Synology Active Backup for Bussiness backup task failed
Due to IP change last week
  1. Firewall policy create NAS_to_ESXi。
  2. 虛擬機器 -> 任務清單 -> 刪除任務。
  3. 虛擬機器 -> VMware vSphere -> 管理 Hypervisor -> 刪除舊的 IP,新增新的 IP。
Set LACP for Synology NAS and NETGEAR switch
NETGEAR
  1. Switching -> LAG -> LAG Configuration -> ch1 -> 41、42 -> Apply。
  2. ch1 -> Description: NAS、LAG Type:LACP -> Apply。
  3. Switching -> VLAN -> Port PVID Configuration -> g41、g42 PVID:99、VLAN Member:10-14,17-23,99,101、VLAN Tag:10-14,17-23,99,101 -> Apply。
Synology
  • 控制台 -> 網路 -> 網路介面 -> 新增 Bond。
Set NAT in FortiGate
1. 政策&物件 -> 虛擬 IP -> 新增
  • 名稱: IT-VPN
  • 介面: wan2
  • 對外 IP: 0.0.0.0
埠號轉發
  • 協定: TCP
  • 外部服務埠號: 19979
  • 對應到埠號: 19979
2. 政策&物件 -> IPv4 政策
  1. From zone wan2 to zone Knowhow_Vlan
  2. From any to IT-VPN
Juniper SRX 320
# 查看當前軟體版本號
show system software

# 查看系統啟動時間
show system uptime

# 查看硬體板卡及序號
show chassis haredware

# 查看硬體板卡當前狀態
show chassis environment

# 查看主控板(RE)資源使用及狀態
show chassis routing-engine


# 查看當前防火牆併發會話數
show security flow session summary

# 查看當前防火牆具體併發會話
show security flow session

# 清除當前 session
clear security flow session all

# 檢查全域 ALG 開啟情況
show security alg status

# 查OID
show snmp mib walk decimal 1.3.6.1.2.1.2.2.1.2

# 設定政策
set security policy zones from-zone to-zone

# 查看路由表
show route

# 查看 ARP 表
show arp

# 查看系統日誌
show log messages

# 查看所有介面運行狀態
show interface terse

# 查看介面運行細節資訊
show interface ge-x/y/z detail

# 比較修改
show | compare rollback ?
show | compare rollback 1

# 查看系統
show system

# 查看設定
show configuration

# 動態統計介面資料包轉發資訊
monitor interface ge-x/y/z

# 動態報文抓取(Tcpdump,類似 ScreenOS snoop命令)
monitor traffic interface ge-x/y/z
Check port status
# `(echo >/dev/tcp/${host}/${port})`
(echo >/dev/tcp/192.168.57.24/80) &>/dev/null && echo "open" || echo "closed"

timeout 1 bash -c '>/dev/tcp/192.168.57.24/80 &>/dev/null' && echo "open" || echo "closed"

timeout 1 bash -c '>/dev/tcp/192.168.57.24/80' && echo "open" || echo "closed"
Block subnets
ip route add blackhole 192.168.0.0/24
map
# map
map $remote_addr $limit_key {
    35.229.201.209 "";
    default $binary_remote_addr;
}
# wss.conf
limit_req_zone $limit_key zone=websocket:10m rate=20r/s;
limit_req_status 499;

server {
    location = / {
        limit_req zone=websocket nodelay;
        limit_req_log_level warn;
    }
}
rewrite
1
# https://localhost/img/nginx.svg can access /data/nginxconfig.io/src/static/nginx.svg
location /img {
    rewrite '^/img/(.*)$' /static/$1;
  }

location /static {
    root /data/nginxconfig.io/src;
    index nginx.svg;
}
2
# https://localhost/photo/nginx.svg can access /data/nginxconfig.io/src/static/nginx.svg

location /photo {
    root /data/nginxconfig.io/src;
    try_files $uri /$uri @pic;
}

location @pic {
    rewrite '^/photo/(.*)$' /static/$1;
}
3
# remove prefix path and allow proxy_pass POST
location /upload/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    root /data/nginx/html;
    # Remove path
    rewrite ^/upload/(.*) /$1  break;
    proxy_pass https://logo$uri$is_args$args;
    # Proxy_pass POST
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_cache_bypass $http_upgrade;
    #proxy_redirect  https://logo/ /;
}

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    root /data/nginx/html;
    index  index.html index.htm;
}
grafana behind nginx
server/ssl.conf
ssl_certificate     /etc/ssl/go2cloudten.com.crt;
ssl_certificate_key /etc/ssl/go2cloudten.com.key;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC2:!RC4:!aNULL:!eNULL:!LOW:!IDEA:!DES:!TDES:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EXPORT:!ANON";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_timeout 50m;
server/proxy.conf
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
grafana.conf
server {
    listen       443 ssl;
    server_name  grafana-test.go2cloudten.com;
    server_name  grafana.go2cloudten.com;
    include server/ssl.conf;
    include server/proxy.conf;
    access_log  logs/grafana.log json;
    error_log   logs/grafana.error.log warn;
    location / {
        proxy_pass   http://grafana;
        proxy_connect_timeout 300;
        proxy_read_timeout 700;
        proxy_send_timeout 700;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}
texlive
  • macOS
# brew install textlive
# npm i -g mermaid-filter
# Render mermaid
pandoc -F mermaid-filter -o readme.pdf readme.md
  • Ubuntu
# sudo apt install pandoc -y
# sudo apt-get -y install texlive-latex-recommended texlive-pictures texlive-latex-extra texlive-fonts-recommended
# npm i -g mermaid-filter
pandoc -F mermaid-filter -o readme.pdf readme.md
Install
# Ubuntu22.04
sudo add-apt-repository ppa:redislabs/redis
sudo apt install redis-server
Generate ssh key
# RSA
ssh-keygen -m PEM -t rsa -b 4096 -C "zeyanlin@outlook.com"

# ED25519
ssh-keygen -t ed25519 -C "dev" -f ~/.ssh/ed25519
ssh config
Host private.example.com
  ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
Vagrantfile template
docker
hyperv
virtualbox
vmware
multi
others
common
Metasploitable3
send alert
  1. Use Webhook, Create Channel and Webhook in Mattermost, and put script to $(grep AlertScriptsPath /etc/zabbix/zabbix_server.conf).
  2. Create Media types in Zabbix(Administration -> Medai types).
  3. Add media to user(Administration -> Users -> Media).
  4. Create action(Configuration -> Actions -> Trigger actions)。
  5. Debug(Write log in script).
    1. Media types:
      1. PROBLEM:\nProblem started at {EVENT.TIME} on {EVENT.DATE}\n 問題: {EVENT.NAME}\n 主機: {HOST.NAME}\nSeverity: {EVENT.SEVERITY}\n 目前數值: {EVENT.OPDATA}\n 問題 ID: {EVENT.ID}\n{TRIGGER.URL}
      2. RECOVERY:\nProblem has been resolved at {EVENT.RECOVERY.TIME} on {EVENT.RECOVERY.DATE}\n 問題: {EVENT.NAME}\n 持續時間: {EVENT.DURATION}\n 主機: {HOST.NAME}\nSeverity: {EVENT.SEVERITY}\n 問題 ID: {EVENT.ID}\n{TRIGGER.URL}
zabbix server
/etc/zabbix/zabbix_server.conf

Zabbix Server perform high loading, and slow query. Increase ValueCacheSize solve this problem.

LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=5
PidFile=/var/run/zabbix/zabbix_server.pid
SocketDir=/var/run/zabbix
DBHost=localhost
DBName=zabbix_db
DBUser=zabbix_user
DBPassword=zabbix
DBSocket=/data/mysql/mysql.sock
StartPollers=200
StartPreprocessors=30
StartPollersUnreachable=30
StartTrappers=100
StartDiscoverers=30
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
CacheSize=4G
HistoryCacheSize=2G
HistoryIndexCacheSize=2G
TrendCacheSize=2G
ValueCacheSize=24G
Timeout=30
UnavailableDelay=120
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
/etc/my.cnf
[client-server]
socket=/data/mysql/mysql.sock

[mysqld]
socket=/data/mysql/mysql.sock
datadir=/data/mysql

character_set_server=utf8mb4
character_set_filesystem=utf8
max_allowed_packet=32M
event_scheduler=1
default_storage_engine=innodb
open_files_limit=65535
local_infile=1
sysdate_is_now=1
back_log=256
##error log format
# connection
interactive_timeout=28800
wait_timeout=28800
lock_wait_timeout=28800
skip_name_resolve=1
max_connections=2000
max_user_connections=1000
max_connect_errors=1000000

# table cache performance settings #
table_open_cache=8192
table_definition_cache=8192
table_open_cache_instances=16

# session memory settings #
read_buffer_size=131072
read_rnd_buffer_size=262144
sort_buffer_size=262144
tmp_table_size=67108864
join_buffer_size=8M
thread_cache_size=256

# log settings #
###slow log  ###
slow_query_log=1
log_queries_not_using_indexes=0
log_slow_admin_statements=1
#log_slow_slave_statements = 1
log_throttle_queries_not_using_indexes=1
long_query_time=0.5
log_bin_trust_function_creators=1

###binlog ###
binlog_cache_size=32K
max_binlog_cache_size=1G
max_binlog_size=2G
expire_logs_days=31
log_slave_updates=1
#binlog_format=STATEMENT
binlog_format=ROW
slave_compressed_protocol = 1
# innodb settings #
#innodb_data_file_path=ibdata1:4G;ibdata2:4G:autoextend
innodb_page_size=16384
innodb_buffer_pool_size=4G
innodb_buffer_pool_instances=1
innodb_buffer_pool_load_at_startup=1
innodb_buffer_pool_dump_at_shutdown=1
innodb_lock_wait_timeout=50
innodb_io_capacity=100
innodb_io_capacity_max=200
innodb_flush_neighbors=1
innodb_file_per_table=1
innodb_log_files_in_group=3
innodb_log_file_size=2G
innodb_log_buffer_size=33554432
innodb_purge_threads=2
innodb_large_prefix=1
innodb_thread_concurrency=64
innodb_print_all_deadlocks=1
innodb_strict_mode=1
innodb_sort_buffer_size=67108864
innodb_write_io_threads=4
innodb_read_io_threads=4
innodb_online_alter_log_max_size=1G
innodb_open_files=60000
innodb_max_dirty_pages_pct=75
innodb_adaptive_flushing=on
innodb_flush_log_at_trx_commit=1

sync_binlog =1

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d
array
package main

import (
    "fmt"
)

func main() {
    a := [5]int{1, 2, 3, 4, 5}
    t := a[3:4:4]
    fmt.Println(t[0])
}
  • A. 3
  • B. 4
  • C. compilation error
Answer
Try it
B
channel
package main

import (
	"fmt"
	"time"
)

func main() {
	ch := make(chan int, 1000)
	go func() {
		for i := 0; i < 10; i++ {
			ch <- i
		}
	}()
	go func() {
		for {
			a, ok := <-ch
			if !ok {
				fmt.Println("close")
				return
			}
			fmt.Println("a: ", a)
		}
	}()
	close(ch)
	fmt.Println("ok")
	time.Sleep(time.Second * 100)
}
Answer
Try it
ok
panic: send on closed channel
channel1
package main

import (
	"fmt"
)

func main() {
	c := make(chan int)
	close(c)
	val, _ := <-c
	fmt.Println(val)
}
Answer
Try it
0