Debian 12 使用 minio

wget https://dl.min.io/server/minio/release/linux-amd64/minio

chmod +x minio

MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=password ./minio server /tmp/minio --console-address ":4501" --address :4500

Debian 12 使用 S3FS筆記

# 安裝s3fs
apt install s3fs -y

# 將S3憑證存到指定檔案中
echo ACCESS_KEY_ID:SECRET_ACCESS_KEY > ./password

# 調整檔案權限
chmod 600 ./password

指令參考
s3fs test /mnt2 \
  -o passwd_file=./password \
  -o url=http://192.168.6.9:4500 \
  -o dbglevel=info \
  -o allow_other \
  -o use_path_request_style \
  -f -o curldbg  \

logname, $LOGNAME, $USER 差別

echo $(logname) $LOGNAME $USER
user user user 

su -
user root root

Debian 12 XFce 多媒體相關套件

apt remove exfalso parole
apt remove pulseaudio pulseaudio-utils xfce4-pulseaudio-plugin pavucontrol xfburn

Debian Xfce panel 預設啟動目錄

 /usr/share/xfce4/panel/plugins

Debian 12 Apache2 mod_security

安裝
apt install -y libapache2-mod-security2
a2enmod security2

設定 ModSecurity 設定檔 /etc/modsecurity/modsecurity.conf
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
將 SecRuleEngine 的 DetectionOnly 改成 On

設定 OWASP ModSecurity 核心規則集
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
git clone https://github.com/coreruleset/coreruleset /usr/share/modsecurity-crs
mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

設定 預設請求排除規則檔案
mv /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/share/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

在 Apache 2 中啟用 ModSecurity 修改 /etc/apache2/mods-available/security2.conf
<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        IncludeOptional /usr/share/modsecurity-crs/crs-setup.conf
        IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
</IfModule>

編輯虛擬主機設定檔，設定 SecRuleEngine 為 On
<VirtualHost *:443>
    SecRuleEngine On
</VirtualHost>

systemctl restart apache2

相關指令
apache2ctl -M

測試
curl http://127.0.0.1/index.html?exec=/bin/bash

Apache2 mod_evasive 防止 DDoS 攻擊

安裝
apt install libapache2-mod-evasive
a2enmod evasive

編輯 /etc/apache2/mods-available/evasive.conf

mkdir /var/log/mod_evasive
chown www-data:www-data /var/log/mod_evasive
systemctl reload apache2

相關指令
apache2ctl -M

Debian 12 join Windows AD

apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

錯誤訊息 Couldn't get kerberos ticket for: Administrator Cannot contact any KDC for realm
檢查網路及主機名稱

Debian 12 停用 gvfs-udisks2-volume-monitor.service

單一帳號
systemctl --user stop gvfs-udisks2-volume-monitor.service
systemctl --user disable gvfs-udisks2-volume-monitor.service
systemctl --user mask  gvfs-udisks2-volume-monitor.service  

所有帳號
mv /usr/share/dbus-1/services/org.gtk.vfs.UDisks2VolumeMonitor.service /usr/share/dbus-1/services/org.gtk.vfs.UDisks2VolumeMonitor.service.bak