网上有一些文档介绍如何在nginx下安装nagios，但一般都是用的nginx维基上的fcgi插件例子，我认为效果不理想，再者既然我们已经使用了fcgiwrap（Nginx下配置FastCGI.pdf），就按这个思路下去吧，所以有了这篇nginx下安装nagios。

这篇文章所述的内容我都是测试过的，有什么请大家还是到首页意见和建议联系我。

为了让大家更快速安全的安装cacti，已经在soft区里新加了一个cacti目录，专门放置cacti安装所需文件，如果有任何遗漏请大家联系我补充，谢谢！！

我们单位一直使用nagios监控服务器状态，目前官网放出了3.2.2版本，我们看看3.2.2版本有哪些特性吧

3.2.2 - 09/01/2010

ENHANCEMENTS

• Patch to new_mini_epn to allow any command line length without breaking on extra trailing or leading whitespace (Ray Bengen)
• Patch to mini_epn to allow any command line length (Thomas Guyot-Sionnest)
• Patch to speed up loading of state retention data (Matthieu Kermagoret)
• Custom notifications are now suppressed during scheduled downtime (Sven Nierlein)
• Added code to warn user about exit code of 126 meaning plugin is not executable (bug #153)
• Scheduled downtime can now start on SOFT error states (bug #47)
• Main window frame URL can now be specify with a "corewindow=" parameter
• Improved config CGI shows commands, command args in an easier to use manner (Jochen Bern)
• Added ability for NEB modules to override execution of event handlers (Sven Nierlein)
• Custom macros are no longer cleaned/stripped as they are user-defined and should be trusted (Peter Morch)

FIXES

• Fix for choosing next valid time on day of DST change when clocks go one hour backwards
• Fix for nagios now erroring when "Error: Could not find any contactgroup matching..." displayed
• Fix tap tests for Solaris 10 and newer versions of Test::Harness
• Fix for notifications not being sent out when scheduled downtime is cancelled (Daniel Pouzzner)
• Fix for first notification delay being calculated incorrectly, and notifications potentially going out early (Pawel Malachowski)
• Fix for text of scheduling downtime of all services on a host (Holger Weiss)
• Fix for services inheriting notification period from hosts if not defined (Gordon Messmer)
• Fix for incorrect service states on host failures (bug #130 Petya Kohts)
• Fix for incorrect service state attributes being set on host failures (bug #128 Petya Kohts)
• Fix for non-scheduled hosts and services not being updated in NDOUtils
• Fix for typos in TAC, CMD CGIs (bugs #150, #144, #148)
• Fix for types in documentation (bugs #145, #105, #106)
• Fix for incorrect host state counts in status CGI when viewing servicegroups (bug #72)
• Fix for new Splunk integration query parameters (bug #136)
• Fix for extra field header in availability CSV export (bug #113)
• Fix for macro processing code modifying input string (Jochen Bern)
• Fix for update check API
• Fix for CGI speedup when persistent=0 for comments
• Fix for event execution loop re-scheduling host checks instead of executing them if service checks are disabled (bug #152)
• Fix for segfaults on Solaris (Torsten Huebler)
• Fix for incorrect comment expiration times being passed to event broker (Mattieu Kermagot)
• Doc updates related to cleaning of custom macros (Peter Valdemar Morch)
• Fix to sample notify-service-by-email command (bug #62)
• Fix for retaining host display name and alias, as well as service display name (Folkert van Heusden)

摘录：

Php5.2.14 安装后的加速和安全
注意事项：
本文档版权属于techlife.com.cn网站，以及所有人Mr.Xu，如果转载，请移步
https://techlife.com.cn/yijian.php发送申请，并请保留此版权信息。

 下文所述适用于RHEL、CENTOS、FREEBSD环境，其他未做测试。

一、加速
eAccelerator已经是很常用的PHP平台预编译加速的手段了，加速方面我们就采用这个软件
获得源代码：
https://bart.eaccelerator.net/source/

编译：需要有autoconf支持，解包后在源程序目录下：

 /usr/local/php/bin/phpize

 ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config

 make;make install

Security Enhancements and Fixes in PHP 5.2.14:

• Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
• Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
• Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
• Fixed a possible memory corruption in substr_replace().
• Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
• Fixed a possible stack exaustion inside fnmatch().
• Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
• Fixed handling of session variable serialization on certain prefix characters.
• Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

Key enhancements in PHP 5.2.14 include:

• Upgraded bundled PCRE to version 8.02.
• Updated timezone database to version 2010.5.
• Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
• Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
• Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
• Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
• Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
• Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on https://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.

Changes with nginx 0.8.50                                        02 Sep 2010

    *) Feature: the "secure_link", "secure_link_md5", and
       "secure_link_expires" directives of the ngx_http_secure_link_module.

    *) Feature: the -q switch.
       Thanks to Gena Makhomed.

    *) Bugfix: worker processes may got caught in an endless loop during
       reconfiguration, if a caching was used; the bug had appeared in
       0.8.48.

    *) Bugfix: in the "gzip_disable" directive.
       Thanks to Derrick Petzold.

    *) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload
       signals to a process run in other session.

目前官方的页面上还是RC1，国内都是RC1，俺偶然得到未放出的RC2版本，这说明flashfxp的正式版本马上就要出了，着急的朋友去软件区先睹为快吧。安装前请先读INFO.txt,本软件有patch。

辛辛苦苦写了一堆shell，由于某些不可见人的原因，我要把它们加密，就找到了shc这个工具
1) 工具说明
shell脚本是可读写的, 很有可能会泄露敏感信息, 如用户名/密码/路径/IP等. 同样在shell脚本运行时会也泄露敏感信息. shc是一个加密shell脚本的工具, 它的作用是把shell脚本转换为一个可执行的二进制文件. 这就很好的解决了上述问题.

下载安装
下载: https://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz

安装:

 mkdir /usr/local/man/man1/ (install时会把man文件放入该目录,如果该目录不存在需提前建好)

 tar vxf shc-3.8.7.tgz && cd shc-3.8.7

 make test

 make strings

 make install

     Installing shc and shc.1 on /usr/local
     Do you want to continue? <输入y>
install -c -s shc /usr/local/bin/
install -c -m 644 shc.1 /usr/local/man/man1/

用法:

 which shc

/usr/local/bin/shc

 shc

shc parse(-f): No source file specified
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

3) 加密脚本

 shc -v -f test.sh

-v是verbose模式, 输出更详细编译日志;
-f 指定脚本的名称.
$ ll test*
-rwxr-xr-x  1 oracle oinstall   1178 Aug 18 10:00 test.sh
-rwx--x--x  1 oracle oinstall   8984 Aug 18 18:01 test.sh.x
-rw-r--r--  1 oracle oinstall  14820 Aug 18 18:01 test.sh.x.c
$ file test.sh.x
test.sh.x: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), stripped

可以看到生成了动态链接可执行二进制文件test.sh.x和C源文件testup.sh.x.c, 注意生成的二进制文件因为是动态链接形式, 所以在其它平台上不能运行. 

4) 生成静态链接的二进制可执行文件
可以通过下面的方法生成一个静态链接的二进制可执行文件:
$ CFLAGS=-static shc -r -f test.sh
$ file testup.sh.x 

5) 通过sch加密后的脚本文件很安全吗?
一般来说是安全的, 不过可以使用gdb和其它的调试工具获得最初的源代码. 如果需要更加安全的方法, 可以考虑使用wzshSDK. 另外shc还可以设置脚本的运行期限和自定义返回信息:
$ shc -e 03/31/2007 -m "the mysql backup scrīpt is now out of date." -f test.sh
-e表示脚本将在2007年3月31日前失效, 并根据-m定义的信息返回给终端用户.

在Rob Flickenger写的linux server hacks里有过介绍，主要功能是可以把本地服务器流量传递给远程服务器，此工具可以运用在linux上以及win上。
rinetd默认的配置文件是/etc/rinetd.conf，格式很简单
源IP 源端口 目标IP 目标端口 比如
0.0.0.0 1234 1.1.1.1 22
在windows上，我们可以使用rinetd唯一的有用参数-c 来指定rinetd.conf的地址，一般来说应把rinetd.conf放在和rinetd.exe同一目录中，这样就可以用如下命令调用了
rinetd -c rinetd.conf
执行完后，DOS窗口不会退出就是成功了，你可以看看本地机器的1234启动了没有，如果启动了用putty连接看看是否可以连到1.1.1.1上？特别注意一下，用putty连接的时候IP要写127.0.0.1，否则会报错。

为了方便下载，已经将软件放到
https://techlife.com.cn/soft/里了

这本书全称是《实战Nginx：取代Apache的高性能Web服务器》，国内的张宴写的，这哥们应该是在金山逍遥网工作。

现在提供的下载是网上找的，仅为学习使用，如果大家觉得不错，希望支持一下作者，毕竟是咱们中国人自己写的书
https://diavps.vpser.net/nginx-pdf-download.zip
https://www.boobooke.com/b/book0469.zip
两个下载地址任选其一。