ESXI清空root密码

先挂一个rescue系统重启并进入,挂载/dev/sda5分区.

www.system-rescue-cd.org 可以下载, 用linux带rescue的iso也可以.


操作流程大致如下:

mkdir /mnt/sda5

mount /dev/sda5 /mnt/sda5

cp /mnt/sda5/state.tgz /tmp

cd /tmp

tar -xf state.tgz (这一步对文件进行解压之后,会生成一个local.tgz的文件)

tar -xf local.tgz (这一步操作结束后,tmp下会有一个etc目录)

vim etc/shadow   (把root的密码删掉)

rm -f /tmp/state.tgz /tmp/local.tgz

tar -zcvf local.tgz etc/

tar -zcvf state.tgz local.tgz

cp state.tgz /mnt/sda5/


files.photo.gallery

演示地址:https://files.photo.gallery/demo/?samples

下载链接:https://cdn.jsdelivr.net/npm/files.photo.gallery/index.php

设置说明:https://forum.photo.gallery/viewtopic.php?f=66&t=9964

开心补丁:https://cdn.jsdelivr.net/gh/yyingc/[email protected]/files.js


php组建需求: fileinfo exif imagemagick


配置根目录、密码访问和排除不需要显示的目录:

// 根目录配置
'root' => '根目录路径', // root path relative to script.
'start_path' => false, // start path relative to script. If empty, root is start path
// 登录账号密码配置
'username' => 'zhujizixun',
'password' => '12345678', // Add password directly or use https://tinyfilemanager.github.io/docs/pwd.html to encrypt the password (encrypted password is more secure, as it prevents your password from being exposed directly in a file).
// 排除文件或者目录
'files_exclude' => '/.(html|xml)$/i', // '/.(pdf|jpe?g)$/i'
'dirs_exclude' => '//js|/_files(/|$)/i', //'//Convert|/football|/node_modules(/|$)/i',
'allow_symlinks' => true, // allow symlinks

解决nocps的samba跨网速度慢的问题

smb跨网的速度慢到爆,  虽然可以在Installation profiles里面增加一个外带本地smb路径, 在能不改变就不改变的前提下解决.


在ROS里面把445,137,138,139的tcp和udp重新定向到网内的smb服务器ip上.

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=远程SMB dst-address-type=!local dst-port=445,137,138,139 protocol=udp to-addresses=本地SMB
add action=dst-nat chain=dstnat dst-address=远程SMB dst-address-type=!local dst-port=445,137,138,139 protocol=tcp to-addresses=本地SMB

然后将nocps下smb目录文件同步出来, 先把nocps的smb挂载到本地目录然后用rsync进行同步, 然后再分发到其他区域的smb服务器.


其实能在路由上做nat的情况, 完全可以把smb单独出来分区域镜像跑, 但是我不太想去折腾了, 能省一步省一步.





BGP Regular Expressions Examples

Regular Expressions are used often for BGP route manipulation or filtering. In this lesson we’ll take a look at some useful regular expressions. First let’s take a look at the different characters that we can use:

Characters

?
repeats the previous character one or zero times.
*
repeats the previous character zero or many times.
+
repeats the previous character one or more times.
^
matches the beginning of a string.
$
matches the end of a string.
[]
is a range.
_
matches the space between AS numbers or the end of the AS PATH list.
\\
is an escape character. You’ll need this for BGP confederations.

Examples

^$matches an empty AS PATH so it will match all prefixes from the local AS.
^51_matches prefixes from AS 51 that is directly connected to our AS.
_51_matches prefixes that transit AS 51.
_51$matches prefixes that originated in AS 51, the $ ensures that it’s the beginning of the AS PATH.
^([0-9]+)_51matches prefixes from AS 51 where AS 51 is behind one of our directly connected AS’es.
^51_([0-9]+)matches prefixes from the clients of directly connected AS 51.
^(51_)+([0-9]+)matches prefixes from the clients of directly connected AS 51, where AS 51 might be doing AS PATH prepending.
^51_([0-9]+_)+matches prefixes from the clients of directly connected AS 51, where the clients might be doing AS PATH prepending.
^\65200\)matches prefixed from confederation peer 65200.

https://networklessons.com/bgp/bgp-regular-expressions-examples/

内网IP分配用途表

Address BlockPresent UseReference
0.0.0.0/8"This" NetworkRFC 1122, Section 3.2.1.3
10.0.0.0/8Private-Use NetworksRFC 1918
127.0.0.0/8LoopbackRFC 1122, Section 3.2.1.3
169.254.0.0/16Link LocalRFC 3927
172.16.0.0/12Private-Use NetworksRFC 1918
192.0.0.0/24IETF Protocol AssignmentsRFC 5736
192.0.2.0/24TEST-NET-1RFC 5737
192.88.99.0/246to4 Relay AnycastRFC 3068
192.168.0.0/16Private-Use NetworksRFC 1918
198.18.0.0/15Network Interconnect
Device Benchmark Testing
RFC 2544
198.51.100.0/24TEST-NET-2RFC 5737
203.0.113.0/24TEST-NET-3RFC 5737
224.0.0.0/4MulticastRFC 3171
240.0.0.0/4Reserved for Future UseRFC 1112, Section 4
255.255.255.255/32Limited BroadcastRFC 919, Section 7
RFC 922, Section 7

#---------------------- 










Summary Table

Address BlockPresent UseReference
0.0.0.0/8"This" NetworkRFC 1122, Section 3.2.1.3
10.0.0.0/8Private-Use NetworksRFC 1918
127.0.0.0/8LoopbackRFC 1122, Section 3.2.1.3
169.254.0.0/16Link LocalRFC 3927
172.16.0.0/12Private-Use NetworksRFC 1918
192.0.0.0/24IETF Protocol AssignmentsRFC 5736
192.0.2.0/24TEST-NET-1RFC 5737
192.88.99.0/246to4 Relay AnycastRFC 3068
192.168.0.0/16Private-Use NetworksRFC 1918
198.18.0.0/15Network Interconnect
Device Benchmark Testing
RFC 2544
198.51.100.0/24TEST-NET-2RFC 5737
203.0.113.0/24TEST-NET-3RFC 5737
224.0.0.0/4MulticastRFC 3171
240.0.0.0/4Reserved for Future UseRFC 1112, Section 4
255.255.255.255/32Limited BroadcastRFC 919, Section 7
RFC 922, Section 7

hex dec ip

#!/bin/bash
dec2ip () {
    local ip [email protected]
    for e in {3..0}
    do
        ((octet = dec / (256 ** e) ))
        ((dec -= octet * 256 ** e))
        ip+=$delim$octet
        delim=.
    done
    printf '%s\n' "$ip"
}

dec2ip "[email protected]"
#!/bin/bash
ip2dec () {
    local a b c d [email protected]
    IFS=. read -r a b c d <<< "$ip"
    printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
}

ip2dec "[email protected]"
dec2ip ()
{
   local v=$1
   local i1=$((v>>24&255))
   local i2=$((v>>16&255))
   local i3=$((v>>8&255))
   local i4=$((v&255))
   printf '%d.%d.%d.%d\n' $i1 $i2 $i3 $i4
}


tohex

echo -n   10.0.14.5  | hexdump -e '/1 "%02x"';

ip2hex

gethostip -x 10.0.14.5

hex2ip

hextoip() { hex=$1;  printf "%d." 0x${hex:0:2};  printf "%d." 0x${hex:2:2};  printf "%d." 0x${hex:4:2};  printf "%d" 0x${hex:6:2};  }


隧道大师系列....gretap/VXLAN/EOIP

Linux Endpunkte

GRETAP

/bin/ip link add 命名 type gretap local 本地IPv4 remote 远程IPv4 ttl 255
/bin/ip link set dev 命名 up

VXLAN

/bin/ip link add 命名 type vxlan local 本地IPv4 remote 远程IPv4 dstport 4789 id 0 ttl 255
/bin/ip link set dev 命名 up

Ethernet over IP

# install
wget https://raw.githubusercontent.com/4b42/4ixp/master/eoip/install.sh -O /tmp/eoip.sh
chmod +x /tmp/eoip.sh
/tmp/eoip.sh
rm -f /tmp/eoip.sh
# config
cat << EOF > /etc/eoip.cfg
[eoip命名]
id=0
dst=远程IPv4
EOF
/usr/local/bin/eoip /etc/eoip.cfg


MikroTik RouterOS Endpunkte

/interface eoip add !keepalive name=命名 local-address=本地IPv4 remote-address=远程IPv4 tunnel-id=0

代替htpasswd生成密码方法

 printf "user:$(openssl passwd -crypt 123456)\n" >>conf/htpasswd


ROS历史版本下载

ROS历史版本下载

https://www.routeros.co.id/
https://www.mikrotik.com/download/archive

IPMITOOL单机批量执行命令

首先得安装有ipmitool或者OpenIPMI的包以及加载相应的内核模块

yum install ipmitool -y -q
modprobe ipmi_watchdog
modprobe ipmi_poweroff
modprobe ipmi_devintf
modprobe ipmi_si

执行例子

ipmitool exec ipmi.txt -I lanplus  -U '用户' -P '密码' -H IP地址

ipmi.txt内容例子 

power status
sensor
mc info
user list
lan print

主要是把所有的命令写在一个文本里面, 不用每次发送命令都带上IP 用户名密码等等

尤其是遇上更改IPMI的IP配置和用户配置的时候, 省去了一大部分的冗余操作.


通过ssh备份juniper配置文件

首先,为了方便rsa免密码登陆要事先准备好.

其次,如果有堡垒机穿透也要事先在ssh/config下配置好.

方法一

ssh [email protected] "cli<< EOF
show configuration|dis set
EOF 
" |grep set >junos.backup.txt

 方法二

ssh [email protected]   'csh -s'  <./backup.sh |grep set > junos.backup.txt

方法二是用csh -s将本地的脚本文件内容抛到juniper上执行.


用grub引导netinstall安装Centos系统

没有DHCP 没有PXE  也没有netboot , IPMI又卡, 之前的老办法.

ks脚本需要提前准备一下

阅读剩余部分...

centos下的docker安装

源码仓库安装

wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl start docker

脚本安装

curl -fsSL https://get.docker.com |bash 
sh get-docker.sh


奇怪的iredmail安装脚本之一

源码安装

wget  https://github.com/iredmail/iRedMail/archive/1.2.1.tar.gz  -O -|tar xz
cd  iRedMail-*
bash iRedMail.sh

Docker安装

docker volume create iRedMail
docker run \
    --rm \
    --name iredmail \
    --env-file /iredmail/iredmail-docker.conf \
    --hostname Your-domian..com \
    -p 80:80 \
    -p 443:443 \
    -p 110:110 \
    -p 995:995 \
    -p 143:143 \
    -p 993:993 \
    -p 25:25 \
    -p 465:465 \
    -p 587:587 \
    -v /iredmail/data/backup:/var/vmail/backup \
    -v /iredmail/data/mailboxes:/var/vmail/vmail1 \
    -v /iredmail/data/mlmmj:/var/vmail/mlmmj \
    -v /iredmail/data/mlmmj-archive:/var/vmail/mlmmj-archive \
    -v /iredmail/data/imapsieve_copy:/var/vmail/imapsieve_copy \
    -v /iredmail/data/custom:/opt/iredmail/custom \
    -v /iredmail/data/ssl:/opt/iredmail/ssl \
    -v /iredmail/data/mysql:/var/lib/mysql \
    -v /iredmail/data/clamav:/var/lib/clamav \
    -v /iredmail/data/sa_rules:/var/lib/spamassassin \
    iredmail/mariadb:nightly

奇怪的安装mysql脚本之一

groupadd mysql -g 27

useradd mysql -u 27 -g 27 -c "MySQL Server" -d /home/mysql -m

function代码

function install_mysql() {
groupadd mysql
useradd -s /sbin/nologin -M -g mysql mysql
 if [ -n "$1" ] ;  then  mysqlrootpwd=$1; else mysqlrootpwd=`openssl rand -base64 32| tr -dc _A-Z-a-z-0-9 | head -c12`;  fi
echo root $mysqlrootpwd ' | ' `date`  >> /root/mysql.txt
yum -y -q install mariadb mariadb-server galera
ln -s /usr/lib/systemd/system/mariadb.service /usr/lib/systemd/system/mysql.service
systemctl enable mariadb
systemctl start mariadb
mysqladmin -u root password $mysqlrootpwd
setmyqlroot $mysqlrootpwd
sed -i 's/skip-locking/skip-external-locking/g' /etc/my.cnf
}
function setmyqlroot() {
 if [ -n "$1" ] ;  then  mysqlrootpwd=$1; else mysqlrootpwd=`openssl rand -base64 32| tr -dc _A-Z-a-z-0-9 | head -c12`; echo root $mysqlrootpwd ' | ' `date`  >> /root/mysql.txt ;  fi
mysql -uroot -p$mysqlrootpwd <<EOF
UPDATE mysql.user SET Password=PASSWORD("$mysqlrootpwd") WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
exit
EOF
}

执行安装

install_mysql()


mysql_install_db --user=mysql --datadir=/home/mysql --no-defaults  &

mysqladmin -u root password $mysqlrootpwd