以前在准备CCIE的时候,曾经在NetPro论坛上看到过这样的一段话,也写下了 Be a real CCIE这个帖子
In most situations, when someone obtain a CCIE, it tells me that person is willing to go through the pain and sacrifice to obtain this achievement and therefore, deserve a lot of my respect
10年前的我,也许没有完全理解这段话,或多或少的只关注到了那些技术和所谓pain and sacrifice。
Sub Macro1()
Dim vDirectory As String
Dim oDoc As Document
vDirectory = "C:\some_dir\"
vFile = Dir(vDirectory & "*.*", vbNormal)
Do While vFile <> ""
Set oDoc = Documents.Open(FileName:=vDirectory & vFile)
ActiveDocument.SetCompatibilityMode (wdWord2010)
ActiveDocument.BuiltInDocumentProperties("Author") = "liukang"
ActiveDocument.Range.Font.Name = "宋体"
With ActiveDocument.Sections(1)
.Footers(wdHeaderFooterPrimary).Range.Font.Name = "宋体"
.Headers(wdHeaderFooterPrimary).Range.Font.Name = "宋体"
.Footers(wdHeaderFooterFirstPage).Range.Font.Name = "宋体"
.Headers(wdHeaderFooterFirstPage).Range.Font.Name = "宋体"
End With
With ActiveDocument.Sections(1).Range.ParagraphFormat
.SpaceBeforeAuto = False
.SpaceAfterAuto = False
.WordWrap = True
End With
ActiveDocument.EmbedTrueTypeFonts = True
ActiveDocument.SaveSubsetFonts = True
ActiveDocument.DoNotEmbedSystemFonts = False
ActiveDocument.Save
ActiveDocument.Close
vFile = Dir
Loop
End Sub
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1 dial-on-demand
no cdp enable
!
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username <username> password 0 <mypassword>
no cdp enable
!
.May 6 16:30:48.539: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
.May 6 16:30:48.539: Vi1 LCP: MRU 1492 (0x010405D4)
.May 6 16:30:48.539: Vi1 LCP: AuthProto PAP (0x0304C023)
.May 6 16:30:48.539: Vi1 LCP: MagicNumber 0xF5FD2887 (0x0506F5FD2887)
.May 6 16:30:48.539: Vi1 LCP: O CONFNAK [ACKrcvd] id 2 len 13
.May 6 16:30:48.539: Vi1 LCP: MRU 1500 (0x010405DC)
.May 6 16:30:48.539: Vi1 LCP: AuthProto CHAP (0x0305C22305)
” I CONFREQ”是ISP那边送来的,大概意思就是说我要用PAP方式做验证好不好?MTU是1492。”O CONFNAK”是我的router在说”我要用CHAP做验证,MTU 1500″。而且这个过程在不断重复,这要是在现实生活中估计俩人早就该打起来了……好在对”Magic Number”两边还是能好好的协商的……
在经过多次之后失败后(我这里看到的是15次)debug输出中会出现这样一句:
.May 6 16:31:12.759: Vi1 LCP: Sent too many CONFNAKs. Switch to CONFREJ
.May 6 16:31:12.759: Vi1 LCP: O CONFREJ [ACKrcvd] id 7 len 12
.May 6 16:31:12.759: Vi1 LCP: MRU 1492 (0x010405D4)
.May 6 16:31:12.759: Vi1 LCP: AuthProto PAP (0x0304C023)
目视确认面包线连接正确并且牢固,使用lsusb查看系统是否识别出了USB摄像头,使用 ls /dev/video* 检验USB摄像头的编号。
root@raspberrypi ~ # lsusb
Bus 001 Device 002: ID 0424:9512 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 004: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB
Bus 001 Device 005: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Bus 001 Device 006: ID 046d:082d Logitech, Inc.
Bus 001 Device 007: ID 099a:7160 Zippy Technology Corp. Hyper Slim Keyboard
root@raspberrypi ~ # ls /dev/video*
/dev/video0
#!/bin/bash
#A Sample script to demo PIR motion sensor trigger LED and USB camera
#Written by Kang Liu (http://www.liukang.com)
#You have the freedom to use and/or modify the script, and the freedom to distribute modified and therefore derivative script.
#USB video camera device
videodev="/dev/video0"
#gpio number for the sensor & LED
redled=18
sensor=17
#second(s) between each check
waitperiod=1
#photo settings
photorepeattimes=3
resolution="800x600"
#Directory to store captured photos
directory="/tmp"
#Init GPIO sysfs
#Set default as "Off" for LEDs
init_led ()
{
for i in $redled
do
if [ ! -d /sys/class/gpio/gpio$i ]
then
echo $i >/sys/class/gpio/export
fi
echo "out" >/sys/class/gpio/gpio$i/direction
echo 0 >/sys/class/gpio/gpio$i/value
done
}
init_sensor ()
{
for i in $sensor
do
if [ ! -d /sys/class/gpio/gpio$i ]
then
echo $i >/sys/class/gpio/export
fi
echo "in" >/sys/class/gpio/gpio$i/direction
done
}
init_led_sensor ()
{
init_led
init_sensor
}
#Turn off LED(s) before exit and unexport the sysfs
cleanup()
{
init_led_sensor
for i in $redled $sensor
do
if [ -d /sys/class/gpio/gpio$i ]
then
echo $i > /sys/class/gpio/unexport
fi
done
exit 0
}
capture_photo()
{
for (( c=0; c<$photorepeattimes; c++ ))
do
filename=$directory/$(date -u +"%d%m%Y_%H%M-%S").jpg
fswebcam -d $videodev --timestamp "%Y-%m-%d %H:%M:%S (%Z)" -r $resolution $filename
sleep 1
done
}
check_activity()
{
sensor_status=`cat /sys/class/gpio/gpio$sensor/value`
#Mirror sensor status to another GPIO
echo $sensor_status > /sys/class/gpio/gpio$redled/value
#If sensor is triggered,capture photo
if [ "$sensor_status" -eq 1 ]
then
capture_photo
fi
}
init_led_sensor
trap cleanup INT TERM EXIT
while :
do
check_activity
sleep $waitperiod
done
#!/bin/bash
#Written by Kang Liu (http://www.liukang.com)
#You have the freedom to use and/or modify the script, and the freedom to distribute modified and therefore derivative script.
#Actually in this test, I will only use GPIO 17 (WiringIO 0) (Red LED)
orgled=27
greenled=18
redled=17
init_led()
{
for i in $orgled $greenled $redled
do
if [ ! -d /sys/class/gpio/gpio$i ]
then
echo $i >/sys/class/gpio/export
fi
echo "out" >/sys/class/gpio/gpio$i/direction
echo 0 >/sys/class/gpio/gpio$i/value
done
}
cleanup()
{
init_led
for i in $orgled $greenled $redled
do
if [ -d /sys/class/gpio/gpio$i ]
then
echo $i > /sys/class/gpio/unexport
fi
done
exit 0
}
gpio_ben()
{
echo 1 > /sys/class/gpio/gpio$1/value
echo 0 > /sys/class/gpio/gpio$1/value
#gpio write 0 1 #method 4
#gpio write 0 0 #method 4
}
init_led
trap cleanup INT TERM EXIT
while :
do
#gpio_ben 17 #method 2, method 4
echo 1 > /sys/class/gpio/gpio17/value #method 1
echo 0 > /sys/class/gpio/gpio17/value #method 1
#gpio write 0 1 #method 3
#gpio write 0 0 #method 3
done
方法1:直接调用sysfs控制通断
脚本中默认没有注释掉的就是方法1,相当于用下面命令来操作gpio实现让电路通断:
while :
do
echo 1 > /sys/class/gpio/gpio17/value #method 1
echo 0 > /sys/class/gpio/gpio17/value #method 1
done
实测频率在1.1kHz左右。目测LED基本感觉不到闪烁。
测试结果照片如下,最后两位数字在不断跳动。
方法2:用shell脚本中的函数调用sysfs控制通断
相当于用下面命令来通过自定义函数gpio_ben操作gpio,实现电路通断:
gpio_ben()
{
echo 1 > /sys/class/gpio/gpio$1/value
echo 0 > /sys/class/gpio/gpio$1/value
}
while :
do
gpio_ben 17
done
实测频率在750Hz左右。目测LED基本感觉不到闪烁。
方法3:用gpio外部命令来控制通断
相当于用下面的命令来通过gpio外部命令来操作gpio,实现电路的通断:
while :
do
gpio write 0 1
gpio write 0 0
done
实际频率在40Hz左右。目测LED能感觉到一些闪烁。
方法4:用通过函数调用gpio外部命令控制通断
相当于用里阿敏的命令来通过函数调用gpio外部命令来操作,实现电路的通断:
gpio_ben()
{
gpio write 0 1
gpio write 0 0
}
while :
do
gpio_ben
done
#!/bin/bash
#A Sample script to check memory usage and reflect the result by LED.
#Written by Kang Liu (http://www.liukang.com)
#You have the freedom to use and/or modify the script, and the freedom to distribute modified and therefore derivative script.
#gpio number for the LEDs
orgled=27
greenled=18
redled=17
#precentage of available memory
memfreehigh=60
memfreelow=30
#seconds to wait between each check
waitperiod=10
#Init GPIO sysfs
#Set default as "Off" for LEDs
init_led()
{
for i in $orgled $greenled $redled
do
if [ ! -d /sys/class/gpio/gpio$i ]
then
echo $i >/sys/class/gpio/export
fi
echo "out" >/sys/class/gpio/gpio$i/direction
echo 0 >/sys/class/gpio/gpio$i/value
done
}
#Set LED value
#Parameter is the GPIO number for the LED
set_led()
{
led_status=`cat /sys/class/gpio/gpio$1/value`
if [ "$led_status" -ne 1 ]
then
init_led
echo 1 > /sys/class/gpio/gpio$1/value
fi
}
#Turn off All LEDs before exit
cleanup()
{
init_led
for i in $orgled $greenled $redled
do
if [ -d /sys/class/gpio/gpio$i ]
then
echo $i > /sys/class/gpio/unexport
fi
done
exit 0
}
check_mem_usage()
{
output=`free |grep Mem|tr -s [:space:]`
#uncomment the below lines if you want to debug
#echo $output
total=`echo $output | cut -d ' ' -f 2`
used=`echo $output | cut -d ' ' -f 3`
available=$((100-used*100/total))
#echo $available% available
if [ $available -le $memfreelow ]
then
#echo "RED"
set_led $redled
return
fi
if [ $available -ge $memfreehigh ]
then
#echo "GREEN"
set_led $greenled
return
fi
#echo "ORANGE"
set_led $orgled
}
init_led
trap cleanup INT TERM EXIT
while :
do
check_mem_usage
sleep $waitperiod
done
vi (或者你任何喜欢的文本编辑器,别和我争论这点,我是习惯用vi了)bad-ssh.conf,修改成以下内容:
[INCLUDES]
before = common.conf
[Definition]
_daemon = sshd
failregex = Received disconnect from : .*: Bye Bye \[preauth\]
Address maps to .* POSSIBLE BREAK-IN ATTEMPT!$
Invalid user .* from $
Did not receive identification string from
reverse mapping checking getaddrinfo for .* \[\] failed - POSSIBLE BREAK-IN ATTEMPT!$
ignoreregex =
[optional] 修改 /etc/fail2ban/action.d/iptables-blocktype.conf,我是认为直接drop就好了,对这种无聊的攻击没义务发icmp port unreachable回去
# Option: blocktype
# Note: This is what the action does with rules. This can be any jump target
# as per the iptables man page (section 8). Common values are DROP
# REJECT, REJECT --reject-with icmp-port-unreachable
# Values: STRING
#blocktype = REJECT --reject-with icmp-port-unreachable
blocktype = DROP
root@hostname:~# fail2ban-regex 'Apr 19 18:55:07 hostname sshd[9146]: Received disconnect from 10.1.1.1: 11: Bye Bye [preauth]' 'Received disconnect from '
Running tests
=============
Use failregex line : Received disconnect from
Use single line : Apr 19 18:55:07 hostname sshd[9146]: Received dis...
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] Received disconnect from
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] MONTH Day Hour:Minute:Second
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
root@hostname:~#