kk Blog —— 通用基础

date [-d @int|str] [+%s|"+%F %T"]

VirtualBox压缩vdi

http://blog.csdn.net/zcg1041bolg/article/details/7870170

VirtualBox guest os用久了vdi文件就会越来越大,就算在guest os中删除了一些文件,vdi也不会变小。

如果guest os 是windows:

  1. 先在guest os上运行磁盘碎片管理器,将各个磁盘的磁盘碎片减少;
  2. 下载sdelete (源地址http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx)
  3. 运行sdelete -c -z c:
  4. 关闭guest os 和 VirtualBox
  5. 在host os上运行VBoxManage modifyhd --compact yourImage.vdi

如果guest os 是Linux:

  1. 进入su
  2. dd if=/dev/zero of=test.file
  3. rm test.file
  4. 关闭guest os 和 VirtualBox
  5. 在host os上 运行 VBoxManage modifyhd --compact yourImage.vdi

这样在guest上看到占用的空间就和host上看到的空间就一样了。

CMD下 的命令行:

1
2
3
4
5
C:\Program Files>cd Oracle
C:\Program Files\Oracle>cd VirtualBox
C:\Program Files\Oracle\VirtualBox>VBoxManage.exe modifyhd --compact E:\ubuntu-virtualbox\ubuntu-virtualBox.vdi
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
C:\Program Files\Oracle\VirtualBox>

网卡声卡驱动

ubuntu10.04装在稍微新一点的机子时可能没有无线没有声音。

网卡驱动:

先把系统自带linux-firmware卸了,找一个比较新的装上
安装类似这种linux-backports-modules-compat-wireless-XXX-2.6.32-66-generic

声卡驱动1:安转旧点内核,然后。

1
2
3
sudo add-apt-repository ppa:ubuntu-audio-dev/ppa
sudo apt-get update
sudo apt-get install linux-alsa-driver-modules-$(uname -r)

现在支持最新的时2.6.32-34

声卡驱动2:声音不太正常

1.下载linux版本的官方驱动包

Realtek官网 http://www.realtek.com/downloads/ 点击右下方的 HD Audio Codec Driver
然后点击 I accept 神马的进入下一页 然后在最底下有linux版本的驱动,根据内核(一般都是2.6)版本下载驱动包

2.开始安装
1)解压源代码包
1
2
3
tar xfvj LinuxPkg_5.16rc25.tar.bz2  
cd realtek-linux-audiopack-5.16  
tar xfvj alsa-driver-1.0.24-5.16rc25.tar.bz2  
2)编译安装
1
2
3
4
5
6
7
sudo ./install  
/** 或:  
 *cd alsa-driver-1.0.24  
 *sudo ./configure --with-cards=hda-intel  
 *sudo make  
 *sudo make install  
 */
3)重启机器

sudo reboot

使用BBSwitch禁用独显(Nvidia)

1-安装编译环境、内核源码和内核头文件 (假设你刚刚装完系统)

1
2
3
apt-get install build-essential      (安装编译环境 )
apt-get install linux-source        (安装内核源文件)
apt-get install linux-headers-$(uname -r) (这安装对应当前内核版本的头文件)

2-查看当前的显卡

1
# lspci | grep VGA

行末的(rev ff)表示关闭状态,其他表示开启状态

3-下载BBswitch源码 ,并编译安装

可以进入https://github.com/Bumblebee-Project/bbswitch点击download zip下载源码(大概23KB)
解压并cd到对应目录,然后make,再make install。
* ubuntu 10.04需要将pr_warn改成printk或者找到正确头文件

4-开启或者禁用独显

1
2
3
modprobe bbswitch                (加载bbswitch模块)
tee /proc/acpi/bbswitch <<<OFF   (禁用独显,我的本本显卡指示灯变成蓝色,说明启用了核显) 
tee /proc/acpi/bbswitch <<<ON    (启用独显,我的本本显卡指示灯变成白色,说明独显启用)

可以用命令查看独显状态

1
cat /proc/acpi/bbswitch

5-启动系统时执行禁用独显

将启动系统禁用独显这个动作写入 /etc/modprobe.d/bbswitch.conf 文件中

1
# echo 'options bbswitch load_state=0'> /etc/modprobe.d/bbswitch.conf 

解释:bbswitch可以带参数的 ,上面的语句表示禁用独显,=号后面的数字说明:-1是不改变显卡状态,0是关闭独显,1是开启独显。load_state表示加载这个模块的动作。比如我要加载模块时关闭独显,卸载模块时启用独显,那么可以这样写:

1
# echo 'options  bbswitch load_state=0 unload_state=1'> /etc/modprobe.d/bbswitch.conf 

然后,vi编辑/etc/rc.local 文件中的exit0的前面加一行代码,完成开机执行加载bbswitch的动作

1
modprobe bbswitch

Bash软件安全漏洞检测及解决方案

http://www.techweb.com.cn/ucweb/news/id/2079505

redhat官方提供漏洞详情

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

redhat官方提供检测方式

运行命令:

1
  $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

如果返回以下内容:则请尽快升级。

1
2
 vulnerable
this is a test

http://seclists.org/oss-sec/2014/q3/650

The technical details of the vulnerability follow.

Bash supports exporting not just shell variables, but also shell functions to other bash instances, via the process environment to (indirect) child processes. Current bash versions use an environment variable named by the function name, and a function definition starting with “() {” in the variable value to propagate function definitions through the environment. The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition. For example, an environment variable setting of

1
  VAR=() { ignored; }; /bin/id

will execute /bin/id when the environment is imported into the bash process. (The process is in a slightly undefined state at this point. The PATH variable may not have been set up yet, and bash could crash after executing /bin/id, but the damage has already happened at this point.)

The fact that an environment variable with an arbitrary name can be used as a carrier for a malicious function definition containing trailing commands makes this vulnerability particularly severe; it enables network-based exploitation.

So far, HTTP requests to CGI scripts have been identified as the major attack vector.

A typical HTTP request looks like this:

1
2
3
GET /path?query-param-name=query-param-value HTTP/1.1  
Host: www.example.com  
Custom: custom-header-value  

The CGI specification maps all parts to environment variables. With Apache httpd, the magic string “() {” can appear in these places:

  • Host (“www.example.com”, as REMOTE_HOST)
  • Header value (“custom-header-value”, as HTTP_CUSTOM in this example)
  • Server protocol (“HTTP/1.1”, as SERVER_PROTOCOL)

The user name embedded in an Authorization header could be a vector as well, but the corresponding REMOTE_USER variable is only set if the user name corresponds to a known account according to the authentication configuration, and a configuration which accepts the magic string appears somewhat unlikely.

In addition, with other CGI implementations, the request method (“GET”), path (“/path”) and query string (“query-param-name=query-param-value”) may be vectors, and it is conceivable for “query-param-value” as well, and perhaps even “query-param-name”.

The other vector is OpenSSH, either through AcceptEnv variables, TERM or SSH_ORIGINAL_COMMAND.

Other vectors involving different environment variable set by additional programs are expected.

通用寄存器编码表

  • 来源:systemtap-2.4/runtime/loc2c-runtime.h

    x86_64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#define pt_dwarf_register_0(regs)       regs->rax
#define pt_dwarf_register_1(regs)       regs->rdx
#define pt_dwarf_register_2(regs)       regs->rcx
#define pt_dwarf_register_3(regs)       regs->rbx
#define pt_dwarf_register_4(regs)       regs->rsi
#define pt_dwarf_register_5(regs)       regs->rdi
#define pt_dwarf_register_6(regs)       regs->rbp
#define pt_dwarf_register_7(regs)       regs->rsp
#define pt_dwarf_register_8(regs)       regs->r8
#define pt_dwarf_register_9(regs)       regs->r9
#define pt_dwarf_register_10(regs)      regs->r10
#define pt_dwarf_register_11(regs)      regs->r11
#define pt_dwarf_register_12(regs)      regs->r12
#define pt_dwarf_register_13(regs)      regs->r13
#define pt_dwarf_register_14(regs)      regs->r14
#define pt_dwarf_register_15(regs)      regs->r15

i386

1
2
3
4
5
6
7
8
#define pt_dwarf_register_0(regs)       regs->eax
#define pt_dwarf_register_1(regs)       regs->ecx
#define pt_dwarf_register_2(regs)       regs->edx
#define pt_dwarf_register_3(regs)       regs->ebx
#define pt_dwarf_register_4(regs)       (user_mode(regs) ? regs->esp : (long)®s->esp)
#define pt_dwarf_register_5(regs)       regs->ebp
#define pt_dwarf_register_6(regs)       regs->esi
#define pt_dwarf_register_7(regs)       regs->edi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
寄存器编码    8    16    32    64
000    al    ax    eax    rax
001    dl    dx    edx    rdx
010    cl    cx    ecx    rcx
011    bl    bx    ebx    rbx
100    ?    si    esi    rsi
101    ?    di    edi    rdi
110    ?    bp    ebp    rbp
111    ?    sp    esp    rsp
1000    r8b    r8w    r8d    r8
1001    r9b    r9w    r9d    r9
1010    r10b    r10w    r10d    r10
1011    r11b    r11w    r11d    r11
1100    r12b    r12w    r12d    r12
1101    r13b    r13w    r13d    r13
1110    r14b    r14w    r14d    r14
1111    r15b    r15w    r15d    r15