中小企业微成本专线替代，蒲公英SDWAN旁路盒子 对于中小企业来说，异地是个常见需求，比如驻外办事处、两个厂区互联、异地监控查看等，专线成本高昂，同时中小企业对连接稳定性敏感度较低，所以引入今天的主角，蒲公英P5旁路盒子。成本 蒲公英免费版限制建立一个网络，最大三个客户端，所以建议买三个蒲公英硬件，如单个蒲公英P5硬件售价约为285元，三个不到900。硬件参数 蒲公英P5基本等于G5的性能组网方式 蒲公英SDWAN的硬件有两种组网方式，一种是买路由器替代公司路由器，另一种是买旁路盒子，旁路盒子部署难度比路由器大一点点，但是不改变现有网络结构。路由器方式旁路盒子组网方式双旁路盒子组网方式组网速度 P2P点对点模式：蒲公英当前即使免费版也支持P2P传输，要求开启UPNP，P2P点对点模式下速度取决于带宽的最大速度和硬件的最大速度 自动转发模式：如果网络环境过于恶劣，蒲公英免费版会使用自动转发模式建立连接，带宽1Mbps部署 硬件安装简单，这里不赘述，上线并添加到自己的蒲公英账号中创建网络并加入硬件，此时硬件设备已经自动组网完成按实际情况配置路由，详细配置官方都有文档交换机或路由器配置路由在企业的网络中配置目标网络并指向蒲公英SDWAN的内网地址即可打通网络。稳定性 我从5月12号部署到今天6月2号共20天，其中5月15号出现一次一小时断线，联系客服后升级固件，升级后没再出现长时间断线问题。20天监测数据总结 对专线稳定性要求不高的中小企业或专线部署前临时替代的极佳方案。

中小型企业开源或免费网络安全方案建设 依托等级保护2.0一、二、三级指导以及开源或免费安全软件进行网络安全建设，但注意，此方案并不能让你顺利通过等保认证，等保是生意不是技术。传统企业架构王工开源或免费网络安全方案

HFish威胁捕捉与诱骗蜜罐系统 项目官网https://hfish.net/工作原理部署架构安装步骤 项目提供一键安装https://hfish.net/#/2-0-deploy增加节点 按生成的一键包安装即可特色功能 1、云端高交互蜜罐，由Hfish提供云端环境进行渗透过程记录2、攻击态势大屏

流影 Flow Shadow 轻量级网络安全感知与网络行为可视化综合分析平台 官网https://abyssalfish-os.github.io/项目安装，我这里使用一键包，系统要求Centos7.9https://abyssalfish-os.github.io/downloads/解压tar xvzf liuying_opensource.1.0.0.20230505.release-install.tar.gz ll total 228400 -rw-------. 1 root root 1631 May 31 12:06 anaconda-ks.cfg -rw-r--r--. 1 root root 233870147 May 31 13:28 liuying_opensource.1.0.0.20230505.release-install.tar.gz drwxr-xr-x 2 root root 4096 May 5 15:12 release-install-230505进入目录，解压依赖包到root目录cd release-install-230505/ ls agent_deploy_release.sh db.server.v1.0.0.230426.tar.gz protobuf-3.8.0-1.el7.x86_64.tar.gz Agent.v1.0.230427.tar.gz INSTALL.md server_deploy_release.sh all_env.sh localyumsource.tar.gz Server.v1.0.230325.tar.gz cgicc-lib-3.2.16-1.el7.x86_64.tar.gz lyprobe-release-v1.0.0-x86_64.tar.gz tensorflow-2.0.4-1.el7.x86_64.tar.gz cppdb-lib-0.3.1-1.el7.x86_64.tar.gz pf_ring-lib-7.4.0-957.el7.x86_64.E5v2.tar.gz webui.v1.0.3.tar.gz tar xvzf localyumsource.tar.gz -C /root安装依赖./all_env.sh安装探针和分析引擎./agent_deploy_release.sh查看网卡和启动脚本ip add 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000启动脚本写入到rc.local中，默认网卡是ens224，自行修改下，改为自己的实际网卡cat /etc/rc.local modprobe pf_ring lyprobe -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %DNS_REQ_DOMAIN %DNS_REQ_TYPE %HTTP_URL %HTTP_REQ_METHOD %HTTP_HOST %HTTP_MIME %HTTP_RET_CODE %SRV_TYPE %SRV_NAME %SRV_VERS %DEV_TYPE %DEV_NAME %DEV_VEND %DEV_VERS %OS_TYPE %OS_NAME %OS_VERS %MID_TYPE %MID_NAME %MID_VERS %THREAT_TYPE %THREAT_NAME %THREAT_VERS %ICMP_DATA %ICMP_SEQ_NUM %ICMP_PAYLOAD_LEN %SRV_TIME %DEV_TIME %OS_TIME %MID_TIME %THREAT_TIME" -i ens224 -n 127.0.0.1:9995 -G -e 0 -w 32768 -k 1 -K /data/cap/3 /Agent/bin/nfcapd -w -D -l /data/flow/3 -p 9995启动脚本/bin/sh /etc/rc.local 31/May/2023 13:46:03 [nprobe.c:2372] Welcome to lyprobe v.1.0.0 ($Revision: 2212 $) for x86_64-unknown-linux-gnu 31/May/2023 13:46:03 [plugin.c:145] No plugins found in ./plugins 31/May/2023 13:46:03 [plugin.c:150] Loading plugins from /bin/plugins 31/May/2023 13:46:03 [servicePlugin.c:766] No pattern found in ./fp-patterns 31/May/2023 13:46:03 [servicePlugin.c:763] Load pattern in /bin/plugins/fp-patterns 31/May/2023 13:46:03 [servicePlugin.c:505] >load 44 protocol patterns. 31/May/2023 13:46:03 [servicePlugin.c:505] >load 15 device patterns. 31/May/2023 13:46:03 [servicePlugin.c:505] >load 16 os patterns. 31/May/2023 13:46:03 [servicePlugin.c:505] >load 25 midware patterns. 31/May/2023 13:46:03 [servicePlugin.c:505] >load 16 threat patterns. 31/May/2023 13:46:03 [servicePlugin.c:792] >>Loaded 116 patterns totally. 31/May/2023 13:46:03 [plugin.c:585] 5 plugin(s) enabled 31/May/2023 13:46:03 [nprobe.c:3562] Capturing packets from interface ens192查看网卡状态，已启用PROMISC混杂模式ip add 2: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000如果使用vSphere平台，虚拟交换机和虚拟机网卡开启混杂模式安装管理和交互页面，过程中会安装mariadb数据库，并提示你配置数据库密码./server_deploy_release.sh登录控制台访问地址：http://ip:18080/ui管理员账号：admin，密码LoginLY@2016多节点接入官方正在制作教程中安装完成，具体使用参考官网文档

遭遇一起典型钓鱼邮件攻击 钓鱼邮件为APT（高级持续性攻击）常用攻击手段，有针对性、目的明确、持续时间长。钓鱼邮件伪装成合同链接诱导点击钓鱼网站伪装为网易企业邮箱官网，使用linkpc.net免费二级域名，并填充邮件接收方地址网易企业邮箱官网实际为一张截图通过代码在图片上建立伪装登录窗口，无论输入任何内容都会显示无效密码输入两次密码后，跳转邮件接收方官网，欺骗点击者认为只是登陆错误此时对方已获取邮箱密码，完成钓鱼攻击过程。

Algorius Net Viewer网络可视化监控管理软件 官网https://algorius.com/价格 免费版支持25个设备，好用请支持正版哦https://algorius.com/purchase/pricing.html程序下载https://algorius.com/download/resources.html安装均为下一步程序界面配置设备配置ping最后我的使用情况

可视化Uptime状态监控平台Uptime Kuma 项目地址https://github.com/louislam/uptime-kuma可以监控 HTTP(s) / TCP / HTTP(s) Keyword / Ping / DNS Record / Push / Steam Game Server / Docker Containers的正常运行时间一键安装docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1升级docker pull louislam/uptime-kuma:1 docker stop uptime-kuma docker rm uptime-kuma docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1主页面配置独立状态页配置企业微信通知

0基础上手python编程，批量自动备份H3C交换机配置并进行企业微信通知 交换机自动备份配置(h3c)python2备份基于CSDN@willwillwanghttps://blog.csdn.net/wq298102526/article/details/108796824python3自行编写定时计划，每天7点备份，7点40发送告警0 7 * * * python2 /root/swbackup.py > /root/swbackup.log 40 7 * * * python3 /root/swbackupweixin.py >> /root/swbackup.logpython2备份脚本 swbackup.py利用telnetlib交互登录查看交换机配置并保存，可修改命令后用于任意品牌交换机#!/usr/bin/python2 # -*- coding: UTF-8 -*- import telnetlib import time import re import codecs import time import os now = time.strftime("%y%m%d") path = "/root/backup/%s"%now if not os.path.exists(path): os.makedirs(path) Hostall = """172.16.1.1 172.16.1.2 """ Hostlist = Hostall.splitlines() for Host in Hostlist: try: tn = telnetlib.Telnet(Host, timeout=15) time.sleep(5) tn.write(b'admin\n') time.sleep(5) tn.write(b'admin@123\n') time.sleep(5) tn.write(b'screen-length disable\n') tn.write(b'dis cur\n') tn.read_some() tn.write(b'undo screen-length disable\n') tn.write(b'quit\n') mac1 = tn.read_all() f1 = open('%s/%s'%(path,Host),'wb') f1.write(mac1) f1.close() print ("%s finish"%Host) except: print("fail %s"%Host) python3通知脚本拥有python3企业微信应用通知和企业微信机器人通知，其中企业微信应用通知、温湿度使用了zabbix中现有脚本。#!/usr/bin/python3 # -*- coding: UTF-8 -*- import time,os,requests,json,subprocess from datetime import datetime from collections import Counter lines = open("/root/swbackup.log", "r", encoding='utf-8').read().split() finish = lines.count('finish') fail = lines.count('fail') total = str(finish + fail) finish = str(finish) fail = str(fail) time_2 = time.strftime("%Y-%m-%d", time.localtime()) printfinish = (time_2+"-总计备份交换机"+total+"台-成功"+finish+"台-失败"+fail+"台") os.system("/usr/lib/zabbix/alertscripts/weixin.py %s %s %s" % ("wangwangjie","交换机备份报告",printfinish)) response2 = requests.get("https://devapi.qweather.com/v7/weather/now?用自己的和风天气API") data1=json.loads(response2.text) data2=json.dumps(data1['now']) data2=json.loads(data2) data3 ="早上好！ \n当前天气情况\n环境温度"+data2['temp']+" 体感温度"+data2['feelsLike']+" 天气状况 "+data2['text']+"\n风向 "+data2['windDir']+" 风力等级"+data2['windScale']+" 风速"+data2['windSpeed']+" 湿度"+data2['humidity']+" 能见度"+data2['vis']+"公里\n" data4 = "备份交换机"+total+"台-成功"+finish+"台-失败"+fail+"台\n" data5 = "机房温度"+str(os.popen("/etc/zabbix/script/get_temp.sh").read())+"机房湿度"+str(os.popen("/etc/zabbix/script/get_hum.sh").read()) url = 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=用自己的企业微信机器人通知' body = body = { "msgtype": "news", "news": { "articles" : [ { "title" : time_2, "description" : data3+data4+data5, "url" : "90apt.com", "picurl" : "微信机器人上方图片" } ] } } headers = {"Content-Type": "application/json"} response = requests.post(url,json=body,headers=headers) print(response.text) print(response.status_code)

Self Service Password域账号自助服务台 项目官网：https://www.ltb-project.org/documentation/self-service-password.htmlgithub：https://github.com/ltb-project/self-service-password文档：https://self-service-password.readthedocs.io/en/latest/本文采用oracle linux8系统安装安装：1、安装php-smartyhttps://pkgs.org/download/php-SmartyDownload latest remi-release rpm from http://rpms.remirepo.net/enterprise/8/remi/x86_64/ Install remi-release rpm: rpm -Uvh remi-release*rpm Install php-Smarty rpm package: dnf --enablerepo=remi install php-Smarty2、安装self-service-passwordConfigure the yum repository: /etc/yum.repos.d/ltb-project.repo [ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project Then update: yum update Import repository key: rpm --import https://ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project You are now ready to install: yum install self-service-password3、安装openldapyum install -y openldap4、AD域导出证书Self Service Password必须以LDAPS方式连接域控，因此需要加载证书添加角色和功能-AD证书服务证书颁发机构web注册配置证书服务证书颁发机构开启AD域证书服务刷新策略导出证书个人证书导出转换证书openssl x509 -inform der -in ad01.cer -out ad01.pem cat ad01.pem >> /etc/openldap/certs/ldaps.pemopenldap配置文件/etc/openldap/ldap.conf TLS_CACERT /etc/openldap/certs/ldaps.pem TLS_REQCERT allow5、Self Service Password配置文件需生成独立配置文件cd /usr/share/self-service-password/conf/ cp config.inc.php config.inc.local.php我的配置文件config.inc.local.php，主要放上改动的部分和注释<?php $debug = false; //debug模式关闭 # LDAP $ldap_url = "ldaps://ad1.90apt.com:636"; //AD服务器 $ldap_starttls = false; $ldap_binddn = "CN=wangwangjie,CN=Users,DC=90apt,DC=com"; //使用的域控管理员用户 $ldap_bindpw = "passwd@123"; //上面域控管理员密码 $ldap_base = "OU=王工有限公司,OU=用户OU,DC=90apt,DC=com"; //应用的OU范围 $ldap_login_attribute = "sAMAccountName"; //登陆属性 $ldap_fullname_attribute = "cn"; //全名属性 $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; //AD需要这么配置 $ldap_use_exop_passwd = false; $ldap_use_ppolicy_control = false; $ad_mode = true; //启用AD模式 $ad_options=[]; # Force account unlock when password is changed $ad_options['force_unlock'] = true; //更改密码时强制解锁账户 # Force user change password at next login $ad_options['force_pwd_change'] = false; # Allow user with expired password to change password $ad_options['change_expired_password'] = true; //允许过期的用户修改密码 # Local password policy # This is applied before directory password policy # Minimal length $pwd_min_length = 8; //最短密码位数 # Maximal length $pwd_max_length = 0; # Minimal lower characters $pwd_min_lower = 0; # Minimal upper characters $pwd_min_upper = 0; # Minimal digit characters $pwd_min_digit = 0; # Minimal special characters $pwd_min_special = 0; # Definition of special characters $pwd_special_chars = "^a-zA-Z0-9"; //特殊字符 # Forbidden characters #$pwd_forbidden_chars = "@%"; # Don't reuse the same password as currently $pwd_no_reuse = true; //不使用重复密码 # Check that password is different than login $pwd_diff_login = true; //密码不能与账号相同 # Check new passwords differs from old one - minimum characters count $pwd_diff_last_min_chars = 0; # Forbidden words which must not appear in the password $pwd_forbidden_words = array(); # Forbidden ldap fields # Respective values of the user's entry must not appear in the password # example: $pwd_forbidden_ldap_fields = array('cn', 'givenName', 'sn', 'mail'); $pwd_forbidden_ldap_fields = array(); # Complexity: number of different class of character required $pwd_complexity = 3; //需要不同类别的字符 # use pwnedpasswords api v2 to securely check if the password has been on a leak $use_pwnedpasswords = false; # Show policy constraints message: # always # never # onerror $pwd_show_policy = "always"; //显示约束信息 # Position of password policy constraints message: # above - the form # below - the form $pwd_show_policy_pos = "above"; //在表格上显示 # disallow use of the only special character as defined in `$pwd_special_chars` at the beginning and end $pwd_no_special_at_ends = false; # Who changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "manager"; //谁的权限修改 ## Token # Use tokens? # true (default) # false $use_tokens = true; # Crypt tokens? # true (default) # false $crypt_tokens = true; # Token lifetime in seconds $token_lifetime = "3600"; ## Mail # LDAP mail attribute $mail_attributes = array( "userPrincipalName","mail", "gosaMailAlternateAddress", "proxyAddresses" ); //邮箱形式 # Get mail address directly from LDAP (only first mail entry) # and hide mail input field # default = false $mail_address_use_ldap = true; //直接从域控获取邮箱 # Who the email should come from $mail_from = "wangwangjie@90apt.com"; $mail_from_name = "域账号自助改密解锁服务"; $mail_signature = "本邮件为通过密码自助修改LDAP账号密码，无需回复，如有重置密码遇到问题可以联系运维同学"; # Notify users anytime their password is changed $notify_on_change = true; # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer) $mail_sendmailpath = '/usr/sbin/sendmail'; $mail_protocol = 'smtp'; $mail_smtp_debug = 0; $mail_debug_format = 'html'; $mail_smtp_host = 'smtp.90apt.com'; $mail_smtp_auth = true; $mail_smtp_user = 'wangwangjie@90apt.com'; $mail_smtp_pass = 'passwd@123'; $mail_smtp_port = 25; $mail_smtp_timeout = 30; $mail_smtp_keepalive = false; $mail_smtp_secure = 'tls'; $mail_smtp_autotls = true; $mail_smtp_options = array(); $mail_contenttype = 'text/plain'; $mail_wordwrap = 0; $mail_charset = 'utf-8'; $mail_priority = 3; ## SMS # Use sms $use_sms = true; # SMS method (mail, api) $sms_method = "api"; $sms_api_lib = "lib/smsapi.inc.php"; //自编写短信api，从短信平台的帮助文档里找 # GSM number attribute $sms_attributes = array( "mobile", "pager", "ipPhone", "homephone" ); # Partially hide number $sms_partially_hide_number = true; # Send SMS mail to address. {sms_attribute} will be replaced by real sms number $smsmailto = "{sms_attribute}@service.provider.com"; # Subject when sending email to SMTP to SMS provider $smsmail_subject = "Provider code"; # Message $sms_message = "{smsresetmessage} {smstoken}"; # Remove non digit characters from GSM number $sms_sanitize_number = false; # Truncate GSM number $sms_truncate_number = false; $sms_truncate_number_length = 10; # SMS token length $sms_token_length = 6; # Max attempts allowed for SMS token $max_attempts = 5; # Encryption, decryption keyphrase, required if $use_tokens = true and $crypt_tokens = true, or $use_sms, or $crypt_answer # Please change it to anything long, random and complicated, you do not have to remember it # Changing it will also invalidate all previous tokens and SMS codes $keyphrase = "90apt"; //关键词 # Display menu on top $show_menu = true; //显示菜单 # Logo $logo = "images/logo.png"; //logo # Background image $background_image = "images/90apt.png"; //壁纸 参考链接：https://blog.csdn.net/qq_33574974/article/details/128440776https://blog.csdn.net/qq_43536701/article/details/112290651https://blog.csdn.net/sunny05296/article/details/87634602https://blog.csdn.net/jnloverll/article/details/120333488https://www.cnblogs.com/cf-cf/p/12027495.htmlhttps://hebye.com/docs/ldap/ldap-1d9e6e2dts5avhttps://zhuanlan.zhihu.com/p/445700057?utm_id=0https://cloud.tencent.com/developer/article/1937696https://blog.csdn.net/weixin_44728369/article/details/117558938https://blog.csdn.net/weixin_34163313/article/details/115243146https://blog.csdn.net/hc1017/article/details/81293323?locationNum=1&fps=1https://www.cnblogs.com/skymyyang/p/13653294.htmlhttps://blog.csdn.net/qq461391728/article/details/115867721?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522162848744116780265427748%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&request_id=162848744116780265427748&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~sobaiduend~default-1-115867721.pc_search_result_control_group&utm_term=self+service+password+%E5%9F%9F%E8%B4%A6%E5%8F%B7&spm=1018.2226.3001.4187https://blog.csdn.net/yanchuandong/article/details/119598665https://blog.51cto.com/u_10630242/2538982

FusionCompute 虚拟机安装tools重启后tools未运行 华为官方说明https://support.huawei.com/enterprise/zh/knowledge/EKB1100039465执行chkconfig qemu-ga off 关闭操作系统自带的qemu-ga工具

1Panel 新一代的 Linux 服务器运维管理面板 官网https://www.1panel.cn/githubhttps://github.com/1Panel-dev/1Panel安装https://1panel.cn/docs/installation/online_installation/

长亭科技雷池 SafeLine 社区版部署 官网https://waf-ce.chaitin.cn/githubhttps://github.com/chaitin/safeline/blob/main/README_CN.md安装确保机器上正确安装 Docker 和 Compose V2docker info # >= 20.10.6 docker compose version # >= 2.0.0注意配置docker镜像加速以及docker网卡修改网段防止冲突部署安装运行mkdir -p /safeline && cd safeline # 下载并执行 setup curl -kfLsS https://waf-ce.chaitin.cn/release/latest/setup.sh | bash # 运行 sudo docker compose up -d升级自动一键更新 WARN: 雷池 SafeLine 服务会重启，流量会中断一小段时间，根据业务情况选择合适的时间来执行升级操作。 # 请到 compose.yaml 同级目录下执行下面脚本 cd /safeline | curl -kfLsS https://waf-ce.chaitin.cn/release/latest/upgrade.sh | bash