关键字:debian、elk、安装、elasticsearch、kibana、logstash、nginx
时间:2018年8月

0. 环境

Debian GNU/Linux 9

1.安装Java运行环境

root@debian:~# apt-get install openjdk-8-jdk

2. 安装配置ElasticSearch

root@debian:~# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.deb
root@debian:~# dpkg -i elasticsearch-6.3.2.deb
...
root@debian:~# vim /etc/elasticsearch/elasticsearch.yml
...
#network.host:192.168.0.1
network.host:172.17.1.100
...
:wq
root@debian:~# systemctl start elasticsearch
root@debian:~# ss -ant|grep 9200
LISTEN     0      128    ::ffff:172.17.1.100:9200                    :::*

root@debian:~# curl http://172.17.1.100:9200/_search?pretty
{
  "took" : 14,
  "timed_out" : false,
  "_shards" : {
    "total" : 0,
    "successful" : 0,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : 0.0,
    "hits" : [ ]
  }
}

3. 安装Logstash

root@debian:~# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.deb
root@debian:~# dpkg -i logstash-6.3.2.deb
root@debian:~# systemctl start logstash

4. 安装配置Kibana

root@debian:~# wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-amd64.deb
root@debian:~# dpkg -i kibana-6.3.2-amd64.deb
root@debian:~# vim /etc/kibana/kibana.yml
...
#server.host: "localhost"
server.host: "172.17.1.100"
...
#elasticsearch.url: "http://localhost:9200"
elasticsearch.url: "http://172.17.1.100:9200"
...
:wq
root@debian:~# systemctl start kibana
root@debian:~# ss -ant|grep 5601
root@debian:~# ss -ant|grep 5601
root@debian:~# ss -ant|grep 5601
LISTEN     0      128    172.17.1.100:5601                     *:*

注:启动kibana的时间有点长,请耐心等待。

5. Logstash收集Nginx的access日志

root@debian:~# apt-get intall nginx
root@debian:~# vim /etc/logrotate.d/nginx
...
	create 0644 www-data adm
...
:wq
root@debian:~# curl http://localhost/
root@debian:~# chmod 644 /var/log/nginx/*
root@debian:~# vim /etc/logstash/conf.d/nginx_access.conf
input {
	file {
		path => ["/var/log/nginx/access.log"]
		start_position => "beginning"
	}
}

filter {
	grok {
		match => {
			"message" => "%{HTTPD_COMBINEDLOG}"
		}
	}
	urldecode {
		all_fields => true
	}
}

output {
	elasticsearch {
		hosts => ["172.17.1.100:9200"]
		index => "logstash-nginx-access-%{+YYYY.MM.dd}"
	}
	stdout {
		codec => rubydebug
	}
}
:wq
root@debian:~# systemctl restart logstash

注:/var/log/nginx/access.log默认权限为600,logstash无法访问,需要修改为644。

6. Kibana查看nginx日志

6.1. 配置kibana

1、浏览器打开http://172.17.1.100:5601/
2、点击Managment菜单,显示Create Index Patterns页面
3、Step 1 of 2: Define index pattern页面,填写”logstash-nginx-access-*”(引号不填) -> 点击”Next Step”
4、Step 2 of 2: Configure settings页面,下拉选择”@timestamp”,点击”Create index pattern”

制造Nginx日志

root@debian:~# curl http://172.17.1.100/
root@debian:~# curl http://172.17.1.100/
root@debian:~# curl http://172.17.1.100/

6.2. 搜索日志

1、浏览器打开http://172.17.1.100:5601/
2、点击Discover菜单,点击放大镜按钮。

7. 补充

如需开机启动,请执行如下脚本。

root@debian:~# systemctl enable elasticsearch
root@debian:~# systemctl enable logstash
root@debian:~# systemctl enable kibana

关键字:ssh、google、authenticator
时间:2018年5月

前言

关于google authenticator的用途及原理这里未做任何阐述,请自行了解。

安装配置要点

1、安装libpam-google-authenticator库,通过linux发行版包管理工具安装比较方便。
2、生成秘钥并添加到google authenticator应用程序中
3、ssh配置需要修改两处
a)pam验证模块需要增加相应配置
b)ssh配置文件需要开启验证功能

安装配置步骤

root@debian:~# apt-get install libpam-google-authenticator
root@debian:~# google-authenticator
Do you want authentication tokens to be time-based (y/n) y
+-------+
|       |
| 二维码 |  // 使用google authentitactor添加
|       |
+-------+
Do you want me to update your "/root/.google_authenticator" file (y/n) y
...
your chances to notice or even prevent man-in-the-middle attacks (y/n) y
...
Do you want to do so? (y/n) y
...
Do you want to enable rate-limiting (y/n) y

root@debian:~# vim /etc/pam.d/sshd
...
auth required pam_google_authenticator.so
:wq
root@debian:~# vim /etc/ssh/sshd_config
...
#ChallengeResponseAuthentication no
ChallengeResponseAuthentication yes
...
:wq
root@debian:~# service ssh restart

时间:2018年4月
关键字:debian、https、nginx、免费

准备

域名www.fish2bird.com

第一步,修改域名解析

修改域名www.fish2bird.com解析到你要配置https的服务器的IP。

第二步,安装Nginx

root@debian:~# apt-get install nginx

第三步,安装certbot

certbot是一个自动申请https证书的工具。

root@debian:~# apt-get install certbot

第四步,申请证书

需要输入你域名,这里使用的域名是www.fish2bird.com。同时需要输入你的http服务器的根路径,这里是/var/www/html。

root@debian:~# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):www.fish2bird.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.fish2bird.com

Select the webroot for www.fish2bird.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for vpn.fish2bird.com: (Enter 'c' to cancel):/var/www/html
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.fish2bird.com/fullchain.pem. Your cert
   will expire on 2018-07-04. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@debian:~#

生成好的证书文件位于/etc/letsencrypt/live/www.fish2bird.com/

第五步,配置nginx

需要打开443端口,并配置证书路径。
生成好的证书和私钥位于/etc/letsencrypt/live/www.fish2bird.com/。

root@debian:~# vim /etc/nginx/sites-enabled/default
...
# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	listen [::]:443 ssl default_server;

	ssl_certificate		/etc/letsencrypt/live/www.fish2bird.com/cert.pem;
	ssl_certificate_key	/etc/letsencrypt/live/www.fish2bird.com/privkey.pem;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
...
root@debian:~# service nginx restart

第六步,浏览器验证

浏览器输入:https://www.fish2bird.com/

时间:2018年1月
关键字:debian、docker、安装

root@debian:~# curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
OK
root@debian:~# apt-key fingerprint 0EBFCD88
pub   4096R/0EBFCD88 2017-02-22
      Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid                  Docker Release (CE deb) <docker@docker.com>
sub   4096R/F273FCD8 2017-02-22

root@debian:~# echo "deb https://download.docker.com/linux/debian/ jessie stable" > /etc/apt/sources.list.d/docker-ce.list
root@debian:~# apt-get install apt-transport-https
root@debian:~# apt-get update
root@debian:~# apt-get install docker-ce
...
Do you want to continue? [Y/n] y
...
root@debian:~# docker version
...

时间:2017年10月
关键字:vsftpd、root、debian、无法登录

背景

通过查找资料,并反复尝试修改/etc/vsftpd.ftpusers与/etc/vsftpd.user_list,均无法实现root登录ftp。

原因分析

root@debian:~# apt-get install vsftpd
root@debian:~# dpkg -L vsftpd
...
/etc/ftpusers
...
/etc/pam.d/vsftpd
...

root@www:/tmp# cat /etc/pam.d/vsftpd 
# Standard behaviour for ftpd(8).
auth	required	pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth	required	pam_shells.so


root@debian:~# cat /etc/ftpusers 
# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
nobody

解决办法

/etc/ftpusers文件中的root前加#。

关键字:xenserver、linux、mac、客户端、openxenmanager
时间:2017年8月

关于OpenXenManager

XenServer管理端,可以在Linux和macOS下运行。
https://github.com/OpenXenManager/openxenmanager

安装启动脚本

root@debian:~# git clone https://github.com/OpenXenManager/openxenmanager.git
root@debian:~# apt-get install python python-configobj python-gtk-vnc
root@debian:~# cd openxenmanager/
root@debian:~/openxenmanager# ./openxenmanager

注意

OpenXenManager并不能完美的代替Windows版的XenCenter。

关键字:ssh、客户端、命令、端口、非22
时间:2017年8月

命令

root@debian:~# ssh john@192.168.1.100:12345     # 错误
root@debian:~# ssh -p 12345 john@192.168.1.100  # 正确

关键字:linux、远程桌面、xrdp、vnc
时间:2017年8月

环境

Debian 9,并安装有桌面环境。

安装

root@debian:~# apt-get install xrdp tightvncserver
...
root@debian:~# systemctl status xrdp
...
   Active: active(running) since ...
...

客户端

1、Windows系统,打开远程桌面(Win+R输入mstsc回车);
2、输入IP,点击链接;
3、Session选择Xorg,输入用户名和密码,点击OK。

关键字:linux、桌面管理器、轻量级、openbox
时间:2017年5月

应用介绍

名称 说明
Openbox 桌面管理器
tint2 任务管理器
Wbar 桌面工具栏
iceweasel 浏览器
gThumb 图片浏览器
Leafpad 文本编辑器
PCMan File Manager 文件管理器
urxvtcd 控制台

安装

root@debian:~# apt-get install xorg openbox
root@debian:~# apt-get install tint2
root@debian:~# apt-get install wbar
root@debian:~# apt-get install iceweasel fonts-arphic-gkai00mp
root@debian:~# apt-get install gthumb
root@debian:~# apt-get install leafpad
root@debian:~# apt-get install pcmanfm
root@debian:~# apt-get install rxvt-unicode-ml

注:fonts-arphic-gkai00mp是中文字体,解决中文乱码问题。rxvt-unicode-ml是urxvtcd支持utf-8的版本。

配置

安装后,启动openbox,wbar自动启动了,但tint2没有自动启动。参考wbar的自动启动,配置tint2的自动启动。

root@debian:~# cd /etc/xdg/autostart
root@debian:/etc/xdg/autostart# ls -l
...
wbar.desktop
...
root@debian:/etc/xdg/autostart# cat wbar.desktop
[Desktop Entry]
Name=Warlock Bar
...
root@debian:/etc/xdg/autostart# vim tint2.desktop
[Desktop Entry]
Name=tint2
Type=Application
Exec=/usr/bin/tint2
Comment=Task bar.
root@debian:/etc/xdg/autostart# 

关键字:debian、ntp
时间:2017年4月

脚本

root@debian:~# timedatectl status
      Local time: Tue 2017-04-18 23:01:02 CST
  Universal time: Tue 2017-04-18 15:01:02 UTC
        RTC time: Tue 2017-04-18 15:01:02
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a
root@debian:~# vim /etc/systemd/timesyncd.conf
...
[Time]
Servers=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
...
root@debian:~# timedatectl set-ntp true
root@debian:~# timedatectl status
      Local time: Tue 2017-04-18 23:02:33 CST
  Universal time: Tue 2017-04-18 15:02:33 UTC
        RTC time: Tue 2017-04-18 15:02:33
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: n/a
root@debian:~# timedatectl status
      Local time: Tue 2017-04-18 23:04:16 CST
  Universal time: Tue 2017-04-18 15:04:16 UTC
        RTC time: Tue 2017-04-18 15:04:16
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a