wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
cat >/etc/apt/sources.list.d/pbs-no-subscription.list <<EOF
# Proxmox Backup Server pbs-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
EOF
apt update
apt install proxmox-backup-client
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 10000 -nodes
/etc/nginx/ssl 增加金鑰
ssl_certificate /etc/nginx/ssl/nginx.crt
ssl_certificate_key /etc/nginx/ssl/nginx.key
/etc/nginx/sites-enabled/librenms.vhost 增加 server { 中設定
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
listen 80;
server_name 192.168.10.240;
root /opt/librenms/html;
index index.php;
<?php
echo "<pre>";
ob_implicit_flush(true);
ob_end_flush();
$cmd = "./1.sh";
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($cmd, $descriptorspec, $pipes, realpath('./'), array());
if (is_resource($process)) while ($s = fgets($pipes[1])) print $s;
?>
1.編輯 /etc/network/interfaces
# Loopback interface.
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
# Bridge setup
auto br0
iface br0 inet dhcp
bridge_ports eth0 eth1
2.編輯 /etc/shorewall/interfaces
#ZONE INTERFACE OPTIONS
net br0 bridge
in br0:eth1
out br0:eth0
3.編輯 /etc/shorewall/zones
#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
fw firewall
net ipv4
in:net bport
out:net bport
4.編輯 /etc/shorewall/policy
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT
#loc net ACCEPT
in out ACCEPT
out in ACCEPT
out all DROP info
net all DROP
編輯 /etc/polkit-1/localauthority/50-local.d/wifi.scan.pkla
[Allow Wifi Scan]
Identity=unix-user:*
Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control
ResultAny=yes
ResultInactive=yes
ResultActive=yes
編輯 /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla
[Allow Package Management all Users]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-sources-refresh
ResultAny=yes
ResultInactive=yes
ResultActive=yes
/etc/security/pwquality.conf
/etc/pam.d/common-password
/etc/login.defs
相關指令及檔案
/etc/pam.d/password
/etc/pam.d/common-password
passwd --expire [[$USER]
chage -d 0 [$USER]
編輯 /etc/apt/sources.list
deb http://deb.debian.org/debian bookworm main contrib non-free
deb http://deb.debian.org/debian bookworm-updates main contrib non-free
deb http://security.debian.org/debian-security bookworm-security main
deb http://ftp.debian.org/debian bookworm-backports main contrib non-free
apt update -y
apt upgrade --without-new-pkgs -y
apt full-upgrade -y
編輯 /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main
deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
apt update -y
apt upgrade --without-new-pkgs -y
apt full-upgrade -y
1.編輯 /etc/shorewall/shorewall.conf
BLACKLIST 選項
2.編輯 /etc/shorewall/blrules
#ACTION SOURCE DEST PROTO DPORT
WHITELIST net:1.2.3.4 all
DROP net all udp 1023:1033,1434,5948,23773
DROP all net udp 1023:1033
DROP net all tcp 57,1433,1434,2401
DROP net:1.2.3.4 all
DROP net:1.2.23.4 all tcp 25
安裝軟體
apt install -y sudo screen
apt install -y acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils net-tools
apt install samba krb5-config winbind smbclient -y
apt-get install ldb-tools
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind
升級 Domain Controller
mv /etc/samba/smb.conf /etc/samba/smb.conf.ori
samba-tool domain provision
#samba-tool domain provision --use-rfc2307 --interactive
mv /etc/krb5.conf /etc/krb5.conf.ori
ln -s /var/lib/samba/private/krb5.conf /etc/krb5.conf
systemctl start samba-ad-dc
測試
smbclient -L localhost -U%
samba-tool domain level show
建立帳號
samba-tool user create user
samba-tool user list
pdbedit -L -v
RFC 2307屬性
驗證 NIS 擴充功能是否已安裝在 Active Directory 中
ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b \
CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=tdap,DC=sinica cn
RFC 2307屬性允許在 LDAP 目錄中儲存 Unix 使用者和群組資訊
不建議在 Samba AD DC 上使用 RFC2307 對應。預設的 idmap.ldb 機制適用於網域控制站且不易出錯。
安裝軟體
apt install -y sudo screen
apt install -y acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user dnsutils net-tools
apt install samba krb5-config winbind smbclient -y
apt-get install ldb-tools
systemctl stop smbd nmbd winbind
systemctl disable smbd nmbd winbind
systemctl mask smbd nmbd winbind
升級 Domain Controller 加入網域
mv /etc/samba/smb.conf /etc/samba/smb.conf.ori
samba-tool domain join DOMAIN.loc DC -U "DOMAIN\administrator"
systemctl start samba-ad-dc
測試
smbclient -L localhost -U%
samba-tool domain level show
建立帳號
samba-tool user create user
samba-tool user list
pdbedit -L -v
Kerberos 相關設定 /etc/krb5.conf:
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = DOMAIN.LOC
Kerberos 相關指令
kinit administrator
klist
RFC 2307屬性
驗證 NIS 擴充功能是否已安裝在 Active Directory 中
ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b \
CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=tdap,DC=sinica cn
RFC 2307屬性允許在 LDAP 目錄中儲存 Unix 使用者和群組資訊
不建議在 Samba AD DC 上使用 RFC2307 對應。預設的 idmap.ldb 機制適用於網域控制站且不易出錯。
編輯 /etc/apt/sources.list
#deb http://deb.debian.org/debian buster main contrib non-free
#deb http://deb.debian.org/debian buster-updates main contrib non-free
#deb http://deb.debian.org/debian buster-backports main contrib non-free
#deb http://security.debian.org buster/updates main contrib
deb http://ftp.debian.org/debian buster main contrib
deb http://ftp.debian.org/debian buster-updates main contrib
deb http://security.debian.org buster/updates main contrib
'pve/data' failed: Activation of logical volume pve/data is prohibited while logical volume pve/data_tdata is active.
lvchange -an pve/data_tdata
lvchange -an pve/data_tmeta
lvchange -ay pve/data
修改 /etc/shorewall/shorewall.conf
ADD_IP_ALIASES=Yes
編輯 /etc/shorewall/nat
10.10.10.10 eth0 192.168.201.1 no no
sgdisk --replicate=/dev/新硬碟 /dev/正常硬碟
sgdisk --randomize-guids /dev/新硬碟
proxmox-boot-tool format /dev/sdb2
proxmox-boot-tool init /dev/sdb2
proxmox-boot-tool refresh
pvcreate /dev/sdb3
vgextend pve /dev/sdb3
pvmove /dev/sda3 /dev/sdb3
vgreduce pve /dev/sda3
#glusterfs=11 / 10 / 9 / 8 / 7
#debian=bookworm / bullseye / buster / stretch
glusterfs=11
debian=bookworm
wget -O - https://download.gluster.org/pub/gluster/glusterfs/${glusterfs}/rsa.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/gluster.gpg
wget -O - https://download.gluster.org/pub/gluster/glusterfs/${glusterfs}/rsa.pub | apt-key add -
echo deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/${glusterfs}/LATEST/Debian/${debian}/amd64/apt ${debian} main > /etc/apt/sources.list.d/gluster.list
apt-get update
apt-get install [ glusterfs-server | glusterfs-client ]
編輯 /etc/chrony/chrony.conf 加入
server ntp1.example.com iburst
server ntp2.example.com iburst
server ntp3.example.com iburst
systemctl restart chronyd
查詢狀態
systemctl status chronyd
USB 1.0 Low Speed: 1.5Mbps
USB 1.1 Full Speed : 12Mbps
USB 2.0 High Speed: 480Mbps
使用 chrony
編輯 /etc/chrony/chrony.conf 加入
server ntp1.example.com iburst
server ntp2.example.com iburst
server ntp3.example.com iburst
重啟 chrony
systemctl restart chronyd
確認
journalctl --since -1h -u chrony
使用 systemd-timesyncd
編輯 /etc/systemd/timesyncd.conf 加入
[Time]
NTP=ntp1.example.com ntp2.example.com ntp3.example.com ntp4.example.com
使用 ntpdate
ntpdate -b ntp1.example.com
for i in *.deb;do
echo $i
rm debian-binary control.tar.xz data.tar.xz control.tar.zst data.tar.zst
ar x $i
# Uncompress zstd files an re-compress them using xz
zstd -d < control.tar.zst | xz > control.tar.xz
zstd -d < data.tar.zst | xz > data.tar.xz
# Re-create the Debian package in /tmp/
ar -m -c -a sdsd /tmp/$i debian-binary control.tar.xz data.tar.xz
done
設定 console 登入密碼
line console 0
(config-line)password password
(config-line)login
取消console 登入密碼
line console 0
(config-line)no password
(config-line)no login
username [[userid]] privilege 15 password [[new-password]]
錯誤訊息 Invalid encrypted password:
service password-encryption
/proc/driver/rtc
rtc_time:目前格林威治標準時間 (GMT: Greenwich Mean Time),台灣加 8 小時
rtc_date:目前的 rtc 日期
alarm_time:設定開機的時間
alarm_date:設定開機的日期
alarm_IRQ:是否有設定鬧鐘,no 沒有設定自動開機,若設定 yes
設定開機時間
/sys/class/rtc/rtc0/wakealarm
date +%s -d "now + 100minutes" > /sys/class/rtc/rtc0/wakealarm
/proc/uptime
第一個數值 代表從系統啟動到現在的時間(秒為單位)
第二個數值 代表系統空閒的時間(秒為單位)
鎖定密碼
usermod -L
passwd -l
設定帳號逾期
chage -E0
指定登入 shell
usermod -s /sbin/nologin
相關檢查指令
passwd --status
chage -l
getent passwd
限制 port 每秒 廣播封包不能超過100個,超過則暫停該 port流量,低於 100 恢復流量
storm-control broadcast level pps 100
show storm-control
line vty 0 15
transport input none
恢復預設
default transport input
default transport output
停用 Telnet
ip telnet server disable
停用 HTTP
no ip http server
啟用 HTTPS
crypto certificate 1 generate key
ip https certificate 1
ip http secure-server
啟用 SSH
crypto key generate rsa
crypto key generate dsa
ip ssh server
其他相關指令
show ip telnet
show ip http server status
username
show users accounts
show users login-history
no logging on Disable all logging except to the console.
no logging buffer Disable logging to the logging buffer.
no logging monitor Disable logging to terminal lines.
no logging console Disable console logging.
logging buffered <0-7> Set logging severity level for buffer. (default = 7)
logging console <0-7> Set logging level severity for console. (default = 7)
logging monitor <0-7> Set logging level severity for monitor. (default = 7)
logging trap <0-7> Set logging level severity for traps. (default = 6)
logging history <0-7> Set logging level severity for history (default = 4)
logging buffered <40960-524288> Set logging buffer size (default = 40960)
logging history size <0-500> Set logging history size. (default = 1)
logging [[logserver ip]]
其他相關
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
clear logging — clears the logging buffer.
show logging — displays the logging setting and system messages in the internal buffer.
sntp 較時相關指令
sntp unicast client enable
sntp server [[ip]]
clock summer-time recurring USA
clock timezone +7
設定主機名、IP
hostname [[hostname]]
ip address
ip name-server [[dns-server]]
其他相關指令
show clock
show sntp status
show ip interface
show hosts
show switch
show version
編輯 /etc/systemd/system/log_server.service
[Unit]
Description=MySysLog Server
[Service]
Type=simple
ExecStart=/root/syslog/s1.php
Restart=always
[Install]
WantedBy=multi-user.target
變更 權限
chmod 644 /etc/systemd/system/log_server.service
重新載入 Systemd 設定檔
systemctl daemon-reload
Systemd 服務說明文件
man systemd.unit
man systemd.service
man systemd.exec
apt install -y git gcc
export GO111MODULE=off
go get github.com/mattn/go-sqlite3
sudo apt update && sudo apt upgrade -y
編輯/etc/apt/sources.list 將 bullseye 替換 bookworm
apt update
apt upgrade --without-new-pkgs -y
apt full-upgrade -y
cat /etc/debian_version
reboot
apt --purge autoremove -y
確認 存儲庫及刪除package 的保留狀態
apt-mark showhold
apt-mark unhold [package_name]
apt update && sudo apt upgrade
apt install gcc-8-base
編輯 /etc/apt/sources.list 移除舊儲存庫並加入
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main
deb http://ftp.debian.org/debian bullseye-backports main contrib non-free
apt update
apt full-upgrade -y
確認更新版本
cat /etc/debian_version
重新開機
systemctl reboot
檢視 Journal Log 使用空間
journalctl --disk-usage
du -sh /var/log/journal
Journal Log 保留 10週
journalctl --vacuum-time=10w
Journal Log 保留 10月
journalctl --vacuum-time=10M
Journal Log 保留 100M
journalctl --vacuum-size=100M
Journal Log 保留 10G
journalctl --vacuum-size=10G
Proxmox
http://download.proxmox.com/images/system/
Turnkey
http://mirror.turnkeylinux.org/turnkeylinux/images/
find /var/log/proxmox-backup/tasks -type f -name 'UPID*' -mtime +90 -delete
Windows 帳號最近一次變更密碼查詢
net user [[user id]]
net user [[user id]] /domain
Linux 帳號最近一次變更密碼查詢
方法1:chage -l [[user id]]
方法2:查詢/etc/shadow 第三個欄位,最近一次密碼修改的天數(距離 1970/01/01的天數)
date -u -d "1970-01-01 UTC $((19523 * 86400 )) seconds" (19523)
範例 查詢 root
busybox date @$(expr $(cat /etc/shadow |grep root|cut -d : -f3) \* 86400 )
其他
Linux 密碼規則設定檔 /etc/login.defs
安裝相關軟體
apt install samba smbclient cifs-utils
增加 Linux系統中帳號,群組
groupadd smbshare
useradd -M -s /sbin/nologin sambauser
usermod -aG smbshare sambauser
建立 samba 系統帳號
smbpasswd -a sambauser
啟用 samba 系統帳號
smbpasswd -e sambauser
建立分享目錄
mkdir /private /public
chgrp -R smbshare /private
chgrp -R smbshare /public
chmod 2770 /private
chmod 2775 /public
編輯 Samba 設定檔 /etc/samba/smb.conf
[public]
comment = Public Folder
path = /public
writable = yes
guest ok = yes
guest only = yes
force create mode = 775
force directory mode = 775
[private]
comment = Private Folder
path = /private
writable = yes
guest ok = no
valid users = @smbshare
force create mode = 770
force directory mode = 770
inherit permissions = yes
測試設定檔
testparm
PVE HOST 安裝 xfs 工具
apt install xfsprogs
PVE HOST 格式化 xfs
mkfs.xfs
PVE HOST 變更 LV 大小
lvresize
PVE HOST 轉換檔案系統
xfs_growfs -d /mountfs
ext4 轉 xfs 工具
fstransform
訊息
activating LV 'pve/data' failed: Activation of logical volume pve/data is prohibited while logical volume pve/data_tmeta is active.
修復步驟
lvchange -an pve/data_tdata
lvchange -an pve/data_tmeta
lvchange -ay pve/data
查詢 ssh 支援密碼類型
ssh -Q cipher
指定 scp 加密方式
scp -o Ciphers=aes256-gcm@openssh.com file host:/dev/null
url="https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.1613.0000.0000_Unified_StorCLI-PUL.zip"
apt-get install -y alien
apt-get install -y libncurses5
opwd=`pwd`
mkdir /tmp/StorCLI
cd /tmp/StorCLI
wget -q -O- ${url} |busybox unzip -
cd Unified_storcli_all_os/Linux
alien storcli-007.1613.0000.0000-1.noarch.rpm
dpkg -i storcli_007.1613.0000.0000-2_all.deb
cd $opwd
安裝路徑
/opt/MegaRAID/storcli
建立 sqfs 檔案
mksquashfs /path/to/my/directory image.sqfs
truncate -s +8M image.sqfs
cryptsetup -q reencrypt --encrypt --type luks2 --resilience none --disable-locks --reduce-device-size 8M image.sqfs
掛載使用
losetup /dev/loop0 image.sqfs
cryptsetup luksOpen /dev/loop0 Encdisk
mount /dev/mapper/Encdisk /mnt
卸載
umount /mnt
dmsetup remove Encdisk
losetup -d /dev/loop0
<%@page contentType="text/html" pageEncoding="UTF-8"%>
Java 運行時環境版本 <%= System.getProperty("java.version") %><br>
Java 運行時環境供應商 <%= System.getProperty("java.vendor") %><br>
Java 供應商 URL <%= System.getProperty("java.vendor.url") %><br>
Java 安裝目錄 <%= System.getProperty("java.home") %><br>
<hr>
Java 虛擬機規範版本 <%= System.getProperty("java.vm.specification.version") %><br>
Java 虛擬機規範供應 <%= System.getProperty("java.vm.specification.vendor") %><br>
Java 虛擬機規範名稱 <%= System.getProperty("java.vm.specification.name") %><br>
Java 虛擬機實現版本 <%= System.getProperty("java.vm.version") %><br>
Java 虛擬機實現供應商 <%= System.getProperty("java.vm.vendor") %><br>
Java 虛擬機實現名稱 <%= System.getProperty("java.vm.name") %><br>
Java 運行時環境規範版本 <%= System.getProperty("java.specification.version") %><br>
Java 運行時環境規範供應商 <%= System.getProperty("java.specification.vendor") %><br>
Java 運行時環境規範名稱 <%= System.getProperty("java.specification.name") %><br>
<hr>
Java class 格式版本號 <%= System.getProperty("java.class.version") %><br>
Java class 路徑 <%= System.getProperty("java.class.path") %><br>
Java class 搜索路徑 <%= System.getProperty("java.library.path") %><br>
<hr>
JIT 編譯器 <%= System.getProperty("java.compiler") %><br>
擴展目錄路徑 <%= System.getProperty("java.ext.dirs") %><br>
<hr>
OS 名稱 <%= System.getProperty("os.name") %><br>
OS 架構 <%= System.getProperty("os.arch") %><br>
OS 版本 <%= System.getProperty("os.version") %><br>
<hr>
tmp 目錄 <%= System.getProperty("java.io.tmpdir") %><br>
文件分隔(UNIX 系統使用 “/”) <%= System.getProperty("file.separator") %><br>
路徑分隔(UNIX 系統使用 “:”) <%= System.getProperty("path.separator") %><br>
行分隔(UNIX 系統使用 “/n”) <%= System.getProperty("line.separator") %><br>
<hr>
Tomcat 帳號 <%= System.getProperty("user.name") %><br>
Tomcat 目錄 <%= System.getProperty("user.home") %><br>
Tomcat 工作目錄 <%= System.getProperty("user.dir") %><br>
Catalina home <%= System.getProperty("catalina.home") %><br>
Catalina base <%= System.getProperty("catalina.base") %><br>
catalina.home = /usr/share/tomcat9 安裝目錄 bin lib 父目錄 bin etc lib
catalina.base = /var/lib/tomcat9 工作目錄 每個 Tomcat實例私有目錄 conf lib logs policy webapps work
編輯 /etc/tomcat9/server.xml <Service name=""Catalina">加入
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
ciphers="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"
maxThreads="150" scheme="https" secure="true"
keystoreFile="server.pfx" keystorePass="password"
clientAuth="false" sslProtocol="TLSv1.2+TLSv1.3" />
IPTABLE port 443 轉向 8443
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
安裝
apt install tomcat9
關閉熱部署
編輯 /etc/tomcat9/server.xml 尋找
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
更改為
<Host name="localhost" appBase="webapps"
unpackWARs="false" autoDeploy="false">
sed -i 's/ unpackWARs="true"/ unpackWARs="false"/' /etc/tomcat9/server.xml
sed -i 's/ autoDeploy="true"/ autoDeploy="false"/' /etc/tomcat9/server.xml
隱藏 Tomcat 版本
編輯 /etc/tomcat9/server.xml
尋找 <Host name= 區間 加入
<!-- Hidden Tomcat Version -->
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
sed -i '/<\/Host>/i\ \
<!-- Hidden Tomcat Version --> \
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" howServerInfo="false" />' \
/etc/tomcat9/server.xml
測試檔
echo 'Hello! <%= config.getInitParameter("defaultGuestName") %>'>test.jsp
日誌檔
/var/log/tomcat9/
安裝
apt-get install php-fpm
編輯 /etc/nginx/sites-enabled/default 修改
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
查詢PHP 版本及相關服務
ls /var/run/php/*.sock
systemctl list-unit-files
確認 realip 模組
nginx -V 2>&1 |xargs -n 1 |grep http_realip
編輯 /etc/nginx/nginx.conf http 區塊加入
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
a2enmod remoteip
編輯 /etc/apache2/conf-enabled/remotepi.conf
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 192.168.0.0/16
</IfModule>
修改 /etc/apache2/apache2.conf LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
==>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
USER = user owning the process PID = process ID of the process %CPU = It is the CPU time used divided by the time the process has been running. %MEM = ratio of the process’s resident set size to the physical memory on the machine VSZ = virtual memory usage of entire process (in KiB) RSS = resident set size, the non-swapped physical memory that a task has used (in KiB) TTY = controlling tty (terminal) STAT = multi-character process state START = starting time or date of the process TIME = cumulative CPU time COMMAND = command with all its arguments
Process State Codes (STAT):
R running or runnable (on run queue)
D uninterruptible sleep (usually IO)
S interruptible sleep (waiting for an event to complete)
Z defunct/zombie, terminated but not reaped by its parent
T stopped, either by a job control signal or because it is being traced
Some extra modifiers:
< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom IO)
s is a session leader
l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group
url=https://www.google.com
export url
echo $url
printf "\nTLS 1.3\n=========================================================================\n"
openssl ciphers -s -tls1_3|tr : \ |xargs -n 1 bash -c 'pad="$0 ";printf "${pad:0:32} = ";curl --insecure -s -S -o /dev/null --no-progress-meter --tls-max 1.3 $url --tls13-ciphers $0&&echo OK '
printf "\nTLS 1.2\n=========================================================================\n"
openssl ciphers -s -tls1_2|tr : \ |xargs -n 1 bash -c 'pad="$0 ";printf "${pad:0:32} = ";curl --insecure -s -S -o /dev/null --no-progress-meter --tls-max 1.2 $url --ciphers $0&&echo OK '
相關網站
https://www.ssllabs.com/ssltest/
openssl s_client -connect www.google.com:443
openssl s_client -connect www.google.com:443 -tls1_1
openssl s_client -connect www.google.com:443 -tls1_2
openssl s_client -connect www.google.com:443 -tls1_3
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.1
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.2
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.3
pct console [vid]
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
qm terminal [vid]
Ctrl + O
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
安裝 X Window
setup-xorg-base
apk add sudo xfce4 xfce4-terminal lightdm-gtk-greeter elogind polkit-elogind dbus gnupg font-noto-cjk musl-locales firefox ( gvfs udisks2 )
服務設定
rc-service dbus start
rc-update add dbus
rc-update add lightdm
rc-service lightdm start
安裝 XRDP
apk add xrdp xorgxrdp
rc-service xrdp start
rc-service xrdp-sesman start
rc-update add xrdp
rc-update add xrdp-sesman
相關檔案
/etc/xrdp/xrdp.ini
polkit(PolicyKit)一種授權 API,目的是供特權程序(例如係統守護進程)使用,為非特權程序提供服務。
elogind 是 systemd項目的logind,被提取到一個獨立的包中。專為非 systemd init 系統但仍想使用依賴 systemd 執行軟件(如KDE / Wayland或GNOME)而設計
編輯/etc/environment,設定系統語言為中文
LANG=zh_TW.UTF-8
LC_CTYPE="zh_TW.UTF-8"
#LC_NUMERIC="zh_TW.UTF-8"
#LC_TIME="zh_TW.UTF-8"
#LC_COLLATE="zh_TW.UTF-8"
#LC_MONETARY="zh_TW.UTF-8"
LC_MESSAGES="zh_TW.UTF-8"
#LC_PAPER="zh_TW.UTF-8"
#LC_NAME="zh_TW.UTF-8"
#LC_ADDRESS="zh_TW.UTF-8"
#LC_TELEPHONE="zh_TW.UTF-8"
#LC_MEASUREMENT="zh_TW.UTF-8"
#LC_IDENTIFICATION="zh_TW.UTF-8"
LC_ALL=
安裝 fcitx5 中文輸入法
apk add fcitx5 fcitx5-chewing fcitx5-chinese-addons fcitx5-configtool fcitx5-configtool-lang fcitx5-lang fcitx5-table-extra
編輯 /etc/environment 設定 fcitx5 環境變數
GTK_IM_MODULE=fcitx
QT_IM_MODULE=fcitx
XMODIFIERS=@im=fcitx
SDL_IM_MODULE=fcitx
GLFW_IM_MODULE=ibus
套件說明
新酷音注音輸入法:fcitx5-chewing
碼表輸入法(倉頡、鄭碼、行列、輕鬆、嘸蝦米輸入法、速成、五筆、筆順五碼、粵語拼音、廣東拼音、港式廣東話、吳語注音): fcitx5-table-extra
拼音輸入法:fcitx5-chinese-addons
正簡體轉換功能,請安裝 fcitx5-chinese-addons
rc-update add local default
編輯開機執行檔
/etc/local.d/rclocal.start
/etc/local.d/rclocal0.start
其他說明
副檔名為 start 開機時執行
副檔名為 stop 關機時執行
Alpine Linux 使用 OpenRC 處理服務程序
apk add openssh
rc-update add sshd
rc-status
rc-service sshd start
其他相關指令及檔案
/etc/ssh/sshd_config
/etc/init.d/sshd
apk add tzdata
ln -s /usr/share/zoneinfo/Asia/Taipei /etc/localtime
echo "Asia/Taipei" > /etc/timezone
Facility
code Keyword Description
0 kern Kernel messages
1 user User-level messages
2 mail Mail system
3 daemon System daemons
4 auth Security/authentication messages
5 syslog Messages generated internally by syslogd
6 lpr Line printer subsystem
7 news Network news subsystem
8 uucp UUCP subsystem
9 cron Cron subsystem
10 authpriv Security/authentication messages
11 ftp FTP daemon
12 ntp NTP subsystem
13 security Log audit
14 console Log alert
15 solaris-cron Scheduling daemon
16 local0 Locally used facilities
17 local1 Locally used facilities
18 local2 Locally used facilities
19 local3 Locally used facilities
20 local4 Locally used facilities
21 local5 Locally used facilities
22 local6 Locally used facilities
23 local7 Locally used facilities
Severity level
Value Severity Keyword Deprecated keywords
0 Emergency emerg panic[9]
1 Alert alert
2 Critical crit
3 Error err error
4 Warning warning warn
5 Notice notice
6 Informational info
7 Debug debug
1.修改 /etc/apk/repositories (相關指令 setup-apkrepos)
https://dl-cdn.alpinelinux.org/alpine/edge/main
https://dl-cdn.alpinelinux.org/alpine/edge/community
https://dl-cdn.alpinelinux.org/alpine/edge/testing
2.apk update && apk upgrade ( apk -U upgrade / apk --update-cache upgrade)
版本資訊 /etc/alpine-release
Debian / Ubuntu / Kali Linux /Raspbian
apt-get install samba-common-bin
Alpine
apk add samba
Arch Linux
pacman -S samba
CentOS
yum install samba-common-tools
Fedora
dnf install samba-common-tools-2
smbpasswd -U <username> -r <domainController>
swapon: /tmp/swapfile: skipping - it appears to have holes.
可能是 zfs 檔案系統
zfs create -V 4G -b $(getconf PAGESIZE) -o compression=zle \
-o logbias=throughput -o sync=always \
-o primarycache=metadata -o secondarycache=none \
-o com.sun:auto-snapshot=false rpool/swap
swapoff -a
mkswap -f /dev/zvol/rpool/swap
swapon /dev/zvol/rpool/swap
echo /dev/zvol/rpool/swap none swap defaults 0 0 >> /etc/fstab
The total message cannot be longer than 1024 bytes.
A BSD-syslog message consists of the following parts:
PRI - represents the Facility and Severity of the message. It's a calculated value: Facility * 8 + Severity
HEADER - contains a timestamp and the hostname (without the domain name) or the IP address of the device.
MSG - contains the name of the program or process that generated the message, and the text of the message itself
apt-get install -y alien
apt-get install libncurses5
opwd=`pwd`
mkdir /tmp/megacli
cd /tmp/megacli
wget -q -O- https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/8-07-14_MegaCLI.zip |busybox unzip -
cd Linux
alien MegaCli-8.07.14-1.noarch.rpm
dpkg -i megacli_8.07.14-2_all.deb
cd $opwd
安裝路徑
/opt/MegaRAID/MegaCli
Debian 安裝
apt install geoip-bin geoip-database
Alpine 安裝
apk add geoip libmaxminddb
使用
geoiplookup 8.8.8.8
相關參考資料
https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en
https://dev.maxmind.com/geoip/release-notes/2022#geoip-legacy-databases-have-been-retired?lang=en
IP轉換 32-bit-integer-into-ip
$ip = $bit32>>24,"." + $bit32<<8>>24,".",$bit32<<16>>24,".",$bit32<<24>>24;
其他相關
https://www.miyuru.lk/geoiplegacy
pip3 install --no-input md5hash
pip3 uninstall --yes md5hash
yum install epel-release -y
yum groupinstall "X Window system" -y
yum groupinstall "Xfce" -y
wget -q -O- --method=get 127.0.0.1/user
wget -q -O- --method=put 127.0.0.1/user
wget -q -O- --method=head 127.0.0.1/user
wget -q -O- --method=delete 127.0.0.1/user
wget -q -O- --method=post --post-data="id=id&value=value" 127.0.0.1/user
apt install gcc
CGO_ENABLED=1 go install github.com/mattn/go-sqlite3
獲取資料 /GET /users
獲取資料 /GET /user/1
新增資料 /POST /user
更新資料 /PUT /user/1
刪除資料 /DELETE /user/1
錯誤訊息
go: go.mod file not found in current directory or any parent directory.
'go get' is no longer supported outside a module.
執行以下指令
go mod init modulename
go mod tidy
編輯 SSL.conf
Debian /etc/apache2/mods-enabled/ssl.conf
SSLProtocol :設定SSL協定,使用 +、- 表示 允許、拒絕 某些協定
SSLProtocol all
SSLCipherSuite :用來決定SSL在交換key演算法、認證演算法、加密演算法、MAC Digest演算法
SSLCipherSuite HIGH:!aNULL
SSLHonorCipherOrder 加密套件偏好順序
SSLHonorCipherOrder on
#!/bin/bash
p=/opt/pyenv/plugins/python-build/share/python-build
for i in $(cat $p/* |tr = \ |xargs -n 1 2>/dev/null|grep http|grep \#|sort|uniq);
do
#echo $i
ii=${i%%#*}
#echo $ii
#basename $ii;
wget -nc $ii
done
