tag:blogger.com,1999:blog-226711292024-02-21T04:11:21.600+08:00openSUSE安裝日誌這個網站只是單純的openSUSE linux的一個心得跟體驗,沒有什麼,just for fun.Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.comBlogger145125tag:blogger.com,1999:blog-22671129.post-50999073900381982782023-12-25T11:13:00.014+08:002023-12-25T11:16:51.733+08:00在Kali Linux上安裝GVM 22.9 <p> 事情是醬子的,<strike>突然覺得可以改成叫GVM安裝日誌。</strike></p><p>這次因為需求進行弱掃時發現一堆Report outdated / end-of-life Scan Engine / Environment。</p><p>內心OS:版本又過期了阿。</p><p>好吧,更新看看</p><p> <span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">yum update -y</span></span></p><p>沒有任何動靜,於是立馬跑去<a href="https://github.com/Atomicorp/gvm" style="background-color: white; color: #2288bb; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px; text-decoration-line: none;">Atomicorp的Github</a>看看。</p><p>在issue可以看到不少鄉民也有類似問題<a class="Link--primary v-align-middle no-underline h4 js-navigation-open markdown-title" data-hovercard-type="issue" data-hovercard-url="/Atomicorp/gvm/issues/70/hovercard" data-turbo-frame="repo-content-turbo-frame" href="https://github.com/Atomicorp/gvm/issues/70" id="issue_70_link" style="background-color: #f6f8fa; box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "Noto Sans", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: var(--h4-size, 16px) !important; font-weight: var(--base-text-weight-semibold, 600) !important; text-decoration-line: none; vertical-align: middle;">22.4.1 is End-of-Life</a></p><p>看來作者應該是忙到沒時間幫忙打包更新了。</p><p>經過一番Google大神爬文後,我下定決心改投入<a href="https://www.kali.org/">Kali Linux</a>的懷抱。(X</p><p>安裝方式也非常簡單,可以參考鄉民寫的詳細教學 - <a href="https://medium.com/@jieshiun/%E5%A6%82%E4%BD%95%E5%9C%A8-esxi-%E5%AE%89%E8%A3%9D-kali-linux-12f121bea3d2">如何在ESXi 安裝Kali Linux. Kali Linux</a></p><p>在Kali Linux上安裝GVM真的是非常非常容易。</p><p><br /></p><p>1.檢查更新</p><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo apt-get update<br /><br /></span></span></p><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo apt-get upgrade</span></span></p><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo apt-get dist-upgrade</span></span></p></div><div><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;"><br /></span></span></div><div>2.安裝GVM</div><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo apt-install gvm</span></span></p></div><div><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;"><br /></span></span></div><div>3.執行設定</div><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo gvm-setup</span></span></p></div><div><span style="color: red;"><b>※注意:預設管理者帳號、密碼會在此時建立,記得先複製起來,不然等下會無法登入。</b></span></div><div><br /></div><div>4.啟動GVM</div><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo gvm-start</span></span></p></div><div>5.檢查設定是否有錯</div><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo apt-check-setup</span></span></p></div><div>6.更新FEED</div><div><p><span style="color: white; font-family: Menlo, Monaco, Consolas, Courier New, monospace;"><span style="background-color: black;">sudo greenbone-feed-sync</span></span></p></div><div>7.打完收工</div><div>正當以為要打完收工時,此時才發現無法從外部主機登入,正確地來說只能在本機裝置上使用https://127.0.0.1:9392 登入,趕快Google爬文一下,才發現<a href="https://forum.greenbone.net/t/cannot-connect-to-the-gvm-host/10855">鄉民指出</a>要修改設定。</div><div><br /></div><div><br /></div><div>7.1先停止服務</div><div><span style="background-color: black; color: white; font-family: Menlo, Monaco, Consolas, "Courier New", monospace;">sudo gvm-stop</span></div><div><br /></div><div>7.2修改設定檔</div><div><span style="background-color: black; color: white; font-family: Menlo, Monaco, Consolas, "Courier New", monospace;">sudo nano /usr/lib/systemd/system/greenbone-security-assistant.service</span></div><div><br /></div><div>將listen 127.0.0.1 修改為0.0.0.0</div><div><br /></div><div>7.3啟動服務</div><div><span style="background-color: black; color: white; font-family: Menlo, Monaco, Consolas, "Courier New", monospace;">sudo gvm-start</span></div><div><br /></div><div>然後就可以<strike>開心地</strike>去修漏洞了。</div><div><br /></div><div>參考來源:</div><div>https://www.kali.org/tools/gvm/#gvm</div><div><br /></div><div>https://forum.greenbone.net/t/cannot-connect-to-the-gvm-</div><div>host/10855</div><div><br /></div><div>https://github.com/Atomicorp/gvm/issues</div><div><br /></div><div>https://medium.com/@jieshiun/%E5%A6%82%E4%BD%95%E5%9C%A8-esxi-%E5%AE%89%E8%A3%9D-kali-linux-12f121bea3d2</div><p><br /></p><p><br /></p>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-76508428435866492182022-06-28T11:40:00.005+08:002022-06-28T11:40:41.897+08:00GVM Web Client Session Time Out<p> 事情是這樣子的</p><p>就在安裝好GVM之後,可以正常掃描,報告也可以順利產出,同事跑來說SESSION TIME OUT 可不可以設定長一點,一下就登出 非常麻煩。XD</p><p>看了一下右上角的設定,似乎沒有翻到可以設定SESSION TIME OUT地方,爬了一下網路大神的文章才發現,只要去修改一下啟動服務,加上 --timeout=1440。(1440可以改成您希望的時間)</p><p><br /></p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">vi /usr/lib/systemd/system/gsad.service</span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span><blockquote><span style="color: white;">ExecStart=/usr/sbin/gsad </span><span style="color: red;">--timeout=1440</span><span style="color: white;"> --munix-socket=/var/run/gvmd/gvmd.sock $OPTIONS</span></blockquote></span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">systemctl daemon-reload</span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">systemctl restart gsad.service</span></pre><div><span style="color: white;"><span style="color: white; display: inline; float: none; font-family: "courier 10 pitch" , "courier" , monospace; font-size: 15px;"><br /></span></span></div><p></p><p>重新登入WEB之後,就可以不會被踢出來,雖然很方便,但是資安面來說 不大好對吧XD,還是要定期登出,避免重要資訊洩漏!</p><p><br /></p><p>參考來源:</p><p><a href="https://community.greenbone.net/t/client-web-portal-timeout/696">Client Web Portal Timeout</a></p>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-90023264869496290562022-06-20T11:23:00.003+08:002022-06-22T10:12:50.347+08:00一波多折的GVM(OpenVAS)@CentOS 8<p>更可怕的是,就當我以為一切都已經成功了,結果掃描還是出錯,我真的是........</p><p>心情平復個幾天之後,決定重新再試一次。</p><p>全新安裝的<a href="http://isoredirect.centos.org/centos/8-stream/isos/x86_64/">CentOS 8</a></p><p>一樣先完全按照透過<a href="https://github.com/Atomicorp/gvm">Atomicorp的Github教學</a>操作。</p><p>此時先保持一顆冷靜的心,已經做好接下來可能會有一場硬仗。</p><p>深深的深呼吸,開始一步一步來。</p><p>首先先依照先來把服務啟動的部分先調整(畢竟這個步驟是讓我感動到差點飆出眼淚的)</p><blockquote><p><a href="https://community.greenbone.net/t/solved-guidance-troubleshooting-from-log-files-ospd-service-running-but-not-accepting-connections/11900">SOLVED: Guidance troubleshooting from log files. ospd service running but not accepting connections</a></p></blockquote><p>第一步先編輯 /user/lib/systemd/system/gvmd.service</p><blockquote><p>#ExecStart=/usr/sbin/gvmd --osp-vt-update=/var/run/ospd/ospd<b><span style="color: red;">-openvas</span></b>.sock $OPTIONS</p><p>ExecStart=/usr/sbin/gvmd --osp-vt-update=/var/run/ospd/ospd.sock $OPTIONS</p></blockquote><p>第二部接著編輯 /user/lib/systemd/system/ospd-openvas.service</p><blockquote><p>#PIDFile=/var/run/ospd/ospd-openvas.pid</p><p>PIDFile=/var/run/ospd/ospd.pid</p><p>#ExecStart=/opt/atomicorp/bin/ospd-openvas --pid-file /var/run/ospd/ospd-openvas.pid --unix-socket=/var/run/ospd/ospd-openvas.sock --log-file /var/log/gvm/ospd-scanner.log --lock-file-dir /var/run/gvm/</p><p>ExecStart=/opt/atomicorp/bin/ospd-openvas --pid-file /var/run/ospd/ospd-openvas.pid --unix-socket=/var/run/ospd/ospd-openvas.sock --log-file /var/log/gvm/ospd-scanner.log --lock-file-dir /var/run/gvm<span style="color: red;"><b>d</b></span>/</p></blockquote><p>這部分跟原作者分享不同的地方在於,當我試著把ospd-openvas修改成ospd.pid 跟ospd.sock時,會造成服務啟動失敗。(我也不知道怎麼回事,太弱了(掩面))</p><p>接著執行</p><blockquote><p>systemctl daemon-reload</p></blockquote><p>把服務重新啟動</p><blockquote><p>systemctl restart gvmd.service</p></blockquote><blockquote>systemctl restart ospd-openvas.service</blockquote><p>此時查看LOG時發現錯誤,無法讀取ospd.sock</p><p> Log路徑為/var/log/gvm/gvmd.log、為/var/log/gvm/ospd-scanner.log</p><p>此時偷吃步直接到/var/run/ospd 建立鏈結</p><blockquote><p>ln -s ospd-openvas.sock ospd.sock</p></blockquote><p>接著查看log沒有看到奇奇怪怪的錯誤訊息了。</p><p>趕快登入WEB 介面,測試掃描。</p><p>等待的心情真是坎坷不安XDD</p><p>終於終於成功了,看著百分比再跑著,有種說不出的感動。</p><p>感謝網路上各路大神分享,才能得以順利完成,真的真的是非常謝謝你們。</p><p>一直以來能在資訊這領域默默的接受網路上這些無私大佬的分享,真的真的很謝謝你們。</p><p> </p><blockquote><p> </p></blockquote><blockquote><p> </p></blockquote><p>===下方為之前以為終於成功的紀錄,結果掃描下去還是出錯=== </p><p>事情是這樣子的 ~</p><p>之前裝好的GVM可能因為版本太舊的關係,又無法使用了。</p><p>由於上次的良好經驗,心想這次大概就是三二一步驟貼一貼就可以收工了。</p><p>沒想到這次安裝上會遇到這麼多奇奇怪怪的小問題XD。</p><p><br /></p><p>首先一樣是按照透過<a href="https://github.com/Atomicorp/gvm">Atomicorp的Github教學</a>,安裝的過程倒是輕鬆又愜意。</p><p>就在把NVT 等Feed更新完成之後,準備要建立掃描時,一直出現錯誤訊息</p><p></p><blockquote>Failed to find config 'daba56c8-73ec-11df-a475-002264764cea'</blockquote><p></p><p>爬文一下才知道原來是少了Scan Configs,於是看了一堆網路大神的解決方法。</p><p><a href="https://community.greenbone.net/t/missing-scan-configs-gvm-20-08-1/9604">Missing scan configs (GVM 20.08.1)</a></p><p>全部方法試過還是失敗,這時不死心地查看一下LOG(/var/log/gvm/gvmd.log)</p><p></p><blockquote>osp_scanner_feed_version: failed to get scanner_feed_version. OSPd OpenVAS is still starting</blockquote><p>看起來跟ospd這個有關,檢查一下LOG(var/log/gvm/ospd-scanner.log)</p><blockquote><p>permission denied</p></blockquote><p>此時突然想起某篇討論(當然前面也曾經照這篇調整修改過)</p><p></p><blockquote> <a href="https://community.greenbone.net/t/solved-guidance-troubleshooting-from-log-files-ospd-service-running-but-not-accepting-connections/11900">SOLVED: Guidance troubleshooting from log files. ospd service running but not accepting connections</a></blockquote><p> 把/user/lib/systemd/system/ospd-openvas.service 裡面的--locked-file-dir /var/run/gvm修改為</p><p></p><blockquote>--locked-file-dir /var/run/<span style="color: red;">gvmd</span></blockquote><p>重新讀取systemctl daemon-reload 然後把ospd服務重新啟動(重新開機也可以XD)</p><p>當下查看LOG時,出現正在更新GVMD_DATA(當下都感動得快飆出淚來了~)</p><p>更新完成之後,Scan configs的東西就出現了。</p><p><br /></p><p>這是一篇非常雜亂,又誤打誤撞莫名其妙成功的心得。</p><p>希望給遇到相同困擾的鄉民一絲絲希望。 </p><p>參考來源:</p><p><a href="https://community.greenbone.net/t/missing-scan-configs-gvm-20-08-1/9604">Missing scan configs (GVM 20.08.1)</a></p><p><a href="https://community.greenbone.net/t/unable-to-create-scanner-configs-and-no-default-configs-are-provided/7929">Unable to create scanner configs, and no default configs are provided</a></p><p><a href="https://community.greenbone.net/t/solved-guidance-troubleshooting-from-log-files-ospd-service-running-but-not-accepting-connections/11900">SOLVED: Guidance troubleshooting from log files. ospd service running but not accepting connections</a></p><p><a href="https://community.greenbone.net/t/cant-start-ospd-openvas-service-could-not-gather-openvas-settings/10862">Can’t start ospd-openvas.service: Could not gather openvas settings</a></p><p></p><p></p><p></p>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-53653341152494219212022-04-27T10:56:00.009+08:002022-06-15T09:01:18.309+08:00OpenLDAP Password Policy overlay (ppolicy)<p> 事情是這樣子的............. (如同往常,又離題了XD)</p><p>正當我興高采烈地安裝好openLDAP並且準備開心的使用時,在大量寫入資料時發生錯誤。</p><p>根據錯誤訊息才知道原來是<span face="-apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif" style="background-color: white; color: #525960; font-size: 15px;">mapsize limit reached</span>的問題,還好這個小插曲不算太難解決,調整大小之後就順利解決了。</p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">vim increaseDbSize.ldif</span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;"><blockquote>dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcDbMaxSize
olcDbMaxSize: 1000000000</blockquote></span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">ldapmodify -Y EXTERNAL -H ldapi:/// -f increaseDbSize.ldif</span></pre><div><span style="color: white;"><span style="color: white; display: inline; float: none; font-family: "courier 10 pitch" , "courier" , monospace; font-size: 15px;"><br /></span></span></div><p></p><p>就當以為一切都順利搞定時,才發現原來預設是沒有密碼政策的,什麼密碼複雜度、輸入失敗錯誤鎖定..等是需要額外套用,嗯,這一切看起來真的是非常合理呢,接著便拼命的上網爬文,無論是網路上各路大神、或是鄉民的單一心法照抄都是失敗(可能看得不夠多),<strike>所幸皇天不負苦心人</strike>,混合使用之後終於僥倖的套用成功,記錄下來提供給可能照抄單一大神步驟失敗的朋友們試試看看。</p><p>第一步:啟用policy Overlay</p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="font-family: "Times New Roman"; font-size: medium; white-space: normal;"><span style="color: white;">ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif</span></span></pre><div><br /></div><p>第二步:建立一個放置規則的位置(請把<span style="color: red;">cn=admin,dc=yourdomain,dc=yourcom</span>替換成您的位置)</p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;"><code style="background-color: transparent;">vim policies_1.ldif</code></span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;"></span><blockquote><span style="color: white;">dn:ou=Policies,</span><span style="color: red; font-size: 13.2px;">cn=admin,dc=yourdomain,dc=yourcom
</span><span style="color: white;">objectClass: top
objectClass: organizationalUnit
ou: Policies
description: Password policy config files</span></blockquote></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">ldapadd -D </span><span style="background-color: transparent; color: red;">cn=admin,dc=yourdomain,dc=yourcom</span><span style="background-color: transparent;"><span style="color: white;"> -W -f policies_1.ldif</span></span></pre><p></p><p><br /></p><p>第三步: 讀取Modules</p><p></p><p style="-webkit-text-stroke-width: 0px; color: black; font-family: "Times New Roman"; font-size: medium; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"></p><p></p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; orphans: 2; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; widows: 2; word-break: break-all; word-spacing: 0px;"><code style="background-color: transparent;"><span style="color: white;">vim policy_module.ldif</span></code></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;"></span><blockquote><span style="color: white;">dn: cn=module{0},cn=config
</span><span style="background-color: transparent; color: white;">o</span><span style="background-color: transparent;"><span style="color: white;">bjectClass: olcModuleList
</span></span><span style="color: white;">cn: module{0}
olcModuleLoad: ppolicy.la</span></blockquote><span style="color: white;"></span></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">ldapadd -Y EXTERNAL -H ldapi:/// -f policy_module.ldif</span></pre><p></p><p></p><p><br /></p><p>第四步:讓資料夾知道讀取政策位置(mdb請自行替換成你的openLDAP的模式)</p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">vim policy_overlay.ldif</span></pre><pre><code><p></p><pre><code><pre style="-webkit-text-stroke-width: 0px; color: black; font-size: medium; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px;"><code></code></pre><blockquote style="-webkit-text-stroke-width: 0px; color: black; font-family: monospace; font-size: medium; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px;"></blockquote></code></pre><p></p><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;"></span><blockquote><span style="color: white;">dn: olcOverlay={1}ppolicy,olcDatabase={2}</span><span style="background-color: transparent; color: white;">mdb</span><span style="background-color: transparent;"><span style="color: white;">,cn=config
</span></span><span style="color: white;">objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {1}ppolicy
</span><span style="background-color: transparent; color: white;">olcPPolicyDefault: cn=DefaultPPolicy,ou=Policies,</span><span style="background-color: transparent; color: red;">cn=admin,dc=yourdomain,dc=yourcom</span></blockquote><span style="background-color: transparent; color: red;"></span></pre><pre><code><br /><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="color: white;">ldapadd -Y EXTERNAL -H ldapi:/// -f policy_overlay.ldif</span></pre></code></pre></code></pre><pre><code><p><br /></p><p>第五步:建立密碼政策(可以參考slapo-ppolicy)</p><pre style="-webkit-text-stroke-width: 0px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px;"><code><pre><code><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><span style="font-family: monospace; font-size: medium;"><span style="color: white;">vim Default_Policies.ldif</span></span></pre></code></pre></code></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><pre style="font-size: medium;"><code><span style="color: white;"></span></code><blockquote><code><span style="color: white;">dn: cn=DefaultPPolicy,ou=Policies,</span><span style="color: red;">cn=admin,dc=yourdomain,dc=yourcom</span><span><span style="color: red;">
</span><span style="color: white;">cn: DefaultPPolicy
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 2592000
pwdExpireWarning: 2160000
pwdInHistory: 3
pwdCheckQuality: 1
pwdMinLength: 8
pwdMaxFailure: 3
pwdLockout: TRUE
pwdLockoutDuration: 30
</span></span></code><span style="color: white;">pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE</span></blockquote></pre></pre><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; line-height: 1.2353; margin-bottom: 10.5px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 10px; word-break: break-all;"><code style="background-color: transparent;"><span style="color: white;">ldapadd -D </span><span style="color: red;">cn=admin,dc=yourdomain,dc=yourcom</span><span style="color: white;"> </span></code><span style="background-color: transparent; color: white;">-W -f Default_Policies.ldif</span></pre><pre><br /></pre><pre><span style="background-color: white; color: #222222; font-size: 13.2px;">接下來</span>就可以<strike>快樂</strike>的使用這些密碼政策了</pre></code></pre><p>參考文章</p><p><a href="https://serverfault.com/questions/962209/how-to-increase-size-of-openldap-mdb-database-mdb-map-full-error-code">How to increase size of OpenLDAP MDB database? (MDB_MAP_FULL Error Code)</a></p><p><a href="https://stackoverflow.com/questions/58063180/openldap-password-policy-overlap-how-to-assign-to-a-specific-ou">OPENLDAP: password policy overlap, how to assign to a specific OU</a></p><p><a href="https://tobru.ch/openldap-password-policy-overlay/">OpenLDAP Password Policy overlay (ppolicy)</a><br /></p><p><a href="https://www.openldap.org/software/man.cgi?query=slapo-ppolicy">slapo-ppolicy</a></p>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com1tag:blogger.com,1999:blog-22671129.post-52796671299507142642020-12-16T09:54:00.000+08:002020-12-16T09:54:05.466+08:00GVM 22.08 (OpenVAS) 安裝?<p>事情是這樣子的,原本每段時間會利用OpenVAS進行一次全系統的掃描,一如往常地準備更新,沒想到更新時卻發生錯誤,於是透過<a href="https://community.greenbone.net">Greenbone社群</a>發現,看到有鄉民提到如果是使用EOL的版本將無法繼續更新。</p><p>好在GVM22(OpenVAS)新版的安裝也是非常的簡單,快速把CentOS 8安裝好後,透過<a href="https://github.com/Atomicorp/gvm">Atomicorp的Github</a>教學,很輕易的就能安裝完成。</p><p><br /></p><p>雖然安裝的過程中有發生一個搞笑的插曲</p><blockquote><pre style="border-radius: 6px; box-sizing: border-box; color: #24292e; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 16px;"><code style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border-radius: 6px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; line-height: inherit; margin: 0px; overflow-wrap: normal; overflow: visible; padding: 0px; word-break: normal;">yum config-manager --set-enabled PowerTools</code></pre></blockquote><p>PowerTools在CentOS 中是小寫,害我在這邊卡了一下,還特地爬一下文XDDD </p><p> PS.新版的介面用起來還蠻順暢的,另外最近看到新聞,RedHat似乎要丟棄CentOS 8,看來要好好思考一下:P</p><p><br /></p><p><br /></p>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com1tag:blogger.com,1999:blog-22671129.post-58595665732611929602018-08-29T16:21:00.003+08:002021-05-25T10:41:34.703+08:00OpenVAS 9 更新最近在弱點掃描時,發現OpenVAS不會更新,於時爬文發現有位鄉民提到了很棒的解決方法(如下方參考來源)<br />
<br />
在OpenVAS的Feed Status中,可以看到一共有三種類型。<br />
分別是 NVT、SCAP、CERT<br />
<br />
如果要各別更新的話您可以這麼做<br />
<blockquote class="tr_bq">
#NVT<br />
/usr/sbin/greenbone-nvt-sync<br />
#SCAP <br />
/usr/sbin/greenbone-certdata-sync<br />
#CERT<br />
/usr/sbin/greenbone-scapdata-sync</blockquote>
<br />
<span face=""verdana" , sans-serif" style="background-color: #eeeeee; color: #1a1a1a; display: inline; float: none; font-size: 12px; font-style: normal; font-weight: 400; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"></span><br />
更新好之後記得更新快取<br />
<blockquote class="tr_bq">
/usr/sbin/openvasmd --update --verbose --progress</blockquote>
然後把服務重啟<br />
<blockquote class="tr_bq">
systemctl restart openvas-manager.service<br />
systemctl restart openvas-scanner.service</blockquote>
當然你也可以寫成SHELL SCRIPT,然後放到排程讓他自動更新。<br />
<br />
<br />
Referenece<br />
<a href="https://sysadmin-ramblings.blogspot.com/2017/04/update-openvas-feeds.html">Update Openvas Feeds</a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-72908580298992379442017-09-15T08:36:00.000+08:002017-09-18T11:00:37.725+08:00LVM @ CENTOS 7 - resize2fs: Bad magic number in super-block while trying to open今天又是來離題的 XD<br />
<br />
話說上次安裝系統時,試著嘗試使用LVM (LVM有一堆優點...........),不過還是我第一次嘗試。<br />
<br />
然後最近碰到空間滿的情況,以前都是用GPARTED在那邊調空間<br />
這次也很自然地就這樣做了 (喂,當初採用LVM不就是因為它可以方便的調整)<br />
<br />
結果我熊熊的發現,GPARTED沒辦法去調LVM (不知道是否版本過舊)<br />
但也讓我回想起,我當初幹嘛用LVM了。<br />
<br />
快速GOOGLE一下 LVM調整方法。<br />
整個步驟還蠻簡單的,可以參考下方連結。<br />
<br />
只是最後要把空間擴充的時候,心想可以打完收工了XD<br />
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">vgextend </span><span style="color: white;"><span style="background-color: black; color: white; display: inline; float: none; font-family: "courier 10 pitch" , "courier" , monospace; font-size: 15px; font-style: normal; font-weight: normal; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px;">/dev/mapper/centos-root</span>
</span></pre>
<br />
然後我就看到<br />
<br />
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">resize2fs: Bad magic number in super-block while trying to open</span><span style="color: white;"><span style="background-color: black; color: white; display: inline; float: none; font-family: "courier 10 pitch" , "courier" , monospace; font-size: 15px; font-style: normal; font-weight: normal; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px;"></span> </span></pre>
<br />
翻了一下網路上廣大鄉民的意見,發現在CentOS 7 下是要用xfs_growfs 而並非resize2fs<br />
<br />
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">xfs_growfs /dev/mapper/centos-root</span></pre>
<br />
參考來源:<br />
<a href="http://www.systemadmin.me.uk/?p=434">resize2fs: Bad magic number in super-block while trying to open ….</a> <br />
<a href="https://stackoverflow.com/questions/26305376/resize2fs-bad-magic-number-in-super-block-while-trying-to-open">resize2fs: Bad magic number in super-block while trying to open</a><br />
<br />
<br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-63618293239671698652016-11-09T12:34:00.000+08:002016-11-09T12:34:31.268+08:00轉阿轉阿.....EXT3 轉 EXT4 @openSUSE Leap 42.1事情是這樣的...<br />
手邊有一台多年前安裝的檔案分享伺服器,當時是安裝SLES 11。<br />
除了系統老舊之外,運作的實在是太穩,跟他同時期一起奮戰的戰友都一一退役了。<br />
<br />
雖然伺服器上的檔案沒有多到很誇張,但也還是有將近9TB,如果要先備份出來,再打掉重練,一想到就懶了。<br />
這時候就想說,如果系統重新安裝好後再把EXT3升級到EXT4呢 ?<br />
(結果還是怕檔案會遺失,還是先備份了XD)<br />
<br />
廢話不多我們來看一下怎麼做<br />
1.先修改fstab,避免升級好後重新啟動系統掛載不起來(把原本ext3 改為ext4)<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">vi /etc/fstab
UUID=fa01da65-6067-4dfa-994a-298733fecb40 /home ext<span style="color: red;">4</span> defaults 1 2</span></pre>
</blockquote>
2.umount 該分割區,由於掛載中的分割區是無法升級的(我的分割區有做軟體RAID5)<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">umount /dev/md0</span></pre>
</blockquote>
3.轉阿轉阿,EXT3轉EXT4 (/dev/md0 請自行替換要轉的分割區) <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">tune2fs -O extents,uninit_bg,dir_index /dev/md0
e2fsck -fD /dev/md0</span></pre>
</blockquote>
4.經過漫長的等待,轉換成功 (重新啟動系統看看有沒有問題) <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">e2fsck 1.42.11 (09-Jul-2014)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 3A: Optimizing directories
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/md0: ***** FILE SYSTEM WAS MODIFIED *****
/dev/md0: 1203378/610476032 files (8.1% non-contiguous), 2169735191/2441879680 blocks</span></pre>
</blockquote>
PS.轉換前還是強烈建議先備份重要檔案,避免發生檔案遺失的情況就冏了。<br />
<br />
Reference<br />
<a href="http://note.artchiu.org/2009/06/12/ubuntufedoracentos-%E7%94%B1-ext3-%E8%BD%89%E6%8F%9B%E8%87%B3-ext4/">Ubuntu/Fedora/CentOS 由 ext3 轉換至 ext4</a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-3428996087174175172016-10-27T14:31:00.003+08:002016-10-27T14:40:28.148+08:00NFS Server on openSUSE Leap 42.1要在openSUSE Leap 上面設定NFS Server ,同樣的非常容易簡單<br />
<br />
1.先把套件安裝<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper in </span><span style="color: white;">nfs-kernel-server</span></pre>
</blockquote>
2.設定相關服務開機自動啟動 以及啟動<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">#設定開機啟動
systemctl enable rpcbind.service</span>
<span style="color: white;">systemctl enable nfsserver.service
#啟動服務
systemctl start rpcbind.service</span>
<span style="color: white;">systemctl start nfsserver.service</span></pre>
</blockquote>
3.分享設定 <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">vi /etc/exports</span></pre>
</blockquote>
<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">#簡單的分享
/home/path * (rw)
#限制來源</span>
<span style="color: white;"><span style="color: white;">/home/path 192.168.0.52(rw)</span>
#允許Root存取
/home/path 192.168.0.52(rw,no_root_squash)</span></pre>
</blockquote>
4.設定完成記得重新啟動服務<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">systemctl restart nfsserver.service</span></pre>
</blockquote>
這邊僅有列出簡單的應用,是不是好EASY阿。<br />
<br />
Reference<br />
<a href="https://www.unixmen.com/setup-nfs-server-on-opensuse-42-1/">Setup NFS Server On openSUSE 42.1</a> Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com6tag:blogger.com,1999:blog-22671129.post-65009902545576739022016-10-25T15:38:00.000+08:002016-10-26T09:44:14.795+08:00Dell OMSA on openSUSE Leap 42.1基本上這篇就是照著 <span style="font-weight: normal;"><a href="https://en.opensuse.org/SDB:Dell_OMSA">SDB:Dell OMSA</a> 這篇依樣畫葫蘆就可以,真是超好上手的。</span><br />
<br />
<span style="font-weight: normal;"> 1.加入安裝來源</span><br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">wget -q -O - <span style="color: white;"><span style="background-color: black;"><a class="external free" href="http://linux.dell.com/repo/hardware/dsu/bootstrap.cgi" rel="nofollow">http://linux.dell.com/repo/hardware/dsu/bootstrap.cgi</a></span> | bash</span></span></pre>
</blockquote>
<span style="font-weight: normal;"> 2.安裝系統更新套件</span><br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper install dell-system-update</span></pre>
</blockquote>
3.更新韌體 (輸入數字鍵按下enter 選擇要更新的項目,c 按下enter 為commit)<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">dsu</span></pre>
</blockquote>
4.加入SLES12 的系統更新來源 <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper ar <a class="external free" href="http://linux.dell.com/repo/hardware/dsu/os_dependent/SLES12_64" rel="nofollow">http://linux.dell.com/repo/hardware/dsu/os_dependent/SLES12_64</a> de</span><span style="color: white;">ll-platform</span></pre>
</blockquote>
5.安裝libwsman1 (你可以透過此<a href="http://download.opensuse.org/repositories/home:/plus:/all/SLE_12/x86_64/libwsman1-2.4.11-19.6.x86_64.rpm">下載</a>,或是自己打包) <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper install libwsman1-2.4.11-19.6.x86_64.rpm</span></pre>
</blockquote>
6.安裝套件 <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper install srvadmin-all OpenIPMI net-snmp</span></pre>
</blockquote>
7.建立IGNORE_GENERATION <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">touch /opt/dell/srvadmin/lib64/openmanage/IGNORE_GENERATION</span></pre>
</blockquote>
8.設定開機啟動&啟動服務 <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">chkconfig dataeng on
chkconfig dsm_om_connsvc on
chkconfig dsm_om_shrsvc on
systemctl start dataeng.service
systemctl start dsm_om_connsvc.service
systemctl start dsm_om_shrsvc.service</span></pre>
</blockquote>
9.最後記得防火牆要打開1311 port,然後就可以透過瀏覽器開啟<br />
<br />
是不是非常的簡單呢,接下來我們繼續來設定Email 通知<br />
<br />
1.安裝mailx<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">zypper in mailx</span></pre>
</blockquote>
2.設定mail.rc(這邊的設定檔位置跟CentOS有些不同)<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">vi /etc/mail.rc</span></pre>
</blockquote>
加入以下設定(請自行修改紅色字體的部份) <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">set from=<span style="color: red;">urid@urdomain.com</span> smtp=</span><span style="color: white;"><span style="color: red;"><span style="color: white;">urdomain.com</span></span>
set smtp-auth-user=<span style="color: red;">urid</span> smtp-auth-password=<span style="color: red;">urpassword</span>
set smtp-auth=login</span></pre>
</blockquote>
3.建立發送通知的script <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">vi /usr/local/bin/om-alert.sh</span></pre>
</blockquote>
加入以下script <span style="-webkit-text-stroke-width: 0px; background-color: white; color: #222222; display: inline !important; float: none; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span class="Apple-converted-space"> </span>(from<span class="Apple-converted-space"> </span></span><a href="http://idolinux.blogspot.tw/" style="-webkit-text-stroke-width: 0px; background-color: white; color: #888888; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">http://idolinux.blogspot.tw</a><span style="-webkit-text-stroke-width: 0px; background-color: white; color: #222222; display: inline !important; float: none; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">)</span> <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">#!/bin/sh
HOST=`hostname`
EMAIL="urid@urdomain.com"
echo "There has been an OpenManage ALERT detected on $HOST. Please login to the web interface to see details." | mail -s "OM ALERT $HOST $1" $EMAIL</span></pre>
</blockquote>
修改權限<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">chmod +x </span><span style="color: white;">/usr/local/bin/om-alert.sh</span></pre>
</blockquote>
4.把所有項目都套用異常通知 <br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">for I in `omconfig system alertaction | sed 's/ *(.*)//; s/>.*//; s/.*[:<] *// ; s/|/ /g;'`; do
echo $I;
omconfig system alertaction event=$I alert=true broadcast=true execappath="/usr/local/bin/om-alert.sh $I"
done </span></pre>
</blockquote>
<span style="-webkit-text-stroke-width: 0px; background-color: white; color: #222222; display: inline !important; float: none; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"></span><br />
<br /><br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-63003361361199271892016-10-11T15:36:00.001+08:002016-10-11T15:36:41.362+08:00SAMBA SERVER 整合Windows AD 驗證 @Suse Leap 這標題怎麼有一點點點點熟悉.... . (<a href="http://susexd.blogspot.tw/2011/11/samba-server-windows-ad.html">回顧歷史</a>)<br />
<br />
由於隨著Windows Server 的升級,當年架設的SLES已經無法透過AD驗證(喂,也早該退役了吧!)<br />
趁著這個機會把系統升級一下,設定SAMBA過程 大概就是把當年的筆記拿出來照著設定XD,然後就可以跑了。<br />
<br />
1.加入網域<br />
<blockquote class="tr_bq">
打開yast - 網路服務的分類中找到 windows 網域成員<br /><br />網域或工作群組中 輸入 domain.com.tw<br />Linux驗證也使用smb資訊 打勾<br />確定後會要求輸入 domain admin 的帳號加入網域。</blockquote>
2.設定分享目錄<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #363636; display: block; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; orphans: 2; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-break: break-all; word-spacing: 0px; word-wrap: break-word;"><span style="color: white;">vi /etc/samba/smb.conf
path = /home/domain/user
read only = No</span>
<span style="color: white;"></span></pre>
</blockquote>
3.同樣的如果需要混合使用本機帳號權限存取<br />
<blockquote class="tr_bq">
首先建立本機帳號<br />
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #363636; display: block; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; orphans: 2; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-break: break-all; word-spacing: 0px; word-wrap: break-word;"><span style="color: white;">useradd user1</span></pre>
加入到Samba 帳號<br /><pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: Menlo,Monaco,Consolas,"Courier New",monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;"><span class="term_command">pdbedit -a -u </span><span class="term_command">user1</span></span></pre>
<span class="term_command">接著透過修改權限,新增本機帳號存取看看!</span></blockquote>
PS.怎麼感覺只是把舊的文章拿出來整理一遍的感覺XD。<br />
不對啦,我要表達的是openSUSE Leap 實在是太好用、太簡單啦。Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-80614831741382803272016-10-11T11:56:00.000+08:002016-10-11T11:56:00.355+08:00 At least 30MB more space needed on the /boot filesystem事情是這樣的,因為一直按照以前的習慣做磁碟分割,而我習慣把 /boot 分割區切得比較小小,結果在更新的時候就 <strike>GG了</strike> 出現下列訊息:<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #363636; display: block; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 16px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; orphans: 2; overflow: auto; padding: 10px; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-break: break-all; word-spacing: 0px; word-wrap: break-word;"> <span style="color: white;">At least 30MB more space needed on the /boot filesystem</span></pre>
</blockquote>
<br />
既然錯誤已經造成,那只好立馬爬一下解決方法。<br />
看到有位鄉民提到,只要把舊的kernel 移除就可以把空間釋放出來了。<br />
<br />
1.首先來看一下目前已經安裝的kernel<br />
<blockquote class="tr_bq">
<br />
<pre style="background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: "menlo","monaco","consolas","courier new",monospace; font-size: 16px; font-style: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">rpm -q kernel
kernel-3.10.0-229.el7.x86_64
kernel-3.10.0-327.el7.x86_64
kernel-3.10.0-327.3.1.el7.x86_64</span></pre>
</blockquote>
2.保留最新的兩個版本的kernel (系統預設是五個)<br />
<blockquote class="tr_bq">
<pre style="background-color: black; border-radius: 2px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; display: block; font-family: "menlo","monaco","consolas","courier new",monospace; font-size: 16px; font-style: normal; font-weight: 300; letter-spacing: normal; line-height: 1.2353; margin: 0px 0px 10.5px; overflow-wrap: break-word; overflow: auto; padding: 10px; text-indent: 0px; text-transform: none; word-break: break-all; word-spacing: 0px;"><span style="color: white;">package-cleanup --oldkernels --count=2</span></pre>
</blockquote>
PS.如果希望設定值永久生效,可以透過修改 /etc/yum.conf 把installonly_limit=5 改成 installonly_limit=2 即可。<br />
<br />
<br />
Reference<br />
<a href="https://www.hostvirtual.com/kb/6311/CentOS-or-Redhat-boot-partition-full---remove-old-kernels.html">CentOS / Redhat boot partition full - remove old kernels </a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-67955365830142208152016-09-30T15:16:00.000+08:002016-09-30T15:16:55.366+08:00vsftpd @CentOS 7.2Vsftpd - 一個歷久不衰的老牌FTP 軟體,原本以為可以輕輕鬆鬆地架設起來,沒想到 真沒想到限制使用者目錄那搞了許久。(苦笑)<br />
只要我限制使用者只能在家目錄的時候,登入就會出現refusing to run with writable root inside chroot(),解除就正常,後來爬了文一下才知道。(參考下方連結網站說明)<br />
<br />
這次沒意外的也是在CentOS7.2的平台上運作(笑)<br />
<br />
1.安裝vsftp<br />
<blockquote class="tr_bq">
yum install vsftpd</blockquote>
2.設定vsftp<br />
<blockquote class="tr_bq">
anonymous_enable=NO<br />local_enable=YES<br />write_enable=YES<br />local_umask=022<br />dirmessage_enable=YES<br />xferlog_enable=YES<br />connect_from_port_20=YES<br />xferlog_file=/var/log/xferlog<br />xferlog_std_format=YES<br />ascii_upload_enable=YES<br />ascii_download_enable=YES<br />ftpd_banner=Welcome to FTP service.<br />user_config_dir=/etc/vsftpd/userconf<br />chroot_list_enable=YES<br />chroot_list_file=/etc/vsftpd/chroot_list<br />chroot_local_user=YES<br /><span style="color: red;"><u><i><b>allow_writeable_chroot=YES</b></i></u></span><br />listen=NO<br />listen_ipv6=YES<br />pam_service_name=vsftpd<br />userlist_enable=NO<br />tcp_wrappers=YES<br /></blockquote>
3.啟動服務<br />
<blockquote class="tr_bq">
systemctl start vsftpd<br />systemctl enable vsftpd</blockquote>
4.設定防火牆<br />
<blockquote class="tr_bq">
firewall-cmd --permanent --add-port=21/tcp<br />firewall-cmd --permanent --add-service=ftp<br />firewall-cmd --reload</blockquote>
5.設定selinux (或是停用)<br />
<blockquote class="tr_bq">
vi /etc/selinux/config</blockquote>
<blockquote class="tr_bq">
SELINUX=disabled<br />或是<br /><strong style="-webkit-text-stroke-width: 0px; background-color: white; color: #444444; font-family: arial, "Century Gothic"; font-size: 13px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; letter-spacing: 0.65px; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">setsebool -P allow_ftpd_full_access 1</strong><br />
<strong style="-webkit-text-stroke-width: 0px; background-color: white; color: #444444; font-family: arial, "Century Gothic"; font-size: 13px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; letter-spacing: 0.65px; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">setsebool -P ftp_home_dir 1</strong></blockquote>
6.限制速度<br />
<blockquote class="tr_bq">
mkdir -p /etc/vsftpd/userconf<br />vi /etc/vsftpd/userconf/user<br />local_max_rate=100000<br /></blockquote>
7.進階設置,限制N次錯誤鎖定M秒<br />
<blockquote class="tr_bq">
vi /etc/pam.d/vsftpd<br /><br />auth required pam_tally2.so deny=N unlock_time=M</blockquote>
<br />
<br />
<br />
Reference<br />
<a href="http://dreamtails.pixnet.net/blog/post/30932143-install-vsftpd-for-centos-7">Install vsftpd for CentOS 7</a><br />
<a href="http://blog.itist.tw/2016/08/build-ftp-server-with-vsftpd-on-centos-7.html">[CentOS 7] 傳輸檔案的好伙伴,老當益壯的 FTP 伺服器 - vsFTPd</a> <br />
<a href="http://ifresh.cc/solution-to-vsftpd-refusing-to-run-with-writable-root-inside-chroot/">vsftpd解決方案 : refusing to run with writable root inside chroot()</a> Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-28252151038460610292016-09-22T16:51:00.000+08:002016-09-22T16:55:15.413+08:00Disable Cipher Block Chaining (CBC) Mode Ciphers and Weak MAC Algorithms in SSH 話說今天使用OpenVAS做弱點掃描的時候,發現弱點<br />
<blockquote class="tr_bq">
<a href="https://192.168.0.87:9392/omp?cmd=get_result&result_id=c47a230b-140e-44cb-9160-913e2821b60f&apply_overrides=1&min_qod=&task_id=541d3a11-4505-4b50-929d-b2ccba1d7e39&name=Immediate%20scan%20of%20IP%20192.168.0.86&report_id=ac2fd2e4-39f0-40fd-8d09-7739bec77a16&filter=autofp%3D0%20apply_overrides%3D1%20notes%3D1%20overrides%3D1%20result_hosts_only%3D1%20first%3D1%20rows%3D100%20sort-reverse%3Dseverity%20levels%3Dhmlg&filt_id=&overrides=1&autofp=0&report_result_id=c47a230b-140e-44cb-9160-913e2821b60f&token=856d6643-6c0b-4ee9-9f64-06b7c4ae7067" style="-webkit-text-stroke-width: 0px; background-color: #f9f9f9; color: blue; font-family: Verdana, sans-serif; font-size: 12px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">SSH Weak Encryption Algorithms Supported</a> </blockquote>
<blockquote class="tr_bq">
<br />
<b style="-webkit-text-stroke-width: 0px; color: #1a1a1a; font-family: Verdana, sans-serif; font-size: 12px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">Vulnerability Detection Result</b><br />
<pre style="-webkit-text-stroke-width: 0px; color: #1a1a1a; font-size: 12px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px;">The following weak client-to-server encryption algorithms are supported by the remote serv↵
ice:
aes128-cbc
arcfour256
cast128-cbc
aes192-cbc
3des-cbc
arcfour128
rijndael-cbc@lysator.liu.se
aes256-cbc
arcfour
blowfish-cbc
The following weak server-to-client encryption algorithms are supported by the remote serv↵
ice:
aes128-cbc
arcfour256
cast128-cbc
aes192-cbc
3des-cbc
arcfour128
rijndael-cbc@lysator.liu.se
aes256-cbc
arcfour
blowfish-cbc</pre>
</blockquote>
稍微爬了一下,發現解決方法也很簡單,打開SSH加入以下內容<br />
<blockquote class="tr_bq">
vi /etc/ssh/sshd_config<br />
<br />
Ciphers aes256-ctr,aes192-ctr,aes128-ctr<br />
MACs hmac-sha1</blockquote>
重新啟動服務<br />
<blockquote class="tr_bq">
systemctl restart sshd</blockquote>
打完收工<br /><br />
Reference<br />
<h1 itemprop="name" style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 22px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; letter-spacing: normal; line-height: 1.3; margin: 0px 0px 0.5em; orphans: 2; padding: 0px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<a class="question-hyperlink" href="http://security.stackexchange.com/questions/47629/how-to-harden-ssh-on-centos-6-5" style="border: 0px; color: #444444; cursor: pointer; font-family: Georgia, "Times New Roman", Times, serif; font-size: 20px; font-weight: normal; line-height: 1.35; margin: 0px 0px 0.5em; padding: 0px; text-decoration: none;">How to harden SSH on CentOS 6.5</a></h1>
<h1 itemprop="name" style="background-color: white; border: 0px none; font-family: Arial,"Helvetica Neue",Helvetica,sans-serif; font-size: 22px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; letter-spacing: normal; line-height: 1.3; margin: 0px 0px 0.5em; padding: 0px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">
<span style="color: black;"><a href="https://developer.ibm.com/answers/questions/187318/faq-how-do-i-disable-cipher-block-chaining-cbc-mod.html"><span style="font-weight: normal;">FAQ: How do I disable Cipher Block Chaining (CBC) Mode Ciphers and Weak MAC Algorithms in SSH in IBM PureData System for Operational Analytics</span></a></span></h1>
Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-22780078089259073072016-09-22T14:50:00.000+08:002016-09-22T16:12:53.859+08:00自己的Yum Server 自己架 (CentOS 7)突然有種自己的文章一直在歪樓的感覺 XD<br />
<br />
因為工作需要,使用的設備也一一更新到CentOS 7.2之後,發現每台機器都要連到網路上去做更新實在是非常浪費頻寬且不便於管理,於是便興起了自己架設Yum Server的念頭。<br />
整個過程可以說是非常的簡單,沒有什麼特別複雜的部份,稍微紀錄一下這幾個簡單的步驟。<br />
<br />
一、伺服器端<br />
1.安裝CentOS 7<br />
<blockquote class="tr_bq">
這部份選擇預設的最小安裝即可。<br />
空間的部份,我一開始是劃分30GB,但沒想到光是CentOS 7就佔了27GB,這部份就依個人需求調整吧。</blockquote>
2.安裝必要的套件<br />
<blockquote class="tr_bq">
yum install httpd yum-arch createrepo -y </blockquote>
如果找不到yum-arch 可以透過下列連結下載<br />
<blockquote class="tr_bq">
yum install wget -y<br />
wget ftp://rpmfind.net/linux/epel/6/ppc64/yum-arch-2.2.2-9.el6.noarch.rpm<br />
rpm -ivh yum-arch-2.2.2-9.el6.noarch.rpm</blockquote>
3.準備好要存放檔案的資料夾<br />
<blockquote class="tr_bq">
<code>mkdir -p /var/www/html/yum/centos/7/os/x86_64
</code><br />
<pre><code>mkdir -p /var/www/html/yum/centos/7/updates/x86_64
mkdir -p /var/www/html/yum/centos/7/extras/x86_64</code></pre>
</blockquote>
4.同步網路上的來源 (可以選擇使用<code style="font-family: "Andale Mono", "Courier New", Courier, monospace;">mirrordir或是rsync)</code><br />
<code style="font-family: "Andale Mono", "Courier New", Courier, monospace;">由於看到有鄉民說他使用mirrordir有同步上的問題,所以我就直接使用rysnc(沒有實際測試)<br />其中同步的來源請自行挑選</code><br />
<blockquote class="tr_bq">
<code style="font-family: "Andale Mono", "Courier New", Courier, monospace;"><br /></code>
rsync -aqzH --delete centos.cs.nctu.edu.tw::CentOS/7.2.1511/os/x86_64 /var/www/html/yum/centos/7/os<br />
<br />
rsync -aqzH --delete centos.cs.nctu.edu.tw::CentOS/7.2.1511/updates/x86_64 /var/www/html/yum/centos/7/updates<br />
<br />
rsync -aqzH --delete centos.cs.nctu.edu.tw::CentOS/7.2.1511/extras/x86_64 /var/www/html/yum/centos/7/extras</blockquote>
5.yum arch 分析下載好的RPM套件<br />
<blockquote class="tr_bq">
yum-arch /var/www/html/yum/centos/7/os/x86_64<br />
yum-arch /var/www/html/yum/centos/7/updates/x86_64<br />
yum-arch /var/www/html/yum/centos/7/extras/x86_64</blockquote>
6.產生XML Metadata<br />
<blockquote class="tr_bq">
createrepo /var/www/html/yum/centos/7/os/x86_64<br />
createrepo /var/www/html/yum/centos/7/updates/x86_64<br />
createrepo /var/www/html/yum/centos/7/extras/x86_64</blockquote>
7.啟用網站服務,並在防火牆中允許80 PORT<br />
<blockquote class="tr_bq">
<pre><code></code></pre>
chkconfig httpd on<br />
systemctl start httpd<br />
firewall-cmd --permanent --zone=public --add-port=80/tcp<br />
firewall-cmd --reload</blockquote>
8.把上述4 ~ 6的步驟寫成sh 並排程自動更新<br />
<br />
二、使用端 <br />
1.修改Client端的更新來源<br />
<blockquote class="tr_bq">
vi /etc/yum.repo/CentOS-Base.repo</blockquote>
把原本的mirror list 跟baseurl 註解 加入伺服器的來源,請把ip自行替<br />
<blockquote class="tr_bq">
[base]<br />
baseurl=http://192.168.1.168/yum/centos/$releasever/os/$basearch/<br />
gpgkey=http://192.168.1.168/yum/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-7<br />
<br />
[updates]<br />
baseurl=http://192.168.1.168/yum/centos/$releasever/updates/$basearch/<br />
gpgkey=http://192.168.1.168/yum/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-7<br />
<br />
[extras]<br />
baseurl=http://192.168.1.168/yum/centos/$releasever/extras/$basearch/<br />
gpgkey=http://192.168.1.168/yum/centos/$releasever/os/$basearch/RPM-GPG-KEY-CentOS-7 </blockquote>
<br />
Reference<br />
<a href="http://www.cychin.net/?p=110">自建 YUM Server (CentOS 6.4)</a><br />
<a href="http://rickyiii.wikidot.com/yum-server-for-centos-7">Yum Server For Centos 7</a><br />
<a href="http://blog.ilc.edu.tw/blog/blog/25793/trackbacks/642540">CentOS Linux 6.8</a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com1tag:blogger.com,1999:blog-22671129.post-77777130818372117372016-08-24T14:53:00.001+08:002016-08-24T14:53:22.998+08:00ezgo 初體驗 - samba 因為朋友問我說,他的SAMBA設定好之後不能使用。<br />
當下連線過去檢察SAMBA設定,也都沒有問題,於是我便自行依照他的環境安裝來測試一下。<br />
<br />
朋友使用的OS是 <a href="http://ezgo.westart.tw/">ezgo</a> 12 。<br />
ezgo的安裝的過程,可以用行雲流水來形容,真的是可以說是第一次安裝就上手。<br />
<br />
裝好系統之後,軟體中心也可以非常簡單地找到要安裝的套件來安裝。<br />
安裝好SAMBA之後,快速的設定一下。<br />
接著隨便找一台電腦來測試,在存取資料夾的時候卻一直出現沒有權限。<br />
於是開始懷疑自己的設定檔是否有錯誤,但是 SAMBA 應該也是 那種 第一次用就上手XD。<br />
<br />
接下來的日子我GOOGLE了一堆相關文件,期間也照了許多鄉民的設定 以及討論的東西來測試。<br />
中間我也一度以為 我搞壞掉了,又把系統重新安裝一次來測試。<br />
<br />
但最後的結果都是一樣的,就在我心灰意冷,即將放棄的時候。<br />
突然靈光一閃,該不會是套件的問題吧<br />
於是我把套件更新<br />
# apt-get upgrade<br />
<br />
捷克,真是太神奇了,一切都功能都完好如初。(灑花)<br />
<br />
給可能會遇到類似問題的朋友。 <br />
<br />
<br />
Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-28186624255103272702016-06-27T08:45:00.000+08:002016-06-28T13:15:47.672+08:00Dell OpenManage (OMSA) on XenServer 7<a href="http://xenserver.org/">XenServer</a> 7 釋出的消息真的是讓人非常興奮<br />
<br />
抱著嘗鮮的心態,立馬<a href="http://xenserver.org/overview-xenserver-open-source-virtualization/download.html">下載</a><br />
<br />
另外值得慶賀的是,XenServer 終於從CENTOS5 升級到 CENTOS 7了 (灑花) <br />
<br />
[安裝Dell <span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Openmanage</span></span></span></span></span>] <br />
還沒來的及體驗新的功能,倒是花了不少時間把Dell Openmanage (OMSA) 安裝起來 <br />
大致上跟<a href="http://susexd.blogspot.tw/2015/05/dell-openmanage-omsa-on-xenserver-65.html">之前</a>的安裝方式類似,不過有一些步驟有一些些的差異 (還好有善心的鄉民分享)<br />
<br />
1.<span style="color: black;">加入<a href="http://linux.dell.com/repo/hardware/" style="background-color: white; font-family: "arial","tahoma","helvetica","freesans",sans-serif; font-size: 13.2px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 18.48px; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Dell OpenManage Repository</a>安裝來源</span><br />
<blockquote class="tr_bq">
<i style="-webkit-text-stroke-width: 0.1px; background-color: white; color: #1b1c0a; font-family: arial, helvetica, sans-serif; font-size: 14px; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">wget -q -O - <a class="bbc_url" href="http://linux.dell.com/repo/hardware/DSU_16.06.00/bootstrap.cgi" rel="nofollow external" style="color: #666633; text-decoration: underline;" title="External link">http://linux.dell.com/repo/hardware/DSU_16.06.00/bootstrap.cgi</a><span class="Apple-converted-space"> </span>| bash</i></blockquote>
<br />
<strike>這部分我有測試使用16.06安裝,但似乎會有問題 ,還在測試中(暫時先用16.05)</strike><br />
實驗過後可以直接使用16.06來安裝<strike> </strike><br />
<br />
2.編輯 <span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">CentOS-Base.repo</span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">vi /etc/yum.repos.d/CentOS-Base.repo</span></blockquote>
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;">[base]<br />name=CentOS-$releasever - Base<br />mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra<br />baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/</span></span></blockquote>
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"> 把[base] <span style="font-family: "arial" , "helvetica" , sans-serif;">部分的 </span>mirrorlist <span style="font-family: "arial" , "helvetica" , sans-serif;">跟baseurl註解,手動加入來<span style="font-family: "arial" , "helvetica" , sans-serif;">源</span></span></span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">[base]<br />name=CentOS-$releasever - Base<br /><span style="color: red;">#</span>mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra<br /><span style="color: red;">baseurl=http://mirrors.kernel.org/centos/7.2.1511/os/x86_64/</span><br /><span style="color: red;">#</span>baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/</span></span></span></span></blockquote>
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> 3.<span style="font-family: "arial" , "helvetica" , sans-serif;">安裝<span style="font-family: "arial" , "helvetica" , sans-serif;">Openmanage<span style="font-family: "arial" , "helvetica" , sans-serif;">,按下Y開始同意安裝套件</span></span></span></span></span></span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">yum --enablerepo=base install srvadmin-all</span> </span></span></span></span></span></blockquote>
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> 4.在防火牆中加入1311PORT</span></span></span></span></span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">vi /etc/sysconfig/iptables</span></span></span></span></span></blockquote>
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 1311 -j ACCEPT</span> </span></span></span></span></span></blockquote>
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> <span style="font-family: "arial" , "helvetica" , sans-serif;">重新啟動防火牆讓設定生效</span></span></span></span></span></span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">systemctl restart iptables</span> </span></span></span></span></span></span></blockquote>
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> 5.啟動</span></span></span></span></span></span><span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Openmanage服務</span></span></span></span></span><br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> /opt/dell/srvadmin/sbin/srvadmin-services.sh start</span></span></span></span></span></span></blockquote>
6.打開瀏覽器就可以開始使用了<br />
<blockquote class="tr_bq">
<span style="background-color: white; color: #1b1c0a; display: inline; float: none; font-family: "arial" , "helvetica" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 22.4px; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;">/opt/dell/srvadmin/sbin/srvadmin-services.sh start</span></span></span></span></span></span></blockquote>
<br />
[設定Email Notifications]<br />
1.安裝mailx<br />
<blockquote class="tr_bq">
wget http://mirror.centos.org/centos/7.2.1511/os/x86_64/Packages/mailx-12.5-12.el7_0.x86_64.rpm<br />
rpm -ivh mailx-12.5-12.el7_0.x86_64.rpm</blockquote>
2.設定 ssmtpd.conf<br />
<blockquote class="tr_bq">
vi /etc/ssmtp/ssmtp.conf<br />
mailhub=mail.yourdomain.com:25<br />
AuthUser=username<br />
AuthPass=password<br />
rewriteDomain=server1.yourdomain.com<br />
<br />
hostname=server1.yourdomain.com</blockquote>
<br />
3.建立 shell script 來發送MAIL通知 (from <a href="http://idolinux.blogspot.tw/">http://idolinux.blogspot.tw</a>)<br />
# vi /usr/local/bin/om-alert.sh<br />
<br />
<blockquote class="tr_bq">
#!/bin/sh<br />
HOST=`hostname`<br />
EMAIL="my_admin@my_network.net"<br />
echo "There has been an OpenManage ALERT detected on $HOST. Please login to the web interface to see details." | <span style="color: red;">mail -s "OM ALERT $HOST $1" $EMAIL</span></blockquote>
注意,新版本的mailx 如果-s不是立刻接在後方會造成主旨空白,不知道是否後方接MAIL的格式有錯誤造成<br />
4. 你可以在 web介面 一筆一筆加入通知或是利用命令列加入MAIL發送通知<br />
<blockquote class="tr_bq">
chmod +x /usr/local/bin/om-alert.sh </blockquote>
逐個項目加入 <br />
<br />
<blockquote>
omconfig system alertaction<br />
omconfig system alertaction -?<br />
omconfig system alertaction event=powersupply execappath=/usr/local/bin/om-alert.sh<br />
omconfig system alertaction event=storagesyswarn alert=true broadcast=true execappath=/usr/local/bin/om-alert.sh<br />
omreport system alertaction</blockquote>
<br />
或是加入所有項目的通知<br />
<blockquote class="tr_bq">
for I in `omconfig system alertaction | sed 's/ *(.*)//; s/>.*//; s/.*[:<] *// ; s/|/ /g;'`; do<br />
echo $I;<br />
omconfig system alertaction event=$I alert=true broadcast=true execappath="/usr/local/bin/om-alert.sh $I"<br />
done </blockquote>
Reference<br />
<a href="http://discussions.citrix.com/topic/378701-dell-openmanage-in-xenserver-7/">Dell Openmanage in XenServer 7</a><br />
<a href="http://idolinux.blogspot.tw/2011/02/quick-dell-openmanage-email-alerts.html">Quick Dell OpenManage Email Alerts </a><br />
<a href="https://www.cs.drexel.edu/cgi-bin/manServer.pl/mailx.1">Manual Reference Pages - MAILX (1)</a> Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-25197190278925027072015-12-16T13:39:00.000+08:002015-12-16T13:41:31.933+08:00OpenVAS - 503 Service temporarily down今天要把許久沒拿出來的OPENVAS 做一下系統弱點掃描。<br />
執行掃描動作的時候,卻出現<br />
<blockquote class="tr_bq">
503 Service temporarily down</blockquote>
試了許多方法,直到這位鄉民提出的方法,才順利解決<br />
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; color: #222222; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 24px; orphans: auto; text-align: justify; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px;">Solution: </pre>
</blockquote>
<blockquote class="tr_bq">
<pre style="-webkit-text-stroke-width: 0px; color: #222222; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 24px; orphans: auto; text-align: justify; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px;">#重新製作憑證
openvas-mkcert -f
openvas-mkcert-client -i -n
#restart all daemons.
/etc/init.d/openvas-scanner restart
/etc/init.d/ gsad restart</pre>
</blockquote>
<br />
Reference<br />
<h2 class="title" style="-webkit-text-stroke-width: 0px; color: #003366; font-family: palatino, georgia, 'times new roman', serif; font-size: large; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: 24px; margin: 0px 0px 20px; orphans: auto; padding: 0px; text-align: justify; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<a href="http://comments.gmane.org/gmane.comp.security.openvas.users/6282">OpenVAS 7 + Arch Linux > "Service temporarily down"</a></h2>
Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-17317532582749111252015-10-28T11:30:00.003+08:002015-10-28T11:30:37.205+08:00VM 無法光碟開機(XenServer 6.5)有一台VM 開機的時候無法使用光碟開機,<br />
檢查boot option 只有Hard disk。<br />
<br />
爬文一下,發現只要這樣下就可以:<br />
<blockquote class="tr_bq" style="background: rgba(0, 0, 0, 0.027451); border: 0px; box-sizing: border-box; color: #656e7f; font-family: 'Courier 10 Pitch', Courier, monospace; font-size: 0.83333em; line-height: 1.8em; margin-bottom: 27px; margin-top: -2px; max-width: 100%; outline: 0px; overflow: auto; padding: 0px; vertical-align: baseline;">
xe vm-param-s<wbr style="box-sizing: border-box;"></wbr>et HVM-boot-p<wbr style="box-sizing: border-box;"></wbr>olicy="BIOS order" uuid=[uuid of your vm]</blockquote>
處理好之後再改回來<br />
<blockquote class="tr_bq" style="background: rgba(0, 0, 0, 0.027451); border: 0px; box-sizing: border-box; color: #656e7f; font-family: 'Courier 10 Pitch', Courier, monospace; font-size: 0.83333em; line-height: 1.8em; margin-bottom: 27px; margin-top: -2px; max-width: 100%; outline: 0px; overflow: auto; padding: 0px; vertical-align: baseline;">
xe vm-param-s<wbr style="box-sizing: border-box;"></wbr>et HVM-boot-p<wbr style="box-sizing: border-box;"></wbr>olicy="" uuid=[uuid of your vm]</blockquote>
<br />
Reference<br />
<a href="http://www.xenlens.com/boot-a-guest-vm-from-cd-or-dvd-in-xenserver/">Boot a guest VM from CD or DVD in XenServer </a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-63587712710923081452015-09-04T10:55:00.001+08:002015-09-07T11:14:31.134+08:00使用extundelete (CENTOS 6) 救回EXT3誤刪的檔案雖然最後結果可能是因為已經被覆蓋沒有救援回來,但是還是筆記一下,日後或許能派上用場。<br />
再次說明備份的重要性,資料最常在沒有備份的時候發生意外。<br />
<br />
1.下載e2fsprogs,等下編譯會用到的元件<br />
<blockquote class="tr_bq">
<span style="font-family: 'Liberation Sans', sans-serif;">yum
install e2fsprogs-devel e2fsprogs e2fsprogs-libs</span></blockquote>
2.下載<a href="http://extundelete.sourceforge.net/">extundelete</a><br />
<blockquote class="tr_bq">
wget http://downloads.sourceforge.net/project/extundelete/extundelete/0.2.4/extundelete-0.2.4.tar.bz2?r=&ts=1441332731&use_mirror=nchc</blockquote>
3.解壓縮並且安裝<br />
<blockquote class="tr_bq">
bzip2 -d extundelete-0.2.4.tar.bz2<br />
tar xvf extundelete-0.2.4.tar<br />
<span style="color: #2d2a1b; font-family: Liberation Sans, sans-serif;">cd </span>extundelete-0.2.4<br />
./configure<br />
make && make install</blockquote>
4.開始救回檔案<br />
(1)救回某一特定位置的檔案<br />
假設今天有一個/root/xxx.jpg 檔案被刪除<br />
首先查看該檔案所在目錄的inode<br />
<blockquote class="tr_bq">
ls -id /root/<br />
393220 /root/</blockquote>
有了inode之後,我們接著來查看一下該位置所在硬碟分割區<br />
df /home/pic/<br />
<blockquote class="tr_bq">
Filesystem 1K-blocks Used Available Use% Mounted on<br />
/dev/sda6 10321208 5251064 4545856 54% /</blockquote>
接著來查看一下被刪除的檔案是否存在(建議先卸載該分割區在進行救援)<br />
<blockquote class="tr_bq">
extundelete /dev/sda6 --inode 393220<br />
File name |Inode number | Deletestatus<br />
.<br />
..<br />
xxx.jpg 393639 Deleted</blockquote>
<div>
有看到被刪除的檔案,開始進行救援</div>
<blockquote class="tr_bq">
extundelete /dev/sda6 --resotre-file /root/xxx.jpg</blockquote>
<div>
救出來的檔案會被存放在目前位置的RECOVERD_FILES 資料夾內。</div>
<div>
<br /></div>
<div>
(2)救援整個分割區的資料</div>
<blockquote class="tr_bq">
<span style="color: #2d2a1b;"><span style="font-family: 'Liberation Sans', sans-serif;">extundelete /dev/sda6 --restore-all</span></span></blockquote>
救出來的檔案一樣是存放在目前位置的RECOVERD_FILES 資料夾內。 <br />
<br />
最後還是要重申一下,備份的重要性,備份原則可以參考<br />
<a href="http://blog.trendmicro.com.tw/?p=4707">世界備份日( World Backup Day):三二一原則</a><br />
<br />
當然還有更細部的即時備份,版本控制跟保存期限....等需要去思考,當然這牽扯的範圍就比較廣跟比較大了。<br />
<div>
<span style="color: #2d2a1b;"><span style="font-family: 'Liberation Sans', sans-serif;"><br /></span></span></div>
Reference<br />
<a href="http://www.adminlinux.org/2012/03/how-to-recover-deleted-files-with.html">How to recover deleted files with extundelete on RHEL6.1 Santiago</a><br />
<a href="http://magiclen.org/extundelete/">使用extundelete救回ext3、ext4檔案系統下誤刪的檔案</a><br />
<a href="http://note.tc.edu.tw/159.html">Linux ext3 系統下刪除檔案救回全記錄</a><br />
<br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-62382840003301072302015-08-19T18:43:00.000+08:002015-08-19T18:43:05.520+08:00實用的shell script(一)取得日期的方法<br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">TODAY=`date +%Y%m%d`</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">YESTERDAY=`date -d'-1 day' +%Y%m%d`</span><br style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;" /><span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">LAST_MONTH=`date -d'-1 month' +%Y%m%d`</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">當然你可以搭配 單純取得年、月、日的作法</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">GYear=</span><span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">`date +%Y'</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">GMonth=</span><span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">`date +%m'</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">GDay=</span><span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">`date +%d'</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;"><br /></span>
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;">取得前一天</span></span><br />
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;">FYDay=</span></span><span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">`date -d'-1 day' +d`</span><br />
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;">(二)Shell Script 執行SQL語法(MySQL)</span><br />
<pre class="default prettyprint prettyprinted" style="background-color: #eeeeee; border: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif; font-size: 13px; margin-bottom: 1em; max-height: 600px; overflow: auto; padding: 5px; width: auto; word-wrap: normal;"><code style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, sans-serif; margin: 0px; padding: 0px; white-space: inherit;"><span class="com" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; margin: 0px; padding: 0px;">#!/bin/bash</span><span class="pln" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; margin: 0px; padding: 0px;">
echo </span><span class="str" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; margin: 0px; padding: 0px;">"INSERT INTO test (ID,NAME,DATE) VALUES ('1', 'PENNY', '2015/08/19');"</span><span class="pln" style="border-image-outset: initial; border-image-repeat: initial; border-image-slice: initial; border-image-source: initial; border-image-width: initial; border: 0px; margin: 0px; padding: 0px;"> |</span></code><span class="pln" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;"> mysql </span><span class="pun" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;">-</span><span class="pln" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;">uroot </span><span class="pun" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;">-</span><span class="pln" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;">p<span style="color: blue;">PASSWORD DBNAME</span></span><span class="pun" style="border: 0px; margin: 0px; padding: 0px; white-space: inherit;">;</span></pre>
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 13.3333330154419px; line-height: 20px;"><br /></span>
<br />
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;">Reference</span></span><br />
<span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;"><span style="color: #333333; font-family: Arial, Helvetica, sans-serif;"><a href="http://blog.xuite.net/chingwei/blog/16273822-%E3%80%90%EF%BC%B3%E3%80%91Shell+Script+%E5%8F%96%E5%BE%97%E6%97%A5%E6%9C%9F%E7%9A%84%E6%96%B9%E6%B3%95">Shell Script 取得日期的方法</a></span></span><br />
<span style="background-color: white; font-size: 13.3333330154419px; line-height: 20px;"><a href="http://stackoverflow.com/questions/17997558/bash-script-to-insert-values-in-mysql">Bash script to insert values in MySQL</a></span>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-30030383984494642402015-08-16T22:29:00.001+08:002015-08-16T22:29:51.450+08:00btrfs - no space left on device最近系統更新的時候,一直出現「no space left on device」。<br />
但是執行 df -h 檢查空間,明明空間沒有滿,但是確實無法新增檔案,連系統桌面都無法登入。<br />
<br />
GOOGLE找了一下答案,才知道原來是因為使用了btrfs檔案格式的關係。<br />
(我也不知道為什麼我這次會想嘗試這個檔案格式)<br />
檔案格式各有其優缺點,這邊也不是要針對這部份去做比較去跟討論。<br />
<br />
接著要來著手解決一下這個問題。<br />
如果你跟我一樣使用btrfs格式,那麼請不要相信df -h。<br />
那麼要如何察看呢?<br />
<blockquote class="tr_bq">
#btrfs filesystem show </blockquote>
那麼那些消失的空間哪去了呢?<br />
<blockquote class="tr_bq">
#snapper list </blockquote>
那麼要如何刪除這些snapper檔案呢? (#表示snapper list編號,請從最舊的開始)<br />
<blockquote class="tr_bq">
snapper delete root <span style="color: blue;">#</span></blockquote>
或是你可以一口氣刪除<br />
<blockquote class="tr_bq">
# for i in `seq 1 3656`;do snapper delete $i;done</blockquote>
接著檢查一下snapper 設定,/etc/snapper /configs/root<br />
有兩個比較重要的地方<br />
<blockquote class="tr_bq">
NUMBER_LIMIT="10"<br />NUMBER_LIMIT_IMPORTANT="10"</blockquote>
消失的空間回來了。<br />
<br />
Referenece<br />
<a href="http://www.nrtm.org/index.php/2012/03/13/the-joys-of-btrfs-and-opensuse-or-no-space-left-on-device/comment-page-1/"> The joys of btrfs and OpenSuSE – or “no space left on device”</a><br />
<br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-75402429492362974072015-08-07T12:54:00.000+08:002016-02-15T16:32:02.222+08:00Awstats @ CentOS<a href="http://www.awstats.org/">Awstats</a> 是一個非常棒的紀錄檔分析套件<br />
<br />
接下來記錄一下簡單安裝跟設定步驟<br />
<br />
<br />
<blockquote class="tr_bq">
cd ~<br />
wget http://prdownloads.sourceforge.net/awstats/awstats-7.4.tar.gz<br />
tar zxvf awstats-7.4.tar.gz<br />
mv awstats-7.4 /usr/local/awstats<br />
ln -s /usr/local/awstats /usr/share/awstats<br />
cd /usr/local/awstats/tools <br />
perl awstats_configure.pl</blockquote>
接著回答幾個簡單的問題<br />
<blockquote class="tr_bq">
<span style="color: blue;">#請輸入Apache Server的設定檔路徑</span><br />
Config file path ('none' to skip web server setup): <br />
> <span style="color: blue;">/etc/httpd/conf/httpd.conf<br /><br />#是否需要產生新的設定檔</span>Do you want me to build a new AWStats config/profile <br />
file (required if first install) [y/N] ? <span style="color: blue;"><br />y<br /><br />#輸入你的站台名稱,但僅只是設定檔名稱,妳可以取妳喜歡名稱</span>Your web site, virtual server or profile name:<br />
> <span style="color: blue;">www<br /><br />#設定檔存放路徑</span>Directory path to store config file(s) (Enter for default): <br />
<span style="color: blue;">#按下ENTER 預設</span></blockquote>
接著依照提示按下ENTER完成整個設定<br />
<blockquote class="tr_bq">
chmod 755 /usr/local/awstats<br />
mkdir /var/lib/awstats</blockquote>
緊接著將中文化語系修改為UTF-8<br />
<blockquote class="tr_bq">
cd /usr/local/awstats/wwwroot/cgi-bin/lang<br />
iconv -f big5 -t utf-8 awstats-tw.txt -o awstats-tw-utf8.txt<br />
vi awstats-tw-utf8.txt</blockquote>
將PageCode=big5,修改為PageCode=utf-8<br />
接著修改awstats.pl 語系表<br />
<blockquote class="tr_bq">
vi /usr/local/awstats/wwwroot/cgi-bin/awstats.pl</blockquote>
找到將 'zh-tw'=>'tw' 修改成 'zh-tw'=>'tw-utf8'<br />
最後修改設定檔<br />
<blockquote class="tr_bq">
vi /etc/awstats/awstats.www.conf</blockquote>
<div class="bg_black_text_white">
LogFile="/var/log/httpd/<span style="color: red;">mylog.log</span>" 修改成 LogFile="/var/log/httpd/<span style="color: red;">access_log</span>"</div>
<div class="bg_black_text_white">
SiteDomain="<span style="color: red;">www</span>" 修改成 SiteDomain="<span style="color: red;">xxx.xxx.edu.tw</span>"<br />
DNSLookup=<span style="color: red;">2</span> 修改成 DNSLookup=<span style="color: red;">1</span></div>
<div class="bg_black_text_white">
Lang="auto" 修成 <span style="color: red;"><span style="color: black;">Lang="tw-utf8"</span></span></div>
<div class="bg_black_text_white">
<br /></div>
<div class="bg_black_text_white">
<span style="color: red;"><span style="color: black;"> #更新資料(把他寫進系統排成)</span></span></div>
<div class="bg_black_text_white">
<span style="color: red;"><span style="color: black;">/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www -update
</span></span></div>
<blockquote class="tr_bq">
vi /etc/crontab</blockquote>
#awstats<br />
00 */6 * * * root /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www -update<br />
<br />
<br />
<br />
<br />
<br />
如果你不希望統計資料任何人都可以存取,記得設定瀏覽權限。<br />
<blockquote class="tr_bq">
<br />
vi /etc/httpd/conf/httpd.conf</blockquote>
<directory awstats="" local="" usr="" wwwroot=""><br /> Options None<br /> AllowOverride None<br /> Order allow,deny<br /><span style="color: red;"> # Allow from All</span></directory><br />
<span style="color: red;"><span style="color: blue;">Allow from ip</span> </span><br />
<br />
<blockquote class="tr_bq">
service httpd restart</blockquote>
最後打開瀏覽器觀看成果<br />
http://ip/awstats/awstats.pl?config=www<br />
<br />
Reference<br />
<a href="http://www.ddjhs.tc.edu.tw/admin/CentOS/appendix.html">CentOS 5 伺服器建置流程</a><br />
<br />
<br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-70949929546987480962015-07-27T10:38:00.001+08:002015-07-27T10:38:13.056+08:00XenServer Root Disk USAGERecently I got alert from my xenserver ,it said that the disk usage is 85%。<br />
<br />
I check /var/log & /tmp & /var/patch。<br />
<br />
I also clean up the log files but it seems a little bit high usage on root disk。<br />
<br />
So I use stupid way to check wht's the problem. XD<br />
<br />
<blockquote class="tr_bq">
du -hs /* </blockquote>
I found /opt is bigger than other system. <br />
Finally I got the answear:DELL OMSA's log<br />
<blockquote class="tr_bq">
/opt/dell/srvadmin/var/log/openmanage/dsm_om_connsvcdIO.log</blockquote>
Backup up and clean it up.<br />
<br />
I hope it all works out for you<br />
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
/var/patch</div>
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
/var/patch</div>
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
/var/patch</div>
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
/var/patch</div>
<br />
<br />
Reference<br />
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
XenServer Root Disk Maintenance</div>
<a href="http://xenserver.org/blog/entry/xenserver-root-disk-maintenance.html"> XenServer Root Disk Maintenance</a>Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0tag:blogger.com,1999:blog-22671129.post-88293519049632044142015-07-16T08:44:00.000+08:002015-07-27T10:08:24.192+08:00統計子目錄檔案大小這個功能其實蠻常用到的,但每次都會忘記,筆記一下。<br />
<br />
最簡單的用法<br />
<blockquote class="tr_bq">
du -hs <span style="color: #0b5394;">$PATH</span>/*<br />EX:du -hs /* </blockquote>
進階的用法<br />
<blockquote class="tr_bq">
du -s <span style="color: #0b5394;">$PATH</span>/* | sort -rn | head - <span style="color: #3d85c6;">number</span><br />
<br />
EX:列出HOME 目錄前15名<br />
du -s /home/* | sort -rn | head -15</blockquote>
<br />
<br />Pennyhttp://www.blogger.com/profile/12043538278472915250noreply@blogger.com0