this blog was created for my own personal notes. If any of the post is useful for you, i happy to hear that but if there is any mistake make on my notes, please correct me
Wednesday, September 19, 2012
convert bmp to jpg
if [ -z "$1" ];then
echo "Error: please put a file path to convert"
exit 1
else
CPATH="$1"
fi
find $CPATH -type f -iname \*.bmp | while read filename; do
convert "$filename" -quality 100% "$filename".jpg && rename .bmp.jpg .jpg "$filename".jpg && rm "$filename"
done
script thanks to my Manager Lye
mod_evasive
mod_evasive is a plugin for Apache Web Server to prevent DOS attack.
After a few weeks of trial and error, research. mod_evasive is able to work with iptables.
Here is the installation steps:
1) yum install mod_evasive
2) vi /etc/httpd/conf.d/mod_evasive.conf
<------------------------------ mod_evasive.conf content ----------------------------------->
LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify sat.server@my.offgamers.lan
DOSSystemCommand "bash /var/lock/mod_evasive/evasive.sh %s"
DOSLogDir "/var/lock/mod_evasive"
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*
</IfModule>
<------------------------------ mod_evasive.conf content ----------------------------------->
3) mkdir /var/lock/mod_evasive
4) chown apache:apache /var/lock/mod_evasive
* mod_evasive need to record the DOS IP address to this directory
5) vi /var/lock/mod_evasive/evasive.sh
<------------------------------ evasive.sh content ----------------------------------->
sudo /sbin/iptables -I INPUT -s $1 -j DROP
sleep 600
sudo /sbin/iptables -D INPUT -s $1 -j DROP
sudo /bin/rm -f /var/lock/mod_evasive/dos-$1
<------------------------------ evasive.sh content ----------------------------------->
How evasive.sh work?
mod_evasive detected DOS, it will execute the evasive.sh and create a file like dos-172.30.10.223 under /var/lock/mod_evasive.
the dos-* files are used to keep track the blocked IP address.
Execute evasive.sh will do the following things:
Issue iptables too drop the IP address, sleep for ten minutes, and then remove the blocked IP address, after that delete the dos-* file
under /var/lock/mod_evasive, otherwise it wouldn't re-block again.
6) visudo
Change:
Defaults requiretty -> #Defaults requiretty
Add:
Cmnd_Alias EVASIVE = /sbin/iptables, /bin/rm
apache ALL=(ALL) NOPASSWD: EVASIVE
7) finally restart httpd service, use watch -n 1 -d iptables -nvL and watch -n 1 -d ls -lsa /var/lock/mod_evasive to monitor how the process working
Information thanks to my Senior Voo
Subscribe to:
Posts (Atom)