url="https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/007.1613.0000.0000_Unified_StorCLI-PUL.zip"
apt-get install -y alien
apt-get install -y libncurses5
opwd=`pwd`
mkdir /tmp/StorCLI
cd /tmp/StorCLI
wget -q -O- ${url} |busybox unzip -
cd Unified_storcli_all_os/Linux
alien storcli-007.1613.0000.0000-1.noarch.rpm
dpkg -i storcli_007.1613.0000.0000-2_all.deb
cd $opwd
安裝路徑
/opt/MegaRAID/storcli
建立 sqfs 檔案
mksquashfs /path/to/my/directory image.sqfs
truncate -s +8M image.sqfs
cryptsetup -q reencrypt --encrypt --type luks2 --resilience none --disable-locks --reduce-device-size 8M image.sqfs
掛載使用
losetup /dev/loop0 image.sqfs
cryptsetup luksOpen /dev/loop0 Encdisk
mount /dev/mapper/Encdisk /mnt
卸載
umount /mnt
dmsetup remove Encdisk
losetup -d /dev/loop0
<%@page contentType="text/html" pageEncoding="UTF-8"%>
Java 運行時環境版本 <%= System.getProperty("java.version") %><br>
Java 運行時環境供應商 <%= System.getProperty("java.vendor") %><br>
Java 供應商 URL <%= System.getProperty("java.vendor.url") %><br>
Java 安裝目錄 <%= System.getProperty("java.home") %><br>
<hr>
Java 虛擬機規範版本 <%= System.getProperty("java.vm.specification.version") %><br>
Java 虛擬機規範供應 <%= System.getProperty("java.vm.specification.vendor") %><br>
Java 虛擬機規範名稱 <%= System.getProperty("java.vm.specification.name") %><br>
Java 虛擬機實現版本 <%= System.getProperty("java.vm.version") %><br>
Java 虛擬機實現供應商 <%= System.getProperty("java.vm.vendor") %><br>
Java 虛擬機實現名稱 <%= System.getProperty("java.vm.name") %><br>
Java 運行時環境規範版本 <%= System.getProperty("java.specification.version") %><br>
Java 運行時環境規範供應商 <%= System.getProperty("java.specification.vendor") %><br>
Java 運行時環境規範名稱 <%= System.getProperty("java.specification.name") %><br>
<hr>
Java class 格式版本號 <%= System.getProperty("java.class.version") %><br>
Java class 路徑 <%= System.getProperty("java.class.path") %><br>
Java class 搜索路徑 <%= System.getProperty("java.library.path") %><br>
<hr>
JIT 編譯器 <%= System.getProperty("java.compiler") %><br>
擴展目錄路徑 <%= System.getProperty("java.ext.dirs") %><br>
<hr>
OS 名稱 <%= System.getProperty("os.name") %><br>
OS 架構 <%= System.getProperty("os.arch") %><br>
OS 版本 <%= System.getProperty("os.version") %><br>
<hr>
tmp 目錄 <%= System.getProperty("java.io.tmpdir") %><br>
文件分隔(UNIX 系統使用 “/”) <%= System.getProperty("file.separator") %><br>
路徑分隔(UNIX 系統使用 “:”) <%= System.getProperty("path.separator") %><br>
行分隔(UNIX 系統使用 “/n”) <%= System.getProperty("line.separator") %><br>
<hr>
Tomcat 帳號 <%= System.getProperty("user.name") %><br>
Tomcat 目錄 <%= System.getProperty("user.home") %><br>
Tomcat 工作目錄 <%= System.getProperty("user.dir") %><br>
Catalina home <%= System.getProperty("catalina.home") %><br>
Catalina base <%= System.getProperty("catalina.base") %><br>
catalina.home = /usr/share/tomcat9 安裝目錄 bin lib 父目錄 bin etc lib
catalina.base = /var/lib/tomcat9 工作目錄 每個 Tomcat實例私有目錄 conf lib logs policy webapps work
編輯 /etc/tomcat9/server.xml <Service name=""Catalina">加入
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
ciphers="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"
maxThreads="150" scheme="https" secure="true"
keystoreFile="server.pfx" keystorePass="password"
clientAuth="false" sslProtocol="TLSv1.2+TLSv1.3" />
IPTABLE port 443 轉向 8443
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
安裝
apt install tomcat9
關閉熱部署
編輯 /etc/tomcat9/server.xml 尋找
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
更改為
<Host name="localhost" appBase="webapps"
unpackWARs="false" autoDeploy="false">
sed -i 's/ unpackWARs="true"/ unpackWARs="false"/' /etc/tomcat9/server.xml
sed -i 's/ autoDeploy="true"/ autoDeploy="false"/' /etc/tomcat9/server.xml
隱藏 Tomcat 版本
編輯 /etc/tomcat9/server.xml
尋找 <Host name= 區間 加入
<!-- Hidden Tomcat Version -->
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
sed -i '/<\/Host>/i\ \
<!-- Hidden Tomcat Version --> \
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" howServerInfo="false" />' \
/etc/tomcat9/server.xml
測試檔
echo 'Hello! <%= config.getInitParameter("defaultGuestName") %>'>test.jsp
日誌檔
/var/log/tomcat9/
安裝
apt-get install php-fpm
編輯 /etc/nginx/sites-enabled/default 修改
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
查詢PHP 版本及相關服務
ls /var/run/php/*.sock
systemctl list-unit-files
確認 realip 模組
nginx -V 2>&1 |xargs -n 1 |grep http_realip
編輯 /etc/nginx/nginx.conf http 區塊加入
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
a2enmod remoteip
編輯 /etc/apache2/conf-enabled/remotepi.conf
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 192.168.0.0/16
</IfModule>
修改 /etc/apache2/apache2.conf LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
==>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm
USER = user owning the process PID = process ID of the process %CPU = It is the CPU time used divided by the time the process has been running. %MEM = ratio of the process’s resident set size to the physical memory on the machine VSZ = virtual memory usage of entire process (in KiB) RSS = resident set size, the non-swapped physical memory that a task has used (in KiB) TTY = controlling tty (terminal) STAT = multi-character process state START = starting time or date of the process TIME = cumulative CPU time COMMAND = command with all its arguments
Process State Codes (STAT):
R running or runnable (on run queue)
D uninterruptible sleep (usually IO)
S interruptible sleep (waiting for an event to complete)
Z defunct/zombie, terminated but not reaped by its parent
T stopped, either by a job control signal or because it is being traced
Some extra modifiers:
< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom IO)
s is a session leader
l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group
url=https://www.google.com
export url
echo $url
printf "\nTLS 1.3\n=========================================================================\n"
openssl ciphers -s -tls1_3|tr : \ |xargs -n 1 bash -c 'pad="$0 ";printf "${pad:0:32} = ";curl --insecure -s -S -o /dev/null --no-progress-meter --tls-max 1.3 $url --tls13-ciphers $0&&echo OK '
printf "\nTLS 1.2\n=========================================================================\n"
openssl ciphers -s -tls1_2|tr : \ |xargs -n 1 bash -c 'pad="$0 ";printf "${pad:0:32} = ";curl --insecure -s -S -o /dev/null --no-progress-meter --tls-max 1.2 $url --ciphers $0&&echo OK '
相關網站
https://www.ssllabs.com/ssltest/
openssl s_client -connect www.google.com:443
openssl s_client -connect www.google.com:443 -tls1_1
openssl s_client -connect www.google.com:443 -tls1_2
openssl s_client -connect www.google.com:443 -tls1_3
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.1
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.2
curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com --tls-max 1.3
