sudoをパスワードレス認証で使いたい | IIJ Engineers Blog 2025

/etc/sudoers
Defaults        env_keep += "SSH_AUTH_SOCK"

の追加が必要だった。

ssh接続してるんだから、sudo認証にパスワードではなくssh公開鍵認証を使う #Linux - Qiita 2021

サーバ

sudo dnf install pam_ssh_agent_auth

sudo vi /etc/pam.d/sudo

#%PAM-1.0
auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys # 追加
auth       include      system-auth

sudo visudo

# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults    env_keep += "SSH_AUTH_SOCK" # 追加

クライアント

$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_ed25519
(確認)
$ ssh-add -l

$ ssh -A example.com

-A: エージェント転送を許可する

$ sudo ls

【SSH】ssh-agentの使い方を整理する #SSH - Qiita 2016

デフォルト (FreeBSD 12.1, 14.3)

kern.ipc.maxsockbuf: 2097152
net.inet.tcp.rfc1323: 1
net.inet.tcp.sendspace: 32768
net.inet.tcp.recvspace: 65536

65536 64K

x8

kern.ipc.maxsockbuf=16777216
net.inet.tcp.sendspace=262144
net.inet.tcp.recvspace=524288

ネットワークのバッファサイズを増やす GbEじゃないなら既定値で十分
大量のセッションを張るサーバでは増やしすぎるとデメリットの方が多い

net.inet.tcp.sendspace
net.inet.tcp.recvspace
net.inet.udp.recvspace

scale factor of 16 [65535*2^4 ≒ 1048560]
scale factor of 8 [65535*2^3 ≒ 524280]
scale factor of 4 [65535*2^2 ≒ 262140]
scale factor of 2 [65535*2^1 ≒ 131070]
scale factor of 0 [65535]

https://www.egrep.jp/nxhack/FreeBSD_kernel_tuning.html

To enable RFC 1323 Window Scaling and increase the TCP window size to 1 MB on FreeBSD, add the following lines to /etc/sysctl.conf and reboot.

net.inet.tcp.rfc1323=1
kern.ipc.maxsockbuf=16777216
net.inet.tcp.sendspace=1048576
net.inet.tcp.recvspace=1048576

https://slaptijack.com/system-administration/freebsd-tcp-performance-tuning.html 2024

kern.ipc.maxsockbuf=2097152
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=131072

http://cocelo.s201.xrea.com/archive/wiki/BSD/FreeBSD/Tuning/

kern.ipc.maxsockbuf=524288
net.inet.tcp.recvspace=114688

http://himagine.s20.xrea.com/bamp/freebsd_upfast.html 2005

PD 物理ディスクとの対応

man smartctl
...

              megaraid,N - [Linux only] the device consists of one or more SCSI/SAS disks  connected  to  a  MegaRAID
              controller.   The non-negative integer N (in the range of 0 to 127 inclusive) denotes which disk on the
              controller is monitored.  Use syntax such as:
              smartctl -a -d megaraid,2 /dev/sda
              smartctl -a -d megaraid,0 /dev/sdb
              smartctl -a -d megaraid,0 /dev/bus/0
              This interface will also work for Dell PERC controllers.  It is possible to set  RAID  device  name  as
              /dev/bus/N, where N is a SCSI bus number.

              The following entry in /proc/devices must exist:
              For PERC2/3/4 controllers: megadevN
              For PERC5/6 controllers: megaraid_sas_ioctlN

LdPdInfo

論理ディスクを構成する物理ディスクを確認する

[root@localhost ~]# MegaCli -LdPdInfo -a0
                                     
Adapter #0

Number of Virtual Disks: 1
Virtual Drive: 0 (Target Id: 0)
(中略)

PD: 0 Information
Enclosure Device ID: 252
Slot Number: 0
(中略)
Firmware state: Online, Spun Up
(中略)

PD: 1 Information
Enclosure Device ID: 252
Slot Number: 2
(中略)
Firmware state: Online, Spun Up
(中略)

Exit Code: 0x00
[root@localhost ~]#

何だか怪しいディスクをMegacliを使って予備のディスクに置き換えてリビルドを実行する #MegaCli - Qiita 2022

.htaccess

RewriteEngine On
RewriteCond %{QUERY_STRING} ^mdrv=
RewriteRule ^ - [F,L]

https://stackoverflow.com/questions/71386719/block-visits-that-uses-a-strange-parameter-mdrv

This request illustrates a client accessing the specified IP address (167.99.114.223) and domain (www.example.com) at the timestamp [12/Oct/2023:13:03:44 +0000].

The request is a “GET” method for the resource “/product/prd1235/” with the parameter “?mdrv=www.example.com” under HTTP/2.0 protocol. The response status is “499” with a response size of “0”.

https://dieutek.com/knowledge-hub/wordpress/the-data-scraping/

Cloudflare

Create custom rules in Security > WAF > Custom rules.

If incoming requests match:
Query String contains "mdrv="
Then
Block or Managed Challenge

https://community.cloudflare.com/t/large-volume-of-requests-that-include-mdrv-which-crashes-site/535805