Category Archives: Unix

修改vi的顏色配置

一般來說,我們使用vi的時候,默認是沒有顏色配置的,看起來就是一個色。

第一步,看一下用戶目錄中是否有.vimrc文件,如果沒有的話,那就複製一個。

cp /usr/share/vim/vimrc ~/.vimrc
然後打開這個文件:
vi .vimrc
在set backspace=2下面加一行
syntax enable

vi有提供很多種配色方案,你可以參考如下,讀下README你可以得到更多:

ls /usr/share/vim/vim80/colors
README.txt delek.vim industry.vim pablo.vim slate.vim
blue.vim desert.vim koehler.vim peachpuff.vim torte.vim
darkblue.vim elflord.vim morning.vim ron.vim zellner.vim
default.vim evening.vim murphy.vim shine.vim

複製一下 cp -r /usr/share/vim/vim80/colors ~/.vim/

剛才我們不是在.vimrc文件中添加了一行,那現在比如說我想用那個藍色的配色方案,可以再加一行 colorscheme blue使用這個配色方案。

看起來就好多了嘛!

Deploy Google BBR on Centos

visit https://www.elrepo.org

rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

Centos6:rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm

Centos7:rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm

yum –enablerepo=elrepo-kernel install kernel-ml -y

vi /boot/grub/grub.conf

default=0

vi /etc/sysctl.conf

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

reboot

sysctl net.ipv4.tcp_available_congestion_control

The output should resemble:
net.ipv4.tcp_available_congestion_control = bbr cubic reno

OpenVPN Server on FreeBSD

和Centos有点区别。

  1. 使用pkg安装openvpn:pkg install openvpn
  2. 使用easy-rsa生成数字证书,生成openvpn server配置文件,默认的即可,我们使用udp协议,把服务端口修改为443,这样比较通用。
  3. 修改rc.conf,启用pf做nat,启用gateway,增加openvpn配置。pf_enable=”YES”
    pf_rules=”/etc/pf.conf”
    pflog_enable=”YES”
    pflog_logfile=”/var/log/pflog”
    gateway_enable=”YES”
    openvpn_enable=”yes”
    openvpn_configfile=”/usr/local/etc/openvpn/2.0/conf/server.conf”
    openvpn_if=”tun”
  4. 增加pf.conf配置文件,这里我们的FreeBSD运行在ESXI上,所以网卡是vmx0,openvpn clients的网络是10.9.0.0/24,服务器的IP地址是192.168.0.99:#/etc/pf.conf
    if=”vmx0″
    vpn_if=”tun0″
    vpn_net = “10.9.0.0/24″icmp_types = “echoreq”
    open_tcp = “{22}”
    open_udp = “{443}”
    # wan ip
    ip = 192.168.0.99
    set block-policy drop
    set skip on lo0
    set limit { states 10000, frags 5000 }
    set loginterface vmx0
    set optimization normal
    set require-order yes
    set fingerprints “/etc/pf.os”
    set ruleset-optimization basicscrub in all fragment reassemble random-idnat on $if from $vpn_net to any -> $ip

    block log all
    block return

    antispoof quick for $if
    pass in quick proto udp from any to port 443 keep state label “openvpn”

    # Pass stuff on the VPN interface
    pass quick on $vpn_if keep state

    pass in on $if proto tcp from any to any port 22 keep state

    pass in on $if proto tcp from any to any port $open_tcp keep state
    pass in on $if proto udp from any to any port $open_udp keep state

    pass out quick all keep state

    pass in on $if inet proto icmp all icmp-type $icmp_types keep state

  5. 在sysctl.conf中增加IP forwarding配置:net.inet.ip.forwarding=1
  6. 可以启动了:service openvpn start
  7. 其实大同小异,不过最近发现zfs和jail都是蛮不错的好东西,大神的设计往往超越了时代,却是那些简陋而充满bug的设计流行于世间。

 

Create a bootable CentOS USB drive with a Mac (OS X) for a PC

1. Visit Centos’ web page, https://www.centos.org/download/, and download the iso image you’d like to boot from.
2. When the download has completed, open up terminal and use ‘hditutil’ to convert the *.iso to an *.img file (specifically, a UDIF read/write image).

$hdiutil convert -format UDRW -o target.img CentOS-7.0-1406-x86_64-Everything.iso
Reading Master Boot Record (MBR : 0)…
Reading CentOS 7 x86_64 (Apple_ISO : 1)…
Reading (Type EF : 2)…
Reading CentOS 7 x86_64 (Apple_ISO : 3)…
…………………………………………………………………….
Elapsed Time: 33.590s
Speed: 200.5Mbytes/sec
Savings: 0.0%
created: /tmp/target.img.dmg

3. Use the ‘dd’ utility to copy the iso to your USB drive:

$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *121.3 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_HFS Macintosh HD 120.5 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *31.9 GB disk1
1: DOS_FAT_32 NO NAME 31.9 GB disk1s1
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: CentOS_7.0_Final *4.5 GB disk2
$ diskutil unmountDisk /dev/disk1
Unmount of all volumes on disk1 was successful
$ diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful
$ time sudo dd if=target.img.dmg of=/dev/disk1 bs=1m
Password:
4261+0 records in
4261+0 records out
4467982336 bytes transferred in 1215.483272 secs (3675890 bytes/sec)

Linux IPTables: Incoming and Outgoing Rule Examples

Default Chain Policy

As you notice below, it says “(policy ACCEPT)” next to all the three chain names (INPUT, OUTPUT, and FORWARD). This indicates that the default chain policy is ACCEPT.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:ssh
DROP all — anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So, you have two options here. Continue reading