自然启示录

Dnsmasq

[root@dnsmaster ~]# yum install -y dnsmasq
[root@dnsmaster ~]# systemctl start dnsmasq.service
[root@dnsmaster ~]# systemctl  stop  firewalld --临时关闭防火墙 
[root@dnsmaster ~]# systemctl  disable  firewalld  --永久关闭防火墙
[root@dnsmaster ~]# setenforce 0   --临时关闭
[root@dnsmaster ~]# vim /etc/selinux/config
SELINUX=disabled        --将enforcing改为disabled
[root@dnsmaster ~]# reboot     --重启系统永久生效
[root@dnsmaster ~]# vim /etc/dnsmasq.conf
resolv-file=/etc/resolv.dnsmasq.conf    //dnsmasq 会从这个文件中寻找上游dns服务器
strict-order                               //去掉前面的#
addn-hosts=/etc/dnsmasq.hosts              //在这个目里面添加记录
listen-address=127.0.0.1,192.168.1.123     //监听地址
resolv-file=/etc/resolv.conf
strict-order
listen-address=192.168.153.128
address=/demon.com/192.168.153.128
server=114.114.114.114
bogus-nxdomain=114.114.114.114

对参数的解释
resolve-file　　   定义dnsmasq从哪里获取上游DNS服务器的地址， 默认是从/etc/resolv.conf获取。
strict-order　　   表示严格按照resolv-file文件中的顺序从上到下进行DNS解析，直到第一个解析成功为止。
listen-address     定义dnsmasq监听的地址，默认是监控本机的所有网卡上。局域网内主机若要使用dnsmasq服务时，指定本机的IP地址。
address　　　　    启用泛域名解析，即自定义解析a记录，如下配置为demon.com这个域名：
*address=/demon.com/127.0.0.1  #访问demon.com时的所有域名都会被解析成127.0.0.1*
bogus-nxdomain     为防止DNS污染，使用参数定义的DNS解析的服务器。注意：如果是阿里云服务器上配置dnsmasq要启用此项。
server　　　　　　 指定dnsmasq程序使用哪个DNS服务器进行解析。对于不同的网站可以使用不同的域名对应解析如下配置
*server=/google.com/8.8.8.8    #表示对于google的服务，使用谷歌的DNS解析。*

实际线上配置
no-resolv
all-servers
server=119.29.29.29
server=223.5.5.5
server=223.6.6.6
server=8.8.8.8
server=8.8.4.4
server=114.114.114.114
no-hosts
addn-hosts=/etc/dns.hosts
dhcp-range=192.168.1.1,192.168.8.255,12h
dhcp-lease-max=2040
cache-size=2040
log-queries
log-facility=/var/log/dnsmasq.log

Nginx 403

1.目录权限不足
2.selinux enable

自动下载国家IP段

#！/bin/bash
wget -c http://ftp.apnic.net/stats/apnic/delegated-apnic-latest
cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv4/ {print $4 "/" 32-log($5)/log(2)}' | tee /chinaiplist.txt

Ubuntu利用IPSET批量封禁IP

ipset create xxx hash:net 
ipset -N cnip hash:net

ipset create blacklist hash:net maxelem 1000000 #黑名单
ipset create whitelist hash:net maxelem 1000000 #白名单

ipset add blacklist 10.60.10.xx

wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone

for i in $(cat /root/cn.zone ); do ipset -A cnip $i; done

将ipset规则保存到文件
ipset save blacklist -f blacklist.txt
ipset save whitelist -f whitelist.txt

删除ipset
ipset destroy blacklist
ipset destroy whitelist

允许cnip访问端口
-A INPUT -p tcp -m set --match-set cnip src -m tcp --dport 51801:51809 -j ACCEPT

VSFTPD被动模式

防火墙配置
 在iptables-config 最下面增加
 IPTABLES_MODULES="ip_conntrack_ftp"
 IPTABLES_MODULES="ip_nat_ftp"

在iptables内增加：
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p tcp --dport 29151:29171 -j ACCEPT

用户设置：
 useradd -d /home/source/UI -s /sbin/nologin UiFtp
 passwd UiFtp
 chown -R UiFtp:root /home/source/UI
 或
 chown -R 用户名.组 /home/source/App

配置vsftp.conf,末尾加入
 pam_service_name=vsftpd
 userlist_enable=YES
 tcp_wrappers=YES
 listen_port=30941
 pasv_enable=YES
 pasv_min_port=29151
 pasv_max_port=29170

配置chroot_list

判断DNS并自动切换

@echo off
 CLS
 ECHO.
 :init
 setlocal DisableDelayedExpansion
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion
 :checkPrivileges
 NET FILE 1>NUL 2>NUL
 if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
 :getPrivileges
 if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
 ECHO.
 ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
 ECHO args = "ELEV " >> "%vbsGetPrivileges%"
 ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
 ECHO args = args ^& strArg ^& " " >> "%vbsGetPrivileges%"
 ECHO Next >> "%vbsGetPrivileges%"
 ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
 "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
 exit /B
 :gotPrivileges
 setlocal & pushd .
 cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul & shift /1)
 ::判断本地连接 赋值a
 for /f "tokens=2,3" %%i in ('ipconfig /all^|findstr /r "以太网适配器"') do echo %%i %%j >net-name.txt
 for /f "tokens=1 delims==:" %%d in (net-name.txt) do set a=%%d

::判断当前DNS 赋值c
 for /f "tokens=15" %%i in ('ipconfig /all^|findstr /r "DNS"') do echo %%i >DNS.txt
 for /f "tokens=1 delims==." %%h in (DNS.txt) do set c=%%h

::比较当前DNS
 if "%c%"=="8" (goto ToAliDNS) else ( if "%c%"=="223" ( goto ToGoogleDNS ))

::请根据实际情况更改以下内容
 :ToGoogleDNS
 echo Google DNS
 color 1A
 echo ***
 echo 正在修复，请稍后…….
 echo ***
 netsh interface ip set dns name="%a%" source=static addr=8.8.4.4
 netsh interface ip add dns "%a%" 8.8.8.8
 goto EXIT

:ToAliDNS
 echo ALI DNS
 color 1A
 echo ***
 echo 正在修复，请稍后…….
 echo ***
 netsh interface ip set dns name="%a%" source=static addr=223.5.5.5
 netsh interface ip add dns "%a%" 223.6.6.6
 goto EXIT

:EXIT
 ipconfig /flushdns
 echo *
 ipconfig /flushdns
 echo *
 ipconfig /flushdns
 del net-name.txt
 del DNS.txt
 echo *
 echo 修复已完成，祝您游戏愉快
 echo *
 echo 请按任意键退出
 echo **
 pause
 exit

自动修改DNS

@echo off
 CLS
 ECHO.
 :init
 setlocal DisableDelayedExpansion
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion
 :checkPrivileges
 NET FILE 1>NUL 2>NUL
 if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
 :getPrivileges
 if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
 ECHO.
 ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
 ECHO args = "ELEV " >> "%vbsGetPrivileges%"
 ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
 ECHO args = args ^& strArg ^& " " >> "%vbsGetPrivileges%"
 ECHO Next >> "%vbsGetPrivileges%"
 ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
 "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
 exit /B
 :gotPrivileges
 setlocal & pushd .
 cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul & shift /1)
 ::判断本地连接 赋值a
 for /f "tokens=2,3" %%i in ('ipconfig /all^|findstr /r "以太网适配器"') do echo %%i %%j >DNS.txt
 for /f "tokens=1 delims==:" %%d in (DNS.txt) do set a=%%d
 ::请根据实际情况更改下面三行
 color 1A
 echo ***
 echo 正在修复，请稍后…….
 echo ***
 netsh interface ip set dns name="%a%" source=static addr=223.5.5.5
 netsh interface ip add dns "%a%" 114.114.115.115
 ipconfig /flushdns
 ipconfig /flushdns
 ipconfig /flushdns
 del DNS.txt
 pushd "C:\Windows\System32\drivers\etc"
 echo.>hosts
 echo *
 echo *修复已完成，祝您游戏愉快 *
 echo *
 echo **
 echo 请按任意键退出
 echo **
 pause
 exit

输入域名自动绑定hosts

@echo off
 CLS
 ECHO.
 :init
 setlocal DisableDelayedExpansion
 set "batchPath=%~0"
 for %%k in (%0) do set batchName=%%~nk
 set "vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs"
 setlocal EnableDelayedExpansion
 :checkPrivileges
 NET FILE 1>NUL 2>NUL
 if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
 :getPrivileges
 if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
 ECHO.
 ECHO Set UAC = CreateObject^("Shell.Application"^) > "%vbsGetPrivileges%"
 ECHO args = "ELEV " >> "%vbsGetPrivileges%"
 ECHO For Each strArg in WScript.Arguments >> "%vbsGetPrivileges%"
 ECHO args = args ^& strArg ^& " " >> "%vbsGetPrivileges%"
 ECHO Next >> "%vbsGetPrivileges%"
 ECHO UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%vbsGetPrivileges%"
 "%SystemRoot%\System32\WScript.exe" "%vbsGetPrivileges%" %*
 exit /B
 :gotPrivileges
 setlocal & pushd .
 cd /d %~dp0
 if '%1'=='ELEV' (del "%vbsGetPrivileges%" 1>nul 2>nul & shift /1)

 color 1A
 set /p domain=请输入您要修复的域名，并按确定键：

:change
 find /i "%domain%" C:\Windows\System32\drivers\etc\hosts>nul
 if "%errorlevel%"=="0" goto view
 if "%errorlevel%"=="1" goto repair2

:view
 echo 您已修复过此域名，是否重新修复
 echo 重新修复请输入“y”,否则请直接关闭程序
 set /p value=请输入：
 if "%value%"=="y" goto repair1
 if "%value%"=="Y" goto repair1

:repair1
 pushd "C:\Windows\System32\drivers\etc"
 copy hosts hosts.bak>nul
 find /v "%domain%" hosts.new
 move hosts.new hosts>nul
 echo,>>hosts
 echo 119.42.34.47  %domain%>>%Windir%\system32\drivers\etc\hosts
 echo 修复已完成，祝您游戏愉快！
 pause
 exit

:repair2
 pushd "C:\Windows\System32\drivers\etc"
 copy hosts hosts.bak>nul
 echo,>>hosts
 echo 119.42.34.47  %domain%>>%Windir%\system32\drivers\etc\hosts
 echo 修复已完成，祝您游戏愉快！
 pause
 exit

批量自动PING

@echo off
 color 1A
 setlocal enabledelayedexpansion
 echo *
 echo *  正在执行，请勿关闭窗口,请等待……..*
 echo *
 pushd "C:\Users\%username%\Desktop"
 if exist result.txt (del result.txt goto step1)
 :step1
 if exist report.txt (del report.txt goto step2)
 :step2
 if exist report1.txt (del report1.txt goto Ping)
 :Ping
 for /f %%i in (domain.txt) do ping %%i -n 1 >>report.txt
 findstr /i /c:"Ping" report.txt >report1.txt
 for /f "tokens=3,4" %%a in (report1.txt ) do echo %%a %%b>>result.txt
 del report.txt
 del report1.txt
 echo * echo 域名检测完毕，请查看桌面result.txt…….. echo *
 pause
 exit

批量自动获取CNAME

@echo off
 color 1A
 setlocal enabledelayedexpansion
 echo *
 echo *  正在执行，请勿关闭窗口,请等待……..*
 echo *
 pushd "C:\Users\%username%\Desktop"
 if exist cname.txt (del cname.txt goto step1)
 :step1
 if exist report.txt (del report.txt goto step2)
 :step2
 if exist report1.txt (del report1.txt goto Ping)
 :Ping
 for /f %%i in (domain.txt) do ping %%i -n 1 >>report.txt
 findstr /i /c:"[" report.txt >report1.txt
 for /f "tokens=3" %%i in (report1.txt ) do echo %%i>>cname.txt
 del report.txt
 del report1.txt
 echo *
 echo *  CNAME已经获取完毕，按任意键退出……..*
 echo *
 pause
 exit