全新的繁體中文 WordPress 網站《宜蘭部落格教育平台 網站》
在終端機下執行
$ sudo do-release-upgrade
[@more@]升級畫面
花了很久的時間升級,終於升級完成,可以重新啟動電腦
已升級到 14.04 LTS
$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
但登入之後,畫面只是一片藍色
之前去台北歐洲學校參觀時,有聽到關於 Google Chromecast 的介紹,在很偶然的機會,不小心就買下去了,扣掉現金回饋和信用卡紅利積點,共花了 $9xx 元。
Google Chromecast 的功能有些類似 Apple TV,但在功能上比起 Apple TV 稍弱一些,在價格上則便宜2倍多,Apple TV 要 $3xxx 元。個人覺得它的強項在於 Google Chromecast 可以跨平台,只要是有支援的應用程式或 APP 都可以使用,不論是在 PC/Android/IOS 上,目前主要沒有問題的應用程式為 Google Chrome 瀏覽器/Youtube …等 APP,大部分都是 Google 推出的,其它的部分因為比較少用,可能要在網路上找找看。
想要對 Google Chromecast 有更多的了解,可以參考下面的網站:
MyFirefox | 千呼萬喚始出來,Chromecast 正式抵台
Chromecast超完整開箱實測,35美元的Google電視棒,跨平台影音串流新選擇!
Chromecast 電視棒今天開賣,台幣1,390元就可買到的電視好伙伴 | T客邦 – 我只推薦好東西
Chromecast 評測:35美元連結電腦與電視 | T客邦 – 我只推薦好東西
Cubie Truck Ubuntu Server 這一個版本讓我感覺最特別的地方,就是系統開完機之後,會自動以 root 登入,雖然在測試時很方便,但如果要實際上線使用時,這是一個很大的安全問題。
前思後想了很久,都想不出這是怎麼做到的,使用 Google 在網路上搜尋了很久,找到的大部分都是在 XWindow 下的自動登入,只有找到下面這幾篇文章,是比較有可能的做法:
linux(centos/ubuntu)下实现root用户无密码自动登录- 92wiki linux php hdwiki 编程 技巧 方法
How to enable root autologin without password in linux(centos 6.2) – Blog – 92wiki.com
How do I auto-login as root into the TTY upon boot? – Ask Ubuntu
但詳細比對起來,全都不是,後來改搜尋 cubie truck root auto login, 終於在這一篇文章中,找到了解答:
散人日誌: Cubietruck lubuntu server版 自動登入root
處理方式:
# sed -i ‘s/exec/#exec/’ /bin/auto-root-login
重新啟動電腦即可生效
# reboot[@more@]相關設定檔
# cat /etc/init/openvt.conf
#
# Author: Steve Langasek <steve.langasek@linaro.org>
# License: see debian/copyright
#
start on started tty1
stop on runlevel [!2345]
respawn
pre-start script
if status tty1 | grep -q start/; then
stop tty1
fi
end script
exec /bin/openvt -e -c 1 -f — /bin/auto-root-login
# cat /etc/default/autogetty
# here you can provide what to run instead of /bin/login
AUTOGETTY_ARGS=”-n -l /bin/auto-root-login”
# Should autogetty be enabled?
ENABLED=1
檢查是否有載入相關模組
# lsmod | grep bcmdhd
bcmdhd 598843 0
如果沒有的話
# echo bcmdhd >> /etc/modules
修改無線網路卡設定檔
# vim /etc/network/interfaces
auto wlan0
iface wlan0 inet dhcp
pre-up ip link set wlan0 up
pre-up iwconfig wlan0 essid “CHTN_T07AW”
wpa-ssid “CHTN_T07AW”
wpa-psk 123456789[@more@]
重新啟動網路
# ifconfig wlan0 down
# ifconfig wlan0 up
# /etc/init.d/networking restart
檢查無線網路組態
# ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 98:3b:16:1e:67:d8
inet addr:10.0.1.6 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::9a3b:16ff:fe1e:67d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:250 errors:0 dropped:0 overruns:0 frame:0
TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26007 (26.0 KB) TX bytes:15118 (15.1 KB)
測試無線網路,先關閉有線網路
# ifconfig eth0 down
測試網路,發現無法連線
# ping -c 4 140.111.66.1
connect: Network is unreachable
檢查路由
# route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
增加路由
# route add default gw 10.0.1.1
檢查路由
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 wlan0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
測試網路
# ping -c 4 140.111.66.1
PING 140.111.66.1 (140.111.66.1) 56(84) bytes of data.
64 bytes from 140.111.66.1: icmp_seq=1 ttl=53 time=20.1 ms
64 bytes from 140.111.66.1: icmp_seq=2 ttl=53 time=17.7 ms
64 bytes from 140.111.66.1: icmp_seq=3 ttl=53 time=26.6 ms
64 bytes from 140.111.66.1: icmp_seq=4 ttl=53 time=26.0 ms
— 140.111.66.1 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 17.703/22.627/26.661/3.828 ms
啟動原先的 eth0
# ifconfig eth0 up
復原原先路由
# route add default gw 192.168.1.254
# route del default gw 10.0.1.1
檢查路由
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
下載網址:
http://dl.cubieboard.org/software/a20-cubietruck/lubuntu/ct-lubuntu-nand-v2.0/server/
比較特別的是:
1. 這一個版本開機後在 Console 端,自動會以 root 登入[@more@]
2. 這一個版本已經預先安裝並啟動 Apache + MySQL + PHP
# netstat -antulp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 745/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 656/sshd
tcp 0 52 192.168.1.105:22 192.168.1.6:3349 ESTABLISHED 1035/0
tcp6 0 0 :::80 :::* LISTEN 784/apache2
tcp6 0 0 :::22 :::* LISTEN 656/sshd
3. Ubuntu Server 版本是 14.04
Welcome to Linaro 14.04 (GNU/Linux 3.4.79 armv7l)
* Documentation: https://wiki.linaro.org/
# lsb_release -a
No LSB modules are available.
Distributor ID: Linaro
Description: Linaro 14.04
Release: 14.04
Codename: trusty
4. 系統已經預先擴展 root 分割區到 8G,但因為這一片 Cubie Truck 是 16G
所以擴展 root 分割區到 16G
# nand-part -f a20 /dev/nand 32768 ‘boot 131072’ ‘rootfs 30769152’
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/root 15G 769M 14G 6% /
devtmpfs 889M 4.0K 889M 1% /dev
none 4.0K 0 4.0K 0% /sys/fs/cgroup
tmpfs 20M 0 20M 0% /tmp
none 197M 288K 197M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 985M 0 985M 0% /run/shm
none 100M 0 100M 0% /run/user
設定 MySQL Server
# /usr/bin/mysql_secure_installation
Firefox 34.0.5 版釋出
可以使用功能表上的 說明(H)/ 關於 Firefox(A),來檢查新版本下載並安裝
Windows 版本下載
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/34.0.5/win32/zh-TW/Firefox%20Setup%2034.0.5.exe
Mac 版下載
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/34.0.5/mac/zh-TW/Firefox%2034.0.5.dmg
參考網頁:
OpenVPN – ArchWiki
Create a Public Key Infrastructure Using the easy-rsa Scripts – ArchWiki
頭城國小資訊組 | Banana Pi 測試 – Bananian 篇 安裝 OpenVPN Server
安裝 OpenVPN
# pacman -S openvpn easy-rsa
複製範例的設定檔到 /etc/openvpn 目錄
# cp -r /usr/share/easy-rsa /etc/openvpn
修改憑證預設資訊
# sed -i ‘s/KEY_COUNTRY=”US”/KEY_COUNTRY=”TW”/’ /etc/openvpn/easy-rsa/vars
# sed -i ‘s/KEY_PROVINCE=”CA”/KEY_PROVINCE=”Taiwan”/’ /etc/openvpn/easy-rsa/vars
# sed -i ‘s/KEY_CITY=”SanFrancisco”/KEY_CITY=”E-Land”/’ /etc/openvpn/easy-rsa/vars
# sed -i ‘s/KEY_ORG=”Fort-Funston”/KEY_ORG=”Home”/’ /etc/openvpn/easy-rsa/vars
[@more@]
切換目錄 /etc/openvpn/easy-rsa
# cd /etc/openvpn/easy-rsa
開始建立憑證
# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
清空舊有憑證
# ./clean-all
建立所需憑證
# ./build-ca
# ./build-key-server CubieTruck
# ./build-dh
# ./build-key Cubier
產生 ta.key
# openvpn –genkey –secret /etc/openvpn/easy-rsa/keys/ta.key
切換到 /etc/openvpn/easy-rsa/keys 目錄
# cd /etc/openvpn/easy-rsa/keys
複製 Server 端的檔案到 /etc/openvpn
# cp ta.key ca.crt ca.key dh2048.pem CubieTruck.crt CubieTruck.key /etc/openvpn
建立用來存放 Client 端所須檔案的目錄
# mkdir $HOME/openvpn-client-files
複製 Client 端所須檔案
# cp ca.crt Cubier.crt Cubier.key $HOME/openvpn-client-files
更改檔案名稱
# mv $HOME/openvpn-client-files/ca.crt $HOME/openvpn-client-files/capi.crt
更改檔案權限
# chmod +r $HOME/openvpn-client-files/Cubier.key
建立 /etc/openvpn/server.conf 設定檔
# vim /etc/openvpn/server.conf
port 1194
proto tcp
dev tun
;; Key File 設定
dh /etc/openvpn/dh2048.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/CubieTruck.crt
key /etc/openvpn/CubieTruck.key
tls-auth /etc/openvpn/ta.key 0
;; vpn 使用網段
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
;; 允許 client 間互相連接
;client-to-client
push “redirect-gateway def1”
;; DNS 設定
push “dhcp-option DNS 168.95.1.1”
push “dhcp-option DNS 140.111.66.1”
keepalive 5 30
;; 最大使用者量
max-clients 12
user nobody
group nobody
測試 /etc/openvpn/server.conf 設定檔語法是否正確
# openvpn /etc/openvpn/server.conf
防火牆上的設定,如果原本就有防火牆,就要將規則做整合
# vim /etc/firewall.vpn
#!/bin/bash
# Enable ip_forward
echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s “10.8.0.0/24” -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s “10.8.0.0/24” -j MASQUERADE
更改檔案權限
# chmod 700 /etc/firewall.vpn
設定開機時執行
在 /etc/rc.local 檔案最後面加入執行防火牆規則的設定
# sed -i ‘$a # OpenVPN 防火牆nsh /etc/firewall.vpn’ /etc/rc.local
執行 OpenVPN Server
# systemctl start openvpn@server.service
設定開機時執行 OpenVPN Server
# systemctl enable openvpn@server.service
檢查 OpenVPN Server 執行狀態
# systemctl status openvpn@server.service
檢查 OpenVPN Server 是否有正常執行
# netstat -antpul | grep openvpn
tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 3682/openvpn
tun0 介面資訊
# ip addr show tun0
7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
解決出現 Failed to read PID from file /run/openvpn@server.pid: Invalid argument 的訊息
# chown nobody:nobody /var/run/openvpn@server.pid
DVDFab Media Player 是一套免費的藍光影片播放軟體,可以切換成 30 天的專業版
DVDFab Media Player 官方網站:http://zh.dvdfab.cn/media-player.htm
參考網頁:
dhcpd – ArchWiki
安裝 hostapd
# pacman -S hostapd
安裝 DHCP Server
# pacman -S dhcp
備份原設定檔
# mv /etc/dhcpd.conf /etc/dhcpd.conf.$(date +%F)
建立 DHCP Server 設定檔
# vim /etc/dhcpd.conf
ddns-update-style none;
option domain-name “example.org”;
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 172.16.0.0 netmask 255.255.255.0 {
range 172.16.0.1 172.16.0.10;
option domain-name-servers 168.95.1.1;
option domain-name-servers 8.8.8.8;
option routers 172.16.0.254;
}[@more@]
# vim /etc/systemd/system/dhcpd4@.service
[Unit]
Description=IPv4 DHCP server on %I
Wants=network.target
After=network.target
[Service]
Type=forking
PIDFile=/run/dhcpd4.pid
ExecStart=/usr/bin/dhcpd -4 -q -pf /run/dhcpd4.pid %I
KillSignal=SIGINT
[Install]
WantedBy=multi-user.target
修改 wlan0 網路卡設定
# cat /etc/netctl/wlan0
Description=’A simple WPA encrypted wireless connection using a static IP’
Interface=wlan0
Connection=ethernet
AutoWired=yes
IP=static
Address=’172.16.0.254/24′
DNS=(‘168.95.1.1’ ‘140.111.66.1’ ‘8.8.8.8’)
# Uncomment this if your ssid is hidden
#Hidden=yes
重新啟動 wlan0
# netctl restart wlan0
# ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.254 netmask 255.255.255.0 broadcast 172.16.0.255
inet6 fe80::9a3b:16ff:fe1e:67d8 prefixlen 64 scopeid 0x20<link>
ether 98:3b:16:1e:67:d8 txqueuelen 1000 (Ethernet)
RX packets 15 bytes 1914 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 69 bytes 7236 (7.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
啟動 DHCP Server
# systemctl start dhcpd4@wlan0.service
設定開機時啟動 DHCP Server
# systemctl enable dhcpd4@wlan0.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd4@wlan0.service to /etc/systemd/system/dhcpd4@.service.
設定防火牆
# vim /etc/firewall.wifiap
#!/bin/bash
IPTABLES=/sbin/iptables
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
modprobe ip_conntrack
modprobe iptable_nat
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -j MASQUERADE
執行防火牆規則
# sh /etc/firewall.wifiap
在 /etc/rc.local 檔案最後面加入執行防火牆規則的設定
# sed -i ‘$a # NAT 防火牆nsh /etc/firewall.wifiap’ /etc/rc.local
設定 hostapd
# cat /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=CubieTruck
channel=11
hw_mode=g
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_psk=ee07bee15c9c33bf7bcc53d84aac17e2b83f82476f96e32efcd03d716d99a4d2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
執行 hostapd
# systemctl start hostapd
查詢執行狀態
# systemctl status hostapd
● hostapd.service – Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Loaded: loaded (/usr/lib/systemd/system/hostapd.service; enabled)
Active: active (running) since Tue 2014-10-14 13:23:38 CST; 1s ago
Process: 353 ExecStart=/usr/bin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B (code=exited, status=0/SUCCESS)
Main PID: 354 (hostapd)
CGroup: /system.slice/hostapd.service
└─354 /usr/bin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
直接使用命令列執行
# /usr/bin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
Configuration file: /etc/hostapd/hostapd.conf
Using interface wlan0 with hwaddr 98:3b:16:1e:67:d8 and ssid “CubieTruck”
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
設定開機時執行
# systemctl enable hostapd
檢查是否有載入無線網路模組
# lsmod | grep bcmdhd
bcmdhd 497637 0
如果沒有的話
# echo bcmdhd >> /etc/modules-load.d/cubie.conf
建立無線網路設定檔
# cp /etc/netctl/examples/wireless-wpa /etc/netctl/wlan0[@more@]
修改設定檔
# egrep -v ‘^#|^$’ /etc/netctl/wlan0
Description=’A simple WPA encrypted wireless connection’
Interface=wlan0
Connection=wireless
Security=wpa
IP=dhcp
ESSID=’CHTN_T07AW’
Key=’123456789′
連上無線網路
# cd /etc/netctl
# netctl start wlan0
查看無線網路
# ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.3 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::9a3b:16ff:fe1e:67d8 prefixlen 64 scopeid 0x20<link>
ether 98:3b:11:1e:67:d8 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 1276 (1.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 3512 (3.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
先切換有線網路 eth0
# ifconfig eth0 down
測試是否能連上網路
# ping -c 4 140.111.66.1
PING 140.111.66.1 (140.111.66.1) 56(84) bytes of data.
64 bytes from 140.111.66.1: icmp_seq=1 ttl=54 time=37.3 ms
64 bytes from 140.111.66.1: icmp_seq=2 ttl=54 time=349 ms
64 bytes from 140.111.66.1: icmp_seq=3 ttl=54 time=11.5 ms
64 bytes from 140.111.66.1: icmp_seq=4 ttl=54 time=11.9 ms
— 140.111.66.1 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 11.581/102.619/349.571/142.959 ms
中斷無線網路
# netctl stop waln0