SUMMARY Area Fields
The summary area fields describing CPU statistics are abbreviated.
They provide information about times spent in:
us = user mode
sy = system mode
ni = low priority user mode (nice)
id = idle task
wa = I/O waiting
hi = servicing IRQs
si = servicing soft IRQs
st = steal (time given to other DomU instances)



us: is meaning of "user CPU time"
sy: is meaning of "system CPU time"
ni: is meaning of" nice CPU time"
id: is meaning of "idle"
wa: is meaning of "iowait"
hi：is meaning of "hardware irq"
si : is meaning of "software irq"
st : is meaning of "steal time"

中文翻译为：

us 用户空间占用CPU百分比
sy 内核空间占用CPU百分比
ni 用户进程空间内改变过优先级的进程占用CPU百分比
id 空闲CPU百分比
wa 等待输入输出的CPU时间百分比
hi 硬件中断
si 软件中断
st: 实时 

防外链大都是通过检查请求中的http referer来实现的。如果通过反向代理来动态指定http referer是不是可以解决问题。

用nginx搭一个反向代理

location /get/
{
set $hostx “”;
set $addrs “”;
if ( $uri ~ “^/get/http./+([^/]+)/(.+)$”) {
set $hostx $1;
set $addrs $2;
}
resolver 127.0.0.1;
proxy_pass http://$hostx/$addrs;
proxy_set_header referer “http://$hostx“;

proxy_set_header referer 这项就是指定referer的！

VPN用户管理：
直接编辑/etc/ppp/chap-secrets文件，按照相同格式添加用户名和密码即可

另附手动安装方案：
VPN 也叫虚拟专用网，常见的 VPN 类型有：点对点隧道协议（PPTP）、使用 IPsec 的第2层隧道协议（L2TP/IPsec）、安全套接字隧道协议（SSL VPN）。其中 PPTP 是安装使用最为简便的一种。

#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export PATH

clear
CUR_DIR=$(pwd)

if [ $(id -u) != "0" ]; then
    printf "Error: You must be root to run this script!"
    exit 1
fi

echo "#############################################################"
echo "# PPTP VPN Auto Install"
echo "# Env: Debian/Ubuntu"
echo "# Created by WangYan on 2011.05.20"
echo "# Author Url: http://wangyan.org"
echo "# Version: 1.0"
echo "#############################################################"
echo ""

apt-get -y update
apt-get -y install pptpd

cat >>/etc/pptpd.conf<<EOF
localip 10.10.10.1
remoteip 10.10.10.2-254
EOF

cp /etc/ppp/pptpd-options /etc/ppp/pptpd-options.old

cat >/etc/ppp/pptpd-options<<EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
debug
dump
lock
nobsdcomp
novj
novjccomp
logfile /var/log/pptpd.log
EOF

cat >>/etc/ppp/chap-secrets<<EOF
test * test *
EOF
a
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p

iptables-save > /etc/iptables.down.rules

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
#iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1300

iptables-save > /etc/iptables.up.rules

cat >>/etc/ppp/pptpd-options<<EOF
pre-up iptables-restore < /etc/iptables.up.rules
post-down iptables-restore < /etc/iptables.down.rules
EOF

/etc/init.d/pptpd restart

cd ~
wget http://web.lib.sun.ac.za/ubuntu/files/help/theme/gnome/win7-setup.sh
sudo chmod +x win7-setup.sh
./win7-setup.sh

操作之前请先备份，由于不种的环境可能有一些不可预料的错误。

使用死循环消耗CPU资源，如果服务器是有多颗CPU，可以选择消耗多少颗CPU的资源：

#! /bin/sh
# filename killcpu.sh
for i in `seq $1`
do
echo -ne "
i=0;
while true
do
i=i+1;
done" | /bin/sh &
pid_array[$i]=$! ;
done
for i in "${pid_array[@]}"; do
echo 'kill ' $i ';';
done 

使用方法很简单，参数3表示消耗3颗CPU的资源，运行后，会有一堆 kill 命令，方便 kill 进程：
[root@test02 ~]# ./killcpu.sh 3
kill 30104 ;
kill 30106 ;
kill 30108 ;
[root@test02 ~]# top
top - 15:27:31 up 264 days, 23:39, 4 users, load average: 0.86, 0.25, 0.19
Tasks: 185 total, 5 running, 180 sleeping, 0 stopped, 0 zombie
Cpu0 : 100.0% us, 0.0% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Cpu1 : 0.0% us, 0.0% sy, 0.0% ni, 100.0% id, 0.0% wa, 0.0% hi, 0.0% si
Cpu2 : 100.0% us, 0.0% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Cpu3 : 100.0% us, 0.0% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 8165004k total, 8095880k used, 69124k free, 53672k buffers
Swap: 2031608k total, 103548k used, 1928060k free, 6801364k cached

 # !/bin/sh

# OPENVPN SERVER CONFIGURATION
echo "####################################"
echo "OPENVPN SERVER CONFIGURATION"
echo "####################################"

NETTYPE=`cat /etc/sysconfig/network |grep 'GATEWAYDEV' |sed 's/GATEWAYDEV=//g;s/"//g'`
if [ "$NETTYPE" = "eth0" ]; then
echo "Sorry, this script doesn't support your vps."
exit 1
fi
if [ "$NETTYPE" = "" ]; then
echo -n "Enter your server IP : "
read -e SERVERIP
fi
if [ "$NETTYPE" = "venet0" ]; then
SERVERIP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
echo "Your server IP is $SERVERIP, Is that right? [y/n]: "
read -e IPSET
fi
if [ "$IPSET" = "n" ]; then
echo -n "Enter your server IP : "
read -e SERVERIP
fi
echo "=================================="
echo Your server IP is "$SERVERIP"
echo "=================================="

SERVERPORT="443"
echo -n "Enter VPN Server Port : "
read -p "(Default : 443):" SERVERPORT
if [ "$SERVERPORT" = "" ]; then
SERVERPORT="443"
fi
echo "=================================="
echo VPN Server Port is "$SERVERPORT"
echo "=================================="

CLIENTNAME="client1"
echo -n "Enter new client name : "
read -p "(Default : client1):" CLIENTNAME
if [ "$CLIENTNAME" = "" ]; then
CLIENTNAME="client1"
fi
echo "=================================="
echo Client Name is "$CLIENTNAME"
echo "=================================="

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.2-2.el5.rf.i386.rpm

yum -y install openssl openssl-devel
yum -y install openvpn
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars

echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key $CLIENTNAME
cd keys/

serverudp="
local $SERVERIP
port $SERVERPORT
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 4.2.2.1\"
keepalive 10 120
comp-lzo
persist-key
persist-tun"

echo "$serverudp" > /etc/openvpn/server-udp.conf

servertcp="
local $SERVERIP
port $SERVERPORT
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 4.2.2.1\"
keepalive 10 120
comp-lzo
persist-key
persist-tun"

echo "$servertcp" > /etc/openvpn/server-tcp.conf

clientudp="
client
remote $SERVERIP $SERVERPORT
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $CLIENTNAME.crt
key $CLIENTNAME.key
ns-cert-type server
comp-lzo
redirect-gateway def1
route-delay 2
route-method exe
verb 3"

echo "$clientudp" > $CLIENTNAME-udp.ovpn

clienttcp="
client
remote $SERVERIP $SERVERPORT
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $CLIENTNAME.crt
key $CLIENTNAME.key
ns-cert-type server
comp-lzo
redirect-gateway def1
route-delay 2
route-method exe
verb 3"

echo "$clienttcp" > $CLIENTNAME-tcp.ovpn

tar czf keys.tgz ca.crt ca.key $CLIENTNAME.crt $CLIENTNAME.csr $CLIENTNAME.key $CLIENTNAME-tcp.ovpn $CLIENTNAME-udp.ovpn
mv keys.tgz /root/OpenVPN-$CLIENTNAME-tcp-udp.tgz

echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 4.2.2.1" >> /etc/resolv.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $SERVERIP
/sbin/iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -j SNAT --to-source $SERVERIP
iptables-save > /etc/sysconfig/iptables
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p

clear

/etc/init.d/openvpn start

echo "OpenVPN has been installed
Download /root/openvpn-client-tcp-udp.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of /root/openvpn-client-tcp-udp.tgz there"

#!/bin/bash
zuptime=`top -b -n 1 | grep "^top" | awk -F',' '{print $4}'|awk -F':' '{print $2*100}'`
if [ "$zuptime" -ge '500' ]; then
#添加命令在此
fi