Debian 11 安裝 dvwa

apt install -y apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php php-xml git

cd /home
git clone https://github.com/digininja/DVWA.git
cp /home/DVWA/config/config.inc.php.dist /home/DVWA/config/config.inc.php
chown -R www-data.www-data /home/DVWA

cat <<EOF|mysql
create database dvwa;
create user dvwa@localhost identified by 'p@ssw0rd';
grant all on dvwa.* to dvwa@localhost;
flush privileges;
EOF

編輯 /etc/php/7.4/apache2/php.ini  修改
allow_url_include = On
display_errors = On

systemctl restart apache2

預設帳號/密碼
admin / password

Debian 11 + Python3 使用 PyQt5

sudo apt-get install -y python3-pip
sudo apt-get install -y libxcb-icccm4
sudo apt-get install -y libxcb-image0
sudo apt-get install -y libxcb-keysyms1
sudo apt-get install -y libxcb-render-util0
sudo apt-get install -y libxcb-xinerama0
sudo apt-get install -y libxcb-xkb-dev
sudo apt-get install -y libxkbcommon-x11-0

pip3 install PyQt5 

除錯環境參數
export QT_DEBUG_PLUGINS=1

Curl/Bash code for HEAD Request Example

printf  "HEAD / HTTP/1.0 \n\n\n" |nc 127.0.0.1 80

curl --head 127.0.0.1

nginx 不顯示版本

編輯 /etc/nginx/nginx.conf

設定  HTTP Options
server_tokens off;

Apache2 自定錯誤訊息

加入 ErrorDocument 404 /404.php 設定

Debian 11 Apache2 reverse proxy balance 筆記

載入相關模組
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo a2enmod lbmethod_bytraffic
sudo a2enmod headers

編輯 /etc/apache2/sites-enabled/000-default.conf 

<VirtualHost *:80>
ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html     

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyRequests Off
ProxyPreserveHost On
<Proxy balancer://myset>
    BalancerMember http://192.168.1.1:80/aa
    BalancerMember http://192.168.1.2:80/aa
   #ProxySet lbmethod=byrequests
    ProxySet lbmethod=bytraffic
</Proxy>

ProxyPass "/aa"  "balancer://myset/"
ProxyPassReverse "/aa"  "balancer://myset/"

</VirtualHost>

R 安裝Package 指定 site

方法一、編輯 ~.Rprofile 加入
 local({r <- getOption("repos")

       r["CRAN"] <- "http://mysite.loc/r/" 

       options(repos=r)

})

方法二
install.packages('A3', repos='http://mysite.loc/r')

NFS Server + bind folder 摘要

/etc/exports
#insert shares (one for each mounted partition sub-folder):     
/nfsshare/ /192.168.1.0/24(rw,no_root_squash,no_subtree_check,fsid=root,crossmnt)
/nfsshare/extra/ 192.168.1.0/24(rw,no_root_squash,no_subtree_check)

/etc/fstab 
#shared media files on /media/extra/
/media/ /nfsshare/ nfs bind 0 0
/media/extra/ /nfsshare/extra/ nfs bind 0 0

Proxmox ve zfs 新增swap

zfs create -V 12G rpool/swap
zfs set checksum=off rpool/swap
zfs set dd:swap=on rpool/swap   
mkswap  /dev/zvol/rpool/swap
swapon  /dev/zvol/rpool/swap

編輯 /etc/fstab 加入
/dev/zvol/rpool/swap  none  swap  sw  0  0

WDFS WebDav Fuse mount 安裝摘要

apt install -y gcc make fuse libneon27-dev libfuse-dev libglib2.0
wget -q -O- http://noedler.de/projekte/wdfs/wdfs-1.4.2.tar.gz |tar zx --

cd wdfs-1.4.2
./configure && make
./src/wdfs

參考資料
http://noedler.de/projekte/wdfs/
https://github.com/jmesmon/wdfs

建置 Debian mirror site

安裝相關軟體
wget -q -O- https://ftp-master.debian.org/ftpsync.tar.gz|tar zxv

編輯設定檔 distrib/etc/ftpsync.conf
cat <<EOF>distrib/etc/ftpsync.conf
MIRRORNAME=`hostname -f`
TO="/srv/mirrors/debian/"
RSYNC_HOST=ftp.us.debian.org
RSYNC_PATH="debian"
ARCH_INCLUDE="amd64"
EXCLUDE="--exclude=jessie* --exclude=oldstable* --exclude=sid* --exclude=testing* --exclude=unstable* --exclude=experimental* --exclude=Debian* --exclude=stable*"

EOF

定期執行
./distrib/bin/ftpsync

JupyterHub 整合 R

apt -y install r-base

apt-get install libcurl4-openssl-dev libssl-dev -y

R
install.packages("devtools")
install.packages('IRkernel')
IRkernel::installspec()
IRkernel::installspec(user = FALSE)

Debian 11 安裝 JupyterHub

apt-get install nodejs npm pip
python3 -m pip install jupyterhub
npm install -g configurable-http-proxy
python3 -m pip install jupyterlab notebook

pip install jupyterlab-language-pack-zh-TW

編輯  /etc/systemd/system/jupyterhub.service
# Template file for JupyterHub systemd service
# Uses simple string.format() for 'templating'
# /etc/systemd/system/jupyterhub.service
# /etc/systemd/system/multi-user.target.wants/jupyterhub.service
[Unit]
#Requires=traefik.service
#After=traefik.service

[Service]
User=root
Restart=always
WorkingDirectory=/opt/jupyterhub

# Protect bits that are normally shared across the system
PrivateTmp=yes
PrivateDevices=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes

#Environment=TLJH_INSTALL_PREFIX=/opt/tljh
# Run upgrade-db before starting, in case Hub version has changed

# This is a no-op when no db exists or no upgrades are needed
ExecStart=/usr/local/bin/jupyterhub

[Install]
# Start service when system boots
WantedBy=multi-user.target

編輯 /opt/jupyterhub/bootstrap.sh
#!/bin/bash
USER=$1
USERHOME=$(eval "echo ~${USER}")
[ "$USER" == "" ]&&exit 0;
[ -d "$USERHOME" ]&&exit 0;

mkdir -p $(dirname $USERHOME);
cp -r /etc/skel $USERHOME;
uid=$(id $USER|tr \( \ |xargs -n 1|grep uid|cut -d= -f2)
gid=$(id $USER|tr \( \ |xargs -n 1|grep gid|cut -d= -f2)
chown -R $uid.$gid $USERHOME  && chmod 0700 $USERHOME;
exit 0

編輯/opt/jupyterhub/jupyterhub_config.py 加入

import subprocess

def pre_spawn_hook(spawner):

    username = spawner.user.name

    subprocess.check_call(['./bootstrap.sh', username])

c.Spawner.pre_spawn_hook = pre_spawn_hook

The Littlest JupyterHub 帳號管理命令列指令

增加具管理權限帳號
tljh-config add-item users.admin <username>
tljh-config reload

移除帳號管理權限
tljh-config remove-item users.admin <username>
tljh-config reload

pip / pip3 指定安裝來源

方法1. 使用 pip.conf 設定檔
mkdir ~/.pip;

cat <<EOF >~/.pip/pip.conf
[global]
index-url = http://mysite.loc/pypi/simple/
[install]
trusted-host=mysite.loc
EOF

方法2. 命令列指定
pip3 install hail -i http://mysite.loc/pypi/simple --trusted-host mysite.loc

Debian 10 升級 11

apt update && apt upgrade

mv /etc/apt/sources.list /etc/apt/sources.list.bak

cat <<EOF >/etc/apt/sources.list
deb http://ftp.tw.debian.org/debian bullseye main contrib
deb http://ftp.tw.debian.org/debian bullseye-updates main contrib
# security updates
deb http://security.debian.org bullseye-security main contrib
EOF

apt update && apt full-upgrade

debian 11 安裝 proxmox backup client

wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg

cat <<EOF > /etc/apt/sources.list.d/pbs-no-subscription.list
# PBS pbs-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
EOF

apt update && apt install proxmox-backup-client -y

Proxmox ve pct 執行複雜 bash script

pct exec 100 -- bash -c 'date >/tmp/d;date'

x= 'date >/tmp/d;date';
pct exec 40010 -- bash -c "$x"

Proxmox ve 移除 node known_hosts 異常

After removal of the node, its SSH fingerprint will still reside in the known_hosts of the other nodes. If you receive an SSH error after rejoining a node with the same IP or hostname, run pvecm updatecerts once on the re-added node to update its fingerprint cluster wide.

Debian 11 安裝 proxmox-offline-mirror

安裝
wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg

echo "deb http://download.proxmox.com/debian/pbs-client bullseye main" >/etc/apt/sources.list.d/pbs-client.list

apt update && apt install proxmox-offline-mirror -y

mkdir -p  /pom/mirror/base-dir

新增 mirror
proxmox-offline-mirror config mirror add \
 --id debian-bullseye-security \
 --architectures amd64 \
 --architectures all \
 --repository 'deb http://deb.debian.org/debian-security bullseye-security main contrib non-free' \
 --key-path /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg \
 --sync true \
 --verify true \
 --base-dir /pom/mirror/base-dir

proxmox-offline-mirror config mirror add \
 --id debian-bullseye \
 --architectures amd64 \
 --architectures all \
 --repository 'deb http://deb.debian.org/debian bullseye main contrib' \
 --key-path /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg \
 --sync true \
 --verify true \
 --base-dir /pom/mirror/base-dir

proxmox-offline-mirror config mirror add \
 --id debian-bullseye-updates \
 --architectures amd64 \
 --architectures all \
 --repository 'deb http://deb.debian.org/debian bullseye-updates main contrib' \
 --key-path /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg \
 --sync true \
 --verify true \
 --base-dir /pom/mirror/base-dir

同步 mirror
proxmox-offline-mirror mirror snapshot create debian-bullseye-security
proxmox-offline-mirror mirror snapshot create debian-bullseye
proxmox-offline-mirror mirror snapshot create debian-bullseye-updates

相關設定檔
/etc/proxmox-offline-mirror.cfg

SSSD Status:GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database

可能是 /etc/krb5.keytab 異常或毀損，重新加入網域

apt-get upgrade：The following packages have been kept back

apt-get -u dist-upgrade

Atlassian JIRA REST APIs 帳號認證

APIs 認證
curl -X POST \
  http://192.168.1.1:8080/rest/auth/1/session \
  -H 'content-type: application/json' \
  -d '{ "username": "userid", "password": "123456" }'

不使用APIs
wget http://192.168.1.1/rest/gadget/1.0/login --post-data="os_username=userid&os_password=123456&os_destination=&user_role=&atl_token=&login=Log+In"

Proxmox backup client 使用筆記

備份
proxmox-backup-client backup a.pxar:/root/a --repository root@pam@192.168.1.1:8007:tmp

回復
proxmox-backup-client restore --repository root@pam@192.168.1.1:8007:tmp host/r720/2022-10-10T10:10:10Z root.pxar /tmp/a

備份清單
proxmox-backup-client list --repository root@pam@192.168.1.1:8007:tmp
proxmox-backup-client snapshot list --repository root@pam@192.168.1.1:8007:tmp

掛載
proxmox-backup-client mount host/r720/2022-10-10T01:10:10Z a.pxar /mnt2 --repository root@pam@192.168.1.1:8007:tmp

Proxmox VE 6.x 升級 Proxmox 7.x

 PVE 7.x 使用 cgroupv2，確認環境下的 LXC 模式系統是否有
1.CentOS7       更新 systemd 版本 234以上
2.Ubuntu 16.10  更新 systemd 版本 229以上

PVE 6.x 更新至最新版本
apt update && apt dist-upgrade -y

重新開機
reboot -nf

檢清更新的清單
pve6to7
pve6to7 --full

更新來源庫
sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list
sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/pve-install-repo.list
sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/pve-no-subscription.list
echo "deb http://download.proxmox.com/debian/ceph-octopus bullseye main" > /etc/apt/sources.list.d/ceph.list

系統更新
apt update && apt dist-upgrade -y

Web Server Head 測試

printf "GET / HTTP/1.1\r\nHOST:z\r\n\r\n" | nc localhost 80 printf "GET / HTTP/2.0\r\nHOST:x\r\n\r\n" | nc localhost 80

OpenVPN 除錯

錯誤訊息 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

編輯 /etc/openvpn/server.conf 加入
tls-cipher "DEFAULT:@SECLEVEL=0"

qct / cisco ipmi 預設帳號密碼

 admin / cmb9.admin

ipmitool 帳號相關指令

列出 bmc 網路設定
ipmitool lan print 1

列出目前帳號
ipmitool user list 1

更改密碼
ipmitool user set password 3

新增帳號
ipmitool user set name 4 user0
ipmitool channel setaccess 1 4 link=on ipmi=on callin=on privilege=4
ipmitool channel setaccess 2 4 link=on ipmi=on callin=on privilege=4
ipmitool user enable 4

確認帳號權限
ipmitool channel getaccess 1 4

重啟 bmc
ipmitool bmc reset cold

限制 Linux ssh所能執行指令

編輯 /etc/ssh/sshd_config
Match User user
       X11Forwarding no
       AllowTcpForwarding no
       PermitTTY no
       ForceCommand /tmp/ssh.sh

編輯 /tmp/ssh.sh
#!/bin/bash
case "${SSH_ORIGINAL_COMMAND%% *}" in
ls | echo ) $SSH_ORIGINAL_COMMAND ;;
*) ;;
esac

 pvecm updatecerts 

Proxmox VE 7 grub failed vlmid not found

vgscan
vgchange -ay 

mkdir /media/rescue
mount /dev/pve/root /media/rescue
mount /dev/sda2 /media/rescue/boot/efi

mount -t proc proc /media/rescue/proc
mount -t sysfs sys /media/rescue/sys
mount -o bind /dev /media/rescue/dev
mount -o bind /run /media/rescue/run

chroot /media/rescue
proxmox-boot-tool format /dev/sda2
proxmox-boot-tool init /dev/sda2 

出現 /usr/sbin/grub-probe: error: disk `lvmid/********' not found. 增加以下指令

lvextend -L +1g /dev/pve/root
resize2fs /dev/pve/root
update-grub

reboot

Debian 11 安裝 Rsync Server

apt install rsync

編輯  /lib/systemd/system/rsync.service
[Service]
ExecStart=/usr/bin/rsync --daemon --no-detach --protocol 30
RestartSec=1

systemctl enable rsync

編輯 /etc/rsyncd.conf
port = 873

[rsync01]
max connections = 6
path = /data/rsync01
uid = root
gid = root
auth users = rsync01
secrets file = /etc/rsyncd.secrets
list = yes
read only = no
write only = no
use chroot = yes
lock file = /run/lock/rsyncd-rsync01

編輯  /etc/rsyncd.secrets
rsync01:password

Dell Wyse 3040 安裝 Debian 11

安裝後若無法正常開機，新增一檔案
touch  /boot/EFI/BOOT/BOOTX64.EFI

Apache2 基本認證排除 IP設定

<Location />
  AuthType Basic
  AuthName "You need to login"
  AuthUserFile /etc/apache2/.htpasswd
  Require valid-user

  Deny from all
  Allow from 192.168.1.1
  Satisfy any
</Location>

Debian 11 Apache2 使用自訂腳本身份認證

安裝軟體及設定
apt install libapache2-mod-authnz-external
a2enmod authnz_external
apache2ctl graceful

編輯 /etc/apache2/apache2 
 <VirtualHost 192.168.1.1:80>
#<VirtualHost *:80>
DefineExternalAuth bashtest pipe "/home/apache2/1.sh"
     #   ServerName example.com
     #   ServerAlias www.example.com
        ServerAdmin webmaster@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        ProxyPreserveHost Off
        AllowEncodedSlashes On
        KeepAlive Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        <Location />
          AuthType Basic
          AuthName "You need to login"

        AuthBasicProvider external
        AuthExternal bashtest
        Require valid-user
          Order allow,deny
          Allow from all
        </Location>

        RequestHeader unset Authorization
        ProxyPass / http://192.168.0.1:8080/
        ProxyPassReverse / http://192.168.0.1:8080/
   </VirtualHost>

編輯 認證腳本 /home/apache2/1.sh

#!/bin/bash

f=/home/apache2/1

read user ;echo user=$user >$f

read password ;echo password=$password >>$f

env >>$f

[ "$user" = "user" ]&&[ "$password" = "password" ]&& {

  echo "username/password allowed for user $user\n";

  exit 0;

}

echo "wrong username or password for user $user\n";

sleep(1);

exit 1;

Debian 11 Nginx reverse proxy 增加帳號認證設定

編輯/etc/nginx/sites-enabled/default 加入
location / {
proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.1.1:8080/;
        proxy_redirect off;

        # Password
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        # Don't forward auth to Tomcat
        proxy_set_header   Authorization "";
}

Debian 11 安裝 Apace2 reverse proxy 摘要

安裝 Apache2
sudo apt-get install apache2

設定 Apache2 相關模組
sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests

編輯 Apache2 設定檔  /etc/apache2/apache2.conf 加入
 <VirtualHost 192.168.6.1:80>
#<VirtualHost *:80>
     #   ServerName example.com
     #   ServerAlias www.example.com
        ServerAdmin webmaster@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        RequestHeader unset Authorization
        ProxyPass / http://192.168.0.1:8080/
        ProxyPassReverse / http://192.168.0.1:8080/

        <Location />
          AuthType Basic
          AuthName "You need to login"
          AuthUserFile /etc/apache2/.htpasswd
          Require valid-user
          Order allow,deny
          Allow from all
        </Location>

   </VirtualHost>

設定密碼檔 /etc/apache2/.htpasswd
sudo sh -c "echo -n 'user:' >> /etc/apache2/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/apache2/.htpasswd"

HAPROXY設定摘要

編輯 /etc/haproxy/haproxy.cfg
 global
 maxconn 256
 daemon
# pidfile /run/haproxy/haproxy.pid

defaults
# timeout connect  5000ms
# timeout client  50000ms
# timeout server  50000ms

frontend SSHLB
 mode tcp
 bind *:222

default_backend servers

backend servers
 server sftp01 192.168.92.1:22  maxconn 32
 server sftp02 192.168.92.2:22  maxconn 32

除錯指令

haproxy -f /etc/haproxy/haproxy.cfg -d

Apache2 隱藏版本、作業系統

 Debian/Ubuntu
編輯 /etc/apache2/conf-enabled/security.conf

CentOS
編輯 /etc/httpd/conf/httpd.conf

Alpine
編輯 /etc/apache2/httpd.conf 

ServerTokens Prod
ServerSignature Off

檢測
curl --head https://127.0.0.1:443

Samba 支援symlink

編輯 /etc/samba/smb.conf 
 [global]
follow symlinks = yes
wide links = yes
strict locking = no
unix extensions = no

Proxmox ve LVM 操作筆記

移除 local-lvm
umount /dev/pve/data
lvremove /dev/pve/data

建立 Thinly-Provisioned Logical Volumes
lvcreate -v -L 100G -T pve/data

擴充 PV
parted
pvresize /dev/sda3

指定 LV 大小
lvresize -L 32G /dev/pve/root
resize2fs  /dev/pve/root
lvresize  -L 1024G pve/dat

DHCP Options

   1 netmask

  2 time-offset

  3 router

  6 dns-server

  7 log-server

  9 lpr-server

 13 boot-file-size

 15 domain-name

 16 swap-server

 17 root-path

 18 extension-path

 19 ip-forward-enable

 20 non-local-source-routing

 21 policy-filter

 22 max-datagram-reassembly

 23 default-ttl

 26 mtu

 27 all-subnets-local

 31 router-discovery

 32 router-solicitation

 33 static-route

 34 trailer-encapsulation

 35 arp-timeout

 36 ethernet-encap

 37 tcp-ttl

 38 tcp-keepalive

 40 nis-domain

 41 nis-server

 42 ntp-server

 44 netbios-ns

 45 netbios-dd

 46 netbios-nodetype

 47 netbios-scope

 48 x-windows-fs

 49 x-windows-dm

 58 T1

 59 T2

 60 vendor-class

 64 nis+-domain

 65 nis+-server

 66 tftp-server

 67 bootfile-name

 68 mobile-ip-home

 69 smtp-server

 70 pop3-server

 71 nntp-server

 74 irc-server

 77 user-class

 80 rapid-commit

 93 client-arch

 94 client-interface-id

 97 client-machine-id

119 domain-search

120 sip-server

121 classless-static-route

125 vendor-id-encap

150 tftp-server-address

255 server-ip-address

Proxmox VE 7.x 修復 zfs DEGRADED

正常硬碟 sda，錯誤硬碟 sdb，更新硬碟 sdc

修復 zfs
zpool status
zpool offline rpool /dev/錯誤硬碟
## shutdown install the new disk or replace the disks
sgdisk --replicate=/dev/新硬碟 /dev/正常硬碟
sgdisk --randomize-guids /dev/新硬碟
zpool replace rpool /dev/錯誤硬碟 /dev/新硬碟
zpool status  # => resilvering is working

更新 ESP
proxmox-boot-tool format /dev/sdc2
proxmox-boot-tool init /dev/sdc2
proxmox-boot-tool refresh

Debian 安裝 BCM43xx ( Broadcom BCM94313HMG2L)驅動程式

1.編輯 /etc/apt/sources.list 根據不同版本 debian 加入

# Debian 9 "Stretch"
deb http://deb.debian.org/debian stretch-backports main contrib non-free

# Debian 10 "Buster"
deb http://deb.debian.org/debian buster-backports main contrib non-free

# Debian 11 "Bullseye"
deb http://deb.debian.org/debian bullseye contrib non-free

2.apt-get update
apt-get install linux-image-$(uname -r|sed 's,[^-]*-[^-]*-,,') linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') broadcom-sta-dkms

3.apt-get install -f
dpkg-reconfigure broadcom-sta-dkms

4.find /lib/modules/$(uname -r)/updates

5.modprobe -r b44 b43 b43legacy ssb brcmsmac bcma

6.modprobe wl

參考 https://wiki.debian.org/wl

關閉 SSH Host Key 及 known_hosts

指令列
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no"  ssh-host

設定檔  ~/.ssh/config，/etc/ssh/ssh_config 
Host *
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
   LogLevel ERROR

Host 192.168.0.*
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
   LogLevel ERROR

System policy prevents control of network connections

編輯 /etc/polkit-1/localauthority/50-local.d/47-allow-networkd.pkla

[Allow Network Control all Users]
Identity=unix-user:*
Action=org.freedesktop.NetworkManager.network-control
ResultAny=no
ResultInactive=no
ResultActive=yes

dnsmasq pxe boot 範例

#http://boot.ipxe.org/ipxe.efi
#http://boot.ipxe.org/undionly.kpxe
#dhcp-match=set:<tag>,<option number>|option:<option name>|vi-encap:<enterprise>[,<value>]
#dhcp-boot=[tag:<tag>,]<filename>,[<servername>[,<server address>|<tftp_servername>]]

dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-match=set:efi-x86,option:client-arch,6

dhcp-boot=tag:efi-x86_64,ipxe.efi,,192.168.92.241
dhcp-boot=tag:efi-x86,ipxe.efi,,192.168.92.241

dhcp-match=set:X86-64_EFI_HTTP,option:client-arch,16
dhcp-boot=tag:X86-64_EFI_HTTP,http://192.168.92.241/ipxe.efi

dhcp-match=set:bios,option:client-arch,0
dhcp-boot=tag:bios,undionly.kpxe,,192.168.92.241

dhcp-match=set:ipxe,175
#dhcp-match=set:ipxe-http,175,19
#dhcp-match=set:ipxe-https,175,20

#dhcp-boot=tag:ipxe,ipxe,,192.168.92.241
dhcp-boot=tag:ipxe,http://192.168.92.241/ipxe
dhcp-boot=http://192.168.92.241/ipxe.efi

Authentication is required to create a color managed device

編輯 /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla

[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes

Apache2 Rewrite 設定範例

開啟 Rewrite模組
a2enmod rewrite

確認
apache2ctl -M | grep rewrite

編輯 /etc/apache2/sites-enabled/000-default.conf  加入
<Directory "/var/www/html">
 AllowOverride All
</Directory>

編輯 /var/www/html/.htaccess 加入
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php [L]
</IfModule>

Dell Wyse 3040 Thin Client 預設 BIOS 密碼

1.F2 進入 BIOS 畫面

2.輸入密碼 Fireport

bash script 自動背景執行

 #!/bin/bash

echo pid=$$
(kill -STOP $$;kill -CONT $$) &
while true; do echo pid=$$;sleep 1;done

檢查 /var/log/lastlog

#!/bin/bash
# /var/log/lastlog > 1g
_debug=;

mfile=/var/log/lastlog
archive_dir=/var/log

_f0=$(echo $0|tr \/ _)-$(echo ${*}|md5sum|awk '{print $1}');
exec 100> /tmp/${_f0}.lock
flock -n 100 || exit 1

echo $$ $(date +%Y%m%d-%H%M%S) $0 $* >&100

inotifywait -m ${mfile} |while read dir action file;
do [ -z "$file" ]&&_f=$dir||_f=${dir}/${file};
[ -z "$_debug" ]|| echo debug: $dir $action $file f=$_f;
a_f=$(basename $mfile).$(date +%Y%m%d-%H%M%S);
[ -z "$(ls -lh $_f|awk '{ print $5}'|grep G)" ]||{ lastlog >${archive_dir}/$a_f; :>$mfile; [ -z "$_debug" ]||echo "run..."; }
done;

---

#!/bin/bash
_lastlog=/var/log/lastlog
_lastarchive=/var/log/lastlog

[ -f $_lastlog ]||exit 0;
[ -z "$(ls -lh $_lastlog|awk '{print $5}'|grep G)" ]&& exit 0;
lastlog > ${_lastarchive}.$(date +%Y%m%d-%H%M%S);
:>$_lastlog;

debian 11 安裝 incron

 Debian 11 bullseye  廢棄 incron，以 systemd.path 取代

xfce4 桌面設定 預設不顯示 垃圾筒、home目錄

編輯 /usr/share/desktop-base/profiles/xdg-config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml

<channel> 加入

<property name="desktop-icons" type="empty">
    <property name="file-icons" type="empty">
      <property name="show-trash" type="bool" value="false"/>
      <property name="show-filesystem" type="bool" value="false"/>
      <property name="show-home" type="bool" value="false"/>
    </property>
  </property>

Debian 11 安裝最新版本 Glusterfs

apt install -y gpg
wget -O - https://download.gluster.org/pub/gluster/glusterfs/9/rsa.pub | apt-key add -
DEBID=$(grep 'VERSION_ID=' /etc/os-release | cut -d '=' -f 2 | tr -d '"')
DEBVER=$(grep 'VERSION=' /etc/os-release | grep -Eo '[a-z]+')
DEBARCH=$(dpkg --print-architecture)
echo deb https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/${DEBID}/${DEBARCH}/apt ${DEBVER} main > /etc/apt/sources.list.d/gluster.list

apt update
apt install glusterfs-server

symbol lookup error: gluster: undefined symbol: use_spinlocks

 檢查 Glusterfs 相關套件版本

Linux Debian bcache 摘要

安裝
apt install bcache-tools

建立資料碟(必須大於快取碟)
make-bcache -B /dev/sdx1

建立快取碟(ram disk 不適用)
make-bcache --block 4k --bucket 2M -C /dev/sdy1

指定 資料碟的快取碟
echo $(bcache-super-show /dev/sdy1|grep cset.uuid|awk '{print $2}') >/sys/block/bcache0/bcache/attach
make-bcache -B /dev/sda /dev/sdb -C /dev/sdc

查詢 bcache 運作狀態
cat /sys/block/bcache0/bcache/state
no cache: 沒有 cache 設備
clean: 正常，cache clean
dirty: 正常，cache 模式 writeback，cache 狀態 dirty
inconsistent: 有問題，cache 及 資料沒有同步

查詢cache 模式
cat /sys/block/bcache0/bcache/cache_mode
[writethrough] writeback writearound none

更改 cache 模式
echo writeback > /sys/block/bcache0/bcache/cache_mode

bcache 裝置顯示
/dev/bcacheN
/dev/bcache/by-uuid/UUID
/dev/bcache/by-label/LABEL

停用設備
echo 1 > /sys/block/sdX/sdX[Y]/bcache/stop

停止快取
echo 1 > /sys/block/sdX/sdX[Y]/bcache/detach

安全移除快取
echo <cache-set-uuid> > /sys/block/bcache0/bcache/detach

釋放已使用裝置
echo 1 > /sys/fs/bcache/<cache-set-uuid>/stop

重新載入 bcache 裝置
partprobe  (apt install parted)
echo /dev/sdX > /sys/fs/bcache/register
echo /dev/sdY > /sys/fs/bcache/register

Force flush of cache to backing device
echo 0 > /sys/block/bcache0/bcache/writeback_percent

相關檔案 /etc/tmpfile.d/bcache.conf
w /sys/block/bcache0/bcache/sequential_cutoff - - - - 1M
w /sys/block/bcache0/bcache/cache_mode        - - - - writeback

Apache/2.4.9啟動錯誤：AH01630: client denied by server configuration

原因可能是 Apache2.4 的部分指令和 Apache2.2 不相容

參考
http://httpd.apache.org/docs/2.4/upgrading.html

Linux 掛載 Webdav

apt install davfs2

mount -t davfs -o noexec https://server/webdav/ /mnt/dav/

/etc/fstab 格式
https://server/webdav/ /mnt/WebDAV  davfs _netdev,noauto,user,uid=nobody,gid=nobody 0 0

免輸入帳號密碼
編輯 /etc/davfs2/davfs2.conf 
編輯  /etc/davfs2/secrets

Debian 11 + Apache2 WebDAV筆記

建立儲存位置
mkdir /home/webdav
chown www-data. /home/webdav

編輯 /etc/apache2/sites-available/webdav.conf
Alias /webdav /home/webdav
<Location /webdav>
    DAV On
    #SSLRequireSSL
    Options None
    AuthType Basic
    AuthName WebDAV
    AuthUserFile /home/webdav/.htpasswd
    Options +Indexes
    DirectoryIndex inexistentfile
    <RequireAny>
        Require method GET POST OPTIONS
        Require valid-user
    </RequireAny>
#    Require all granted
</Location>

編輯帳號密碼
htpasswd -c /home/webdav/.htpasswd user

載入 Apache 相關模組
a2enmod dav*
a2ensite webdav

程啟服務
systemctl restart apache2

安裝 SAIGE

安裝 SAIGE v0.45

https://github.com/weizhouUMICH/SAIGE

1.設定 Python 2.7.17 環境
pip install cget

2. R
install.packages("R.utils", "Rcpp", "RcppParallel", "RcppArmadillo", "data.table", "RcppEigen", "Matrix", "methods", "BH", "optparse", "SPAtest", "SKAT","devtools")
devtools::install_github("leeshawn/MetaSKAT")

devtools::install_github("weizhouUMICH/SAIGE")
下載失敗可先將檔案下載後安裝
src_branch=master
repo_src_url=https://github.com/weizhouUMICH/SAIGE
git clone --depth 1 -b $src_branch $repo_src_url
R CMD INSTALL --library=path_to_final_SAIGE_library SAIGE

其他
1.安裝時會連上網路下載檔案
2. http://zlib.net/zlib-1.2.11.tar.gz 連結已變更 https://zlib.net/fossils/zlib-1.2.11.tar.gz會造成安裝失敗

Debian 11 安裝 tabix , samtools

 apt install  tabix samtools

Debian 11 安裝 GitWeb

安裝相關軟體
apt -y install -y git git-core gitweb

設定 Git 資料儲存目錄

mkdir /home/gitweb

修改 /etc/gitweb.conf 內容

$projectroot = "/home/gitweb";

修改  /etc/apache2/conf-enabled/gitweb.conf

<IfModule mod_alias.c>

  <IfModule mod_mime.c>

    <IfModule mod_cgi.c>

      Define ENABLE_GITWEB

    </IfModule>

    <IfModule mod_cgid.c>

      Define ENABLE_GITWEB

    </IfModule>

  </IfModule>

</IfModule>

<IfDefine ENABLE_GITWEB>

  Alias /gitweb/  "/home/gitweb/"

  <Directory  "/home/gitweb">

    Options +FollowSymLinks +ExecCGI

    AddHandler cgi-script .cgi

    Require all granted

  </Directory>

</IfDefine>

載入相關模組及服務

a2enmod cgi alias env

systemctl restart apache2

測試
cd /home/gitweb

git init --bare test;cd test;git update-server-info;

git clone --bare https://github.com/pyenv/pyenv;cd pyenv.gitt;git update-server-info;

git clone http://server/gitweb/test

其他
HTTP 僅能提供 clone，如果想要 push 必須使用 SSH

random 7 urandom warning(s) missed due to ratelimiting

安裝及啟用 Haveged 服務
apt install haveged -y
yum install haveged -y

curl / openssl 檢查網站憑證狀態

echo|openssl s_client -servername www.edu.tw -connect www.edu.tw:443|openssl x509 -noout -dates

curl -s -v -k https://www.edu.tw 2>&1 | grep -E "Connected to|subject|expire"

wget輸出中文亂碼

使用 iconv 指令

範例
 wget -q -O- http://www.blueshop.com.tw/ |iconv -f big5

pyenv筆記

軟體安裝
apt update;apt upgrade -y
apt install -y git python3-pip

apt install -y make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev

git clone https://github.com/pyenv/pyenv.git ~/.pyenv

環境設定
cat <<EOF >pyenv0.sh
export PYENV_ROOT="\$HOME/.pyenv"
export PATH="\$PYENV_ROOT/bin:\$PATH"
type pyenv >/dev/null 2>&1||eval "\$(pyenv init -)"
EOF

source pyenv0.sh

相關指令
pyenv version
pyenv versions
pyenv install <python版本>
pyenv install --list
pyenv uninstall <python版本>
pyenv global <python版本>
pyenv local <python版本>
pyenv shell <python版本>

更新 pyenv
cd ~/.pyenv
git pull

其它
~/.pyenv/cache  設定安裝時來源檔，不上網抓取 Python-xx.tar.xz 
~/.pyenv/versions 各版本安裝位置

Remmina 加密密碼

echo -n #password|remmina --encrypt-password 2>/dev/null|grep "Encrypted password:" |awk '{print $3}'

Nginx proxy fastly error unknown domain

設定加入
proxy_set_header Host $http_host;

Nginx ssl reverse proxy with SNI

加入設定
proxy_ssl_name $host;
proxy_ssl_server_name on;

測試指令
nginx -V

Debian 11 Samba 使用 Winbind 認證

安裝軟體
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
 
編輯 /etc/krb5.conf  
[libdefaults]
        default_realm = TEST.COM
 
# The following krb5.conf variables are only for MIT Kerberos.
       kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
 
編輯 /etc/samba/smb.conf
[global]   
   workgroup = TEST
   realm = TEST.DOM
   security = ads
   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config FD3S01 : backend = rid
   idmap config FD3S01 : range = 10000-999999
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
 
[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0755
   directory mask = 0755
   valid users = %S
   root preexec = /opt/mkmyhome.sh %S %H
#   hide files = /abc/ /a/ /.*/
 
編輯 /etc/nsswitch.conf 修改
passwd:         files systemd winbind
group:          files systemd winbind
 
編輯 /etc/pam.d/common-session  加入
# add to the end if you need (auto create a home directory at initial login)
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

編輯 /opt/mkmyhome.sh
#!/bin/bash
user=$1
home=$2
group="domain users"

[ -z "$user" ]&&exit 9;
[ -z "$home" ]&&exit 9;
[ -d "$home" ]&&exit 9;

mkdir -p $home -m 700  && chown "${user}:${group}" $home;
exit $?;

chmod a+x /opt/mkmyhome.sh

加入網域
net ads join -U Administrator
 
重啟服務
 systemctl restart winbind

其他相關指令
net ads leave -U Administrator

FortiSwitch-124F 恢復預設

1.press the Reset button for about 10 seconds and then release it.
 
2.exec factoryreset

NextCloud 備份

設定維護模式
sudo -u www-data php occ maintenance:mode --on
或編輯 config/config.php  
 "maintenance" => false 異動為 "maintenance" => true
 
備份資料
rsync -Aavx nextcloud/ nextcloud-dirbkp_`date +"%Y%m%d"`/
 
備份資料庫
mysqldump --single-transaction -h [server] -u [username] -p[password] [db_name] > nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
 
停用維護模式
sudo -u www-data php occ maintenance:mode --off

nginx 設定 php-fpm

 server {
    gzip on;
   
    location / {
        try_files $uri $uri/ =404;
    }
 
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }
}

NextCloud Internal Server Error after login

1) sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
2) chown -R www-data:www-data /var/www/nextcloud/
3) chmod -R 770 /var/www/nextcloud/
4) sudo -u www-data php /var/www/nextcloud/occ maintenance:repair
5) sudo -u www-data php /var/www/nextcloud/occ db:add-missing-columns
6) sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
7) sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
8) sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
9) sudo systemctl restart apache2

1) mysql> select * from oc_storages;
delete all the content from the table oc_filecache
2) mysql> TRUNCATE TABLE oc_filecache;

編輯 nextcloud/config/config.php
'trusted_domains' =>
  array (
    0 => 'localhost',
1 => 'exap\mple.com',
2 => '192.168.1.1',
  ),
 'datadirectory' => '/var/www/nextcloud-data',
 'dbtype' => 'mysql',

NextCloud LDAP 設定 出現 Internal Server Error

可能是設定檔異常

sudo -u nextcloud php7.3 /var/www/nextcloud/occ log:tail
sudo -u www-data php7.3 /var/www/nextcloud/occ app:list
sudo -u www-data php7.3 /var/www/nextcloud/occ ldap:show-config

sudo -u www-data php7.3 /var/www/nextcloud/occ app:enable user_ldap
sudo -u www-data php7.3 /var/www/nextcloud/occ app:disable user_ldap

修改設定檔參考指令
sudo -u www-data php7.3 /var/www/nextcloud/occ ldap:set-config "s01" ldap_login_filter "(&(|(objectclass=posixAccount))(uid=%uid))"

NextCloud 重設 管理員密碼

sudo -u www-data php /var/www/nextcloud/occ user:resetpassword admin

NGINX 設定 https ssl

產生私鑰
openssl genrsa -des3 -out privkey.key 2048

產生 CSR
openssl req -new -key privkey.key -out ca.csr <<EOF
TW
Taiwan
Taipei
INIC
G
MIS
email

EOF
 
去除私鑰密碼
openssl rsa -in privkey.key -out ca.key

建立自我簽署的CA
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

複製金鑰
mkdir /etc/nginx/ssl
cp ca.crt /etc/nginx/ssl/nginx.crt
cp ca.key /etc/nginx/ssl/nginx.key

編輯 /etc/nginx/sites-enabled/default
server {
  listen 80 default_server;
  listen [::]:80 default_server;

  # 加入 SSL 設定
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  # 憑證與金鑰的路徑
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;

  # ...
}

Proxmox VE VM Linux 網路界面模組

e1000
virtio_net
8139cp
8139too
vmxnet3

MariaDB無法開啟服務

刪除/var/lib/mysql/ib_logfile* /var/lib/mysql/tc.log

bash GUI 相關資源

TEXT 模式
dialog, whiptail

X Window 模式
zenity, xdialog

xrdp 停用 thinclient_drives

編輯 /etc/xrdp/xrdp.ini
allow_channels=false

注意資源轉向功能全部失效

Debian X session 啟動設定及腳本目錄

/etc/X11/Xsession.options 
/etc/X11/Xsession.d/
/etc/xdg/autostart

The Debian reference manual describes how the defaults work:
If the user has a ~/.xsessionrc file, read it.
If a specific session was selected in the DM (GDM, KDM, WDM, LightDM, ...) , run it.
Otherwise, if the user has a ~/.xsession or ~/.Xsession file, run it.
Otherwise, if the /usr/bin/x-session-manager command exists, run it.
Otherwise, if the /usr/bin/x-window-manager command exists, run it.
Otherwise, if the /usr/bin/x-terminal-emulator command exists, run it.

GO GO111MODULE 與 GOPATH

GO111MODULE=off，使用 GOPATH mode 模式

GO111MODULE=on，使用 Go modules 模式

Windows 10 限制 RDP 資源

執行 gpedit

電腦設定\原則\系統管理範本\Windows元件\遠端桌面服務\遠端桌面工作階段主機\裝置及資源重新導向\

設定 Raspberry pi zero Wifi AP

#安裝相關軟體
apt install -y iptables dnsmasq hostapd

export uap0=192.168.2.1/24
export dhcpr=192.168.2.2,192.168.88.50,12h

#設定網路界面
cat >/etc/network/interfaces.d/wlan0 <<EOF
auto wlan0
allow-hotplug wlan0

iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
EOF

cat >/etc/network/interfaces.d/uap0 <<EOF
iface uap0 inet static
  address 192.168.2.1
  netmask 255.255.255.0
  network 192.168.2.0
  broadcast 192.168.2.255
  gateway 192.168.2.1
EOF

#設定 dhcpd uap0 界面
echo >>dhcpcd.conf <<EOF
interface uap0
static ip_address=${uap0}
nohook wpa_supplicant
EOF

#設定 dnsmasq 服務
cat >>/etc/dnsmasq.conf <<EOF
interface=uap0
no-dhcp-interface=lo,wlan0
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=${dhcpr}
EOF

#設定 hostapd 服務
cat >/etc/hostapd/hostapd.conf <<EOF
interface=uap0
ssid=piap
hw_mode=g
channel=11
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
EOF

echo 'DAEMON_CONF="/etc/hostapd/hostapd.conf"'  >>/etc/default/hostapd
systemctl unmask hostapd

#產生執行 script
cat >/root/startap.sh <<EOF
#!/bin/bash
# Create the virtual device
/sbin/iw dev wlan0 interface add uap0 type __ap
ifup uap0

# Route all the packets coming on this interface, this will enable #us to access internet through wlan0

sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE

systemctl start dnsmasq
systemctl start hostapd
EOF

Cannot copy/paste text in xfce4-terminal

apt-get install xfce4-clipman xfce4-goodies

編輯 /etc/locale.gen 增加
zh_TW.UTF-8 UTF-8

執行locale-gen

echo LANG=zh_TW.UTF-8  >>/etc/locale.conf

neighbor table overflow

增加數值
/proc/sys/net/ipv4/neigh/default/gc_thresh1
/proc/sys/net/ipv4/neigh/default/gc_thresh2
/proc/sys/net/ipv4/neigh/default/gc_thresh3

echo "net.ipv4.neigh.default.gc_thresh1 = 512" >> /etc/sysctl.conf
echo "net.ipv4.neigh.default.gc_thresh2 = 2048" >> /etc/sysctl.conf
echo "net.ipv4.neigh.default.gc_thresh3 = 4096" >> /etc/sysctl.conf
sysctl -p

HPE Smart Storage Administrator 軟體

https://support.hpe.com/connect/s/product?language=zh_TW&tab=driversAndSoftware&kmpmoid=1014111696&driversAndSoftwareFilter=8000078

Smart Storage Administrator (SSA) for Linux 64-bit : ssa-5.20-8.0.x86_64.rpm (11 MB)
https://support.hpe.com/hpesc/public/swd/detail?swItemId=MTX_dd378aacf3c24065a4f2f8dbd0
https://downloads.hpe.com/pub/softlib2/software1/pubsw-linux/p2128966397/v193232/ssa-5.20-8.0.x86_64.rpm

適用於 Linux (64 位元) 的 Smart Storage Administrator (智慧型儲存管理員 (SSA)) CLI :ssacli-5.20-8.0.x86_64.rpm (16 MB)
https://support.hpe.com/hpesc/public/swd/detail?swItemId=MTX_e8b00a323a3e415db13dafa24a
https://downloads.hpe.com/pub/softlib2/software1/pubsw-linux/p1736097809/v193233/ssacli-5.20-8.0.x86_64.rpm

適用於 Linux (64 位元) 的 Smart Storage Administrator Diagnostic Utility (SSADU) CLI  :ssaducli-5.20-8.0.x86_64.rpm (4.1 MB)
https://support.hpe.com/hpesc/public/swd/detail?swItemId=MTX_cb044e3153754d20b14bcbc731
https://downloads.hpe.com/pub/softlib2/software1/pubsw-linux/p174449676/v193234/ssaducli-5.20-8.0.x86_64.rpm

Debian 11.x 可以使用 alien 安裝

Oracle Linux 8.x 使用 windows ad 認證

yum -y install krb5-workstation realmd sssd oddjob oddjob-mkhomedir adcli samba-common oddjob oddjob-mkhomedir sssd samba-common-tools

update-crypto-policies --set DEFAULT:AD-SUPPORT

設定 xrdp 支援  sssd
echo "ad_gpo_map_interactive = +xrdp-sesman">>/etc/sssd/sssd.conf

相關指令
getent passwd
getent passwd "domain\userid"
wbinfo -u
wbinfo -p
wbinfo -t
kinit domain.name
klist

Oracle Linux 8.x 中文輸入

yum -y install langpacks-zh_TW
yum -y install ibus-libpinyin.x86_64 ibus-table-easy ibus-table-cangjie

相關指令、設定檔案
locale
localectl
localectl set-locale LANG=
/etc/locale.conf 

tcl/tk exec 結果儲存至變數

 catch { exec /usr/bin/find /root/tcla >/dev/null } msg

Oracle Linux 8.x 安裝 google chrome 相關函式庫

yum install -y  liberation-fonts vulkan

xfce4 menu 設定

編輯 /etc/xdg/menus/xfce-applications.menu

/usr/share/applications/*