月份: 2015 年 3 月

參考網頁：
Logwatch, SSMTP and Iptables or Arch Linux (Raspberry Pi) | Lisenet.com :: Linux | Security | Networking
Logwatch – ArchWiki
Linux 學習日誌: 學習使用 Logwatch (日誌檢視系統)

1. 安裝 syslog-ng
# pacman -S syslog-ng

2. 設定開機時啟動
# systemctl enable syslog-ng
啟動 syslog-ng
# systemctl start syslog-ng

3. 安裝 logwatch
# pacman -S logwatch[@more@]4. 安裝 ssmtp，利用 gmail 來寄信
# pacman -S ssmtp

5. 修改設定檔
# vim /etc/ssmtp/ssmtp.conf
#root=postmaster
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and you mailhub is so named.
mailhub=smtp.gmail.com:587
# Where will the mail seem to come from?
#rewriteDomain=y
# The full hostname
#hostname=root-chroot-copy
# 寄件者帳號
AuthUser=xxxx@gmail.com
# 寄件者密碼
AuthPass=xxxx
UseSTARTTLS=YES
FromLineOverride=yes #enables to use mail -r option

6. 更改檔案權限
# chmod 0600 /etc/ssmtp/ssmtp.conf

7. 修改設定檔 /etc/logwatch/conf/logwatch.conf
# echo “Detail = 5” > /etc/logwatch/conf/logwatch.conf
# echo “Output = mail” >> /etc/logwatch/conf/logwatch.conf
# echo “MailTo = xxxx@gmail.com” >> /etc/logwatch/conf/logwatch.conf
# echo “MailFrom = logwatch@arch.test.ilc.edu.tw” >> /etc/logwatch/conf/logwatch.conf

參考網頁：
SNMP – Debian Wiki
羊兒的筆記: [Ubuntu] 設定 啟動 snmp, net-snmp

1. 安裝 snmpd 服務
# apt-get install snmpd snmp

2.  修改 /etc/snmp/snmpd.conf 設定檔
# sed -i ‘s/#rocommunity public  localhost/rocommunity public  localhost/’ /etc/snmp/snmpd.conf
[@more@]3. 讓其它的 IP 可以讀取 snmp 相關資訊
# sed -i ‘s/127.0.0.1/0.0.0.0/’ /etc/snmp/snmpd.conf
或
# sed -i ‘s/agentAddress  udp:127.0.0.1:161/#agentAddress  udp:127.0.0.1:161/’ /etc/snmp/snmpd.conf
# sed -i ‘s/#agentAddress udp:161/agentAddress udp:161/’ /etc/snmp/snmpd.conf

或
# echo ‘rocommunity public’ > /etc/snmp/snmpd.conf
# chmod 600 /etc/snmp/snmpd.conf

4. 啟動 snmpd 服務
# /etc/init.d/snmpd start
Starting network management services: snmpd.

5. 檢查 snmpd 是否有正常啟動
# netstat -anulp | grep 161
udp        0      0 0.0.0.0:161           0.0.0.0:*                           4540/snmpd

6. 讀取 snmpd 資訊
# snmpwalk -v 1 -c public localhost | less
# snmpwalk -v 2c -c public localhost | less

7. 在防火牆設定限制
# iptabels -A INPUT -u udp -s x.x.x.x –dport 161 -m state –state NEW -j ACCEPT

為了讓能更方便了解學校每一台 Server 的狀態，所以啟用了 snmp 服務。
參考網頁：
Snmpd – ArchWiki

安裝 net-snmp 套件
# pacman -S net-snmp

建立目錄
# mkdir /etc/snmp[@more@]3. 因為只要偵測 snmp 相關資訊，所以採用唯讀的模式
# echo rocommunity read_only_user >> /etc/snmp/snmpd.conf

4. 設定開機時啟動 snmpd 服務
# systemctl enable snmpd
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.

5. 啟動 snmpd 服務
# systemctl start snmpd

6. 檢查 snmpd 服務是否有正常啟動
# systemctl status snmpd
* snmpd.service – Simple Network Management Protocol (SNMP) Daemon
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2014-12-27 20:57:10 CST; 13s ago
  Process: 469 ExecStart=/usr/bin/snmpd -p /run/snmpd.pid (code=exited, status=0/SUCCESS)
 Main PID: 471 (snmpd)
   CGroup: /system.slice/snmpd.service
           `-471 /usr/bin/snmpd -p /run/snmpd.pid

Dec 27 20:57:10 lemaker snmpd[469]: pcilib: Cannot open /proc/bus/pci
Dec 27 20:57:10 lemaker systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon.

# netstat -anulp | grep ‘161’
udp        0      0 0.0.0.0:161             0.0.0.0:*                           471/snmpd

7. 在本機讀取 SNMP 1 or 2c 相關資訊
# snmpwalk -v 1 -c read_only_user localhost | less
# snmpwalk -v 2c -c read_only_user localhost | less

8. 在防火牆設定限制
# iptabels -A INPUT -u udp -s x.x.x.x –dport 161 -m state –state NEW -j ACCEPT

Adobe Flash Player 17.0.0.134
檢查安裝版本：https://www.adobe.com/tw/software/flash/about/
[@more@]控制台 / Flash Player 設定管理員

Windows 平台
Internet Explorer:
http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_active_x.exe
Windows 8/8.1 版則要從 Windows Update 中更新
或
x86 平台
http://download.microsoft.com/download/3/5/2/352E6AC8-0E23-4C6D-9B6F-F5ECFD56AB4C/Windows8.1-KB3044132-x86.msu
x64 平台
http://download.microsoft.com/download/1/1/E/11E0B822-D6C7-4CDA-8229-AAE2D5243315/Windows8.1-KB3044132-x64.msu

All Other Browsers(Firefox,Safari & Opera):
http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_plugin.exe

Mac 平台
http://fpdownload.adobe.com/get/flashplayer/pdc/17.0.0.134/install_flash_player_osx.dmg

有一台之前測試安裝的 CentOS 7，後來要使用時，發現已經忘了 root 的密碼，使用之前的忘了 root 密碼的方式處理，發現無法重設密碼，在網路搜尋了一下，終於找到 你不一定知道,如何重置CentOS 7的Root密码 — Linux中国 — 传送门。

重新設定方式：
1. 在開機時隨意按一個鍵，讓開機選單能顯示出來，通常選擇 最上方，並按 e 進行編輯
[@more@]
2. 按 e 編輯出現的畫面

3. 使用往下的游標鍵，找到 linux16 那一行將 ro 改成 rw init=/sysroot/bin/，並按 Ctrl+x 開機

4. 開完機畫面

5. chrrot 到 /sysroot 目錄
    chroot /sysroot

6. 輸入 passwd 修改密碼

7.
touch /.autorelabel

8. exit 退出

9. reboot 重新開機

安裝好的 ArchLinux 更新之後，發現以 Pietty 連線時會出現下面的錯訊息
[@more@]但用 Putty 連線時正常

在網路上搜尋了一下，在這一篇找到了可能的問題
[SOLVED] SSH client-to-server cipher error when logging into Red Hat Enterprise

可能是我使用的 Pietty 版本太舊了！

換新的版本，就正常了！

1. 更新套件庫
ReHat/CentOS
# yum update
Debian/Ubuntu
# apt-get update
Arch Linux
# pacman -Sy
Gentoo Linux
# emerge –sync[@more@]2. 更新整個系統
ReHat/CentOS
# yum -y update
Debian/Ubuntu
# apt-get upgrade
# apt-get dist-upgrade
Arch Linux
# pacman -Syu
Gentoo Linux
# emerge -u world

3. 搜尋套件
ReHat/CentOS
# yum search pkg_filename
Debian/Ubuntu
# apt-cache search pkg_filename
Arch Linux
# pacman -Ss pkg_filename
Gentoo Linux
# emerge -s pkg_filename

4. 安裝套件
ReHat/CentOS
# yum install pkg_filename
# rpm -ivh pkg_filename.rpm
Debian/Ubuntu
# apt-get install pkg_filename
# dpkg -i pkg_filename.deb
Arch Linux
# pacman -S pkg_filename
Gentoo Linux
# emerge pkg_filename
# emerge -k pkg_filename

5. 移除套件
ReHat/CentOS
# yum remove pkg_filename
# rpm -e pkg_filename
Debian/Ubuntu
# apt-get remove –purge pkg_filename
# dpkg -P pkg_filename.deb
Arch Linux
# pacman -Rn pkg_filename
Gentoo Linux
# emerge -C pkg_filename

參考網頁：
Easy Guardian Network Monitoring – Install SNMP on GENTOO Linux

安裝 snmpd 服務
# emerge net-snmp[@more@]修改設定檔
# vim /etc/snmp/snmpd.conf
com2sec local     127.0.0.1/32    public
com2sec local     192.168.1.0/24   public

group MyROGroup v1         local
group MyROGroup v2c        local
group MyROGroup usm        local

view all    included  .1                               80

access MyROGroup “”      any       noauth    exact  all    none   none

syslocation MyLocation
syscontact Me <
 me@somewhere.org>

啟動 snmpd 服務
# /etc/init.d/snmpd start

開機時啟動 snmpd 服務
# /sbin/rc-update add snmpd default
 * service snmpd added to runlevel default

檢查是否有正常啟動
# netstat -anup | grep snmpd
udp        0      0 0.0.0.0:161             0.0.0.0:*                           23425/snmpd

檢查是否可以取得 snmp 相關資訊
# snmpwalk -v 2c -c public 192.168.1.5

MobaXterm 是一套遠端連線程式，內建 X-Window，支援 X11 Server，具有多個分頁的介面，支援 RDP、VNC、SSH、Telnet、FTP、SFTP 等通訊協定，功能非常強大。
MobaXterm 官方網站：http://mobaxterm.mobatek.net/
[@more@]MobaXterm 下載網頁：http://mobaxterm.mobatek.net/download.html
分成 Home Edition 和 Professional Edition 版本，Home Edition 可以免費使用

有安裝版本和免安裝版本可以下載，最新版本是 7.6

底下進行安裝

選擇 Next 繼續

同意軟體授權條款，選擇 Next 繼續

選擇 Next 繼續

選擇 Install 繼續

選擇 Finish 完成安裝

執行桌面上的 MobaXterm 捷徑

執行畫面

允許防火牆連線

程式執行畫面

連線完成

更詊細的介紹，可以參考：3.2 MobaXterm – 學習樹莓派–Raspberry Pi

做套件更新時出現下面的訊息
[blocks B      ] <sys-fs/udev-init-scripts-27 (“<sys-fs/udev-init-scripts-27” is blocking sys-apps/openrc-0.13.8)

Total: 63 packages (3 new, 60 reinstalls), Size of downloads: 155836 KiB
Conflict: 1 block (1 unsatisfied)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  (sys-apps/openrc-0.13.8:0/0::gentoo, ebuild scheduled for merge) pulled in by
    sys-apps/openrc required by @system
    sys-apps/openrc required by (virtual/service-manager-0:0/0::gentoo, ebuild scheduled for merge)
    >=sys-apps/openrc-0.12 required by (net-misc/netifrc-0.2.2:0/0::gentoo, ebuild scheduled for merge)

  (sys-fs/udev-init-scripts-26-r2:0/0::gentoo, installed) pulled in by
    >=sys-fs/udev-init-scripts-26 required by (sys-fs/udev-216:0/0::gentoo, installed)[@more@]
解決方式：
參考網頁：Gentoo Forums :: 觀看文章 – SOLVED: Openrc blocking kmod in recent update!
# emerge -auv openrc udev-init-scripts
These are the packages that would be merged, in order:

Calculating dependencies… done!
[ebuild     U  ] sys-fs/udev-init-scripts-27 [26-r2] 4 KiB
[ebuild  N     ] sys-apps/openrc-0.13.8  USE=”ncurses netifrc pam unicode -debug -newnet (-prefix) (-selinux) -static-libs -tools” 148 KiB
[ebuild  N     ] net-misc/netifrc-0.2.2  60 KiB

Total: 3 packages (1 upgrade, 2 new), Size of downloads: 211 KiB

Would you like to merge these packages? [Yes/No]Yes

>>> Verifying ebuild manifests

>>> Emerging (1 of 3) sys-fs/udev-init-scripts-27::gentoo
 * Fetching files in the background. To view fetch progress, run
 * `tail -f /var/log/emerge-fetch.log` in another terminal.
 * udev-init-scripts-27.tar.bz2 SHA256 SHA512 WHIRLPOOL size 😉 …                                                                                                                          [ ok ]
>>> Unpacking source…
>>> Unpacking udev-init-scripts-27.tar.bz2 to /var/tmp/portage/sys-fs/udev-init-scripts-27/work
>>> Source unpacked in /var/tmp/portage/sys-fs/udev-init-scripts-27/work
>>> Preparing source in /var/tmp/portage/sys-fs/udev-init-scripts-27/work/udev-init-scripts-27 …
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/sys-fs/udev-init-scripts-27/work/udev-init-scripts-27 …
>>> Source configured.
>>> Compiling source in /var/tmp/portage/sys-fs/udev-init-scripts-27/work/udev-init-scripts-27 …
make
make: Nothing to be done for ‘all’.
>>> Source compiled.
 * Skipping make test/check due to ebuild restriction.
>>> Test phase [disabled because of RESTRICT=test]: sys-fs/udev-init-scripts-27

>>> Install udev-init-scripts-27 into /var/tmp/portage/sys-fs/udev-init-scripts-27/image/ category sys-fs
make DESTDIR=/var/tmp/portage/sys-fs/udev-init-scripts-27/image/ install
install -d /var/tmp/portage/sys-fs/udev-init-scripts-27/image//etc/conf.d
install -m 0644 conf.d/* /var/tmp/portage/sys-fs/udev-init-scripts-27/image//etc/conf.d
install -d /var/tmp/portage/sys-fs/udev-init-scripts-27/image//etc/init.d
install -m 0755 init.d/* /var/tmp/portage/sys-fs/udev-init-scripts-27/image//etc/init.d
>>> Completed installing udev-init-scripts-27 into /var/tmp/portage/sys-fs/udev-init-scripts-27/image/