Linux 使用技巧

不定期更新

两个linux文件互传

$ scp -r linux-2.6.26 root@(目标ip)IP:/usr/src/(假设放到/usr/src路径)

文件查找

将当前目录及其子目录下所有文件后缀为 .c 的文件列出来:

$ find . -name "*.c"

find默认不查找软链接的文件夹, 所以, 可以加-L解决这个问题, 这个很重要!!!!!!

将一个本地程序做成一个本地服务程序

$ socat tcp-l:2333,reuseaddr,fork exec:./pwn1

服务端口在2333，使用nc 127.0.0.1 2333连接

获取ubuntu当前内核的源码

进入lauchpad, 分清你的系统名称, 比如 20.04 叫 Focal Fossa, 系统当前版本:

$ uname -r
5.13.0-35-generic

那么我们在页面的以下部分会看到以下部分的内容

Active series and milestones

• 22.04 “Jammy” series - development
  Milestones: jammy-updates, ubuntu-22.04, ubuntu-22.04-beta, ubuntu-22.03, ubuntu-22.02, ubuntu-22.04-feature-freeze, ubuntu-22.01, ubuntu-21.12, and ubuntu-21.11

• 21.10 “Impish” series - current
  Milestones: impish-updates

• 20.04 “Focal” series - supported <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  Milestones: focal-updates and ubuntu-20.04.4

• 18.04 “Bionic” series - supported
  Milestones: bionic-updates

• 16.04 “Xenial” series - supported
  Milestones: xenial-updates

• 14.04 “Trusty” series - supported
  Milestones: ubuntu-14.04.6

• All series

• All milestones

点击其中的focal series, 会出现搜索框, 我们就搜索linux-image-5.13.0-35-generic, 会得到如下几个结果:

 linux-image-5.13.0-35-generic: <<<<<<<<<<<<<<<<<<<<<<<
Signed kernel image generic
 linux-image-5.13.0-35-generic-dbgsym:
Signed kernel image generic
 linux-image-5.13.0-35-generic-lpae:
Linux kernel image for version 5.13.0 on ARM (hard float) SMP
 linux-image-5.13.0-35-generic-lpae-dbgsym:
Linux kernel debug image for version 5.13.0 on ARM (hard float) SMP
 linux-image-5.13.0-35-generic-64k:
Signed kernel image generic-64k
 linux-image-5.13.0-35-generic-64k-dbgsym:
Signed kernel image generic-64k

选择第一个, 出现如下:

Signed kernel image generic
 A kernel image for generic. This version of it is signed with
 Canonical's UEFI/Opal signing key.

Source package
linux-signed-hwe-5.13 5.13.0-35.40~20.04.1 source package in Ubuntu  <<<<<<<<<<<<<<<

Published versions
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in amd64 (Updates)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in amd64 (Security)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in arm64 (Updates)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in arm64 (Security)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in armhf (Updates)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in armhf (Security)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in ppc64el (Updates)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in ppc64el (Security)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in s390x (Updates)
linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 in s390x (Security)

此处我选Source package下的链接. 之后选择downloads里的tar.xz文件即可.

这个版本的文件里包含的是一个下载脚本, 并没有包含完整的src文件. 所以还是需要想想其它办法直接获得文件最好.

快速转换图片格式，修改分辨率

$ convert -resize 100x100 src.jpg dst.jpg
$ convert -resize 50%x50% src.jpg dst.jpg

修改文件的用户

查看归属：
$ ls -l file

赋给用户hv
$ chown hv:hv file

如果需要把某个文件夹下所有都付给某个用户
$ chown hv:hv -R dir/*

使用audit记录创建的程序

audit是记录linux审计信息的内核模块。
他记录系统中的各种动作和事件，比如系统调用，文件修改，执行的程序，系统登入登出和记录所有系统中所有的事件。audit还可以将审计记录写入日志文件。

如果想记录新创建的process, 可以直接修改/etc/audit/audit.rules, 添加一行-a task,always, 之后通过cat /var/log/audit/audit.log|grep EXECVE 来筛选你想要的记录.

比如

$ auditctl -a exit,always -F arch=b64 -S execve 添加execve检测
$ auditctl -D 删除所有规则

更多可以参考linux监控工具audit

修改terminal的显示路径

$ vim ~/.bashrc

找到

## If this is an xterm set the title to user@host:dir
case “$TERM” in
xterm|rxvt)
PS1=”\e]0;$debianchroot:+($debianchroot)\u@\h:\w\a$PS1”

将PS1那行修改为(其实就是把w换成W)

PS1=”[\u@\h:\W]\\$”

添加环境变量

export PATH=$PATH:/home/victorv

创建terminal的快捷键

如果是在kali，terminal是没有快捷键的，到设置的keyboard里面，添加自定义快捷键，键值为

gnome-terminal

或者安装nautilus-open-terminal

gdb改变汇编代码显示方式

(gdb) set disas intel

设置反汇编代码使用的指令集，可选择 intel 指令集或 AT&T指令集.

usb驱动相关

查找usb驱动
$ sudo lspci
…
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01)
$ find /sys | grep drivers.*02:00

获取usb设备信息
lsusb -t
cat /proc/bus/usb/devices
lshw

卸载usb驱动
tree /sys/bus/usb/drivers
echo -n “1-1:1.0” > /sys/bus/usb/drivers/ub/unbind

centos安装内核header

yum install kernel-devel-$(uname -r) kernel-headers-$(uname -r)

如果遇到没有搜索结果, 可以做如下操作:

1. 查看当前版本

   [root@centos~]# cat /etc/redhat-release
   CentOS Linux release 7.4.1708 (Core)

2. 修改文件/etc/yum.repos.d/CentOS-Vault.repo, 添加当前版本的以下信息:

   [C(Your Version Number)-base] 比如 [C5.6-base]
   name=CentOS-(Your Version Number) - Base
   baseurl=http://vault.centos.org/(Your Version Number)/os/$basearch/
   gpgcheck=1
   gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
   enabled=1
   
   [C(Your Version Number-updates]
   name=CentOS-(Your Version Number) - Updates
   baseurl=http://vault.centos.org/(Your Version Number)/updates/$basearch/
   gpgcheck=1
   gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
   enabled=1
   
   示例:
   [C7.4.1708-base]
   name=CentOS-7.4.1708 - Base
   baseurl=https://vault.centos.org/7.4.1708/os/$basearch/
   gpgcheck=1
   gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
   enabled=1
   
   [C7.4.1708-updates]
   name=CentOS-7.4.1708 - Updates
   baseurl=https://vault.centos.org/7.4.1708/updates/$basearch/
   gpgcheck=1
   gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
   enabled=1

之后再试一次install即可.

更多参考Finding Old kernel-devel Packages For CentOS

添加sudoer 并且取消密码

superuser ALL=(ALL) NOPASSWD:ALL
superuser ALL=(ALL:ALL) ALL　#不取消密码

创建ssh服务

$ yum -y install openssh-server openssh-clients
$ chkconfig sshd on
$ service sshd start
$ netstat -tulpn | grep :22
$ vi /etc/sysconfig/iptables -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

创建ftp 服务

sudo yum install vsftpd
sudo service vsftpd restart
chkconfig vsftpd on

ubuntu修改内核调试启动项

vi /etc/default/grub

在屁股后面添加 kgdboc=ttyS1,115200

grep menu /boot/grub/grub.cfg
grub-reboot ‘1>3’ 

第一个数字1代表第二行的submenu，第二个3代表submenu的第四个（从0开始）

挂起一个进程

ctrl+z
fg 恢复

打包、解压文件

解包使用x,打包使用c

tar.xz
解包:tar zxvf file.tar.xz 或者:xz -d file.tar.xz && tar xvf file.tar
打包:tar zcvf file.tar.xz

.tar
解包：tar xvf FileName.tar
打包：tar cvf FileName.tar DirName
（注：tar是打包，不是压缩！）
———————————————
.gz
解压1：gunzip FileName.gz
解压2：gzip -d FileName.gz
压缩：gzip FileName

.tar.gz 和 .tgz
解压：tar zxvf FileName.tar.gz
压缩：tar zcvf FileName.tar.gz DirName
———————————————
.bz2
解压1：bzip2 -d FileName.bz2
解压2：bunzip2 FileName.bz2
压缩： bzip2 -z FileName

.tar.bz2
解压：tar jxvf FileName.tar.bz2
压缩：tar jcvf FileName.tar.bz2 DirName
———————————————
.bz
解压1：bzip2 -d FileName.bz
解压2：bunzip2 FileName.bz
压缩：未知

.tar.bz
解压：tar jxvf FileName.tar.bz
压缩：未知
———————————————
.Z
解压：uncompress FileName.Z
压缩：compress FileName
.tar.Z

解压：tar Zxvf FileName.tar.Z
压缩：tar Zcvf FileName.tar.Z DirName
———————————————
.zip
解压：unzip FileName.zip
压缩：zip FileName.zip DirName
———————————————
.rar
解压：rar x FileName.rar
压缩：rar a FileName.rar DirName
———————————————
.lha
解压：lha -e FileName.lha
压缩：lha -a FileName.lha FileName
———————————————
.rpm
解包：rpm2cpio FileName.rpm | cpio -div
———————————————
.deb
解包：ar p FileName.deb data.tar.gz | tar zxf -
———————————————
.tar .tgz .tar.gz .tar.Z .tar.bz .tar.bz2 .zip .cpio .rpm .deb .slp .arj .rar .ace .lha .lzh .lzx .lzs .arc .sda .sfx .lnx .zoo .cab .kar .cpt .pit .sit .sea
解压：sEx x FileName.*
压缩：sEx a FileName.* FileName

单独重新编译一个内核模块

当我们想修改内核某个模块,又不想重新make all的时候,可以这样操作.

make drivers/net/ethernet/intel/e1000/e1000.ko

或者

make drivers/net/ethernet/intel/e1000/

gcc 汇编

.intel_syntax noprefix # intel 汇编格式
xor eax, eax

.att_syntax prefix # att汇编格式
movl %adx, %eax…

一个简单的 foo.s 文件:

.intel_syntax noprefix #声明 intel 格式
.text # 声明 .text 字段
.global test # 声明函数
test:
mov rax,12
ret
.global test.eh # 结束函数声明

t.c:

#include <stdio.h>
int test(void);
void main(void){
    printf("%d\n", test());
}

编译链接:

gcc -c t.s
gcc t.c t.o -o tt2

更多参考GNU assembler, How do I compile the asm generated by GCC?

编写linux驱动与汇编相关的tips

如果想给驱动内联一个汇编文件的函数, 可以如下:

Makefile:

obj-m += Anyname.o
KDIR:=/lib/modules/$(shell uname -r)/build
MAKE:=make
Anyname-objs := main.o test.o
CFLAGS_main.o := -D_FORTIFY_SOURCE=0 -O0

default:
	$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules  
clean:  
	$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) clean

main.c:

#include <linux/module.h> 
#include <asm/io.h> 
#include <linux/slab.h>
#include <linux/ioport.h> 
MODULE_LICENSE("GPL"); 

int test(void);
int test2(void);
int my_module_init(void){
  printk("module init done\n");
  printk("test:%d, %d\n", test(), test2());
  return 0;
}

void my_module_exit(void){
  printk("module exit\n");
  return;
}

module_init( my_module_init );//声明初始化函数
module_exit( my_module_exit );

test.S: 这里后缀必须是大写的S, 额外的格式参考arch/x86/net/bpf_jit.S

.intel_syntax noprefix #声明 intel 格式
.text # 声明 .text 字段
.global test # 声明函数
test:
mov rax,12
ret

.global test2 # 声明函数
test2:
mov rax, 8
ret

如果想禁止gcc编译的驱动给某个函数优化, 可以使用void __attribute__((optimize("O0"))) test(void), 这样这个函数就不会被优化了.

也可以采取如下方式:

#pragma GCC push_options
#pragma GCC optimize("O0")
void test(void){
  int i=0;
  return i+1;
}
#pragma GCC pop_options

额外的tips, 如果存在if(var&0x80000000)这样的操作, var一定不要用int类型, 要用无符号! gcc会把判断直接优化成0!!!!!!!!

gcc 内联汇编语法示例

 __asm__ ("movl %eax, %ebx\n\t"
          "movl $0x56, %esi\n\t"
          "movl %ecx, $label(%edx,%ebx,$4)\n\t"
          "movb %ah, (%ebx)");
asm ( assembler template 
          : output operands                  /* optional */
          : input operands                   /* optional */
          : list of clobbered registers      /* optional */
          );

int a=10, b;
asm ("movl %1, %%eax; 
      movl %%eax, %0;"
     :"=r"(b)        /* output */
     :"r"(a)         /* input */
     :"%eax"         /* clobbered register */
     );   

“=r”(b) 的含义, 将输出放入倒变量b里(%0 代表第一个变量, 此处第一个变量是输出里的b, 所以%0就是b, %1是 a). r代表使用任意寄存器, 如果是其它寄存器, 参考如下:

+---+--------------------+
| r |    Register(s)     |
+---+--------------------+
| a |   %eax, %ax, %al   |
| b |   %ebx, %bx, %bl   |
| c |   %ecx, %cx, %cl   |
| d |   %edx, %dx, %dl   |
| S |   %esi, %si        |
| D |   %edi, %di        |
+---+--------------------+

如果是使用内存, 用 m.

其它指示标识:

1. “m” : A memory operand is allowed, with any kind of address that the machine supports in general.
2. “o” : A memory operand is allowed, but only if the address is offsettable. ie, adding a small offset to the address gives a valid address.
3. “V” : A memory operand that is not offsettable. In other words, anything that would fit the m’ constraint but not the o’constraint.
4. “i” : An immediate integer operand (one with constant value) is allowed. This includes symbolic constants whose values will be known only at assembly time.
5. “n” : An immediate integer operand with a known numeric value is allowed. Many systems cannot support assembly-time constants for operands less than a word wide. Constraints for these operands should use ’n’ rather than ’i’.
6. “g” : Any register, memory or immediate integer operand is allowed, except for registers that are not general registers.

x86指令独有:

1. "r" : Register operand constraint, look table given above.
2. "q" : Registers a, b, c or d.
3. "I" : Constant in range 0 to 31 (for 32-bit shifts).
4. "J" : Constant in range 0 to 63 (for 64-bit shifts).
5. "K" : 0xff.
6. "L" : 0xffff.
7. "M" : 0, 1, 2, or 3 (shifts for lea instruction).
8. "N" : Constant in range 0 to 255 (for out instruction).
9. "f" : Floating point register
10. "t" : First (top of stack) floating point register
11. "u" : Second floating point register
12. "A" : Specifies the `a’ or `d’ registers. This is primarily useful for 64-bit integer values intended to be returned with the `d’ register holding the most significant bits and the `a’ register holding the least significant bits.

特殊符合含义:

1. “=“ : 将结果写入到指定位置
2. “&“ : Means that this operand is an earlyclobber operand, which is modified before the instruction is finished using the input operands. Therefore, this operand may not lie in a register that is used as an input operand or as part of any memory address. An input operand can be tied to an earlyclobber operand if its only use as an input occurs before the early result is written.

示例:

static inline char * strcpy(char * dest,const char *src)
{
int d0, d1, d2;
__asm__ __volatile__(  "1:\tlodsb\n\t"
                       "stosb\n\t"
                       "testb %%al,%%al\n\t"
                       "jne 1b"
                     : "=&S" (d0), "=&D" (d1), "=&a" (d2)
                     : "0" (src),"1" (dest) 
                     : "memory");
return dest;
}

当我们不希望编译器优化掉我们的某些特殊循环判断时:

asm ("l1:\tmovb (%0), %%al\n\t"
  "cmp $0xcc, %%al\n\t"
  "je l1"
  ::"r"(&buffer[0x7f]));

禁用gcc的某个函数优化

#pragma GCC push_options
#pragma GCC optimize("O0")
void test(int a);
  return a;
}
#pragma GCC pop_options

更多参考GCC-Inline-Assembly-HOWTO

log至文件中

有时候看不到printf, 需要log到文件里, 就经常需要查阅怎么写, 比较烦人. 记录一下.

#include <errno.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdarg.h>
#include <stdlib.h>
#include <time.h>
int sl(char* str){
    int len = 0;
    while(*str++){
        len++;
    }
    return len;
}

void log2file(char *fmt, ...){
    va_list args;
    va_start(args, fmt);
    char str[0x200];
    // 请自己确保log的内容不超过0x200.
    vsprintf(str, fmt, args);
    va_end(args);
    int fd;
    fd = open("/tmp/mylog.log", O_CREAT|O_WRONLY|O_APPEND, 0777);
    if(fd == -1){
        printf("create fail\n");
        fd = open("/tmp/mylog.log", O_WRONLY|O_APPEND, 0777);
        if(fd==-1) {
            char str2[0x200];
            sprintf(str2, "echo \"%s\"> /tmp/mylog.log", str);
            system(str2);
            return;
        }
    }
    printf("write\n");
    write(fd, str, sl(str));
    close(fd);
}
void main(){
    log2file("hello:%x\n", 0x111231);
}

centos7 代理yum

yum install epel-release -y
rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
yum install -y proxychains-ng

修改配置vi /etc/proxychains.conf:

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5  192.168.150.1 7890

代理yum

$> proxychains4 yum install bpftrace

Centos6 国内源

因为centos6.x停止维护了, 所以要找个能用的源很麻烦, 偶尔要设置又容易忘了, 在此记录一下

1. 下载

   wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo

2. 编辑/etc/yum.repos.d/CentOS-Base.repo, 在vim里更改版本 :%s/6.10/6.8/g

   # CentOS-Base.repo
   
   [base]
   name=CentOS-vault-6.10 - Base - mirrors.aliyun.com
   failovermethod=priority
   baseurl=http://mirrors.aliyun.com/centos-vault/6.10/os/$basearch/
           http://mirrors.aliyuncs.com/centos-vault/6.10/os/$basearch/
           http://mirrors.cloud.aliyuncs.com/centos-vault/6.10/os/$basearch/
   gpgcheck=1
   gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6
    
   #released updates 
   [updates]
   name=CentOS-vault-6.10 - Updates - mirrors.aliyun.com
   failovermethod=priority
   baseurl=http://mirrors.aliyun.com/centos-vault/6.10/updates/$basearch/
           http://mirrors.aliyuncs.com/centos-vault/6.10/updates/$basearch/
           http://mirrors.cloud.aliyuncs.com/centos-vault/6.10/updates/$basearch/
   gpgcheck=1
   gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6
    
   #additional packages that may be useful
   [extras]
   name=CentOS-vault-6.10 - Extras - mirrors.aliyun.com
   failovermethod=priority
   baseurl=http://mirrors.aliyun.com/centos-vault/6.10/extras/$basearch/
           http://mirrors.aliyuncs.com/centos-vault/6.10/extras/$basearch/
           http://mirrors.cloud.aliyuncs.com/centos-vault/6.10/extras/$basearch/
   gpgcheck=1
   gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6
    
   #additional packages that extend functionality of existing packages
   [centosplus]
   name=CentOS-vault-6.10 - Plus - mirrors.aliyun.com
   failovermethod=priority
   baseurl=http://mirrors.aliyun.com/centos-vault/6.10/centosplus/$basearch/
           http://mirrors.aliyuncs.com/centos-vault/6.10/centosplus/$basearch/
           http://mirrors.cloud.aliyuncs.com/centos-vault/6.10/centosplus/$basearch/
   gpgcheck=1
   enabled=0
   gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6
    
   #contrib - packages by Centos Users
   [contrib]
   name=CentOS-vault-6.10 - Contrib - mirrors.aliyun.com
   failovermethod=priority
   baseurl=http://mirrors.aliyun.com/centos-vault/6.10/contrib/$basearch/
           http://mirrors.aliyuncs.com/centos-vault/6.10/contrib/$basearch/
           http://mirrors.cloud.aliyuncs.com/centos-vault/6.10/contrib/$basearch/
   gpgcheck=1
   enabled=0
   gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6

   如果是centos7的, 记得还需要改RPM-GPG-KEY-CentOS-6 为 RPM-GPG-KEY-CentOS-7

接着:yum clean all, yum makecahe.

Centos 7.5更新7.9

1. 下载centos 7.9的ISO 下载链接
2. 把文件拷贝进去
3. 挂载iso

   $ mkdir /mnt/cdrom
   $ mount ./CentOS-7-x86_64-DVD-2009.iso /mnt/cdrom

4. 更改源 /etc/yum.repo.d/CentOS-Media.repo

   [c7-media]
   name=CentOS Media
   baseurl=file:///mnt/cdrom/
   gpgcheck=1
   enabled=1
   gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

5. 更新yum --disablerepo=* --enablerepo=c7-media update

Centos 6.x 安装python2.7

1. yum install openssl-devel
2. 下载源码: python 2.7.13源码, 解压源码tar Jxf Python-2.7.13.tar.xz
3. ./configure --prefix=/usr/local/python27 --enable-shared
4. make && make install, ln -s /usr/local/python27/bin/python /usr/bin/python27
5. echo "/usr/loca/python27/lib" >>/etc/ld.so.conf, 执行ldconfig
6. 直接运行python27, 如果正常运行就ok.

bash 语法

引用命令行参数

直接引用

$1,$2….
如果超过9, ${10}
${1:-8} 如果不存在1位置的变量, 默认给8
${parameter:?word} 可以默认给字符串

flags

​```bash
while getopts u:a:f: flag#选项后面的冒号表示该选项需要参数
do
case “${flag}” in
u) username=${OPTARG};;#参数存在$OPTARG中
a) age=${OPTARG};;
f) fullname=${OPTARG};;
esac
done
echo “Username: $username”;
echo “Age: $age”;
echo “Full Name: $fullname”;

`sh userReg-flags.sh -f 'John Smith' -a 25 -u john `

getopts,它不支持长选项。 $OPTIND 表示当前argv索引位置.

**$@**  

​```bash
i=1;
for user in "$@" 
do
    echo "Username - $i: $user";
    i=$((i + 1));
done

$* ：和$@相同，但”$*“ 和 “$@”(加引号)并不同，”$*“将所有的参数解释成一个字符串，而”$@”是一个参数数组

shift operator

i=1;
j=$#;# $#是参数个数
while [ $i -le $j ] 
do
    echo "Username - $i: $1";
    i=$((i + 1));
    shift 1; #移动默认的argv的索引. 此处移1位, $1就变了
done

if

if commands; then
  commands
[elif commands; then
  commands...]
[else
  commands]
fi

Operation	Effect
[ ! EXPR ]	True if EXPR is false.
[ ( EXPR ) ]	Returns the value of EXPR. This may be used to override the normal precedence of operators.
[ EXPR1 -a EXPR2 ]	True if both EXPR1 and EXPR2 are true.
[ EXPR1 -o EXPR2 ]	True if either EXPR1 or EXPR2 is true.
[ -a FILE ]	True if FILE exists.
[ -b FILE ]	True if FILE exists and is a block-special file.
[ -c FILE ]	True if FILE exists and is a character-special file.
[ -d FILE ]	True if FILE exists and is a directory.
[ -e FILE ]	True if FILE exists.
[ -f FILE ]	True if FILE exists and is a regular file.
[ -g FILE ]	True if FILE exists and its SGID bit is set.
[ -h FILE ]	True if FILE exists and is a symbolic link.
[ -k FILE ]	True if FILE exists and its sticky bit is set.
[ -p FILE ]	True if FILE exists and is a named pipe (FIFO).
[ -r FILE ]	True if FILE exists and is readable.
[ -s FILE ]	True if FILE exists and has a size greater than zero.
[ -t FD ]	True if file descriptor FD is open and refers to a terminal.
[ -u FILE ]	True if FILE exists and its SUID (set user ID) bit is set.
[ -w FILE ]	True if FILE exists and is writable.
[ -x FILE ]	True if FILE exists and is executable.
[ -O FILE ]	True if FILE exists and is owned by the effective user ID.
[ -G FILE ]	True if FILE exists and is owned by the effective group ID.
[ -L FILE ]	True if FILE exists and is a symbolic link.
[ -N FILE ]	True if FILE exists and has been modified since it was last read.
[ -S FILE ]	True if FILE exists and is a socket.
[ FILE1 -nt FILE2 ]	True if FILE1 has been changed more recently than FILE2, or if FILE1 exists and FILE2 does not.
[ FILE1 -ot FILE2 ]	True if FILE1 is older than FILE2, or is FILE2 exists and FILE1 does not.
[ FILE1 -ef FILE2 ]	True if FILE1 and FILE2 refer to the same device and inode numbers.
[ -o OPTIONNAME ]	True if shell option “OPTIONNAME” is enabled.
[ -z STRING ]	True of the length if “STRING” is zero.
[ -n STRING ] or [ STRING ]	True if the length of “STRING” is non-zero.
[ STRING1 == STRING2 ]	True if the strings are equal. “=” may be used instead of “==” for strict POSIX compliance.
[ STRING1 != STRING2 ]	True if the strings are not equal.
[ STRING1 < STRING2 ]	True if “STRING1” sorts before “STRING2” lexicographically in the current locale.
[ STRING1 > STRING2 ]	True if “STRING1” sorts after “STRING2” lexicographically in the current locale.
[ ARG1 OP ARG2 ]	“OP” is one of -eq, -ne, -lt, -le, -gt or -ge. These arithmetic binary operators return true if “ARG1” is equal to, not equal to, less than, less than or equal to, greater than, or greater than or equal to “ARG2”, respectively. “ARG1” and “ARG2” are integers.

编译Gnutls

基于Centos7

在gntls下载libnettle 和gmplib

1. 先编译gmplib, 安装后, export GMP_CFLAGS="-I/usr/local/include" GMP_LIBS="-L/usr/local/lib -lgmp"
2. 编译安装nettle, ./configure --prefix=/usr --enable-static --enable-mini-gmp
3. export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/:/usr/local/lib/pkgconfig/ 设置pkg-config的查找路径
4. 设置lib路径, 编辑/etc/ld.so.conf, 添加一行/usr/local/lib, 执行ldconfig -v
5. 编译gnutls: ./configure --without-p11-kit

主要参考

编译samba最新版

在安装好gnutls后, 安装需要的组件:

$ yum install python36-dns
$ yum install python36-markdown
$ yum install perl
$ yum -y install perl-CPAN
$ yum -y install popt-devel
$ perl -MCPAN -e 'install JSON'
To install modules, you need to configure a local Perl library directory or
escalate your privileges.  CPAN can help you by bootstrapping the local::lib
module or by configuring itself to use 'sudo' (if available).  You may also
resolve this problem manually if you need to customize your setup.

What approach do you want?  (Choose 'local::lib', 'sudo' or 'manual')
 [local::lib] <<<<<<<<<<<<<<<<<<< 输入enter

Autoconfigured everything but 'urllist'.

Now you need to choose your CPAN mirror sites.  You can let me
pick mirrors for you, you can select them from a list or you
can enter them by hand.

Would you like me to automatically choose some CPAN mirror
sites for you? (This means connecting to the Internet) [yes] no <<<<<<<<<<<<<<<<<<< 输入no

Would you like to pick from the CPAN mirror list? [yes] no <<<<<<<<<<<<<<<<<<< 输入no
Now you can enter your own CPAN URLs by hand. A local CPAN mirror can be
listed using a 'file:' URL like 'file:///path/to/cpan/'

CPAN.pm needs at least one URL where it can fetch CPAN files from.

Please enter your CPAN site: [] http://mirrors.ustc.edu.cn/CPAN/ <<<<<<<<<<<<<<<<<<< 输入这个网址, 配置国内的源

上面的组件安装完成后, 就可以配置编译了:

./configure --enable-debug --prefix=/home/vv/install-smb-4.17.2 --with-shared-modules='!vfs_snapper'

Linux Ptrace的权限问题

如果想避免同用户使用ptrace调试, 可以设置prctl(PR_SET_DUMPABLE, 1LL, 0LL, 0LL, 0LL) , 参考

与之相关的还有/proc/sys/kernel/yama/ptrace_scope, 这个也影响了ptrace的使用.

OpenSSL技巧

如果想修改原始的send数据, SSL_CTX_set_msg_callback(ctx, message_cb);, 这个回调就是在send前触发.

如果想发送任意的加密数据, 可以使用ssl->method->ssl_write_bytes(ssl, SSL3_RT_ALERT, data, data_length, &written); 去发送.

cmake

获取某个git项目下的依赖git项目: git submodule update --init --recursive

cmake -DXXXX=ON ./ 表示开启XXXX特性, 生成makefile. XXXX特性由CMakeLists.txt定义, 形式如下:

option(suppress_header_searches "do not try to find headers - used when compiler check will fail" OFF)

表示接受参数-Dsuppress_header_searches=ON, 默认是OFF.

生成makefile后, 执行cmake --build .编译