一个分享IT教程经验的站点,涉及windows和linux操作系统下的常用技术和软件使用的内容分享,包含shell编程、python编程、web架构搭建、开源框架、编程工具的使用、数据安全、运维经验分享等内容。
有时候我们可能需要对本机的用户做弱口令检测,下面推荐一款工具
john the ripper password cracker
# 下载完整包
wget https://www.openwall.com/john/k/john-1.9.0-jumbo-1.tar.gz
# 解压包
tar -xzf john-1.9.0-jumbo-1.tar.gz
# 编译
cd john-1.9.0-jumbo-1
cd src
./configure && make
cd ../run
# 检测本机弱口令
./john --wordlist=password.lst /etc/shadow
# password.lst是软件本身自带的一些弱口令集,自己可以编写新的,或者使用开源使用率较高的口令集
# 获取文件绝对路径
readlink -f file.txt
# 获取文件父目录绝对路径
dirname $(readlink -f file.txt)
# 使用find显示文件的绝对路径
find "$(cd ..; pwd)" -name "filename"
log_file_name=catalina.out
grep -n -m 1 '16-Oct-2020 18:01:41' $log_file_name | awk -F ':' '{print $1}' | xargs -i tail -n +{} $log_file_namelog_file_name=catalina.out
tail -n 100000 $log_file_name | grep -i 'exception'
log_file_name=catalina.out
tail -n 100000 $log_file_name | grep -i 'exception' -A 5 -B 5log_file_name=catalina.out
sed -n '/16-Oct-2020 18:01:41/,$P' $log_file_name | morelog_file_name=catalina.out
sed -n '/16-Oct-2020 18:01:41/,/16-Oct-2020 18:02:08/p' $log_file_name | more python代码:
#!/usr/bin/env python3
# encoding=utf-8
import time
import os
with open('test.txt', "w") as file:
count = 0
while True:
count = count + 1
# file.seek(0, os.SEEK_END)
file.write("A append {}\n".format(count))
file.flush()
time.sleep(0.1)
执行该脚本不断输出内容到test.txt文件中,
然后开另一个窗口shell,执行: > test.txt置空日志文件,
发现日志文件头部变为空,后面的日志继续尾部增加,该日志文件ls -lh的大小并没有减少,
参考帖子,https://unix.stackexchange.com/questions/122929/emptying-a-file-without-disrupting-the-pipe-writing-to-it
得出结论:
That means you cannot truncate a file that has been open in write-only mode (and that's the same for read+write) as if you do, processes that had file descriptors open on the file, will leave NUL characters at the beginning of the file (those, except on OS/X, usually don't take space on disk though, they become sparse files).
Instead (and you'll notice most applications do that when they write to log files), you should open the file in append mode
|-- bin
|-- conf
|-- lib
|-- logs
|-- temp
|-- webapps
|-- worktotal 20
-rw-r----- 1 tomcat tomcat 5976 Aug 21 15:43 catalina.2020-08-21.log
-rw-r----- 1 tomcat tomcat 5976 Aug 21 15:43 catalina.out
-rw-r----- 1 tomcat tomcat 0 Aug 21 15:43 host-manager.2020-08-21.log
-rw-r----- 1 tomcat tomcat 408 Aug 21 15:43 localhost.2020-08-21.log
-rw-r----- 1 tomcat tomcat 0 Aug 21 15:43 localhost_access_log.2020-08-21.txt
-rw-r----- 1 tomcat tomcat 0 Aug 21 15:43 manager.2020-08-21.logcatalina.out
记录了 Tomcat 运行时自身输出的日志以及程序中向控制台 (console) 输出的日志
可以在 Tomcat 的启动脚本 (catalina.sh) 中进行配置
if [ -z "$CATALINA_OUT" ] ; then
CATALINA_OUT="$CATALINA_BASE"/logs/catalina.out
fi
# 或者
CATALINA_OUT=/dev/nulllocalhost_access_log.YYYY-MM-DD.txt
记录了 Tomcat 的访问日志,记录了访问地址、请求时间、请求路径、状态码等信息
%a - 远端访问的客户端IP
%A - Server服务所在的服务器自身IP
%b - 发送的字节数,不包含httpHeader 如果是0的话显示为 -
%B - 发送的字节数,不包含httpHeader
%h - 远端的客户端服务器名称(如果resolve host为false则即为IP)
%H - 请求协议名称
%l - 远端请求用来认证的用户名 (一直是 '-')
%m - 请求方法 (GET, POST, 等.)
%p - 接收请求的本地端口
%q - 请求中的查询参数 (如果有的话,以?开头) (例如 /getIndex?id=3,其中'?id=3'就是)
%r - 请求的第一行 (方法和请求地址)
%s - 返回结果对应的http code
%S - 用户的 session id
%t - 日期和时间,使用普通Log形式展示
%u - 远端访问的已认证的用户 (如果有的话), 没有的话显示 '-'
%U - 请求的url路径
%v - 本地服务所在服务器名称
%D - 处理这个请求的时间, 毫秒表示
%T - 处理这个请求的时间, 以秒表示
%I - 当前请求的线程名称 (可以在调用栈中用来做比较和查询)catalina.YYYY-MM-DD.log
localhost.YYYY-MM-DD.log
manager.YYYY-MM-DD.log
host-manager.YYYY-MM-DD.log
| Level | Log content |
|---|---|
SEVERE |
Serious failures |
WARNING |
Potential problems |
INFO |
Informational messages |
CONFIG |
Static configuration messages |
FINE |
Trace messages |
FINER |
Detailed trace messages |
FINEST |
Highly detailed trace messages |
handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.AsyncFileHandler.level = FINE
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90
1catalina.org.apache.juli.AsyncFileHandler.encoding = UTF-8
2localhost.org.apache.juli.AsyncFileHandler.level = FINE
2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90
2localhost.org.apache.juli.AsyncFileHandler.encoding = UTF-8
3manager.org.apache.juli.AsyncFileHandler.level = FINE
3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
3manager.org.apache.juli.AsyncFileHandler.maxDays = 90
3manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8
4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.
4host-manager.org.apache.juli.AsyncFileHandler.maxDays = 90
4host-manager.org.apache.juli.AsyncFileHandler.encoding = UTF-8
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
java.util.logging.ConsoleHandler.encoding = UTF-8
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler
# For example, set the org.apache.catalina.util.LifecycleBase logger to log
# each component that extends LifecycleBase changing state:
#org.apache.catalina.util.LifecycleBase.level = FINE
# To see debug messages in TldLocationsCache, uncomment the following line:
#org.apache.jasper.compiler.TldLocationsCache.level = FINE
# To see debug messages for HTTP/2 handling, uncomment the following line:
#org.apache.coyote.http2.level = FINE
# To see debug messages for WebSocket handling, uncomment the following line:
#org.apache.tomcat.websocket.level = FINE# handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
# .handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
handlers = java.util.logging.ConsoleHandler
.handlers = java.util.logging.ConsoleHandler或者(好像仍然有空文件产生)
1catalina.org.apache.juli.AsyncFileHandler.level = OFF
2localhost.org.apache.juli.AsyncFileHandler.level = OFF
3manager.org.apache.juli.AsyncFileHandler.level = OFF
4host-manager.org.apache.juli.AsyncFileHandler.level = OFF
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = OFF
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = OFF
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = OFF1catalina.org.apache.juli.AsyncFileHandler.rotatable = false
2localhost.org.apache.juli.AsyncFileHandler.rotatable = false
3manager.org.apache.juli.AsyncFileHandler.rotatable = false
4host-manager.org.apache.juli.AsyncFileHandler.rotatable = falsevim bin/catalina.sh
if [ -z "$CATALINA_OUT" ] ; then
CATALINA_OUT=/dev/null
fi或者
vim conf/logging.properties
.handlers = 1catalina.org.apache.juli.FileHandler<!-- 在server.xml配置文件中指定,注释以下内容 -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
-->可以配置tomcat使用log4j方式,禁用logging.properties,下载log4j.jar
“$CATALINA_HOME/lib”中创建log4j.properties
log4j.rootLogger=INFO, R
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=${catalina.base}/logs/tomcat.log
log4j.appender.R.MaxFileSize=10MB
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%p %t %c - %m%n可以使用logrotate的方式切割
/opt/webadmin/tomcat_8001/logs/catalina.out {
notifempty
daily
dateext
missingok
dateformat -%Y%m%d%s
rotate 90
compress
create 644 root root
sharedscripts
postrotate
/usr/bin/kill -USR1 ps -ef | grep /opt/webadmin/tomcat_8001 |grep -v grep | awk '{print $2}'
endscript
}
# debug调试验证(实际不会运行)
logrotate -d /etc/logrotate.d/webadmin_tomcat_8081
# 强制轮询
/usr/sbin/logrotate -vf /etc/logrotate.d/webadmin_tomcat_8081
# Logrotate的记录日志
logrotate自身的日志通常存放于/var/lib/logrotate/logrotate.status