hckao@192.168.1.117's password:(重新開機約55 sec) _ _ ___ ___ ____ ____ / \ _ __ ___ | | ___ / _ \ / _ \| ___|_ _|___ \ / _ \ | '_ ` _ \| | / __| (_) | | | |___ \ \/ / __) | / ___ \| | | | | | | \__ \\__, | |_| |___) > < / __/ /_/ \_\_| |_| |_|_| |___/ /_/ \___/|____/_/\_\_____| Welcome to Armbian 22.08.0-trunk Jammy with Linux 5.10.136-ophub System load: 2% Up time: 4 min Memory usage: 4% of 3.70G IP: 192.168.1.117 192.168.9.173 CPU temp: 46°C Usage of /: 10% of 15G RX today: 45.6 MiB [ General system configuration (beta): armbian-config ] Last login: Mon Aug 22 22:58:09 2022 from 192.168.9.211 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Generated by NetworkManager nameserver 8.8.8.8 nameserver 168.95.1.1 nameserver 2001:b000:168::1 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 2001:b000:168::2 nameserver 8.8.8.8 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m), hour (h), day of month (dom), month (mon), # and day of week (dow) or use '*' in these fields (for 'any'). # # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected). # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command @reboot sleep 10 ; sudo systemctl stop serial-getty@ttyS0.service @reboot sleep 15 ; systemctl disable serial-getty@ttyS0.service @reboot sleep 45 ; sudo cp /etc/resolv.conf.bak /etc/resolv.conf @reboot sleep 50 ; sudo /etc/init.d/networking restart @reboot sleep 60 ; sudo pon dsl-provider ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@X96-DNS:~$ sudo cat /etc/hosts.deny # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID sshd:ALL ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@X96-DNS:~$ sudo cat /etc/hosts.allow # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. # sshd:192.168.1.0/24:allow sshd:192.168.9.0/24:allow sshd:1.160.0.0/16:allow sshd:1.162.0.0/16:allow #sshd:1.0.0.0/8:allow sshd:192.168.20.0/24:allow sshd:114.34.34.0/24:allow sshd:220.133.209.15:allow sshd:220.134.245.198:allow hckao@X96-DNS:~$ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@X96-DNS:~$ sudo cat /etc/ssh/sshd_config # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Include /etc/ssh/sshd_config.d/*.conf #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m ####################################### PermitRootLogin no ####################################### #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin yes # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 75499304@hinet.net(75499304@ip.hinet.net) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@X96-DNS:~$ sudo apt install bind9 正在讀取套件清單... 完成 正在重建相依關係... 完成 正在讀取狀態資料... 完成 下列的額外套件將被安裝: bind9-utils dns-root-data 建議套件: bind-doc ufw 下列【新】套件將會被安裝: bind9 bind9-utils dns-root-data 升級 0 個,新安裝 3 個,移除 0 個,有 0 個未被升級。 需要下載 398 kB 的套件檔。 此操作完成之後,會多佔用 1,362 kB 的磁碟空間。 是否繼續進行 [Y/n]? [Y/n] 下載:1 http://ports.ubuntu.com jammy-security/main arm64 bind9-utils arm64 1:9.18.1-1ubuntu1.1 [148 kB] 下載:2 http://ports.ubuntu.com jammy/main arm64 dns-root-data all 2021011101 [5,256 B] 下載:3 http://ports.ubuntu.com jammy-security/main arm64 bind9 arm64 1:9.18.1-1ubuntu1.1 [244 kB] 取得 398 kB 用了 2s (181 kB/s) 選取了原先未選的套件 bind9-utils。 (讀取資料庫 ... 目前共安裝了 36201 個檔案和目錄。) 正在準備解包 .../bind9-utils_1%3a9.18.1-1ubuntu1.1_arm64.deb…… Unpacking bind9-utils (1:9.18.1-1ubuntu1.1) ... 選取了原先未選的套件 dns-root-data。 正在準備解包 .../dns-root-data_2021011101_all.deb…… Unpacking dns-root-data (2021011101) ... 選取了原先未選的套件 bind9。 正在準備解包 .../bind9_1%3a9.18.1-1ubuntu1.1_arm64.deb…… Unpacking bind9 (1:9.18.1-1ubuntu1.1) ... 設定 dns-root-data (2021011101) ... 設定 bind9-utils (1:9.18.1-1ubuntu1.1) ... 設定 bind9 (1:9.18.1-1ubuntu1.1) ... Adding group `bind' (GID 119) ... Done. Adding system user `bind' (UID 112) ... Adding new user `bind' (UID 112) with group `bind' ... Not creating home directory `/var/cache/bind'. wrote key file "/etc/bind/rndc.key" named-resolvconf.service is a disabled or a static unit, not starting it. Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service. Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service. 執行 man-db (2.10.2-1) 的觸發程式…… hckao@X96-DNS:~$ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@X96-DNS:~$ sudo cat /etc/bind/named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "laserman.tw" { type master; file "/etc/bind/db.laserman1"; }; zone "209.133.220.in-addr.arpa" { type master; file "/etc/bind/220.133.209.rev"; }; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@X96-DNS:/etc/bind# sudo cat db.laserman $TTL 10800 ; @ IN SOA dns.laserman.tw. hc.kao1.gmail.com. ( 2022081801; serial 10800; refresh 3600; retry 86400; expire 86400); Negative Caching ; @ IN NS dns.laserman.tw.; @ IN NS dns1.laserman.tw.; @ 3600 IN MX 1 mail.laserman.tw.; @ 3600 IN MX 10 mail2.laserman.tw.; dns.laserman.tw. IN A 220.133.209.15; dns1.laserman.tw. IN A 220.134.245.198; www.laserman.tw. IN A 220.134.245.198; mail.laserman.tw. IN A 220.133.209.15; mail2.laserman.tw. IN A 220.134.245.198; vpn.laserman.tw. IN CNAME x96.ddns.net. ;(這台是x96mini) cloud.laserman.tw. IN CNAME hckao.ddns.net. ;(這台是H96Max) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@X96-DNS:/etc/bind# sudo cat 220.133.209.rev $TTL 10800 ;指定SOA紀錄 @ IN SOA dns.laserman.tw. webadmin.laserman.tw. ( 2022081503 ; serial 10800 ; refresh 3600 ; retry 86400 ; expire 36400 ) ; Negative Caching ; ;指定NS紀錄,SOA跟NS的寫法都跟正解一樣 @ IN NS dns.laserman.tw. @ IN NS dns1.laserman.tw. ;指定PTR紀錄,反解裡面就只有PTR紀錄,說明IP要對應到哪個名稱 15.209.133.220.in-addr.arpa. IN PTR dns.laserman.tw. ;注意最前面的IP順序是相反的 15 IN PTR dns.laserman.tw. ;也可以用簡寫,只寫IP最後一碼即可,但注意簡寫後面不可加. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++