2025年9月23日 星期二
Debian pam_exec.so 筆記
編輯 /etc/pam.d/common-auth
auth [success=2 default=ignore] pam_exec.so quiet debug expose_authtok log=/tmp/pam_exec.log /etc/libnss_shim/auth.sh
auth [success=1 default=ignore] pam_unix.so nullok try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
編輯 /etc/libnss_shim/auth.sh
#!/bin/bash
set >/tmp/a
read pwd
echo pwd=$pwd PAM_USER=$PAM_USER >>/tmp/a
getent passwd -s files ${PAM_USER}>/dev/null && { echo local:${PAM_USER};exit 1; }
echo $PAM_USER login ok
exit 0;
2025年9月22日 星期一
debian 13 安裝 Generic Shell Script Compiler
git clone https://github.com/neurobin/shc
cd shc
./configure
./autogen.sh
make
cp src/shc /usr/local/bin/
2025年9月19日 星期五
Debian 13 安裝Apache2 modsecurity
安裝
apt install -y apache2 libapache2-mod-security2
編輯 /etc/apache2/sites-enabled/000-default.conf 加入
SecRuleEngine On
相關檔案
/etc/apache2/mods-enabled/security2.conf
/etc/apache2/mods-enabled/security2.load
/var/cache/modsecurity
/etc/modsecurity/*.conf
/usr/share/modsecurity-crs/*.load
Debian 13 安裝 nginx php
apt install nginx php-fpm
編輯 /etc/nginx/sites-enabled/default
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_pass unix:/run/php/php8.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
2025年9月18日 星期四
Squid for SSH tunneling
SQUID 設定加入
acl SSL_ports port 22
acl Safe_ports port 22 # ssh/sftp
http_access allow CONNECT SSL_ports
使用方式
ssh user@sshserver-ip -o "ProxyCommand /usr/bin/nc -X connect -x squid_ip:3128 %h %p"
編輯 ~/.ssh/config
Host target_ssh_server
Hostname actual_target_ip_or_hostname
User your_username
ProxyCommand /usr/bin/nc -X connect -x squid_proxy_ip:3128 %h %p
# Or with corkscrew:
# ProxyCommand corkscrew squid_proxy_ip 3128 %h %p
2025年9月9日 星期二
Debian 13 使用 sssd 加入 domain
apt install -y adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit polkitd pkexec
/etc/sssd/sssd.conf 設定檔
[sssd]
domains = ad.example
config_file_version = 2
services = nss, pam
[domain/tw.example]
ad_domain = ad.example
krb5_realm = AD.EXAMPLE
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False #登入時,不需輸入網域
fallback_homedir = /home/%d/%u #自動建立的 home 目錄不會加上 @DomainName
access_provider = ad
enumerate = true #可 使用 getent 查詢帳號資訊
ad_gpo_map_interactive = +xrdp-sesman
編輯 /etc/pam.d/common-session
# add to the end if need (create home directory automatically at initial login)
session optional pam_mkhomedir.so skel=/etc/skel umask=077
2025年9月2日 星期二
PHP FILETIME UNIX Time 轉換
UNIX時間採用世界標準時1970年1月1日00:00:00開始的秒數(不考慮閏秒)。
Windows API使用SYSTEMTIME表示年月日時分秒毫秒;
FILETIME表示自世界標準時1601年1月1日00:00:00開始的100奈秒為單位
<?php
function ftime2utime($filetime_value){
// 1. 轉換為秒 ( FILETIME單位是100奈秒 )
$filetime_seconds = $filetime_value / 10000000;
// 2. 減去UNIX紀元的偏移量 (1970年1月1日到1601年1月1日)
$unix_timestamp = $filetime_seconds - 11644473600;
// 3. 使用date()函數格式化時間戳
$formatted_time = date('Y-m-d H:i:s', $unix_timestamp);
echo "FILETIME : " . $filetime_value . "\n";
echo "UNIX TIME: " . $unix_timestamp . "\n";
echo "format : " . $formatted_time . "\n";
}
function utime2ftime($unixTimestamp){
// 计算自 1601 年以来的 100 纳秒间隔
// 11644473600 是 1601 年 1 月 1 日 UTC 到 1970 年 1 月 1 日 UTC 的秒数 [1]
// 10,000,000 将秒转换为 100 纳秒间隔 [1]
$filetime = ($unixTimestamp + 11644473600) * 10000000;
echo "Unix Timestamp: " . $unixTimestamp . "\n";
echo "FILETIME (Hex): " . sprintf('%x', $filetime) . "\n";
echo "FILETIME: ". $filetime . "\n";
}
$unixTimestamp = 1759420800;
utime2ftime($unixTimestamp);
echo "\n";
$filetime_value = 134038944000000000;
ftime2utime($filetime_value);
?>
2025年9月1日 星期一
debian Linux 查詢系統狀況指令
top
htop
ac apt install act
atop apt install atop
btop apt install btop
s-tui apt install s-tui
vmstat apt install sysstat
lsof
iotop apt install iotop
iostat apt install sysstat
tcpdump
netstat
iptraf
nethogs apt install nethogs
iftop apt install iftop
netdata apt install netdata
arpwatch apt install arpwatch
nmon apt install nmon
Debian 使用 Google Authenticator-based Two-Factor Authentication (2FA)
安裝
apt install libpam-google-authenticator
編輯/etc/pam.d/sshd 加入
auth required pam_google_authenticator.so nullok
編輯 /etc/ssh/sshd_config 加入
ChallengeResponseAuthentication yes
KbdInteractiveAuthentication yes
執行
google-authenticator
參考文件
https://github.com/google/google-authenticator-libpam
qrencode -t ansiutf8 `cat .google_authenticator `
Windows AD accountExpires屬性
建立帳戶時,帳戶一開始會設定為 永不過期。
accountExpires 屬性預設值 9223372036854775807 ,對應 64 位帶正負號整數的最大值
帳戶設定到期日, accountExpires 設定為到期日的 FILETIME 值
帳戶設定到期時間為永不過期, accountExpires 設定為 0
PHP 查詢 Windows AD objectGUID objectSid (string fromat)
<?php
function objectSid($binary_sid) {
if(strlen(decbin(~0)) == 64) //64bit PHP
{
// Get revision, indentifier, authority
$parts = unpack('Crev/x/nidhigh/Nidlow', $binary_sid);
// Set revision, indentifier, authority
$sid = sprintf('S-%u-%d', $parts['rev'], ($parts['idhigh']<<32) + $parts['idlow']);
// Translate domain
$parts = unpack('x8/V*', $binary_sid);
// Append if parts exists
if ($parts) $sid .= '-';
// Join all
return $sid.= join('-', $parts);
}
//32bit PHP
$sid = 'S-';
$sidinhex = str_split(bin2hex($binary_sid), 2);
// Byte 0 = Revision Level
$sid = $sid.hexdec($sidinhex[0]).'-';
// Byte 1-7 = 48 Bit Authority
$sid = $sid.hexdec($sidinhex[6].$sidinhex[5].$sidinhex[4].$sidinhex[3].$sidinhex[2].$sidinhex[1]);
// Byte 8 count of sub authorities - Get number of sub-authorities
$subauths = hexdec($sidinhex[7]);
//Loop through Sub Authorities
for($i = 0; $i < $subauths; $i++) {
$start = 8 + (4 * $i);
// X amount of 32Bit (4 Byte) Sub Authorities
$sid = $sid.'-'.hexdec($sidinhex[$start+3].$sidinhex[$start+2].$sidinhex[$start+1].$sidinhex[$start]);
}
return $sid;
}
function objectGUID($binaryGuid) {
$hexGuid = bin2hex($binaryGuid);
// Reorder and format according to standard GUID representation
$hex1 = substr($hexGuid, 6, 2) . substr($hexGuid, 4, 2) . substr($hexGuid, 2, 2) . substr($hexGuid, 0, 2);
$hex2 = substr($hexGuid, 10, 2) . substr($hexGuid, 8, 2);
$hex3 = substr($hexGuid, 14, 2) . substr($hexGuid, 12, 2);
$hex4 = substr($hexGuid, 16, 4);
$hex5 = substr($hexGuid, 20, 12);
return sprintf('%s-%s-%s-%s-%s', $hex1, $hex2, $hex3, $hex4, $hex5);
}
$user = 'user1'; //設定欲認證的帳號名稱
$ldappass = 'p@ssw0rd'; //設定欲認證的帳號密碼
$domain = 'test.loc'; //設定網域名稱
putenv('LDAPTLS_REQCERT=allow');
$ldapconn = @ldap_connect("ldaps://" . $domain) or die("無法連接至 $domain");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) { // binding to ldap server
$ldapbind = @ldap_bind($ldapconn, $user . '@' . $domain, $ldappass);
if ($ldapbind) { // verify binding
$result = @ldap_search($ldapconn, sprintf("dc=%s", (str_replace(".", ",dc=", $domain))), "(sAMAccountName=$user)");
if($result==false) echo "認證失敗";
else {
$entries = ldap_get_entries($ldapconn, $result);
$results2 = ldap_search($ldapconn, sprintf("dc=%s", (str_replace(".", ",dc=", $domain))),"(&(objectclass=group)(objectsid=*))", array("cn", "objectguid"));
$entries2 = ldap_get_entries($ldapconn, $results2);
for ($i=1; $i<$entries2['count']; $i++)
echo $entries2[$i]['cn'][0] . "\n" . objectGUID($entries2[$i]['objectguid'][0]) . "\n" . objectSid($entries2[$i]['objectsid'][0]) . "\n\n";
}
} else echo "認證失敗...";
}
?>
2025年8月21日 星期四
Debian NGINX 設定 SSH Over HTTPS
安裝
apt install -y nginx libnginx-mod-stream
建立 NGINX 憑證
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
編輯 /etc/nginx/nginx.conf 加入
stream {
server {
listen 443 ssl; # Or 80 for HTTP
proxy_pass ssh_backend;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
#加密方式
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}
upstream ssh_backend {
server 127.0.0.1:22; # Or the actual SSH server IP and port
}
}
編輯 /etc/nginx/nginx.conf
設定 HTTP Options
server_tokens off;
編輯 /etc/ssh/sshd_config 加入
DebianBanner no
連線方式
ssh -o ProxyCommand="openssl s_client -servername localhost -connect <nginx server>:443 2>&1" root@l -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
ssh -o ProxyCommand="openssl s_client -connect <nginx server>:443 2>&1" user@ -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
Apache2 錯誤訊息 SSLEngine
錯誤訊息
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
執行
a2enmod ssl
使用 artipie 作為 Maven cache server
編輯 .m2/settings.xml 內容如下
<?xml version="1.0"?>
<settings >
<mirrors >
<mirror >
<id>maven</id >
<name>Maven Repository Manager running on https://repo.maven.apache.org/maven2 </name >
<url>http://artipie.loc:8085/maven/ </url >
<mirrorOf>central</mirrorOf >
</mirror >
</mirrors >
</settings >
測試
mvn dependency:get -DgroupId=junit -DartifactId=junit -Dversion=4.13.2 -Dtransitive=false -s ~/.m2/settings.xml -X
2025年8月11日 星期一
Debian 12 Artipie 安裝設定
apt install -y default-jre
新增帳號 artipie
mkdir -p /opt/artipie
wget https://github.com/artipie/artipie/releases/download/v1.17.16/artipie-v1.17.16-jar-with-dependencies.jar -O /opt/artipie/artipie.jar
mkdir -p /home/artipie/data
mkdir -p /home/artipie/repo
編輯 /home/artipie/artipie.yaml
meta:
storage:
type: fs
path: /var/artipie/repo
編輯 /home/artipie/repo/maven.yaml
repo:
type: maven-proxy
remotes:
- url: https://repo.maven.apache.org/maven2
storage:
type: fs
path: /var/artipie/data
ln -s /home/artipie/ /var/artipie
編輯 /etc/systemd/system/artipie.service
[Unit]
Description=Artipie Server
[Service]
Type=simple
ExecStart=java -jar /opt/artipie/artipie.jar --config-file=/var/artipie/artipie.yaml --port=8085
Restart=always
User=artipie
Group=artipie
[Install]
WantedBy=multi-user.target
chmod a+x /etc/systemd/system/artipie.service
systemctl daemon-reload
2025年8月5日 星期二
Debian 12 安裝 NextCloud
安裝相關軟體環境
apt update && apt upgrade -y
apt install unzip wget
apt -y install apache2 libapache2-mod-php -y
apt -y install php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip
apt -y install libmagickcore-6.q16-6-extra
apt -y install php-gmp
apt -y install php-apcu
apt -y install php-ldap
wget https://download.nextcloud.com/server/releases/nextcloud-31.0.7.zip
unzip nextcloud-31.0.7.zip -d /var/www/html/
chown -R www-data:www-data /var/www/html/nextcloud/
chmod -R 755 /var/www/html/nextcloud/
設定資料庫
apt install mariadb-server mariadb-client -y
mysql_secure_installation
mysql -u root -p
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
EXIT;
設定Apache2
編輯 /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/nextcloud/
ServerName your-domain.com
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
</VirtualHost>
編輯 /etc/php/8.2/apache2/php.ini 加入
memory_limit = 256M
opcache.interned_strings_buffer=16
a2ensite nextcloud
a2enmod rewrite
a2enmod headers
編輯 /etc/apache2/apache2.conf 加入
Header always set Strict-Transport-Security "max-age=31536000;
systemctl restart apache2
設定NextCloud
使用瀏覽器連線設定 NextCloud
編輯 /var/www/html/nextcloud/config/config.php 加入
'memcache.local' => '\OC\Memcache\APCu',
'default_phone_region' => 'TWN',
cd /var/www/nextcloud
sudo -u www-data php occ maintenance:repair --include-expensive
Apache2 設定 HTTP 嚴格傳輸安全 (HSTS)
a2enmod headers
編輯 /etc/apache2/apache2.conf 加入
Header always set Strict-Transport-Security "max-age=31536000;
2025年7月28日 星期一
libnss_shim 設定筆記
https://github.com/xenago/libnss_shim/tree/main
編輯 /etc/libnss_shim/config.json
case ${LIBNSS_OP} in
2025年7月23日 星期三
實體隔離 安裝 github 上 R package
1. 使用 git clone 指令下載
2. R 安裝指令安裝,install.packages("/path to folder with the package", repos = NULL, type = "source")
Linux 特殊用途 FUSE Module
DAZUKOFS 可堆疊檔案系統
https://github.com/twiddern/dazukofs-linux3.6
Libsqlfs FUSE 模組,允許 sqlite 可透過作業系統級檔案系統介面存取
https://github.com/guardianproject/libsqlfs
loggedfs LoggedFS FUSE 模組,可以記錄其中發生的每個操作
https://github.com/rflament/loggedfs
fuse-nfs NFS協定 FUSE 模組
https://github.com/sahlberg/fuse-nfs
X2GO Windows 版本清除設定異常
移除 X2GO
執行 regedit
刪除 HKEY_CURRENT_USER\Software\Obviously Nice\x2goclient 資料夾
重新安裝 X2GO
2025年7月7日 星期一
debian 12 安裝verdaccio
npm install --global verdaccio
adduser verdaccio
su - verdaccio
verdaccio
exit
mkdir -p /etc/verdaccio/
ln -s /etc/verdaccio/config.yaml /home/verdaccio/verdaccio/config.yaml
編輯 /home/verdaccio/verdaccio/config.yaml
storage: /home/verdaccio/verdaccio/storage
listen:
- 0.0.0.0:4873
#auth:
# htpasswd:
# max_users: -1
編輯 /etc/systemd/system/verdaccio.service
[Unit]
Description=Verdaccio lightweight npm proxy registry
[Service]
Type=simple
Restart=on-failure
User=verdaccio
ExecStart=/usr/local/bin/verdaccio --config /etc/verdaccio/config.yaml
[Install]
WantedBy=multi-user.target
使用方式
使用以下指令設定自訂 registry
npm config set registry http://verdaccio.loc:4873
或編輯 ~/.npmrc 內容
registry=http://verdaccio.loc:4873/
2025年6月23日 星期一
Anaconda 使用Proxy 安裝 Python 套件
終端機下執行 conda 指令
conda config –set proxy_servers.http http://proxy.loc:3128
conda config –set proxy_servers.https http://proxt.loc:3128
或編輯設定檔 ~/.condarc 加入以下內容
proxy_servers:
http: http://proxy.loc:3128
https: http://proxy.loc:3128
檢視 conda 設定,終端機下執行
conda config –show
conda info --all
使用範例
conda config –add channels conda-forge
conda install gcc=12
conda install gxx=12
conda install gcc=12 -c conda-forge
conda install gxx=12 -c conda-forge
Windows 10/11 powershell 下新增VPN
Add-VpnConnection -Name "VPN-NAME" -ServerAddress "vpn-server" -PassThru -TunnelType "Automatic"
-TunnelType
指定用於VPN連接的 Tunnel類型。此參數的可接受值為:
PPTP L2TP SSTP IKEv2 Automatic
Openssh server 設定特定群組限用 sftp
編輯 /etc/ssh/sshd_config
# override default of no subsystems
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match group domain?users
#Match group *,!sudo
#ChrootDirectory /home/%u@loc
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
pip 安裝 github 項目
pip install git+https://github.com/popgenmethods/smcpp.git --user
git clone https://github.com/popgenmethods/smcpp.git
cd smcpp
python3 setup.py install --user
2025年6月5日 星期四
Debian 12 sssd realm 無法加入網域
錯誤訊息
Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-090dt5/krb5.d/adcli-krb5-conf-uzvObj
* Authenticated as user: Administrator@test.loc
* Using GSS-SPNEGO for SASL bind
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
adcli: couldn't connect to ssde.sinica domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Insufficient permissions to join the domain
安裝 krb5相關軟體
apt install krb5-user
2025年5月28日 星期三
LEAF Bering-uClibc 7.4.0 安裝 accelppp
編輯 /etc/modules 載入相關模組,reboot
# Modules needed for PPP connection
slhc
ppp_generic
ppp_async
# The three following modules are not always needed
zlib_inflate
zlib_deflate
ppp_deflate
# Modules needed for PPP/PPPOE connection
slhc
pppoe
# Modules needed for PPTP connection
pptp
# Modules needed for L2TP connection
slhc
pppol2tp
ppp_mppe
# Modules needed for PPPOA connection
# An ATM adapter module must be loaded for this to work
# (e.g. unicorn_pci_atm or unicorn_usb_atm)
slhc
ppp_generic
pppoatm
安裝 accelppp accelppp pppscrpt libpcre libsnmp
編輯 /etc/accel-ppp.conf
chap-secrets
[chap-secrets]
chap-secrets=/etc/ppp/chap-secrets
編輯 /etc/ppp/chap-secrets
帳號密碼設定檔 共四欄
# 第一欄為連線帳號,
# 第二欄要設定成/etc/accel-ppp.conf 中的name
# 第三欄為密碼
# 第四欄為連線IP
設定 shorewall
編輯 /etc/shorewall/rules加入
ACCEPT net fw tcp 1723
ACCEPT net fw udp 1701
Ping(ACCEPT) vpn fw
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn ppp+
編輯 /etc/shorewall/policy 加入
vpn loc ACCEPT
編輯/etc/shorewall/masq
eth0 192.168.2.0/24
參考文件
https://docs.accel-ppp.org/configuration/configuration.html
相關 module
nf_nat_pptp
2025年5月27日 星期二
2025年5月19日 星期一
廣告惡意網站清冊
https://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server
https://github.com/FutaGuard/LowTechFilter?tab=readme-ov-file
https://github.com/hagezi/dns-blocklists
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnsmasq/dnsmasq.blacklist.txt
參考資訊
https://www.ptt.cc/bbs/AdBlock/M.1616322714.A.62E.html
dnsmasq 設定範例
編輯 /etc/dnsmasq.d/adblock.list.conf 加入阻擋內容
server=/www.0xplusdapp.com/
server=/www.0xdappplus.com/
server=/www.0857.games/
Apache2 錯誤訊息 'Header'
Apache2 錯誤訊息
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
缺相關 Module
a2enmod headers
apache2ctl -M | grep headers_module
Proxmox VE 備份前後執行script
/etc/vzdump.conf 增加
script: /etc/your-custom-script.sh
編輯 /etc/your-custom-script.sh 內容如下
#!/bin/bash
# $1=post-restart $2=snapshot <backup Mode> $3=100 <lxc id>
# STOREID=local
# TARGET=/var/lib/vz/dump/vzdump-lxc-100.tar.zst
# VMTYPE=lxc
if [ "$1" == "post-restart" ]; then
do something
fi
if [ "$1" == "job-end" ]; then
do something else
fi
exit 0
2025年4月2日 星期三
Sqlite3加密方案
SQLite Encryption Extension (SEE)
https://sqlite.org/com/see.html
sqlcipher
https://www.zetetic.net/sqlcipher/
https://github.com/zhouchangsheng/sqlcipher
apt install -y sqlcipher
sqlite-encrypt
https://github.com/jingqi/sqlite-encrypt/blob/master/README.md
SQLiteCrypt
https://www.sqlite-crypt.com/
2025年4月1日 星期二
Debian 12 安裝 Docker
sudo apt remove docker docker-engine docker.io containerd runc
sudo apt update
sudo apt install -y ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker $(whoami)
Debian 12 Kernel Module 筆記
安裝編輯環境
apt install -y gcc linux-headers-$(uname -r)
hello.c 內容
#include <linux/module.h> /* Needed by all modules */
#include <linux/kernel.h> /* Needed for KERN_INFO */
int init_module(void)
{
printk(KERN_INFO "Hello world 1.\n");
/*
* A non 0 return means init_module failed; module can't be loaded.
*/
return 0;
}
void cleanup_module(void)
{ printk(KERN_INFO "Goodbye world 1.\n"); }
MODULE_LICENSE("L");
MODULE_AUTHOR("Taiwan");
MODULE_DESCRIPTION("Taiwan");
MODULE_VERSION("1");
obj-m += hello.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
Debian 12 Devpi server 安裝筆記
安裝devpi
apt install pip -y
mv /usr/lib/python3.11/EXTERNALLY-MANAGED /usr/lib/python3.11/EXTERNALLY-MANAGED.bk
pip install -q -U devpi-server devpi-web --root-user-action=ignore
產生設定檔
adduser devpi
su devpi -
cd ~
devpi-init
devpi-gen-config --host 0.0.0.0 --port 3141
安裝服務
cp /home/devpi/gen-config/devpi.service /etc/systemd/system/
systemctl enable devpi
測試
http://127.0.0.1:3141/
http://127.0.0.1:3141/root/pypi/+simple/
相關指令及目錄
devpi-gen-config --help
/usr/local/bin/devpi-server
/home/devpi/.devpi
使用方式
使用指令列安裝加入相關參數
pip install -i http://devpi.loc/root/pypi/+simple/ –trusted-host devpi.loc package_name
或編輯 ~/.pip/pip.conf 設定檔
[global]
index-url = http://devpi.loc/root/pypi/+simple/
[install]
trusted-host=devpi.loc
pip install -i http://<devpi-host>:3141/root/pypi/+simple/ simplejson --break-system-packages --trusted-host <devpi-host>
相關文件
https://devpi.net/docs/devpi/devpi/6.13/+d/index.html
PHP取得MIME類型
<?php
$f = "1.woff";
$fi = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $fi->file($f);
echo $mime_type;
echo (new finfo(FILEINFO_MIME_TYPE))->file($f);
?>
Debian 12 NoVNC
安裝
apt install -y novnc apache2 php
Apache Module 設定
a2enmod rewrite
a2enmod headers
Apache VirtualHost <Directory> or <Location>設定
Header set Cache-Control "no-cache"
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L]
index.php 內容
<?php
$NOVNC = "/usr/share/novnc/vnc.html";
$NOVNC = "/usr/share/novnc/v.html";
$NOVNC_DIR = dirname($NOVNC);
if($_SERVER["SCRIPT_URL"]=="/xxx") {
if($_REQUEST['host']!='') exit();
header("Content-Type: text/html");
readfile($NOVNC);
exit();
}
//novnc file_exists
$_t = $NOVNC_DIR . $_SERVER["SCRIPT_URL"];
if(file_exists($_t)) {
switch(pathinfo($_t, PATHINFO_EXTENSION)){
case "":
case "htm":
case "html":
case "pl":
case "md": exit(); break;
case "css": $x = "text/css"; break;
case "js" : $x = "text/javascript"; break;
default: $x = (new finfo(FILEINFO_MIME_TYPE))->file($_t);
}
header("Content-Type: $x");
readfile($_t);
exit();
}
?>
隱藏 Clipboard Connection Controls
修改 /usr/share/novnc/vnc.html
<!-- Clipboard -->
<input type="hidden" alt="Clipboard" src="app/images/clipboard.svg"
id="noVNC_clipboard_button" class="noVNC_button"
<!-- Connection Controls -->
<input type="hidden" alt="Disconnect" src="app/images/disconnect.svg"
id="noVNC_disconnect_button" class="noVNC_button"
title="Disconnect">
2025年3月4日 星期二
2025年2月20日 星期四
Debian 12 安裝 Joomla 5
系統最低需求
PHP 8.1.0 (Modules: json, simplexml, dom, zlib, gd, mysqlnd or pdo_mysql or pdo_pgsql)
MySQL 8.0.13 / MariaDB 10.4.0 / PostgreSQL 12.0
Apache 2.4 / Nginx 1.21 / Microsoft IIS 10
安裝範例
apt update;apt upgrade -y;apt install -y busybox wget
apt install nginx / apt install -y apache2
apt install -y php php-common php-curl php-fpm php-imap php-cli php-xml php-zip php-mbstring php-gd php-mysql
apt install -y mariadb-server mariadb-client
systemctl start mariadb;systemctl enable mariadb
export h=/var/www/html/joomla
mkdir -p ${h}; cd ${h}
wget -q -O- https://downloads.joomla.org/zh/cms/joomla5/5-2-4/Joomla_5-2-4-Stable-Full_Package.zip?format=zip|busybox unzip -
chown -R www-data:www-data ${h}
cd -
mysql -u root
MariaDB [(none)]> CREATE DATABASE joomla_db;
MariaDB [(none)]> CREATE USER joomla_user@'localhost' IDENTIFIED BY 'joomla5_p@ssw0rd';
MariaDB [(none)]> GRANT ALL on joomla_db.* to joomla_user@localhost;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT
2025年2月17日 星期一
Debain 12 安裝執行 bandersnatch
安裝
apt install -y pip
pip install bandersnatch --break-system-packages
產生 /etc/bandersnatch.conf 設定檔
bandersnatch mirror
修改 /etc/bandersnatch.conf 設定檔
執行同步
bandersnatch mirror
2025年2月16日 星期日
APT-Cacher 設定
安裝
apt install -y apt-cacher
編輯 /etc/apt-cacher/apt-cacher.conf
allowed_hosts = 192.168.0.0/16
allowed_hosts = *
distinct_namespaces = 1
相關目錄
/var/cache/apt-cacher
使用端設定
編輯 /etc/apt/apt.conf.d/90-apt-proxy.conf 加入
Acquire::http::Proxy "http://<apt-cacher-host>:3142";
Acquire::https::Proxy "http://<apt-cacher-host>:3142";
Acquire::HTTPS::proxy "DIRECT";
2025年2月3日 星期一
Debian 12 安裝 Clamav
安裝
sudo apt install -y clamav clamav-daemon clamtk
相關服務
clamav-daemon
clamav-daemon.socket
clamav-freshclam
相關設定檔案及目錄
/var/lib/clamav
/var/log/clamav
/etc/clamav/freshclam.conf
/etc/clamav/clamd.conf
~/.clamtk/db/freshclam.conf
病毒碼 更新 Proxy
編輯 /etc/freshclam.conf 加入
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
HTTPProxyPort 3128
手動更新病毒碼
freshclam
手動下載病毒碼
wget --user-agent='CVDUPDATE/0' https://database.clamav.net/main.cvd https://database.clamav.net/daily.cvd https://database.clamav.net/bytecode.cvd
手動掃描
clamscan /path/to/directory
clamscan -r --remove /path/to/directory
clamscan -r --bell -i /path/to/directory
Debian 12 X window 浮水印應用 activate-linux
安裝環境設定
apt install git gcc libconfig-dev libcairo2-dev libxi-dev libx11-dev x11proto-core-dev x11proto-dev \
libxt-dev libxext-dev libxfixes-dev libxinerama-dev libxrandr-dev libwayland-dev wayland-protocols
安裝
git clone https://github.com/MrGlockenspiel/activate-linux
cd activate-linux/
make
make install
執行
export DISPLAY=:0.0;
/usr/local/bin/activate-linux
Debian 12 安裝 nginx reverse stream proxy
安裝
apt install -y nginx libnginx-mod-stream
編輯 /etc/nginx/nginx.conf 加入
stream {
server {
listen 3389;
proxy_pass 10.10.10.10:3389;
}
}
stream {
server {
listen 443;
proxy_pass admin;
}
upstream admin {
server 10.10.10.10:443;
}
}
2025年1月17日 星期五
PHP proc_open 摘要
<?php
$cmd = "sqlite3 1.db ";
$interactive_cmd = "insert into a (a1,a2) values('中文','許');";
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stdout
2 => array("pipe", "w") // stderr ?? instead of a file
);
$stdout = "";
$stderr = "";
$process = proc_open($cmd, $descriptorspec, $pipes, NULL);
if (is_resource($process)) {
fwrite($pipes[0], $interactive_cmd . PHP_EOL);
fclose($pipes[0]);
while($s= fgets($pipes[1], 1024)) $stdout .= $s; // read from the pipe
fclose($pipes[1]);
// stderr optional:
while($s= fgets($pipes[2], 1024)) $stderr .= $s;
fclose($pipes[2]);
}
echo "stdout: $stdout \nstderr: $stderr\n";
?>
Debian 12 限制掛載 usb flash 為唯讀
編輯 /etc/udisks2/mount_options.conf 加入
[defaults]
defaults=ro
allow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,sync,dirsync,noload
重新啟動服務
systemctl restart udisks2
參考
https://storaged.org/doc/udisks2-api/latest/mount_options.html
Debian 12 限制用戶登入終端機
編輯 /etc/pam.d/login 加入
account required /lib/security/pam_access.so
編輯 /etc/security/access.conf 加入
-:ALL EXCEPT root:tty1 tty2 tty3 tty4 tty5 tty6
2025年1月10日 星期五
Debian 12 使用 IBus 輸入法
安裝
apt install -y ibus-table
apt install -y ibus-chewing ibus-zhuyin ibus-table-easy ibus-table-easy-big
相關目錄
/usr/share/ibus-table/tables/
/usr/share/ibus-table/icons/
相關指令
ibus-table-createdb
ibus-setup
ibus restart
im-config #apt install -y zenity
Windows 11 WSL 中文輸入 fcitx5
安裝
sudo apt install fcitx5 fcitx5-* # 全部Fcitx5支援的輸入法
sudo apt install fcitx5-chinese-addons fcitx5-chewing # 只安裝新酷音注音
sudo apt install fcitx5-table-easy-large fcitx5-chinese-addons #只安裝輕鬆
sudo apt install fcitx5-frontend-gtk2 fcitx5-frontend-gtk3 fcitx5-frontend-gtk4 fcitx5-frontend-qt5 fcitx5-frontend-qt6
執行
export GTK_IM_MODULE=fcitx
export QT_IM_MODULE=fcitx
export XMODIFIERS=@im=fcitx
export DefaultIMModule=fcitx
fcitx-autostart &>/dev/null
相關設定
im-config
fcitx5-configtool
export WAYLAND_DISPLAY='wayland-0' DISPLAY=':0'
Debian 12 ibus 安裝嘸蝦米
sudo apt install ibus-table
git clone https://github.com/daineseh/liu_ibus_table
cd liu_ibus_table
sudo ibus-table-createdb -s liu_ibus_table.txt -n liu.db
sudo cp liu.db /usr/share/ibus-table/tables/
sudo cp liu.png /usr/share/ibus-table/icons/
debain 12 自動更新
安裝
sudo apt update && apt upgrade
sudo apt install unattended-upgrades apt-listchanges -y
sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades
編輯設定檔
/etc/apt/apt.conf.d/50unattended-upgrades
自動執行設定
dpkg-reconfigure unattended-upgrades
dpkg-reconfigure -f noninteractive unattended-upgrades
相關設定檔 /etc/apt/apt.conf.d/20auto-upgrades
測試
unattended-upgrades --dry-run --debug
參考文件
https://wiki.debian.org/UnattendedUpgrades
VNC X window screen locks: "Authentification error"
loginctl list-sessions
loginctl unlock-session SESSION-ID