一、处理vsftpd漏洞 【vsftpd安全漏洞(CVE-2021-30047)】
#操作时间: 2025年1月
#操作系统1:bclinux euler 21.10
#方法一: 编译安装
#### bclinux Euler 21.10 升级到 vsftpd 3.0.5 操作步骤.
#此时已经安装了vsftpd-3.0.3-32.oe1.x86_64 (这里的操作并没有卸载旧的vsftpd 3.0.3)
#切root
sudo -i
#备份 rpm -qc vsftpd
cp /etc/logrotate.d/vsftpd /etc/logrotate.d/vsftpd_bak202501
#cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_bak202501
cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers_bak202501
cp /etc/vsftpd/user_list /etc/vsftpd/user_list_bak202501
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak202501
#wget https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz
yum install libcap-devel -y
#
cd /home/xxx/new-vsftpdP
tar -xf vsftpd-3.0.5.tar.gz
cd vsftpd-3.0.5
make
make install
cd /usr/sbin/
mv vsftpd vsftpd_bak3.0.3
cp /usr/local/sbin/vsftpd /usr/sbin/vsftpd
###
echo 'background=YES' >> /etc/vsftpd/vsftpd.conf
#查看验证 是不是 vsftpd 3.0.5
systemctl restart vsftpd
systemctl status vsftpd
cd ~
vsftpd -v
#方法二:rpm包升级 , 注意与其对标的 openEuler-20.03-LTS/ 官网已不维护。 (这里用的 SP4里面的包)
rpm包来源:https://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/x86_64/Packages/
wget https://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/x86_64/Packages/vsftpd-3.0.3-32.oe2003sp4.x86_64.rpm
wget https://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/x86_64/Packages/vsftpd-help-3.0.3-32.oe2003sp4.x86_64.rpm
######
#!/bin/bash
#备份 rpm -qc vsftpd
sudo cp /etc/logrotate.d/vsftpd /etc/logrotate.d/vsftpd_bak202501
#sudo cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_bak202501
sudo cp /etc/vsftpd/ftpusers /etc/vsftpd/ftpusers_bak202501
sudo cp /etc/vsftpd/user_list /etc/vsftpd/user_list_bak202501
sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak202501
cd /home/xxx/new-vsftpdP && sudo rpm -Uvh *.rpm
#加上这句的缘故是因为新版本vsftpd 如果配了基线 chroot_local_user=YES ,就要配置这个。
#报错信息:500 OOPS: vsftpd: refusing to run with writable root inside chroot() Login failed.
sudo sh -c 'sudo echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf'
sudo tail /etc/vsftpd/vsftpd.conf
sudo systemctl daemon-reload
sudo systemctl restart vsftpd
sudo systemctl enable vsftpd
sudo systemctl status vsftpd
vsftpd -v
rpm -qa | grep vsftp
#操作系统2:kylin v10 升级 vsftpd (原本的版本是 vsftpd-3.0.3-30.ky10.x86_64)
#rpm包来源:
wget https://update.cs2c.com.cn/NS/V10/V10SP3.1/os/adv/lic/base/x86_64/Packages/vsftpd-help-3.0.3-32.ky10.x86_64.rpm
wget https://update.cs2c.com.cn/NS/V10/V10SP3.1/os/adv/lic/base/x86_64/Packages/vsftpd-3.0.3-32.ky10.x86_64.rpm
rpm -Uvh vsftpd-3.0.3-32.ky10.x86_64.rpm
rpm -uVh vsftpd-help-3.0.3-32.ky10.x86_64.rpm
END
二、处理ntp漏洞 【NTPMode6检测漏洞【原理扫描】】
#操作系统1:bclinux euler 21.10
cp /etc/ntp.conf /etc/ntp.conf.bak20250109
echo '### fix NTPMode6 BUG' >> /etc/ntp.conf
echo 'server ip_address' >> /etc/ntp.conf
echo 'restrict -6 default nomodify notrap noquery' >> /etc/ntp.conf
echo 'restrict :: default nomodify notrap noquery' >> /etc/ntp.conf
echo 'restrict default nomodify notrap noquery' >> /etc/ntp.conf
echo 'disable monitor' >> /etc/ntp.conf
tail /etc/ntp.conf
systemctl restart ntpd
systemctl status ntpd
参考:https://blog.youkuaiyun.com/weixin_36808034/article/details/132454921 《修复NTP mode-6查询漏洞》
# 在 2025年11月7日 更新: 【发现按照下面的内容来配置,才能解决该漏洞。】
~]# cat /etc/ntp.conf | grep -v "#"
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap noquery
server 127.127.1.0
server 10.184.233.84
disable monitor
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict :: default kod nomodify notrap nopeer noquery
disable mode6
###
systemctl restart ntpd ; systemctl status ntpd
ntpq -p
END
三、处理tomcat漏洞
#1 、更新到tomcat 8.0.99 【ApacheTomcat安全漏洞(CVE-2024-23672)】 修改版本信息(伪)
cd xx/lib
vim catalina.jar的 ServerInfo.properties的:
server.info=Apache Tomcat/8.5.99
server.number=8.5.99.0
server.built=Feb 14 2024 22:52:13 UTC
#2、更新到tomcat 9.0.98 【tomcat-embed-core-9.0.98.jar】 【ApacheTomcat安全漏洞(CVE-2024-52316)】
与开发沟通,发版更新 lib文件和 xxx4a-0.0.1-SNAPSHOT.jar
END
四、可清理oracle文件-随记 (xml、trc、trm、aud文件)
#AIX , oracle 11g
磁盘容量告警,可清理下面的文件:
#1
cd /oracle/app/oracle/admin/xxapp/adump
find ./ -type f -mtime +180 -name "*.aud" |xargs -i rm {};
#2
cd /oracle/app/oracle/diag/rdbms/xxxbak/xxxbak1/alert && find ./ -type f -mtime +1 -name "*.xml" |xargs -i rm {};
#3
cd /oracle/app/oracle/diag/rdbms/xxxbak/xxxbak1/trace && find ./ -type f -mtime +1 -name "*.tr*" |xargs -i rm {};
五、harbor v2.6.0 升级到 v2.9.5 操作过程 - 随记
### 实际操作: root用户操作 (修复harbor漏洞CVE-2024-22278 、CVE-2024-22244)
#之前已下载好harbor-offline-installer-v2.6.0.tgz 、 harbor-offline-installer-v2.9.5.tgz
#并分别解压到/data/harborPackages 下
cd /data/harborPackages/harbor2.6.0/harbor
docker-compose down -v
#备份harbor的数据目录
cd /data
cp -rp harbor harbor_oldbak
#
cd /data/harborPackages/harbor2.6.0/harbor
cp harbor.yml /data/harborPackages/harbor2.9.5/harbor
cd /data/harborPackages/harbor2.9.5/harbor
docker load -i harbor.v2.9.5.tar.gz
docker run -it --rm -v /:/hostfs goharbor/prepare:v2.9.5 migrate -i /data/harborPackages/harbor2.9.5/harbor/harbor.yml
./install.sh
参考:https://zhuanlan.zhihu.com/p/666840536
END
六、物理机centos7 , 物理网卡损坏故障(无法ping通,sshd) - 随记
#环境信息:
centos7.9.2009 (Core) 。 双网卡【master: ifcfg-bond0 网卡 ; 2个slave网卡:ifcfg-enp33s0f0 ,ifcfg-enp33s0f1 】
#故障描述:
机器xx.76无法ping通别的机器,别的机器也不能ping通它。(无法ssh登录)(只能使用 远程控制卡界面 远程操作【suma曙光】)
#这些网卡配置文件也是没有改动的。
# ifcfg-bond0 配置信息:
]# cat ifcfg-bond0
DEVICE=bond0
BOOTPROTO=static
USERCTL=no
ONBOOT=yes
TYPE=Bond
BONDING_MASTER=yes
BONDING_OPTS="mode=1 miimon=100"
IPADDR=1xx.xx.xx.76
NETMASK=255.255.255.224
GATEWAY=1xx.xx.xx.65
# ifcfg-enp33s0f0 配置信息:
]# cat ifcfg-enp33s0f0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp33s0f0
UUID=ae018c6c-3b59-4377-930d-f05128cf1fee
DEVICE=enp33s0f0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
# ifcfg-enp33s0f1 配置信息:
]# cat ifcfg-enp33s0f1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp33s0f1
UUID=85f2abfa-d567-4c58-a310-a50fd6832a0c
DEVICE=enp33s0f1
ONBOOT=yes
MASTER=bond0
SLAVE=yes
排查大致过程:
出故障之前,没有对该机器进行操作 (没有发版,更改系统配置啥的)。
此时执行hostname -I , ip a 他是能显示出 1xx.xx.xx.76 的ip信息的。 但是他的state 显示是 DOWN
别人ping 1xx.xx.xx.76 的时候出现 Destination Host Unreachable (这种情况之前遇过,要么有防火墙,要么IP不存在)
network 服务 、 networkManager都是开启的。 跟关闭是否关闭 networkManager 无关联。
查看/var/log/message日志
ifup bond0 【显示 Device enxxx does not seem to be present delaying initialization】
随后试了网上的方法【删除/etc/udev/rules.d/70-persistent-net.rules文件 、修改UUID 、 MAC地址冲突? 】,发现没有作用。
#分别在好的、坏的机器执行下面指令(对比显示内容):
ip link show
nmcli connection show
nmcli device
nmcli device show
ethtool bond0 (是否 Link detected: yes )
ethtool enp33s0f0
ethtool enp33s0f1
lspci|grep -i net
看看日志/var/log/message 、 dmesg
####
不能这么用,你一直在用connection去启动bond0,实际没有叫做bond0的连接(而是叫Bond bond0),你要启动这个设备的话,应该是nmcli device up bond0,不是nmcli connection up bond0
经过上面的对比。那时候有了下面的想法:
想法1: 就是不做bond0网卡, 换成单个网卡模式。 看看此时 ping是否正常
猜想2: 再者 会不会是“物理网卡”坏了
猜想3: “查看物理链路”。物理链路,肉眼看,或者服务器硬件管理员,或者网管看 【但是他们今天去机房看有没有问题】
查看BMC界面:
没有slot1信息(光网卡看起来有故障了) ,【没有报错 (“严重”,“紧急”)信息 。 少了个 slot1. 但没见有告警信息】
##—### BMC 正常的PCie卡界面的截图:【有slot1 、 slot2】
最终处理操作:
去机房,更换服务器的物理网卡。
七、使用 lsof 、 fuser 、 pwdx 、 ps -ef 去定位文件对应的程序。
问题描述:
/home/磁盘爆满, 发现/home/test 下有个 nohup.out文件。但该目录下,没有写启动脚本,应用的web 、 jar包也没见。
#排查手法:
[test ~]$ lsof nohup.out
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 263176 test 1w REG 253,6 135989543 3149417 nohup.out
java 263176 test 2w REG 253,6 135989543 3149417 nohup.out
[test ~]$ pwdx 263176
263176: /home/test
[test ~]$ ps -ef | grep 263176
test 263176 1 6 Jan18 ? 1-01:39:07 /usr/java/jdk1.8.0_131/bin/java -jar /data/alarm_iom/iom.alarm-0.0.1.jar --logging.file=/data/alarm_iom/logs/alarm.log
#为了避免 nohup.out过大,启动指令改成:
nohup /usr/java/jdk1.8.0_131/bin/java -jar /data/alarm_iom/iom.alarm-0.0.1.jar --logging.file=/data/alarm_iom/logs/alarm.log > /dev/null 2>&1 &
八、衡石hengshi ,导入25mb大小的数据文件,出现400 / 504 timeout报错 - 处理随记
1、追加数据集的时候,刷新数据集是在一个事务里面 应该超过了事务时间 在衡石配置文件/opt/hengshi/conf/hengshi-sense-env.sh 增加一个系统参数:
export PG_IDLE_IN_TRANSACTION_SESSION_TIMEOUT=600000 ,然后重启服务 再试下
2、超过百万的数据集 建议使用数据集成来做,这样不会受事务管理,引擎连接应该建过 输出路径选择引擎 把初始化数据导入进去 后面追加都在数据集成中去追加
#修改1 对应nginx反代文件 :
location ^~ /hs/ {
proxy_pass http://10.xx.xx.x2:8080/;
proxy_set_header Host $http_host;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
#修改2 hengshi-sense-env.sh文件 :
export PG_IDLE_IN_TRANSACTION_SESSION_TIMEOUT=600000
#重启衡石服务 普通用户操作
cd /data/hengshi
bin/hengshi-sense-bin stop all
bin/hengshi-sense-bin start all
echo $?
bin/hengshi-sense-bin status all
九、Cloudera Manager界面YARN的下出现OOM问题 - 随记
#Cloudera Manager大数据集群管理工具,简化 Hadoop 集群的部署、管理和监控
出现报错:该角色在之前的5分钟中遇到1次意外退出。这包括由于OutOfMemory错误而导致的1退出。临界阈值:任意。
#处理方法: (这里处理的是YARN的问题。 agent【ResourceManager连接性、Web服务器状态】的另外处理。)
【NodeManager的Java堆栈大小(字节)】,增大内存(8GB --> 10GB),然后重启对应的nodeManager节点。
十、linux服务器内部,查看磁盘的raid类型和对应盘符。 安装storcli指令
大致思路:先查看对应的所有物理磁盘+虚拟磁盘raid上的槽位号。人工对比,就知道RAID上哪些是一组。
0:0
0:1
这些就是硬盘槽位。
软件下载路径: https://www.broadcom.com/site-search?q=storcli
https://docs.broadcom.com/docs/Unified_storcli_all_os_7.2309.0000.0000.zip
选择安装服务器相关版本。【笔者这里bclinux Euler 21.10U3 LTS 的aarch64架构 和 BCLinux 8.2 (Core)的x86_64架构 都可正常使用】
rpm -ivh storcli-007.2310.0000.0000-1.aarch64.rpm
ln -s /opt/MegaRAID/storcli/storcli64 /bin/storcli
ln -s /opt/MegaRAID/storcli/storcli64 /sbin/storcli
cd /opt/MegaRAID/storcli
#方法一: 查看c0控制下的所有RAID信息
./storcli64 /c0/vall show
./storcli64 /c0/vall show all | grep -C 20 -i "/dev/sd"
完整内容:【查看关键字/dev/sd 和 VD 。 从下面内容可知 磁盘/dev/sdk 和 /dev/sdl 做了 RAID1】
## 1
]# ./storcli64 /c0/vall show
CLI Version = 007.2310.0000.0000 Nov 02, 2022
Operating system = Linux 4.19.90-2107.6.0.0192.8.oe1.bclinux.aarch64
Controller = 0
Status = Success
Description = None
Virtual Drives :
==============
---------------------------------------------------------------
DG/VD TYPE State Access Consist Cache Cac sCC Size Name
---------------------------------------------------------------
1/238 RAID1 Optl RW Yes RWTD - ON 7.276 TB
0/239 RAID1 Optl RW Yes RWTD - ON 446.625 GB
---------------------------------------------------------------
VD=Virtual Drive| DG=Drive Group|Rec=Recovery
Cac=CacheCade|OfLn=OffLine|Pdgd=Partially Degraded|Dgrd=Degraded
Optl=Optimal|dflt=Default|RO=Read Only|RW=Read Write|HD=Hidden|TRANS=TransportReady
B=Blocked|Consist=Consistent|R=Read Ahead Always|NR=No Read Ahead|WB=WriteBack
AWB=Always WriteBack|WT=WriteThrough|C=Cached IO|D=Direct IO|sCC=Scheduled
Check Consistency
#########
## 2
]# ./storcli64 /c0/vall show all
CLI Version = 007.2310.0000.0000 Nov 02, 2022
Operating system = Linux 4.19.90-2107.6.0.0192.8.oe1.bclinux.aarch64
Controller = 0
Status = Success
Description = None
/c0/v238 :
========
-------------------------------------------------------------
DG/VD TYPE State Access Consist Cache Cac sCC Size Name
-------------------------------------------------------------
1/238 RAID1 Optl RW Yes RWTD - ON 7.276 TB
-------------------------------------------------------------
VD=Virtual Drive| DG=Drive Group|Rec=Recovery
Cac=CacheCade|OfLn=OffLine|Pdgd=Partially Degraded|Dgrd=Degraded
Optl=Optimal|dflt=Default|RO=Read Only|RW=Read Write|HD=Hidden|TRANS=TransportReady
B=Blocked|Consist=Consistent|R=Read Ahead Always|NR=No Read Ahead|WB=WriteBack
AWB=Always WriteBack|WT=WriteThrough|C=Cached IO|D=Direct IO|sCC=Scheduled
Check Consistency
PDs for VD 238 :
==============
--------------------------------------------------------------------------------
EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp Type
--------------------------------------------------------------------------------
251:0 9 Onln 1 7.276 TB SATA HDD N N 512B HGST HUS728T8TALE6L4 U -
251:1 11 Onln 1 7.276 TB SATA HDD N N 512B HGST HUS728T8TALE6L4 U -
--------------------------------------------------------------------------------
EID=Enclosure Device ID|Slt=Slot No|DID=Device ID|DG=DriveGroup
DHS=Dedicated Hot Spare|UGood=Unconfigured Good|GHS=Global Hotspare
UBad=Unconfigured Bad|Sntze=Sanitize|Onln=Online|Offln=Offline|Intf=Interface
Med=Media Type|SED=Self Encryptive Drive|PI=Protection Info
SeSz=Sector Size|Sp=Spun|U=Up|D=Down|T=Transition|F=Foreign
UGUnsp=UGood Unsupported|UGShld=UGood shielded|HSPShld=Hotspare shielded
CFShld=Configured shielded|Cpybck=CopyBack|CBShld=Copyback Shielded
UBUnsp=UBad Unsupported|Rbld=Rebuild
VD238 Properties :
================
Strip Size = 256 KB
Number of Blocks = 15626993664
VD has Emulated PD = Yes
Span Depth = 1
Number of Drives Per Span = 2
Write Cache(initial setting) = WriteBack
Disk Cache Policy = Disk's Default
Encryption = None
Data Protection = None
Active Operations = Consistency Check (10%)
Exposed to OS = Yes
OS Drive Name = /dev/sdk
Creation Date = 06-02-2025
Creation Time = 09:40:57 AM
Emulation type = default
Cachebypass size = Cachebypass-64k
Cachebypass Mode = Cachebypass Intelligent
Is LD Ready for OS Requests = Yes
SCSI NAA Id = 600062b215c23e402f374029af9c3dac
Unmap Enabled = No
/c0/v239 :
========
---------------------------------------------------------------
DG/VD TYPE State Access Consist Cache Cac sCC Size Name
---------------------------------------------------------------
0/239 RAID1 Optl RW Yes RWTD - ON 446.625 GB
---------------------------------------------------------------
VD=Virtual Drive| DG=Drive Group|Rec=Recovery
Cac=CacheCade|OfLn=OffLine|Pdgd=Partially Degraded|Dgrd=Degraded
Optl=Optimal|dflt=Default|RO=Read Only|RW=Read Write|HD=Hidden|TRANS=TransportReady
B=Blocked|Consist=Consistent|R=Read Ahead Always|NR=No Read Ahead|WB=WriteBack
AWB=Always WriteBack|WT=WriteThrough|C=Cached IO|D=Direct IO|sCC=Scheduled
Check Consistency
PDs for VD 239 :
==============
----------------------------------------------------------------------------------------
EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp Type
----------------------------------------------------------------------------------------
251:12 1 Onln 0 446.625 GB SATA SSD N N 512B SAMSUNG MZ7LH480HAHQ-00005 U -
251:13 0 Onln 0 446.625 GB SATA SSD N N 512B SAMSUNG MZ7LH480HAHQ-00005 U -
----------------------------------------------------------------------------------------
EID=Enclosure Device ID|Slt=Slot No|DID=Device ID|DG=DriveGroup
DHS=Dedicated Hot Spare|UGood=Unconfigured Good|GHS=Global Hotspare
UBad=Unconfigured Bad|Sntze=Sanitize|Onln=Online|Offln=Offline|Intf=Interface
Med=Media Type|SED=Self Encryptive Drive|PI=Protection Info
SeSz=Sector Size|Sp=Spun|U=Up|D=Down|T=Transition|F=Foreign
UGUnsp=UGood Unsupported|UGShld=UGood shielded|HSPShld=Hotspare shielded
CFShld=Configured shielded|Cpybck=CopyBack|CBShld=Copyback Shielded
UBUnsp=UBad Unsupported|Rbld=Rebuild
VD239 Properties :
================
Strip Size = 256 KB
Number of Blocks = 936640512
VD has Emulated PD = Yes
Span Depth = 1
Number of Drives Per Span = 2
Write Cache(initial setting) = WriteBack
Disk Cache Policy = Disk's Default
Encryption = None
Data Protection = None
Active Operations = None
Exposed to OS = Yes
OS Drive Name = /dev/sdl
Creation Date = 03-01-2025
Creation Time = 04:51:58 AM
Emulation type = default
Cachebypass size = Cachebypass-64k
Cachebypass Mode = Cachebypass Intelligent
Is LD Ready for OS Requests = Yes
SCSI NAA Id = 600062b215c23e402f0a296eae42ec7c
Unmap Enabled = No
另一台服务器x86_64的截图
方法二: fdisk -l /dev/sdxx 查看 “显示 Disk model: MR9560-8i 的就是raid,显示硬盘型号的就是直通” 【注意:该方法不是通用的】
fdisk -l 里的Disk model:
./storcli64 show all里面的Model 【显示MegaRAID9560-8i4GB】
参考文章:
https://blog.youkuaiyun.com/maitianba/article/details/139457952 《raid模式下通过系统盘符定位对应物理盘》
https://blog.youkuaiyun.com/weixin_30900589/article/details/97148217 《Linux使用storcli工具查看服务器硬盘和raid组信息》
扫一扫
6036
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
