一般人常有習慣針對網頁目錄做備份,為了方便,於是先將它tar起來或者是尾巴加些日期關鍵字, 但是仍暴露於網頁路徑下,而造成備份檔有可能被下載或者是php原始碼可以直接瀏覽。 利用find指令找出這些檔案,切換到網頁路徑下執行 # find . -name "*.tar*" -or -name "*.gz.*" -or -name "*.php*" -or -name "*.bak*" 參考來源:
- 10月 05 週日 200810:55
find指令技巧
- 7月 31 週四 200823:49
/etc/make.conf設定
MASTER_SITE_BACKUP?= \
ftp://ftp.cs.pu.edu.tw/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.nctu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
ftp://ftp.cs.pu.edu.tw/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.nctu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
- 2月 22 週五 200819:42
PF錯誤訊息
# pfctl -f /etc/pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
*表示interface填錯了,檢查看看
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
*表示interface填錯了,檢查看看
- 12月 07 週五 200715:13
用pf防止ssh、ftp暴力攻擊
1.在/etc/pf.conf加入底下規則
table <SSHbruteforce> persist
table <FTPbruteforce> persist
block quick from <SSHbruteforce>
block quick from <FTPbruteforce>
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_fileecho " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
table <SSHbruteforce> persist
table <FTPbruteforce> persist
block quick from <SSHbruteforce>
block quick from <FTPbruteforce>
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_fileecho " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
- 12月 03 週一 200720:13
postfix寄信到hotmail等等問題
常常寄信到外部ISP都會寄不出去,而有的又可以
可能對方主機判斷DNS沒有MX紀錄,而認為是垃圾信
postfix在main.cf內加上
relayhost = [ms25.hinet.net]
請有MX的郵件主機幫忙relay,前提是要對方接受relay
- 8月 02 週四 200722:32
amavisd-new + spamassassin notes
amavisd-new + spamassassin 有兩種使用模式可以選擇
1.使用amavisd-new 呼叫內建的spamassassin,分數設定在amavisd.conf(非local.cf)
2.使用spamassassin提供的spamd
據說有效能差異,忘了哪個好,但是2可以讓使用者自訂黑白名單
以1來說,在amavisd.conf內有段
$sa_tag_level_deflt #在這個分數內不會把spam score顯示在header,超過就顯示在header
$sa_tag2_level_deflt #超過這個分數就修改標題為***SPAM****(參照其中一行設定)
$sa_kill_level_deflt #超過就kill
1.使用amavisd-new 呼叫內建的spamassassin,分數設定在amavisd.conf(非local.cf)
2.使用spamassassin提供的spamd
據說有效能差異,忘了哪個好,但是2可以讓使用者自訂黑白名單
以1來說,在amavisd.conf內有段
$sa_tag_level_deflt #在這個分數內不會把spam score顯示在header,超過就顯示在header
$sa_tag2_level_deflt #超過這個分數就修改標題為***SPAM****(參照其中一行設定)
$sa_kill_level_deflt #超過就kill
- 8月 01 週三 200723:52
Malware Block List
postfix可加上這份malware list阻擋含有惡意網站的信件
效果未知...
HOW TO use MBL on Postfix:
因為是用BSD,寫了一下script讓它每天定時更新list
效果未知...
HOW TO use MBL on Postfix:
因為是用BSD,寫了一下script讓它每天定時更新list
- 7月 27 週五 200721:15
mailgraph注意事項
常常裝完後跑一陣子就有權限問題,newsyslog.conf也改過..
原因出在創出/var/log/maillog的不是newsyslog,它只是替換壓縮而已
真正要改的是syslog-ng.conf或syslogd.conf,
syslogd不熟,syslog-ng.conf改法如下:
- 4月 01 週日 200723:10
portupgrade遇到make需帶參數,怎辦?
安裝portupgrade時有看到這段注意事項:
NOTE: If you upgrade, it's recomended to run pkgdb -L to restore lost
dependencies. Fill ALT_PKGDEP section in pkgtools.conf file for portupgrade
be aware of alternative dependencies you use.
E.g.
ALT_PKGDEP = {
'www/apache13' => 'www/apache13-modssl',
'print/ghostscript-afpl' => 'print/ghostscript-gnu',
} Note also, portupgrade knows nothing how to handle ports with different
suffixes (E.g. -nox11). So you should explicitly define variables
(E.g. WITHOUT_X11=yes) for the ports in /etc/make.conf or pkgtools.conf
(MAKE_ARGS section) files.
另外要加上make參數時,需修改/usr/local/etc/pkgtool.conf
MAKE_ARGS = {
'multimedia/mplayer-*' => 'WITH_GUI=1 WITH_FREETYPE=1',
}
NOTE: If you upgrade, it's recomended to run pkgdb -L to restore lost
dependencies. Fill ALT_PKGDEP section in pkgtools.conf file for portupgrade
be aware of alternative dependencies you use.
E.g.
ALT_PKGDEP = {
'www/apache13' => 'www/apache13-modssl',
'print/ghostscript-afpl' => 'print/ghostscript-gnu',
} Note also, portupgrade knows nothing how to handle ports with different
suffixes (E.g. -nox11). So you should explicitly define variables
(E.g. WITHOUT_X11=yes) for the ports in /etc/make.conf or pkgtools.conf
(MAKE_ARGS section) files.
另外要加上make參數時,需修改/usr/local/etc/pkgtool.conf
MAKE_ARGS = {
'multimedia/mplayer-*' => 'WITH_GUI=1 WITH_FREETYPE=1',
}
System (3)