Monday, 30. April 2007, 10:06:25
linux
系统环境:rhel as 4 update 4
今天在查看服务器的logwatch邮件时,发现有的/var/分区磁盘空间占用有点多,感觉应该是有不正常的日志产生了。
登录系统,查看/var/spool/mail/,果然邮件文件比较大。
1. 首先知道要优化监控脚本了,这个事情一直想做,可是老是没时间(有优先级更高的任务啊```)
。
于是把脚本中没用的输出到重定向到 /dev/null ,一般我们是这么写的,比如apache的关闭信息:
apachectl stop > /dev/null 2>&1
这样就不会产生烦人的邮件了。
2. 有些日志邮件是比较怪的,比如:
From MAILER-DAEMON@mob2 Mon Apr 30 17:25:57 2007
Date: Thu, 26 Apr 2007 09:26:42 +0800
From: Mail Delivery Subsystem <MAILER-DAEMON@mob2>
To: <squid@mob2>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="l3Q1QdbT009121.1177550802/localhost.localdomain"
Subject: Warning: could not send message for past 4 hours
Auto-Submitted: auto-generated (warning-timeout)
This is a MIME-encapsulated message
--l3Q1QdbT009121.1177550802/localhost.localdomain
**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************
The original message was received at Thu, 26 Apr 2007 05:01:01 +0800
from localhost.localdomain [127.0.0.1]
----- Transcript of session follows -----
<squid@mob2>... Deferred: Connection refused by mob2.localdomain.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old
连接被拒绝了。但这是本地传送,有什么好拒绝的?
再看这个主机名(mob2.localdomain)比较奇怪,查看一下:
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mob2
GATEWAY=192.168.4.1
# hostname --long
mob2
没这么配置主机名啊````
之前查看各个服务器的Logwatch邮件的时候,有那么一两台主机的logwatch邮件标题就是“LogWatch for name.localdomain”的格式,而不像其他的大部分都是“LogWatch for name”,当时就感觉奇怪,因为系统安装时设置都是一样的格式,没有用FQDN格式的长主机名,但为何有的显示name,有的显示name.localdomain呢?还待研究````
而且/var/spool/mail 下的邮件文件在阅读后,都变的很小了,但/var/分区还是占用较大,du一把:
[root@mob2 var]# du -sh ./*
...
344M ./spool
...
随手ls一个文件夹:/var/spool/mqueue ,竟然翻了不知多少屏的文件,看名字,这应该是sendmail的邮件队列文件夹。mailq一把:
# mailq |less
l3TCx1Me027333 110 Sun Apr 29 20:59 <nemo@mob2>
(Deferred: Connection refused by mob2.localdomain.)
<nemo@mob2>
发现都是这种被拒绝连接的队列````汗````
感觉原因是不是找不到这个mob2.localdomain主机名呢?修改一下/etc/hosts试试:
# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost mob2.localdomain
192.168.4.148 mob2
重启一下sendmail服务,过了一会,显示nemo用户收到新邮件,查看一把,真是N多啊```看来邮件队列总算被发出去了。
Wednesday, 4. April 2007, 10:44:14
linux
参考:
使用yum自動更新RedHat AS 4用Nessus扫描出一台rhel es 4服务器有很多(多达147个)漏洞,老板要求让我第一时间把High级别的漏洞解决。
查看了一下一百多页的扫描报告,这台机器大部分的漏洞都是说软件包的漏洞,Redhat官方网站都有说明的,升级版本就可以了。但是那么多软件包一个一个来找更新岂不太麻烦?何况还会有包依赖问题,会牵连出更多更多的包要更新````
于是计划使用apt或yum。
搜索了一下,如果用Yum来更新Fedora,那是方便至极,yum资源站点很多而且很新。但正统Redhat Linux的资源就少了,一般有更新到最高版本Redhat Linux 9,企业版rhel真是难觅。以前找到的Redhat官方的下载资源也丢了````
后来搜索到如上文章,用Centos的资源来更新rhel。Centos改自rhel,应该是差不多的,于是一试```
首先用http://rpm.pbone.net/搜了一个yum-2.9.4-74.el4.at.i386.rpm ,安装时显示:
# rpm -ivh yum-2.9.4-74.el4.at.i386.rpm
warning: yum-2.9.4-74.el4.at.i386.rpm: V3 DSA signature: NOKEY, key ID 66534c2b
error: Failed dependencies:
/usr/lib/python2.3/site-packages/elementtree is needed by yum-2.9.4-74.el4.at.i386
/usr/lib/python2.3/site-packages/rpm is needed by yum-2.9.4-74.el4.at.i386
/usr/lib/python2.3/site-packages/sqlite is needed by yum-2.9.4-74.el4.at.i386
/usr/lib/python2.3/site-packages/sqlitecachec.py is needed by yum-2.9.4-74.el4.at.i386
/usr/lib/python2.3/site-packages/urlgrabber is needed by yum-2.9.4-74.el4.at.i386
python(abi) = 2.3 is needed by yum-2.9.4-74.el4.at.i386
Suggested resolutions:
yum-2.1.11-3.noarch.rpm
后来找到似乎是yum的官方站点——
Yellow dog Updater, Modified,哈哈,很多版本````
上面提示建议安装yum-2.1.11-3.noarch.rpm,那就下载了个yum-2.1.11-1.noarch.rpm 。安装OK:
# rpm -ivh yum-2.1.11-1.noarch.rpm
warning: yum-2.1.11-1.noarch.rpm: V3 DSA signature: NOKEY, key ID 69886cc7
Preparing... ########################################### [100%]
1:yum ########################################### [100%]
下面开始配置yum:
# vi /etc/yum.conf
[base]
name=CentOS 4.4 for RHEL4 - Base
baseurl=http://mirror.be10.com/centos/4/os/i386/
#因为我的系统是rhel es 4(没有update的)
[updates]
name=CentOS 4.4 for RHEL4 - Updates
baseurl=http://mirror.be10.com/centos/4/updates/i386/
下面来更新```
首先有个漏洞是关于vim的,先来查查vim:
# yum list |less
...
vim-common.i386 1:6.3.035-3 installed
vim-enhanced.i386 1:6.3.035-3 installed
vim-minimal.i386 1:6.3.035-3 installed
...
更新一下试试:
# yum update vim-common
Setting up Update Process
Setting up Repo: base
repomd.xml 100% |=========================| 1.1 kB 00:00
Setting up Repo: updates
repomd.xml 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
base : ################################################## 1499/1499
updates : ################################################## 346/346
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for vim-common to pack into transaction set.
vim-common-6.3.046-0.40E. 100% |=========================| 116 kB 00:00
---> Package vim-common.i386 1:6.3.046-0.40E.7 set to be updated
--> Running transaction check
--> Processing Dependency: vim-common= 1:6.3.035-3 for package: vim-enhanced
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for vim-enhanced to pack into transaction set.
vim-enhanced-6.3.046-0.40 100% |=========================| 7.2 kB 00:00
---> Package vim-enhanced.i386 1:6.3.046-0.40E.7 set to be updated
--> Running transaction check
Dependencies Resolved
Transaction Listing:
Update: vim-common.i386 1:6.3.046-0.40E.7
Performing the following to resolve dependencies:
Update: vim-enhanced.i386 1:6.3.046-0.40E.7
Is this ok [y/N]: y
Downloading Packages:
vim-common-6.3.046-0.40E. 100% |=========================| 3.4 MB 00:03
vim-enhanced-6.3.046-0.40 100% |=========================| 956 kB 00:01
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating: vim-common 100 % done 1/4
Updating: vim-enhanced 100 % done 2/4
Completing update for vim-common - 3/4
Completing update for vim-enhanced - 4/4
Updated: vim-common.i386 1:6.3.046-0.40E.7
Dependency Updated: vim-enhanced.i386 1:6.3.046-0.40E.7
Complete!
看,自动解决包依赖关系,自动 下载更新,爽````!
WIDGETIZE