说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。




A quick md5sum equivalent in python

This post will show you how to write a function to compute md5 sum of a file using the hashlib module, the with statement and being memory efficient by not reading the whole file in memory.

from __future__ import with_statement
from hashlib import md5

def md5sum(filename, buf_size=8192):
    m = md5()
    # the with statement makes sure the file will be closed
    with open(filename, 'b') as f:
        # We read the file in small chunk until EOF
        data =
        while data:
            # We had data to the md5 hash
            data =
    # We return the md5 hash in hexadecimal format
    return m.hexdigest()

if __name__ == '__main__':
    import sys
    print md5sum(sys.argv[1])

Now let’s see how quick it is against the real md5sum using a test file of 10Go!

The real md5sum:

$ time md5sum /data/testfile
b215f7bf5b09fa3e9848a6a66f3f3172  /data/testfile

real    0m31.148s
user    0m27.738s
sys     0m3.408s

The python version of md5sum:

$ time python /data/testfile

real    0m27.791s
user    0m24.514s
sys     0m3.276s

The python based version is almost 4 seconds quicker than the C based version!

Log Parser Rocks! More than 50 Examples!

Log Parser is a tool that has been around for quite some time (almost six years, in fact).  I can’t really do any better than the description on the official download page, so here it is: “Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory”.  

Log Parser is a command line (yes, command line!) tool that uses a SQL dialect to extract information from data sources.  In particular, I have found it to be invaluable for extracting information from the web server logs of the sites that I manage and develop.

First, about that SQL syntax Log Parser uses to query the data sources… many developers seem to have a natural aversion to SQL.  In addition, many new data access frameworks attempt to abstract SQL away from the developer.  However, I have always found SQL easy to work with and believe it to be an essential tool that every developer should at least have a working knowledge of.   For Log Parser, all that is necessary is a basic understanding of the core SQL SELECT statement, as implemented within Microsoft’s SQL Server (that is, T-SQL).  That means you should be familiar with the following elements of a SELECT statement: TOP, FROM, INTO, WHERE, ORDER BY, GROUP BY.  That’s all you need to perform most Log Parser operations.

Curiously, Log Parser has never received the amount of attention that I think it deserves.  Beyond a flurry of attention when it was first released, it seems to be mentioned rarely in official Microsoft communications or blogs.  Despite that, it remains a viable and valuable tool for parsing not just web server log files, but all types of structured text-based data.

In this post, rather than explaining how to use Log Parser. I’ll give a number of examples of its use.  In addition, I’ll document some useful locations where Log Parser information can be found on the web.


How to allocate a large memory space for Informix shared memory segments on Red Hat Linux 3 (RHEL3)



How to allocate a large memory space for Informix shared memory segments on Red Hat Linux 3 (RHEL3).

Resolving The Problem


You are using IBM® Informix® Dynamic server (IDS) on on Red Hat Linux 3. When you try to allocate more that 1.8 GB (Gigabytes) of shared memory, the following error message appears in the message log file.

13:52:26  shmat: [ENOMEM][12]: out of available data space, check system memory parameters (e.g. MAXMEM).


Using the nsradmin command to enable or disable an Informix Storage Manager (ISM) storage device



This article explains how to enable or disable an Informix Storage Manager (ISM) storage device using the nsradmin command.
Resolving The Problem


Before the ISM server can use a storage device for backup or restore operations, it must be enabled. There may be times when a storage device becomes disabled due to an error; for example, an I/O error on a file system storage device. You can use the nsradmin -c command to either re-enable the storage device once the problem has been corrected, or disable the storage device to prevent it from being used.


You need to be root or be listed as an ISM administrator in the output from the command:

ism_show -admins

You cannot enable or disable a storage device that has an ISM storage volume mounted on it. To view the status of the devices, run the command:

ism_show -devices

If needed, unmount the storage volume using the command:

ism_op -unmount <device_name>


  1. Login as user root or one of the users listed as an ISM administrator.
  2. Run the command: nsradmin -c
  3. Choose the command Select.
  4. Under type, choose NSR device.
  5. Choose the command Next until you locate the storage device you want to enable or disable.
  6. Choose the command Edit, and then press RETURN.
  7. Under enabled, select Yes or No.
  8. Press ESC to leave the menu.
  9. Press RETURN to save changes.

The ism_show -devices command will show the new enabled/disabled status of the device.

WISS error during the onbar backup with ISM

WISS error during the onbar backup with ISM


Solution for WISS error during the onbar backup with ISM.


Following an operating system crash or the installation of an operating system patch, IBM Informix Storage Manager (ISM) fails to start and the following error appears in the daemon.log:

09/02/02 07:38:18 nsrd: server notice: started
09/02/02 07:38:19 nsrexecd: Can’t initialize
                   configuration file
09/02/02 07:38:19 nsrexecd: SYSTEM error, resource
                   file /nsr/res/nsrla.res already
                   in use; check for another copy of
                   this server already running
09/02/02 07:38:19 nsrexecd: error initializing
                   resource file.
09/02/02 07:38:19 nsrmmdbd: error adding btrees to
                   ss (an invalid slot number)
09/02/02 07:38:19 nsrmmdbd: WISS error, an invalid
                   slot number
09/02/02 07:38:19 nsrd: unable to start nsrmmdbd
09/02/02 07:38:19 nsrd: shutting down
09/02/02 07:38:19 nsrd: successful shutdown


How to setup an SFTP server on CentOS

This tutorial explains how to setup and use an SFTP server on CentOS. Before I start, let me explain what actually SFTP represents and what it is used for. Currently, most people know that we can use normal FTP for transferring, downloading or uploading data from a server to client or client to server. But this protocol is getting hacked easily (if TLS is not used) by anonymous intruders as it the ports are wide open to anyone. Therefore, SFTP has been introduced to as another alternative to meet the main purpose to strengthen the security level.

SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It uses a separate protocol packaged with SSH to provide a secure connection.

1. Preliminary Note

For this tutorial, I am using CentOS 7 in the 64bit version. The same steps will work on CentOS 6 as well. The tutorial result will show how a client can be provided with access to the SFTP server but unable to login to the server itself by SSH.

2. SFTP Installation

Unlike normal FTP, there’s no need to install additional packages in order to use SFTP. We just require the prebuild SSHd package that got already installed during installation on the server. Therefore, just check to confirm if you already have the required SSH package. Below are the steps:


rpm -qa|grep ssh

The output should be similar to this:

[root@localhost ~]# rpm -qa|grep sshlibssh2-1.4.3-10.el7_2.1.x86_64openssh-7.4p1-13.el7_4.x86_64openssh-server-7.4p1-13.el7_4.x86_64openssh-clients-7.4p1-13.el7_4.x86_64

That’s all, now we’ll go on how to make the SFTP configuration.


How to set DNS in CentOS/RHEL 7 & prevent NetworkManager from overwriting /etc/resolv.conf?

This guide shows you how to set custom DNS entries for CentOS 7 / RedHat 7 and ensure that the settings are persistent even after a reboot.

What you need

  • A CentOS 7 or a Red Hat Enterprise Linux (RHEL) 7 server
  • A couple of minutes


In CentOS and Red Hat Enterprise Linux (RHEL) 7, any custom DNS entries are stored in the file /etc/resolv.conf. However, if we simply go ahead and add our nameservers to this file, we’ll notice that after a reboot or a restart of the network.service, the file is overwritten by NetworkManager.

In this guide, we will first configure NetworkManager to not overwrite this file. Then, we will go ahead and actually add our custom nameservers to /etc/resolv.conf.

Step 1

The NetworkManager configuration is located here: /etc/NetworkManager/NetworkManager.conf Open this file using vim or your favorite text editor.

Search for the [main] section in this file. It should look something like this:


Add dns=none just after the [main] tag like this:


Go ahead and save the file.

Step 2

Let’s restart the NetworkManager.service service so that it picks up the changes we made to the configuration.

sudo systemctl restart NetworkManager.service

Note that the service name NetworkManager.service is case-sensitive.

Step 3

Now, let’s add our nameservers to /etc/resolv.conf

Open this file in you favorite text editor and specify the name servers as follows:

# Generated by NetworkManager

That’s it! You’re done. The nameservers added to /etc/resolv.conf will now persist even after a reboot. NetworkManager will not longer overwrite this file.

Centos curl ssl 替换 NSS 为 OpenSSL

系统版本是 Centos 6/7 64位。


yum groupinstall Development tools


1.下载 OpenSSL:


2.解压 OpenSSL:

tar -xzvf openssl-1.0.2l.tar.gz

3.进入 OpenSSL目录:

cd openssl-1.0.2l

4.配置并编译 OpenSSL:

./config –shared
make && make install


Renew/Extend Puppet CA/puppetmasterd certs

Puppet CA/puppetmasterd cert renewal

While we’re still converting our puppet controlled infra to Ansible, we still have some nodes “controlled” by puppet, as converting some roles isn’t something that can be done in just one or two days. Add to that other items in your backlog that all have priority set to #1 and then time is flying, until you realize this for your existing legacy puppet environment (assuming false FQDN here, but you’ll get the idea):

Warning: Certificate 'Puppet CA:' will expire on 2019-05-06T12:12:56UTC
Warning: Certificate '' will expire on 2019-05-06T12:12:56UTC

So, as long as your PKI setup for puppet is still valid, you can act in advance, resign/extend CA and puppetmasterd and distribute newer CA certs to agents, and go forward with other items in your backlog, while still converting from puppet to Ansible (at least for us)