Posted Updated Cs16 minutes read (About 2474 words)

cmds

bash命令记录…

Shell Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#1.15版本开始tar就可以自动识别压缩的格式,故不需人为区分压缩格式就能正确解压
tar -xvf filename.tar.gz
tar -xvf filename.tar.bz2
tar -xvf filename.tar.xz
tar -xvf filename.tar.Z

#pv显示进度(拷贝文件,压缩)
pv ./XP-20201009.ova > ./tmp/xp.ova
pv ./XP-20201009.ova | gzip > ./xp.gz

#LXC编辑/etc/ssh/sshd_config修改端口,重启LXC容器后ssh服务显示inactive(dead)
systemctl disable ssh.socket
systemctl enable ssh
reboot

#average ping reslut
ping -c 10 baidu.com | grep avg | awk -F= '{print $2}'| awk -F/ '{print $2}'

#在/var/log目录及其子目录中找到文件大小大于10MB,
#并且文件名中包含system@或以数字结尾的文件
#删除这些文件
#find /var/log -type f -size +10M | grep -E '(system@|.*[0-9]$)' | xargs ls -alh | awk '{print $NF}' | xargs rm -i

timedatectl set-timezone Asia/Shanghai

remote copy–>local

1
scp -P 666 [email protected]:/etc/passwd /mnt/Dropbox/

clear history

1
2
rm -rf ~/.bash_history
history -c

ip GEO info

1
2
3
4
curl  ipinfo.io/222.82.49.63
curl -s https://api.ip.sb/geoip | sed 's/,/\n/g'|grep -Ew 'city|country|organization|asn|ip'
pacman -Sy jq && curl -s https://api.ip.sb/geoip | jq '.country, .city, .organization, .asn, .ip'
curl myip.ipip.net     #domestic ip

Convert upper/lower case

1
2
awk '{print tolower($0)}' file
awk '{print toupper($0)}' file

SED

1
2
3
#匹配括号中的内容,包含括号
#(http://www.google.com)
cat name.txt | sed 's#(\([^\)]*\))##g'

Manjaro - rank,update,package

1
2
3
4
5
6
7
8
9
10
sudo pacman-mirrors -i -c China -m rank
sudo pacman -Syyu
sudo pacman -S yay
yay -Syu --devel --combinedupgrade --save
sed -i 's/archlinux.org/tuna.tsinghua.edu.cn/g'  ~/.config/yay/config.json
yay -Syu
#Remove unneeded dependencies
yay -Yc
#Remove cache
yay -Sc

Manjaro - install&config Chinese input&fonts

1
2
3
4
5
sudo pacman -S fcitx-im fcitx-configtool fcitx-googlepinyin
sudo echo -e "export GTK_IM_MODULE=fcitx\nexport QT_IM_MODULE=fcitx\nexport XMODIFIERS=@im=fcitx">>~/.xprofile
sudo pacman -S adobe-source-han-sans-cn-fonts
sudo pacman -S adobe-source-han-serif-cn-fonts
sudo pacman -S noto-fonts noto-fonts-cjk noto-fonts-emoji

ip stat from log file

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
cat haproxy.log |awk '{print $6}'|awk -F ':' '{print $1}'| sort | uniq -c | sort -k 1 -n -r > stat.txt

ping 101.32.45.6 -c 20000 > ping_result
cat ping_result | awk -F '=' '{print $4}' | awk '{print $1}' | sort -r | head -n 10

uniq - report or omit repeated lines
-u, --unique,only print unique lines
-c, --count,prefix lines by the number of occurrences

sort - sort lines of text files
-f:ignore lower/upper case
-b:ignore leading blanks;
-M:month sort
-n:numeric sort
-r:reverse the result;
-u:unique.with -c, check for strict ordering; without -c, output only the first of an equal run;
-t:field separator;
-k:sort via a key;KEYDEF gives location and type

DD

1
2
dd if=/dev/zero bs=1024 count=192 | tr "\000" "\377" >breed_192.bin
dd if=breed-mt7621-newifi-d1.bin of=breed_192.bin conv=notrunc

bs(block size)=1024 bytes
count(copies only this number of blocks)=192
tr is used to replace zeroes with 0xFF. tr expects arguments in octal. 0xFF in octal is \377.

1
2
3
4
5
6
7
8
9
10
11
12
13
dd if=/dev/zero bs=1024 count=192 > ./test.bin
hexdump -C test.bin
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00030000

#replace 00 with 0xff

dd if=/dev/zero bs=1024 count=192 | tr "\000" "\377" > ./test.bin
hexdump -C test.bin 
00000000  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00030000

conv=notrunc which tells dd to not truncate the output file.

1
2
3
4
5
6
7
8
9
hexdump -C test1.bin
00000000  66 6f 6f 0a 62 61 72 0a                           |foo.bar.|
00000008

hexdump -C test2.bin 
00000000  66 6f 6f 0a 62 61 72 0a  ff ff ff ff ff ff ff ff  |foo.bar.........|
00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|
*
00030000

CIDR-IP Range convert

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
netmask -c 180.160.0.0:180.175.255.255
180.160.0.0/12
netmask -r 180.160.0.0/12
180.160.0.0-180.175.255.255 (1048576)

ipcalc 180.160.0.0/12
Address:   180.160.0.0          10110100.1010 0000.00000000.00000000
Netmask:   255.240.0.0 = 12     11111111.1111 0000.00000000.00000000
Wildcard:  0.15.255.255         00000000.0000 1111.11111111.11111111
=>
Network:   180.160.0.0/12       10110100.1010 0000.00000000.00000000
HostMin:   180.160.0.1          10110100.1010 0000.00000000.00000001
HostMax:   180.175.255.254      10110100.1010 1111.11111111.11111110
Broadcast: 180.175.255.255      10110100.1010 1111.11111111.11111111
Hosts/Net: 1048574               Class B

sipcalc -a 180.160.0.0/12
-[ipv4 : 180.160.0.0/12] - 0

[Classfull]
Host address            - 180.160.0.0
Host address (decimal)  - 3030384640
Host address (hex)      - B4A00000
Network address         - 180.160.0.0
Network class           - B
Network mask            - 255.255.0.0
Network mask (hex)      - FFFF0000
Broadcast address       - 180.160.255.255

[CIDR]
Host address            - 180.160.0.0
Host address (decimal)  - 3030384640
Host address (hex)      - B4A00000
Network address         - 180.160.0.0
Network mask            - 255.240.0.0
Network mask (bits)     - 12
Network mask (hex)      - FFF00000
Broadcast address       - 180.175.255.255
Cisco wildcard          - 0.15.255.255
Addresses in network    - 1048576
Network range           - 180.160.0.0 - 180.175.255.255
Usable range            - 180.160.0.1 - 180.175.255.254

[Classfull bitmaps]
Network address         - 10110100.10100000.00000000.00000000
Network mask            - 11111111.11111111.00000000.00000000

[CIDR bitmaps]
Host address            - 10110100.10100000.00000000.00000000
Network address         - 10110100.10100000.00000000.00000000
Network mask            - 11111111.11110000.00000000.00000000
Broadcast address       - 10110100.10101111.11111111.11111111
Cisco wildcard          - 00000000.00001111.11111111.11111111
Network range           - 10110100.10100000.00000000.00000000 -
                          10110100.10101111.11111111.11111111
Usable range            - 10110100.10100000.00000000.00000001 -
                          10110100.10101111.11111111.11111110

[Networks]
Network                 - 180.160.0.0     - 180.175.255.255 (current)

ufw

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
vim /etc/ufw/before.rules
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

ufw deny proto {tcp|udp} from {ip-address-here} to any port {port-number-here}
ufw deny proto tcp from 2.1.1.0/24 to any port 22

#allow Cloudflare ipsets from https://www.cloudflare.com/ips/
#https://www.cloudflare.com/ips-v4/
#https://www.cloudflare.com/ips-v6/
ufw allow from 103.21.244.0/22 to any port 8443
ufw allow from 103.22.200.0/22 to any port 8443
ufw allow from 103.31.4.0/22 to any port 8443
ufw allow from 104.16.0.0/13 to any port 8443
ufw allow from 104.24.0.0/14 to any port 8443
ufw allow from 108.162.192.0/18 to any port 8443
ufw allow from 131.0.72.0/22 to any port 8443
ufw allow from 141.101.64.0/18 to any port 8443
ufw allow from 162.158.0.0/15 to any port 8443
ufw allow from 172.64.0.0/13 to any port 8443
ufw allow from 173.245.48.0/20 to any port 8443
ufw allow from 188.114.96.0/20 to any port 8443
ufw allow from 190.93.240.0/20 to any port 8443
ufw allow from 197.234.240.0/22 to any port 8443
ufw allow from 198.41.128.0/17 to any port 8443
ufw allow from 2400:cb00::/32 to any port 8443
ufw allow from 2606:4700::/32 to any port 8443
ufw allow from 2803:f800::/32 to any port 8443
ufw allow from 2405:b500::/32 to any port 8443
ufw allow from 2405:8100::/32 to any port 8443
ufw allow from 2a06:98c0::/29 to any port 8443
ufw allow from 2c0f:f248::/32 to any port 8443

firewall

1
2
3
4
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=123.157.192.0/24 drop'
firewall-cmd --add-rich-rule='rule family=ipv4 source NOT address=66.220.2.71 protocol value=icmp drop' --zone=public --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --permanent --add-icmp-block=echo-request &&  firewall-cmd --permanent --add-icmp-block=echo-reply

iptables quota

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
ifconfig -a ens160| egrep "RX packets|TX packets"|awk -F '[()]' '{print $2}'
#限制1M流量(1024000 Bytes)
iptables -A OUTPUT -p tcp -m quota --quota 1024000 -j ACCEPT
iptables -A OUTPUT -p tcp -j DROP

#限制某个ip或者mac规定时间,规定日子禁止访问外网,而局域网能访问的规则(在FORWARD链DROP掉数据包,不能在INPUT链)
iptables-I FORWARD -s x.x.x.x -m time --timestart 5:00 --timestop 6:30--kerneltz -j DROP
iptables-I FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx -m time--timestart 13:00 --timestop 15:30 --kerneltz -j DROP
#另外时间后面可以指定那天
iptables-I FORWARD -s x.x.x.x -m time --timestart 5:00 --timestop 6:30–days Mon,Tue,Wed,Thu,Fri,Sat,Sun -j DROP
#限制/解除客户端MAC地址访问外网的生效命令:
iptables -I FORWARD -m mac --mac-source 设备mac地址 -j DROP
iptables -D FORWARD -m mac --mac-source 设备mac地址 -j DROP

#禁止访问所有网络,包括局域网
iptables-I INPUT -i br-lan -m mac --mac-source xx:xx:xx:xx:xx:xx -m time --timestart 5:00 --timestop 6:30 --kerneltz -j DROP
iptables-I INPUT -i br-lan -m mac --mac-source xx:xx:xx:xx:xx:xx -m time --timestart 20:00 --timestop 21:30 --kerneltz -j DROP

forward TCP/UDP traffic by iptables

1
2
3
4
5
6
7
8
9
10
11
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

iptables -t nat -A PREROUTING -d [relay_serv_ip] -p tcp --dport [relay_serv_port] -j DNAT --to-destination [dest_serv_ip:port]
iptables -t nat -A POSTROUTING -d [dest_serv_ip] -p tcp --dport [dest_serv_port] -j SNAT --to-source [relay_serv_ip]

iptables -t nat -A PREROUTING -d [relay_serv_ip] -p udp --dport [relay_serv_port] -j DNAT --to-destination [dest_serv_ip:port]
iptables -t nat -A POSTROUTING -d [dest_serv_ip] -p udp --dport [dest_serv_port] -j SNAT --to-source [relay_serv_ip]

iptables-save > /etc/sysconfig/iptables
iptables-restore < /etc/sysconfig/iptables

forward TCP/UDP traffic by socat

1
2
3
yum install -y socat
nohup socat TCP4-LISTEN:[relay_serv_port],reuseaddr,fork TCP4:[dest_serv_ip:port] >> socat.log 2>&1 &
nohup socat UDP4-LISTEN:[relay_serv_port],reuseaddr,fork UDP4:[dest_serv_ip:port] >> socat.log 2>&1 &

PAC

1
2
sudo pip install genpac
genpac --format=pac --pac-proxy="SOCKS5 127.0.0.1:1080" -o autoproxy.pac

https/http2 proxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#server
wget https://github.com/ginuerzh/gost/releases/download/v2.11.0/gost-linux-amd64-2.11.0.gz
gunzip gost-linux-amd64-2.11.0.gz
mv gost-linux-amd64-2.11.0 gost
chmod 711 gost
nohup ./gost -L="http2://usr:pass@:443?cert=/path/to/cert/file&key=/path/to/key/file&probe_resist=code:404" &
./gost -L="http+tls://usr:pass@:443?cert=/path/to/letsencrypt/fullchain.pem&key=/path/to/letsencrypt/privkey.pem"

#client
./gost -L=:8080 -F="https://usr:pass@hostname:443"
export http_proxy=http://127.0.0.1:8080
export https_proxy=http://127.0.0.1:8080
unset http_proxy
unset https_proxy
! # $ & ' ( ) * +
%21 %23 %24 %26 %27 %28 %29 %2A %2B
, / : ; = ? @ [ ]
%2C %2F %3A %3B %3D %3F %40 %5B %5D

注意:若用户名或密码中有特殊字符,可能需要编码转换。

nmap

1
2
3
4
nmap -sS -Pn -p 1-65535 ip_addr
#-sS:TCP SYN scan,which is often referred to as half-open scanning
#-Pn:no ping
#-p:port

push declined due to email privacy restrictions

1
2
3
4
5
#Change the global user e-mail address setting to be your GitHub noreply address
git config --global user.email "[email protected]"
git config --global user.email
#Reset the author information on your last commit
git commit --amend --reset-author

Aliyun Ubuntu Mirrors

/etc/apt/sources.list
Ubuntu 22.04:

1
2
3
4
5
6
7
8
9
10
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse

Ubuntu 20.04:

1
2
3
4
5
6
7
8
9
10
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

x-libev 编译安装报错

./autogen.sh
.^Hlibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, ‘auto’.
libtoolize: copying file ‘auto/ltmain.sh’
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, ‘m4’.
libtoolize: copying file ‘m4/libtool.m4’
libtoolize: copying file ‘m4/ltoptions.m4’
libtoolize: copying file ‘m4/ltsugar.m4’
libtoolize: copying file ‘m4/ltversion.m4’
libtoolize: copying file ‘m4/lt~obsolete.m4’
configure.ac 10: installing ‘auto/compile’
configure.ac 12: installing ‘auto/missing’
configure.ac 309: error: required file ‘libcork/Makefile.in’ not found
configure.ac 309: error: required file ‘libipset/Makefile.in’ not found
src/Makefile.am: installing ‘auto/depcomp’
autoreconf: automake failed with exit status: 1
2选1可解,不知道为什么madeye把这条命令去掉了,记得原先有的

1
2
git submodule init && git submodule update
git submodule update --init --recursive

wget libsodium/mbedTLS报错,无法下载。大概率是因为包更新了,旧版本移动了下载位置,分别可以去
https://download.libsodium.org/libsodium/releases/old/
https://tls.mbed.org/download-archive
找到。

Snap is the recommended way to install the latest binaries.

其实与其那么折腾编译安装还不如直接用作者推荐的方式安装,不过centos用snap还要多几道工序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
yum install epel-release -y
yum install yum-plugin-copr -y
yum copr enable ngompa/snapcore-el7
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
systemctl start snapd
#检查确认snapd是否启动,如失败可restart,再不行reboot
systemctl status snapd
vim /etc/profile
export PATH=$PATH:/snap/bin
source /etc/profile
snap install WhatYouNeed
#Enable Dual mode IPv4/IPv6 stack support
#edit server line in config.json
"server":["[::0]", "0.0.0.0"],

ABP过滤规则语法如下:

  1. 通配符支持
    比如*.example.com/*实际书写时可省略*, 如.example.com/, 和*.example.com/*效果一样
  2. 正则表达式支持。以\开始和结束
    如 \[\w]+://example.com\
  3. @@例外规则
    如 @@*.example.com/* 满足@@后规则的地址不使用代理
  4. | 匹配地址开始和结尾
    如|http://example.com、example.com | 分别表示以 http://example.com 开始和以 example.com 结束的地址
  5. ||
    如||example.com 则 http://example.com、https://example.com、ftp://example.com 等地址均满足条件
  6. **! 注释 **
    如 !我是注释

ref:

#

Comments

You forgot to set the shortname for Disqus. Please set it in _config.yml.

Categories

Tags

Aria21
AriaNG1
Shadowrocket1
adsense1
bash4
bootloader1
browser1
caddy1
caddy21
cdn1
cloudflare1
commands4
crc1
dd1
filebrowser1
github1
gpg1
ipv61
lfs1
linux3
mtd1
openssl1
pandas1
privacy1
python1
reverification1
sram1
博客1
小火箭1
循环冗余校验码1
教育验证1
计算机组成与设计2
转发1
迁移1
随想1
静态随机存储器1

Advertisement

×