Rootop 服务器运维与web架构

2014-03-12
发表者 Venus
暂无评论

ERROR: The number of NVTs in the OpenVAS Manager database is too low.

安装完openvas,登陆web界面时候报错:
Login failed: OMP Service is down.

从官网 http://www.openvas.org/setup-and-start.html 找到检查openvas状态的脚本,下载执行。官方描述如下:

The OpenVAS developers provide a handy tool called openvas-check-setup to check the state of your OpenVAS installation. To use this tool simply follow these three steps:

Download the latest version of openvas-check-setup.
Ensure that the script is executable:
chmod +x openvas-check-setup
Execute the script:
./openvas-check-setup
for current stable release or
./openvas-check-setup [ –v4 | –v5 | –v6 | … ]
for other respective OpenVAS releases.
openvas-check-setup will now analyze the state of your OpenVAS installation and propose fixes should it detect any errors or misconfigurations. It will also check if all required OpenVAS services are running and listening on the correct ports.

In case the hints did not help you to get a working OpenVAS installation, please report the problem to us and we will update/fix openvas-check-setup: OpenVAS Users Mailing List.

If you want to install the OpenVAS services on a server and you do not need clients like OpenVAS CLI or GSD in your installation you can skip the checks for these modules by starting openvas-check-setup with the –server parameter instead:

./openvas-check-setup [–server]

[root@centos-6.5-x64 ~]# wget -c https://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup --no-check-certificate
[root@centos-6.5-x64 ~]# ./openvas-check-setup --server

openvas-check-setup 2.2.3
Test completeness and readiness of OpenVAS-6
(add ‘–v4’, ‘–v5’ or ‘–v7’
if you want to check for another OpenVAS version)

Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

Step 1: Checking OpenVAS Scanner …
OK: OpenVAS Scanner is present in version 3.4.1.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 34309 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 34309 files for 34309 NVTs.
Step 2: Checking OpenVAS Manager …
OK: OpenVAS Manager is present in version 4.0.5.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 74.
OK: OpenVAS Manager expects database at revision 74.
OK: Database schema is up to date.
ERROR: The number of NVTs in the OpenVAS Manager database is too low.
FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run ‘openvasmd –rebuild’.

ERROR: Your OpenVAS-6 installation is not yet complete!

解决方法,依次执行下面命令:

[root@centos-6.5-x64 ~]# openvassd
[root@centos-6.5-x64 ~]# mkdir -p /usr/local/var/lib/openvas/mgr
[root@centos-6.5-x64 ~]# touch /usr/local/var/lib/openvas/mgr/tasks.db
[root@centos-6.5-x64 ~]# openvasmd --backup
[root@centos-6.5-x64 ~]# openvasmd --rebuild
[root@centos-6.5-x64 ~]# openvasad -c 'add_user' -u openvasadmin -r Admin
[root@centos-6.5-x64 ~]# openvasmd -p 9390 -a 127.0.0.1
[root@centos-6.5-x64 ~]# openvasad -a 127.0.0.1 -p 9393
[root@centos-6.5-x64 ~]# gsad --http-only --listen=127.0.0.1 -p 9392

老外的资料:http://pentestit.de/openvas-auf-backtrack-5-r1-installieren/

2014-03-11
发表者 Venus
暂无评论

linux下搭建nodejs环境

nodejs官网:http://nodejs.org/

nodejs作用:
Node.js is a platform built on Chrome’s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

Node.js是一个建立在Chrome浏览器的JavaScript运行时容易快速构建平台,可扩展的网络应用程序。Node.js使用一个事件驱动的,非阻塞I/O模型,使得它重量轻,高效,完美的数据密集型实时应用程序运行在分布式设备。

目前最新版下载:http://nodejs.org/dist/v0.10.26/node-v0.10.26.tar.gz
[root@localhost tar_gz]# wget -c http://nodejs.org/dist/v0.10.26/node-v0.10.26.tar.gz
[root@localhost tar_gz]# tar zxvf node-v0.10.26.tar.gz
[root@localhost tar_gz]# cd node-v0.10.26
[root@localhost node-v0.10.26]# yum install gcc gcc-c++

[root@localhost node-v0.10.26]# ./configure --prefix=/usr/local/nodejs //通过./configure -help查看支持的编译参数
[root@localhost node-v0.10.26]# make
[root@localhost node-v0.10.26]# make install

[root@localhost ~]# /usr/local/nodejs/bin/node -v
v0.10.26

测试:
[root@localhost ~]# ln -s /usr/local/nodejs/bin/node /usr/bin/node
[root@localhost ~]# cat test.js //创建测试文件
console.log(‘Hello World.’);

[root@localhost ~]# node test.js
Hello World.

2014-03-11
发表者 Venus
暂无评论

搭建Helix流媒体服务器

关于介绍不多说,可以百度搜搜资料,其中的协议,实现方法,功能等。这里介绍helix的搭建过程。
helix属于RealNetworks公司。官网:www.realnetworks.com

下载helix:
http://helixproducts.real.com/hmdp/software/helixserver/151/mbrs-151-GA-linux-rhel6-64.zip
http://helixproducts.real.com/hmdp/software/helixserver/151/mbrs-151-GA-linux-rhel5-64.zip
这是目前官网最新版本,rhel6在redhat6或者是centos6中安装,rhel5在redhat5或centos5安装。
软件是收费版,可以评估30天,在官网提交资料的时候,授权信息会发送到邮箱,自行下载。

系统环境:centos6.5_64  关闭iptables

[root@localhost ~]# chmod 755 servinst_mobile_linux-rhel6-x86_64.bin //添加执行权限
[root@localhost ~]# ./servinst_mobile_linux-rhel6-x86_64.bin //开始安装
Extracting files for Helix installation……

Welcome to the Helix Universal Media Server (RealNetworks) (15.1.0.393) Setup for UNIX
Setup will help you get Helix Universal Media Server running on your computer.
Press [Enter] to continue… //确认安装

If a Helix Universal Media Server license key file has been sent to you,
please enter its directory path below. If you have not
received a Helix Universal Media Server license key file, then this server
WILL NOT OPERATE until a license key file is placed in
the server’s License directory. Please obtain a free
Basic Helix Universal Media Server license or purchase a commercial license
from our website at http://www.realnetworks.com/helix/. If you need
further assistance, please visit our on-line support area
at http://www.realnetworks.com/helix/streaming-media-support/.

MachineID: e273-990d-c0b5-9a5f-8be8-abaf-f129-6476

License Key File: []: /root/RNKey-Helix_Universal_Server_10-Stream-nullnull-39545068825149354.lic
这个地方输入lic授权信息文件路径,全路径!

Installation and use of Helix Universal Media Server requires
acceptance of the following terms and conditions:
Press [Enter] to display the license text… //显示协议

Choose “Accept” to accept the terms of this
license agreement and continue with Helix Universal Media Server setup.
If you do not accept these terms, enter “No”
and installation of Helix Universal Media Server will be cancelled.
I accept the above license: [Accept]:
继续按回车

Enter the complete path to the directory where you want
Helix Universal Media Server to be installed. You must specify the full
pathname of the directory and have write privileges to
the chosen directory.
Directory: [/root]:/usr/local/helix       //安装路径,我这里安装到/usr/local/helix

Please enter a username and password that you will use
to access the web-based Helix Universal Media Server Administrator and monitor.
Username []:   //通过web管理helix的用户,下一步设置密码。这里用户名密码都为admin

Please enter SSL/TLS configuration information.

Country Name (2 letter code) [US]: CN     //国家缩写
State or Province Name (full name) [My State]: China    //州
Locality Name (e.g., city) [My Locality]: QingDao
Organization Name (e.g., company) [My Company]: Rootop
Organizational Unit Name (e.g., section) [My Department]: IT
Common Name (e.g., hostname) [My Name]: venus
Email Address [myname@mailhost]: venus@rootop.org
Certificate Request Optional Name []: certificate  //这个地方我瞎写的,不知道该写什么

Helix Universal Media Server will listen for Administrator requests on the
port shown. This port has been initialized to a random value
for security. Please verify now that this pre-assigned port
will not interfere with ports already in use on your system;
you can change it if necessary. These connections have URLs
that begin with “http://”

Port [15112]:     //直接回车默认,端口好像是随机的,可以手动指定。 (http)

Helix Universal Media Server will also listen for HTTPS Administrator
requests on the port shown. This port has been initialized to
a random value for security. Please verify now that this
pre-assigned port will not interfere with ports already in
use on your system; you can change it if necessary. These
connections have URLs that begin with “https://”

Port [25780]:       //支持https加密连接的端口

You have selected the following Helix Universal Media Server configuration:

Install Location: /usr/local/helix
Encoder User/Password: admin/****
Monitor Password: ****
Admin User/Password: admin/****
Admin Port: 15112
Secure Admin Port: 25780
RTSP Port: 554
RTMP Port: 1935
HTTP Port: 80
HTTPS Port: 443
RTSP Fast Channel Switching API Port: 8008
Server Side Playlist API Port: 8009
Content Mgmt Port: 8010
Control Port Security: Disabled

Enter [F]inish to begin copying files, or [P]revious to
revise the above settings: [F]: F        //输入F,确认信息正确开始安装。

Generating SSL/TLS Key file…
Running: ‘OPENSSL_CONF=openssl.cnf Bin/openssl genrsa -out Certificates/key.pem 2048’
Generating RSA private key, 2048 bit long modulus
………..+++
……………….+++
e is 65537 (0x10001)

Generating SSL/TLS Cert file…
Running: ‘OPENSSL_CONF=openssl.cnf Bin/openssl req -new -x509 -key Certificates/key.pem -out Certificates/cert.pem -days 1000 -batch’

Generating SSL/TLS CSR file…
Running: ‘OPENSSL_CONF=openssl.cnf Bin/openssl req -new -key Certificates/key.pem -out Certificates/key.csr -batch’

Copying Helix Universal Media Server files…..
Helix Universal Media Server installation is complete.

RealNetworks recommends increasing the default file descriptor
limits prior to using your Helix Universal Media Server or Proxy. Please
refer to the Installation Chapter of the Helix Systems Integration
Guide for more information on setting File Descriptor limits,
and recommended settings for your system.

If at any time you should require technical
assistance, please visit our on-line support area
at http://www.realnetworks.com/helix/streaming-media-support/.

Cleaning up installation files…
Done.

[root@localhost ~]#

安装完成。

启动服务:
[root@localhost ~]# /usr/local/helix/Bin/rmserver /usr/local/helix/rmserver.cfg &
rmserver.cfg文件为helix的配置文件,里面有端口信息等。
Starting TID 140478784730848, procnum 3 (rmplug)
Loading Helix Server License Files…
Starting TID 140478621152992, procnum 4 (rmplug)
Starting TID 140478613812960, procnum 5 (rmplug)
Starting TID 140478606472928, procnum 6 (rmplug)
Starting TID 140478599132896, procnum 7 (rmplug)
Starting TID 140478591792864, procnum 8 (rmplug)
Starting TID 140478241568480, procnum 9 (rmplug)
Starting TID 140478584452832, procnum 10 (rmplug)
Starting TID 140478234228448, procnum 11 (rmplug)
Starting TID 140478226888416, procnum 12 (rmplug)
Starting TID 140478219548384, procnum 13 (rmplug)
Starting TID 140478212208352, procnum 14 (rmplug)
Starting TID 140478204868320, procnum 15 (rmplug)
Starting TID 140478197528288, procnum 16 (rmplug)
Starting TID 140478190188256, procnum 17 (rmplug)
Starting TID 140478182848224, procnum 18 (rmplug)
Starting TID 140478180751072, procnum 19 (rmplug)
Starting TID 140477631297248, procnum 20 (rmplug)
Starting TID 140477623957216, procnum 21 (rmplug)
Starting TID 140477616617184, procnum 22 (rmplug)
Starting TID 140477609277152, procnum 23 (rmplug)
Starting TID 140477601937120, procnum 24 (rmplug)
Starting TID 140477594597088, procnum 25 (rmplug)
Starting TID 140477587257056, procnum 26 (rmplug)
Starting TID 140477579917024, procnum 27 (rmplug)
Starting TID 140477572576992, procnum 28 (rmplug)
Starting TID 140477565236960, procnum 29 (memreap)
Starting TID 140477557896928, procnum 30 (streamer)
Starting TID 140477550556896, procnum 31 (streamer)
Server has started 2 Streamers…

Version: Helix Universal Media Server (RealNetworks) (15.1.0.393) (Build 10096/377)

看到此类的信息表示服务启动成功。

查看指定的端口是否开启:
[root@localhost ~]# lsof -i:15112
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rmserver. 5779 root 17u IPv6 214708 0t0 TCP *:15112 (LISTEN)
[root@localhost ~]# lsof -i:25780
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rmserver. 5779 root 18u IPv6 214710 0t0 TCP *:25780 (LISTEN)

现在登陆管理界面,创建视频库:
普通http连接:
http://192.168.1.105:15112/admin/index.html
admin
admin

https连接:
https://192.168.1.105:25780/admin/index.html
admin
admin

首先将一个rmvb格式视频放到 /mnt/films 下,路径自定义,存放视频。
[root@localhost ~]# ll /mnt/films/2.rmvb
-rw-r–r– 1 root root 526756127 3月 11 18:12 /mnt/films/2.rmvb

登陆以后界面如下:


点击server setup – mount points ,点击+号可以创建新的“挂载点”。
Edit Description //描述信息
Mount Point //通过地址浏览时的目录
Base Path //视频物理地址

点击apply应用,提示要重启服务,点击reset server重启。回到shell发现重启。

测试:
下载RealPlayer:
打开地址:
rtsp://192.168.1.105/films/2.rmvb

我所知道支持的格式:
3gp rmvb wmv

如果启用了iptables需要将面板中显示出来的端口放行。

至此基础搭建完成。

2014-03-11
发表者 Venus
暂无评论

linux通过fms搭建流媒体服务器Flash Media Server

本文久远,参考:https://www.rootop.org/pages/category/streaming

环境:centos6.5_x64
fms版本:flashmediaserver2.tar.gz //资料说是免费开发版,但是好像有连接数限制。
下载地址:
http://download.macromedia.com/pub/flashmediaserver/updates/2_0_4/linux/flashmediaserver2.tar.gz
解压&执行安装:
[root@localhost FMS_2_0_4_r79_linux]# ./installFMS -platformWarnOnly
./fmsini: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

ERROR: Your are running the Macromedia Flash Media Server installer
on the wrong platform.

出现找不到libstdc++.so.5解决方法:
wget -c ftp://ftp.muug.mb.ca/mirror/centos/6.5/os/i386/Packages/compat-libstdc++-33-3.2.3-69.el6.i686.rpm
下载安装即可解决。

其中的一些安装信息,根据提示填写。
———– Install Action Summary ———–

Installation directory = /usr/local/fms
FMS Server Port = 1935
FMS Admin Server Port = 1111
Administrative username = admin
Administrative password = (suppressed)
FMS owner = nobody
FMS service user = nobody
FMS service user group = nobody
FMS run as daemon = Yes
Start FMS = Yes

Installing Macromedia Flash Media Server files…
Configuring Macromedia Flash Media Server…
Adding “fms” service.
Setting default admin to “fms”.
Setting autostart for “fms”.
Server:fms command:start
NPTL 2.12
Starting Macromedia Flash Media Server (please check /var/log/messages)
Admin server:fmsadmin command:start
Starting Macromedia Flash Media Admin Server (please check /var/log/messages)
The Macromedia Flash Media Server installation is complete.

启动服务:

[root@localhost fms]# ./fmsmgr server fms start
Server:fms command:start
NPTL 2.12
Starting Macromedia Flash Media Server (please check /var/log/messages)

启动fmsmaster时出现了三个错误:
[root@localhost fms]# ./fmsmaster start
./fmsmaster: error while loading shared libraries: libssl.so.4: cannot open shared object file: No such file or directory

解决方法:
[root@localhost fms]# yum install openssl.i686 openssl-devel.i686
[root@localhost fms]# ln -s /usr/lib/libssl.so /usr/lib/libssl.so.4

[root@localhost fms]# ./fmsmaster start
./fmsmaster: error while loading shared libraries: libnspr4.so: cannot open shared object file: No such file or directory

解决方法:
[root@localhost fms]# yum install -y nspr.i686 nspr-devel.i686
[root@localhost fms]# ./fmsmaster start
./fmsmaster: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory

解决方法:
[root@localhost fms]# ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.4

系统为64位,fms缺少的库文件都去/usr/lib下找,但是没有,所以需要安装32位的rpm包实现库文件。

安装之后的配置(摘自网络):
1:将applications 文件夹里面的配置文件拷贝到刚刚架设好的fsm的 applications/ 目录下。
2:将fms 序列号文件license.lic 拷贝到fms 服务器的licenses/ 目录下。

第一个我这里就没找到applications下有配置文件,第二个授权文件不知道从哪里找。

权限修改
#chown nobody:nobody -R applications/
#chmod 755 -R applications/

启动服务:
[root@localhost ~]# service fms start

fms占用了1111和1935端口号,注意iptables放行。
[root@localhost ~]# lsof -i:1111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
fmsadmin 2449 root 8u IPv4 12832 0t0 TCP *:lmsocialserver (LISTEN)
[root@localhost ~]# lsof -i:1935
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
fmsedge 2316 root 21u IPv4 12788 0t0 TCP *:macromedia-fcs (LISTEN)

关于测试:
放个flv格式的视频到fms的安装目录的applications文件夹下,并且需要在这个目录下新建一个任意名字的文件夹,在这个文件夹下面需要再新建/streams/_definst_/ 在这个目录下面才可以放视频。注意/streams/_definst_/这个目录是fms要求有的。目录树是这样的 :
/applications/videos/streams/_definst_/test.flv

fms使用了rtmp协议,也没找到支持的播放器,看了很多都是从代码中嵌入,不懂开发不会进行实际测试,仅留作以后备用。
其它的流媒体软件red5和helix。

2014-03-08
发表者 Venus
暂无评论

subversion通过关键词触发同步更新至web目录

需求:
开发要求在备注中指定某个关键词时同步代码至web目录。也就是手动同步。

在subversion库中有个hooks文件夹,称之为钩子,用来触发特定条件时的动作。
其中pre-commit用来提交前的动作,post-commit提交后的动作。

在TortoiseSVN客户端,提交代码的时候,有个recent message ,可以填写附加信息。
通过svn服务端的svnlook检测附加信息来判定是否同步至web目录。

首先配置pre-commit
[root@localhost hooks]# vi pre-commit

#!/bin/sh
REPOS="$1"
TXN="$2"
SVNLOOK=/usr/bin/svnlook

$SVNLOOK log -t "$TXN" "$REPOS" | grep "toweb" > /tmp/ifsubmit
if [ -z /tmp/ifsubmit ]; then
 echo "If u wanna to submit to web directory, use toweb"
else
 echo "sync to web directory"
fi
exit

这里设置的单词为toweb
[root@localhost hooks]# chmod 777 pre-commit

配置post-commit
[root@localhost hooks]# vi post-commit

#!/bin/sh
ifsub=$(cat /tmp/ifsubmit)
DEST_DIR=/var/www/html

if [ "$ifsub" == "toweb" ]; then
 svn update $DEST_DIR --username venus --password venus
else
 echo "no code to sync"
fi
exit

[root@localhost hooks]# chmod 777 post-commit

pre-commit用来做提交前过滤,如果附件信息中有toweb单词,写入到/tmp/ifsubmit中,然后post-commit开始提交后的动作,查看/tmp/ifsubmit文件
如果出现toweb执行同步操作。