最近這几天 規定要往上指的 DNS 發生故障
重點是 發生故障也不通知下層單位
真是有夠無言的
本來沒有在監控記錄 dns query 的 response time
想說來加一下好了 加在 librenms
搞了好久
最後發現不會自動帶入 Remote Host
要在 Parameters 下完整
最終沒問題的設定方式如下圖
2023/12/02
2023/11/22
2023/11/19
proxmox 8 安裝後修正apt source 並更新
#!/bin/bash
sed -i '1s/^/#/' /etc/apt/sources.list.d/ceph.list
sed -i '1s/^/#/' /etc/apt/sources.list.d/pve-enterprise.list
echo "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" >> /etc/apt/sources.list
echo "export http_proxy=http://10.1.1.1:3128" > /root/update
echo "apt-get update" >> /root/update
echo "apt-get upgrade -y" >> /root/update
echo "apt-get autoremove -y --purge" >> /root/update
chmod +x /root/update
/root/update
2023/11/15
2023/11/01
2023/10/14
最近nas因為更新發生nfs不能使用的問題
因此暫時把graylog搬到其他台還沒更新的nas上
搬完後發現ES變成red
下指令看一下是那些shards
curl -XGET localhost:9200/_cat/shards|grep UNASSIGNED
index.action 0 r UNASSIGNED
index.do 0 r UNASSIGNED
index.aspx 0 r UNASSIGNED
graylog_159 2 p UNASSIGNED
index.htm 0 r UNASSIGNED
index.py 0 r UNASSIGNED
index.php 0 r UNASSIGNED
index.cgi 0 r UNASSIGNED
index.html 0 r UNASSIGNED
index.cfm 0 r UNASSIGNED
index.pl 0 r UNASSIGNED
index.jsp 0 r UNASSIGNED
index.asp 0 r UNASSIGNED
graylog_159 這個是放資料的 直接砍了 就損失一天的log
curl -XDELETE 'localhost:9200/graylog_159/'
此時ES已經變 yellow
但其他的shards也不知道砍了會不會有問題
forum上說的是因為沒有第二台可以replication所以會出現 UNASSIGNED
如果覺得礙眼不想看到 可以取消 replication
指令如下
curl -X PUT "http://localhost:9200/index_name/_settings" -H 'Content-Type: application/json' -d '{"index":{"number_of_replicas":0}}'
目前就先醬放著吧
再觀察看看
2023/08/14
之前寫過一篇有關如何在librenms加上 service 監控的
在新版本上要修正一下
目前版本
23.7.0-73-gd865e3b37 - Sun Aug 13 2023 22:56:54 GMT+0800
以ubuntu為例子
首先要安裝nagios套件
sudo apt install nagios-plugins
chmod +x /usr/lib/nagios/plugins/*
更改設定檔
vi /opt/librenms/config.php
# nagios-plugins
$config['show_services'] = 1;
$config['nagios_plugins'] = "/usr/lib/nagios/plugins";
vi /etc/cron.d/librenms
*/5 * * * * librenms /opt/librenms/services-wrapper.py 1
設定完成後就會在web介面上多出 service 的選項可以使用
接下來碰到的問題是
如果把service設定到 localhost
是無法正常使用的
要新加一個device
設定為 service_chcek
然後把 snmp 及 ping check都關掉
再把service設定到 service_check 這個device上
才能正常
如果在check service 時有加上參數捉取回應時間
librenms 會自動使用這個值畫出圖
可以由此觀察服務的回應時間 看出service有沒有lag的情況
2023/08/05
2023/07/06
整理一下zap的使用
首先到
https://www.zaproxy.org/download/
選擇下載
Cross Platform Package
OS必須要有 java環境才能執行
在debian 安裝 java指令
apt install default-jre
解壓後執行 zap.sh
會出現UI畫面 第一次執行預設會跳出更新畫面 要執行更新
更新完成後 執行zap的這台几器對外網路要關閉
因為進行scan時預設會往下爬五層
有可能會爬到外面去
因為目前沒辦法一次掃多個網站 不管是UI或使用指令
所以如果有多個網站要掃
可以使用命令模式 指令如下
./zap.sh -cmd -quickurl http://abc.com.tw -quickout /tmp/81.html
寫個shell來做
一行一個網站
https://aa.bb.com
https://dd.ee.com
寫到 /tmp/site_to_test
#!/bin/bash
while read line
do
echo "$line"
./zap.sh -cmd -quickurl "$line" -quickout /tmp/`echo $line|cut -d '/' -f 3`.html
done < /tmp/site_to_test
2023/07/05
2023/07/04
2023/06/12
2023/06/05
2023/05/24
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp -s 0/0 --dport 22 -j DROP
/usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
/usr/sbin/iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
/usr/sbin/iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
在DROP前必須加上以上這行 封包才能出去
/usr/sbin/iptables -A INPUT -s 0/0 -j DROP
2023/05/05
一直以來都會定時去 graylog 撈 資料
會使用到多個 OR 的下法
accept AND ( 192.168.33.238 OR 192.168.34.215 OR 192.168.33.43 OR 192.168.34.142 OR 192.168.54.247 OR 192.168.7.253 OR 192.168.26.237 OR 192.168.26.228 OR 192.168.25.211 OR 192.168.25.206 OR 192.168.25.117 OR 192.168.26.104 OR 192.168.25.183 OR 192.168.31.241 OR 192.168.30.112 OR 192.168.30.80 OR 192.168.29.6 OR 192.168.29.3 OR 192.168.30.60 OR 192.168.30.58 OR 192.168.29.143 OR 192.168.30.57 OR 192.168.29.223 OR 192.168.29.164 OR 192.168.29.84 OR 192.168.30.200 OR 192.168.30.32 OR 192.168.29.29 OR 192.168.29.199 OR 192.168.29.205 OR 192.168.29.210 OR 192.168.29.200 OR 192.168.29.234 OR 192.168.30.220 OR 192.168.30.194 OR 192.168.29.83 OR 192.168.29.4 OR 192.168.30.108 OR 192.168.29.177 OR 192.168.29.107 OR 192.168.29.32 OR 192.168.30.33 OR 192.168.30.173 OR 192.168.30.247 OR 192.168.30.122 OR 192.168.30.55 OR 192.168.29.19 OR 192.168.29.10 OR 192.168.30.123 OR 192.168.30.201 OR 192.168.29.253 OR 192.168.30.85 OR 192.168.29.48 OR 192.168.30.37 OR 192.168.30.66 OR 192.168.9.100 OR 192.168.30.163 OR 192.168.30.114 OR 192.168.30.59 OR 192.168.30.199 OR 192.168.30.227 OR 192.168.30.41 OR 192.168.29.246 OR 192.168.29.161 OR 192.168.74.248 OR 192.168.74.12 OR 192.168.10.111 OR 192.168.10.104 OR 192.168.50.154 OR 192.168.52.1 OR 192.168.52.3 OR 192.168.50.243 OR 192.168.50.220 OR 192.168.50.179 OR 192.168.50.99 OR 192.168.50.138 OR 192.168.50.98 OR 192.168.50.182 OR 192.168.50.206 OR 192.168.50.234 )
但今天使用同樣的語法
出現以下的 error
While retrieving data for this widget, the following error(s) occurred:
OpenSearch exception [type=too_many_nested_clauses, reason=Query contains too many nested clauses; maxClauseCount is set to 1024].
問了bing
要修改 /etc/opensearch/opensearch.yml
加上
indices.query.bool.max_clause_count: 10240
重啟 opensearch 目前正常
2023/05/03
因應centos 7 的EOS
最近把 grafana 轉到 debian
grafana 安裝好後移轉資料
Install used plugin on new server
grafana-cli plugins install grafana-image-renderer
grafana-cli plugins install grafana-clock-panel
grafana-cli plugins install grafana-worldmap-panel
Stop Grafana service on source and destination server
Copy /var/lib/grafana/grafana.db from old to new server
Check /etc/grafana/grafana.ini
以上copy完後要注意檔案擁有者及權限問題
Restart Grafana
Regular connection to the grafana url
Dashboard, datasource, users, psw, team,… are the same
因為之前有在本机開 influxdb
所以移轉
influxd backup /tmp/backup
只備分資料結構不備分資料
influxd restore -metadir /var/lib/influxdb/meta /tmp
本來有開API給遠端撈資料
在9版之後改成 service accounts
所以直接轉換
轉後去後遠端還是撈不到資料 本來以為是key的問題
查了log才發現要補一些package
apt install libglib2.0-0
apt install libnss3
apt install libatk1.0-0
apt install libatk-bridge2.0-0
apt install libcups2
apt install libdrm2
apt install libxkbcommon0
apt install libxcomposite1
apt install libxdamage1
apt install libxfixes3
apt install libxrandr2
apt install libgbm1
apt install libpangocairo-1.0-0
apt install libasound2
目前看來是都正常了
2023/04/21
2023/04/20
2023/04/14
為了因應centos 7 EOS
今天在轉移程式到 almalinux 9 時 mutt 一直無法寄信
mail server 的log如下
Apr 14 10:09:09 mail postfix/smtpd[523701]: connect from unknown[10.0.0.1]
Apr 14 10:09:09 mail postfix/smtpd[523701]: lost connection after STARTTLS from unknown[10.0.0.1]
看來almalinux 9的mutt 預設會使用 STARTTLS
在 .muttrc 加上以下這行
set ssl_force_tls = no
目前寄信正常了
20240308 後記
轉換到新mail server後 有些mutt又出現不能寄信的狀況
以下是log
Mar 8 06:13:01 mail postfix/smtpd[27212]: warning: TLS library problem: error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:320:
Mar 8 06:13:01 mail postfix/smtpd[27212]: lost connection after STARTTLS from unknown[10.0.0.1]
必須在.muttrc再加上 set ssl_starttls = no
包括之前說明的共二行如下
set ssl_force_tls = no
set ssl_starttls = no
目前正常了 再觀察看看
2023/04/09
2023/03/02
使用curl 撈取 loki 資料的語法
依需求需要更改之處
job="abc"
查詢的關鍵字 192.168.1.2
查詢的區間
curl -G -s "http://10.0.0.1:3100/loki/api/v1/query_range" --data-urlencode 'query={job="abc"} |~ "192.168.1.2"' --data-urlencode "start=$(date -u +'%Y-%m-%dT%H:%M:%SZ' -d '-8 hour')" --data-urlencode "end=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
curl -G -s "http://10.0.0.1:3100/loki/api/v1/query_range" --data-urlencode 'query={job="abc"} |~ "192.168.1.2"' --data-urlencode "start=$(date -u +'%Y-%m-%dT%H:%M:%SZ' -d '-7 day')" --data-urlencode "end=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"|jq
2023/02/28
今天早上三點多開始收到ntopng的告警
進主几看了一下 process不見了
重開也沒用
看了一下log
ntopng果然有更新
更新後起不來
接下來看ntopng的log
發現本次更新後必須使用到 libbpf.so.0
Feb 28 08:09:17 W-ntopng-ubuntu-2004 ntopng[3247]: /usr/bin/ntopng: error while loading shared libraries: libbpf.so.0: cannot open shared object file: No such file or directory
Feb 28 08:09:22 W-ntopng-ubuntu-2004 ntopng[3272]: /usr/bin/ntopng: error while loading shared libraries: libbpf.so.0: cannot open shared object file: No such file or directory
Feb 28 08:09:28 W-ntopng-ubuntu-2004 ntopng[3294]: /usr/bin/ntopng: error while loading shared libraries: libbpf.so.0: cannot open shared object file: No such file or directory
apt install libbpf0
目前正常了 再觀察看看
2023/02/22
2023/02/13
今天早上要進ntop管理介面的時候
打完帳號密碼登不進去
進os看了一下HD滿了
然後再看log
出現一堆如下的訊息 把HD塞爆了
Feb 13 08:14:29 W-ntopng ntopng[286]: 13/Feb/2023 08:14:29 [SQLiteAlertStore.cpp:151] ERROR: SQL Error: database disk image is malformed
Feb 13 08:14:29 W-ntopng ntopng[286]: INSERT INTO flow_alerts (alert_id, interface_id, tstamp, tstamp_end, severity, ip_version, cli_ip, srv_ip, cli_port, srv_port, vlan_id, is_cli_attacker, is_cli_victim, is_srv_attacker, is_srv_victim, proto, l7_proto, l7_master_proto, l7_cat, cli_name, srv_name, cli_country, srv_country, cli_blacklisted, srv_blacklisted, cli_location, srv_location, cli2srv_bytes, srv2cli_bytes, cli2srv_pkts, srv2cli_pkts, first_seen, community_id, score, flow_risk_bitmap, alerts_map, cli_host_pool_id, srv_host_pool_id, cli_network, srv_network, probe_ip, input_snmp, output_snmp, json, info) VALUES (26, 3, 1676247257, 1676247266, 3, 4, '192.168.40.66', '192.168.0.65', 44983, 80, 0, 0, 0, 0, 0, 6, 7, 0, 5, '', '', '', '', 0, 0, 0, 0, 126, 120, 2, 2, 1676247257, '1:rj5vzKw7WQX8TONTQ++bh3BkBh8=', 10, 70368744177664, X'04000000', 0, 0, 65535, 65535, '0.0.0.0', 0, 0, '{"ntopng.key":12345678,"hash_entry_id":23456789,"alert_generation": {"script_key":"ndpi_unidirectional_traffic","subdir":"flow","flow_risk_info":"{\"46\":\"No client to server traffic\"}"},"proto": {"http": {},"confidence":0}}', '');
google了一下是 sqllite 因為斷電導致有問題
果然
斷一次電事情一堆
看是有recovery sqlite的方法
算了
直接倒回事發前一天晚上的備分好了
倒回後目前正常
再觀察看看
https://blog.csdn.net/wolfking0608/article/details/71076588
2023/02/11
今天下午几房斷電
有一台graylog啟動後
三個 service都有起來
但從管理介面看log全都卡住
過了一個小時還是沒有消化
想說應該是 elasticsearch 有問題了
看了log
[2023-02-11T20:27:56,520][WARN ][o.e.c.r.a.AllocationService] [localhost.localdomain] failing shard [failed shard, shard [graylog_666][2], node[0l7asmrIRFeIxc3FyAB14Q], [P], recovery_source[existing store recovery; bootstrap_history_uuid=false], s[INITIALIZING], a[id=yqeR9a7CSUC4ZIIz-a07Gw], unassigned_info[[reason=ALLOCATION_FAILED], at[2023-02-11T12:27:55.997Z], failed_attempts[4], failed_nodes[[0l7asmrIRFeIxc3FyAB14Q]], delayed=false, details[failed shard on node [0l7asmrIRFeIxc3FyAB14Q]: failed recovery, failure RecoveryFailedException[[graylog_666][2]: Recovery failed on {localhost.localdomain}{0l7asmrIRFeIxc3FyAB14Q}{AHesmcGhQvGWAw7Gxl2V6A}{10.10.0.1}{10.10.01:9300}{dimr}]; nested: IndexShardRecoveryException[failed to recover from gateway]; nested: EngineCreationFailureException[failed to create engine]; nested: NoSuchFileException[/mnt/elasticsearch/nodes/0/indices/soJ39cmwT5-UlEyVIPvfAg/2/index/_x63f.fdt]; ], allocation_status[deciders_throttled]], message [failed recovery], failure [RecoveryFailedException[[graylog_666][2]: Recovery failed on {localhost.localdomain}{0l7asmrIRFeIxc3FyAB14Q}{AHesmcGhQvGWAw7Gxl2V6A}{10.10.0.1}{10.10.0.1:9300}{dimr}]; nested: IndexShardRecoveryException[failed to recover from gateway]; nested: EngineCreationFailureException[failed to create engine]; nested: NoSuchFileException[/mnt/elasticsearch/nodes/0/indices/soJ39cmwT5-UlEyVIPvfAg/2/index/_x63f.fdt]; ], markAsStale [true]]
org.elasticsearch.indices.recovery.RecoveryFailedException: [graylog_666][2]: Recovery failed on {localhost.localdomain}{0l7asmrIRFeIxc3FyAB14Q}{AHesmcGhQvGWAw7Gxl2V6A}{10.10.0.1}{10.10.0.1:9300}{dimr}
果然
手動 rotate active write index
有消化了
再觀察看看
2023/02/08
nftables 雖然是很久的東西了 還是記一下
安裝
dnf install nftables
清空所有
nft flush ruleset
設定新table
nft add table inet filter
新增一個chain 並預設規則
nft add chain inet filter INPUT { type filter hook input priority 0 \; counter \; policy accept \; }
在chain加上新規則
nft insert rule inet filter INPUT ip saddr 192.168.12.85 tcp dport 22 drop
列出規則
nft list table inet filter
列出規則 顯示 handle 號 以利刪除
nft -an list table inet filter
列出所有table的規則
nft -an list ruleset
刪除規則
nft delete rule inet filter INPUT handle 2
nft加的規則 iptables 去看會不完整
但是有作用的
下完 nft flush ruleset 後
再下 nft -an list ruleset 是看不到資料的
但如果再下iptables -L
下完後
再 nft -an list ruleset
就會看到如下的ruleset
table ip filter { # handle 3
chain INPUT { # handle 1
type filter hook input priority 0; policy accept;
}
chain FORWARD { # handle 2
type filter hook forward priority 0; policy accept;
}
chain OUTPUT { # handle 3
type filter hook output priority 0; policy accept;
}
}
預設所有下的指令 重開几就會清掉 如果要重開几自動執行
nft list ruleset >> /etc/sysconfig/nftables.conf
或
先匯出成檔案
nft list ruleset > /etc/nftables/nft_policy.nft
然後再 /etc/sysconfig/nftables.conf
include "/etc/nftables/nft_policy.nft"
重開後撈進來
如果確定不再需要 iptables
移除
dnf remove iptables
2023/02/07
2023/02/04
今天在檢查 pbs 時又出現 GC (garbage collection) warning 的log
再去看前一天的備分
是顯示備份完成且沒有錯誤的
不知道為什麼備分完成沒有錯誤但GC時會出現如下的錯誤
2023-02-02T00:00:22+08:00: WARN: warning: unable to access non-existent chunk 4d9f87572f2ff8d9f324aef1263e1ab47181a764aac801918b6dd5567fdfdde9, required by "/mnt/nfs418/ct/112/2023-01-31T16:00:47Z/catalog.pcat1.didx"
2023-02-02T00:00:22+08:00: WARN: warning: unable to access non-existent chunk e82ad3ac9b4b29c55420a44c29029c1a69ebd2cae156994c7e6a4f6a3b44524d, required by "/mnt/nfs418/ct/112/2023-01-31T16:00:47Z/catalog.pcat1.didx"
2023-02-02T00:00:22+08:00: WARN: warning: unable to access non-existent chunk 7eeadcfafebe86f0244ab4b07167644784be8485da119208d91e078efb48a7de, required by "/mnt/nfs418/ct/112/2023-01-31T16:00:47Z/root.pxar.didx"
而且問題來了
再接下來每一次備分都會顯示備分完成無異常
但GC就會一直錯誤
而且一旦GC有錯誤這個備分就無法還原
目前pbs在GC有錯誤時無法主動發mail 告警
所以解決方法就是寫個程式每天檢查GC是否有錯誤
如果有
就要把有錯誤相關的備分砍了
讓接下來的備分能正常
2023/02/03
2023/01/10
前一陣子發生了一件很OX的事
試了很久 現在做個記錄
因為有幫別的部門架了一台proxmox
而且那個部門也有一台nas
因此我就在那台nas上開了nfs然後用pbs備份
他老兄在某一天竟然進到nas把我備分用的那個nfs裡的資料砍了
然後第二天就出現了如下的error
ProxmoxBackup Server 2.3-2
2022-12-29T00:00:00+08:00: starting garbage collection on store nfs418
2022-12-29T00:00:00+08:00: task triggered by schedule 'daily'
2022-12-29T00:00:00+08:00: Start GC phase1 (mark used chunks)
2022-12-29T00:01:03+08:00: marked 5% (1 of 17 index files)
2022-12-29T00:04:14+08:00: marked 11% (2 of 17 index files)
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk c3fe251560dcd2cc5aef7cfbd6669d0dd9ca7491c455f537efc6d319b09892ec, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 6dc29793341c20c7c80910a73893501b034a0e29c14a444d214d835ccffc0d16, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 1f81c244f9b7816ab37d3ef7ffdcd10443eb1bddb3fa44e036186b73f1fee33a, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 95c7e6747d43b5b516e1768a1f258f352aeb47b23fd46575440dc3d820d1b253, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 9513a7e5c650245d3344115115b21285cc8f426e5284fa04159ea96e49856535, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 68b2b40dd3bacba9e649c67862011934bc7f048d8ea2d35fbd95c39f9d5cf7c4, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 494608d49f57039fd7a8378e1a2a2cf6bb0688773a525addc2f54507a94cd11d, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 09eab384d5f3cbf657db1c0750ef52be2f1dbdf134f977a24dc095382b6e25ed, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
2022-12-29T00:04:14+08:00: WARN: warning: unable to access non-existent chunk 9c1208d43242276c75a4f65f41054e4bc0e7e1144a61c951902bb8df94f055c9, required by "/mnt/nfs418/vm/108/2022-12-27T15:45:38Z/drive-virtio0.img.fidx"
..........................................
後面還一大堆
本來是想說把pbs上的datastore砍了重建應該可以解決問題
forum上也是醬說的
結果不是
我砍了datastore重建
甚至在nas上再開另一個nfs後再重建datastore
過沒几天又會出現如上的錯誤
最後的解決方法是直接重裝一台新的pbs
問題才解決
無言中
2023/01/07
2022/12/29
最近換了新環控系統
因為是跑在win上資料放在 mssql
所以要去把告警資料撈出來用line傳送
在linux上要先安裝 sqlcmd
m$官方有提供安裝文件如下
安裝完成後會放在
/opt/mssql-tools/bin/
連線語法如下
/opt/mssql-tools/bin/sqlcmd -S 10.1.2.3 -U sa -P 'passwd' -d dbname
連線成功會出現
1>
指令下完要記得 再下 go 才能執行
一些基本指令
顯示所有資料庫
SELECT Name from sys.databases
使用資料庫
use daname
顯示db的所有資料表
SELECT * FROM Information_Schema.TABLES顯示table schema
sp_help tablename
只顯示前 n 筆資料
select top n * from alarmhistory
找出最近時間的資料
select max(time_col) from table
備分資料庫
只能備到server本几的HD或UNC 路徑
sqlcmd -S 10.1.2.3 -U sa -P 'password' -Q "BACKUP DATABASE dbname TO DISK = '\\%tmp%\Report.bak' WITH NOFORMAT, NOINIT, NAME = 'dbname-full', SKIP, NOREWIND, NOUNLOAD, STATS = 10"
https://learn.microsoft.com/zh-tw/sql/linux/sql-server-linux-setup-tools?view=sql-server-ver16#RHEL
2022/12/27
2022/12/23
2022/12/21
2022/12/20
今天更新 debian
直接下完
apt update
apt upgrade -y 後
librenms就打不開了
跑了 ./daily.sh
出現
Updating to latest codebase OK
Updating Composer packages FAIL
> LibreNMS\ComposerHelper::preInstall
Installing dependencies from lock file
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.
Problem 1
- fgrosse/phpasn1 is locked to version v2.4.0 and an update of this package was not requested.
- fgrosse/phpasn1 v2.4.0 requires php ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 -> your php version (8.2.0) does not satisfy that requirement.
Problem 2
- fgrosse/phpasn1 v2.4.0 requires php ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 -> your php version (8.2.0) does not satisfy that requirement.
- web-token/jwt-core v2.2.11 requires fgrosse/phpasn1 ^2.0 -> satisfiable by fgrosse/phpasn1[v2.4.0].
- web-token/jwt-core is locked to version v2.2.11 and an update of this package was not requested.
Updated from ae22662c8 to 1ab238a4d OK
Updating SQL-Schema OK
Updating submodules OK
Cleaning up DB OK
Fetching notifications OK
Caching PeeringDB data OK
Caching Mac OUI data OK
看來是php不能升到 8.2
只能倒回備分
再排除以下的更新
php-cli/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-common/bullseye 2:93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:93+0~20221029.44+debian11~1.gbpaae3e9]
php-curl/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-fpm/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-gd/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-gmp/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-json/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-mbstring/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-mysql/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-pear/bullseye 1:1.10.13+submodules+notgz+2022032202-2+0~20221209.38+debian11~1.gbpfd4c1d all [upgradable from: 1:1.10.13+submodules+notgz+2022032202-2+0~20220330.37+debian11~1.gbpfd4c1d]
php-snmp/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-xml/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
php-zip/bullseye 2:8.2+93+0~20221211.45+debian11~1.gbpdb4dcc all [upgradable from: 2:8.1+93+0~20221029.44+debian11~1.gbpaae3e9]
再來把以上的package hold住 不要更新
指令如下
Hold a package:
sudo apt-mark hold <package-name>
Remove the hold:
sudo apt-mark unhold <package-name>
Show all packages on hold:
sudo apt-mark showhold
指令下完後 apt upgrade 時就不會更新
不過如果是下 apt install 還是會更新 此時就不受 hold影響 要特別注意
2022/12/16
graylog 迎來了5 版的更新
依然還是無法原几升級
記錄一下安裝的過程 以debian 11 為例
依照官方文件的流程 先裝mongodb
由於新版的mongodb需要使用 cpu 的 avx 功能
所以proxmox 上 guest的 cpu type 必須要改成 host 不能使用 預設值 kvm64
光是這個問題就卡關好久
而且mongodb 5版裝完後無法執行 6 版沒問題
接下來新的版本可以選擇使用
OpenSearch 或 Elasticsearch
我是選擇 Elasticsearch
第三步是安裝 graylog server
安裝後調整參數
/etc/elasticsearch/jvm.options 這個檔
-Xms8g
-Xmx8g
以上的參數依照記憶体進行調整
/etc/default/graylog-server 檔案裡
GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow"
-Xms1g -Xmx1g
這二個參數也是依照記憶体進行調整
其他依文件安裝問題不大
不過文件上有些斷行有問題 需要自行調整
例如
wget -qO - https://www.mongodb.org/static/pgp/server-5.x.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.x main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.x.list
及
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
另外使用almalinux 8 跟 9 安裝過程沒有出現錯誤 但 graylog server 啟動打開管理介面
出現以下的錯誤
不知道是那裡出問題 有空再來試了
找到問題了 firewalld 沒關
systemctl disable firewalld
systemctl stop firewalld
https://go2docs.graylog.org/5-0/what_is_graylog/what_is_graylog.htm
2022/11/24
2022/11/20
最近在使用ultravnc single click的時候
發現連線後在client 執行大部分的程式都無法正常操作
試了好几台都一樣
便想說重新再產生一次看看
下載原先的執行程式
解開後只留下 helpdesk.txt 及 logo.bmp 這二個檔
再來把這二個檔壓縮成zip
例如 jghdfkjg.zip
再利用這個zip上傳產生新的連線程式
https://uvnc.com/products/uvnc-sc/78-ultravnc-sc-online-creator.html
使用網頁最下方的產生器
再使用這個新產生的連線程式連線
目前看來正常
再觀察看看
https://uvnc.com/products/uvnc-sc.html
https://uvnc.com/docs/uvnc-sc/73-howto-create.html
https://uvnc.com/download/custom.zip
https://uvnc.com/products/uvnc-sc/78-ultravnc-sc-online-creator.html
2022/09/30
最近登入librenms時出現以下提示
目前使用的這個版本是從官網下載ubunbu 20.04 ova
試著升級但升完後有很多問題
於是打算重裝
選定debian 11
依照官網的流程一步步順利裝完
再來依照官方FAQ的方式移轉
也順利完成
最後有問題的是weathermap
如果直接copy ubuntu 20.04的目錄過來會發生無法執行的情況
不過官方已有針對php 8.1 進行修改
所以直接 git clone
git clone https://github.com/librenms-plugins/Weathermap.git
再mv目錄
mv Weathermap /opt/librenms/html/plugins/
把原几的 conf 複制到以下目錄
/opt/librenms/html/plugins/Weathermap/configs
以上就大致完成了
目前觀察中 看看還有沒有其他問題
https://github.com/librenms/packer-builds/releases/tag/21.2.0
https://www.librenms.org/#downloads
https://docs.librenms.org/Installation/Install-LibreNMS/#prepare-linux-server
https://docs.librenms.org/Support/FAQ/#how-do-i-migrate-my-librenms-install-to-another-server
2022/09/28
2022/09/10
今天想使用 line 發群組通知
首先申請權杖
官方文件範例是使用 curl
$ curl -X POST -H 'Authorization: Bearer <access_token>' -F 'message=foobar' \
https://notify-api.line.me/api/notify
但試了半天發現一個問題 就是 message 無法換行
找了好久才找到 範例如下
第一個方法
curl -X POST -H 'Authorization: Bearer (your token)' --data-binary message="%0A中文%0A123%0Aabc%0A456" https://notify-api.line.me/api/notify
第二個方法
curl -X POST -H 'Authorization: Bearer (your token)' -d $'message=123\nabc' https://notify-api.line.me/api/notify
使用python範例如下
檔名存為 line_notify.py
檔案內容如下
import requests
import sys
f = open(sys.argv[1])
msg = f.read()
f.close
def lineNotify(token, msg):
url = "https://notify-api.line.me/api/notify"
headers = {
"Authorization": "Bearer " + token
}
payload = {'message': msg}
r = requests.post(url, headers=headers, data=payload)
return r.status_code
token = "your token"
lineNotify(token, msg)
只要指定檔案發送
檔案內是什麼內容
發送就是什麼內容
用法
python line_notify.py /tmp/txt_to_send
https://officeguide.cc/python-line-notify-send-messages-images-tutorial-examples/
https://fm-aid.com/bbs2/viewtopic.php?pid=52815
https://notify-bot.line.me/zh_TW/
2022/08/17
centos 7 升級至 almalinux 8 流程
yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el7.noarch.rpm
yum install -y leapp-upgrade leapp-data-almalinux
leapp preupgrade
rmmod pata_acpi
rmmod floppy
echo PermitRootLogin yes | sudo tee -a /etc/ssh/sshd_config
leapp answer --section remove_pam_pkcs11_module_check.confirm=True
#check any package need to remove if still error
leapp preupgrade
leapp upgrade
2022/07/29
說明一下如何在almalinux 8 上備分資料到 proxmox backup server(pbs)
先在 pbs 上 建立一個 datastore test
到以下網站下載rpm進行安裝
https://github.com/sg4r/proxmox-backup-client
先安裝相依套件
dnf install fuse3
接下來
rpm -Uhv proxmox-backup-2.2.2-1.x86_64.rpm
安裝完成後執行以下指令
proxmox-backup-client login --repository root@pam@10.0.0.1:8007:test
匯入 fingerprints
如果要備份 /root
建立以下shell
#!/bin/bash
export PBS_PASSWORD="password"
proxmox-backup-client backup aaa.pxar:/root --repository root@pam@10.0.0.1:8007:test
列出備份資料
proxmox-backup-client snapshot list --repository root@pam@10.0.0.1:8007:test
復原備分資料
proxmox-backup-client restore --repository root@pam@10.0.0.1:8007:test host/test-pbs-almalinux8/2022-07-29T06:23:05Z aaa.pxar /tmp/test
https://www.coderstudy.co/zh-Hant/article/19cs1_1anq7.html
pvesh
跨 proxmox node 下指令的好用工具
如果要把其他節點的guest開几 指令如下
pvesh create /nodes/<nodeid>/qemu/<vmid>/status/start
https://pve.proxmox.com/pve-docs/pvesh.1.html
http://blog.jason.tools/2019/02/pve-cli-api.html
2022/07/28
今天早ntop 更新出現以下問題 應該是key 過期了
Failed to fetch https://packages.ntop.org/apt-stable/20.04/x64/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3D84C955924F7599
參考
https://packages.ntop.org/apt-stable/
重新下載再安裝一次
wget https://packages.ntop.org/apt-stable/20.04/all/apt-ntop-stable.deb
apt install ./apt-ntop-stable.deb
目前正常
再觀察看看
2022/07/27
在raspberry pi 4 上安裝 ubuntu mate 後
聲音預設是從耳几孔輸出
可以安裝一個方便的程式來進行調整由hdmi輸出
sudo apt-add-repository ppa:yktooo/ppa -y
sudo apt-get update
sudo apt-get install indicator-sound-switcher -y
2022/07/13
2022/07/06
2022/07/04
將 guest 移至esxi後 因為需要定時重開几還原
記錄一下設定
首先將 hd 模式設為 獨立-非持續性
說明如下
esxi啟動 SSH 以SSH登入
接下來取得vmid
vim-cmd vmsvc/getallvms
如果要從esxi關机 指令如下(guest要安裝 vmware tools 指令 apt install open-vm-tools )
vim-cmd vmsvc/power.shutdown [VMID]
開几指令如下
vim-cmd vmsvc/power.on [VMID]
無法直接使用contab -e
必需手動編輯下列檔案
/var/spool/cron/crontabs/root
https://anby.org/index.php/archives/182/
記一下如何把proxmox 的guest 轉到 esxi
先在proxmox 上把guest 的hd轉成 vmdk格式
qemu-img convert -f raw /dev/pve/vm-118-disk-0 -O vmdk /tmp/new.vmdk
開啟 esxi上的 ssh 把 new.vmdk 傳上去
使用vmkfstools 把 上傳的vmdk轉檔 (-d thin 這個參數一定要下)
vmkfstools -i new.vmdk new-test.vmdk -d thin
在esxi上建立新的guest
在新guest裡把轉好檔的vmdk匯入 並移除原來新建立產生的vmdk
guest開几 重新設定網路及其他相關
https://edywerder.ch/proxmox-to-vmware/
https://www.reddit.com/r/Proxmox/comments/nbfjop/export_proxmox_vm_for_use_with_esxi/
2022/07/03
2022/06/30
今天為了裝一台只有 8G hdd 的机器
找了好久的os
發現現在能裝的os 好少
最後找到 q4os
安裝直接選 自動 裝到好
再來就是處理中文的問題
使用以下指令 把繁中裝上去
$ addlanguage
接下來是輸入法
使用fcitx
apt install fcitx fcitx-table-scj6 fcitx-chewing
之後在config把輸入法選進去
裝好 firefox chrome 目前使用不到 7G
碰到一個問題
如果先啟動 mplayer -ontop 再啟動 chrome 全螢幕 mplayer 會被蓋掉 所以啟動順序只能交換
另外下方的工作列要設為自動隱藏
如果要開几啟動 要把 shell 放在 /home/adminq/.trinity/Autostart/ 這個目錄下
在shell裡的每行指令最後要加上 &
才能依順執行所有指令
範例
#!/bin/bash
google-chrome --kiosk &
mplayer 1.mp4 &
https://q4os.org/index.html
https://www.q4os.org/dqa007.html#inter
2022/06/29
maltrail 使用公開的ip 及 url黑名單
分為 sensor 及 server 二部分
如果需要有圖形介面才需要安裝 server
單獨安裝sensor即可進偵測並產生log
log目錄預設為 /var/log/maltrail
安裝指令如下
sudo apt-get install git python3-pcapy
git clone github.com/stamparm/maltrail.git
cd maltrail
sudo python sensor.py
裝完後用nmap掃一下得到的結果
"2022-06-28 13:32:14.815681" test-maltrail 10.0.0.1 50137 10.0.0.2 1,3,4,6,7,9,13,17,19,20,21,22,23,24,25,26,30,32,33,37,42,43,49,53,70,79,80,81,82,83,84,85,88,89,90,99,100,106,109,110,111,113,119,125,143,144,146,161,163,179,199,211,212,222,254,255,256,259,264,280,301,306,311,340,366,389,406,407,416,417,425,427,443,444,458,464,465,481,497,500,512,513,514,515,524,541,543,544,545,548,554,555,563,587,593,616,617,625,631,636,646,648,666,667,668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800,801,808,843,873,880,888,898,900,901,902,903,911,912,981,987,990,992,993,995,999,1000,1001,1002,1007,1009,1010,1011,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1100,1102,1104,1105,1106,1107,1108,1110,1111,1112,1113,1114,1117,1119,1121,1122,1123,1124,1126,1130,1131,1132,1137,1138,1141,1145,1147,1148,1149,1151,1152,1154,1163,1164,1165,1166,1169,1174,1175,1183,1185,1186,1187,1192,1198,1199,1201,1213,1216,1217,1218,1233,1234,1236,1244,1247,1248,1259,1271,1272,1277,1287,1296,1300,1301,1309,1310,1311,1322,1328,1334,1352,1417,1433,1434,1443,1455,1461,1494,1500,1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687,1688,1700,1717,1718,1719,1720,1721,1723,1755,1761,1782,1783,1801,1805,1812,1839,1840,1862,1863,1864,1875,1900,1914,1935,1947,1971,1972,1974,1984,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2013,2020,2021,2022,2030,2033,2034,2035,2038,2040,2041,2042,2043,2045,2046,2047,2048,2049,2065,2068,2099,2100,2103,2105,2106,2107,2111,2119,2121,2126,2135,2144,2160,2161,2170,2179,2190,2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381,2382,2383,2393,2394,2399,2401,2492,2500,2522,2525,2557,2601,2602,2604,2605,2607,2608,2638,2701,2702,2710,2717,2718,2725,2800,2809,2811,2869,2875,2909,2910,2920,2967,2968,2998,3000,3001,3003,3005,3006,3007,3011,3013,3017,3030,3031,3052,3071,3077,3128,3168,3211,3221,3260,3261,3268,3269,3283,3300,3301,3306,3322,3323,3324,3325,3333,3351,3367,3369,3370,3371,3372,3389,3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689,3690,3703,3737,3766,3784,3800,3801,3809,3814,3826,3827,3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000,4001,4002,4003,4004,4005,4006,4045,4111,4125,4126,4129,4224,4242,4279,4321,4343,4443,4444,4445,4446,4449,4550,4567,4662,4848,4899,4900,4998,5000,5001,5002,5003,5004,5009,5030,5033,5050,5051,5054,5060,5061,5080,5087,5100,5101,5102,5120,5190,5200,5214,5221,5222,5225,5226,5269,5280,5298,5357,5405,5414,5431,5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678,5679,5718,5730,5800,5801,5802,5810,5811,5815,5822,5825,5850,5859,5862,5877,5900,5901,5902,5903,5904,5906,5907,5910,5911,5915,5922,5925,5950,5952,5959,5960,5961,5962,5963,5987,5988,5989,5998,5999,6000,6001,6002,6003,6004,6005,6006,6007,6009,6025,6059,6100,6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565,6566,6567,6580,6646,6666,6667,6668,6669,6689,6692,6699,6779,6788,6789,6792,6839,6881,6901,6969,7000,7001,7002,7004,7007,7019,7025,7070,7100,7103,7106,7200,7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777,7778,7800,7911,7920,7921,7937,7938,7999,8000,8001,8002,8007,8008,8009,8010,8011,8021,8022,8031,8042,8045,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8093,8099,8100,8180,8181,8192,8193,8194,8200,8222,8254,8290,8291,8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651,8652,8654,8701,8800,8873,8888,8899,8994,9000,9001,9002,9003,9009,9010,9011,9040,9050,9071,9080,9081,9090,9091,9099,9100,9101,9102,9103,9110,9111,9200,9207,9220,9290,9415,9418,9485,9500,9502,9503,9535,9575,9593,9594,9595,9618,9666,9876,9877,9878,9898,9900,9917,9929,9943,9944,9968,9998,9999,10000,10001,10002,10003,10004,10009,10010,10012,10024,10025,10082,10180,10215,10243,10566,10616,10617,10621,10626,10628,10629,10778,11110,11111,11967,12000,12174,12265,12345,13456,13722,13782,13783,14000,14238,14441,14442,15000,15002,15003,15004,15660,15742,16000,16001,16012,16016,16018,16080,16113,16992,16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221,20222,20828,21571,22939,23502,24444,24800,25734,25735,26214,27000,27352,27353,27355,27356,27715,28201,30000,30718,30951,31038,31337,32768,32769,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779,32780,32781,32782,32783,32784,32785,33354,33899,34571,34572,34573,35500,38292,40193,40911,41511,42510,44176,44442,44443,44501,45100,48080,49152,49153,49154,49155,49156,49157,49158,49159,49160,49161,49163,49165,49167,49175,49176,49400,49999,50000,50001,50002,50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055,55056,55555,55600,56737,56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389 TCP IP 10.0.0.1 "potential port scanning" (heuristic)
2022/06/28
先簡單記一下zeek file extraction
zkg install zeek/hosom/file-extraction
# you must separately load the package for it to actually do anything
zkg load zeek/hosom/file-extraction
mkdir /opt/extract_files
vi /opt/zeek/share/zeek/base/files/extract/main.zeek
#const prefix = "./extract_files/" &redef;
const prefix = "/opt/extract_files/" &redef;
vi /opt/zeek/share/zeek/site/local.zeek
加上
@load /opt/zeek/share/zeek/policy/frameworks/files/extract-all-files.zeek
root@zeek:~# /opt/zeek/bin/zeekctl
Warning: zeekctl node config has changed (run the zeekctl “deploy” command)
Welcome to ZeekControl 2.2.0
Type “help” for help.
[ZeekControl] > start
starting zeek …
creating crash report for previously crashed nodes: zeek
[ZeekControl] > deploy
[ZeekControl] >quit
https://chanfs.medium.com/file-extraction-with-zeek-2c1a0bb1aa98
https://github.com/hosom/file-extraction
https://www.ericooi.com/zeekurity-zen-part-vi-zeek-file-analysis-framework/
2022/06/27
2022/06/25
2022/06/22
/dev/urandom 取得隨几數
随机转换为md5(20位):
head /dev/urandom | md5sum | head -c 20
随机纯数字(20位):
head /dev/urandom | tr -dc 0-9 | head -c 20
随机小写字母+数字(20位):
head /dev/urandom | tr -dc a-z0-9 | head -c 20
随机大小写字母+数字(20位):
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
https://piaohua.github.io/post/linux/20200825-linux-dev-urandom/2022/06/15
之前碰到 almalinux 9 在 lxc 無法開几的問題
有人提供解法了
root@nte-proxmox-1:~# pct enter 106
[root@alma9test ~]# cat /etc/redhat-release
AlmaLinux release 9.0 (Emerald Puma)
[root@alma9test ~]# systemctl stop systemd-firstboot
[root@alma9test ~]# exit
https://forum.proxmox.com/threads/lxc-almalinux-9-issue.110348/
2022/06/07
2022/06/05
SQL Injection
Username: admin' --
Password: 123
Actual Query: SELECT * FROM users WHERE username='admin' -- AND password='123'
Username: admin' union select * from users where '1
Password: 123
Actual Query: SELECT * FROM users WHERE username='admin' union select * from users where '1' AND password='123'
Username: admin';
Password: 123
Actual Query: SELECT * FROM users WHERE username='admin';' AND password='123'
Username: ad'||'min';
Password: 123
Actual Query: SELECT * FROM users WHERE username='ad'||'min';' AND password='123'
https://github.com/onealmond/hacking-lab/blob/master/picoctf-2020/web-gauntlet/writeup.md
2022/05/26
因為要用linux shell 產生值再透過snmp server 讓 librenms 撈出後能畫圖
找到 python snmp server
只要一行指令
Standalone usage: snmp-server.py [-h] [-p PORT] [-c CONFIG] [-d] [-v]
SNMP server
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT port (by default 161 - requires root privileges)
-c CONFIG, --config CONFIG
OIDs config file
-d, --debug run in debug mode
-v, --version show program's version number and exit
要產生snmp值的範例檔如下
DATA = {
'1.3.6.1.4.1.1.1.0': integer(12345),
'1.3.6.1.4.1.1.2.0': bit_string('\x12\x34\x56\x78'),
'1.3.6.1.4.1.1.3.0': octet_string('test'),
'1.3.6.1.4.1.1.4.0': null(),
'1.3.6.1.4.1.1.5.0': object_identifier('1.3.6.7.8.9'),
# notice the wildcards:
'1.3.6.1.4.1.1.6.*': lambda oid: octet_string('* {}'.format(oid)),
'1.3.6.1.4.1.1.?.0': lambda oid: octet_string('? {}'.format(oid)),
'1.3.6.1.4.1.2.1.0': real(1.2345),
'1.3.6.1.4.1.3.1.0': double(12345.2345),
}
snmpwalk 指定 ip port
snmpwalk -c public -v 2c 10.1.1.1:1611 .1.2.3
2022/05/21
之前一直都是在synology上使用docker
但因為某個原因
必須在有adsl線路上的几器上能讓外部連入
所以想到在該几器上安裝docker
記錄一下 目前有使用到的指令
安裝
sudo apt install docker.io
檢查狀態
systemctl status docker
設定開几啟動
sudo systemctl enable docker
把要使用docker的user加入docker群組
sudo usermod -aG docker username
登出再登入
檢查docker
docker version
搜尋docker 映像檔 ubuntu
docker search ubuntu
下載映像檔
docker pull ubuntu
列出目前已下載的映像檔
docker images
啟動 container
docker run -itd container_id /bin/bash
列出目前已啟動的container
docker ps
登入已啟動的container
docker exec -it container_id /bin/bash
安裝 ssh server
apt install open-sshserver
參考此篇設定使用public key 登入並改變啟動port
假設改為 port 2222
全部改好後存檔成另一個images
docker commit container_id
會存成另一個images
關閉container
docker stop container_id
重新啟動並對應port 而且啟動ssh server 並設定重開後啟動container
docker run container_id -p 2222:2222 --restart=always /usr/sbin/sshd -D
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 57d619e840f1 16 hours ago 274MB
ubuntu latest d2e4e1f51132 3 weeks ago 77.8MB
刪除不使用的images
docker rmi image_id
查看目前所有容器的狀態 包含正在執行及已stop
docker ps -a
停止容器的命令如下
$ docker stop container_id
啟動停止的容器 容器內之前的異動資料不會消失
$ docker start container_id
删除容器
$ docker rm container_id
2022/05/17
2022/05/13
由於 proxmox 几器愈來愈多
所以使用dsh 來處理升級問題
其他几器暫不考慮
因為還要使用key認証 而且os也有不同
流程如下
先建立群組檔
vi ~/.dsh/group/temp
10.0.0.1
10.0.0.2
10.0.0.3
建立好後指令如下
dsh -g temp -M -r ssh -- df -h
如果要下多個指令 要使用單引號 而且指令用 ; 隔開
dsh -g temp -M -r ssh -- 'df-h;ls;date'
https://blog.csdn.net/dcj3sjt126com/article/details/84691641
2022/05/11
2022/05/09
今天要disable ubuntu 18.04 的ipv6的時候
在 /etc/sysctl.conf 加入以下三行
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6 = 1
sysctl -p 是有作用的 可是重開就不行了
有人說是bug
只好換一種方法
修改 /etc/default/grub
GRUB_CMDLINE_LINUX="ipv6.disable=1"
再update grub
sudo update-grub
重開就ok了
https://linuxconfig.org/how-to-disable-ipv6-address-on-ubuntu-18-04-bionic-beaver-linux
2022/04/29
2022/04/18
昨天是舊憑証的到期日
所以今天要撈出那些ip已經上了新憑証
把封包導入解密
使用 nmap 查找憑証指令如下
再找出使用 TWCA 的憑証 並 列出憑証到期日
#!/bin/bash
for i in {1..250}
do
echo $i
nmap -Pn --script ssl-cert -p 443 10.0.0.$i -oN ca_$i
done
若把執行結果餵到變數 注意以下不同
r=`nmap --script ssl-cert -p 443 10.0.0.$i|grep -E 'TWCA|after'`
echo $r > ca_$i #導出結果無換行
echo "$r" > ca_$i #導出結果有換行
使用 curl 程式如下
#!/bin/bash
for i in {1..250}
do
echo $i
curl -m 3 https://10.0.0.$i -k -v -s -o /dev/null 2> /tmp/ca/ca_$i
done
接下來再針對關鍵字及有無過期查找即可
2022/04/11
今天有朋友問greenbone的問題
到官網看了一下
名字又改了
改成 Greenbone Enterprise TRIAL
不過下載時看到的檔案還是GSM
只是比之前用的版本又更新了
順便記錄一下怎麼匯入 proxmox
ova下載回來後先解開
tar xvf GSM-TRIAL-21.04.15-VirtualBox.ova
有一個 ovf 跟一個 vmdk 只需要使用 vmdk
把vmdk 上傳到 proxmox
在proxmox 上 create 一個vm
cpu給2顆 ram給5G
接下來把建立時預設的那個HD刪除
把剛剛上傳的vmdk匯入
qm importdisk 132 GSM-TRIAL-21.04.15-VirtualBox-disk001.vmdk local-lvm
把匯入的HD掛上 BUS一定要使用 IDE
把BIOS調整成 UEFI
調整開几順序 使用剛剛匯入的HD開几
開几完成使用 admin/admin 在 console登入
接下來建立 web 介面的帳號密碼及更新 feed
完成後即可使用 web 介面登入操作
https://www.greenbone.net/en/testnow/
訂閱:
文章 (Atom)