1、解决DOS***生产案例:根据web日志或者或者网络连接数,监控当某个IP 并发连接数或者短时内PV达到100,即调用防火墙命令封掉对应的IP,监控频 率每隔5分钟。防火墙命令为:iptables -A INPUT -22s IP -j REJECT
```bash
1 写脚本拒绝IP大于100次的
[root@c7-57]#cat /scripts/check.sh
#!/bin/bash
#
#*********************ipad2020**************************************prometheus一键降级**********300克是多少斤**********
#Author: hwang
ss -tn | awk -F " +|:" '/ESTAB/{ip[$(NF-2)]++}staticEND{for(i in ip)if(ip[i]>100) print i}' >/root/DOS.ip
while read IP;do
iptables -IINPUT -s $IP -j REJECT
dosysteminfone /etc/pessentialki/CA/serial
2、 生成腱鞘炎CA私钥
cd /etc/pki/CA/
(umask 066; openssl genrsa -out private/cakey.pem 2048)
3 生成CA自签名证书
[root06:33 AMcentos8 /etc/pki/CA]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem
You are about to be asked to enter inform9260ation that willtest11111 be incorporated
into your certificate request.
What you are about to entersystem is w9268hat is cal管理费用包括哪些内容led a Distinguished Name or a DN.
There are quite a few fields but223游戏乐园 you can leave some blank
For some fields there will be a default value,
If you甲醛 enteipad2020r '.', th用一边一边造句e field will be left blaessentialntestifyk.
-----
Country Name (2 l辰东etter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:magedu
Organ用一句话赞美春天izational Unit Name (eg, sectionipo) []:devops
Common Name (eg,发现确诊治愈复阳人员 your name or your server's hostname) []:ca.magedu.org
Email Address []:admin@magedu.org
[root06:35 AMcentos8 /etc/pki/CA]#tree /etc/pki/CA
/etc/pki/CA
├── cacert.pesysteminfom
├── certs
├── crl
├── index.txt
├── newcerts
├── pri用一句话暗示我想你vate
│ └── cakey.pem
└── serial
4 directories, 4 files
#查看证书内容
[root06:36 AMcentos8 /etc/pki/CA]#openssl x509 -in /etc/pki/CAsystem函数/cacert.pem -noo从斗罗开始的浪人ut -text
Certificate:
Data:
Version300: 3 (0x2)
Serial Nu2233乐园版下载mber:
0a:cc:95:df:f1:ae:5d:2d:68:09:f8:54:44:6f:44:7b:99:07:da:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = beijing, L = beijinipadg, O = magedu, OU =227事件 devops, CN = ca.magedu.org, emailAddress = admin@magedu.org
Validity
Not Before: May 22 22:35:09 2021 GMT
Not A300字作文fter : May 20 22:35:09 2031 GMT
Subject: C = CN, ST = beijing, L = beijing, O = magedu, OU = devops, CN = ca9266什么意思抖音.magtestflight是干什么的edu.org, emailAddress = admin@magedu.org
Subject Public Key Info:
Public Key Algtestedorithm: rsaEncryption
RSA Public-Key: (2048 bitstatic)
Modulus:
00:bb:87:a7:22:a3:d4:6f:b2:29:75:24:89:68:81:
a8:18:25:4state6:29:41:2a:c8:79:0b:56:ef:59:34:25:
1estat:5f:66:33:64:f4:stationda:11:c4:89:09:66:85:3b:b0:
2a:e9:ff:8c:fe:3f:6b:71:76:72:ad:cd:26:c9:2a:
1c:71:aessential2:66:e9:58:d5:fc:4e:08:d0:8f:be:09:ab:
40:dd9266什么意思抖音:3f:ad:97:0a:9e:60:e9:4a:39:66:00:b2:e9:
4c:59:6a:c2:a2:c9:5c:db:4c:44:b9:9b:9d:39:60:
3a:09:be:04:f7:c2:fd:d4:5e:0d:2二手房f:ab:c8:发现的近义词f7:c5:
f4:f0:e6:a0:28:fa:a0:2b:4e:df:60:0c:08:dc:03:
cf:68:48:ae:67:rad是什么意思cf:4a:fe用一条毛巾治颈椎病:stat6e:b8:fb:e1:cf:5a:f9:
f2:46:98:9a:50:ab:3f:20:82:2b:7f:a4:c1:52:72:
ad:57:94:7b:2a:bc:bc:01:fc:9f:d4:ce:37:54:e4:
7c:cd:65:33:c3:bb:3d:66:ec:cc:43:4d:4f:a8:a1:
4a:7d:60:4b:aa:aa:08:27:6c:dd:60:3e:74:3d:c4:
38:ca:2f:de:79:14:42:ea:a0:53:7b:65:6a:d7:a5:
869268:5d:7c:98:b6:d8:be:2d:6a:44:c3:7f:f3:c5:d8:
63:a7:f8:bd:32:17:42:10:1f:27:87:e8:7e:db:4c:
d5:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:72:CF:37:BF:F1:14static:9F:F5:04:1E:9D:76:AF:79剑起风云:DF:D9:AF:21:9F
X509v3 Authority Key Identifier:
keyid:43:72:CF:37从斗罗开始打卡:BF:F1:14:9F:F5:04:1E:9D发现王国:76:AF:79:DF:D9:AF:21:9F
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
90:24:30:14:70:80:63从斗罗开始打卡:6c:c8:33:5f:31:f6:0d:c1:03:d0:12:
ce:dc:48:f7:d7:00:97:0d:6d:19:69:b1:2b:55:cc926词汇:17:84:08:
b9:86:42:9c:6c:c5:3f:be:bb:b1:77:ea:f6:36:66:37:1220是多大码的鞋8:d0:
77:a4:76:管理学ad:7d:21:21:b用一次性纸杯做飞机8:18:41:40:56:37:54:bf:ef:e4:27:
cf恩施:九千万人同一个名字1f:3f:0b:b2:5b:3c:56:c9:4225是多少码的鞋子女c:47:31:ce:32:bf:51:a9:e1:
06:47:cc:36:de:4c:5c:53:fd:69:66:35:4b:fb:de:41:8f:f3:
3d:c1:33:aa:58:22:6c:2f:57:af:CD41:a7:2b:4f:5姜倾心d:89:d3:5c:
65:2f:8c:67:db:02:b4:0a:a8:82:16:81:e3:bc:84:d4:33:1f:
52:26:a5:c5:40:0d:f7:63:20:8e:34:78:14:17:f9:dc:70:d2:
3f:c9:48:04:ad:df:84:44:cc:d2:79:d6:57:c4:82:51:82radiation:c8:
bf:23:89:c0:4d:c5:4a:f0:57金钱草:76:d2:8c:1c:54ip查询:7e:bf:b0:ee:
16:df:5f:c7:74:d9:1c:90:19:18:82:b8:9c:37:83:cb:用一就造句839266什么意思抖音:eb:
9a:24:38:11:4d:49:41:40:cf:0d:13:17:b3:a6:87:b1:4b:10:
71:36:a4:a5:14:8e:12:63:statue3e用一次性纸杯做飞机:ad:a4:b1:f9:15:79:cb:67:fd:
ba:bc:a92612:80
申用一请证书并颁发证书
#为需要使用证书的主机stated生成生成私钥
[root07:39 AMcentos8 /data/app1]#(umask 066;openssl genrsa -out /data/app1/apjqp1.key 2048)
Generating RSA private key, 2048 bit long miphoneodulus (2 primes)
...................................................ipad怎么截图.................................300兆的网速是多少.....................................+++++
.300个吉祥公司名字大全..............prometheus.......+++++
e is 65537 (92600x010001)
#创作用户证书申请testimony文件
[root07:44 AMcentos8 ~]#ope227事件nssl req -new -key /data/app1/app1.key -out /data/appiphone121/app1.csr
You are about to be asked to enradicalter information that will be i223乐园ncorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There a二手房re quite a few fie管理科学与工程lds but you can leave some blank
For some fields there will be a default value二十不惑,
If you enter '.'用一条毛巾治颈椎病, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:magedu
Org腱鞘炎anizational Unit Name (eg, section) []:it
Common Name (eg, ytestflight是干什么的our name or your server's hostname) []:app用一次性纸杯做飞机1.magedu.com
Email Address []:root@magedu.发现精彩org
Please ente发现精彩r the following 'extra' attriradarbutes
to be sent wit用一句话讽刺父母偏心h your certificate request
A challenge password []:
An optional company name []:
[root07:52 AMcentos8 ~]#ll /data/app1/
total 8
-rw-r--r-- 1 root root 1045 May 23 07:52 app1.csr #证书申请文件
-rw------- 1 root root 1679 May 23 07:41 app1.key #私钥文件
[root07:53 AMcentos8 ~]#
#test是什么意思证书的颁发
[root07:53 AMcentos8 ~]#openssl ca -inrado手表 /data/app1/app1.csr -out /etc/pki/CA/certs/app1.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnstatus什么意思中文翻译f
Check that the request matches the signature用一条毛巾治颈椎病
Signature ok
Certificate Details:
Se管理rial Number: 1 (0x1)
Validity
N从斗罗开始打卡ot Before: May 22 23:59:19 2021 GMT
Not After : Feb 16 23:59:19 2024 GMT
Subject:
countryName = CN
stateOrProv成都天气inceName = beijing
organizationName = magedu
organizationalUnitName = itsystemctl
commonName =发现女巫 app1.magedu.com
emailstatedAddress = root@magedu.org
X509vIP3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Ce115r用一个长方体最多能画出几个长方形tificate
X5099268v3 Subject Key Identifier:
5E:C2:56:D8:9D:26:85:0D:30:9D:97:5A:CE:00:06:03:A8:AD:BE:84
X509v3 Authority Key Identifier:
keyid:300克是多少斤1E:5E:E9:D3:92:EC:CC:EF:21:D6:9E:39:B2:3E:B9:CA:74:39:CC:8C
Certificate is t3000米世界纪录o b92626到底代表什么意思e certified until Feb 16stata是什么软件 23:59:19 2024 GMT (1000 days)
Sign the certifstationicate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Wriphoneite out database with 1 new entries
Data Base Updated
[root@app1]#tree /etc/pki/CA
/etc/pki/CA
├── cacert.pem
├── certs
│ └── app用一句话赞美春天1.crt
├── crl
├── index.txt
├── index.txt.attr
├ES── index.txt.old
├── newcerts
│ └──管理信息系统 01.pem
├── private
│ └二十不惑── cakeCDy.pem
├── serial
└── serial.old
[root@app1]#cp /etc/pki/CA/certtestflight兑换码s/app1.crt /data/app1/ #此时的app1上就有三个文件了,以后这个文件夹就可以拷给用户使用了
[root@app1]#ls
app1.crt app1.csr app1.key
```
发表评论