程式CODE

2019年5月6日 星期一

弱點掃瞄解決

ubuntu 18.04下

檢測有無隱藏資訊
curl -L -I www.hdes.chc.edu.tw  

檢測ssl
https://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm


藏資訊
修改  /etc/apache2/conf-enabled/security.conf 
ServerTokens = Prod
ServerSignature = off

修改 /etc/php/7.3/apache/php.ini
expose_php = Off



弱點:
TLS 1.0 enabled
sudo vim /etc/apache2/mods-available/ssl.conf
#SSLProtocol all -SSLv3
改為   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 

若有申請 letsencrypt SSL憑證,請修改
sudo vim /etc/letsencrypt/options-ssl-apache.conf

Cookie(s) without HttpOnly flag set,without Secure flag set 
sudo vim /etc/apache2/apache2.conf
加一行 Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

X-Frame-Options header missing
sudo vim /etc/apache2/apache2.conf

加一行 Header always append X-Frame-Options DENY

Directory traversal 
https://hostadvice.com/how-to/how-to-setup-modsecurity-for-apache-on-ubuntu-18-04/

2018年11月7日 星期三

利用 ffmpeg 切裁合併mp4檔

https://www.jianshu.com/p/eff314074177

先安裝 ffmpeg
sudo apt-get install ffmpeg

//截取從開始的30s
ffmpeg -ss 00:00:00 -t 00:00:30 -i keyoutput.mp4 -vcodec copy -acodec copy split.mp4

//截取從30s開始的30s

ffmpeg -ss 00:00:30 -t 00:00:30 -i keyoutput.mp4 -vcodec copy -acodec copy split1.mp4
//進行影片的合併

ffmpeg -f concat -i list.txt -c copy concat.mp4

其中的  list.txt 內容為
file ./split.mp4
file ./split1.mp4
作者:SHUTUP
連結:https://www.jianshu.com/p/eff314074177

2018年11月6日 星期二

ubuntu18.04安裝LAMP

ubuntu18.04在mysql的安裝比較麻煩一點

一、apache2
sudo apt-get install apache2


二、Mysql5.7
sudo apt-get install mysql-server mysql-common mysql-client

 進入mysql管理
sudo mysql -u root

刪除root帳號
DROP USER 'root'@'localhost';

新增root帳號,密碼123456
CREATE USER 'root'@'%' IDENTIFIED BY '123456';

授權
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;

刷新
FLUSH PRIVILEGES;

離開
exit


三、php7.2
#軟體源拓展工具
sudo apt -y install software-properties-common apt-transport-https lsb-release ca-certificates
#軟體源
sudo add-apt-repository ppa:ondrej/php
#更新
sudo apt-get update
#安裝PHP7.2
sudo apt-get install php7.2 php7.2-cli php7.2-json php7.2-mbstring php7.2-gd php7.2-xml php7.2-ldap php7.2-mysql php7.2-curl php7.2-zip

從elementary os 5.0 JUNO開始

一、安裝好它,升級它

sudo apt-get update

sudo apt-get dist-upgrade -y

sudo apt-get autoremove

sudo apt-get clean



二、安裝軟體庫

必須安裝這個,才能新增其他的 repository 庫

sudo apt install software-properties-common


三、安裝中文輸入法

安裝fcitx

sudo apt-get install fcitx
sudo apt-get install fcitx-chewing
sudo apt-get instsall fcitx-table-boshamy
設定為預設輸入法
im-config

四、在登入畫面時,讓NumLock是亮著的,順便關閉guest

安裝nukmockx

sudo apt-get install numlockx -y
修改,或新增設定檔

sudo vim /usr/share/lightdm/lightdm.conf.d/40-io.elementary.greeter.conf
增加numlockx on

-------------------------------------------------------------
[Seat:*]
greeter-session=io.elementary.greeter
user-session=pantheon

greeter-setup-script=/usr/bin/numlockx on
-------------------------------------------------------------
重開機即可

五、安裝elementary-tweaks(可改成按兩下滑鼠左鍵開啟)

sudo add-apt-repository ppa:philip.scott/elementary-tweaks
sudo apt-get update
sudo apt-get install elementary-tweaks

2018年6月26日 星期二

用cetbot申請SSL,五分鐘搞定

一、先自行搞定 DNS,在網站伺服器 apache 上弄好DNS

二、連線到 cerbot 網站
https://certbot.eff.org/

選擇好你的 web server 及 os,我選的是 apache 、ubuntu 16.04

三、執行以下程式,安裝 cetbot
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

四、執行安裝導引程式
$ sudo certbot --apache
1.填寫email

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):


2.同意
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:


3.要收到他們的信嗎?
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
-------------------------------------------------------------------------------
(Y)es/(N)o:


3.以下,叫你選你的Domain Name,通常就是第一個,選「1」後,按 Enter

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: xxx.xxx.chc.edu.tw
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):



4.以下,問你要不要把 http 直接導引到 https ,選 1 或 2 後,Enter
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

成功!!
試看看,真的不用五分鐘就好了!!連 apache2 都不用 reload 和 restart
不過只有 90 天的期限,就要 renew

renew 的指令如下:
sudo certbot renew --dry-run
你可以把它寫進 contab ,自動更新

sudo crontab -e
填上:
0 0 1 * * /root/certbot-auto renew --quiet

2018年4月11日 星期三

ACFS-Centos7記要

1.修改預設的 firewall 程式為自訂的
sudo vim /etc/rc.local

#/usr/bin/firewall.sh 改成 /usr/bin/firewall.sh

2.修改 firewall.sh
sudo vim /usr/bin/firewall.sh

3.安裝php-ldap套件
sudo yum -y install php-ldap

4.重啟apache2
sudo /sbin/service httpd restarts

5.修改mysql密碼
mysqladmin -uroot -p password '新密碼'

6.apache設定檔
/etc/httpd/conf.d/acfs..conf

7.安裝ncftp
sudo yum -y install ncftp

8.php.ini
max_input_vars =3000

9.改ip
cd /etc/sysconfig/network-scripts/
底下ifcfg-xxx

2018年3月12日 星期一

ubuntu安裝java8

參考:
https://blog.gtwang.org/linux/how-to-install-java-with-apt-get-on-ubuntu-linux/

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer 

查java
update-alternatives --query java

設定 JAVA_HOME 環境變數
sudo vim /etc/environment

填入
JAVA_HOME="/usr/lib/jvm/java-8-oracle"

載入
source /etc/environment

試看看
echo $JAVA_HOME

laravel 5常用指令

建key
php artisan key:generate

建vendor
composer install

建立controller
php artisan make:controller PostsController --resource

安裝migration資料表
php artisan migrate:install

新建立model post的資料表
artisan make:migration {action}_{table}_table --create=posts
php artisan make:migration --create=students create_students_table

在posts表上,更動資料表
artisan make:migration {action}_{table}_table --table=posts

建立資料表
php artisan migrate (會先跑install)

建立model
artisan make:model Post

跑seeder
php artisan db:seed

建立policy
php artisan make:policy {PolicyName} --model={Model}
記得去註冊它
// app/Providers/AuthServiceProvider.php

2018年3月11日 星期日

GPG指令備忘

gpg --gen-key #產生金鑰

gpg -k # 列出公鑰 (Public Key)
gpg -K # 列出私鑰 (Secret Key)

gpg -o keyfilename --export mykeyID  #導出公鑰
gpg -o keyfilename --export-secret-keys mykeyID  #導出私鑰

gpg --import  filename.asc #導入金鑰

gpg --delete-secret-keys  key-ID  #先刪私鑰
gpg --delete-key key-ID  #再刪公鑰

gpg -e -r username filename  #加密檔案
gpg -d filename.gpg  > filename #解密檔案

2018年2月23日 星期五

為laravel auth 增加 圖形認證登入

參考自:https://phperzh.com/articles/1262

使用官方 auth下

1.安裝 mews/captcha
composer require mews/captcha

2.設定 /config/app.php
'providers' => [
    // ...
    Mews\Captcha\CaptchaServiceProvider::class,
]
'aliases' => [
    // ...
    'Captcha' => Mews\Captcha\Facades\Captcha::class,
]

3.產生設定檔 config/captcha.php
php artisan vendor:publish
可更改認證的字數或樣式
# 例如 flat 的樣式
...
    'flat'   => [
        'length'    => 5,  #認證的字數
        'width'     => 160,
        'height'    => 46,
        'quality'   => 90,
        'lines'     => 20,
        'bgImage'   => false,
        'bgColor'   => '#ecf2f4',
        'fontColors'=> ['#2c3e50', '#c0392b', '#16a085', '#c0392b', '#8e44ad', '#303f9f', '#f57c00', '#795548'],
        'contrast'  => -5,
    ],
...


4.修改登入頁面 /resources/views/auth/login.blade.php
在密碼的下方增加
...
<div class="form-group">
<label for="captcha" class="col-md-4 control-label">驗證碼</label>                 
    <div class="form-group">
<div class="col-md-3">
<input id="captcha"  class="form-control" type="captcha" name="captcha" value="{{ old('captcha')  }}" required>
             @if ($errors->has('captcha'))
                <span class="help-block">
                    <strong>驗證碼輸入錯誤</strong>
                </span>
            @endif
        </div>
<span class="col-md-1 refereshrecapcha">
        <a href="/login/refereshcapcha">{!! captcha_img('flat')  !!}</a>  #樣式 flat
</span>
    </div>
</div>
...

5.修改 /vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php
要注意的是,因為修改的是 vendor 裡的檔案,有 clone 過來的,都要再去修改一次喔
...
protected function validateLogin(Request $request)
{
    $this->validate($request, [
        $this->username() => 'required|string',
        'password' => 'required|string',
        'captcha' => 'required|captcha',  #此行為新增
    ]);
}
...

6.對應路由
修改 /routes/web.php
新增
Route::get('/login/refereshcapcha', 'Auth\LoginController@refereshcapcha');

7.修改 LoginController
/app/Http/Controllers/Auth/LoginController.php
public function refereshcapcha()
{
     return captcha_img('flat');
}