Sep 19 2011

手动创建 /dev/null 和 /dev/zero

Category: 技术ssmax @ 17:28:09

某些vps会屏蔽了/dev/null 和/dev/zero 两个很有用的设备,我们可以通过mknod的方法手动创建它们

linux的创建方法如下:

mknod /dev/zero c 1 5

mknod /dev/null c 1 3

unix下面的有点区别,主要追对不一样的系统

mknod [OPTION]… NAME TYPE [MAJOR MINOR]

后面两个数字会有一些 区别,具体含义等以后再查下文档才清楚,呵呵。

 

linux 的major.h

 

#define UNNAMED_MAJOR           0
#define MEM_MAJOR               1
#define RAMDISK_MAJOR           1
#define FLOPPY_MAJOR            2
#define PTY_MASTER_MAJOR        2
#define IDE0_MAJOR              3
.............

The best overview of all the major and minor numbers is in the /usr/src/linux/Documentation directory. The devices.txt is considered the “authoritative” source for this information.

具体的含义就要去上面翻阅了,一般发行版都没有安装文档,最好自己yum或者apt一下,呵呵。


Sep 19 2011

How do I debug a failed device install or disable?

Category: 技术ssmax @ 13:33:03

记录一下,回家要检查一下那个direct input 手柄不能用的问题,很诡异,别的机器可以,就一台不行,还有显示器的前置usb hub也突然不行了,诡异啊诡异。

 

When debugging a failed device install, one of the first things you should do is look at the %windir%\setup*.log files (yes files, there are a few of them and the names changed in Vista).  But what if the logs do not have enough information for you to figure out what went wrong?  Well, SetupAPI lets you control the level of logging.  This MSDN article explains what registry value to edit and what the different flags do.

If you don’t like reading the docs or changing registry values, OSR line has a GUI tool which you can download which makes setting these values painless.

As with any control being cranked up to its highest setting, you will get a lot of information, so be prepared to parse through some noise to get to the data you really want.

Debugging a failed device install or disable can be tough.  The error could be hidden in the depths of the system and it might take awhile to figure it out.  The error code on the device might be of some help, but it is not always clear.  For instance, you might get a code 10 for a failed start which means that the driver failed the pnp start irp…but that doesn’t tell you why thedriver failed the request in the first place.  The error text in the add new/upgrade hardware wizard is pretty vague as well.

So what’s a developer to do?  Where do you start?  Well, you should check the setup logs.  These logs exist on all versions of windows, starting with Windows 2000:

  • %windir%\setupapi.log
  • %windir%\setupact.log
  • %windir%\setuperr.log

In Windows Vista, there are 2 additional log files

  • %windir%\inf\setupapi.app.log
  • %windir%\inf\setupapi.dev.log

Finally, if you are installing a KMDF driver, the KMDF coinstaller writes out errors to setupact.log.  There are also KMDF logs (depending on the version you installed):

  • %windir%\wdf01000inst.log
  • %windir%\wdf01001inst.log
  • %windir%\wdf01005inst.log

If these logs do not have information in them, turn on verbose setup logging (I wrote about how to do this previously) and retry the installation.  If the log files still do not indicate what is wrong, you have to use the error codes to start digging around…


Sep 05 2011

Aapache的一些安全设置

Category: 技术ssmax @ 19:04:31

今天申请的verisign证书下来了,给一台服务器重新安装了apache,其中一些安全设置记录一下,已方便以后查询

1,禁用sslv2,由于sslv2有安全隐患,所以最好禁止使用,firefox是直接把sslv2去掉了的

以下为apache禁用sslv2的方法:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

测试是否已经关闭的方法:

#openssl s_client -ssl2 -connect virtualhost:443
#openssl s_client -ssl3 -connect virtualhost:443
#openssl s_client -tls1 -connect virtualhost:443

其中第一行应该不能成功建立连接了,就代表sslv2已经被禁用。

具体的说明可以参考这里:http://www.linux4beginners.info/node/disable-sslv2

 

2,更改Server Header,http里面的Server头表示你访问的服务器的版本信息,一般我们最好隐藏起一些必要的信息,使用以下设置:

ServerTokens Prod
ServerSignature Off

这样设置以后,Server头只会显示 Apache,如果这样你还是不满意,就只能更改源代码了(因为使用mod_headers 也不能修改了)
修改 ./include/ap_release.h

#define AP_SERVER_BASEPRODUCT “Apache”

改成你想要的东东即可,然后重新编译发布。

当然,如果你想改点其他Header,用mod_headers 设置即可,比如

Header add X-Powered-By “ASP.NET”

详细配置文档地址:for 2.2  http://httpd.apache.org/docs/2.2/mod/mod_headers.html

3,Apache官方于2011年8月24日公布漏洞:Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
说明:该漏洞可轻易被攻击工具占用大量内存和CPU,导致无法处理正常请求。
影响版本:Apache 1.3 all versions, Apache 2 all versions

临时解决方案:

RequestHeader unset Range

去掉Range请求,呵呵,一般不是下载站点的话,不需要断点续传的了。
漏洞地址:http://people.apache.org/~dirkx/CVE-2011-3192.txt