Sqlite3加密方案

SQLite Encryption Extension (SEE)
https://sqlite.org/com/see.html

sqlcipher
https://www.zetetic.net/sqlcipher/
https://github.com/zhouchangsheng/sqlcipher
apt install -y sqlcipher

sqlite-encrypt
https://github.com/jingqi/sqlite-encrypt/blob/master/README.md

SQLiteCrypt
https://www.sqlite-crypt.com/ 

Debian 12 NoVNC

安裝
apt install -y novnc apache2 php

Apache Module 設定
a2enmod rewrite
a2enmod headers

Apache VirtualHost <Directory> or <Location>設定
Header set Cache-Control "no-cache"

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L]

index.php 內容
<?php
$NOVNC = "/usr/share/novnc/vnc.html";
$NOVNC = "/usr/share/novnc/v.html";
$NOVNC_DIR = dirname($NOVNC);

if($_SERVER["SCRIPT_URL"]=="/xxx") {
  if($_REQUEST['host']!='') exit();
  header("Content-Type: text/html");
  readfile($NOVNC);
  exit();
}

//novnc file_exists
$_t = $NOVNC_DIR . $_SERVER["SCRIPT_URL"];
if(file_exists($_t)) {
  switch(pathinfo($_t, PATHINFO_EXTENSION)){
    case "":
    case "htm":
    case "html":
    case "pl":
    case "md":  exit(); break;
    case "css": $x = "text/css"; break;
    case "js" : $x = "text/javascript"; break;
    default:    $x = (new finfo(FILEINFO_MIME_TYPE))->file($_t);
  }
  header("Content-Type: $x");
  readfile($_t);
  exit();
}
?>

隱藏 Clipboard Connection Controls 
修改 /usr/share/novnc/vnc.html
 <!-- Clipboard -->
            <input type="hidden" alt="Clipboard" src="app/images/clipboard.svg"
                id="noVNC_clipboard_button" class="noVNC_button"

<!-- Connection Controls -->
            <input type="hidden" alt="Disconnect" src="app/images/disconnect.svg"
                id="noVNC_disconnect_button" class="noVNC_button"
                title="Disconnect">

PHP取得MIME類型

<?php
$f = "1.woff";

$fi = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $fi->file($f);
echo $mime_type;

echo (new finfo(FILEINFO_MIME_TYPE))->file($f);
?>

R Studio 錯誤訊息 ERROR:gl_factory.cc(120)] Requested GL

執行時加入參數 --use-gl=angle

Debian 12 安裝 Joomla 5

系統最低需求
PHP 8.1.0 (Modules: json, simplexml, dom, zlib, gd, mysqlnd or pdo_mysql or pdo_pgsql)
MySQL 8.0.13 / MariaDB 10.4.0 / PostgreSQL 12.0
Apache 2.4 / Nginx 1.21 / Microsoft IIS 10

安裝範例
apt update;apt upgrade -y;apt install -y busybox wget
apt install nginx / apt install -y apache2
apt install -y php php-common php-curl php-fpm php-imap php-cli php-xml php-zip php-mbstring php-gd php-mysql

apt install -y mariadb-server mariadb-client
systemctl start mariadb;systemctl enable mariadb

export h=/var/www/html/joomla
mkdir -p ${h}; cd ${h}
wget -q -O- https://downloads.joomla.org/zh/cms/joomla5/5-2-4/Joomla_5-2-4-Stable-Full_Package.zip?format=zip|busybox unzip -
chown -R www-data:www-data ${h}
cd -

mysql -u root
MariaDB [(none)]> CREATE DATABASE joomla_db;
MariaDB [(none)]> CREATE USER joomla_user@'localhost' IDENTIFIED BY 'joomla5_p@ssw0rd';
MariaDB [(none)]> GRANT ALL on joomla_db.* to joomla_user@localhost;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT

Debain 12 安裝執行 bandersnatch

安裝
apt install -y pip
pip install bandersnatch --break-system-packages

產生 /etc/bandersnatch.conf 設定檔
bandersnatch mirror

修改 /etc/bandersnatch.conf 設定檔

執行同步
bandersnatch mirror

APT-Cacher 設定

安裝
apt install -y apt-cacher 

編輯 /etc/apt-cacher/apt-cacher.conf
allowed_hosts = 192.168.0.0/16
allowed_hosts = * 

相關目錄
/var/cache/apt-cacher

使用端設定
編輯 /etc/apt/apt.conf.d/90-apt-proxy.conf  加入
Acquire::http::Proxy "http://<apt-cacher-host>:3142";
Acquire::https::Proxy "http://<apt-cacher-host>:3142";
Acquire::HTTPS::proxy "DIRECT";

Linux sh PS下隱藏參數(Hidden)

參考  https://github.com/scriptzteam/Hidden

Debian 12 安裝 Clamav

安裝
sudo apt install -y clamav clamav-daemon clamtk

相關服務
clamav-daemon
clamav-daemon.socket
clamav-freshclam

相關設定檔案及目錄
/var/lib/clamav
/var/log/clamav
/etc/clamav/freshclam.conf
/etc/clamav/clamd.conf
~/.clamtk/db/freshclam.conf

病毒碼 更新 Proxy
編輯  /etc/freshclam.conf  加入
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different

# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString

HTTPProxyServer 192.168.2.4
HTTPProxyPort 3128

手動更新病毒碼
freshclam

手動下載病毒碼
wget --user-agent='CVDUPDATE/0' https://database.clamav.net/main.cvd https://database.clamav.net/daily.cvd https://database.clamav.net/bytecode.cvd

手動掃描
clamscan /path/to/directory
clamscan -r --remove /path/to/directory
clamscan -r --bell -i /path/to/directory

Debian 12 X window 浮水印應用 activate-linux

安裝環境設定
apt install git gcc libconfig-dev libcairo2-dev libxi-dev libx11-dev x11proto-core-dev x11proto-dev \
libxt-dev libxext-dev libxfixes-dev libxinerama-dev libxrandr-dev libwayland-dev wayland-protocols

安裝
git clone https://github.com/MrGlockenspiel/activate-linux
cd activate-linux/
make
make install 

執行
export DISPLAY=:0.0;
/usr/local/bin/activate-linux

Debian 12 安裝 nginx reverse stream proxy

安裝
apt install -y nginx libnginx-mod-stream

編輯 /etc/nginx/nginx.conf 加入
stream {
    server {
        listen 3389;
        proxy_pass 10.10.10.10:3389;
    }
}

stream {
    server {
        listen 443;
        proxy_pass admin;
    }

    upstream admin {
        server 10.10.10.10:443;
    }
}

Debian 12 限制掛載 usb flash 為唯讀

 編輯 /etc/udisks2/mount_options.conf 加入

[defaults]
defaults=ro
allow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,sync,dirsync,noload

重新啟動服務
systemctl restart udisks2

參考
https://storaged.org/doc/udisks2-api/latest/mount_options.html

Debian 12 限制用戶登入終端機

編輯 /etc/pam.d/login 加入
account required /lib/security/pam_access.so

編輯 /etc/security/access.conf 加入
-:ALL EXCEPT root:tty1 tty2 tty3 tty4 tty5 tty6

Debian 12 使用 IBus 輸入法

安裝
apt install -y install ibus-table
apt install -y ibus-chewing ibus-zhuyin ibus-table-easy ibus-table-easy-big

相關目錄
/usr/share/ibus-table/tables/
/usr/share/ibus-table/icons/

相關指令
ibus-table-createdb
ibus-setup
ibus restart

im-config  #apt install -y zenity

Windows 11 WSL 中文輸入 fcitx5

安裝
sudo apt install fcitx5 fcitx5-* # 全部Fcitx5支援的輸入法
sudo apt install fcitx5-chinese-addons fcitx5-chewing  # 只安裝新酷音注音
sudo apt install fcitx5-table-easy-large fcitx5-chinese-addons #只安裝輕鬆
sudo apt install fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5 fcitx5-frontend-qt6

執行 
export GTK_IM_MODULE=fcitx
export QT_IM_MODULE=fcitx
export XMODIFIERS=@im=fcitx
export DefaultIMModule=fcitx
fcitx-autostart &>/dev/null

相關設定
im-config
fcitx5-configtool

export WAYLAND_DISPLAY='wayland-0' DISPLAY=':0'

Debian 12 ibus 安裝嘸蝦米

sudo apt install ibus-table

git clone https://github.com/daineseh/liu_ibus_table
cd liu_ibus_table
sudo ibus-table-createdb -s liu_ibus_table.txt -n liu.db
sudo cp liu.db /usr/share/ibus-table/tables/

sudo cp liu.png /usr/share/ibus-table/icons/

debain 12 自動更新

安裝
sudo apt update && apt upgrade
sudo apt install unattended-upgrades apt-listchanges -y
sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades

編輯設定檔
/etc/apt/apt.conf.d/50unattended-upgrades

自動執行設定
dpkg-reconfigure unattended-upgrades
dpkg-reconfigure -f noninteractive unattended-upgrades
相關設定檔 /etc/apt/apt.conf.d/20auto-upgrades

測試
unattended-upgrades --dry-run --debug

參考文件
https://wiki.debian.org/UnattendedUpgrades

VNC X window screen locks: "Authentification error"

loginctl list-sessions
loginctl unlock-session SESSION-ID