mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-16 03:48:42 +00:00
various
This commit is contained in:
parent
74f782184c
commit
91af93ddf4
1
Makefile
1
Makefile
@ -56,6 +56,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/transfer"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/asn"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/sshj"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/shred"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/rshell"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/pkg-install.sh"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/rc.local-example"
|
||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/etc/vim/vimrc.local"
|
||||
|
@ -56,6 +56,7 @@
|
||||
#SF_USER_DEV_KVM= # =1 to allow access to /dev/kvm (Warning: User can DoS PHY)
|
||||
#SF_ALLOW_SRC_TOR= # =1 to allow connections from TOR
|
||||
#SF_USER_IMMUNE= # =1 to not ban user by lgban
|
||||
#SF_USER_ALLOW_IP= # =any to ingore IP ban (use in limits.conf)
|
||||
|
||||
# Limit to 8 concurrently running servers per IP
|
||||
#SF_LIMIT_SERVER_BY_IP=8
|
||||
|
@ -130,6 +130,7 @@ load_limits()
|
||||
unset SF_USER_FS_INODE
|
||||
unset SF_USER_ROOT_FS_SIZE
|
||||
unset SF_USER_ROOT_FS_INODE
|
||||
unset SF_HOSTNAME
|
||||
|
||||
source "/sf/run/users/lg-${lid}/limits.txt"
|
||||
}
|
||||
@ -208,9 +209,9 @@ cmd_user_mount()
|
||||
# HERE: Not yet mounted.
|
||||
# Set XFS limits
|
||||
load_limits "${lid}"
|
||||
[[ -n $SF_USER_FS_INODE ]] || [[ -n $SF_USER_FS_SIZE ]] && {
|
||||
[[ -z $SF_HOSTNAME ]] && { SF_HOSTNAME=$(<"/config/db/user/lg-${lid}/hostname") || return 255; }
|
||||
[[ -n $SF_USER_FS_SIZE ]] && {
|
||||
SF_NUM=$(<"/config/db/user/lg-${lid}/num") || return 255
|
||||
SF_HOSTNAME=$(<"/config/db/user/lg-${lid}/hostname") || return 255
|
||||
prjid=$((SF_NUM + 10000000))
|
||||
DEBUGF "SF_NUM=${SF_NUM}, prjid=${prjid}, SF_HOSTNAME=${SF_HOSTNAME}, INODE=${SF_USER_FS_INODE}, SIZE=${SF_USER_FS_SIZE}"
|
||||
err=$(xfs_quota -x -c "limit -p ihard=${SF_USER_FS_INODE:-16384} bhard=${SF_USER_FS_SIZE:-128m} ${prjid}" 2>&1) || { ERR "XFS-QUOTA: \n'$err'"; return 255; }
|
||||
@ -228,8 +229,8 @@ cmd_user_mount()
|
||||
|
||||
# Extend same project quota to /onion and /everyone/SF_HOSTNAME
|
||||
[[ -n $prjid ]] && {
|
||||
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_EVR}" "/encfs/sec/everyone-root/everyone/${SF_HOSTNAME:?}"
|
||||
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_WWW}" "/encfs/sec/www-root/www/${SF_HOSTNAME,,}"
|
||||
xfs_quota_sub "${prjid}" "${BASE_RAWDIR_EVR}" "/encfs/sec/everyone-root/everyone/${SF_HOSTNAME}"
|
||||
}
|
||||
|
||||
# Mark as mounted (for destructor to track)
|
||||
|
@ -748,6 +748,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
gcc-multilib \
|
||||
lib32ncurses-dev lib32z1-dev || { [ $(uname -m) != x86_64 ] && true; }
|
||||
RUN /pkg-install.sh HACK ghbin wader/fq '_linux_%arch1%' fq \
|
||||
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/nitefood/asn/master/asn asn2 \
|
||||
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardcidr/master/hardCIDR.sh hardcidr \
|
||||
&& /pkg-install.sh HACK ghbin hahwul/dalfox '_linux_%arch1%' dalfox
|
||||
RUN /pkg-install.sh NET ghbin hackerschoice/gsocket '_%arch%.deb' \
|
||||
@ -764,6 +765,7 @@ RUN /pkg-install.sh NET ghbin hackerschoice/gsocket '_%arch%.deb' \
|
||||
&& /pkg-install.sh NET ghbin ViRb3/wgcf 'linux_%arch1%$' wgcf \
|
||||
&& /pkg-install.sh NET ghbin poscat0x04/wgcf-teams '-linux' wgcf-teams \
|
||||
&& /pkg-install.sh NET apt-get install -y --no-install-recommends \
|
||||
grepcidr \
|
||||
hping3 \
|
||||
ipcalc ipcalc-ng \
|
||||
microsocks \
|
||||
@ -795,7 +797,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
RUN /pkg-install.sh HACK ghbin ekzhang/bore '%arch:aarch64=arm%-unknown-linux' \
|
||||
&& pipx install git+https://github.com/bluet/proxybroker2.git \
|
||||
&& /pkg-install.sh HACK pipx install pwncat-cs \
|
||||
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparkerπpkt \
|
||||
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparker \
|
||||
&& /pkg-install.sh HACK bin 'https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb' `# x86_64 only` \
|
||||
&& /pkg-install.sh HACK bin 'https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb' `# x86_64 only` \
|
||||
&& /pkg-install.sh HACK ghbin hueristiq/xurlfind3r 'linux_%arch:x86_64=amd64:aarch64=arm64%' xurlfind3r
|
||||
|
@ -36,18 +36,18 @@ alias brave="brave-browser"
|
||||
[[ -t 0 ]] && [[ ! -e "${HOME}/.nokiddie" ]] && {
|
||||
_nokiddie_warning()
|
||||
{
|
||||
local cmd
|
||||
cmd="$1"
|
||||
shift 1
|
||||
local cmd="$1"
|
||||
local sargs="$2"
|
||||
shift 2
|
||||
local is_show
|
||||
is_show=1
|
||||
|
||||
[[ -s "/config/self/wgname" ]] && unset is_show
|
||||
[[ -s "/config/self/wgname" ]] && { unset is_show; unset _XARGS; }
|
||||
[[ -e "${HOME}/.nokiddie" ]] && unset is_show
|
||||
[[ -n $is_show ]] && {
|
||||
echo -e >&2 "\
|
||||
${CDC}Massdns${CN}, ${CDC}Masscan${CN} et.al. do not work well via VPN providers. The uplink VPN providers
|
||||
and Google's 8.8.8.8 / 8.8.4.4 will ${CRY}block the requests${CN} when done to rapidly.
|
||||
${CDC}${cmd}${CN} does not work well via VPN providers. The uplink VPN providers
|
||||
will ${CRY}block the requests${CN} when done to rapidly.
|
||||
Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
|
||||
|
||||
if [[ -t 0 ]]; then
|
||||
@ -55,17 +55,28 @@ Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
|
||||
read -r -t10
|
||||
fi
|
||||
}
|
||||
command "$cmd" "$@" # Might not exist and fail nicely here
|
||||
|
||||
if [[ -z $sargs ]]; then
|
||||
command "$cmd" "$@" # Might not exist and fail nicely here
|
||||
else
|
||||
[[ -z $is_show ]] && {
|
||||
echo -e "Adding ${CDC}${sargs}${CN} to your command. To override type:"
|
||||
echo -e " ${CC}command ${CDC}${cmd} $*${CN}\n"
|
||||
sleep 2
|
||||
}
|
||||
command "$cmd" "$@" $(echo "$sargs") # allow word splitting
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
command -v massdns >/dev/null && massdns(){ _nokiddie_warning "massdns" "$@"; }
|
||||
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "$@"; }
|
||||
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "$@"; }
|
||||
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "$@"; }
|
||||
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "$@"; }
|
||||
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "$@"; }
|
||||
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "$@"; }
|
||||
command -v zmap >/dev/null && zmap(){ _nokiddie_warning "zmap" "$@"; }
|
||||
command -v massdns >/dev/null && massdns(){ _nokiddie_warning "massdns" "" "$@"; }
|
||||
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "" "$@"; }
|
||||
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "" "$@"; }
|
||||
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "" "$@"; }
|
||||
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "-rl 15 -c 4 -bs 4 -hbs 2 -headc 2" "$@"; }
|
||||
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "" "$@"; }
|
||||
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "" "$@"; }
|
||||
command -v zmap >/dev/null && zmap(){ _nokiddie_warning "zmap" "" "$@"; }
|
||||
}
|
||||
|
||||
### for 'curl -x socks5h://$(PROXY) ipinfo.io'
|
||||
|
@ -22,19 +22,17 @@ gsexecio() {
|
||||
# Old: { echo -e 'dd bs=1 count='"${#s}" 2>/dev/null' | bash; kill -9 $$'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null
|
||||
# - Expand diretly into bash -c will make our script show in remote's process list
|
||||
# Old: { echo -e 'exec bash -c "$(dd bs=1 count='"${#s} 2>/dev/null)"'"'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
|
||||
# - The 'sleep 1' is there to give the remote site time to execute 'bash' without the calling shell to read the payload.
|
||||
|
||||
# Right deep into the bash tool kit:
|
||||
# - we dont want that the entire script shows in 'ps' output. Thus read into variable 's' and then
|
||||
# double eval
|
||||
# bash -c 'IFS="" s="$(<x.sh)" eval eval "\$s"'
|
||||
# - Escaping quotes the correct way makes it unreadable. Sorry.
|
||||
unset s
|
||||
s+=$(cat)
|
||||
s+=$'\n'"####ENDMARKER"
|
||||
{ echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#s}"' 2>/dev/null) eval eval "\$s"'"'"; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
|
||||
# Understanding the quote-escape, turn ' into '"'"'
|
||||
# { echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#s}"' 2>/dev/null) eval eval "\$s"'"'"; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
|
||||
# { echo 'exec bash -c ' IFS="" s=$(dd bs=1 count="${#s}" 2>/dev/null) eval eval "\$s"'; echo "$s";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/####ENDMARKER/,$p' | tail +2
|
||||
unset pl
|
||||
pl="echo '#####STARTMARKER'"$'\n'
|
||||
pl+=$(cat)
|
||||
{ echo 'exec bash -c '"'"'IFS="" s=$(dd bs=1 count='"${#pl}"' 2>/dev/null) eval eval "\$s"'"'"; sleep 1; echo "$pl";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/^#####STARTMARKER/,$p' | tail +2
|
||||
}
|
||||
|
||||
|
||||
|
@ -17,14 +17,6 @@
|
||||
# Load/restore environment variables from file
|
||||
# SF_DEBUG can be set by ssh-client with -o SetEnv SF_DEBUG=1 or by
|
||||
# docker compose '.env' file.
|
||||
SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
|
||||
[[ -f /dev/shm/env.txt ]] && eval "$(</dev/shm/env.txt)"
|
||||
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
|
||||
unset SSH_SF_DEBUG
|
||||
eval "$(</sf/bin/funcs_redis.sh)" || exit
|
||||
# Debug Trace. see sf_trace-DISABLED
|
||||
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
|
||||
|
||||
[[ -t 1 ]] && {
|
||||
CY="\e[1;33m" # yellow
|
||||
CDY="\e[0;33m" # yellow
|
||||
@ -43,6 +35,14 @@ CUL="\e[4m"
|
||||
CRY="\e[0;33;41m" # YELLOW on RED (warning)
|
||||
}
|
||||
|
||||
SSH_SF_DEBUG="${SF_DEBUG}" # Set by SSH client
|
||||
eval "$(cat /dev/shm/env.txt || echo false)" || exit
|
||||
[[ -z $SF_DEBUG ]] && SF_DEBUG="${SSH_SF_DEBUG}"
|
||||
unset SSH_SF_DEBUG
|
||||
eval "$(cat /sf/bin/funcs_redis.sh || echo false)" || exit
|
||||
# Debug Trace. see sf_trace-DISABLED
|
||||
[[ -f /bin/sf_trace ]] && eval "$(</bin/sf_trace)"
|
||||
|
||||
# [PREFIX] [MSG]
|
||||
_log()
|
||||
{
|
||||
@ -573,18 +573,6 @@ mk_hostname()
|
||||
unset english
|
||||
}
|
||||
|
||||
setup_fs_limit()
|
||||
{
|
||||
# Return if 0 or not set
|
||||
[[ ! "${SF_USER_ROOT_FS_SIZE_NUM}" -gt 0 ]] && return 0 # true
|
||||
|
||||
# Backing FS must be of type XFS
|
||||
[[ "${SF_BACKING_FS}" != "xfs" ]] && ERREXIT 1 "Backing FS is not XFS but SF_USER_ROOT_FS_SIZE is set"
|
||||
|
||||
DOCKER_ARGS+=("--storage-opt")
|
||||
DOCKER_ARGS+=("size=${SF_USER_ROOT_FS_SIZE:?}")
|
||||
}
|
||||
|
||||
# 1. Set INODE limit per container. Docker does not support this via any
|
||||
# --storage-opt. Instead we start the container and add ourself to the
|
||||
# xfs quota group that docker set up. Yeahaaa..
|
||||
@ -626,8 +614,8 @@ load_limits()
|
||||
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
||||
# then root is mounted read-only
|
||||
# SF_USER_ROOT_FS_SIZE=8g
|
||||
# SF_USER_ROOT_FS_INODE=65536
|
||||
# SF_USER_FS_SIZE=16g
|
||||
# SF_USER_ROOT_FS_INODE=65536
|
||||
# SF_USER_FS_INODE=65536
|
||||
SF_USER_MEMORY_LIMIT=256m
|
||||
SF_USER_PIDS_LIMIT=128
|
||||
@ -731,7 +719,7 @@ load_limits()
|
||||
DOCKER_ARGS+=("--oom-score-adj=${SF_USER_OOM_SCORE}")
|
||||
DOCKER_ARGS+=("--blkio-weight=${SF_USER_BLKIO_WEIGHT}")
|
||||
|
||||
[[ -n $SF_USER_DEV_KVM ]] && [[ -z $SF_HAS_DEV_KVM ]] && DOCKER_ARGS+=("--device=/dev/kvm")
|
||||
[[ -n $SF_USER_DEV_KVM ]] && [[ -n $SF_HAS_DEV_KVM ]] && DOCKER_ARGS+=("--device=/dev/kvm")
|
||||
|
||||
# Mount external filesystem into LG (for android builders who dont need encryption but high IO)
|
||||
[[ -n $SF_USER_FS_EXT ]] && {
|
||||
@ -752,20 +740,20 @@ load_limits()
|
||||
# HERE: Root-Fs is LIMITED in size
|
||||
# These files must be mounted read-only as these are special files
|
||||
# for docker and ingored by --opt storage-size= limitations.
|
||||
# Backing FS must be of type XFS
|
||||
[[ "${SF_BACKING_FS}" != "xfs" ]] && ERREXIT 1 "Backing FS is not XFS but SF_USER_ROOT_FS_SIZE is set"
|
||||
DOCKER_ARGS+=("--storage-opt")
|
||||
DOCKER_ARGS+=("size=${SF_USER_ROOT_FS_SIZE:?}")
|
||||
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/etc/hosts:/etc/hosts:ro")
|
||||
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/db/user/lg-${LID}/hostname:/etc/hostname:ro")
|
||||
DOCKER_ARGS+=("-v${SF_BASEDIR}/config/etc/resolv.conf:/etc/resolv.conf:ro")
|
||||
}
|
||||
fi
|
||||
|
||||
write_lg_limits
|
||||
|
||||
# NOTE: This is no longer used because /dev/shm is now mounted as tmpfs to make UML work
|
||||
# [[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
||||
|
||||
[[ -n $SF_SYSBOX ]] && SYSBOX_ARGS+=("--runtime=sysbox-runc")
|
||||
|
||||
setup_fs_limit || ERREXIT 202 "Can't configure XFS limit"
|
||||
}
|
||||
|
||||
# Publish user limits to self/limits, human readable.
|
||||
@ -824,6 +812,7 @@ check_banned()
|
||||
{
|
||||
local blfn
|
||||
|
||||
[[ ${SF_USER_ALLOW_IP,,} == "any" ]] && return
|
||||
[[ -e "${SF_BLACKLIST_DIR}/ip-${YOUR_IP}" ]] && blfn="${SF_BLACKLIST_DIR}/ip-${YOUR_IP}"
|
||||
[[ -z $blfn ]] && [[ -e "${SF_BLACKLIST_DIR}/net-${YOUR_IP%\.*}" ]] && blfn="${SF_BLACKLIST_DIR}/net-${YOUR_IP%\.*}"
|
||||
[[ -z $blfn ]] && return
|
||||
@ -1000,46 +989,49 @@ check_limit_server_by_ip()
|
||||
|
||||
fn="/dev/shm/ip-${YOUR_IP_HASH}.conf"
|
||||
|
||||
[[ -f "$fn" ]] && {
|
||||
eval "$(grep ^ARR "$fn")"
|
||||
[[ ! -f "$fn" ]] && {
|
||||
tofile "ARR=($LID)" "$fn"
|
||||
return
|
||||
}
|
||||
|
||||
local n
|
||||
local lid
|
||||
n=0
|
||||
for lid in "${ARR[@]}"; do
|
||||
[[ -z $lid ]] && break
|
||||
### Check if any of the shells are still alive
|
||||
str="$(exec_errnull docker container inspect "lg-${lid}" -f '{{.State.Status}}')" || continue
|
||||
eval "$(grep ^ARR "$fn")"
|
||||
|
||||
# Container can be in "Created" state (reason is unknown)
|
||||
[[ "$str" != "running" ]] && {
|
||||
# FIXME: A rare race condition (which in worst case terminates the shell)
|
||||
# when a container was recently created and a user creates another server
|
||||
# before the old container entered RUNNING state. Disregard this scenario.
|
||||
exec_devnull docker stop "lg-${lid}"
|
||||
continue
|
||||
}
|
||||
((n++))
|
||||
arr_new+=("$lid")
|
||||
done
|
||||
local n
|
||||
local lid
|
||||
n=0
|
||||
for lid in "${ARR[@]}"; do
|
||||
[[ -z $lid ]] && break
|
||||
### Check if any of the shells are still alive
|
||||
str="$(exec_errnull docker container inspect "lg-${lid}" -f '{{.State.Status}}')" || continue
|
||||
|
||||
## Eyy, good idea to check if they are idle?
|
||||
[[ "$n" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && {
|
||||
print_to_many_servers
|
||||
LOG_W "TO MANY SERVERS FOR ${YOUR_IP}"
|
||||
ERREXIT 254
|
||||
# Container can be in "Created" state (reason is unknown)
|
||||
[[ "$str" != "running" ]] && {
|
||||
# FIXME: A rare race condition (which in worst case terminates the shell)
|
||||
# when a container was recently created and a user creates another server
|
||||
# before the old container entered RUNNING state. Disregard this scenario.
|
||||
exec_devnull docker stop "lg-${lid}"
|
||||
continue
|
||||
}
|
||||
((n++))
|
||||
arr_new+=("$lid")
|
||||
done
|
||||
|
||||
[[ "$((n+1))" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && [[ -z $HUSHLOGIN ]] && [[ -n $IS_LOGIN ]] && IS_SHOW_LAST_SERVER="$((n+1))"
|
||||
## Eyy, good idea to check if they are idle?
|
||||
[[ "$n" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && {
|
||||
print_to_many_servers
|
||||
LOG_W "TO MANY SERVERS FOR ${YOUR_IP}"
|
||||
ERREXIT 254
|
||||
}
|
||||
|
||||
[[ "$n" -ge 1 ]] && {
|
||||
# The 3rd and more servers from same IP get less CPU share
|
||||
SF_USER_CPU_SHARE=2
|
||||
SF_USER_OOM_SCORE=1000
|
||||
SF_USER_NICE_SCORE=19
|
||||
SF_USER_BLKIO_WEIGHT=10
|
||||
# DEBUGF "${n}. server from ${YOUR_IP}. CPU_SHARE=${SF_USER_CPU_SHARE}, OOM=${SF_USER_OOM_SCORE}."
|
||||
}
|
||||
[[ "$((n+1))" -ge "${SF_LIMIT_SERVER_BY_IP}" ]] && [[ -z $HUSHLOGIN ]] && [[ -n $IS_LOGIN ]] && IS_SHOW_LAST_SERVER="$((n+1))"
|
||||
|
||||
[[ "$n" -ge 1 ]] && {
|
||||
# The 2nd and further servers from the same IP get less CPU share
|
||||
SF_USER_CPU_SHARE=2
|
||||
SF_USER_OOM_SCORE=1000
|
||||
SF_USER_NICE_SCORE=19
|
||||
SF_USER_BLKIO_WEIGHT=10
|
||||
# DEBUGF "${n}. server from ${YOUR_IP}. CPU_SHARE=${SF_USER_CPU_SHARE}, OOM=${SF_USER_OOM_SCORE}."
|
||||
}
|
||||
|
||||
tofile "ARR=(${arr_new[*]} $LID)" "$fn"
|
||||
@ -1191,6 +1183,8 @@ check_banned
|
||||
|
||||
mk_hostname
|
||||
|
||||
write_lg_limits
|
||||
|
||||
# Show system messages
|
||||
sysmsg "/config/host/etc/loginmsg-all.sh"
|
||||
|
||||
|
@ -37,4 +37,4 @@ run_ban rx_exhaust.txt banmsg_exhaust.txt &
|
||||
|
||||
# CTRL-c here will also send a SIGINTR to all child processes (and kill them)
|
||||
echo "Banhammer started. Press CTRL-c to stop."
|
||||
read
|
||||
read -r -d '' _ </dev/tty
|
||||
|
Loading…
Reference in New Issue
Block a user