@echo off
net use * /delete /yes
mkdir \\192.168.0.1\HOME$\%username%
net use O: \\192.168.0.1\HOME$\%username%
cacls O: /e /r everyone
cacls O: /e /g %username%:c
net use P: \\192.168.0.1\Public$
net use Q: \\192.168.0.1\DATA$
net use U: \\192.168.0.1\UTILITY$
net use X: \\192.168.0.1\GOINFO$
net use Y: \\192.168.0.1\Backup
net use Z: \\192.168.0.1\財務部$
MySLQ 的備份及回復
1.只備份一個資料庫可用下面指令:
mysqldump -u root -p --events --routines --triggers --default-character-set=utf8mb4 資料庫名稱 > backup.sql
2.備份全部資料庫:
mysql --default-character-set=utf8mb4 -u root -p rslhome < backup.sql
3.對於資料庫中的stored procedures, functions, triggers, events的備份,有一些額外的選項:
--events:匯出events
--routines:匯出stored procedures, functions
--triggers:導入triggers(默認)
4.備份view
MySQL修改密碼與忘記密碼重設
一開始安裝好mysql時,root可能尚未設定密碼,可以用以下指令設定:
mysqladmin -u root -p password '你的密碼'
忘記密碼重設:
# /etc/init.d/mysql stop
# mysqld_safe --skip-grant-tables &
檢查 MySQL Server 的編碼
SQL 指令:
show variables where Variable_name like 'character%';
show variables where Variable_name like 'collation%';
HTML – HTML include HTML
設計師要出所有的靜態layout與html,但畫面越來越複雜的情況下,要進行切割,但又不會不屬於同一個頁面。
就使用include,
那html怎麼做include,
查一下,發現網路上有解
https://www.w3schools.com/howto/howto_html_include.asp
w3schools 寫了一個w3.js
可以做到include html的功能
<!DOCTYPE html> <html> <body> <div w3-include-html="<?=ROOT_DIR?>/HTML/content"></div> </body> </html>
直接在MySQL數據庫中更改PostFix用戶帳戶的密碼
I need to change a password of a postfix user account mailbox directly in a MySQL database; however I have no idea of the format used.
Here is the table:
SELECT username,password FROM mailbox LIMIT 1;
+------------------+------------------------------------+
| username | password |
+------------------+------------------------------------+
| user@example.com | $1$60Dgu9vc$T7vaQfTKgxUpci0TTnsyO0 |
+------------------+------------------------------------+
解決方式:
The $1$
at the beginning of the password field hints it is a MD5 hash.
To encrypt a password in a MD5 hash, you can use the openssl passwd
command.
From man openssl:
passwd Generation of hashed passwords.
and from openssl passwd --help
:
-1 MD5-based password algorithm
-stdin read passwords from stdin
So to generate the MD5 hash, a short bash example:
#/bin/bash
PASSWORD="test123"
MD5=`echo $PASSWORD | openssl passwd -1 -stdin`
Running it, you got as output the intended encrypted password:
$1$EaYOC8n4$04LSDBtt4A8GPVRUkzBXG/
So to change the password in the MySQL DB to ‘test123’, you do in the MySQL prompt:
USE postfix
UPDATE mailbox SET password="$1$EaYOC8n4$04LSDBtt4A8GPVRUkzBXG/" WHERE username="user@example.com";
The change takes effect immediately, and the user will notice the change in the next mailbox access.
PHP跟檔案上傳有關的變數:重要!!
PHP跟檔案上傳有關的變數:重要!!
file_uploads 1 允許是否可以上傳
upload_max_filesize 單一檔案空間限制
max_file_uploads 一次最多可以上傳幾個檔案
upload_max_filesize與post_max_size有什麼不同呢?
upload_max_filesize是限制一個檔案的大小,
而post_max_size是限制一次HTTP POST資料量的大小。
centos 7 安裝最新的php7.3+httpd2.4.37+mariadb10.3
一、安裝centos 7:用最小安裝
二、安裝php7.3:
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y epel-release
yum install -y yum-utils
# 關閉php5.4
yum-config-manager –disable remi-php54
yum-config-manager –enable remi-php73
# 安裝php7.3和套件
yum -y install php php-devel php-imagick php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm wget
# 修改/etc/php.ini
date.timezone = ‘Asia/Taipei’
二、安裝httpd 2.4.37:
cd /etc/yum.repos.d
wget https://repo.codeit.guru/codeit.el7.repo
yum install -y epel-release
yum upgrade -y httpd
systemctl enable httpd.service
systemctl restart httpd.service
三、安裝mariadb 10.3:
vi /etc/yum.repos.d/mariadb.repo
# 加入以下內容
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
# 安裝套件
yum install -y MariaDB-server MariaDB-client
systemctl enable mysql.service
systemctl start mysql.service
/usr/bin/mysql_secure_installation
# 防火牆設定
firewall-cmd –permanent –add-port=80/tcp
firewall-cmd –permanent –add-port=443/tcp
firewall-cmd –permanent –add-port=3306/tcp
# And reload the firewall:
sudo firewall-cmd –reload
Apache 2.4 SSL安全性的設定
OS: Ubuntu 14.04 LTS, Apache 2.4.7, OpenSSL 1.0.1f
SSL Labs: A+ (RSA2048, SHA256 certificate)
Certificate: 100%
Protocol Support: 95%
Key Exchange: 90%
Cipher Strength: 90%
#### In the SSL.CONF file
SSLCipherSuite AES256+EECDH:AES256+EDH:AES128+EECDH:AES128+EDH
SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
SSLStrictSNIVHostCheck Off
SSLCompression off
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
### In the
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
### headers_module must be enabled for these extra security settings
Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains”
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set Public-Key-Pins “pin-sha256=\”
Header always set X-Frame-Options SAMEORIGIN
Apache 針對 Header 的安全性設定
Clickjacking 就是讓使用者在瀏覽網頁的點擊動作進行綁架,讓點擊動作產生非使用者所預期的行為,防禦方式就是設定 X-Frame-Options ,讓表頭回應時不受嵌入式網站影響,比方說自已的網站有放廣告的話,這麼設定就可以保護瀏覽 ssorc.tw 的人
OWASP 列出幾個 Header 需要安全性設定及描述,而 這裡 有設定參考
# vi /etc/httpd/conf.d/secure.conf # Clickjacking protection: allow iframes from same origin Header always append X-Frame-Options "SAMEORIGIN " Header always append Frame-Options "SAMEORIGIN" # Enforce HTTPS connections for all requests, including subdomains Header always append STRICT-TRANSPORT-SECURITY "max-age=16070400; includeSubDomains" # IE8+ and variants, XSS Protection Header always append X-XSS-Protection "1;mode=block" # Protection from drive-by dynamic/executable IE files Header always append X-Content-Type-Options "nosniff" # Strict Content Security Policy, deny all external requests # for custom CSP headers use: http://cspbuilder.info/ # 這個要小心使用,它會讓網站版面壞掉 Header always append Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self';" Header always append X-Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self';" Header always append X-WebKit-CSP "default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self';"
另一個減輕 XSS 攻擊的設定是 HttpOnly
# vi /etc/php.ini session.cookie_httponly = True 或 # vi /etc/httpd/conf.d/secure.conf # Using HttpOnly and Secure Flag Header edit Set-Cookie ^(.*)$ $1;HttpOnly; Secure # or 舊版本 Header set Set-Cookie HttpOnly;Secure
其它的我一併再備註在這裡
關閉 Apache 版本
ServerTokens Prod ServerSignature Off
防 DOS 攻擊
# vi /etc/httpd/conf.d/secure.conf # Apache Range Exploit RequestHeader unset Range RequestHeader unset Request-Range
隱藏 PHP 版本
# vi /etc/php.ini expose_php = off # vi /etc/httpd/conf.d/secure.conf # hide php version Header unset X-Powered-By
可用 curl 查看表頭資訊
curl -I http://ssorc.tw/