的攻击,没有哪一个系统能扛得住社会工程学技术的入侵,Fluxion就是利用了钓鱼的方法来伪造登录界面进行入侵。(类似的工具还有WIFI-Phisher)</p><p>以下操作使用的是我寝室的TP-LINK作为实验。</p><h2 id="功能"><a href="#功能" class="headerlink" title="功能"></a>功能</h2><ol><li>扫描能够接收到的WIFI信号 </li><li>抓取握手包(这一步的目的是为了验证WiFi密码是否正确) </li><li>使用WEB接口 </li><li>启动一个假的AP实例来模拟原本的接入点 </li><li>然后会生成一个MDK3进程。如果普通用户已经连接到这个WiFi,也会输入WiFi密码 </li><li>随后启动一个模拟的DNS服务器并且抓取所有的DNS请求,并且会把这些请求重新定向到一个含有恶意脚本的HOST地址 </li><li>随后会弹出一个窗口提示用户输入正确的WiFi密码 </li><li>用户输入的密码将和第二步抓到的握手包做比较来核实密码是否正确 </li><li>这个程序是自动化运行的,并且能够很快的抓取到WiFi密码</li></ol><h2 id="原理"><a href="#原理" class="headerlink" title="原理"></a>原理</h2><p>我根据自己的理解,画了下图:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4QiswNUd3eXh0TzBjSGJrWWJ6Y0ZEWXNaVzd6dk5YSllRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="process" title=""> </div> <div class="image-caption">process</div> </figure></p><h2 id="操作步骤"><a href="#操作步骤" class="headerlink" title="操作步骤"></a>操作步骤</h2><h3 id="克隆"><a href="#克隆" class="headerlink" title="克隆"></a>克隆</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"># git clone --recursive https://github.com/FluxionNetwork/fluxion.git</span><br></pre></td></tr></table></figure><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SlNhSVJSZkIwRnFVSkNoM1VXZEkxQW9tbERCSks0QUZRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="git_clone" title=""> </div> <div class="image-caption">git_clone</div> </figure><h3 id="开始"><a href="#开始" class="headerlink" title="开始"></a>开始</h3><p>启动脚本<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># cd fluxion</span><br><span class="line"># ./fluxion</span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4QVFnL2Zzclp3dmVWcUxjQmxTcVJabzJxQ1ZvalNRQ1VRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="init" title=""> </div> <div class="image-caption">init</div> </figure><p>这时fluxion会检查它必须的组件,如果没有的话它会自动安装。</p><h3 id="选项"><a href="#选项" class="headerlink" title="选项"></a>选项</h3><p>等待检查和安装后,会出现选项界面,以下根据个人情况选择。<br>依次选择语言,选择网卡wlan0,选择监控所有信道<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4Q3QzdDBJajdnN3diTlJTaVdXYitxallLMTYrRG11UW9RPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option1" title=""> </div> <div class="image-caption">option1</div> </figure><br>之后它会将附近所有信道的AP列出<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SWxQd0Y2VGRZYjlwSkxwQ0Q3bjZzZG9ISU8wUTFJWWNnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option2" title=""> </div> <div class="image-caption">option2</div> </figure><br>等待一段时间,按下ctr+c停止扫描,选择需要的AP,我选择69。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4RG0rWGp4MXhhUVArRkhxTmNUMUJaaVN1bXRhUyt4MHlBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option3" title=""> </div> <div class="image-caption">option3</div> </figure><br>这里选择1,<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4TjRMWFhrRWlpcEs4VTVHbDFiUXhOeU9qdWl1bmVmNGtnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option4" title=""> </div> <div class="image-caption">option4</div> </figure><br>之后选择我的wlan0网卡,选择推荐的1选项,<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SzUvOVNYNkpBdStvRlhQYnpGVHBONmZzcTI5enBBQVlnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option5" title=""> </div> <div class="image-caption">option5</div> </figure><br>开启新的一个终端,使用airodump抓一个握手包。<br>我抓到握手包是<code>/root/tool/w-01.cap</code><br>之后然后选择创建ssl证书:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4TCthTkVRRXBDMzgwSUtzMzZiVGxqb0JycWdoby8vR3NRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option6" title=""> </div> <div class="image-caption">option6</div> </figure><br>选择钓鱼的认证网页界面:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4QWJxUnpTZjNIN3BsNy91b3NISnAzdERDa2lPekJMdmdRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="option7" title=""> </div> <div class="image-caption">option7</div> </figure><br>然后fluxion自动启动一系列服务:开启同名热点,开启钓鱼页面,阻截客户端与AP的连接:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SnBUaFlqQjBVMVF5cGdHbXRNc3N3WWdueDJubEY5dkNRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="service_start" title=""> </div> <div class="image-caption">service_start</div> </figure></p><h2 id="现象"><a href="#现象" class="headerlink" title="现象"></a>现象</h2><p>此时我打开手机,发现手机与原来的合法热点已经断开连接并提示验证错误。此时可以看到列表里出现了一个同名热点。在连接上钓鱼热点后,尝试任何联网行为它都将定向到192.168.254.1,我先尝试输入一次错误的密码,它会提示错误(与之前抓到的握手包进行对比校验);当我输入正确的后,他将悄悄记录密码,然后退出Fluxion相关的所有任务,仿佛什么也没有发生过。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SlNhSVJSZkIwRnFNYm55NWJkODUxblNvRzRPN2o2M2xRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="phone1" title=""> </div> <div class="image-caption">phone1</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4RHoveC8rK29zQlVUNEVyQmJGS1g2T01MWEhBdDY4bmRRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="phone2" title=""> </div> <div class="image-caption">phone2</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4SldISHIwT3JpYkk0NFU1TGlkY1MwWE51ck85bzN6NkZ3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="phone3" title=""> </div> <div class="image-caption">phone3</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4UFo2Q2VWOTc4ZXRpTjNmL2N5NFhYN2JGL3pMZVJlVEtRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="phone4" title=""> </div> <div class="image-caption">phone4</div> </figure></p><p>回到fluxion,可以看到这边已经得到密码。</p><p>其实通过这种方法已经无关乎密码的复杂程度了,我这里虽然使用的是最简单的密码,但密码更复杂些,若用户没有一点防范之心它一样会乖乖到我这边来。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4Q2k0TG1ENXZod2hDQUZGcVBIUFBhR0pqTkNxU05aRE5nPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="key_found" title=""> </div> <div class="image-caption">key_found</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGFBUXdEOVVoejh4TVV3MVZBZVplUFFZRTFMREpCNG9TY1hnWUpvRTdobld3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="exit" title=""> </div> <div class="image-caption">exit</div> </figure></p><h2 id="感想"><a href="#感想" class="headerlink" title="感想"></a>感想</h2><p>Fluxion这个工具不同于Airecrack和Reaver,它是通过社工的方法得到密码。总的来说这是个相当方便的一键脚本,完全傻瓜式的操作,针对没有相关防范意识的用户是非常快捷且有效的攻击方式。</p>]]></content>
<summary type="html">
<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p>之前介绍了无线密码攻击的几种方式,使用Aircrack-ng的弊端是暴力破解最终可能得不到正确的秘钥。</p>
<p>这里介绍的另外一种新姿
</summary>
<category term="Kali" scheme="https://sevge.github.io/about/categories/Kali/"/>
</entry>
<entry>
<title>无线密码攻击</title>
<link href="https://sevge.github.io/about/2017/12/11/wirelessattack/"/>
<id>https://sevge.github.io/about/2017/12/11/wirelessattack/</id>
<published>2017-12-11T12:38:09.000Z</published>
<updated>2018-04-14T02:13:15.518Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>当今时代,几乎每个人都离不开网络。随着网络的普及,无线网络逐渐扎根于人们的生活之中。然而,很多情况下,这些无线信号都需要身份验证后才能使用。</p><p>现在我要讲的就是破除这道身份验证,连接上内网。当然,这不仅仅是可以上网了,做其他事情也更加方便。</p><p>以下操作实验使用的都是自家无线路由器,使用的主要工具是Aircrack-ng。(Aircrack-ng是无线渗透测试的经典工具,它是一款基于破解无线802.11协议的WEP以及WPA-PSK加密的工具。)</p><h2 id="WEP加密的无线网络"><a href="#WEP加密的无线网络" class="headerlink" title="WEP加密的无线网络"></a>WEP加密的无线网络</h2><h3 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h3><p>Wired equivalent privacy(WEP)协议是对在两台设备间无线传输的数据进行加密的方式,用来防止非法用户窃听或者侵入无线网络。不过密码分析学家已经找出WEP的好几个弱点,因此2003年被WI-FI protected access(WPA)淘汰,又在2004年由完整的IEEE 802.11i标准(WPA2)所取代。</p><p>WEP的破解为利用加密体制缺陷,通过收集足够的数据包,使用分析加密算法还原出密码。 </p><h3 id="步骤"><a href="#步骤" class="headerlink" title="步骤"></a>步骤</h3><p>下面我以自家用路由器进行示例。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0WUw3U0kySXpXcnB3Y1NNM1dxM3puRUhrbzRQdk1RVk5nPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="WEP" title=""> </div> <div class="image-caption">WEP</div> </figure></p><ol><li><p>启动KALI终端,输入<code>airmon-ng</code>命令查看当前系统中的无线网路接口:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0YlQxRWNna3RMZ29UbmhxRzNwUnlPZDc1dUkrWXdySWdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng" title=""> </div> <div class="image-caption">airmon-ng</div> </figure><p>从输出的信息可以看出,当前系统存在一个无线网络接口。从输出结果的Interface列,可以知道当前系统的无线接口为wlan0。</p></li><li><p>开启监听模式:<code>airmon-ng start wlan0</code></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0UmNJckZYNjhVbEJzNWwzRE9oNVdhOUppQ1cwWVR2d2tnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng start" title=""> </div> <div class="image-caption">airmon-ng start</div> </figure><p>输出信息显示监听模式被启用,映射端口为wlan0mon。</p></li><li><p>使用<code>airodum-ng wlan0mon</code>命令定位附近所有可用的无线网络。</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Y1YyWkdQR0REWEJaZWFiR3ZMR2lUblJtb3F5MkF1T1FRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="scan" title=""> </div> <div class="image-caption">scan</div> </figure><p>以上输出信息显示了附近所有可用的无线网络。从输出信息可以看到很多参数:</p><blockquote><p>BSSID:无线的mac地址、<br>PWR:网卡报告的信号水平(这个值越小信号越好)<br>Beacons:无线发出的通告编号<br>CH:AP使用的信道(从Beacons中获取)<br>MB:无线所支持的最大速率<br>ENC:加密方式</p></blockquote></li><li><p>使用<code>airodump-ng</code>捕获指定BSSID的文件。<br>常用命令:</p><blockquote><p>-c 指定选择的频道<br>-w 指定一个文件名,用于保存捕获的数据<br>–bssid 指定攻击的Bssid</p></blockquote></li></ol><p>下面将Bssid为EC:26:CA:C6:CB:1B的无线路由器作为攻击目标。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">airodump-ng -c 10 -w catch --bssid EC:26:CA:C6:CB:1B wlan0mon</span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0V1dsOEZObTFsMHo5SUFZbHVyZ2cyNU55ZHFXSWQ0alR3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airodump-ng" title=""> </div> <div class="image-caption">airodump-ng</div> </figure><p>从输出信息可以看到Essid为TP-LINK的无线路由器的beacons和#Data一直在变化,表示有客户端与AP发生数据交换。从以上命令执行完毕后,会生成一个名为catch-01系列的文件,为了方便后面破解时候的调用,所有保存的文件按顺序编了号,于是就多了-01这样的编号,后面再执行会有-02,-03,以此类推。</p><ol><li><p>打开一个新的终端窗口,执行aireplay命令。使用aireplay发送一些流量给无线路由器,以至于能够捕获到数据。其中,-b后接AP的mac,-h接我们自己网卡wlan0的mac地址</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Ui8vWSs5UmwrempaUGlDeS9kcmxxRFpVcEc3VHM3c3RBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="aireplay" title=""> </div> <div class="image-caption">aireplay</div> </figure><p>输出信息就是使用ARP Requests的方式来读取ARP请求报文的过程,此时回到airodump-ng界面查看,可以看到TP-LNK的Frames栏的数字在飞速地增加,在抓取的无线数据报文达到一定数量后,就可以开始破解,若不能成功就等待数据报文继续抓取,然后多尝试几次。</p></li><li><p>再新建一个终端,在新终端执行aircrack-ng catch-02.cap成功得到密码。其中第一次我抓了1W+ 的DATA没有出密码,第二次等得稍微久点,抓了2W+DATA出了密码<br>其中捕获文件用了大概半小时,破解密码仅仅用了四秒时间!</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0YVdHR0I5V1BYR3R1VzZwODhEQWxianEvVythZkRBdWJBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="wep_catch" title=""> </div> <div class="image-caption">wep_catch</div> </figure><h3 id="获得KEY"><a href="#获得KEY" class="headerlink" title="获得KEY"></a>获得KEY</h3><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0YVBnY3VQTTFyajdVelR6QXRMcDRjaXRITXNTek1Bd293PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="found_wep_key" title=""> </div> <div class="image-caption">found_wep_key</div> </figure></li></ol><h2 id="WPA、WPA2加密的网络"><a href="#WPA、WPA2加密的网络" class="headerlink" title="WPA、WPA2加密的网络"></a>WPA、WPA2加密的网络</h2><h3 id="简介-1"><a href="#简介-1" class="headerlink" title="简介"></a>简介</h3><p>WPA全名为Wi-Fi Proteted Access,有WPA和WPA2两个标准。它是一种保护无线电脑网络安全的协议。对于启用WPA/WPA2加密的无线网络,其攻击和破解步骤及攻击时完全一样的。当使用aireplay-ng进行攻击后,同样获取到WPA握手数据包及提示;在破解时需要提供一个密码字典。</p><h3 id="步骤-1"><a href="#步骤-1" class="headerlink" title="步骤"></a>步骤</h3><p>这里我仍然以我家的路由器为例:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Y1VjTmYwYzdBZDhJdXFGWm4wemd1am1sWDhxNmNyQ3V3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="WPA" title=""> </div> <div class="image-caption">WPA</div> </figure></p><ol><li><p>查看无线网络接口</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0YlQxRWNna3RMZ29UbmhxRzNwUnlPZDc1dUkrWXdySWdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng" title=""> </div> <div class="image-caption">airmon-ng</div> </figure></li><li><p>启用无线网络接口监听</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0UmNJckZYNjhVbEJzNWwzRE9oNVdhOUppQ1cwWVR2d2tnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng start" title=""> </div> <div class="image-caption">airmon-ng start</div> </figure></li><li><p>获取相关AP的信息,<code>airodump-ng wlan0</code></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Y1YyWkdQR0REWEJaZWFiR3ZMR2lUblJtb3F5MkF1T1FRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="scan" title=""> </div> <div class="image-caption">scan</div> </figure></li><li><p>捕获数据包,执行</p><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">airodump-ng -c 4 -w wpa --bssid EC:26:CA:C6:CB:1B wlan0mon</span><br></pre></td></tr></table></figure></li></ol><p>常用命令: </p><blockquote><p>-c 指定选择的频道<br>-w 指定一个文件名,用于保存捕获的数据<br>–bssid 指定攻击的Bssid</p></blockquote><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0V1dsOEZObTFsMHo5SUFZbHVyZ2cyNU55ZHFXSWQ0alR3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airodump-ng" title=""> </div> <div class="image-caption">airodump-ng</div> </figure><p>5.新建一个终端(之前打开的终端不要关闭!),对无线路由器进行Deauth攻击(取消验证攻击,迫使已经连接的客户端断开;当客户端自动连接的时候,即可抓取握手包):<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">aireplay -0 3 –a EC:26:CA:C6:C:1B –c EC:9B:F3:E0:27:8F wlan0mon</span><br></pre></td></tr></table></figure></p><blockquote><p>-0 :指定为取消验证攻击 ,3 为攻击次数为3<br>-a :指定AP的mac地址<br>-c :指定连接AP的客户端的mac地址</p></blockquote><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Ui8vWSs5UmwrempaUGlDeS9kcmxxRFpVcEc3VHM3c3RBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="aireplay" title=""> </div> <div class="image-caption">aireplay</div> </figure><p>执行完后可以看到airodump终端的右上角抓到了握手包:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0WkV5SnRSUGVDanZSN0pDd1BVRWR6SUh1MHprZ01QbDBRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="handshake" title=""> </div> <div class="image-caption">handshake</div> </figure></p><p>抓到握手包后,使用aircrack-ng进行暴力破解。<br>执行命令:<code>aircrack-ng -w pass.txt wpa-01.cap</code>,接下来就是无尽的跑字典过程了。</p><h3 id="获得KEY-1"><a href="#获得KEY-1" class="headerlink" title="获得KEY"></a>获得KEY</h3><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0VnB2UFlmdkc3SERjVUVmcXoxNVlxMFBXUDJyNGdZTlBBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="dic_passwd" title=""> </div> <div class="image-caption">dic_passwd</div> </figure><p>这里我使用的是8位纯数字字典,其大小约858M。<br>Airacrack跑字典的速度取决于你的电脑的配置,找出密码的速度则取决于字典的质量还有运气了。</p><h2 id="WPS-Wi-Fi-Protect-Setup"><a href="#WPS-Wi-Fi-Protect-Setup" class="headerlink" title="WPS(Wi-Fi Protect Setup)"></a>WPS(Wi-Fi Protect Setup)</h2><h3 id="简介-2"><a href="#简介-2" class="headerlink" title="简介"></a>简介</h3><p>WPS是由WIFI联盟推出的全新WIFI安全防护设定标准。该标准主要是为了解决无线网络加密认证过于繁杂的弊病。因为很多用户觉得设置步骤太麻烦,不做任何安全设定。所以很多人使用wps设置无线设备,可以通过个人识别码(PIN)或按钮(PBC)取代输入一个很长的密码。路由器开启wps功能后,会随机生成一个8位的pin码,通过暴力枚举pin码,达到破解的目的。</p><p>pin码是由8位纯数字组成的识别码,pin码破解是分三部分进行的,规律是这样的:pin码分为三部分,如图:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0WGhCMGs1UFNsbFJSNStCcmJod0hxamhRWWNLUDE3SzFnPT0.jpg?imageView&thumbnail=500x0&quality=96&stripmeta=0&type=jpg" alt="pin_part" title=""> </div> <div class="image-caption">pin_part</div> </figure><br>前4位为第一部分,第5-7位为第二部分,最后1位为第三部分。第一部分的验证跟第二部分没关联,最后1位是根据第二部分计算得出的校验码。</p><p>破解一开始是先单独对第一部分进行pin码匹配,也就是说先破解前4位pin码。前4位是0000-9999总共10000个组合。</p><p>当前4位pin码确定后再对第二部分进行pin码匹配,也就是再对5-7位进行破解,5-7位是000-999总共1000个组合。</p><p>当前7位都确定后,最后1位也会自动得出,至此即可得出密码。</p><p>根据pin码破解的原理,可以看到只需要枚举11000种情况就会必然破解出pin码,从而通过pin码得到WIFI密码。</p><h3 id="步骤-2"><a href="#步骤-2" class="headerlink" title="步骤"></a>步骤</h3><p>由于我家的路由器没有这个功能,找到我姑姑家的老式TP-LINK:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Ym9xcUFMamN1ejVJRlYyZnlYdzIwMXJxWEhldW9NNkVBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="tp-link" title=""> </div> <div class="image-caption">tp-link</div> </figure></p><ol><li><p>打开终端执行<code>airmon-ng</code>检测网卡</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0YlQxRWNna3RMZ29UbmhxRzNwUnlPZDc1dUkrWXdySWdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng" title=""> </div> <div class="image-caption">airmon-ng</div> </figure></li><li><p>开启监听模式</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0UmNJckZYNjhVbEJzNWwzRE9oNVdhOUppQ1cwWVR2d2tnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="airmon-ng start" title=""> </div> <div class="image-caption">airmon-ng start</div> </figure></li><li><p>扫描开启WPS的设备,LCK为NO的都可以爆破试试</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0WGFhKzcxSThqRW05cG1oSUVTMGpQMjRqUkdFckpVc3lnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="wps_on" title=""> </div> <div class="image-caption">wps_on</div> </figure></li><li><p>使用Reaver爆破<br>reaver 命令: <br><code>reaver -i mon0 -b mac -S -v</code><br>reaver命令参数: </p><blockquote><p>-i 监听后接口名称<br>-b 目标mac地址<br>-S 使用最小的DH key(可以提高爆破速度)<br>-vv 显示更多的非严重警告<br>-d 即delay每穷举一次的闲置时间 预设为1秒<br>-c 指定频道可以方便找到信号,如-c 1 指定1频道 <br>-N 不发送NACK信息(如果一直pin不动,可以尝试这个参数)</p></blockquote></li></ol><p>终端执行:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">reaver -i wlan0mon 20:DC:E6:D1:DE:E4 -N -vv -c 8</span><br></pre></td></tr></table></figure></p><h3 id="获得KEY-2"><a href="#获得KEY-2" class="headerlink" title="获得KEY"></a>获得KEY</h3><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0V2Jyc2Vzb0RjR2NmRTlwWnhSMnVaQlpGVEkwSlJPZWNRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="reaver" title=""> </div> <div class="image-caption">reaver</div> </figure><p>当Reaver暴力穷举出正确的pin码时,不管无线路由器的密码有多复杂,它都是手到擒来了。</p><h2 id="WIFI万能钥匙"><a href="#WIFI万能钥匙" class="headerlink" title="WIFI万能钥匙"></a>WIFI万能钥匙</h2><h3 id="简介-3"><a href="#简介-3" class="headerlink" title="简介"></a>简介</h3><p>Wifi万能钥匙的使用十分简单,而且据我的个人经历,小区范围内私人使用的无线网络基本可以使用WIFI万能钥匙解开。要得到WIFI的密码,,只需要三步即可到位。</p><h3 id="步骤-3"><a href="#步骤-3" class="headerlink" title="步骤"></a>步骤</h3><ol><li><p>打开WIFI万能钥匙,可以看到有钥匙图标的热点可以直接解开:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0WXkyNVZ5TXRkRzZ2WElVVFc5WE9EWkxpM2dCZ25SUWRRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="WIFI_master" title=""> </div> <div class="image-caption">WIFI_master</div> </figure></li><li><p>解开密码,连接上WIFI后,打开RE管理器(安卓手机下的文件管理器),进入如下路径(需要root权限):<code>/data/misc/</code></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0ZjlLblBVWkw1UVZLdjY2WWRxOFFWd3hLVVNxektXcjFRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="RE" title=""> </div> <div class="image-caption">RE</div> </figure></li><li><p>打开wpa_supplicant.conf可以看到刚刚连接的WIFI的密码:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFp0MEpaVmEzalN0Y3FoMVQ1N00rZEZkWlBpL1FwMDBDTVVMd0hrSFlLVEVnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="cat_passwd" title=""> </div> <div class="image-caption">cat_passwd</div> </figure></li></ol><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>以上,是我平时取得WIFI密码的常用方法。</p><p>基本思路是:<br>先看万能钥匙能否解开,这个方式最简便<br>然后再看加密方式,WEP加密参考0x02,<br>若是WPA加密先看AP是否开启WPS,参考0x04,<br>否则只能跑字典,参考0x03。</p>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>当今时代,几乎每个人都离不开网络。随着网络的普及,无线网络逐渐扎根于人们的生活之中。然而,很多情况下,这些无线信号都需要身份验证后才能使用。
</summary>
<category term="Kali" scheme="https://sevge.github.io/about/categories/Kali/"/>
</entry>
<entry>
<title>VMware的三种网络模式</title>
<link href="https://sevge.github.io/about/2017/11/12/vmware-3-mode/"/>
<id>https://sevge.github.io/about/2017/11/12/vmware-3-mode/</id>
<published>2017-11-12T09:59:46.000Z</published>
<updated>2018-04-14T02:07:26.957Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>实验室新来的学弟学妹们没有相关的计算机网络概念,在VMware安装好后,遇到没有网络的情况经常不知道怎么办。</p><p>其实一般虚拟机安装好之后,会自动添加两张网卡(VMnet1和VMnet8),VMnet1是用户通过Host-only的网络连接,VMnet8是通过NAT方式的网络连接。以下所说的是VMware常用的三种网络模式。</p><h2 id="Bridged-桥接模式"><a href="#Bridged-桥接模式" class="headerlink" title="Bridged 桥接模式"></a>Bridged 桥接模式</h2><h3 id="特点"><a href="#特点" class="headerlink" title="特点"></a>特点</h3><p>虚拟机和主机是处于同等地位的机器,所以网络功能也无异于主机。并且和主机处于同一网段。</p><h3 id="原理"><a href="#原理" class="headerlink" title="原理"></a>原理</h3><p>桥接模式,使用的是VMnet0虚拟网卡。</p><p>vmnet0实际上就是一个虚拟的网桥(2层交换机),这个网桥有若干个接口,一个端口用于连接你的Host主机,其余端口可以用于连接虚拟机,他们的位置是对等的,谁也不是谁的网关。所以桥接模式下,虚拟机和Host主机是同等地位的主机。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/04/05/CCA839.png" alt="vmnet0" title=""> </div> <div class="image-caption">vmnet0</div> </figure></p><h3 id="示例图"><a href="#示例图" class="headerlink" title="示例图"></a>示例图</h3><p>主机A上的两个虚拟机1和虚拟机2,和主机A、B同处于一个网段,能够相互通信<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/04/05/CCAJj1.png" alt="vmnet0_1" title=""> </div> <div class="image-caption">vmnet0_1</div> </figure><br>这个模式在一般局域网常用到,但是在寝室园区使用桥接的话,由于需要认证才能上网,所以不能使用这种方式</p><h2 id="Host-only模式"><a href="#Host-only模式" class="headerlink" title="Host-only模式"></a>Host-only模式</h2><h3 id="特点-1"><a href="#特点-1" class="headerlink" title="特点"></a>特点</h3><p>只能和主机相互通信,不能上网,也不能访问其他主机,用于建立与外部隔离的网络环境</p><h3 id="原理-1"><a href="#原理-1" class="headerlink" title="原理"></a>原理</h3><p>Host-only模式使用的是VMnet1网卡。</p><p>这种方式下,虚拟机连接到VMnet1上,但系统并不为其提供任何路由服务,因此虚拟机只能和宿主机进行通信,而不能连接到真正的网络上。</p><h3 id="示例图-1"><a href="#示例图-1" class="headerlink" title="示例图"></a>示例图</h3><p>虚拟机1和2之间可以相互通信,主机A能和虚拟机1和2通信,虚拟机1和2不能和主机通信(需要设置),虚拟机不能和B主机以及外网通信<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGFJMjN6QVRFOGJsc00vRVdkTk1RYStvSUhHMWwwZUZsOSsvNVZ3RGJOQ3pnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="vmnet1" title=""> </div> <div class="image-caption">vmnet1</div> </figure><br>这个模式连接不到网络,但是它是NAT模式的基础</p><h2 id="NAT模式"><a href="#NAT模式" class="headerlink" title="NAT模式"></a>NAT模式</h2><h3 id="特点-2"><a href="#特点-2" class="headerlink" title="特点"></a>特点</h3><blockquote><ol><li>主机ping不通虚拟机(包括宿主)</li><li>同一宿主的虚拟机可以相互ping通</li><li>宿主能够联网,虚拟机也能联网(其他主机)。宿主没有联网,虚拟机也不能联网</li><li>虚拟机能够ping通主机,其他主机不能访问虚拟机</li></ol></blockquote><h3 id="原理-2"><a href="#原理-2" class="headerlink" title="原理"></a>原理</h3><p>网络地址转换类似于家庭路由器的方式工作。使用NAT模式,就是让虚拟系统借助NAT(网路地址转换)功能,通过宿主机器所在的网络来访问公网。</p><p>其实就是虚拟机的网卡连接到宿主的VMnet8虚拟机交换机上,VMnet8充当了路由器的作用,负责将虚拟机转发到VMnet8的包进行地址转换之后发送到实际的网络中,再将实际网络上返回的包进行地址转换后通过VMnet8发送给虚拟机。</p><p>它相比Host-only模式只不过增加一层路由功能。</p><h3 id="示例图-2"><a href="#示例图-2" class="headerlink" title="示例图"></a>示例图</h3><p>主机A和虚拟机1和2能相互通信,虚拟机1和2能访问主机B和外网,主机B不能访问虚拟机1和2,虚拟机1和2能相互通信<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/04/05/CCAgDP.png" alt="vmnet8" title=""> </div> <div class="image-caption">vmnet8</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/04/05/CCA2Hf.png" alt="NAT" title=""> </div> <div class="image-caption">NAT</div> </figure><br>一般在学校的环境下(连接因特网需要锐捷认证),使用这种模式虚拟机就能快捷地连接到因特网。</p>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>实验室新来的学弟学妹们没有相关的计算机网络概念,在VMware安装好后,遇到没有网络的情况经常不知道怎么办。</p>
<p>其实一般虚拟机安
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>Burp Suite模块之Lntruder暴力破解网页登陆</title>
<link href="https://sevge.github.io/about/2017/10/21/burp/"/>
<id>https://sevge.github.io/about/2017/10/21/burp/</id>
<published>2017-10-21T04:36:18.000Z</published>
<updated>2018-04-14T02:01:20.549Z</updated>
<content type="html"><![CDATA[<h2 id="发现"><a href="#发现" class="headerlink" title="发现"></a>发现</h2><p>本学期升级的校园网,网页登陆的认证端很是简陋,不需要验证码,明文传输<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTEtKcFFWc1cvYnVmc3lxaEluZjVaa2I3Q3I4MGtPemt3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="HUNAU" title=""> </div> <div class="image-caption">HUNAU</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTHIwUlc2Nm5Bc0t1ZUdLQ3d6NUdlbWU4V01OZngvVHdRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Auth_Info" title=""> </div> <div class="image-caption">Auth_Info</div> </figure><br>而且,新升级的网络,默认密码都是由身份证后6位组成,<br>于是可以使用之前所说的Crunch生成的对应字典来玩玩。</p><p>这里以我自己的账号作为测试。</p><h2 id="配置环境"><a href="#配置环境" class="headerlink" title="配置环境"></a>配置环境</h2><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTkRUVzk3cmtVZ2ZqQWVuL3M0VmY4V1FUSTlFaHNnWll3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="BurpSet" title=""> </div> <div class="image-caption">BurpSet</div> </figure><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTDlYTFBNaFM2VWJycU1RZit0NTUwejI0ZWhkZzN6MEdRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="FirefoxSet" title=""> </div> <div class="image-caption">FirefoxSet</div> </figure><h2 id="抓取"><a href="#抓取" class="headerlink" title="抓取"></a>抓取</h2><p>在跳转的登陆界面<br><code>http://10.100.0.12:9090/zportal/loginForWeb?wlanuserip=37c61a32243725e8412223107e8670d4&wlanacname=00aab905808bf54238202dd3074e226b&ssid=99f34848c4e3872f&nasip=3a55a6e233ce66a3e3c9d19c2572b2ea&snmpagentip=&mac=e2483bb22f79a96b0b178e83ca255d91&t=wireless-v2&url=63651eaa103df95e80e6576b018a1055&apmac=&nasid=00aab905808bf54238202dd3074e226b&vid=6ff7431ed4e21b22&port=e2bcde16e9a8b04a&nasportid=a25b45948c15af40d095454b31cfa807fcfd7ec39a63f462933adb33ce566a2a</code><br>中抓取到:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTHIwUlc2Nm5Bc0t1ZUdLQ3d6NUdlbWU4V01OZngvVHdRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="CatchInfo" title=""> </div> <div class="image-caption">CatchInfo</div> </figure></p><h2 id="使用"><a href="#使用" class="headerlink" title="使用"></a>使用</h2><p>选中一下黄色标记的字符,右键Send to lntruder:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLSGE0b0tZdDRLSnF3anl4T2lvK05MRS80d1FSYTdEVUpRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case1" title=""> </div> <div class="image-caption">Burp_case1</div> </figure><br>可以看到Lntruder对应的选项卡变为高亮,点击Lntruder选项卡:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLSkFlZ0dmWm5oeGNLblZlMnpKL3JXRkJzNW9jQmNScUdBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case2" title=""> </div> <div class="image-caption">Burp_case2</div> </figure><br>点击进入Positions选项卡,看到下方有15个payload,我们不需要这些,点击Clear,然后下方编程0payload:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTXNWTTB2U2pEaExJUWFHRGFtMTJNZzdMdlZSVDR5M01BPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case3" title=""> </div> <div class="image-caption">Burp_case3</div> </figure><br>翻下去找到我们需要的变量,选中“12121”点击右侧Add,可以看到下方显示1payload:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLTjhsUUFCaEJsdXZTcFpzRVRGU1VUMUkrN3hnSDZlL0NRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case4" title=""> </div> <div class="image-caption">Burp_case4</div> </figure><br>点击payload选项卡,payload type我选择跑字典:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLRWVwbDhhQWpFTFAyRmR5NzIrd3dLTnVHUGVNV29uYzZnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case5" title=""> </div> <div class="image-caption">Burp_case5</div> </figure><br>接着option选项卡里,修改线程为10,可以根据实际网络情况加大。有些网站可能会有保护措施,重复登录多次后会封IP,但明显这个认证端没有这个保护<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLSXZUVVMwT2tvQm5SSGFNTVV1YkpHM05qd0lBekRqbStnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case6" title=""> </div> <div class="image-caption">Burp_case6</div> </figure><br>最后点击最上方的选项卡lntruder的start attck:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLQUpsbkcxbWsvNVdXWHh5YmtJa1pZN0ZQbnQvZDhydFhRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case7" title=""> </div> <div class="image-caption">Burp_case7</div> </figure><br>接下来就是跑字典的过程了,我自定义的身份证后6位密码有310000组:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLSWV2Sk5BRVRYYzZxREJKLyswei94bHhZbEdnSmIyaCtBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_case8" title=""> </div> <div class="image-caption">Burp_case8</div> </figure><br>等待一段时间后,点击length排序(登陆密码错误时和登陆成功后的response包不同,length必然有差别)。注意到response里结果为成功,找到密码为“297410”:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUGJTN3BjTUdoQTZLSWV2Sk5BRVRYYzZiQWRLczFHREV3Sm1DbUZ2THpZY0h3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Burp_Success" title=""> </div> <div class="image-caption">Burp_Success</div> </figure><br>当然,”Intruder”只是Burpsuite其中的一个模块,它的功能和用处远远不止这些。</p><p>以上测试基于我的个人账号进行,切勿用于不当用途!</p>]]></content>
<summary type="html">
<h2 id="发现"><a href="#发现" class="headerlink" title="发现"></a>发现</h2><p>本学期升级的校园网,网页登陆的认证端很是简陋,不需要验证码,明文传输<br><figure class="image-bubble">
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>密码生成工具Crunch的使用</title>
<link href="https://sevge.github.io/about/2017/10/07/crunch/"/>
<id>https://sevge.github.io/about/2017/10/07/crunch/</id>
<published>2017-10-07T05:05:17.000Z</published>
<updated>2018-04-14T01:56:54.473Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>很多时候网络上下载的、系统或软件自带的字典效果不尽如人意,这个时候我们可能就需要根据自己的需求生成一个按照我们已经知道的信息来组合的字典。</p><h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>Crunch是一种创建密码字典工具,该字典常用来暴力破解。使用Crunch工具生成的密码可以发送到终端、文件或者另一个程序。Crunch默认安装在kali环境中,Crunch可以按照指定的规则生成密码字典,生成的字典字符序列可以输出到屏幕、文件或重定向到另一个程序中,Crunch可以参数可能的组合和排列,其最新版本为3.6。并具备如下特征:</p><blockquote><ol><li>Crunch可以以组合和排列的方式生成字典</li><li>它可以通过行数或文件大小中止输出</li><li>支持恢复</li><li>支持数字和符号模式</li><li>分别支持大小写字符模式</li><li>在生成多个文件时添加状态报告</li><li>新的-l选项支持@,%^</li><li>新的-d选项可以限制重复的字符,可以通过man文件查看详细信息</li><li>现在支持unicode</li></ol></blockquote><p>Crunch其实最厉害的是知道密码的一部分细节后,可以针对性的生成字典,这在渗透中就特别有用。</p><h2 id="使用"><a href="#使用" class="headerlink" title="使用"></a>使用</h2><p>现在的KALI中一般自带Crunch。在终端下输入Crunch,执行以上命令后,将输出如下所示的信息:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxRnpIanBSR1NjbSs2VDhXRHpFclY1YmlxQ082RjlWNHhRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_info" title=""> </div> <div class="image-caption">Crunch_info</div> </figure><br>输出的信息显示了Crunch命令版本及语法格式:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">Crunch <min> <max> [options]</span><br></pre></td></tr></table></figure></p><h3 id="常用选项"><a href="#常用选项" class="headerlink" title="常用选项"></a>常用选项</h3><p>(1) -b 数字[类型] <strong>指定输出文件的大小</strong>,仅仅使用“-o”选项时生效;例如60mb,例如格式: “Crunch 4 5 -b 20mib -o START”会生成4个文件:aaaa-gvfed.txt,gvfee-ombqy.txt,ombqz-wcydt.txt,wcydu-zzzzz.txt,其中每一个文件的开始和最后字符串将作为文件的文件命名;类型有效值为KB、MB、GB、KIB,MIB,和GIB。前三种类型是基于1000,而最后三种类型是基于1024,注意数字与类型之间没有空格。例如“500mb”正确,而“500 MB”则不正确,执行命令后如图所示。aaaa-gvfed.txt,gvfee-ombqy.txt,ombqz-wcydt.txt大小将是20M,以1024为基数,也即20480kb,一般以mib为参数。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxRnpIanBSR1NjbSsyRmZiRzJGN1VLR0JTdGtJTlRScytnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_option1" title=""> </div> <div class="image-caption">Crunch_option1</div> </figure><br>(2) -c 数字 指定写入输出文件的行数,也即包含<strong>密码的个数</strong>(行数),例如使用字符规则mixalpha-numeric-all-space,生成最小和最大字符串为1的且每一个文件保存60个字符串的密码字典:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxRDdMWTlxcStPSDkvRzdRK0ZqVHF2eUozZFg4Nm8yZEFRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_option2" title=""> </div> <div class="image-caption">Crunch_option2</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxUHJQa3ljNTQ0a3hIbkdVdXBvTFZJWERQMHh0aWVFSXRnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_option22" title=""> </div> <div class="image-caption">Crunch_option22</div> </figure><br>(3) -d 数字符号,<strong>限制出现相同元素的个数</strong>(至少出现元素个数),“-d 2@”限制小写字母输出像aab和aac,aaa不会产生,因为这是连续3个字母,格式是数字+符号,数字是连续字母出现的次数,符号是限制字符串的字符,例如@,%^(“@”代表小写字母,“,”代表大写字符,“%”代表数字,“^”代表特殊字符)</p><p>(4) -e 字符串,<strong>定义停止生成密码</strong>,比如-e 222222:到222222停止生成密码:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf4.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxRVVqVWRSaDA4cnQ0bURwSlBuSk9EeExkcnJJZkRCTnlBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_option4" title=""> </div> <div class="image-caption">Crunch_option4</div> </figure><br>(5) -f /path/to/charset.lst charset-name,从charset.lst指定字符集,也即<strong>调用密码库文件</strong>,比如kali中的charset.lst 在/usr/share/Crunch/charset.lst,则参数为“-f /usr/share/Crunch/charset.lst”</p><p>(6) -o wordlist.txt,<strong>指定输出文件的名称</strong>,例如wordlist.txt</p><p>(7) -p 字符串 或者-p 单词1 单词2 …<strong>以排列组合的方式来生成字典</strong>。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxQ2JvQlZCRGovUjR2LzUyMjhOMFhZT0QxY2ZuVTRnYjhnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_option7" title=""> </div> <div class="image-caption">Crunch_option7</div> </figure><br>(8) -q filename.txt,读取filename.txt</p><p>(9) -s <strong>指定一个开始的字符</strong>。</p><p>(10) -t @,%^,指定模式,@,%^分别代表意义如下:</p><blockquote><ol><li>@ 插入小写字母</li><li>, 插入大写字母</li><li>% 插入数字</li><li>^ 插入特殊符号</li></ol></blockquote><p>(11) z gzip, bzip2, lzma, and 7z,从-o选项压缩输出结果,支持gzip, bzip2, lzma, and 7z格式,gzip是最快压缩率最低,bzip2是稍微慢于gzip,但比其压缩率搞,7z最慢,但压缩率最高。</p><h2 id="实例"><a href="#实例" class="headerlink" title="实例"></a>实例</h2><h3 id="生成关键字的所有组合"><a href="#生成关键字的所有组合" class="headerlink" title="生成关键字的所有组合"></a>生成关键字的所有组合</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ Crunch 9 9 -p wang 1997 0101</span><br></pre></td></tr></table></figure><h3 id="制作8位密码字典"><a href="#制作8位密码字典" class="headerlink" title="制作8位密码字典"></a>制作8位密码字典</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ Crunch 8 8 charset.lst numeric -o num8.dic</span><br></pre></td></tr></table></figure><h3 id="制作139开头的手机字典"><a href="#制作139开头的手机字典" class="headerlink" title="制作139开头的手机字典"></a>制作139开头的手机字典</h3><p>可以每次生成文件大小为20M,自动生成文件:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ Crunch 11 11 +0123456789 -t 139%%%%%%%% -b 20mib -o START</span><br></pre></td></tr></table></figure></p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxQWZURXpndFUzYmVtckZtdUh3WTZzeTZ1T3kzUzNxd2VnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Crunch_case1" title=""> </div> <div class="image-caption">Crunch_case1</div> </figure><h2 id="其他"><a href="#其他" class="headerlink" title="其他"></a>其他</h2><p>另外,KAILI还自带了一些字典在/usr/share/wordlists/文件夹下,例如rockyou.txt.gz字典,将字典解压后其实就是一个rockyou.txt文件,里边包含了WPA的常用密码.</p><h2 id="搭配工具"><a href="#搭配工具" class="headerlink" title="搭配工具"></a>搭配工具</h2><p>校园网登陆认证默认使用身份证后6位作为密码<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxR3BEUXEvVUU4U1cyNUtZWUtPZGUvZkVKWGtyK2NiM1JRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="HUNAU" title=""> </div> <div class="image-caption">HUNAU</div> </figure><br>可以使用Crunch方便地生成需要的字典<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxRkM3L29xRzU4NjZsYzN3bVdmQWY1VFc5U1ROeXZzREZ3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="IDpasswd" title=""> </div> <div class="image-caption">IDpasswd</div> </figure><br>考虑到还有以X结尾的号码:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUFlidld6eGYrakwxTS9oTCtFY2dMODAwYWd5SW9rLzMreTRULzlFWUtZRXpBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="IDpasswdX" title=""> </div> <div class="image-caption">IDpasswdX</div> </figure><br>然后可以使用Burpsuite…</p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>Crunch只是一个生成字典的工具,理论上支持搭配所有暴力破解的工具,比如跑抓到的WIFI握手包,跑压缩包密码等。不管怎么说,以后它将是我如影随形的伙伴了!</p><p><a href="https://github.com/Crunchsec/Crunch" target="_blank" rel="noopener">Crunch Me!</a></p>]]></content>
<summary type="html">
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>很多时候网络上下载的、系统或软件自带的字典效果不尽如人意,这个时候我们可能就需要根据自己的需求生成一个按照我们已经知道的信息来组合的字典。<
</summary>
<category term="Kali" scheme="https://sevge.github.io/about/categories/Kali/"/>
</entry>
<entry>
<title>被玩坏的校园网</title>
<link href="https://sevge.github.io/about/2017/09/27/wang/"/>
<id>https://sevge.github.io/about/2017/09/27/wang/</id>
<published>2017-09-27T09:21:42.000Z</published>
<updated>2018-04-14T01:51:49.771Z</updated>
<content type="html"><![CDATA[<h2 id="校园网的升级"><a href="#校园网的升级" class="headerlink" title="校园网的升级"></a>校园网的升级</h2><p>随着时代的发展,学校也紧跟潮流在今年升(zhang)级(jia)了校园网。之前校园网是纯有线锐捷客户端认证,现在校园网将电信联通合并,加上无线网络覆盖全校,实在是皆大欢喜,可喜可贺,可喜可贺啊!</p><h3 id="有线认证方式"><a href="#有线认证方式" class="headerlink" title="有线认证方式"></a>有线认证方式</h3><p>使用了多年的有线网络,通过锐捷客户端认证,原来¥80一学期还不限速的网络一去不复返咯。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQNTA0VFNyUS9YMmVuY1RjbG9LeHVBVDJBVy9UL3VGdmpBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Ruijie" title=""> </div> <div class="image-caption">Ruijie</div> </figure></p><h3 id="无线认证方式"><a href="#无线认证方式" class="headerlink" title="无线认证方式"></a>无线认证方式</h3><p>第一种方式是连接“HUNAU”,连接后无网络访问权限,通过网页认证,使用未购买套餐的账号登陆可以上学校内网。<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQenBCeWM3cncxNDlZU1duZThpTTNTTml5YU8zWndLNFRBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Wireless1" title=""> </div> <div class="image-caption">Wireless1</div> </figure><br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQenVRMHFKYzQyRzVYaXh2VEhRTEplQ3VJMkJNKzVMaFBRPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="HUNAU" title=""> </div> <div class="image-caption">HUNAU</div> </figure><br>第二种方式是连接“HUNAU-Auto”,热点自带的认证登陆,使用未购买套餐的账号连接也可以上内网<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQeHpBL3dvY1BrVW8ybGd0aWpIS0xrSk5GUnMyTjlBdnlnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Wireless2" title=""> </div> <div class="image-caption">Wireless2</div> </figure><br>当然,身为穷逼的我,肯定是续费了¥80一学期的纯有线网络(如今限速),看着那高带宽和无线网络的价格,实在是消瘦不起。</p><h2 id="已知的方式"><a href="#已知的方式" class="headerlink" title="已知的方式"></a>已知的方式</h2><p>目前我知道的绕过学校认证和限速的方法有以下几种:</p><blockquote><p>1.DNS隧道<br>2.内网VPN<br>3.修改MAC<br>4.我瞎折腾的方法</p></blockquote><p>这里记录一下几种方式的部署和使用,以下纯属实验,只是为了更深入地理解计算机网络相关知识啦~!</p><p>仅供参考,切勿用于不当目的!</p><h2 id="DNS隧道"><a href="#DNS隧道" class="headerlink" title="DNS隧道"></a>DNS隧道</h2><h3 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h3><p>在连接到某个需要 Web 认证的热点之前,我们已经获得了一个内网 IP,此时,如果我们访问某个 HTTP 网站,网关会对这个 HTTP 响应报文劫持并篡改,302 重定向给我们一个 Web 认证界面(所以点 HTTPS 的网站是不可能跳转到 web 认证页面的)。<a href="http://www.ruijie.com.cn/fw/wt/36502" target="_blank" rel="noopener">详细原理</a></p><p>我们看到了,网关(或者说交换机)都默认放行 DHCP 和 DNS 报文,也就是 UDP53 与 UDP 67。有些网关甚至不会报文进行检查,这也就意味着任何形式的数据包都可以顺畅通过。</p><p>既然如此,我们就可以在公网搞一台服务器,然后借此来免费上网,顺便还能防止网络审计(其实只是把钱花在服务器上了)。我们这次免费上网的主要突破点就是 UDP 53,当然了,据一位朋友实践,UDP 67、68也可以绕过 Web 认证。</p><h3 id="环境监测"><a href="#环境监测" class="headerlink" title="环境监测"></a>环境监测</h3><p>在部署之前有必要进行一下环境监测,以免造成因为环境不允许而做的一大堆无用功。<br>打开 cmd(GNU/Linux的终端),输入如下内容<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nslookup www.baidu.com</span><br></pre></td></tr></table></figure></p><p>或者使用<a href="https://github.com/BennyThink/UDP53-Filter-Type" target="_blank" rel="noopener">脚本</a>测试下,这里可以参照博主”土豆不好吃”的文章。<a href="https://www.bennythink.com/udp53.html" target="_blank" rel="noopener">click me</a></p><p>若测试环境允许,可以进行下一步的搭建服务</p><h3 id="服务搭建"><a href="#服务搭建" class="headerlink" title="服务搭建"></a>服务搭建</h3><p>这里也有很详尽的教程,参照CSDN博主”玖洲维城网络科技”的文章。<a href="https://blog.csdn.net/qq_35422558/article/details/78018089" target="_blank" rel="noopener">click me</a></p><p>按照文章所述在服务器安装好Softether,在我的电脑安装上Openvpn并连接就能直接畅游网络了。</p><h3 id="使用心得"><a href="#使用心得" class="headerlink" title="使用心得"></a>使用心得</h3><p>以上,需要一台公网服务器,然后就可以无视认证直接连接到因特网,但由于我使用的是国内的学生机,所以受到带宽的限制…</p><h3 id="下载地址"><a href="#下载地址" class="headerlink" title="下载地址"></a>下载地址</h3><p>Softethrer Server64位版本: 链接: <a href="https://pan.baidu.com/s/1vNvIJscFLQj42XZ_Rnk6Rg" target="_blank" rel="noopener">https://pan.baidu.com/s/1vNvIJscFLQj42XZ_Rnk6Rg</a> 密码: xgjc<br>Softethrer Server树莓派ARM32位版本: 链接:<a href="https://pan.baidu.com/s/1c2GWopy" target="_blank" rel="noopener">https://pan.baidu.com/s/1c2GWopy</a> 密码:fv4b<br>Softether的WINDOWS管理端:链接: <a href="https://pan.baidu.com/s/1bUrtKi" target="_blank" rel="noopener">https://pan.baidu.com/s/1bUrtKi</a> 密码: y8s1<br>Softether的WINDOWS客户端:链接: <a href="https://pan.baidu.com/s/1c24fbLA" target="_blank" rel="noopener">https://pan.baidu.com/s/1c24fbLA</a> 密码: fddr<br>OPVEN_GUI客户端:链接:<a href="https://pan.baidu.com/s/1nvkPPfN" target="_blank" rel="noopener">https://pan.baidu.com/s/1nvkPPfN</a> 密码:fc55</p><h2 id="内网VPN"><a href="#内网VPN" class="headerlink" title="内网VPN"></a>内网VPN</h2><h3 id="简介-1"><a href="#简介-1" class="headerlink" title="简介"></a>简介</h3><p>前面说到,最新的校园网套餐实行了分档次的套餐,不同档次不同速率,这里的不同速率是指访问外网的速率,而内网的访问速率是没有限制的。</p><p>既然这样,那么假如我在学校内网有一台能够上网的机器,利用点对点连接,把它当做跳板不就行了?<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUFlTc2ZGSkl5eGdZQUFtdFpJdUdjd256emhDYVZtRThYS09WZ1BjRXBFSTlnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Vpn_inschool" title=""> </div> <div class="image-caption">Vpn_inschool</div> </figure></p><h3 id="服务搭建-1"><a href="#服务搭建-1" class="headerlink" title="服务搭建"></a>服务搭建</h3><p>恰好我在实验室有这样的资源,一台IP地址为”10.x.x.x”的服务器(其实买个树莓派插在实验室也一样)。按照上述<a href="https://blog.csdn.net/qq_35422558/article/details/78018089" target="_blank" rel="noopener">服务搭建</a>的步骤在这台服务器上安装Softether,然后在我的电脑上使用Openvpn的配置文件直接连接,搞定!</p><h3 id="使用心得-1"><a href="#使用心得-1" class="headerlink" title="使用心得"></a>使用心得</h3><p>以上,在登陆认证并获得内网访问权限后,通过Openvpn-Gui或者Softether客户端连接到我的内网服务器,不会受到任何限速!</p><h2 id="修改MAC"><a href="#修改MAC" class="headerlink" title="修改MAC"></a>修改MAC</h2><h3 id="简介-2"><a href="#简介-2" class="headerlink" title="简介"></a>简介</h3><p>MAC地址在网卡中是固定的,每张网卡的MAC地址都不一样。网卡在制作过程中,厂家会在它的EPROM里面烧录上一组数字,这组数字,每张网卡都各不相同,这就是网卡的MAC(物理)地址。</p><p>由于MAC地址的唯一性,因此它主要用来识别网络中用户的身份。例如ADSL上网时,电信用它来记费,确认是你上的网;在校园网中,MAC地址也可以用来识别用户。对于校园网的正式用户登陆并认证后,其MAC地址会登记在服务器端,假如你是非法用户,服务器中就没有你的网卡MAC地址,这样当你试图连上网时,服务器就会立刻认出你、阻止你连上网络。</p><h3 id="操作步骤"><a href="#操作步骤" class="headerlink" title="操作步骤"></a>操作步骤</h3><ol><li><p>扫描校园局域网中的在线主机,这个根据不同情况操作起来不太一样,我使用的是IP SCANNER。</p></li><li><p>这里以我室友的MAC地址作为示例,看到室友的MAC地址如图:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6UXZNUXhGTmNzWGUyd3Yyb0F5ZGpGQTBDUVMzdDhINS9BPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="The_mac" title=""> </div> <div class="image-caption">The_mac</div> </figure></li><li>在我的电脑中打开”网络与共享中心”-“更改适配器设置”-“以太网”-“属性”-“配置”-“高级”,找到”网络地址”,修改成上图的地址。<figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6WDJ2bmZaU2ZqQjdjRVlFSHZLaTNmdFhCTXovVzYyc3R3PT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="change" title=""> </div> <div class="image-caption">change</div> </figure></li><li>当我按下确定按钮的那一刻,室友的电脑已经断网,而我这边已经可以愉快地上网冲浪了~<figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf3.nosdn.127.net/img/c09lVS9TR3YrUGJ6Wm1EWFlGdmJ6VERZZ3dNUGF4VUJqaVQrSUM1UDlodkxSUXJHL2NldHRnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="fail" title=""> </div> <div class="image-caption">fail</div> </figure></li></ol><h3 id="使用心得-2"><a href="#使用心得-2" class="headerlink" title="使用心得"></a>使用心得</h3><p>因为MAC地址是唯一的,为了防止室友跑过来打我,我马上将设置恢复了初始状态……</p><h2 id="瞎折腾"><a href="#瞎折腾" class="headerlink" title="瞎折腾"></a>瞎折腾</h2><h3 id="简介-3"><a href="#简介-3" class="headerlink" title="简介"></a>简介</h3><p>这种方式完全是我瞎折腾出来的,原理猜测是:无线认证和有线认证是分开的两台服务器,但两者是有同步消息的。在我的电脑,两个客户端(无线认证和有线认证)同时认证卡住两台服务器同步消息的时间,使两台服务器消息矛盾,绕开了他们的限制。</p><h3 id="操作步骤-1"><a href="#操作步骤-1" class="headerlink" title="操作步骤"></a>操作步骤</h3><ol><li><p>将有线网卡禁用,通过无线认证第一种方式连接”HUNAU”,打开浏览器自动跳出登陆网页,这是无线认证服务器的认证端网页,先保留着,URL如下,其中有mac、userip等参数:<br><code>http://10.100.0.12:9090/zportal/loginForWeb?wlanuserip=37c61a32243725e8412223107e8670d4&wlanacname=00aab905808bf54238202dd3074e226b&ssid=99f34848c4e3872f&nasip=3a55a6e233ce66a3e3c9d19c2572b2ea&snmpagentip=&mac=e2483bb22f79a96b0b178e83ca255d91&t=wireless-v2&url=1cd4c9d683b191233d7be2539eb794196a2a58b150f012b910b74a2fde544bac1f10cdd1bb45c9aeec992c5a1746e8ea6ea1b480e0d713af4a1725a95600c0b3&apmac=&nasid=00aab905808bf54238202dd3074e226b&vid=6ff7431ed4e21b22&port=e2bcde16e9a8b04a&nasportid=a25b45948c15af40d095454b31cfa807fcfd7ec39a63f462933adb33ce566a2a</code></p></li><li><p>将无线网卡禁用,打开有线网卡,打开有线认证方式的锐捷客户端。</p></li><li><p>回到浏览器的网页上,打开记住密码和自动登陆:</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf5.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQeFVUQnJ4MXNaeVovakoxa1dTR3Y5TWR4dkJjRTRPYTJBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Login_page" title=""> </div> <div class="image-caption">Login_page</div> </figure></li><li><p>最重要的一步!锐捷认证客户端点连接,然后马上回到网页认证点登陆,手要快!确保几乎在同时认证。</p></li><li><p>然后可以看到两者同时登陆上。<br>若如平时正常登陆有线锐捷客户端,之后再登陆这个网页认证端,其中必有一个被挤下线,也不能访问因特网。</p><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQNHNHSWIrMGhBblNCWUVpcEtMMFNYVnJIL1VCR2EvZnNBPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Login_success" title=""> </div> <div class="image-caption">Login_success</div> </figure><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="http://imglf6.nosdn.127.net/img/c09lVS9TR3YrUGJXNW4zQXB0dTJQMkpYNk01eGcyWUl0TXBPYWUzNVBXSmR6eUhwMzljSjNnPT0.png?imageView&thumbnail=500x0&quality=96&stripmeta=0" alt="Auth_success" title=""> </div> <div class="image-caption">Auth_success</div> </figure></li></ol><h3 id="使用心得-3"><a href="#使用心得-3" class="headerlink" title="使用心得"></a>使用心得</h3><p>网速测试是20M带宽,这种方式好像同时绕过了限速,看到室友2M、4M蛋疼的小水管,躲在角落偷偷笑。</p><p>使用发现,通过这种方式连接的网络十来分钟后会断掉,之后不能解析地址,不能ping通8.8.8.8,QQ不能发送和接收消息,但是奇怪的是正在观看的直播不会断。</p><h2 id="未来"><a href="#未来" class="headerlink" title="未来"></a>未来</h2><p>有待进一步探究…</p>]]></content>
<summary type="html">
<h2 id="校园网的升级"><a href="#校园网的升级" class="headerlink" title="校园网的升级"></a>校园网的升级</h2><p>随着时代的发展,学校也紧跟潮流在今年升(zhang)级(jia)了校园网。之前校园网是纯有线锐捷客户端认证,
</summary>
<category term="网络" scheme="https://sevge.github.io/about/categories/%E7%BD%91%E7%BB%9C/"/>
</entry>
<entry>
<title>这是我在Hexo的第一篇文章!Hexo+Gitpage搭建日记</title>
<link href="https://sevge.github.io/about/2017/09/07/hello-world-1/"/>
<id>https://sevge.github.io/about/2017/09/07/hello-world-1/</id>
<published>2017-09-07T05:05:17.000Z</published>
<updated>2018-04-14T01:38:33.076Z</updated>
<content type="html"><![CDATA[<h2 id="部署"><a href="#部署" class="headerlink" title="部署"></a>部署</h2><p>操作还是挺简单的,具体参照: <a href="https://blog.csdn.net/csdn_yudong/article/details/70837277" target="_blank" rel="noopener">click here</a><br>重复的轮子就不造了,感谢原作者”Yu丶”的详尽教程</p><h2 id="踩过的坑"><a href="#踩过的坑" class="headerlink" title="踩过的坑"></a>踩过的坑</h2><p>这其中必须得提一下部署过程中踩过的坑,纠结了很久。。<br>前面的搭建环境都没有问题,到最后上传部署到gitpage时,<br>运行<code>hexo d</code>没有任何提示。就像这样:<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/03/22/9H5mOP.png" alt="error" title=""> </div> <div class="image-caption">error</div> </figure><br>就是这个东西!deploy选项下面,<br>在配置项的前面必须有两个空格,冒号后面必须有一个空格!<br><figure class="image-bubble"> <div class="img-lightbox"> <div class="overlay"></div> <img src="https://s1.ax1x.com/2018/03/22/9H50kF.png" alt="space" title=""> </div> <div class="image-caption">space</div> </figure><br>所以说,格式非常重要,必须一丝不苟地对待…<br>还有注意本地部署三部曲和部署三部曲:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ hexo clean</span><br><span class="line">$ hexo g</span><br><span class="line">$ hexo s --debug(hexo d)</span><br></pre></td></tr></table></figure></p><h2 id="主题"><a href="#主题" class="headerlink" title="主题"></a>主题</h2><p>在Github上搜索了相关的主题,发现Indigo这个样式挺合我意的。<br>果断使用它了!<a href="https://github.com/yscoder/hexo-theme-indigo/wiki" target="_blank" rel="noopener">click here</a><br>感谢”yscoder”大神的无私奉献,让我这样的小白也能用上漂亮的主题!<br>根据以上文档进行自定义修改:</p><h3 id="站点配置"><a href="#站点配置" class="headerlink" title="站点配置"></a>站点配置</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br></pre></td><td class="code"><pre><span class="line"># Hexo Configuration</span><br><span class="line">## Docs: https://hexo.io/docs/configuration.html</span><br><span class="line">## Source: https://github.com/hexojs/hexo/</span><br><span class="line"></span><br><span class="line"># Site</span><br><span class="line">title: Sevge's Blog</span><br><span class="line">subtitle: </span><br><span class="line">description: My Blog</span><br><span class="line">author: Sevge</span><br><span class="line">language: zh-CN</span><br><span class="line">timezone:</span><br><span class="line"></span><br><span class="line"># URL</span><br><span class="line">## If your site is put in a subdirectory, set url as 'http://yoursite.com/child' and root as '/child/'</span><br><span class="line">url: https://sevge.github.io/about/</span><br><span class="line">root: /</span><br><span class="line">permalink: :year/:month/:day/:title/</span><br><span class="line">permalink_defaults:</span><br><span class="line"></span><br><span class="line"># Directory</span><br><span class="line">source_dir: source</span><br><span class="line">public_dir: public</span><br><span class="line">tag_dir: tags</span><br><span class="line">archive_dir: archives</span><br><span class="line">category_dir: categories</span><br><span class="line">code_dir: downloads/code</span><br><span class="line">i18n_dir: :lang</span><br><span class="line">skip_render:</span><br><span class="line"></span><br><span class="line"># Writing</span><br><span class="line">new_post_name: :title.md # File name of new posts</span><br><span class="line">default_layout: post</span><br><span class="line">titlecase: false # Transform title into titlecase</span><br><span class="line">external_link: true # Open external links in new tab</span><br><span class="line">filename_case: 0</span><br><span class="line">render_drafts: false</span><br><span class="line">post_asset_folder: false</span><br><span class="line">relative_link: false</span><br><span class="line">future: true</span><br><span class="line">highlight:</span><br><span class="line"> enable: true</span><br><span class="line"> line_number: true</span><br><span class="line"> auto_detect: false</span><br><span class="line"> tab_replace:</span><br><span class="line"> </span><br><span class="line"># Home page setting</span><br><span class="line"># path: Root path for your blogs index page. (default = '')</span><br><span class="line"># per_page: Posts displayed per page. (0 = disable pagination)</span><br><span class="line"># order_by: Posts order. (Order by date descending by default)</span><br><span class="line">index_generator:</span><br><span class="line"> path: ''</span><br><span class="line"> per_page: 10</span><br><span class="line"> order_by: -date</span><br><span class="line"> </span><br><span class="line"># Category & Tag</span><br><span class="line">default_category: uncategorized</span><br><span class="line">category_map:</span><br><span class="line">tag_map:</span><br><span class="line"></span><br><span class="line"># Date / Time format</span><br><span class="line">## Hexo uses Moment.js to parse and display date</span><br><span class="line">## You can customize the date format as defined in</span><br><span class="line">## http://momentjs.com/docs/#/displaying/format/</span><br><span class="line">date_format: YYYY-MM-DD</span><br><span class="line">time_format: HH:mm:ss</span><br><span class="line"></span><br><span class="line"># Pagination</span><br><span class="line">## Set per_page to 0 to disable pagination</span><br><span class="line">per_page: 7</span><br><span class="line">pagination_dir: page</span><br><span class="line"></span><br><span class="line"># Extensions</span><br><span class="line">## Plugins: https://hexo.io/plugins/</span><br><span class="line">## Themes: https://hexo.io/themes/</span><br><span class="line">theme: indigo</span><br><span class="line"></span><br><span class="line">feed:</span><br><span class="line"> type: atom</span><br><span class="line"> path: atom.xml</span><br><span class="line"> limit: 0</span><br><span class="line"></span><br><span class="line">jsonContent:</span><br><span class="line"> meta: false</span><br><span class="line"> pages: false</span><br><span class="line"> posts:</span><br><span class="line"> title: true</span><br><span class="line"> date: true</span><br><span class="line"> path: true</span><br><span class="line"> text: true</span><br><span class="line"> raw: false</span><br><span class="line"> content: false</span><br><span class="line"> slug: false</span><br><span class="line"> updated: false</span><br><span class="line"> comments: false</span><br><span class="line"> link: false</span><br><span class="line"> permalink: false</span><br><span class="line"> excerpt: false</span><br><span class="line"> categories: false</span><br><span class="line"> tags: true</span><br><span class="line"></span><br><span class="line"># Deployment</span><br><span class="line">## Docs: https://hexo.io/docs/deployment.html</span><br><span class="line">deploy:</span><br><span class="line"> type: git</span><br><span class="line"> repo: git@github.com:Sevge/sevge.github.io.git</span><br><span class="line"> branch: master</span><br></pre></td></tr></table></figure><h3 id="主题配置"><a href="#主题配置" class="headerlink" title="主题配置"></a>主题配置</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br><span class="line">148</span><br><span class="line">149</span><br><span class="line">150</span><br><span class="line">151</span><br><span class="line">152</span><br><span class="line">153</span><br><span class="line">154</span><br><span class="line">155</span><br><span class="line">156</span><br><span class="line">157</span><br><span class="line">158</span><br><span class="line">159</span><br><span class="line">160</span><br><span class="line">161</span><br><span class="line">162</span><br><span class="line">163</span><br></pre></td><td class="code"><pre><span class="line"># hexo-theme-indigo</span><br><span class="line"># https://github.com/yscoder/hexo-theme-indigo</span><br><span class="line"></span><br><span class="line"># 添加新菜单项遵循以下规则</span><br><span class="line"># menu:</span><br><span class="line"># link: fontawesome图标,省略前缀,本主题前缀为 icon-,必须</span><br><span class="line"># text: About 菜单显示的文字,如果省略即默认与图标一致,首字母会转大写</span><br><span class="line"># url: /about 链接,绝对或相对路径,必须。</span><br><span class="line"># target: _blank 是否跳出,省略则在当前页面打开</span><br><span class="line">menu:</span><br><span class="line"> home:</span><br><span class="line"> text: 主页</span><br><span class="line"> url: /</span><br><span class="line"> archives:</span><br><span class="line"> text: 归档</span><br><span class="line"> url: /archives</span><br><span class="line"># tags:</span><br><span class="line"># text: 标签</span><br><span class="line"># url: /tags</span><br><span class="line"> th-list:</span><br><span class="line"> text: 分类</span><br><span class="line"> url: /categories</span><br><span class="line"># github:</span><br><span class="line"># url: https://github.com/sevge</span><br><span class="line"># target: _blank</span><br><span class="line"> link:</span><br><span class="line"> text: 关于</span><br><span class="line"> url: /about</span><br><span class="line"></span><br><span class="line"># 你的头像url</span><br><span class="line">avatar: /img/avatar.jpg</span><br><span class="line"># avatar link</span><br><span class="line">avatar_link: /</span><br><span class="line"># 头像背景图</span><br><span class="line">brand: /img/brand.jpg</span><br><span class="line"># favicon</span><br><span class="line">favicon: /favicon.ico</span><br><span class="line"></span><br><span class="line"># email</span><br><span class="line">email: sevge6582@gmail.com</span><br><span class="line"></span><br><span class="line"># 设置 Android L Chrome 浏览器状态栏颜色</span><br><span class="line">color: '#3F51B5'</span><br><span class="line"></span><br><span class="line"># 页面标题</span><br><span class="line">tags_title: Tags</span><br><span class="line">archives_title: Archives</span><br><span class="line">categories_title: Categories</span><br><span class="line"></span><br><span class="line"># 文章截断</span><br><span class="line">excerpt_render: false</span><br><span class="line">excerpt_length: 200</span><br><span class="line">excerpt_link: 阅读全文...</span><br><span class="line">mathjax: false</span><br><span class="line">archive_yearly: true</span><br><span class="line"></span><br><span class="line"># 是否显示文章最后更新时间</span><br><span class="line">show_last_updated: false</span><br><span class="line"></span><br><span class="line"># 是否开启分享</span><br><span class="line">share: true</span><br><span class="line"></span><br><span class="line"># 是否开启打赏,关闭 reward: false</span><br><span class="line">reward: false</span><br><span class="line"># title: 谢谢大爷~</span><br><span class="line"># wechat: /img/wechat.jpg #微信,关闭设为 false</span><br><span class="line"># alipay: /img/alipay.jpg #支付宝,关闭设为 false</span><br><span class="line"></span><br><span class="line"># 是否开启搜索</span><br><span class="line">search: true</span><br><span class="line"></span><br><span class="line"># 是否大屏幕下文章页隐藏导航</span><br><span class="line">hideMenu: true</span><br><span class="line"></span><br><span class="line"># 是否开启toc</span><br><span class="line"># toc: false</span><br><span class="line">toc:</span><br><span class="line"> list_number: true # 是否显示数字排序</span><br><span class="line"></span><br><span class="line"># 文章页留言内容,hexo中所有变量及辅助函数等均可调用,具体请查阅 hexo.io</span><br><span class="line">postMessage: </span><br><span class="line">#这里可以写作者留言,标签和 hexo 中所有变量及辅助函数等均可调用,示例:<a href="<%- url_for(page.path).replace(/index\.html$/, '') %>" target="_blank" rel="external"><%- page.permalink.replace(/index\.html$/, '') %></a></span><br><span class="line"></span><br><span class="line"># 站长统计,如要开启,输入CNZZ站点id,如 cnzz: 1255152447</span><br><span class="line">cnzz: false</span><br><span class="line"></span><br><span class="line"># 百度统计,如要开启,改为你的 key</span><br><span class="line">baidu_tongji: false</span><br><span class="line"></span><br><span class="line"># 腾讯分析,如要开启,输入站点id</span><br><span class="line">tajs: false</span><br><span class="line"></span><br><span class="line"># google</span><br><span class="line">google_analytics: false</span><br><span class="line">google_site_verification: false</span><br><span class="line"></span><br><span class="line"># less</span><br><span class="line">less:</span><br><span class="line"> compress: true</span><br><span class="line"> paths:</span><br><span class="line"> - source/css/style.less</span><br><span class="line"></span><br><span class="line"># 以下评论插件开启一个即可</span><br><span class="line"># 是否开启 disqus</span><br><span class="line">disqus_shortname: false</span><br><span class="line"># 是否开启友言评论, 填写友言用户id</span><br><span class="line">uyan_uid: false</span><br><span class="line"># 是否使用 gitment,https://github.com/imsun/gitment</span><br><span class="line">gitment: false</span><br><span class="line"># gitment:</span><br><span class="line"># owner:</span><br><span class="line"># repo:</span><br><span class="line"># client_id:</span><br><span class="line"># client_secret:</span><br><span class="line"></span><br><span class="line"># Valine Comment system. https://valine.js.org</span><br><span class="line">valine:</span><br><span class="line"> enable: false # 如果你想使用valine,请将值设置为 true</span><br><span class="line"> appId: # your leancloud appId</span><br><span class="line"> appKey: # your leancloud appKey</span><br><span class="line"> notify: false # Mail notify</span><br><span class="line"> verify: false # Verify code</span><br><span class="line"> avatar: mm # Gravatar style : mm/identicon/monsterid/wavatar/retro/hide</span><br><span class="line"> placeholder: Just go go # Comment Box placeholder</span><br><span class="line"> guest_info: nick,mail,link # Comment header info</span><br><span class="line"> pageSize: 10 # comment list page size</span><br><span class="line"></span><br><span class="line"># 是否开启Hyper Comments,填写id则启用,false则禁用。http://hypercomments.com</span><br><span class="line"># Hyper Comments support. Write your id here, or false to disable</span><br><span class="line">hyper_id: false</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"># 规范网址</span><br><span class="line"># 让搜索引擎重定向你的不同域名、不同子域、同域不同目录的站点到你期望的路径</span><br><span class="line"># https://support.google.com/webmasters/answer/139066</span><br><span class="line"># 假设配置为 canonical: http://imys.net,那么从搜索引擎中 www.imys.net 进入会重定向到 imys.net</span><br><span class="line">canonical: false</span><br><span class="line"></span><br><span class="line"># 版权起始年份</span><br><span class="line">since_year: 2017</span><br><span class="line"></span><br><span class="line"># 用户页面中作者相关的描述性文字,如不需要设为 false</span><br><span class="line">about: 只是一只奔跑的柯基啦(> ~ <)</span><br><span class="line"></span><br><span class="line"># “不蒜子”访问量统计,详见 http://ibruce.info/2015/04/04/busuanzi/</span><br><span class="line">visit_counter: false</span><br><span class="line"># site_uv: 站点总访客数:</span><br><span class="line"># site_pv: 站点总访问量:</span><br><span class="line"></span><br><span class="line"># 动态定义title</span><br><span class="line">title_change:</span><br><span class="line"> normal: (つェ⊂)咦!又好了!</span><br><span class="line"> leave: 死鬼去哪里了!</span><br><span class="line"></span><br><span class="line"># 设置为 true 发布后将使用 unpkg cdn 最新的主题样式</span><br><span class="line"># 如果想让你的自定义样式生效,把此项设为 false</span><br><span class="line">cdn: false</span><br><span class="line"></span><br><span class="line"># 设置为 true 将使用 lightbox render 图片</span><br><span class="line">lightbox: true</span><br><span class="line"></span><br><span class="line"># icp备案号 ICP_license: 京ICP备1234556号-1</span><br><span class="line">ICP_license: false</span><br></pre></td></tr></table></figure><h3 id="主题配色"><a href="#主题配色" class="headerlink" title="主题配色"></a>主题配色</h3><p>由于个人喜欢低调的灰色,参照<a href="https://www.materialpalette.com/" target="_blank" rel="noopener">Material Design Color Palette Generator</a>将站点默认的靛蓝修改成灰色:<br>编辑<code>theme/indigo/source/css/_partial/variable.less</code>,更改对应的颜色变量<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">@darkPrimaryColor: #616161;</span><br><span class="line">@primaryColor: #9e9e9e;</span><br><span class="line">@lightPrimaryColor: #f5f5f5;</span><br><span class="line">@textPrimaryColor: #212121;</span><br><span class="line">@accentColor: #536dfe;</span><br><span class="line">@primaryTextColor: #212121;</span><br><span class="line">@secondaryTextColor: #757575;</span><br><span class="line">@dividerColor: #bdbdbd;</span><br><span class="line">@borderColor: #dadada;</span><br><span class="line">@backColor: #f6f6f6;</span><br><span class="line">@codeBg: #f5f5f5;</span><br></pre></td></tr></table></figure></p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>完成!<br>不管怎么说,作为菜鸟的我也开始了写博客的旅程。</p><p>今后还请多多指教了!</p>]]></content>
<summary type="html">
<h2 id="部署"><a href="#部署" class="headerlink" title="部署"></a>部署</h2><p>操作还是挺简单的,具体参照: <a href="https://blog.csdn.net/csdn_yudong/article/deta
</summary>
<category term="前端" scheme="https://sevge.github.io/about/categories/%E5%89%8D%E7%AB%AF/"/>
</entry>
</feed>