echo 0 > /proc/sys/kernel/hung_task_timeout_secs” disables this message.

tail /var/log/messages
echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
May 19 05:27:57 web kernel: Call Trace:
May 19 05:27:57 web kernel: [<ffffffff811d10a0>] ? sync_buffer+0x0/0x50
May 19 05:27:57 web kernel: [<ffffffff81549183>] io_schedule+0x73/0xc0
May 19 05:27:57 web kernel: [<ffffffff811d10e0>] sync_buffer+0x40/0x50
May 19 05:27:57 web kernel: [<ffffffff81549c6f>] __wait_on_bit+0x5f/0x90
May 19 05:27:57 web kernel: [<ffffffff811d10a0>] ? sync_buffer+0x0/0x50
May 19 05:27:57 web kernel: [<ffffffff81549d18>] out_of_line_wait_on_bit+0x78/0x90
May 19 05:27:57 web kernel: [<ffffffff810a6920>] ? wake_bit_function+0x0/0x50
May 19 05:27:57 web kernel: [<ffffffff811d1096>] __wait_on_buffer+0x26/0x30
May 19 05:27:57 web kernel: [<ffffffffa00707ef>] jbd2_journal_commit_transaction+0x117f/0x14f0 [jbd2]
May 19 05:27:57 web kernel: [<ffffffff8108fb2b>] ? try_to_del_timer_sync+0x7b/0xe0
May 19 05:27:57 web kernel: [<ffffffffa0075a38>] kjournald2+0xb8/0x220 [jbd2]
May 19 05:27:57 web kernel: [<ffffffff810a68a0>] ? autoremove_wake_function+0x0/0x40
May 19 05:27:57 web kernel: [<ffffffffa0075980>] ? kjournald2+0x0/0x220 [jbd2]
May 19 05:27:57 web kernel: [<ffffffff810a640e>] kthread+0x9e/0xc0
May 19 05:27:57 web kernel: [<ffffffff8100c28a>] child_rip+0xa/0x20
May 19 05:27:57 web kernel: [<ffffffff810a6370>] ? kthread+0x0/0xc0
May 19 05:27:57 web kernel: [<ffffffff8100c280>] ? child_rip+0x0/0x20
May 19 05:28:40 web kernel: end_request: I/O error, dev vdb, sector 564522839
May 19 05:33:42 web kernel: end_request: I/O error, dev vdb, sector 564522839
May 19 05:38:44 web kernel: end_request: I/O error, dev vdb, sector 564522839

进程等待IO时,经常处于D状态,即TASK_UNINTERRUPTIBLE状态,处于这种状态的进程不处理信号,所以kill不掉,如果进程长期处于D状态,那么肯定不正常,
原因可能有二
1)IO路径上的硬件出问题了,比如硬盘坏了(只有少数情况会导致长期D,通常会返回错误)
2)内核自己出问题了
这种问题不好定位,而且一旦出现就通常不可恢复,kill不掉,通常只能重启恢复了。
内核针对这种开发了一种hung task的检测机制。
基本原理是:定时检测系统中处于D状态的进程,如果其处于D状态的时间超过了指定时间(默认120s,可以配置),则打印相关堆栈信息,也可以通过proc参数配置使其直接panic。

1、查看是否存在坏块
/sbin/badblocks -v /dev/sdc

2、问题分析
May 19 05:27:57 web kernel: [<ffffffff811d10a0>] ? sync_buffer+0x0/0x50
May 19 05:27:57 web kernel: [<ffffffff81549183>] io_schedule+0x73/0xc0
May 19 05:27:57 web kernel: [<ffffffff811d10e0>] sync_buffer+0x40/0x50
May 19 05:27:57 web kernel: [<ffffffff81549c6f>] __wait_on_bit+0x5f/0x90

3、临时方案
根据应用程序情况,对vm.dirty_ratio,vm.dirty_background_ratio两个参数进行调优设置。
# sysctl -w vm.dirty_ratio=10
# sysctl -w vm.dirty_background_ratio=5
# sysctl -p

如果系统永久生效,修改/etc/sysctl.conf文件。
#vi /etc/sysctl.conf

vm.dirty_background_ratio = 5
vm.dirty_ratio = 10

重启系统生效
http://www.361way.com/kernel-hung-task-analysis/4326.html

/dev/vda1 Inodes that were part of a corrupted orphan linked list found.

/dev/vda1 contains a file system with errors, check forced.
/dev/vda1 Inodes that were part of a corrupted orphan linked list found.
/dev/vda1 UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.

#检查文件系统
1、ext4文件系统
fsck -y /dev/vda1
或者
fsck.ext4 -a /dev/vda1

2、xfs文件系统
xfs_repair -n /dev/vda1 #检查文件系统是否损坏,只检查文件系统是否有损坏

fsck.ext4 [-panyrcdfvtDFV] [-b superblock] [-B blocksize]
[-I inode_buffer_blocks] [-P process_inode_size]
[-l|-L bad_blocks_file] [-C fd] [-j external_journal]
[-E extended-options] device

Emergency help:
-p Automatic repair (no questions)
-n Make no changes to the filesystem
-y Assume "yes" to all questions
-c Check for bad blocks and add them to the badblock list
-f Force checking even if filesystem is marked clean
-v Be verbose
-b superblock Use alternative superblock
-B blocksize Force blocksize when looking for superblock
-j external_journal Set location of the external journal
-l bad_blocks_file Add to badblocks list
-L bad_blocks_file Set badblocks list

Usage: xfs_repair [options] device
Options:
-f The device is a file
-L Force log zeroing. Do this as a last resort.
-l logdev Specifies the device where the external log resides.
-m maxmem Maximum amount of memory to be used in megabytes.
-n No modify mode, just checks the filesystem for damage.
-P Disables prefetching.
-r rtdev Specifies the device where the realtime section resides.
-v Verbose output.
-c subopts Change filesystem parameters - use xfs_admin.
-o subopts Override default behaviour, refer to man page.
-t interval Reporting interval in seconds.
-d Repair dangerously.
-V Reports version and exits.
https://support.microsoft.com/en-in/help/3213321/linux-recovery-cannot-ssh-to-linux-vm-due-to-file-system-errors-fsck

使用WordPress上帝模式,彻底禁用WordPress缩略图片自动裁剪分割

WordPress中上传图片的时候,WordPress会自动将图片按比例剪裁分割为150x90,300x180,768x460,1024x614等缩略图。

1、使用WordPress上帝模式,彻底禁用WordPress缩略图片自动裁剪分割
开启WordPress上帝模式(全局选项设置),浏览器打开https://www.zhangfangzhou.cn/wp-admin/options.php(域名换成自己的域名/wp-admin/options.php)即可进入了WordPress的上帝模式(全局选项设置页面)。
在此页面找到medium_large_size_w选项,将其设置为0,最后点保存。

2、登录后台设置,媒体-媒体设置-把缩略图大小、中等大小、大尺寸的宽度和高度全部设置为0(单纯通过在后台设置,媒体-媒体设置-把缩略图大小、中等大小、大尺寸的宽度和高度全部设置为0,WordPress仍会创建一个固定宽度为768的文件)

CentOS6和CentOS7更高的内核 一键安装[lotServer] 锐速 Vicer

1.支持更高的Linux内核一键安装[lotServer] 锐速.
2.支持一键完全卸载[lotServer] 锐速 (此脚本安装的无残留).
3.不支持自动更换内核. CentOS6和CentOS7 一键更换内核,一键安装锐速[lotServer]
4.不支持OpenVZ.
所有内容均来自互联网.本人不负任何法律责任,仅供学习使用.
Update:2019.04.15

一键安装[lotServer] 锐速:
bash <(wget --no-check-certificate -qO- https://github.com/MoeClub/lotServer/raw/master/Install.sh) install

一键卸载[lotServer] 锐速:
bash <(wget --no-check-certificate -qO- https://github.com/MoeClub/lotServer/raw/master/Install.sh) uninstall

使用方法:
启动命令 /appex/bin/lotServer.sh start
停止加速 /appex/bin/lotServer.sh stop
状态查询 /appex/bin/lotServer.sh status
重新启动 /appex/bin/lotServer.sh restart

1.更新许可证(有效期为6个月)
wget -qO '/appex/etc/apx.lic' "https://api.moeclub.org/lotServer?ver=1&mac=00:00:00:00:00:00"
使用 ifconfig 查看网卡 mac 地址,替换 00:00:00:00:00:00 (当内核版本号小于等于 3.11.20.10 时, 请设置 ver=0)

2.使用KeyGen, 更新许可证(lic文件)(有效期到2099年)
git clone https://github.com/Tai7sy/LotServer_KeyGen
cd LotServer_KeyGen
php keygen.php 00:00:00:00:00:00 (使用 ifconfig 查看网卡 mac 地址,替换 00:00:00:00:00:00)
cp out.lic /appex/etc/apx.lic
状态查询 /appex/bin/lotServer.sh status

3.CentOS7启动自动运行lotServer
chmod +x /etc/rc.local
vi /etc/rc.local
添加su - root -c "/appex/bin/lotServer.sh start"

图为CentOS Linux release 7.5.1804 安装[lotServer] 锐速

Apache 开启SSI配置使shtml支持 include()和SSI Shell漏洞问题

Apache 开启SSI配置使shtml支持 include()和SSI Shell漏洞问题
SSI (Server Side Includes)

1、编辑Apache的配置文件httpd.conf添加.shtml支持
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml #取消该行前的注释符#
#AddOutputFilter INCLUDES .shtml #取消该行前的注释符#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

2、编辑www.zhangfangzhou.cn.conf网站配置文件中添加Includes
Options FollowSymLinks Includes

3、重启Apache
service httpd restart
这样Apache2 开启SSI配置使shtml支持 include(),但是留下了一个SSI Shell漏洞问题,此时可以程序执行(exec)

4、只允许SSI但是禁止程序执行(exec)
编辑www.zhangfangzhou.cn.conf网站配置文件
Options FollowSymLinks Includes修改成Options FollowSymLinks IncludesNoExec
或者在.htaccess文件中添加Options +IncludesNOEXEC

5、补充
Includes #启用SSI
IncludesNoExec #启用SSI,但使EXEC指令无效

(1)、Includes
Options FollowSymLinks Includes以下规范有效
<!--#exec cmd="..."-->
<!--#exec cgi="..."-->
<!--#include file="..."-->

(2)、IncludesNoExec
Options FollowSymLinks IncludesNoExec
<!--#include file="..."-->
规范有效

<!--#exec cmd="..."-->
<!--#exec cgi="..."-->
exec等程序执行将受到限制不能执行

VMware Workstation Pro 15 共享虚拟机的时候 Workstation Server 不可用. 请启用虚拟机共享和远程访问以修改共享的虚拟机位置

VMware Workstation Pro 15 共享虚拟机的时候 Workstation Server 不可用. 请启用虚拟机共享和远程访问以修改共享的虚拟机位置
VMware Workstation Pro Shared VMs The Workstation Server is not available. Enable VM sharing and remote access to modify the shared VMs location.

1、查看VMware Workstation Pro 服务是否正常(右击我的电脑->>管理->>服务和应用程序->>服务)
VMware Authorization Service
VMware USB Arbitration Service
VMware Workstation Server

2、VMware Workstation Pro 服务均为正常,查看VMware Workstation Pro 产生的日志文件
C:\Users\用户名\AppData\Local\Temp\vmware-用户名\vmware-ui-随机ID.log
C:\Users\zhangfangzhou_cn\AppData\Local\Temp\vmware-zhangfangzhou_cn\vmware-ui-4624.log

2018-11-02T09:33:27.268+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: Workstation Server 不可用。请启用虚拟机共享和远程访问以修改共享的虚拟机位置。
2018-11-02T09:33:42.368+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: VMware Workstation 当前未连接 Workstation Server。要连接,请单击库中的“共享虚拟机”项目。
2018-11-02T09:43:02.342+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: The Workstation Server is not available. Enable VM sharing and remote access to modify the shared VMs location.
2018-11-02T09:43:00.262+08:00| vmui| I125: CGlbSharedVMs::OnPrefsLoadAbort: Error while loading sharing preferences: VMware Workstation currently does not have a connection to the Workstation Server. To connect, click on the "Shared VMs" item in the library.

3、继续查看VMware Workstation Pro 的日志
C:\ProgramData\VMware\hostd\hostd-随机ID.log
C:\ProgramData\VMware\hostd\hostd-23.log
2018-11-02T09:33:39.348+08:00 verbose hostd[09420] [Originator@6876 sub=PropertyProvider opID=865c0541] RecordOp ASSIGN: latestEvent, ha-eventmgr. Applied change to temp map.
2018-11-02T09:33:39.348+08:00 info hostd[09420] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=865c0541] Event 2 : Cannot login user @127.0.0.1: no permission

Event 2 : Cannot login user @127.0.0.1: no permission
原因是没有权限

4、系统使用的账户是zhangfangzhou_cn,使用administrator账户登录系统可以正常使用共享虚拟机的功能。

Overview Microsoft windows of .rdp file settings

微软 Windows 7、8、10远程桌面 .rdp 文件设置
微软 Windows 2008、2012、2016远程桌面 .rdp 文件设置
Overview Microsoft Windows of .rdp file settings

screen mode id:i:1
use multimon:i:0
desktopwidth:i:1920
desktopheight:i:1080
session bpp:i:32
winposstr:s:0,1,0,0,1531,868
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:7
networkautodetect:i:1
bandwidthautodetect:i:1
displayconnectionbar:i:1
enableworkspacereconnect:i:0
disable wallpaper:i:0
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:192.168.0.199:3389
audiomode:i:0
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:1
redirectposdevices:i:0
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:
shell working directory:s:
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:0
gatewaybrokeringtype:i:0
use redirection server name:i:0
rdgiskdcproxy:i:0
kdcproxyname:s:

给CentOS6.x的GRUB 加密 和 CentOS7.x的GRUB2 加密

给CentOS6.x的GRUB 加密 和 CentOS7.x的GRUB2 加密

CentOS6.x GRUB 加密 (正常引导不需要密码,在启动项编辑GRUB需要输入密码)/boot/grub/grub.conf

通过在 grub.conf 中的启动配置中加入参数对grub进行加密:
1:加密的密码可以通过 grub-md5-crypt 生成
#grub-md5-crypt (回车,输入密码)
grub-md5-crypt
Password:
Retype password:
2:vi /boot/grub/grub.conf
3:在splashimage=(hd0,0)/grub/splash.xpm.gz后面 编辑插入 password --md5 $1$zoCS20$tuerHhzJGBVMdOA3uuQWZ0
4:在引导菜单修改引导配置的时候,则需要先输入密码,按p 输入密码

CentOS7.x GRUB2 加密 (正常引导不需要密码,在启动项编辑GRUB需要输入密码)/boot/grub2/grub.cfg
与CentOS6不同CentOS7采用的是grub2,而不是grub在CentOS7中,把grub的主要配置文件放在以下三个地方。
/boot/grub2/grub.cfg (/etc/grub2.cfg 是/boot/grub2/grub.cfg 文件的符号链接,lrwxrwxrwx. 1 root root 22 Sep 18 17:53 /etc/grub2.cfg -> ../boot/grub2/grub.cfg)
/etc/grub.d/ (ls /etc/grub.d/ 00_header 00_tuned 01_users 10_linux 20_linux_xen 20_ppc_terminfo 30_os-prober 40_custom 41_custom README)
/etc/default/grub (-rw-r--r--. 1 root root 197 Sep 18 17:54 /etc/default/grub)
这三个配置文件之间的关系是 grub.cfg 里通过 ####BEGIN ##### 这种格式按照顺序调用 /etc/grub.d 里面的脚本实现不同的功能,在grub.d 目录里有很多数字开头的脚本,按从小到大的顺序执行。

1、使用root用户生成grup2加密密码
grub2-mkpasswd-pbkdf2

2、 vi /etc/grub.d/01_users
cat <<EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.8A673CE3A2512ED267EB9E275B15D8430AECFAC29893EC278BF382EFCEB11FA5E3B679C8595F19BE2FAAC07C038B9C0CC4FF81462526BD1CFC98E15F75A4CC15.17D3A434DC8A97FCBB124CDCB7044F266164C647F0F917420128219E4B8FB62F9EDA9D9E6F4D9AC4F8F2D13565C803D347B631E18B2C231EE884563F345D3CF1
EOF

3、vi/etc/grub.d/01_linux
cat <<EOF
set superusers="zhangfangzhou"
password_pbkdf2 zhangfangzhou 生成的密码加密
EOF

4、最后执行grub2-mkconfig -o /boot/grub2/grub.cfg #重新生成GRUB配置文件 (Generate a GRUB configuration file.)