# 查出目前封鎖清單
fail2ban-client status
# 查目前封鎖項目裡的IP
fail2ban-client status sshd
# 解除項目中的IP
fail2ban-client set sshd 192.168.1.120
Windows 指令連結網路硬碟機
Connect Network Drive
To map a network drive from windows command line:
Click Start, and then click Run .
In the Open box, type cmd to open command line window.
Type the following, replacing Z: with drive letter you want to assign to the shared resource:
net use Z: \\computer_name\share_name /PERSISTENT:YES
Disconnect Network Drive
To disconnect a mapped drive:
Open command line window.
Type the following, replacing X: with drive letter of the shared resource:
net use Z: /delete
How to enable Encryption for MariaDB
Generate Keys
1. make keys file
# sudo su
# mkdir -p /etc/mysql/encryption
# cd /etc/mysql/encryption
# echo "1;"$(openssl rand -hex 32) > keys
# echo "2;"$(openssl rand -hex 32) >> keys
# echo "3;"$(openssl rand -hex 32) >> keys
# echo "4;"$(openssl rand -hex 32) >> keys
2. make password file
# openssl rand -hex 128 > password_file
3. make key enc
# openssl enc -aes-256-cbc -md sha1 -pass file:password_file -in keys -out keys.enc
Updating MariaDB Configuration
create config file
# sudo vim /etc/mysql/mariadb.conf.d/encryption.cnf
Pass content
[mariadb]
## File Key Management
plugin_load_add = file_key_management
file_key_management_filename = /etc/mysql/encryption/keys.enc
file_key_management_filekey = FILE:/etc/mysql/encryption/password_file
file_key_management_encryption_algorithm = aes_cbc
## InnoDB/XtraDB Encryption Setup
innodb_default_encryption_key_id = 1
innodb_encrypt_tables = FORCE ( or ON )
innodb_encrypt_log = ON
innodb_encryption_threads = 4
## Aria Encryption Setup
aria_encrypt_tables = ON
## Temp & Log Encryption
encrypt-tmp-disk-tables = 1
encrypt-tmp-files = 1
encrypt_binlog = ON
Change Permissions
# cd /etc/mysql/
# sudo chown -R mysql:root ./encryption
# sudo chmod 500 /etc/mysql/encryption/
# cd ./encryption
# chmod 400 keys.enc password_file
# chmod 644 /etc/mysql/mariadb.conf.d/encryption.cnf
Restart MariaDB
# sudo service mariadb restart
Check Result
REF
https://webdock.io/en/docs/how-guides/security-guides/how-to-enable-encryption-mariadb
pfx export key and crt
Get the private .key from the .pfx certificate
openssl pkcs12 -in my_certificate.pfx -nocerts -out my_certificate-encrypted.key
Get the decrypted .key file from the encrypted private .key file
openssl rsa -in my_certificate-encrypted.key -out my_certificate.key
Get the .crt file from the .pfx file
openssl pkcs12 -in my_certificate.pfx -clcerts -nokeys -out my_certificate.crt
REF:
https://blog.christian-schou.dk/convert-pfx-to-crt-and-key-file-with-openssl/
Host header attack - Nginx
設定
nginx 假如 host/ http_host 不是自家 domain 導出 444
nginx 444 表示中斷連線, 連 header 都不會發出來
if ( $host !~* ^(mydomain.com)$ ) {
return 444;
}
if ( $http_host !~* ^(mydomain.com)$ ) {
return 444;
}
假如 nginx 有多個 vhost 也要一起設定, 否則運作不會成功.
curl (60) peer’s certificate issuer is not recognized.
更新 SSL 後 CURL 失效
1. 將新的 .crt 拷貝至 /etc/pki/ca-trust/source/anchors
2. 執行 update-ca-trust extract
3. 測試 curl 是否可以重新讀取
ref:
https://ep.gnt.md/index.php/curl-60-peers-certificate-issuer-is-not-recognized/
訂閱:
文章 (Atom)