2025年6月23日 星期一
2025年6月5日 星期四
Debian 12 sssd realm 無法加入網域
錯誤訊息
Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-090dt5/krb5.d/adcli-krb5-conf-uzvObj
* Authenticated as user: Administrator@test.loc
* Using GSS-SPNEGO for SASL bind
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
adcli: couldn't connect to ssde.sinica domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Insufficient permissions to join the domain
安裝 krb5相關軟體
apt install krb5-user
2025年5月28日 星期三
LEAF Bering-uClibc 7.4.0 安裝 accelppp
編輯 /etc/modules 載入相關模組,reboot
# Modules needed for PPP connection
slhc
ppp_generic
ppp_async
# The three following modules are not always needed
zlib_inflate
zlib_deflate
ppp_deflate
# Modules needed for PPP/PPPOE connection
slhc
pppoe
# Modules needed for PPTP connection
pptp
# Modules needed for L2TP connection
slhc
pppol2tp
ppp_mppe
# Modules needed for PPPOA connection
# An ATM adapter module must be loaded for this to work
# (e.g. unicorn_pci_atm or unicorn_usb_atm)
slhc
ppp_generic
pppoatm
安裝 accelppp accelppp pppscrpt libpcre libsnmp
編輯 /etc/accel-ppp.conf
chap-secrets
[chap-secrets]
chap-secrets=/etc/ppp/chap-secrets
編輯 /etc/ppp/chap-secrets
帳號密碼設定檔 共四欄
# 第一欄為連線帳號,
# 第二欄要設定成/etc/accel-ppp.conf 中的name
# 第三欄為密碼
# 第四欄為連線IP
設定 shorewall
編輯 /etc/shorewall/rules加入
ACCEPT net fw tcp 1723
ACCEPT net fw udp 1701
Ping(ACCEPT) vpn fw
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn ppp+
編輯 /etc/shorewall/policy 加入
vpn loc ACCEPT
編輯/etc/shorewall/masq
eth0 192.168.2.0/24
參考文件
https://docs.accel-ppp.org/configuration/configuration.html
相關 module
nf_nat_pptp
2025年5月27日 星期二
2025年5月19日 星期一
2025年4月2日 星期三
Sqlite3加密方案
SQLite Encryption Extension (SEE)
https://sqlite.org/com/see.html
sqlcipher
https://www.zetetic.net/sqlcipher/
https://github.com/zhouchangsheng/sqlcipher
apt install -y sqlcipher
sqlite-encrypt
https://github.com/jingqi/sqlite-encrypt/blob/master/README.md
SQLiteCrypt
https://www.sqlite-crypt.com/
2025年4月1日 星期二
Debian 12 安裝 Docker
sudo apt remove docker docker-engine docker.io containerd runc
sudo apt update
sudo apt install -y ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker $(whoami)
Debian 12 Devpi server 安裝筆記
安裝devpi
apt install pip -y
mv /usr/lib/python3.11/EXTERNALLY-MANAGED /usr/lib/python3.11/EXTERNALLY-MANAGED.bk
pip install -q -U devpi-server devpi-web --root-user-action=ignore
產生設定檔
adduser devpi
su devpi -
cd ~
devpi-init
devpi-gen-config --host 0.0.0.0 --port 3141
安裝服務
cp /home/devpi/gen-config/devpi.service /etc/systemd/system/
systemctl enable devpi
測試
http://127.0.0.1:3141/
http://127.0.0.1:3141/root/pypi/+simple/
相關指令及目錄
devpi-gen-config --help
/usr/local/bin/devpi-server
/home/devpi/.devpi
pip install -i http://<devpi-host>:3141/root/pypi/+simple/ simplejson --break-system-packages --trusted-host <devpi-host>
Debian 12 Kernel Module 筆記
安裝編輯環境
apt install -y gcc linux-headers-$(uname -r)
hello.c 內容
#include <linux/module.h> /* Needed by all modules */
#include <linux/kernel.h> /* Needed for KERN_INFO */
int init_module(void)
{
printk(KERN_INFO "Hello world 1.\n");
/*
* A non 0 return means init_module failed; module can't be loaded.
*/
return 0;
}
void cleanup_module(void)
{ printk(KERN_INFO "Goodbye world 1.\n"); }
MODULE_LICENSE("L");
MODULE_AUTHOR("Taiwan");
MODULE_DESCRIPTION("Taiwan");
MODULE_VERSION("1");
obj-m += hello.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
PHP取得MIME類型
<?php
$f = "1.woff";
$fi = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $fi->file($f);
echo $mime_type;
echo (new finfo(FILEINFO_MIME_TYPE))->file($f);
?>
Debian 12 NoVNC
安裝
apt install -y novnc apache2 php
Apache Module 設定
a2enmod rewrite
a2enmod headers
Apache VirtualHost <Directory> or <Location>設定
Header set Cache-Control "no-cache"
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L]
index.php 內容
<?php
$NOVNC = "/usr/share/novnc/vnc.html";
$NOVNC = "/usr/share/novnc/v.html";
$NOVNC_DIR = dirname($NOVNC);
if($_SERVER["SCRIPT_URL"]=="/xxx") {
if($_REQUEST['host']!='') exit();
header("Content-Type: text/html");
readfile($NOVNC);
exit();
}
//novnc file_exists
$_t = $NOVNC_DIR . $_SERVER["SCRIPT_URL"];
if(file_exists($_t)) {
switch(pathinfo($_t, PATHINFO_EXTENSION)){
case "":
case "htm":
case "html":
case "pl":
case "md": exit(); break;
case "css": $x = "text/css"; break;
case "js" : $x = "text/javascript"; break;
default: $x = (new finfo(FILEINFO_MIME_TYPE))->file($_t);
}
header("Content-Type: $x");
readfile($_t);
exit();
}
?>
隱藏 Clipboard Connection Controls
修改 /usr/share/novnc/vnc.html
<!-- Clipboard -->
<input type="hidden" alt="Clipboard" src="app/images/clipboard.svg"
id="noVNC_clipboard_button" class="noVNC_button"
<!-- Connection Controls -->
<input type="hidden" alt="Disconnect" src="app/images/disconnect.svg"
id="noVNC_disconnect_button" class="noVNC_button"
title="Disconnect">
2025年3月4日 星期二
2025年2月20日 星期四
Debian 12 安裝 Joomla 5
系統最低需求
PHP 8.1.0 (Modules: json, simplexml, dom, zlib, gd, mysqlnd or pdo_mysql or pdo_pgsql)
MySQL 8.0.13 / MariaDB 10.4.0 / PostgreSQL 12.0
Apache 2.4 / Nginx 1.21 / Microsoft IIS 10
安裝範例
apt update;apt upgrade -y;apt install -y busybox wget
apt install nginx / apt install -y apache2
apt install -y php php-common php-curl php-fpm php-imap php-cli php-xml php-zip php-mbstring php-gd php-mysql
apt install -y mariadb-server mariadb-client
systemctl start mariadb;systemctl enable mariadb
export h=/var/www/html/joomla
mkdir -p ${h}; cd ${h}
wget -q -O- https://downloads.joomla.org/zh/cms/joomla5/5-2-4/Joomla_5-2-4-Stable-Full_Package.zip?format=zip|busybox unzip -
chown -R www-data:www-data ${h}
cd -
mysql -u root
MariaDB [(none)]> CREATE DATABASE joomla_db;
MariaDB [(none)]> CREATE USER joomla_user@'localhost' IDENTIFIED BY 'joomla5_p@ssw0rd';
MariaDB [(none)]> GRANT ALL on joomla_db.* to joomla_user@localhost;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT
2025年2月17日 星期一
Debain 12 安裝執行 bandersnatch
安裝
apt install -y pip
pip install bandersnatch --break-system-packages
產生 /etc/bandersnatch.conf 設定檔
bandersnatch mirror
修改 /etc/bandersnatch.conf 設定檔
執行同步
bandersnatch mirror
2025年2月16日 星期日
APT-Cacher 設定
安裝
apt install -y apt-cacher
編輯 /etc/apt-cacher/apt-cacher.conf
allowed_hosts = 192.168.0.0/16
allowed_hosts = *
相關目錄
/var/cache/apt-cacher
使用端設定
編輯 /etc/apt/apt.conf.d/90-apt-proxy.conf 加入
Acquire::http::Proxy "http://<apt-cacher-host>:3142";
Acquire::https::Proxy "http://<apt-cacher-host>:3142";
Acquire::HTTPS::proxy "DIRECT";
2025年2月3日 星期一
Debian 12 安裝 Clamav
安裝
sudo apt install -y clamav clamav-daemon clamtk
相關服務
clamav-daemon
clamav-daemon.socket
clamav-freshclam
相關設定檔案及目錄
/var/lib/clamav
/var/log/clamav
/etc/clamav/freshclam.conf
/etc/clamav/clamd.conf
~/.clamtk/db/freshclam.conf
病毒碼 更新 Proxy
編輯 /etc/freshclam.conf 加入
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
HTTPProxyPort 3128
手動更新病毒碼
freshclam
手動下載病毒碼
wget --user-agent='CVDUPDATE/0' https://database.clamav.net/main.cvd https://database.clamav.net/daily.cvd https://database.clamav.net/bytecode.cvd
手動掃描
clamscan /path/to/directory
clamscan -r --remove /path/to/directory
clamscan -r --bell -i /path/to/directory
Debian 12 X window 浮水印應用 activate-linux
安裝環境設定
apt install git gcc libconfig-dev libcairo2-dev libxi-dev libx11-dev x11proto-core-dev x11proto-dev \
libxt-dev libxext-dev libxfixes-dev libxinerama-dev libxrandr-dev libwayland-dev wayland-protocols
安裝
git clone https://github.com/MrGlockenspiel/activate-linux
cd activate-linux/
make
make install
執行
export DISPLAY=:0.0;
/usr/local/bin/activate-linux
Debian 12 安裝 nginx reverse stream proxy
安裝
apt install -y nginx libnginx-mod-stream
編輯 /etc/nginx/nginx.conf 加入
stream {
server {
listen 3389;
proxy_pass 10.10.10.10:3389;
}
}
stream {
server {
listen 443;
proxy_pass admin;
}
upstream admin {
server 10.10.10.10:443;
}
}
2025年1月17日 星期五
PHP proc_open 摘要
<?php
$cmd = "sqlite3 1.db ";
$interactive_cmd = "insert into a (a1,a2) values('中文','許');";
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stdout
2 => array("pipe", "w") // stderr ?? instead of a file
);
$stdout = "";
$stderr = "";
$process = proc_open($cmd, $descriptorspec, $pipes, NULL);
if (is_resource($process)) {
fwrite($pipes[0], $interactive_cmd . PHP_EOL);
fclose($pipes[0]);
while($s= fgets($pipes[1], 1024)) $stdout .= $s; // read from the pipe
fclose($pipes[1]);
// stderr optional:
while($s= fgets($pipes[2], 1024)) $stderr .= $s;
fclose($pipes[2]);
}
echo "stdout: $stdout \nstderr: $stderr\n";
?>
Debian 12 限制掛載 usb flash 為唯讀
編輯 /etc/udisks2/mount_options.conf 加入
[defaults]
defaults=ro
allow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,sync,dirsync,noload
重新啟動服務
systemctl restart udisks2
參考
https://storaged.org/doc/udisks2-api/latest/mount_options.html
Debian 12 限制用戶登入終端機
編輯 /etc/pam.d/login 加入
account required /lib/security/pam_access.so
編輯 /etc/security/access.conf 加入
-:ALL EXCEPT root:tty1 tty2 tty3 tty4 tty5 tty6
2025年1月10日 星期五
Debian 12 使用 IBus 輸入法
安裝
apt install -y ibus-table
apt install -y ibus-chewing ibus-zhuyin ibus-table-easy ibus-table-easy-big
相關目錄
/usr/share/ibus-table/tables/
/usr/share/ibus-table/icons/
相關指令
ibus-table-createdb
ibus-setup
ibus restart
im-config #apt install -y zenity
Windows 11 WSL 中文輸入 fcitx5
安裝
sudo apt install fcitx5 fcitx5-* # 全部Fcitx5支援的輸入法
sudo apt install fcitx5-chinese-addons fcitx5-chewing # 只安裝新酷音注音
sudo apt install fcitx5-table-easy-large fcitx5-chinese-addons #只安裝輕鬆
sudo apt install fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5 fcitx5-frontend-qt6
執行
export GTK_IM_MODULE=fcitx
export QT_IM_MODULE=fcitx
export XMODIFIERS=@im=fcitx
export DefaultIMModule=fcitx
fcitx-autostart &>/dev/null
相關設定
im-config
fcitx5-configtool
export WAYLAND_DISPLAY='wayland-0' DISPLAY=':0'
Debian 12 ibus 安裝嘸蝦米
sudo apt install ibus-table
git clone https://github.com/daineseh/liu_ibus_table
cd liu_ibus_table
sudo ibus-table-createdb -s liu_ibus_table.txt -n liu.db
sudo cp liu.db /usr/share/ibus-table/tables/
sudo cp liu.png /usr/share/ibus-table/icons/
debain 12 自動更新
安裝
sudo apt update && apt upgrade
sudo apt install unattended-upgrades apt-listchanges -y
sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades
編輯設定檔
/etc/apt/apt.conf.d/50unattended-upgrades
自動執行設定
dpkg-reconfigure unattended-upgrades
dpkg-reconfigure -f noninteractive unattended-upgrades
相關設定檔 /etc/apt/apt.conf.d/20auto-upgrades
測試
unattended-upgrades --dry-run --debug
參考文件
https://wiki.debian.org/UnattendedUpgrades
VNC X window screen locks: "Authentification error"
loginctl list-sessions
loginctl unlock-session SESSION-ID