安全3

10

# systemctl status auditd.service 默认这个服务是安装并启动的，selinux也无权关掉
● auditd.service - Security Auditing Service
Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2018-12-10 09:07:02 CST; 6min ago
Docs: man:auditd(8)
https://github.com/linux-audit/audit-documentation
Process: 698 ExecStartPost=/sbin/augenrules --load (code=exited, status=0/SUCCESS)
Process: 691 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS)
Main PID: 694 (auditd)
CGroup: /system.slice/auditd.service
├─694 /sbin/auditd
├─696 /sbin/audispd
└─700 /usr/sbin/sedispatch

12月 10 09:07:02 10 augenrules[698]: lost 0
12月 10 09:07:02 10 augenrules[698]: backlog 1
12月 10 09:07:02 10 augenrules[698]: enabled 1
12月 10 09:07:02 10 augenrules[698]: failure 1
12月 10 09:07:02 10 augenrules[698]: pid 694
12月 10 09:07:02 10 augenrules[698]: rate_limit 0
12月 10 09:07:02 10 augenrules[698]: backlog_limit 8192
12月 10 09:07:02 10 augenrules[698]: lost 0
12月 10 09:07:02 10 augenrules[698]: backlog 1
12月 10 09:07:02 10 systemd[1]: Started Security Auditing Service.

# vim /etc/audit/auditd.conf
[root@10 ~]# auditctl -s
enabled 1
failure 1
pid 694
rate_limit 0
backlog_limit 8192
lost 0
backlog 0
loginuid_immutable 0 unlocked

# auditctl -l
No rules

# auditctl -D
No rules

# wc -l /var/log/audit/audit.log
4449 /var/log/audit/audit.log

# ll -h /var/log/audit/audit.log
-rw-------. 1 root root 1.1M 12月 10 09:11 /var/log/audit/audit.log

# auditctl -w /etc/ssh/sshd_config -p rw -k ssh_change
# auditctl -l
-w /etc/ssh/sshd_config -p rw -k ssh_change

# auditctl -w /usr/sbin/fdisk -p x -k parted

# auditctl -l
-w /etc/ssh/sshd_config -p rw -k ssh_change
-w /usr/sbin/fdisk -p x -k parted

 

#######################################
另开一个窗口10

# tailf /var/log/audit/audit.log

回车到屏幕一片空白
#######################################
10

# cat /etc/audit/audit.rules

#######################################
另一个窗口10会跳出信息

type=SYSCALL msg=audit(1544405540.937:149): arch=c000003e syscall=2 success=yes exit=3 a0=7fff2e27268c a1=0 a2=1fffffffffff0000 a3=7fff2e270c90 items=1 ppid=1280 pid=1784 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cat" exe="/usr/bin/cat" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="ssh_change"
type=CWD msg=audit(1544405540.937:149): cwd="/root"
type=PATH msg=audit(1544405540.937:149): item=0 name="/etc/ssh/sshd_config" inode=51406861 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 objtype=NORMAL
type=PROCTITLE msg=audit(1544405540.937:149): proctitle=636174002F6574632F7373682F737368645F636F6E666967

#######################################
10

# date +%s
1544405692
[root@10 ~]# ausearch -k ssh_change -i
----
type=CONFIG_CHANGE msg=audit(2018年12月10日 09:22:48.612:120) : auid=root ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=add_rule key=ssh_change list=exit res=yes
----
type=PROCTITLE msg=audit(2018年12月10日 09:32:20.937:149) : proctitle=cat /etc/ssh/sshd_config
type=PATH msg=audit(2018年12月10日 09:32:20.937:149) : item=0 name=/etc/ssh/sshd_config inode=51406861 dev=fd:00 mode=file,600 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:etc_t:s0 objtype=NORMAL
type=CWD msg=audit(2018年12月10日 09:32:20.937:149) : cwd=/root
type=SYSCALL msg=audit(2018年12月10日 09:32:20.937:149) : arch=x86_64 syscall=open success=yes exit=3 a0=0x7fff2e27268c a1=O_RDONLY a2=0x1fffffffffff0000 a3=0x7fff2e270c90 items=1 ppid=1280 pid=1784 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=2 comm=cat exe=/usr/bin/cat subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=ssh_change

# ausearch -k ssh_change
----
time->Mon Dec 10 09:22:48 2018
type=CONFIG_CHANGE msg=audit(1544404968.612:120): auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op=add_rule key="ssh_change" list=4 res=1

... ...

#####################################################################
10安装nginx，tomcat，mysql

# ./configure --help | grep "\-\-without-"
--without-select_module disable select module
--without-poll_module disable poll module
--without-http_charset_module disable ngx_http_charset_module
--without-http_gzip_module disable ngx_http_gzip_module
--without-http_ssi_module disable ngx_http_ssi_module
--without-http_userid_module disable ngx_http_userid_module
--without-http_access_module disable ngx_http_access_module
--without-http_auth_basic_module disable ngx_http_auth_basic_module
--without-http_autoindex_module disable ngx_http_autoindex_module
--without-http_geo_module disable ngx_http_geo_module
--without-http_map_module disable ngx_http_map_module
--without-http_split_clients_module disable ngx_http_split_clients_module
--without-http_referer_module disable ngx_http_referer_module
--without-http_rewrite_module disable ngx_http_rewrite_module
--without-http_proxy_module disable ngx_http_proxy_module
--without-http_fastcgi_module disable ngx_http_fastcgi_module
--without-http_uwsgi_module disable ngx_http_uwsgi_module
--without-http_scgi_module disable ngx_http_scgi_module
--without-http_memcached_module disable ngx_http_memcached_module
--without-http_limit_conn_module disable ngx_http_limit_conn_module
--without-http_limit_req_module disable ngx_http_limit_req_module
--without-http_empty_gif_module disable ngx_http_empty_gif_module
--without-http_browser_module disable ngx_http_browser_module
--without-http_upstream_hash_module
--without-http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
--without-http_upstream_keepalive_module
--without-http_upstream_zone_module
--without-http disable HTTP server
--without-http-cache disable HTTP cache
--without-mail_pop3_module disable ngx_mail_pop3_module
--without-mail_imap_module disable ngx_mail_imap_module
--without-mail_smtp_module disable ngx_mail_smtp_module
--without-stream_limit_conn_module disable ngx_stream_limit_conn_module
--without-stream_access_module disable ngx_stream_access_module
--without-stream_geo_module disable ngx_stream_geo_module
--without-stream_map_module disable ngx_stream_map_module
--without-stream_split_clients_module
--without-stream_return_module disable ngx_stream_return_module
--without-stream_upstream_hash_module
--without-stream_upstream_least_conn_module
--without-stream_upstream_zone_module
--without-pcre disable PCRE library usage
########################################################################################
10

摁f12
响应头部信息
不要泄露版本号，可以知道是nginx，但是不能写具体版本号

# vim /usr/local/nginx/conf/nginx.conf

... ...
http {
server_tokens off; 添加这行
... ...

# nginx -s reload

# cd /root/lnmp_soft/nginx-1.12.2/
# vim +48 src/http/ngx_http_header_filter_module.c

49 static u_char ngx_http_server_string[] = "Server: tarena" CRLF; 改双引号里Server:后的内容为 tarena
50 static u_char ngx_http_server_full_string[] = "Server: tarena" NGINX_VER CRLF; 改双引号里Server:后的内容为 tarena
51 static u_char ngx_http_server_build_string[] = "Server: tarena" NGINX_VER_BUILD CRLF; 改双引号里Server:后的内容为 tarena

# ./configure && make && make install

# killall nginx
# nginx
###################################################################################
真机

# firefox 192.168.4.10

摁F12
点击“网络”
消息头
响应头
...
Server:"tarena" 这里会变成我们在配置文件里写的词tarena

####################################################################################
真机

同一个IP访问几十次，都算是攻击了

# yum -y install httpd-tools 要先安装这个包，才能使用下面的ab这个功能

# ab -c 100 -n 100 http://192.168.4.10/ 一定要在网址后面加斜线/

显示如下：
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.4.10 (be patient).....done

Server Software: test
Server Hostname: 192.168.4.10
Server Port: 80

Document Path: /
Document Length: 8 bytes

Concurrency Level: 100
Time taken for tests: 0.024 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 22900 bytes
HTML transferred: 800 bytes
Requests per second: 4132.91 [#/sec] (mean)
Time per request: 24.196 [ms] (mean)
Time per request: 0.242 [ms] (mean, across all concurrent requests)
Transfer rate: 924.26 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 2 0.5 2 3
Processing: 2 10 5.1 10 19
Waiting: 0 10 5.2 10 19
Total: 5 12 4.8 12 20

Percentage of the requests served within a certain time (ms)
50% 12
66% 14
75% 16
80% 17
90% 19
95% 20
98% 20
99% 20
100% 20 (longest request)
############################################################################
10

# vim /usr/local/nginx/conf/nginx.conf
http
... ...
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; 加这行,限制请求的空间大小,空间=自己起的名字:10兆。一个ip在1秒内只能访问1次
server {
listen 80;
server_name localhost;
limit_req zone=one burst=5; 加这行,特别说明，漏斗里可以放5个。同1个IP可以访问5次
... ...

# nginx -s reload

##########################################################
真机

# ab -c 100 -n 100 http://192.168.4.10/ 访问变慢了

显示如下：
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.4.10 (be patient).....done

Server Software: test
Server Hostname: 192.168.4.10
Server Port: 80

Document Path: /
Document Length: 8 bytes

Concurrency Level: 100
Time taken for tests: 5.001 seconds
Complete requests: 100 并发访问了100个
Failed requests: 94 失败了94个，就是说成功了6个
(Connect: 0, Receive: 0, Length: 94, Exceptions: 0)
Write errors: 0
Non-2xx responses: 94
Total transferred: 69336 bytes
HTML transferred: 50526 bytes
Requests per second: 19.99 [#/sec] (mean)
Time per request: 5001.454 [ms] (mean)
Time per request: 50.015 [ms] (mean, across all concurrent requests)
Transfer rate: 13.54 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1 0.3 1 2
Processing: 3 183 722.9 35 4999
Waiting: 0 183 722.9 35 4999
Total: 3 185 722.9 37 5001

Percentage of the requests served within a certain time (ms)
50% 37
66% 39
75% 40
80% 41
90% 42
95% 1001
98% 4001
99% 5001
100% 5001 (longest request)
########################################################################
10

# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
limit_req zone=one burst=5;
if ( $request_method !~ ^(GET|POST) ) {
return 444;
}

 

工作中要加下面这几句话，而且要根据情况适当调整大小
[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
http{
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
… …
}
[root@proxy ~]# /usr/local/nginx/sbin/nginx -s reload

 

# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:

The existing password for the user account root has expired. Please set a new password.

New password:

Re-enter new password:
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 25
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y

New password:

Re-enter new password:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.

- Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!
####################################################################
10

# ls -a | grep history
.bash_history 这是我们在命令行的历史命令
.mysql_history 这是我们在数据库里写过的历史命令

可以查看里面的历史命令
# history
# cat .mysql_history
# cat .bash_history

清空我们的bash和数据库的历史命令,还有存放历史命令的文件
# history -C
# > .bash_history
# > .mysql_history

不要使用明文登陆
mysql -uroot -p密码 这样在命令行输入会被别人通过历史命令来看到密码，不安全

应该这样
mysql -uroot -p 回车之后在交互界面输入密码，这样才能看不到

不要直接远程连接数据库！！！可以先ssh进主机，再进数据库！！！
######################################################################
真机

# curl http://192.168.4.10:8080/axxx 看一个不存在的页面
<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.30 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 404 - /axxx</h1><div class="line"></div><p><b>type</b> Status report</p><p><b>message</b> <u>/axxx</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><hr class="line"><h3>Apache Tomcat/8.0.30</h3></body></html>
这里最后一行泄露了版本信息：Apache Tomcat/8.0.30，这个可以在配置文件里改

# curl -I http://192.168.4.10:8080/axxx
HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1002
Date: Mon, 10 Dec 2018 07:32:35 GMT
###############################################################
10

# cd lnmp_soft/
# cd tomcat_session/
# yum -y install java-1.8.0-openjdk-devel
# cd /usr/local/tomcat/lib/
# jar -xf catalina.jar
# vim org/apache/catalina/util/ServerInfo.properties

原本的内容
server.info=Apache Tomcat/8.0.30 这里=后面的就决定了访问时显示什么版本
server.number=8.0.30.0
server.built=Dec 1 2015 22:30:46 UTC

改后，可以随便改
server.info=test 1.0 改这行,=后面随便改
server.number=1.0 改这行,=后面随便改
server.built=1.0 改这行,=后面随便改

关闭服务，再启动
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh

如果服务起不来，就执行下面操作：
# mv /dev/random /dev/random.bak
# ln -s /dev/urandom /dev/random

再次尝试关闭服务，再启动
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh

##########################################################################
真机：

# curl http://192.168.4.10:8080/axxx
<!DOCTYPE html><html><head><title>test 1.0 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 404 - /axxx</h1><div class="line"></div><p><b>type</b> Status report</p><p><b>message</b> <u>/axxx</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><hr class="line"><h3>test 1.0</h3></body></html>

这里最后一行已经变成了，我们之前在配置文件里改的test 1.0
##########################################################################
10

# vim /usr/local/tomcat/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" server="xyz" /> 添加server="xyz"，决定了别人F12看到的是什么

# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
##########################################################################
真机

# curl -I http://192.168.4.10:8080/axxx
HTTP/1.1 404 Not Found
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 978
Date: Mon, 10 Dec 2018 07:55:21 GMT
Server: xyz 可以看到这里已经变成了xyz
##########################################################################
10

# ps aux | grep tomcat 在第一行可以看到是以root的身份来启动服务的
root 15244 1.1 7.9 2299208 80876 pts/2 Sl 15:55 0:02 /usr/bin/java -Djava.util.logging.config.file=/
... ...

# /usr/local/tomcat/bin/shutdown.sh
# useradd tomcat
# chown -R tomcat:tomcat /usr/local/tomcat/
# su - tomcat -c "/usr/local/tomcat/bin/startup.sh"

# ps aux | grep tomcat 在第一行可以看到是以tomcat的身份来启动服务的
tomcat 15443 4.3 7.1 2297008 72716 ? Sl 16:03 0:02 //bin/java -Djava.util.logging.config.file=/
... ...
############################################################################
10

# vim test1.sh
#!/bin/bash
echo "hello worl"

# vim test2.sh
#!/bin/bash
echo "hello world"
echo "test file"

# diff test1.sh test2.sh
2c2,3 第2，3行不一样
< echo "hello worl" 小于号左边的文件长什么样
---
> echo "hello world" 大于号右边的文件长什么样
> echo "test file"

# diff -u test1.sh test2.sh 打补丁。它告诉的不是有哪些差异了，而是怎么把第1个文件，修改成第2个文件。
显示如下：
--- test1.sh 2018-12-10 16:47:49.498413097 +0800
+++ test2.sh 2018-12-10 16:50:03.907413097 +0800
@@ -1,2 +1,3 @@
#!/bin/bash 意思是，这行保持不变
-echo "hello worl" 删去这行
+echo "hello world" 加上这行
+echo "test file" 加上这行
###########################################################################
# diff -u test1.sh test2.sh > test.patch 导出文件

# cat test.patch
--- test1.sh 2018-12-10 16:47:49.498413097 +0800
+++ test2.sh 2018-12-10 16:50:03.907413097 +0800
@@ -1,2 +1,3 @@
#!/bin/bash
-echo "hello worl"
+echo "hello world"
+echo "test file"

# yum -y install patch

# patch -p0 < test.patch
patching file test1.sh 意思是正在给test1.sh打补丁

# cat test1.sh 现在test1.sh已经和test2.sh一样了
#!/bin/bash
echo "hello world"
echo "test file"
#############################################################################
# patch -R -p0 < test.patch 多加-R，反悔了，又撤销回之前的版本了
patching file test1.sh

# cat test1.sh
#!/bin/bash
echo "hello worl"
#############################################################################
# mkdir /root/demo
# cd /root/demo
# mkdir {source1,source2}
# echo "hello world" > source1/test.sh
# echo "hello the world" > source2/test.sh

# cp /bin/find source1/
# cp /bin/find source2/

# echo "1" >> source2/find
# echo 11 >> source2/find

# yum -y install tree.x86_64

# tree source1/
source1/
├── find
└── test.sh

# echo "data" > source2/tmp.txt

# tree source2/
source2/
├── find
├── test.sh
└── tmp.txt

0 directories, 3 files
######################################################################
# diff -r source1/ source2/
Binary files source1/find and source2/find differ
diff -r source1/test.sh source2/test.sh
1c1
< hello world
---
> hello the world
只在 source2/ 存在：tmp.txt

# diff -ur source1/ source2/ 加-u的作用是，怎么把第1个文件变成第2个
Binary files source1/find and source2/find differ
diff -ur source1/test.sh source2/test.sh
--- source1/test.sh 2018-12-10 17:21:12.287413097 +0800
+++ source2/test.sh 2018-12-10 17:23:42.413413097 +0800
@@ -1 +1 @@
-hello world
+hello the world
只在 source2/ 存在：tmp.txt
################################################################################################
diff命令常用选项：
-u 输出统一内容的头部信息（打补丁使用），计算机知道是哪个文件需要修改
-r 递归对比目录中的所有资源（可以对比目录）
-a 所有文件视为文本（包括二进制程序）
-N 无文件视为空文件（空文件怎么变成第二个文件）
-N选项备注说明：
A目录下没有txt文件，B目录下有txt文件
diff比较两个目录时，默认会提示txt仅在B目录有（无法对比差异，修复文件）
diff比较时使用N选项，则diff会拿B下的txt与A下的空文件对比，补丁信息会明确说明如何从空文件修改后变成txt文件，打补丁即可成功！
################################################################################################
# diff -uar source1/ source2/ -a代表所有文件视为文本（包括二进制程序）
diff -uar source1/find source2/find
--- source1/find 2018-12-10 17:21:33.807413097 +0800
+++ source2/find 2018-12-10 17:32:16.088413097 +0800
@@ -661,4 +661,5 @@
�� �㟼�j�:o�:`Q������'o)ݬ�a'�T���7oH�Iv�.ҏ�Ыǖ ���@�3��o7Ǽ�o�mV�mM��c���u��#�6�3���}
... ...
+11
diff -uar source1/test.sh source2/test.sh
--- source1/test.sh 2018-12-10 17:21:12.287413097 +0800
+++ source2/test.sh 2018-12-10 17:23:42.413413097 +0800
@@ -1 +1 @@
-hello world
+hello the world
只在 source2/ 存在：tmp.txt
################################################################################################
# diff -Naru source1/ source2/ 打补丁就-Naru。-N代表无文件视为空文件（空文件怎么变成第二个文件）
diff -Nuar source1/find source2/find
--- source1/find 2018-12-10 17:21:33.807413097 +0800
+++ source2/find 2018-12-10 17:32:16.088413097 +0800
@@ -661,4 +661,5 @@
�� �㟼�j�:o�:`Q������'o)ݬ�a'�T���7oH�Iv�.ҏ�Ыǖ ���@�3��o7Ǽ�o�mV�mM��c���u��#�6�3���}
... ...
+11
diff -Nuar source1/test.sh source2/test.sh
--- source1/test.sh 2018-12-10 17:21:12.287413097 +0800
+++ source2/test.sh 2018-12-10 17:23:42.413413097 +0800
@@ -1 +1 @@
-hello world
+hello the world
diff -Nuar source1/tmp.txt source2/tmp.txt
--- source1/tmp.txt 1970-01-01 08:00:00.000000000 +0800
+++ source2/tmp.txt 2018-12-10 17:31:57.383413097 +0800
@@ -0,0 +1 @@
+data
################################################################################################
/patch -pnum（其中num为数字，指定删除补丁文件中多少层路径前缀）
//如原始路径为/u/howard/src/blurfl/blurfl.c
//-p0则整个路径不变
//-p1则修改路径为u/howard/src/blurfl/blurfl.c
//-p4则修改路径为blurfl/blurfl.c
//-R(reverse)反向修复，-E修复后如果文件为空，则删除该文件
################################################################################################
对谁打补丁就cd到对应目录下

# cd source1/

# pwd
/root/demo/source1

p1代表把补丁包里的第1级目录删掉

# patch -p1 < ../patch
patching file find
patching file test.sh
patching file tmp.txt

# vim /root/demo/patch 看前面的3行，是相对路径
diff -Naru source1/find source2/find
--- source1/find 2018-12-10 17:21:33.807413097 +0800
+++ source2/find 2018-12-10 17:32:16.088413097 +0800
... ...

[root@10 source1]# ls
find test.sh tmp.txt

[root@10 source1]# cat test.sh
hello the world

# cd /root/demo

# ls
patch source1 source2

# md5sum source1/find
1b722d99413cdc2785776e7735c756af source1/find

# md5sum source2/find
1b722d99413cdc2785776e7735c756af source2/find

# cd source1/ 对谁打补丁就cd到对应目录下
# patch -R -p1 < ../patch 多加-R，反悔了，撤销回原来的样子
####################################################################################################
用绝对路径打补丁

# cd
# pwd
/root

# diff -Naru /root/demo/source1 /root/demo/source2/ > /root/demo/xx.patch

# vim /root/demo/xx.patch 看前面的3行，是绝对路径
diff -Naru /root/demo/source1/find /root/demo/source2/find
--- /root/demo/source1/find 2018-12-10 17:51:24.405413097 +0800
+++ /root/demo/source2/find 2018-12-10 17:32:16.088413097 +0800
... ...

# cd /root/demo/source1/ 对谁打补丁就cd到对应目录下

# patch -p4 < ../xx.patch
patching file find
patching file test.sh
patching file tmp.txt

diff生成补丁 patch打补丁