从虚拟机的windows server登录一直失败,google结果看起来像openssh老版本的bug了。

Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_SESSION pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-cbc ksize=256 mac=hmac-sha1 pfs=diffie-hellman-group-exchange-sha1 spid=17729 suid=74 rport=3075 laddr= lport=  exe="/usr/sbin/sshd" hostname=? addr=171.88.47.75 terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_SESSION pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-cbc ksize=256 mac=hmac-sha1 pfs=diffie-hellman-group-exchange-sha1 spid=17729 suid=74 rport=3075 laddr= lport=  exe="/usr/sbin/sshd" hostname=? addr=171.88.47.75 terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_KEY_USER pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3e:d8:85:aa:68:dd:92:6a:3e:d2:d5:58:1a:03:e2:15:83:0a:ec:fd:b6:ac:9c:3d:9d:77:ed:5d:fb:07:67:a5 direction=? spid=17729 suid=74  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_KEY_USER pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:55:ef:3f:89:06:24:61:49:9a:66:67:fd:93:0b:8d:ad:e0:67:95:03:bf:3c:dd:95:9f:f1:02:96:f5:a8:fa:32 direction=? spid=17728 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_KEY_USER pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b3:2b:2d:92:ed:b1:f1:e4:75:63:23:59:a6:4c:37:95:7d:87:b6:6d:2c:4d:63:b2:eb:d2:1e:14:a2:63:ff:94 direction=? spid=17728 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: CRYPTO_KEY_USER pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3e:d8:85:aa:68:dd:92:6a:3e:d2:d5:58:1a:03:e2:15:83:0a:ec:fd:b6:ac:9c:3d:9d:77:ed:5d:fb:07:67:a5 direction=? spid=17728 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec  7 11:05:40 li1542-64 audit[17728]: USER_LOGIN pid=17728 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=xx.xx.xx.xx terminal=ssh res=failed'

心血来潮,把CentOS换成了Fedora,并加入了访问统计信息入库

目前没有找到快捷的处理方式,网上找到一个方法,记下备用:

跳转链接

mongodb加入systemd服务

创建/etc/systemd/system/mongodb.service文件
[Unit]
Description=MongoDB After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/mongodb/bin/mongod --config /mongodb/etc/mongodb.cfg ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/mongodb/bin/mongod --shutdown --config /mongodb/etc/mongodb.cfg PrivateTmp=true
[Install]
WantedBy=multi-user.target

在使用dbstart启动数据库的过程中,出现ORA-01031报错:

SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 10 15:01:29 2018
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
connect / as sysdba>ORA-01031: insufficient privileges
connect / as sysdba>
/u01/app/oracle/product/11.2.0/dbhome_1/bin/dbstart: Database instance "orcl" warm started.

个人认为firewalld相比iptables使用更加方便简单,配置起来结构也比较清晰。

/etc/firewalld为第一查找目录,另外/usr/lib/firewalld/为第二查找目录,里面services和zone等目录保存了通用的配置信息

  • /etc/firewalld/services/为对应的服务信息文件目录,
  • /etc/firewalld/zone/为对应的zone文件

查看默认的zone:firewall-cmd --get-default-zone

目前,我的vps只需要开放ssh和http端口就可以了,当然ssh改了端口需要在/etc/firewalld/services/里面对应的xml文件里面修改。

开放http服务:firewall-cmd --zone=public --add-service=http --permanent

开放ssh服务:firewall-cmd --zone=public --add-service=ssh --permanent