http {
...

   fastcgi_cache_path /data/nfs/cache/ levels=1:2 keys_zone=bankir:32m inactive=1m max_size=256m;
...
}

server {
...
   location =/ {
      access_log /data/nfs/site/logs/access.1.log;
      try_files /$uri $uri @php;

      fastcgi_cache bankir;
      fastcgi_cache_key "$server_addr:$server_port$request_uri|$cookie_phpsessid";
      fastcgi_temp_path /data/nfs/cache 1 2;
      fastcgi_cache_use_stale updating error timeout invalid_header http_500;
      fastcgi_cache_valid 1m;
   }
...
}

894. 10/25/2013 01:34:11 (null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /usr/bin/lsattr unset 952
895. 10/25/2013 01:34:10 (null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /usr/bin/lsattr unset 951
896. 10/25/2013 01:34:29 (null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 rename yes /bin/sed unset 955
897. 10/25/2013 01:34:29 (null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /bin/sed unset 953
898. 10/25/2013 01:36:15 (null) inode=178409 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 unlink yes /usr/bin/install unset 957
899. 10/25/2013 01:36:15 /usr/sbin/ open yes /usr/bin/install unset 959
900. 10/25/2013 01:36:15 (null) inode=171307 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 fsetxattr no /usr/bin/install unset 960
901. 10/25/2013 01:36:15 (null) inode=171307 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 fchmod yes /usr/bin/install unset 961
902. 10/25/2013 01:36:15 (null) inode=171307 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 rename yes /usr/bin/strip unset 963
903. 10/25/2013 01:36:15 /usr/sbin/sshd chmod yes /usr/bin/strip unset 964
904. 10/25/2013 01:36:15 /usr/sbin/sshd chown yes /usr/bin/strip unset 965
905. 10/25/2013 01:36:15 /usr/sbin/sshd chmod yes /usr/bin/strip unset 966
906. 10/25/2013 01:36:15 /usr/sbin/sshd chmod yes /usr/bin/install unset 967
907. 10/25/2013 01:36:15 (null) inode=263989 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /usr/sbin/sshd unset 968
908. 10/25/2013 01:36:16 (null) inode=263989 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /usr/sbin/sshd unset 969
909. 10/25/2013 01:36:16 (null) inode=173249 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 open no /usr/share/rsync/touch unset 970
910. 10/25/2013 01:36:16 (null) inode=263989 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /bin/egrep unset 971
911. 10/25/2013 01:38:47 (null) inode=260016 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 open yes /bin/cat unset 972

# ausearch -a 952
----
time->Fri Oct 25 01:34:11 2013
type=PATH msg=audit(1382650451.931:952): item=1 name="/etc/ssh/sshd_config" inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650451.931:952): item=0 name=(null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650451.931:952):  cwd="/var/log"
type=SYSCALL msg=audit(1382650451.931:952): arch=c000003e syscall=2 success=yes exit=3 a0=7fff699f89ac a1=800 a2=7fff699f7b30 a3=7fff699f78d0 items=2 ppid=609 pid=610 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="lsattr" exe="/usr/bin/lsattr" key=(null)
# ausearch -a 951
----
time->Fri Oct 25 01:34:10 2013
type=PATH msg=audit(1382650450.426:951): item=1 name="/etc/ssh/sshd_config" inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650450.426:951): item=0 name=(null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650450.426:951):  cwd="/var/log"
type=SYSCALL msg=audit(1382650450.426:951): arch=c000003e syscall=2 success=yes exit=4 a0=84d9e0 a1=800 a2=7fff0d5e14f0 a3=0 items=2 ppid=476 pid=477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="lsattr" exe="/usr/bin/lsattr" key=(null)
# ausearch -a 955
----
time->Fri Oct 25 01:34:29 2013
type=PATH msg=audit(1382650469.933:955): item=5 name="/etc/ssh/sshd_config" inode=263989 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.933:955): item=4 name="/etc/ssh/sshd_config" inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.933:955): item=3 name="/etc/ssh/sed68Dr2N" inode=263989 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.933:955): item=2 name="/etc/ssh/" inode=261295 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.933:955): item=1 name="/etc/ssh/" inode=261295 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.933:955): item=0 name=(null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650469.933:955):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650469.933:955): arch=c000003e syscall=82 success=yes exit=0 a0=142ea60 a1=7fff8bb2f9a5 a2=142ea60 a3=7fff8bb2d830 items=6 ppid=439 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="sed" exe="/bin/sed" key=(null)
# ausearch -a 953
----
time->Fri Oct 25 01:34:29 2013
type=PATH msg=audit(1382650469.433:953): item=1 name="/etc/ssh/sshd_config" inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650469.433:953): item=0 name=(null) inode=259751 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650469.433:953):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650469.433:953): arch=c000003e syscall=2 success=yes exit=3 a0=7fff8bb2f9a5 a1=0 a2=1b6 a3=0 items=2 ppid=439 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="sed" exe="/bin/sed" key=(null)
# ausearch -a 957
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:957): item=2 name="/usr/sbin/sshd" inode=178409 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:957): item=1 name="/usr/sbin/" inode=170360 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:957): item=0 name=(null) inode=178409 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:957):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:957): arch=c000003e syscall=87 success=yes exit=0 a0=7fff7f10e984 a1=7fff7f10e984 a2=7fff7f10cef0 a3=7fff7f10ca20 items=3 ppid=15831 pid=15888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="install" exe="/usr/bin/install" key=(null)
# ausearch -a 959
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:959): item=1 name="/usr/sbin/sshd" inode=171307 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:959): item=0 name="/usr/sbin/" inode=170360 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:959):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:959): arch=c000003e syscall=2 success=yes exit=4 a0=7fff7f10e984 a1=c1 a2=1ed a3=7fff7f10ca20 items=2 ppid=15831 pid=15888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="install" exe="/usr/bin/install" key=(null)
# ausearch -a 960
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:960): item=0 name=(null) inode=171307 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=SYSCALL msg=audit(1382650575.432:960): arch=c000003e syscall=190 success=no exit=-95 a0=4 a1=2b87057abd57 a2=1241870 a3=1c items=1 ppid=15831 pid=15888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="install" exe="/usr/bin/install" key=(null)
# ausearch -a 961
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:961): item=0 name=(null) inode=171307 dev=fc:01 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=SYSCALL msg=audit(1382650575.432:961): arch=c000003e syscall=91 success=yes exit=0 a0=4 a1=180 a2=180 a3=7fff7f10ca00 items=1 ppid=15831 pid=15888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="install" exe="/usr/bin/install" key=(null)
# ausearch -a 963
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:963): item=5 name="/usr/sbin/sshd" inode=173249 dev=fc:01 mode=0100711 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:963): item=4 name="/usr/sbin/sshd" inode=171307 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:963): item=3 name="/usr/sbin/stUlLwXa" inode=173249 dev=fc:01 mode=0100711 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:963): item=2 name="/usr/sbin/" inode=170360 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:963): item=1 name="/usr/sbin/" inode=170360 dev=fc:01 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1382650575.432:963): item=0 name=(null) inode=171307 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:963):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:963): arch=c000003e syscall=82 success=yes exit=0 a0=b17ae0 a1=7fffdce05986 a2=7fffdce05390 a3=7fffdce05130 items=6 ppid=15888 pid=15889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="strip" exe="/usr/bin/strip" key=(null)
# ausearch -a 964
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:964): item=0 name="/usr/sbin/sshd" inode=173249 dev=fc:01 mode=0100711 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:964):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:964): arch=c000003e syscall=90 success=yes exit=0 a0=7fffdce05986 a1=180 a2=7fffdce05390 a3=7fffdce05130 items=1 ppid=15888 pid=15889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="strip" exe="/usr/bin/strip" key=(null)
# ausearch -a 965
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:965): item=0 name="/usr/sbin/sshd" inode=173249 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:965):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:965): arch=c000003e syscall=92 success=yes exit=0 a0=7fffdce05986 a1=0 a2=0 a3=7fffdce05130 items=1 ppid=15888 pid=15889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="strip" exe="/usr/bin/strip" key=(null)
# ausearch -a 966
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:966): item=0 name="/usr/sbin/sshd" inode=173249 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:966):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:966): arch=c000003e syscall=90 success=yes exit=0 a0=7fffdce05986 a1=180 a2=0 a3=7fffdce05130 items=1 ppid=15888 pid=15889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="strip" exe="/usr/bin/strip" key=(null)
# ausearch -a 967
----
time->Fri Oct 25 01:36:15 2013
type=PATH msg=audit(1382650575.432:967): item=0 name="/usr/sbin/sshd" inode=173249 dev=fc:01 mode=0100600 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1382650575.432:967):  cwd="/usr/lib/zlibcc/openssh"
type=SYSCALL msg=audit(1382650575.432:967): arch=c000003e syscall=90 success=yes exit=0 a0=7fff7f10e984 a1=1ed a2=ffffffff a3=7fff7f10ced0 items=1 ppid=15831 pid=15888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="install" exe="/usr/bin/install" key=(null)

eth0      Link encap:Ethernet  HWaddr 00:44:55:66:ff:e1  
          inet addr:192.168.4.2  Bcast:192.168.4.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14120544 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8151690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:20026916706 (20.0 GB)  TX bytes:1029229328 (1.0 GB)
          Interrupt:20 

eth1      Link encap:Ethernet  HWaddr 00:44:55:66:77:22  
          inet addr:192.168.1.242  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10801053 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15673177 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3214827795 (3.2 GB)  TX bytes:20107578428 (20.1 GB)
          Interrupt:44 Base address:0x8000 

eth1:1    Link encap:Ethernet  HWaddr 00:44:55:66:77:22  
          inet addr:10.1.1.2  Bcast:10.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:44 Base address:0x8000 

eth2      Link encap:Ethernet  HWaddr 00:44:55:66:11:11  
          inet addr:11.22.33.44  Bcast:11.22.33.44  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1372  Metric:1
          RX packets:765444 errors:0 dropped:0 overruns:0 frame:0
          TX packets:936019 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:168304895 (168.3 MB)  TX bytes:673732402 (673.7 MB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Локальная петля (Loopback)  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:915 errors:0 dropped:0 overruns:0 frame:0
          TX packets:915 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:95395 (95.3 KB)  TX bytes:95395 (95.3 KB)

ppp0      Link encap:Протокол PPP (Point-to-Point Protocol)  
          inet addr:55.55.55.55  P-t-P:77.77.77.77  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:14118582 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8149724 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:19659702274 (19.6 GB)  TX bytes:817205129 (817.2 MB)

# ip route
default dev ppp0  scope link 
10.1.1.0/24 dev eth1  proto kernel  scope link  src 10.1.1.2 
77.77.77.77 dev ppp0  proto kernel  scope link  src 55.55.55.55 
11.22.33.0/24 dev eth2  proto kernel  scope link  src 11.22.33.44 
172.16.130.0/24 via 172.16.130.2 dev tun0 
172.16.130.2 dev tun0  proto kernel  scope link  src 172.16.130.1 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.242 
192.168.3.0/24 dev eth2  scope link  src 192.168.1.242 
192.168.4.0/24 dev eth0  proto kernel  scope link  src 192.168.4.2 

# ip rule
0:	from all lookup local 
32764:	from all fwmark 0xa lookup 100 
32765:	from 11.22.33.44 lookup 100 
32766:	from all lookup main 
32767:	from all lookup default 

# ip route show table 100
default via 11.22.33.44 dev eth2 
192.168.1.0/24 via 192.168.1.242 dev eth1

# ping -I eth2 8.8.8.8

# ip route show table 100
default via 11.22.33.1 dev eth2 
192.168.1.0/24 via 192.168.1.242 dev eth1

# ping -I eth2 8.8.8.8

10:20:32.592759 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 8.8.8.8 tell 11.22.33.44, length 28
10:20:33.589528 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 8.8.8.8 tell 11.22.33.44, length 28
10:20:34.589527 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 8.8.8.8 tell 11.22.33.44, length 28
10:20:35.606686 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 8.8.8.8 tell 11.22.33.44, length 28

#!/sbin/iptables-restore

# Generated by iptables-save v1.4.12 on Sat Sep 14 18:44:55 2013
*mangle
:PREROUTING ACCEPT [3536:933906]
:INPUT ACCEPT [534:653649]
:FORWARD ACCEPT [3002:280257]
:OUTPUT ACCEPT [508:170349]
:POSTROUTING ACCEPT [3510:450606]
:LIST_IP - [0:0]
-A PREROUTING -s 192.168.1.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -s 10.1.1.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -d 11.22.33.44/32 -m state --state NEW -j CONNMARK --set-xmark 0xa/0xffffffff
-A PREROUTING -s 192.168.1.0/24 -d 213.180.204.11/32 -j LIST_IP
-A PREROUTING -s 192.168.1.0/24 -d 93.158.134.11/32 -j LIST_IP
-A PREROUTING -s 192.168.1.0/24 -d 213.180.193.11/32 -j LIST_IP
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -d 178.159.255.97/32 -j LIST_IP
-A OUTPUT -d 93.158.134.11/32 -j LIST_IP
-A OUTPUT -d 213.180.193.11/32 -j LIST_IP
-A LIST_IP -s 192.168.1.210/32 -j RETURN
-A LIST_IP -s 192.168.1.211/32 -j RETURN
-A LIST_IP -j MARK --set-xmark 0xa/0xffffffff
COMMIT
# Completed on Sat Sep 14 18:44:55 2013
# Generated by iptables-save v1.4.12 on Sat Sep 14 18:44:55 2013
*nat
:PREROUTING ACCEPT [309:22196]
:INPUT ACCEPT [277:20360]
:OUTPUT ACCEPT [205:12448]
:POSTROUTING ACCEPT [0:0]
:ROUTING - [0:0]
-A PREROUTING -d 11.22.33.44/32 -p tcp -m tcp --dport 111 -j DNAT --to-destination 10.1.1.1:443
-A PREROUTING -d 11.22.33.44/32 -p tcp -m tcp --dport 222 -j DNAT --to-destination 10.1.1.1:80
-A PREROUTING -d 11.22.33.44/32 -p tcp -m tcp --dport 333 -j DNAT --to-destination 192.168.1.111:902
-A POSTROUTING -j ROUTING
-A ROUTING -d 192.168.3.0/24 -j RETURN
-A ROUTING -j MASQUERADE
COMMIT
# Completed on Sat Sep 14 18:44:55 2013
# Generated by iptables-save v1.4.12 on Sat Sep 14 18:44:55 2013
*filter
:INPUT ACCEPT [3625:3767322]
:FORWARD ACCEPT [6001:470080]
:OUTPUT ACCEPT [3392:998412]
COMMIT
# Completed on Sat Sep 14 18:44:55 2013

port 2000
proto tcp
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/gw.crt
key /etc/openvpn/keys/gw.key
dh /etc/openvpn/keys/dh1024.pem

server 172.16.130.0 255.255.255.0

route 192.168.3.0 255.255.255.0

ifconfig-pool-persist /etc/openvpn/ipp.txt

push "route 192.168.1.0 255.255.255.0" # home subnet
push "dhcp-option DNS 192.168.1.242" #DNS
push "dhcp-option DOMAIN localnet.antora" #DNS suffix
push "dhcp-option WINS 192.168.1.242" #WINS

keepalive 10 120

comp-lzo
user nobody
group nogroup
persist-key
persist-tun

status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log

verb 9
mute 20
client-to-client
client-config-dir /etc/openvpn/ccd

client
dev tun
proto tcp
remote <внешний IP адрес первой подсети> 2000
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/msk-client.crt
key /etc/openvpn/keys/msk-client.key
comp-lzo
verb 3

iptables -t nat -A POSTROUTING ! -d 192.168.3.0/24 -j MASQUERADE

# ip route
192.168.3.0/24 via 172.16.130.2 dev tun0

# ip route
192.168.1.0/24 via 172.16.130.29 dev tun0

$ fgrep -v '^[ \t]*;' ./file
   	  	   ; fkdgjnsdfoikm
$ cat ./file | grep -v '^[ \t]*;'
   	  	   ; fkdgjnsdfoikm

$ echo '   	  	   ;  fkdgjnsdfoikm' | grep -v '^[ \t]*;'

AAA=$(echo "$VALUE" | sed -e 's/\./\\./')
BBB=$(grep -R "\\[$AAA.conf\\]" /tmp/test)

~# apache2 -V
Server version: Apache/2.2.22 (Ubuntu)
Server built:   Feb 13 2012 01:51:56
Server's Module Magic Number: 20051115:30
Server loaded:  APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.5, APR-Util 1.3.12
Architecture:   64-bit
Server MPM:     Worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

# cat /etc/apache2/apache2.conf | grep '^[^#]'
LockFile ${APACHE_LOCK_DIR}/accept.lock
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule mpm_prefork_module>
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients		100
    MaxRequestsPerChild 200
</IfModule>
<IfModule mpm_worker_module>
    StartServers          2
    MinSpareThreads	15
    MaxSpareThreads	50
    ThreadLimit		32
    ThreadsPerChild	10
    MaxClients		70
    MaxRequestsPerChild	200
</IfModule>
<IfModule mpm_event_module>
    StartServers          2
    MinSpareThreads      25
    MaxSpareThreads      75 
    ThreadLimit          64
    ThreadsPerChild      25
    MaxClients          150
    MaxRequestsPerChild   0
</IfModule>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
Include mods-enabled/*.load
Include mods-enabled/*.conf
Include httpd.conf
Include ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Include conf.d/
Include sites-enabled/

# grep -v '^#' /etc/apache2/conf.d/*
/etc/apache2/conf.d/other-vhosts-access-log:CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
/etc/apache2/conf.d/php5.conf:<IfModule mod_php5.c>
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php .php4
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php .php5
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php .php
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php-source .php4s
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php-source .php5s
/etc/apache2/conf.d/php5.conf:        AddHandler application/x-httpd-php-source .phps
/etc/apache2/conf.d/php5.conf:        DirectoryIndex index.php4
/etc/apache2/conf.d/php5.conf:        DirectoryIndex index.php5
/etc/apache2/conf.d/php5.conf:        DirectoryIndex index.php
/etc/apache2/conf.d/php5.conf:</IfModule>
/etc/apache2/conf.d/security:ServerTokens OS
/etc/apache2/conf.d/security:ServerSignature On
/etc/apache2/conf.d/security:TraceEnable Off

# php -v
PHP 5.2.16 (cli) (built: Sep 17 2012 12:12:45) 
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

# cat /etc/php5.2/apache2/php.ini
[PHP]
engine = On
zend.ze1_compatibility_mode = Off
short_open_tag = Off
asp_tags = Off
precision    =  14
y2k_compliance = On
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func=
serialize_precision = 100
;allow_call_time_pass_reference = Off
safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = GCONV_PATH,GETCONF_DIR,HOSTALIASES,LD_AUDIT,LD_DEBUG,LD_DEBUG_OUTPUT,LD_DYNAMIC_WEAK,LD_LIBRARY_PATH,LD_ORIGIN_PATH,LD_PRELOAD,LD_PROFILE,LD_SHOW_AUXV,LD_USE_LOAD_BIAS,LOCALDOMAIN,LOCPATH,MALLOC_TRACE,NLSPATH,RESOLV_HOST_CONF,RES_OPTIONS,TMPDIR,TZDIR
disable_functions =
disable_classes =
expose_php = Off
max_execution_time = 600     ; Maximum execution time of each script, in seconds
max_input_time = 600     ; Maximum amount of time each script may spend parsing request data
memory_limit = 512M      ; Maximum amount of memory a script may consume (128MB)
error_reporting  = E_ALL & ~E_NOTICE 
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = On
html_errors = Off
error_log = /home/megaplan/var/logs/php-error.log
variables_order = "GPCS"
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 52M
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
;include_path = ".:/usr/share/php5:/usr/share/php5/PEAR"
doc_root =
user_dir =
extension_dir = /usr/lib/x86_64-linux-gnu/extensions/no-debug-zts-20060613
enable_dl = On
file_uploads = On
upload_tmp_dir = "/tmp"
upload_max_filesize = 52M
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 240

[Syslog]
define_syslog_variables  = Off

[SQL]
sql.safe_mode = Off

[ODBC]
odbc.allow_persistent = Off
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1

[MySQL]
mysql.allow_persistent = Off
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off

[MySQLi]
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off

[PostgresSQL]
pgsql.allow_persistent = Off
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0

[bcmath]
bcmath.scale = 0

[Session]
session.save_handler = files
session.save_path = "/var/lib/php5"
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 1
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 16
session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 1
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[Tidy]
tidy.clean_output = Off

[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400

[xcache-common]
extension = xcache.so

[xcache.admin]
xcache.admin.enable_auth = On
xcache.admin.user = "mOo"
xcache.admin.pass = ""

[xcache]
xcache.shm_scheme =        "mmap"
;xcache.size  =                10M
xcache.size  =                8M
xcache.count =                 2
xcache.slots =                1K
;xcache.slots =                8K
xcache.ttl   =                 0
xcache.gc_interval =           0
xcache.var_size  =            16M
;xcache.var_size  =            32M
xcache.var_count =             1
;xcache.var_count =             16
xcache.var_slots =            1K
;xcache.var_slots =            8K
xcache.var_ttl   =             0
xcache.var_maxttl   =          0
xcache.var_gc_interval =     300
xcache.test =                Off
xcache.readonly_protection = Off
xcache.mmap_path =    "/dev/zero"
xcache.coredump_directory =   ""
xcache.cacher =               On
xcache.stat   =               On
xcache.optimizer =           Off

[xcache.coverager]
xcache.coverager =          Off
xcache.coveragedump_directory = ""

[Zend]
zend_extension_manager.optimizer=/usr/local/lib/Zend/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/lib/Zend/lib/Optimizer_TS-3.3.3
zend_optimizer.version=3.3.3
zend_optimizer.optimization_level=15
zend_optimizer.enable_loader=On
zend_optimizer.disable_licensing=Off
zend_optimizer.license_path=/data/www/megaplan/config
zend_extension=/usr/local/lib/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/lib/Zend/lib/ZendExtensionManager_TS.so

root@gateway:/etc/racoon# cat racoon.conf 

log debug2;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

listen {
	isakmp 11.22.33.205 [500];
}

remote 55.66.77.88 [500] {
	doi ipsec_doi;
	situation identity_only;
	nonce_size 16;
	exchange_mode main;
	lifetime time 3600 sec;
	initial_contact on;
	passive on;
	proposal_check obey;
	generate_policy off;
	proposal {
		encryption_algorithm des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 1;
	}
}

sainfo anonymous {
	pfs_group 1;
	lifetime time 3600 sec;
	encryption_algorithm des;
	authentication_algorithm hmac_md5;
	compression_algorithm deflate;
}

root@gateway:/etc/racoon# cat ipsec.conf 
#!/usr/sbin/setkey -f

## Flush the SAD and SPD
#
flush;
spdflush;

## Some sample SPDs for use racoon
#
spdadd 192.168.3.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/55.66.77.88-11.22.33.205/require;
spdadd 192.168.1.0/24 192.168.3.0/24 any -P out ipsec esp/tunnel/11.22.33.205-55.66.77.88/require;

root@gateway:/etc/racoon# setkey -D
11.22.33.205 55.66.77.88 
	esp mode=tunnel spi=2919576224(0xae0532a0) reqid=0(0x00000000)
	E: des-cbc  c92d9a4d fc80ddf7
	A: hmac-md5  781dba62 d5ec1c9c 840c8a48 bd72f899
	seq=0x00000000 replay=4 flags=0x00000000 state=mature 
	created: Jun  2 13:26:53 2013	current: Jun  2 13:35:41 2013
	diff: 528(s)	hard: 3600(s)	soft: 2880(s)
	last: Jun  2 13:26:54 2013	hard: 0(s)	soft: 0(s)
	current: 9323(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 89	hard: 0	soft: 0
	sadb_seq=1 pid=2782 refcnt=0
55.66.77.88 11.22.33.205
	esp mode=tunnel spi=49129434(0x02eda7da) reqid=0(0x00000000)
	E: des-cbc  6acd7c3c efd1fed1
	A: hmac-md5  a4dd2f17 499571a5 8e437493 6b5d72ab
	seq=0x00000000 replay=4 flags=0x00000000 state=mature 
	created: Jun  2 13:26:53 2013	current: Jun  2 13:35:41 2013
	diff: 528(s)	hard: 3600(s)	soft: 2880(s)
	last: Jun  2 13:26:54 2013	hard: 0(s)	soft: 0(s)
	current: 87296(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 187	hard: 0	soft: 0
	sadb_seq=0 pid=2782 refcnt=0

root@gateway:/etc/racoon# setkey -DP
(per-socket policy) 
	out(socket) none
	created: Jun  2 13:23:26 2013  lastused: Jun  2 13:26:53 2013
	lifetime: 0(s) validtime: 0(s)
	spid=68 seq=1 pid=2784
	refcnt=1
(per-socket policy) 
	in(socket) none
	created: Jun  2 13:23:26 2013  lastused: Jun  2 13:26:53 2013
	lifetime: 0(s) validtime: 0(s)
	spid=59 seq=2 pid=2784
	refcnt=1
192.168.1.0/24[any] 192.168.3.0/24[any] 255
	out prio def ipsec
	esp/tunnel/11.22.33.205-55.66.77.88/require
	created: Jun  2 13:19:47 2013  lastused: Jun  2 13:37:13 2013
	lifetime: 0(s) validtime: 0(s)
	spid=49 seq=3 pid=2784
	refcnt=6
192.168.3.0/24[any] 192.168.1.0/24[any] 255
	fwd prio def ipsec
	esp/tunnel/55.66.77.88-11.22.33.205/require
	created: Jun  2 13:19:47 2013  lastused: Jun  2 13:37:22 2013
	lifetime: 0(s) validtime: 0(s)
	spid=42 seq=4 pid=2784
	refcnt=7
192.168.3.0/24[any] 192.168.1.0/24[any] 255
	in prio def ipsec
	esp/tunnel/55.66.77.88-11.22.33.205/require
	created: Jun  2 13:19:47 2013  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=32 seq=0 pid=2784
	refcnt=1

sysadmin@sysadmin:~$ traceroute 192.168.3.1
traceroute to 192.168.3.1 (192.168.3.1), 30 hops max, 60 byte packets
 1  gateway.localnet.firm (192.168.1.242)  0.145 ms  0.132 ms  0.129 ms
 2  noname.slan.ru (11.22.33.1)  21.984 ms  25.248 ms  33.473 ms
 3  dyn.dialup.l4-c2.provider.su (11.22.33.113)  36.820 ms  41.766 ms  45.075 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  *^C

root@gateway:/etc/racoon# ip route
default dev eth2  scope link 
10.1.1.0/24 dev eth1  proto kernel  scope link  src 10.1.1.2 
11.22.33.0/24 dev eth2  proto kernel  scope link  src 11.22.33.205 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.242 

AddDefaultCharset UTF-8

RewriteEngine on
RewriteBase /

ErrorDocument 404 /errors/404.html

FileETag MTime Size

AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/javascript

ExpiresActive On
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/png A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType application/javascript A2592000
ExpiresByType text/css A2592000

RewriteRule ^(i/|img_preview/|js/|s/|setup/|z/|run.php|favicon.ico|errors/.+|static/.*|files/.*) - [L,QSA]

RewriteRule ^attach/(.*)$ run.php?__dirb=SdfFile&__dira=&__cls=File&__act=downloadAttach&__v=.easy&url=$1 [L,QSA]
RewriteRule ^([A-Z][A-Za-z0-9]+)(/([A-Z][A-Za-z0-9]*))?/([A-Z][A-Za-z0-9]+)/?([a-z][A-Za-z0-9]*)?/?([0-9]+)?(\.[a-z][A-Za-z]+)?/?$ run.php?__dirb=$1&__dir$
RewriteRule ^(.*)$ run.php?__uri=/$1 [L,QSA]

server {
	listen 80;

	server_name megaplan.server.ru;
	root /data/www/megaplan/public_html;
	
	access_log /data/www/megaplan/logs/access.log;
	error_log /data/www/megaplan/logs/error.log;

	rewrite_log on;
	rewrite ^(i/|img_preview/|js/|s/|setup/|z/|run.php|favicon.ico|errors/.+|static/.*|files/.*) $1 last;

#	rewrite ^attach/(.*)$ run.php?__dirb=SdfFile&__dira=&__cls=File&__act=downloadAttach&__v=.easy&url=$1 last;
#	rewrite ^([A-Z][A-Za-z0-9]+)(/([A-Z][A-Za-z0-9]*))?/([A-Z][A-Za-z0-9]+)/?([a-z][A-Za-z0-9]*)?/?([0-9]+)?(\.[a-z][A-Za-z]+)?/?$ run.php?__dirb=$1&__dira=$3&__cls=$4&__act=$5&__oid=$6&__v=$7 last;
	rewrite ^(.*)$ run.php?__uri=/$1 last;
	
	location / {
		index run.php;
	}

	error_page 403 /errors/403.html;
	error_page 404 /errors/404.html;
	error_page 500 /errors/500.html;

	location ~ \.php$ {
		fastcgi_pass php_test_upstream;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /public_html$fastcgi_script_name;
		include /etc/nginx/include/0.fc.param.inc;
	}
}

#	rewrite ^(.*)$ run.php?__uri=/$1 last;

	rewrite ^(i/|img_preview/|js/|s/|setup/|z/|run.php|favicon.ico|errors/.+|static/.*|files/.*) $1 last;

./configure --enable-agent

# cat zabbix_agentd.conf | grep -v '^#'
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=44.44.44.44
ServerActive=44.44.44.44
Hostname=server.ru

# cat zabbix_agent.conf | grep -v '^#'
Server=44.44.44.44

# zabbix_get -s 11.22.33.44 -k net.if.discovery
{
	"data":[
		{
			"{#IFNAME}":"lo"},
		{
			"{#IFNAME}":"eth0"},
		{
			"{#IFNAME}":"eth1"},
		{
			"{#IFNAME}":"dummy0"},
		{
			"{#IFNAME}":"tunl0"},
		{
			"{#IFNAME}":"gre0"},
		{
			"{#IFNAME}":"sit0"},
		{
			"{#IFNAME}":"ip6tnl0"}]}

user@server:~$ cat /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

user@comp:~$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2 ... Jmc7tL2emMd user@comp

user@comp:~$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2 ...  Jmc7tL2emMd user@comp

user@comp:~$ ssh -vvv user@server
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.111 [192.168.1.111] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.111" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 7b:37:f3:62:ce:86:19:dd:37:3b:5f:4f:72:83:1f:b9
debug3: load_hostkeys: loading entries for host "192.168.1.111" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.111' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa (0x7f1c26b4bce0)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug3: no such identity: /home/user/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user@server's password:

# ./php-config 
Usage: ./php-config [OPTION]
Options:
  --prefix            [/usr/local/php]
  --includes          [-I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib]
  --ldflags           [ -L/usr/lib/x86_64-linux-gnu -L/usr/local/pgsql/lib]
  --libs              [-lcrypt   -lz -lcrypt -lpq -lrt -lpq -lmysqlclient -lmcrypt -lltdl -lt1 -lfreetype -lpng -lz -ljpeg -lcurl -lz -lrt -lm -ldl -lnsl  -lrt -lxml2 -lssl -lcrypto -lcurl -lxml2 -lssl -lcrypto -lmysqlclient -lz -lm -lrt -ldl -lmysqlclient -lz -lm -lrt -ldl -lxml2 -lxml2 -lcrypt -lxml2 -lxml2 -lxml2 -lcrypt ]
  --extension-dir     [/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626]
  --include-dir       [/usr/local/php/include/php]
  --man-dir           [/usr/local/php/man]
  --php-binary        [/usr/local/php/bin/php]
  --php-sapis         [cli fpm]
  --configure-options [--enable-fpm --with-mcrypt --enable-mbstring --enable-soap --with-openssl --with-mysql --with-mysql-sock --with-gd --with-jpeg-dir=/usr/lib --enable-gd-native-ttf --with-pdo-mysql --with-libxml-dir=/usr/lib --with-mysqli=/usr/bin/mysql_config --with-curl --enable-zip --enable-sockets --with-zlib --enable-exif --enable-ftp --with-iconv --with-gettext --enable-gd-native-ttf --with-t1lib=/usr --with-freetype-dir=/usr --prefix=/usr/local/php --with-fpm-user=www-data --with-pgsql --with-pdo-pgsql --enable-bcmath --with-libdir=/lib/x86_64-linux-gnu]
  --version           [5.3.8]
  --vernum            [50308]

# ./php-config 
Usage: ./php-config [OPTION]
Options:
  --prefix            [/usr/local/php]
  --includes          [-I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib]
  --ldflags           [ -L/usr/lib/x86_64-linux-gnu -L/usr/local/pgsql/lib]
  --libs              [-lcrypt   -lz -lresolv -lcrypt -lpq -lrt -lpq -lmysqlclient -lmcrypt -lltdl -lt1 -lfreetype -lpng -lz -ljpeg -lcurl -lz -lrt -lm -ldl -lnsl  -lrt -lxml2 -lssl -lcrypto -lcurl -lxml2 -lssl -lcrypto -lmysqlclient -lz -lm -lrt -ldl -lmysqlclient -lz -lm -lrt -ldl -lxml2 -lxml2 -lcrypt -lxml2 -lxml2 -lxml2 -lcrypt ]
  --extension-dir     [/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626]
  --include-dir       [/usr/local/php/include/php]
  --man-dir           [/usr/local/php/man]
  --php-binary        [/usr/local/php/bin/php]
  --php-sapis         [cli fpm]
  --configure-options [--enable-fpm --with-mcrypt --enable-mbstring --enable-soap --with-openssl --with-mysql --with-mysql-sock --with-gd --with-jpeg-dir=/usr/lib --with-pdo-mysql --with-libxml-dir=/usr/lib --with-mysqli=/usr/bin/mysql_config --with-curl --enable-zip --enable-sockets --with-zlib --enable-exif --enable-ftp --with-iconv --with-gettext --enable-gd-native-ttf --with-t1lib=/usr --with-freetype-dir=/usr --prefix=/usr/local/php --with-fpm-user=www-data --with-pgsql --with-pdo-pgsql --with-bcmath]
  --version           [5.3.23]
  --vernum            [50323]

./php -i | grep 'Loaded Configuration'
Loaded Configuration File => /usr/local/php/etc/php.ini

# php -i | grep 'Loaded Configuration'
Loaded Configuration File => (none)

# mv /usr/local/php/etc/php.ini /usr/local/php/lib/php.ini
# php -i | grep 'Loaded Configuration'
Loaded Configuration File => /usr/local/php/lib/php.ini

Получен недопустимый ответ при попытке обработки запроса:

    GET / HTTP/1.1
    Host: example.com
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    Connection: keep-alive

Ответ HTTP, полученный от сервера, не может быть распознан, или он был неверно сформирован. Пожалуйста, свяжитесь с оператором сайта.

2013/03/23 20:41:14.504| parsing hdr: (0x7fc3951b20a0)
Server: nginx/1.2.4
Date: Sat, 23 Mar 2013 16:41:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
ETag: "50ee84d5-264"
Set-Cookie: PHPSession=1;path=/
2013/03/23 20:41:14.504| WARNING: HTTP header contains NULL characters {Server: nginx/1.2.4
Date: Sat, 23 Mar 2013 16:41:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
ETag: "50ee84d5-264"
Set-Cookie: PHPSession=1;path=/}
NULL
{Server: nginx/1.2.4
Date: Sat, 23 Mar 2013 16:41:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
ETag: "50ee84d5-264"
Set-Cookie: PHPSession=1;path=/
2013/03/23 20:41:14.504| cleaning hdr: 0x7fc3951b20a0 owner: 3
2013/03/23 20:41:14.504| init-ing hdr: 0x7fff25ed34c0 owner: 3
2013/03/23 20:41:14.504| cleaning hdr: 0x7fff25ed34c0 owner: 3
2013/03/23 20:41:14.504| cbdataFree: 0x7fc395192738
2013/03/23 20:41:14.504| cbdataFree: Freeing 0x7fc395192738
2013/03/23 20:41:14.504| cleaning hdr: 0x7fc3951b20a0 owner: 3
2013/03/23 20:41:14.504| 0x7fc3951b20a0 lookup for 41
2013/03/23 20:41:14.504| 0x7fc3951b20a0 lookup for 9
2013/03/23 20:41:14.504| 0x7fc3951b20a0 lookup for 23
2013/03/23 20:41:14.504| HttpMsg::parse: cannot parse isolated headers in 'HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Sat, 23 Mar 2013 16:41:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
ETag: "50ee84d5-264"
Set-Cookie: PHPSession=1;path=/'
2013/03/23 20:41:14.504| processReplyHeader: Non-HTTP-compliant header: 'HTTP/1.1 200 OK
Server: nginx/1.2.4
Date: Sat, 23 Mar 2013 16:41:12 GMT
Content-Type: text/html
Content-Length: 612
Connection: keep-alive
ETag: "50ee84d5-264"
Set-Cookie: PHPSession=1;path=/'

# cat mor.conf
server {
        listen 80;
        server_name mor.lo www.mor.lo;
#       server_name_in_redirect off;

        access_log /home/www/mor/logs/access.log;
        error_log /home/www/mor/logs/error.log;

        root /home/www/mor/public_html;
        index index.php index.html index.htm default.html default.htm;
        # Support Clean (aka Search Engine Friendly) URLs
        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        # deny running scripts inside writable directories
        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
                return 403;
                error_page 403 /403_error.html;
        }

        location ~ \.php$ {
                fastcgi_pass php_upstream_mor;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        # caching of files
        location ~* \.(ico|pdf|flv)$ {
                expires 1y;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
                expires 14d;
        }
}

# cat upstream.conf
upstream php_upstream_mor {
	server unix:/home/www/mor/tmp/php-fpm.sock;
}

fastcgi_param   QUERY_STRING            $query_string;
fastcgi_param   REQUEST_METHOD          $request_method;
fastcgi_param   CONTENT_TYPE            $content_type;
fastcgi_param   CONTENT_LENGTH          $content_length;

fastcgi_param   SCRIPT_FILENAME         $request_filename;
fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
fastcgi_param   REQUEST_URI             $request_uri;
fastcgi_param   DOCUMENT_URI            $document_uri;
fastcgi_param   DOCUMENT_ROOT           $document_root;
fastcgi_param   SERVER_PROTOCOL         $server_protocol;

fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

fastcgi_param   REMOTE_ADDR             $remote_addr;
fastcgi_param   REMOTE_PORT             $remote_port;
fastcgi_param   SERVER_ADDR             $server_addr;
fastcgi_param   SERVER_PORT             $server_port;
fastcgi_param   SERVER_NAME             $server_name;

fastcgi_param   HTTPS                   $https;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS         200;

index index.php index.html index.htm default.html default.htm;
...
try_files $uri $uri/ /index.php?$args;
...
fastcgi_index index.php;