峯言凬语 My life is brilliant~
本无意与众不同,怎奈何口味太重。
常用标签
您正在查看:2018年9月
September 24, 2018

#Old:
yum provides ifconfig
yum whatprovides ifconfig
yum install net-tools
yum install traceroute

#New:
#和ifconfig 显示的一样
ip addr

#查看介面传输状态-s是详细显示
ip -s link
ip link

#TCP listen
ss -lt

UDP listen
ss -ul

TCP连线
ss -t

#traceroute/traceroute6改成tracepath
#route改为ip -route
#route table 看起来有点不习惯
ip route

#route6 IPv6的route table
ip -6 rou

#arp改为ip nei查看附件的arp和IPv6的neighbor,这个把v6 v4整合的还不错。
ip neighbor

#网卡接口开关
ifconfig eth1 up
ifconfig eth1 down

#改为
ip l set eth1 up
ip l set eth1 down

September 24, 2018

apt-get update

apt-get upgrade

apt-get install samba

mkdir /home/cnshafs
chmod 777 /home/cnshafs

vim /etc/samba/smb.conf
#末尾添加:
[share]
path = /home/cnshafs
available = yes
browseable = yes
public = yes #是否需要账户密码登录
writable = yes

 

groupadd tsi -g 6000

useradd tsi -u 6000 -g 6000 -s /sbin/nologin -d /dev/null

touch /etc/samba/smbpasswd
smbpasswd - a tsi

service smbd restart

#安装brew
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

#安装bash的自动补全包
brew install bash-completion

#配置环境
cat >> ~/.bashrc <<EOL
if [ -f $(brew --prefix)/etc/bash_completion ]; then
. $(brew --prefix)/etc/bash_completion
fi
EOL

cd /usr/local/etc/bash_completion.d
ln -s /Applications/Docker.app/Contents/Resources/etc/docker.bash-completion
ln -s /Applications/Docker.app/Contents/Resources/etc/docker-machine.bash-completion
ln -s /Applications/Docker.app/Contents/Resources/etc/docker-compose.bash-completion
cd -

#重开终端

September 24, 2018

防止暴力破解SSH FTP的三个方法,可组合使用。

#1.禁止公网访问SSH FTP端口
/ip firewall filter
add chain=input protocol=tcp dst-port=21-22 src-address-list=!allow-addresses action=drop comment="禁止公网SSH & FTP" disabled=no

#2.使用IP列表来设置三分钟之内只允许建立三次会话,超过就阻塞
/ip firewall filter
add chain=input protocol=tcp dst-port=21,22,23,8291 src-address-list=login_blacklist action=drop comment="drop login brute forcers 1" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage5 action=add-src-to-address-list address-list=login_blacklist address-list-timeout=1d comment="drop login brute forcers 2" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage4 action=add-src-to-address-list address-list=login_stage5 address-list-timeout=1m comment="drop login brute forcers 3" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage3 action=add-src-to-address-list address-list=login_stage4 address-list-timeout=1m comment="drop login brute forcers 4" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage2 action=add-src-to-address-list address-list=login_stage3 address-list-timeout=1m comment="drop login brute forcers 5" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage1 action=add-src-to-address-list address-list=login_stage2 address-list-timeout=1m comment="drop login brute forcers 6" disabled=no
add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new action=add-src-to-address-list address-list=login_stage1 address-list-timeout=1m comment="drop login brute forcers 7" disabled=no

#3.阻止端口扫描
/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

 

September 23, 2018

#GNOME
apt-get install ubuntu-desktop

#KDE
apt-get install kubuntu-desktop

#xfce
apt-get install xubuntu-desktop

# install VNC

apt-get install vnc4server

reboot