kk的blog: 2020

2020/12/25

vdi 檔案直接轉進 proxmox 的方法

把vdi檔上傳到server 假設放在 /tmp/test.vdi

create 新的vm 假設 guest is是 123

移除原有的硬碟

匯入之前上傳的vdi 檔

qm importdisk 123 /tmp/test.vdi local-lvm

回到管理介面

在已匯入的disk上點二下

類型選 SATA

在開几的順序選擇 sata0

https://www.yinfor.com/2019/03/another-way-to-move-virtualbox-vdi-to-proxmox-ve.html

年末弱掃的時間又到了

之前有安裝 GSM free trian 的版本

可是執行後發現預設會限制 resource的使用

cpu只能用二個

ram只能使用5G

給再大也沒用

於是想說11月份的kali linux 2020.4 不知道能不能再安裝使用 greenbone

直接下載 virtualbox 的vm

預設的帳號是 kali/kali

登入後執行

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install gvm*

sudo gvm-setup

接下來會更新 feed 要不少時間

完成後畫面會出現網頁介面 admin 的登入密碼

一定要記下來

啟動gvm

gvm-start

啟動完成後就可以在本几上開firefox

http://127.0.0.1:9392 登入

登入後記得改一下admin的密碼跟時區

之後几器如果有重開

也必須先執行 gvm-start

後續觀察

感覺使用kali也沒有比較快

https://www.greenbone.net/en/testnow/

https://www.agix.com.au/installing-openvas-on-kali-in-2020/

oracle linux 本身有epel

但並沒有收錄 RHEL 的 package

如果要使用要再手動安裝

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

https://techviewleo.com/how-to-enable-epel-repository-on-oracle-linux/

2020/12/14

之前升級graylog rest 碰到的問題

http://adminkk.blogspot.com/2020/11/graylog-4-ova-ubuntu-18.html

官方文件上說明此種方法會停止支援

必須使用新方法

但官方文件上並沒有很詳細的說明

去forum上問了

感謝回答

語法如下

直接匯出txt

絕對時間的語法

curl -u admin:passwd -H 'Accept: text/csv' -H "Content-Type:application/json" -H "Accept:application/json" -H 'X-Requested-By: cli' -d '{"streams":["000000000000000000000001"],"timerange":["absolute",{"from":"2020-12-11T00:00:00.000Z","to":"2020-12-11T01:00:00.000Z"}],"query_string":{"type":"elasticsearch","query_string":"keyword" }}' "http://10.0.0.1:9000/api/views/search/messages"

相對時間的語法

curl -u admin:passwd -H 'Accept: text/csv' -H "Content-Type:application/json" -H "Accept:application/json" -H 'X-Requested-By: cli' -d '{"streams":["000000000000000000000001"],"timerange":{"type": "relative","range": 300},"query_string":{"type":"elasticsearch","query_string":"keyword" }}' "http://10.0.0.1:9000/api/views/search/messages"

https://community.graylog.org/t/how-to-search-messages-using-rest-api/17943

2020/12/11

使用yum update ntopng 時經常會出現因為相依性而無法安裝的情況

解決方法如下

先至官方網站手動下載rpm file

https://packages.ntop.org/centos/

wget https://packages.ntop.org/centos/7Server/x86_64/Packages/pfring-7.9.0-3294.x86_64.rpm

再來手動強制安裝

rpm -ivh --force --nodeps pfring-7.9.0-3294.x86_64.rpm

接下來手動強制移除舊的rpm

rpm -e pfring-7.8.0-3294.x86_64 --nodeps

再使用yum -y update

2020/12/10

剛剛user拿做一支usb隨身碟

說插入電腦就叫他格式化

下 fdisk 去看

看到disk /dev/sdc

看不到partition

使用 foremost

sudo apt install foremost

mkdir /tmp/1210

sudo foremost -t all -i /dev/sdc -o /tmp/1210/

收工

http://wildkidblog.blogspot.com/2012/07/linux.html

2020/12/09

https://blog.centos.org/2020/12/future-is-centos-stream/?utm_source=rss&utm_medium=rss&utm_campaign=future-is-centos-stream

今天早上看到的消息

雖然知道總會有這麼一天

但.............

只能移轉了

dnf install epel-release -y

dnf install centos-release-stream -y

dnf update -y

init 6

2020/12/01

接續上一篇

再來處理ipaudit

在configure的時候要注意沒有裝的package要補上

安裝過程沒什麼問題

安裝完要依自己的環境調整

/home/ipaudit/ipaudit-web.conf

安裝完後apache2要調整 enable user 目錄

a2enmod userdir

讓user目錄可以執行cgi

vi /etc/apache2/conf-enabled/cgi-enabled.conf

加上

Options ExecCGI

SetHandler cgi-script

</Directory>

restart apache2

但安裝後問題來了

首先是圖出不來

找了一下討論串

解決方法是到

/home/ipaudit/reports/30min/graphic 這個目錄

把所有執行檔裡的這行

set term png small color

改成

set term png small

再來是無法產出30分鐘的資料

修改

/home/ipaudit/reports/30min/0traffic/MakeReport30

原

$Conf{uc $Name} = $Value;

改為

if (defined $Name || $Name ne "") {

$Conf{uc $Name} = $Value;

}

原

$mask = 0; ($mask = ~0 >> $2) unless($2 > 31);

改為

$mask = 2**(32-$2) - 1;

以上修改完成就可以了

https://sourceforge.net/p/ipaudit/discussion/59302/thread/1d876c01/

https://sourceforge.net/p/ipaudit/discussion/59302/thread/4a85f604/

http://ipaudit.sourceforge.net/

https://zi.media/@tomchuntw/post/gbDnqB

原來跑在centos 6的二個軟体

ipaudit

因為centos 6 的EOL 要處理

本來是想直接停止使用

但因為還是有些資訊需要從這裡拿到

所以找找升級方案

這二個軟体都是 32位元的版本

無法在64位元的OS上執行所以只能找32位元的OS

centos 8 已經沒有64位元的版本

ubuntu server 版本看來是還有提供可是都一直無法下載

最後決定使用debian 10 support 到 2024

Debian 10 “Buster”

i386, amd64, armel, armhf and arm64

July, 2022 to June, 2024

再來先說明nm

nm是單純的執行檔不用compile

執行後會出現找不到 libstdc++-libc6.2-2.so.3

到/user/lib 做一個link

ln -s /usr/lib/i386-linux-gnu/libstdc++.so.6 libstdc++-libc6.2-2.so.3

執行就沒問題了

記得要配合使用環境更改 config

再來處理操作介面的問題

安裝apache2後要更改document root 跟 cgi

sudo a2enmod cgid

接下來

vi /etc/apache2/sites-enabled/000-default.conf

更改 DocumentRoot "/usr/local/nm/html"

新增以下內容

#for nm use

Options All

AllowOverride All

Require all granted

</Directory>

vi /etc/apache2/conf-enabled/serve-cgi-bin.conf

加上

Options +ExecCGI

AddHandler cgi-script .cgi .pl

</Directory>

改完後重啟 apache2

以上

http://blog.sina.com.cn/s/blog_40c09b550100inbh.html

2020/11/27

以下是從ruckus vSZ的log上看到裝置的上線記錄

上方一筆是離線記錄離線代碼是 2110

下方二筆是上線記錄上線代碼是 1707

2020/11/24

今天升graylog 4

稍微記一下

如果還有其碰到其他問題

之後再補上

官方提供的ova是 ubuntu 18.04

這個很怪要用就只能用二年多到 2023

為什麼不直接用2004

所以決定不用ova 直接在centos 8裝

照官方文件安裝沒什麼問題

https://docs.graylog.org/en/4.0/pages/installation/os/centos.html#centosguide

裝完後要調整 graylog 和 elasticsearch的記憶体參數

/etc/elasticsearch/jvm.options

-Xms4g

-Xmx4g

/etc/sysconfig/graylog-server

GRAYLOG_SERVER_JAVA_OPTS="-Xms4g -Xmx4g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow"

我用16G的ram

es和graylog各占4G

再來要讓其他sever可以從這台撈資料

/etc/elasticsearch/elasticsearch.yml

在之前的版本只要加上以下這行就可以

network.host: 0.0.0.0

但這個版本加了之後 ES一直起不來

看了一下log

[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

還要再加上以下這行

discovery.seed_hosts: ["127.0.0.1"]

加完ES啟動就沒問題了

graylog預設只會listen在localhost 9000

要加上

http_bind_address = 0.0.0.0:9000

再來就是透過rest撈資料的問題了

legacy 的search 只剩json輸出的沒問題另外二個都撈不出資料

這個不知道是bug還是什麼

反正目前就先撈出來再用jq來處理了

2020/11/08

今天記錄一下 librenms 中 weathermap的安裝

官方說明文件如下

https://docs.librenms.org/Extensions/Weathermap/

安裝完後建立圖形的第一個步驟記得要先到 Map Properties

設定

Output Image Filename

Output HTML Filename

否則會看不到網頁及圖形

使用這個工具在加點及線時滿方便的

不過無法做到精準定位及其他進階功能

所以還是必須要直接去編輯 config file

官方文件上說明的加crontab 無法作用後來是直接加在 root 的crontab

librenms的poller 不像cacti每次都一定會去 polling所有的port

她的几制是會在一定的時間內polling完也因此會產生時間差而有流量對不起來的狀況

不過發現到當手動去看圖時她會當下再去polling一次

所以目前的做法是利用二次的畫圖指令中間相隔10秒

第一次指令是讓她去 polling

第二次指令再用第一次捉到的值來畫圖

*/5 * * * * /opt/librenms/html/plugins/Weathermap/map-poller.php;/usr/bin/sleep 10;/opt/librenms/html/plugins/Weathermap/map-poller.php

另外畫圖時是依照config file的先後來畫

所以如果有一定不能被蓋掉的線

要放在 config file的最後面

weathermap移過來後應該可以正式把 cacti 取代掉了

https://www.network-weathermap.com/manual/0.98/pages/config-reference.html

流量對不起來後來發現是rrdcache的原因

官方文件是說開啟rrdcache可以減少 30 - 40%的io

不過由於她是先把資料收回來後再慢慢處理

所以時間無法控制

觀察起來有時甚至會到快下次polling才會updat rrd file

也因此就更造成流量的不準

所以想說先把rrdcache關掉

觀察後發現rrd file的更新最慢的大約一分多鐘

雖然還是有時間差但應該是在可接受的程度

另外關掉後再去看polling time

發現並沒有增加

至於io的問題

因為目前是用all flash

所以先不管他了

如果有那種几千台机器的site

就可能要再考量了

2020/11/06

librenms 又要升級

php 升級方式如下

https://www.incredigeek.com/home/librenms-upgrade-php-from-7-2-to-7-4-centos-7/

升完後還有二個地方要改

/etc/php-fpm.d/www.conf

listen = /var/run/php-fpm/php7.2-fpm.sock

改為

listen = /var/run/php-fpm/php7.4-fpm.sock

/etc/nginx/conf.d/librenms.conf

fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;

改為

fastcgi_pass unix:/var/run/php-fpm/php7.4-fpm.sock;

最近有人問到 elasticsearch 備分還原的問題

做個記錄

由於 elasticsearch 安裝完成後預設只能本几連線

所以
/etc/elasticsearch/elasticsearch.yml
最後加上
network.host: 0.0.0.0
允許本几以外的連線

請注意安全問題
加完後elasticsearch要重啟才會生效

接下來在目的机上停止 graylog

systemctl stop graylog-server

查看目的几及來源几上的 indeces

curl -XGET 'http://localhost:9200/_cat/indices'

依需求在目的几上建立indeces

名稱必須跟來源的 indices 一樣

curl -X PUT "localhost:9200/graylog_514?pretty"

加完後就可以使用 esm 直接複制 indices 順序從小到大

./esm -s http://10.0.0.247:9200 -d http://10.0.0.234:9200 -x graylog_514 -y graylog_514

如果想要備份後再還原則使用以下指令

備份
./esm -s http://10.0.0.247:9200 -x graylog_455 -o dump.json

還原
./esm -i dump.json -d http://10.0.0.234:9200 -y graylog_455

處理完成後 start graylog

systemctl start graylog-server

要 recalculate index ranges

Indices & Index Sets - Default index set - recalculate index ranges

以上的做法不會更動原資料的時間序

https://github.com/medcl/esm

https://elasticsearch.cn/article/13773

https://community.graylog.org/t/after-data-recovery-not-seeing-data-in-search/13423

2020/11/01

延續之前的問題

synology有提供docker的套件可以使用

之前一直都是使用proxmox的LXC

所以沒想去玩docker

想說玩看看

使用上滿方便的

直接安裝後就可以用了

倉庫伺服器是直接連到 hub.docker.com

利用關鍵字search就可以找到相關的映像檔

於是搜尋了一下找到好几個 proxmox backup server

有些並沒有在維護所以要使用時請自行考量

這次選了這個

https://hub.docker.com/r/mslookup/proxmoxbackupserver

看起來一直有在更新

下載之後佈署

佈署過程在進階設定有二個地方要設

連接埠要設定好對應

要設定開几執行指令

開机完成後要更改 root的密碼

在詳細資訊 - 終端機 - 新增執行指令

新增完成後執行

就可以修改 root 密碼

修改完成後到

https://nas_ip:8007

即可使用修改完成的密碼登入

之後如果有更新

可以直接在網頁管理介面上下指令更新

apt update

apt -y upgradde

某些更新完成後需要重開

另外還有一個問題就是

如果nas 更新重開後要記得再手動把容器開機

當要在cacti 大量新加設備時

網頁介面操作會花費大量的時間

以下就記錄如何在文字介面下新增設備

要調整graph tree時再到網頁介面操作

以下新增以網路設備為例

先進到安裝路徑

cd /var/lib/cacti/cli

接下來列出可以使用的 host-templates

php -q add_device.php --list-host-templates

Valid Device Templates: (id, name)

0 None

1 Cacti Stats

2 Cisco Router

3 Generic SNMP Device

4 Local Linux Machine

5 Net-SNMP Device

6 Windows Device

利用下列指令加入 device

php -q add_device.php --avail=snmp --description="192.168.101.254" --ip="192.168.101.254" --template=3 --community="public"

加入完成後列出已加入的 host 及其 id

php -q add_graphs.php --list-hosts

Known Devices: (id, hostname, template, description)

1 localhost 4 Local Linux Machine

4 10.10.254.254 3 10.10.254.254

5 10.0.0.1 3 10.0.0.1

7 192.168.101.254 3 192.168.101.254

列出可以使用的 graph-templates (新版多很多templates)

php -q add_graphs.php --list-graph-templates

Known Graph Templates: (id, name)

1 Cacti Stats - Devices

2 Cacti Stats - Main Poller DS/RRD

3 Cacti Stats - Boost Updates

4 Cacti Stats - Total Poller Items

5 Cacti Stats - Recache (Legacy)

6 Cacti Stats - Processes (Legacy)

7 Cacti Stats - Boost Memory

8 Cacti Stats - User Logins

9 Cacti Stats - User Sessions

10 Cacti Stats - User Types

11 Cacti Stats - Boost Runtime

12 Cacti Stats - Main Poller Runtime

13 Cacti Stats - Export Graphs (Legacy)

14 Cacti Stats - Export Duration (Legacy)

15 Cacti Stats - Syslog Activity

16 Cacti Stats - Syslog Runtime

17 Cacti Stats - Syslog Alerts/Reports

18 Cacti Stats - Thold Runtime

19 Cacti Stats - Boost Average Row Size

20 Cacti Stats - Boost Records

21 Cacti Stats - Boost Table Size

22 Cacti Stats - Boost Timing Detail

23 Cacti Stats - Collector Runtime

24 Cacti Stats - Collector Items

25 Cacti Stats - Collector Settings

26 Cacti Stats - Collector Recache Stats

27 Cacti Stats - WebSeer Timing

28 Cacti Stats - WebSeer Download Size

29 Cacti Stats - WebSeer Download Speed

30 Cacti Stats - WebSeer Status

31 Cacti Stats - Export Graphs

32 Cacti Stats - Export Duration

33 Cisco - CPU Usage

34 Device - Polling Time

35 Device - Uptime

36 Interface - Traffic (bits/sec)

37 Interface - Errors/Discards

38 Interface - Unicast Packets

39 Interface - Non-Unicast Packets

40 Interface - Traffic (bytes/sec)

41 Interface - Traffic (bits/sec, 95th)

42 Interface - Traffic (bits/sec, BW)

43 Interface - Traffic (bytes/sec, BW)

44 Interface - Multicast Packets

45 Interface - Broadcast Packets

46 Unix - Ping Latency

47 SNMP - Generic OID Template

48 Unix - Processes

49 Unix - Load Average

50 Unix - Logged in Users

51 Linux - Memory Usage

52 Unix - Available Disk Space

53 Net-SNMP - Load Average

54 Net-SNMP - Memory Usage

55 Host MIB - Logged in Users

56 Host MIB - Processes

57 Net-SNMP - CPU Utilization

58 Net-SNMP - Interrupts

59 Net-SNMP - Context Switches

60 Net-SNMP - Combined SCSI Disk I/O

61 Net-SNMP - Combined SCSI Disk Bytes

62 Net-SNMP - Available Disk Space

63 Host MIB - Available Disk Space

64 Host MIB - CPU Utilization

65 Net-SNMP - Device I/O - Bytes Read/Written

66 Net-SNMP - Device I/O - Load Averages

67 Net-SNMP - Device I/O - Reads/Writes

=================================================================

列出可以使用的 snmp-queries

php -q add_graphs.php --host-id=2 --list-snmp-queries

Known SNMP Queries: (id, name)

1 Cacti Stats - Data Collector Stats

2 Cacti Stats - WebSeer Service Checks

3 Cacti Stats - Graph Exports

4 SNMP - Interface Statistics

5 Unix - Get Mounted Partitions

6 Net-SNMP - Get Monitored Partitions

7 SNMP - Get Mounted Partitions

8 SNMP - Get Processor Information

9 Net-SNMP - Get Device I/O

===============================================================

列出snmp queries 可以使用的 query-types

php -q add_graphs.php --snmp-query-id=4 --list-query-types

Known SNMP Query Types: (id, name)

11 In/Out (Errors/Discards)

12 In/Out (Non-Unicast)

13 In/Out (Unicast)

14 In/Out Bytes (64-bit)

15 In/Out Bits

16 In/Out Bits (64-bit)

17 In/Out Bytes

18 In/Out Bits (95th)

19 In/Out Bits (BW)

20 In/Out Bytes (BW)

21 In/Out Bits (64-bit, 95th)

22 In/Out Bits (64-bit, BW)

23 In/Out Bytes (64-bit, BW)

24 In/Out (Broadcasts)

25 In/Out (Multicasts)

===============================================================

利用以上所得的資訊建立圖形

php add_graphs.php --host-id=7 --graph-type=ds --graph-template-id=36 --snmp-query-id=4 --snmp-query-type-id=16 --snmp-field=ifOperStatus --snmp-value=Up

php add_graphs.php --host-id=7 --graph-type=ds --graph-template-id=36 --snmp-query-id=4 --snmp-query-type-id=16 --snmp-field=ifOperStatus --snmp-value=Down

2020/10/20

原本用來備分的server 在週六掛點

因為已經過保好几年也不修了

打算在synology的vmm起一個pbs

碰到一個很怪的問題

只要我給超過4T的disk

使用XFS

安裝過程都沒問題

但裝完後一定無法開机

如以下畫面

詢問官方的回答

https://www.synology.com/zh-tw/dsm/feature/virtual_machine_manager#supports_OS

因為debian沒有在官方的support os

所以不提供任何support

雖然這是料想到的答案

但還是有點不爽

想到用另一個方式來做

試了給三個5T的disk

然後用 zfs 0 安裝

安裝過程沒問題也能開機

應該只能醬處理了

前不久把OCS升到 2.8 後原來的程式不能用了

看了一下發現 database 的架構有變

原來撈軟体名稱是在 software 這個table

現在多了 software_name

名稱在這裡定義

而 software 變成放軟体名稱的id

跟程式相關的只有這二個

其他沒去看

其他可能也有變

有需求再去找吧

2020/10/11

abuseipdb 這個網站提供使用者回報有問題的ip

而且也能夠拿到別人回報的有問題ip

愈多人回報 Confidence 就會愈高

Confidence 看起來也會隨著回報人數的逐漸減少而降低

也提供移除回報機制

下載有問題ip時也可以設定要高於多少分才下載

減少誤判的情況

還有一些其他的功能

免費註冊後每天就有一定的額度可以使用

https://docs.abuseipdb.com/?shell#api-daily-rate-limits

要使用這些功能要使用api

感覺滿方便的

https://www.abuseipdb.com/

https://docs.abuseipdb.com/?shell#blacklist-endpoint

2020/10/09

之前有裝過的GCE的版本已經沒有了

官方出了一個GSM Trail 的版本來取代

安裝方式跟之前差不多

一樣HD要用SATA或 IDE才行

官方說明最少要2個cpu及5G的ram

不過實際上給多了在status 也看不到看來給多用不到

安裝過程預設會建一個admin的user

這個user是在os登入用的

登入後會直接出現設定介面

不是一般linux登入的shell

os登入後再建立一個web 管理介面用的user

預設會使用dhcp

可以在os登入後進行修改

https://www.greenbone.net/en/testnow/

https://community.greenbone.net/t/setting-up-the-greenbone-security-manager-trial-gsm-trial-virtual-machine/6939

2020/10/07

近期OCS inventory官方 announce 2.8 版

想說來升看看

果不期然又出問題

在原机升完後

管理頁面完全出不來

後來在官方網站找到已經提供rpm了

不過前几天還沒release 2.8 直到昨天

重裝一台好了

裝完後client 資料一直進不去

看了一下error log

Can't call method "rollback" on an undefined value at /usr/share/perl5/vendor_perl/Apache/Ocsinventory/Server/System.pm line 312.\n

forum上說是帳號密碼沒設定好

/etc/ocsinventory/ocsinventory-reports/dbconfig.inc.php

這個檔我有設

不過

/etc/httpd/conf.d/ocsinventory-server.conf

這個也要設

改完 mysql的帳號密碼後重啟就沒問題了

再觀察看看吧

2020/10/03

virustotal 有提供rest api 查詢

免費註冊後就可以在一定限制下免費使用

v2 語法如下

curl --request GET --url 'https://www.virustotal.com/vtapi/v2/ip-address/report?apikey="your api key"&ip=59.177.37.217'|jq

查詢結果如下

{

"asn": 17813,

"undetected_urls": [],

"undetected_downloaded_samples": [],

"country": "IN",

"response_code": 1,

"as_owner": "Mahanagar Telephone Nigam Limited",

"verbose_msg": "IP address in dataset",

"detected_downloaded_samples": [

{

"date": "2020-09-20 23:45:20",

"positives": 21,

"total": 72,

"sha256": "b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605"

{

"date": "2020-09-20 20:37:59",

"positives": 33,

"total": 72,

"sha256": "c672798dca67f796972b42ad0c89e25d589d2e70eb41892d26adbb6a79f63887"

}

"detected_urls": [

{

"url": "http://59.177.37.217/",

"positives": 7,

"total": 79,

"scan_date": "2020-10-02 18:05:53"

{

"url": "http://59.177.37.217:58256/Mozi.m",

"positives": 8,

"total": 79,

"scan_date": "2020-09-24 02:04:33"

{

"url": "http://59.177.37.217:41901/Mozi.a",

"positives": 8,

"total": 79,

"scan_date": "2020-09-22 16:49:18"

{

"url": "https://59.177.37.217/",

"positives": 4,

"total": 79,

"scan_date": "2020-09-22 13:34:26"

{

"url": "http://59.177.37.217:39302/Mozi.m",

"positives": 9,

"total": 79,

"scan_date": "2020-09-20 21:52:26"

{

"url": "http://59.177.37.217/mozi.m",

"positives": 2,

"total": 79,

"scan_date": "2020-09-16 17:56:36"

{

"url": "http://59.177.37.217:58256/Mozi.m/",

"positives": 1,

"total": 79,

"scan_date": "2020-09-16 14:35:11"

}

"resolutions": []

}

v3 語法如下

curl --request GET --url 'https://www.virustotal.com/api/v3/search?query=209.59.217.36' --header 'x-apikey: your api key'

{

"data": [

{

"attributes": {

"as_owner": "The Endurance International Group, Inc.",

"asn": 29873,

"continent": "NA",

"country": "US",

"last_analysis_results": {

"ADMINUSLabs": {

"category": "harmless",

"engine_name": "ADMINUSLabs",

"method": "blacklist",

"result": "clean"

"AegisLab WebGuard": {

"category": "harmless",

"engine_name": "AegisLab WebGuard",

"method": "blacklist",

"result": "clean"

"AlienVault": {

"category": "harmless",

"engine_name": "AlienVault",

"method": "blacklist",

"result": "clean"

"Antiy-AVL": {

"category": "harmless",

"engine_name": "Antiy-AVL",

"method": "blacklist",

"result": "clean"

"AutoShun": {

"category": "harmless",

"engine_name": "AutoShun",

"method": "blacklist",

"result": "clean"

"Avira": {

"category": "harmless",

"engine_name": "Avira",

"method": "blacklist",

"result": "clean"

"BADWARE.INFO": {

"category": "harmless",

"engine_name": "BADWARE.INFO",

"method": "blacklist",

"result": "clean"

"Baidu-International": {

"category": "harmless",

"engine_name": "Baidu-International",

"method": "blacklist",

"result": "clean"

"BitDefender": {

"category": "harmless",

"engine_name": "BitDefender",

"method": "blacklist",

"result": "clean"

"Blueliv": {

"category": "harmless",

"engine_name": "Blueliv",

"method": "blacklist",

"result": "clean"

"CINS Army": {

"category": "harmless",

"engine_name": "CINS Army",

"method": "blacklist",

"result": "clean"

"CLEAN MX": {

"category": "harmless",

"engine_name": "CLEAN MX",

"method": "blacklist",

"result": "clean"

"CRDF": {

"category": "harmless",

"engine_name": "CRDF",

"method": "blacklist",

"result": "clean"

"Certego": {

"category": "harmless",

"engine_name": "Certego",

"method": "blacklist",

"result": "clean"

"Comodo Valkyrie Verdict": {

"category": "harmless",

"engine_name": "Comodo Valkyrie Verdict",

"method": "blacklist",

"result": "clean"

"CyRadar": {

"category": "harmless",

"engine_name": "CyRadar",

"method": "blacklist",

"result": "clean"

"Cyan": {

"category": "harmless",

"engine_name": "Cyan",

"method": "blacklist",

"result": "clean"

"CyberCrime": {

"category": "harmless",

"engine_name": "CyberCrime",

"method": "blacklist",

"result": "clean"

"DNS8": {

"category": "harmless",

"engine_name": "DNS8",

"method": "blacklist",

"result": "clean"

"Dr.Web": {

"category": "harmless",

"engine_name": "Dr.Web",

"method": "blacklist",

"result": "clean"

"ESET": {

"category": "harmless",

"engine_name": "ESET",

"method": "blacklist",

"result": "clean"

"ESTsecurity-Threat Inside": {

"category": "harmless",

"engine_name": "ESTsecurity-Threat Inside",

"method": "blacklist",

"result": "clean"

"EmergingThreats": {

"category": "harmless",

"engine_name": "EmergingThreats",

"method": "blacklist",

"result": "clean"

"Emsisoft": {

"category": "harmless",

"engine_name": "Emsisoft",

"method": "blacklist",

"result": "clean"

"EonScope": {

"category": "harmless",

"engine_name": "EonScope",

"method": "blacklist",

"result": "clean"

"Forcepoint ThreatSeeker": {

"category": "harmless",

"engine_name": "Forcepoint ThreatSeeker",

"method": "blacklist",

"result": "clean"

"Fortinet": {

"category": "harmless",

"engine_name": "Fortinet",

"method": "blacklist",

"result": "clean"

"FraudScore": {

"category": "harmless",

"engine_name": "FraudScore",

"method": "blacklist",

"result": "clean"

"G-Data": {

"category": "harmless",

"engine_name": "G-Data",

"method": "blacklist",

"result": "clean"

"Google Safebrowsing": {

"category": "harmless",

"engine_name": "Google Safebrowsing",

"method": "blacklist",

"result": "clean"

"GreenSnow": {

"category": "harmless",

"engine_name": "GreenSnow",

"method": "blacklist",

"result": "clean"

"Hoplite Industries": {

"category": "harmless",

"engine_name": "Hoplite Industries",

"method": "blacklist",

"result": "clean"

"IPsum": {

"category": "harmless",

"engine_name": "IPsum",

"method": "blacklist",

"result": "clean"

"K7AntiVirus": {

"category": "harmless",

"engine_name": "K7AntiVirus",

"method": "blacklist",

"result": "clean"

"Kaspersky": {

"category": "harmless",

"engine_name": "Kaspersky",

"method": "blacklist",

"result": "clean"

"Lumu": {

"category": "harmless",

"engine_name": "Lumu",

"method": "blacklist",

"result": "clean"

"MalSilo": {

"category": "harmless",

"engine_name": "MalSilo",

"method": "blacklist",

"result": "clean"

"Malware Domain Blocklist": {

"category": "harmless",

"engine_name": "Malware Domain Blocklist",

"method": "blacklist",

"result": "clean"

"MalwareDomainList": {

"category": "harmless",

"engine_name": "MalwareDomainList",

"method": "blacklist",

"result": "clean"

"MalwarePatrol": {

"category": "harmless",

"engine_name": "MalwarePatrol",

"method": "blacklist",

"result": "clean"

"Malwared": {

"category": "harmless",

"engine_name": "Malwared",

"method": "blacklist",

"result": "clean"

"Netcraft": {

"category": "harmless",

"engine_name": "Netcraft",

"method": "blacklist",

"result": "clean"

"NotMining": {

"category": "harmless",

"engine_name": "NotMining",

"method": "blacklist",

"result": "clean"

"Nucleon": {

"category": "harmless",

"engine_name": "Nucleon",

"method": "blacklist",

"result": "clean"

"OpenPhish": {

"category": "harmless",

"engine_name": "OpenPhish",

"method": "blacklist",

"result": "clean"

"PREBYTES": {

"category": "harmless",

"engine_name": "PREBYTES",

"method": "blacklist",

"result": "clean"

"PhishLabs": {

"category": "harmless",

"engine_name": "PhishLabs",

"method": "blacklist",

"result": "clean"

"Phishing Database": {

"category": "harmless",

"engine_name": "Phishing Database",

"method": "blacklist",

"result": "clean"

"Phishtank": {

"category": "harmless",

"engine_name": "Phishtank",

"method": "blacklist",

"result": "clean"

"Quick Heal": {

"category": "harmless",

"engine_name": "Quick Heal",

"method": "blacklist",

"result": "clean"

"Quttera": {

"category": "harmless",

"engine_name": "Quttera",

"method": "blacklist",

"result": "clean"

"SCUMWARE.org": {

"category": "harmless",

"engine_name": "SCUMWARE.org",

"method": "blacklist",

"result": "clean"

"SecureBrain": {

"category": "harmless",

"engine_name": "SecureBrain",

"method": "blacklist",

"result": "clean"

"Segasec": {

"category": "harmless",

"engine_name": "Segasec",

"method": "blacklist",

"result": "clean"

"Snort IP sample list": {

"category": "suspicious",

"engine_name": "Snort IP sample list",

"method": "blacklist",

"result": "suspicious"

"Sophos": {

"category": "harmless",

"engine_name": "Sophos",

"method": "blacklist",

"result": "clean"

"Spam404": {

"category": "harmless",

"engine_name": "Spam404",

"method": "blacklist",

"result": "clean"

"Spamhaus": {

"category": "harmless",

"engine_name": "Spamhaus",

"method": "blacklist",

"result": "clean"

"StopBadware": {

"category": "harmless",

"engine_name": "StopBadware",

"method": "blacklist",

"result": "clean"

"StopForumSpam": {

"category": "harmless",

"engine_name": "StopForumSpam",

"method": "blacklist",

"result": "clean"

"Sucuri SiteCheck": {

"category": "harmless",

"engine_name": "Sucuri SiteCheck",

"method": "blacklist",

"result": "clean"

"Tencent": {

"category": "harmless",

"engine_name": "Tencent",

"method": "blacklist",

"result": "clean"

"ThreatHive": {

"category": "harmless",

"engine_name": "ThreatHive",

"method": "blacklist",

"result": "clean"

"Threatsourcing": {

"category": "suspicious",

"engine_name": "Threatsourcing",

"method": "blacklist",

"result": "suspicious"

"Trustwave": {

"category": "harmless",

"engine_name": "Trustwave",

"method": "blacklist",

"result": "clean"

"URLhaus": {

"category": "harmless",

"engine_name": "URLhaus",

"method": "blacklist",

"result": "clean"

"VX Vault": {

"category": "harmless",

"engine_name": "VX Vault",

"method": "blacklist",

"result": "clean"

"Virusdie External Site Scan": {

"category": "harmless",

"engine_name": "Virusdie External Site Scan",

"method": "blacklist",

"result": "clean"

"Web Security Guard": {

"category": "harmless",

"engine_name": "Web Security Guard",

"method": "blacklist",

"result": "clean"

"Yandex Safebrowsing": {

"category": "harmless",

"engine_name": "Yandex Safebrowsing",

"method": "blacklist",

"result": "clean"

"ZeroCERT": {

"category": "harmless",

"engine_name": "ZeroCERT",

"method": "blacklist",

"result": "clean"

"desenmascara.me": {

"category": "harmless",

"engine_name": "desenmascara.me",

"method": "blacklist",

"result": "clean"

"malwares.com URL checker": {

"category": "harmless",

"engine_name": "malwares.com URL checker",

"method": "blacklist",

"result": "clean"

"securolytics": {

"category": "harmless",

"engine_name": "securolytics",

"method": "blacklist",

"result": "clean"

"zvelo": {

"category": "harmless",

"engine_name": "zvelo",

"method": "blacklist",

"result": "clean"

}

"last_analysis_stats": {

"harmless": 74,

"malicious": 0,

"suspicious": 2,

"timeout": 0,

"undetected": 0

"last_modification_date": 1601705254,

"network": "209.59.192.0/19",

"regional_internet_registry": "ARIN",

"reputation": 0,

"tags": [],

"total_votes": {

"harmless": 0,

"malicious": 0

"whois": "NetRange: 209.59.192.0 - 209.59.223.255\nCIDR: 209.59.192.0/19\nNetName: BIZLAND-FC02\nNetHandle: NET-209-59-192-0-1\nParent: NET209 (NET-209-0-0-0-0)\nNetType: Direct Allocation\nOriginAS: AS29873\nOrganization: The Endurance International Group, Inc. (EIG-12)\nRegDate: 2004-07-30\nUpdated: 2012-03-02\nRef: https://rdap.arin.net/registry/ip/209.59.192.0\nOrgName: The Endurance International Group, Inc.\nOrgId: EIG-12\nAddress: 10 Corporate Drive\nAddress: Suite 300\nCity: Burlington\nStateProv: MA\nPostalCode: 01803\nCountry: US\nRegDate: 2005-02-07\nUpdated: 2018-06-14\nRef: https://rdap.arin.net/registry/entity/EIG-12\nOrgTechHandle: EIGAR-ARIN\nOrgTechName: eig-arin\nOrgTechPhone: +1-866-897-5421 \nOrgTechEmail: eig-arin@endurance.com\nOrgTechRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN\nOrgAbuseHandle: EIGAB-ARIN\nOrgAbuseName: eig-abuse\nOrgAbusePhone: +1-877-659-6181 \nOrgAbuseEmail: eig-abuse@endurance.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/EIGAB-ARIN\nOrgNOCHandle: ENO91-ARIN\nOrgNOCName: EIG Network Operations\nOrgNOCPhone: +1-877-659-6181 \nOrgNOCEmail: eig-noc@endurance.com\nOrgNOCRef: https://rdap.arin.net/registry/entity/ENO91-ARIN\n",

"whois_date": 1568088719

"id": "209.59.217.36",

"links": {

"self": "https://www.virustotal.com/api/v3/ip_addresses/209.59.217.36"

"type": "ip_address"

}

"links": {

"self": "https://www.virustotal.com/api/v3/search?query=209.59.217.36"

}

方便用來判斷該ip是否為惡意ip

https://developers.virustotal.com/reference

https://developers.virustotal.com/v3.0/reference

2020/08/31

有一台ruckus的10G設備

第48 port 變成橘燈

本來以為是速度或是不匹配的問題

但port 是通的而且速度也是10G

找到最後

發現應該是之前有error 或其他的問題

但自己復歸了

但復歸後橘燈號就留在那裡

設備reload 也沒用

要下以下的指令

clear statistics ethernet 1/1/48

把狀態全部清空

燈號就正常了

2020/08/28

利用Custom OID或snmpd 的extend 畫出圖後

想把圖放到Dashboard

看了半天

沒看到可以直接放一個圖的選項

找了一下

步驟如下

首先先到圖所在的頁面

在圖片上按右鍵複制圖片網址

http://10.10.0.140/graph.php?type=customoid_humidity&unit=value&device=243&from=1598531400&to=1598617800&height=300&width=1229.4

把from= 跟 to= 刪除

http://10.10.0.140/graph.php?type=customoid_humidity&unit=value&device=243&height=300&width=1229.4

在 Dashboard上新增一個 Widget

External image

把修改過後的url 填入 Image URL 和 Target URL

Widget title idget title 修改成需要的值點save就完成了

https://community.librenms.org/t/dashboard-graph-for-temperature/3456/

訂閱：文章 (Atom)