linux系统管理员应该有的一个习惯就是随时备份文件,通常cp -rf a a.xxx, 但是为备份文件起个名字得花时间想以下,最好是能够自动的创建文件名。 #备份文件用,放入 ~/.bashrc中 #支持文件和目录 #By notsobad # usage: bak test_file bak(){ to="`echo $1 | sed 's#/*$##g'`.`date +%Y%m%d%H%M`"; [ -e "$to" ] && rm -rf $to; cp -rf "$1" $to; } 使用: ...
allow_url_include 如果打开,则可以include远程文件 这是个很古老的安全问题了,今天做了下实验,才意识到危害性。 以前一位include 只是取到静态html内容,把它原样输出,没想到它会对获取倒内容中的php代码进行解释执行,很危险。 机器a上: wang@wang-desktop:~/www$ cat inc.php EOF ?> 然后在另一台机器b上: ...
ubuntu源里的thunderbird还是2.*的,3.*已经出了好久了 参考[这里](http://www.ubuntu- inside.me/2009/08/howto-install-thunderbird-3-beta-on.html) sources.list中添加个ppa的源 sudo gedit /etc/apt/sources.list deb http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main deb-src http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu jaunty main 添加key $sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 247510BE $sudo apt-get update $sudo apt-get install thunderbird-3.0 thunderbird-3.0-gnome-support
ubuntu下使用amule下载 老实说,互联网上中文的东西大部分都是一大抄,很多东西找来找去都是一篇,而且还可能是错的! 我设置firefox的文件关联,就一直没设置好, 看了下amule网站上的说明,才明白少设置了一个东西. Handling ED2k links in Firefox can be configured in two ways: either for an individual user, or for all users of the computer. Configuration for a single user * Insert about:config in the address bar * Right click on the list, select New, then Boolean; insert network.protocol- handler.external.ed2k as Preference Name and true as Value * Now another right click, select New and String; insert network.protocol-handler.app.ed2k as Preference Name and /path/to/ed2k (path to where the file is installed on your system) as Value. For Firefox 3 and higher only, you should also: * Right click on the list, select New, then Boolean; insert network.protocol- handler.expose.ed2k as Preference Name and false as Value After that, click over an ed2k link, and Firefox should ask which app you want to use to open the link. Choose /usr/bin/ed2k and it should work. ...
使用lynx来获取网页文本, 效果就相当于在一个网页上面输入ctrl+a ctrl+c,然后ctrl+v保存到一个文本文件中,当然写到脚本里就可以自动化操作了。 lynx -notitle -nomargins -nolist -width=4096 -verbose -display_charset=gb2312 -dump http://baike.baidu.com/view/396668.htm?hh=255 | iconv -f gb2312 -t utf8//IGNORE 排下版 wang@wang-desktop:~/script/notsobad/shell/tool$ cat get_url.sh #!/bin/sh # File: get_url.sh # Author: notsobad # Description: # Created: 2009-12-14 15:53:02 # Last modified: 2009-12-14 15:53:02 url=$1 lynx -notitle\ -nomargins\ -nolist\ -width=4096\ -verbose\ -display_charset=gb2312\ -dump\ "$url"\ | iconv -f gb2312 -t utf8//IGNORE
关于shell中的eval 对于命令注入后,一条命令可能需要的字符大概有这几个吧 $ ' " ; && || [ ] ` > <; 可以看到是很多的,所以黑名单过滤的方法肯定是有问题的,因为是肯可能绕过去的。 加入对所有GET, POST的参数都用了htmlspecialchars做了处理,那么所有的< > 都会被转义成html字符 那么就没办法使用重定向符号了吗? 参考下下面的利用eval来使用管道符号 The shell takes care of pipes and I/O redirection before variable substitution, so it never recognizes the pipe symbol inside pipe. The result is that the three arguments |, wc, and -l are passed to ls as arguments. ...
ubuntu下去除开机的服务,如果安装了apache,mysql开发用,可以去掉,使用的时候再打开。 find /etc/rc*.d/ -name \*apache2 -exec rm {} \; #Or: sudo update-rc.d -f apache2 remove
在100个最佳网络安全工具里找了下,排12的是个Nikto,也是[10个最佳web扫描器](http://sectools.org/web- scanners.html)里排第一个的,装了试一下,挺不错 wang@wang-laptop:~$ sudo apt install nokto wang@wang-laptop:~$ nikto -Help Options: -config+ use this config file -Cgidirs+ scan these CGI dirs: 'none', 'all', or values like "/cgi/ /cgi-a/" -Display+ turn on/off display outputs: 1 Show redirects 2 Show cookies received 3 Show all 200/OK responses 4 Show URLs which require authentication D Debug Output V Verbose Output -dbcheck check database and other key files for syntax errors (cannot be abbreviated) -evasion+ ids evasion technique: 1 Random URI encoding (non-UTF8) 2 Directory self-reference (/./) 3 Premature URL ending 4 Prepend long random string 5 Fake parameter 6 TAB as request spacer 7 Change the case of the URL 8 Use Windows directory separator (\) -findonly find http(s) ports only, don't perform a full scan -Format+ save file (-o) format: htm HTML Format csv Comma-separated-value txt Plain text (default if not specified) xml XML Format -host+ target host -Help Extended help information -id+ host authentication to use, format is userid:password -mutate+ Guess additional file names: 1 Test all files with all root directories 2 Guess for password file names 3 Enumerate user names via Apache (/~user type requests) 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) -nolookup skip name lookup -output+ write output to this file -port+ port to use (default 80) -Pause+ pause between tests (seconds) -root+ prepend root value to all requests, format is /directory -ssl force ssl mode on port -Single Single request mode -timeout+ timeout (default 2 seconds) -Tuning+ scan tuning: 0 File Upload 1 Interesting File / Seen in logs 2 Misconfiguration / Default File 3 Information Disclosure 4 Injection (XSS/Script/HTML) 5 Remote File Retrieval - Inside Web Root 6 Denial of Service 7 Remote File Retrieval - Server Wide 8 Command Execution / Remote Shell 9 SQL Injection a Authentication Bypass b Software Identification c Remote Source Inclusion x Reverse Tuning Options (i.e., include all except specified) -useproxy use the proxy defined in config.txt -update update databases and plugins from cirt.net (cannot be abbreviated) -Version print plugin and database versions -vhost+ virtual host (for Host header) + requires a value 试着扫了下自己的笔记本,发现还是扫到很有意思的东西 环境: ubuntu9.10 + apache2(默认配置) 居然有这么个地址 http://localhost/server-status 记录的是apache运行状态。 ...
使用vi来编辑python代码,参考这如下文章 [Python and vim: Make your own IDE](http://dancingpenguinsoflight.com/2009/02/python-and-vim-make-your-own- ide/) Indenting Python with VIM 主要的: 在.vimrc中 filetype plugin indent on AutoCmd FileType python set complete+=k~/.vim/syntax/python.vim isk+=.,( AutoCmd BufNewFile,BufRead *.py \ setlocal tabstop=4 \ setlocal softtabstop=4 \ setlocal shiftwidth=4 \ setlocal textwidth=80 \ setlocal smarttab \ setlocal expandtab \ setlocal smartindent \ setlocal indentkeys=!^F,o,O,<:>,0),0],0},=elif,=except,0#
关于linux下io重定向的几篇文章 A Detailed Introduction to I/O and I/O Redirection [Advanced Bash- Scripting Guide I/O Redirection](http://www.faqs.org/docs/abs/HTML/io- redirection.html) linux下三种文件是默认打开的,stdin(键盘), stdout(屏幕), stderr(错误信息,输出到屏幕),这三个和其它的打开文件都是可以被重定向的。 有一个脚本a.sh,我想把它的输出全部重定向到一个文件中去,如何做呢? 通常我们会在调用时做 sh a.sh >/tmp/out.txt 2>&1 但是如果调用是程序没办法控制的,如何在这个脚本内部做呢? 写一个测试脚本看下 #cat a.sh ...