[轉] How To: ICMP Ping in Java (JDK 1.5 and above)

Programatically using ICMP Ping is a great way to establish that a server is up and running. Previously you couldn’t do ICMP ping (what ping command does in Linux/Unix & Windows) in java without using JNI or exec calls. Here is a simple and reliable method to do ICMP pings in Java without using JNI or NIO.


String host = "172.16.0.2"
int timeOut = 3000; // I recommend 3 seconds at least
boolean status = InetAddress.getByName(host).isReachable(timeOut)

status is true if the machine is reachable by ping; false otherwise. Best effort is made to try to reach the host, but firewalls and server configuration may block requests resulting in a unreachable status while some specific ports may be accessible. A typical implementation will use ICMP ECHO REQUESTs if the privilege can be obtained, otherwise it will try to establish a TCP connection on port 7 (Echo) of the destination host.

In Linux/Unix you may have to suid the java executable to get ICMP Ping working, ECHO REQUESTs will be fine even without suid. However on Windows you can get ICMP Ping without any issues whatsoever.

PS: Linux 版必須該 JVM 使用者有 root 權限發 ICMP

使用 Grafana+collectd+InfluxDB 監控系統

http://cyrilwang.blogspot.tw/2016/09/collectd-influxdb-grafana.html

使用 Grafana+collectd+InfluxDB 打造现代监控系统

top command explanation

top – 16:23:02 up 14 days, 23:08, 7 users, load average: 0.01, 0.04, 0.12
Tasks: 233 total, 1 running, 232 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.7 us, 0.3 sy, 0.0 ni, 98.6 id, 0.3 wa, 0.1 hi, 0.1 si, 0.0 st
KiB Mem: 16368856 total, 11506728 used, 4862128 free, 544236 buffers
KiB Swap: 8200188 total, 0 used, 8200188 free, 6060844 cached

a: PID — Process Id
The task’s unique process ID, which periodically wraps, though
never restarting at zero.

b: PPID — Parent Process Pid
The process ID of a task’s parent.

c: RUSER — Real User Name
The real user name of the task’s owner.

d: UID — User Id
The effective user ID of the task’s owner.

e: USER — User Name
The effective user name of the task’s owner.

f: GROUP — Group Name
The effective group name of the task’s owner.

g: TTY — Controlling Tty
The name of the controlling terminal. This is usually the
device (serial port, pty, etc.) from which the process was
started, and which it uses for input or output. However, a
task need not be associated with a terminal, in which case
you’ll see ‘?’ displayed.

h: PR — Priority
The priority of the task.

i: NI — Nice value
The nice value of the task. A negative nice value means higher
priority, whereas a positive nice value means lower priority.
Zero in this field simply means priority will not be adjusted
in determining a task’s dispatchability.

j: P — Last used CPU (SMP)
A number representing the last used processor. In a true SMP
environment this will likely change frequently since the kernel
intentionally uses weak affinity. Also, the very act of
running top may break this weak affinity and cause more
processes to change CPUs more often (because of the extra
demand for cpu time).

k: %CPU — CPU usage
The task’s share of the elapsed CPU time since the last screen
update, expressed as a percentage of total CPU time. In a true
SMP environment, if ‘Irix mode’ is Off, top will operate in
‘Solaris mode’ where a task’s cpu usage will be divided by the
total number of CPUs. You toggle ‘Irix/Solaris’ modes with the
‘I’ interactive command.

l: TIME — CPU Time
Total CPU time the task has used since it started. When
‘Cumulative mode’ is On, each process is listed with the cpu
time that it and its dead children has used. You toggle
‘Cumulative mode’ with ‘S’, which is a command-line option and
an interactive command. See the ‘S’ interactive command for
additional information regarding this mode.

m: TIME+ — CPU Time, hundredths
The same as ‘TIME’, but reflecting more granularity through
hundredths of a second.

n: %MEM — Memory usage (RES)
A task’s currently used share of available physical memory.

o: VIRT — Virtual Image (kb)
The total amount of virtual memory used by the task. It
includes all code, data and shared libraries plus pages that
have been swapped out and pages that have been mapped but not
used.

p: SWAP — Swapped size (kb)
Memory that is not resident but is present in a task. This is
memory that has been swapped out but could include additional
non-resident memory. This column is calculated by subtracting
physical memory from virtual memory.

q: RES — Resident size (kb)
The non-swapped physical memory a task has used.

r: CODE — Code size (kb)
The amount of virtual memory devoted to executable code, also
known as the ‘text resident set’ size or TRS.

s: DATA — Data+Stack size (kb)
The amount of virtual memory devoted to other than executable
code, also known as the ‘data resident set’ size or DRS.

t: SHR — Shared Mem size (kb)
The amount of shared memory used by a task. It simply reflects
memory that could be potentially shared with other processes.

u: nFLT — Page Fault count
The number of major page faults that have occurred for a task.
A page fault occurs when a process attempts to read from or
write to a virtual page that is not currently present in its
address space. A major page fault is when backing storage
access (such as a disk) is involved in making that page
available.

v: nDRT — Dirty Pages count
The number of pages that have been modified since they were
last written to disk. Dirty pages must be written to disk
before the corresponding physical memory location can be used
for some other virtual page.

w: S — Process Status
The status of the task which can be one of:
‘D’ = uninterruptible sleep
‘R’ = running
‘S’ = sleeping
‘T’ = traced or stopped
‘Z’ = zombie

用CURL上傳檔案

用CURL call 上傳檔案的API:

Step1: 預存cookie檔案
curl -d “username=admin&password=admin" http://1.1.1.1:8080/login -D scookie.txt
Step2: 呼叫上傳API:
curl -X POST -H “Authorization: Basic YWRtaW46YWRtaW4=" -H “Content-Type:multipart/form-data" -b scookie.txt -F file="@/filename.ext" -F  overwrite="true" http://1.1.1.1:8080/upload

查看service的port

1.列出service一覽

sudo nmap -sU -sT localhost

2.由name查process id

ps aux | grep <process name>

3.由port查process

sudo netstat -anp | grep <port #>
sudo netstat -tulpn | grep <port #> –>只看tcp listen

 

[Linux] 找出被佔用 port 的 PID

sudo netstat -l -n -p | grep <port number>  #找出佔用 port 的 PID
ps aux | egrep -w <pid> | grep -v grep  #印出 PID 的資訊
sudo kill <pid or process_name> #刪掉 process

Linux Network 用 CLI 設定

sudo gedit /etc/wpa_supplicant.conf

network={
key_mgmt=IEEE8021X
eap=TTLS MD5
identity="myloginname"
anonymous_identity="myloginname"
password="mypassword"
phase1="auth=MD5″
phase2="auth=PAP password=mypassword"
eapol_flags=0
}

https://help.ubuntu.com/community/Network802.1xAuthentication

[Linux] 解決 mysql 無法寫出檔案問題

在red hat系列的linux中selinux對哪些daemon可以進行怎麼樣的操作是有限制的,mysql的select into outfile的命令是mysql的daemon來負責寫文件操作的。寫檔之前當然要具有寫檔的許可權。而selinux對這個許可權做了限制。如果selinux是關閉的吧,這個命令執行是沒有問題的
mysql> select user from user into outfile ‘/home/test.txt’;
Query OK, 2 rows affected (0.02 sec)
當時selinux開啟時
selinux對mysql的守護進程mysqld進行了限制。
mysql> select user from user into outfile ‘/home/test.txt’;
ERROR 1 (HY000): Can’t create/write to file ‘/home/test.txt’ (Errcode: 13)
出現了沒有許可權寫的error。
解決方法,可以關閉selinux。
可以在/etc/selinux中找到config
root用戶,
shell>vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=enforcing

修改SELINUX=disabled關閉selinux就可以了,這個問題就可以解決了。
不過全部關閉SELINUX有帶來一些安全問題。
當然也可以,單獨給mysql的守護進程許可權,
shell>getsebool -a可以查看當前的對系統一系列守護進程的許可權情況。

lpd_disable_trans –> off
mail_read_content –> off
mailman_mail_disable_trans –> off
mdadm_disable_trans –> off
mozilla_read_content –> off
mysqld_disable_trans –> off
nagios_disable_trans –> off
named_disable_trans –> off
named_write_master_zones –> off
nfs_export_all_ro –> on
nfs_export_all_rw –> on
nfsd_disable_trans –> off
nmbd_disable_trans –> off
nrpe_disable_trans –> off

shell>setsebool -P mysqld_disable_trans=1
開啟對mysql守護進程的許可權,這樣
mysql> select user from user into outfile ‘/home/test.txt’;
寫入到自訂的目錄就沒有問題了。
-P表示 是永久性設置,否則重啟之後又恢復預設值。
getsebool setsebool命令在root用戶下有許可權。

除了對selinux的許可權,當然首先要保證該目錄擁有讀寫許可權。
在ubuntu下 ,可以對AppArmor(/etc/apparmor.d/usr.sbin.mysqld) 修改,類似selinux。
添加/etc/squid/lists/eighties.txt w,類似。

延伸閱讀:http://www.fromdual.com/mysql-and-secure-linux-selinux

VNC 工作法

[VNC軟體]:
server: tigervnc
client: realvnc viewer

[步驟]:
# 連進server開啟VNC server
ssh (user)@<remote_host_ip>
create vnc server: vncserver -geometry 1600×900
# 查看已開server的列表
list vnc server: vncserver -list
# 若要刪掉server,冒號後為port號碼
kill vnc server: vncserver -kill :1

分享檔案: scp (user)@<remote_host_ip> filename
查看執行中的程序: ps aux | grep <service_name>

[Linux] Systemctl & Samba

Fedora下管理設定工具: systemctl
範例:
查看防火牆: systemctrl status firewalld.service
關閉防火牆: systemctrl stop firewalld.service
再看iptables -L

把 Windows 分享的網路磁碟 mount 起來:
mount -t cifs <來源URL> <本機Path> -o username=<name>,password=<pw>
範例: mount -t cifs //10.10.x.x/resources /mnt/resources -o username=John,password=xxx

如果要 mount Unix 機器所開的網路磁碟:
mount nfs 資料夾: mount -t nfs <來源IP>:<來源Path> <本機Path>
範例: mount -t nfs 10.10.x.x:/resources  /mnt/resources

Samba連線: smbclient -L <URL> -W <Workgroup> -U <Username>
範例: smbclient -L //10.10.x.x/resources -W mmb -U John
再輸入密碼就可以連進去了

參考來源: http://download.ithome.com.tw/article/index/id/1310

備註: NFS 僅能讓 Unix 機器溝通,CIFS 只能讓Windows 機器溝通,Samba 伺服器就可以同時讓 Unix 機器與 Windows 機器溝通 (鳥哥介紹)