ubuntu 查看 listen port

說明

• 在不額外安裝netstat下，可以使用以下指令查看 LISTEN 的 port

查看ipv4

> ss -nlt4

查看ipv6

> ss -nlt6

同時查看ipv4 及 ipv6

> ss -nlt

librenms on Ubuntu 22.04 安裝手冊

ubuntu22.04 with php8.1 with nginx 安裝過程

參考文件

https://docs.librenms.org/Installation/Install-LibreNMS/

安裝package

sudo apt install acl curl fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php-cli php-curl php-fpm php-gd php-gmp php-json php-mbstring php-mysql php-snmp php-xml php-zip rrdtool snmp snmpd unzip python3-pymysql python3-dotenv python3-redis python3-setuptools python3-systemd python3-pip whois traceroute

新增 librenms user

sudo useradd librenms -d /home/librenms -M -r -s “$(which bash)”

下載 librenms from git

cd /home

sudo git clone https://github.com/librenms/librenms.git

設定權限

sudo chown -R librenms:librenms /home/librenms

sudo chmod 771 /home/librenms

sudo setfacl -d -m g::rwx /home/librenms/rrd /home/librenms/logs /home/librenms/bootstrap/cache/ /home/librenms/storage/

sudo setfacl -R -m g::rwx /home/librenms/rrd /home/librenms/logs /home/librenms/bootstrap/cache/ /home/librenms/storage/

安裝 php 相依

sudo su - librenms

./scripts/composer_wrapper.php install —no-dev

exit

設定時區

sudo vi /etc/php/8.1/fpm/php.ini
sudo vi /etc/php/8.1/cli/php.ini

date.timezone = Asia/Taipei

sudo timedatectl set-timezone Asia/Taipei

設定MariaDB

sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf

在[mysqld]下一行加入以下兩行

innodb_file_per_table=1
lower_case_table_names=0

sudo systemctl enable mariadb

sudo systemctl restart mariadb

sudo mysql_secure_installation

sudo mysql -u root

輸入以下SQL Command

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY '[yourpassword]';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit

設定 php-fpm

sudo cp /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/librenms.conf

sudo vi /etc/php/8.1/fpm/pool.d/librenms.conf

[www]改成[librenms]

[librenms]

user = librenms
group = librenms

listen = /run/php-fpm-librenms.sock

設定 web server

sudo vi /etc/nginx/conf.d/librenms.conf

server {
 listen      80;
 server_name [yourdomain or ip];
 root        /home/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  include fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

sudo rm /etc/nginx/sites-enabled/default

sudo systemctl restart nginx

sudo systemctl restart php8.1-fpm

設定lnms

sudo ln -s /home/librenms/lnms /usr/bin/lnms

sudo cp /home/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

設定 snmpd

sudo cp /home/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

sudo vi /etc/snmp/snmpd.conf

找到 RANDOMSTRINGGOESHERE 改成 public(或自已想要的)

sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro

sudo chmod +x /usr/bin/distro

sudo systemctl enable snmpd

sudo systemctl restart snmpd

設定 cronjob

sudo cp /home/librenms/dist/librenms.cron /etc/cron.d/librenms

sudo vi /etc/cron.d/librenms

將所有的路徑裡的資料夾opt改成home

設定scheduler

sudo cp /home/librenms/dist/librenms-scheduler.service /home/librenms/dist/librenms-scheduler.timer /etc/systemd/system/

sudo systemctl enable librenms-scheduler.timer

sudo systemctl start librenms-scheduler.timer

sudo vi /etc/systemd/system/librenms-scheduler.service

將所有的路徑裡的資料夾opt改成home

設定logrotate

sudo cp /home/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

匯入資料庫

sudo vi /home/librenms/.env

DB_HOST= localhost
DB_DATABASE= librenms
DB_USERNAME= librenms
DB_PASSWORD= [yourpassword]

sudo su - librenms

lnms migrate

php artisan key:generate

php artisan config:clear

php artisan config:cache

exit

web config

http://[yourdomain_or_ip]/

• 建立管理員帳號

修改config.php權限

sudo chown librenms:librenms /home/librenms/config.php

驗證設定(或問題排除)

sudo su - librenms

cd /home/librenms

./validate.php

​

OpenVAS on Ubuntu 20.04

# 更新系統

> sudo apt update

> sudo apt upgrade

> sudo apt dist-upgrade

# 抓取script

> wget https://raw.githubusercontent.com/yu210148/gvm_install/master/install_gvm.sh

> chmod +x install_gvm.sh

# 執行script

> sudo ./install_gvm.sh -v 21 -a -u

OpenVAS 9 on ubuntu

ubuntu server 16.04安裝

======================================================================
#參考網站
https://magiclen.org/ubuntu-server-16-04/
https://hackertarget.com/openvas-9-install-ubuntu-1604/
======================================================================
#設定固定IP
sudo vi /etc/network/interfaces

auto ens160
iface ens160 inet static
address 10.0.0.1
netmask 255.255.255.0
gateway 10.0.0.254

dns-nameservers 168.95.1.1

sudo /etc/init.d/networking restart

======================================================================
#系統更新
sudo apt update
sudo apt upgrade
sudo apt dist-upgrade

======================================================================
#安裝OpenVAS9
>sudo add-apt-repository ppa:mrazavi/openvas

>sudo apt update
>sudo apt install sqlite3
>sudo apt install openvas9

#安裝產生PDF報表軟體
>sudo apt install texlive-latex-extra --no-install-recommends

>sudo apt-get install texlive-fonts-recommended

>sudo apt install libopenvas9-dev

#同步資料 (資料量很大)
>sudo greenbone-nvt-sync
>sudo greenbone-scapdata-sync
>sudo greenbone-certdata-sync

>sudo service openvas-scanner restart

>sudo ps -ef | grep openvas

>sudo netstat -na

#增加可掃smb漏洞
>sudo apt install smbclient

>sudo service openvas-manager restart
>sudo openvasmd --rebuild --progress

======================================================================
#更改網頁預設使用port
#change gsad default port 4000
>sudo vi /etc/default/openvas-gsa

HTTP_ONLY=1
LISTEN_ADDRESS="0.0.0.0"
PORT_NUMBER=9392

>sudo /etc/init.d/openvas-gsa restart

======================================================================
#開啟防火牆及相關policy
#啟用
>sudo ufw enable

#停用
>sudo ufw disable

#允許全部
>sudo ufw default allow

#封鎖全部
>sudo ufw default deny

#刪除防火牆規則
>sudo ufw status numbered
>sudo ufw delete 'numbered'

#啟用log /var/log/ufw.log
>sudo ufw logging on

#查看規則及狀態
>sudo ufw status
>sudo ufw statusverbose

#範例
>sudo ufw allow ssh

>sudo ufw allow in 8080

>sudo ufw deny out 3389

>sudo ufw deny in 123/udp

>sudo ufw version

>sudo ufw allow from 10.0.0.2

>sudo ufw deny from 10.0.1.0/24

>sudo ufw allow from 10.10.1.0/24 to any port 22

ubuntu firefox + flash plugin

sudo add-apt-repository ppa:skunk/pepper-flash
sudo add-apt-repository ppa:nilarimogard/webupd8

sudo apt-get update
sudo apt-get install pepflashplugin-installer
sudo apt-get install freshplayerplugin

Lubuntu 安裝 xrdp

1. sudo apt-get install xrdp

2.sudo nano /etc/xrdp/startwm.sh

#'. /etc/X11/Xsession'
. /usr/bin/startlxde

3.如果沒有startlxde
安裝 sudo apt-get install lxde-common