0. armbian-config ,setting time,hostname,wlan 1. install pppoeconf && ppp 2.run pppoeconf(seart boor---NO) 3 edit rc.local Finaly, I fixed adding : ip link set eth0 up pon dsl-provider exit 0 at /etc/rc.local 4. get noip Install noip2 from source cd /usr/local/src/ wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xf noip-duc-linux.tar.gz cd noip-2.1.9-1/ make make install If you get make not found or missing gcc then you do not have the gcc compiler tools on your machine. At https://help.ubuntu.com/community/InstallingCompilers you can find install instructions if you need help. Configure the Client As root (or with sudo) issue the below command: /usr/local/bin/noip2 -C (dash capital C, this will create the default config file) Create a Systemd service Create the file $sudo nano /etc/systemd/system/noip2.service and paste the following: ---------------------------------------------------------------------------- [Unit] Description=No-IP Dynamic DNS Update Client After=network.target [Service] Type=forking ExecStart=/usr/local/bin/noip2 [Install] WantedBy=multi-user.target ------------------------------------------- Activating systemctl status noip2.service cd /ho (start immediately) systemctl enable noip2.service (start on boot) 5. update & upgrade 6. edit /etc/ssh/sshd_config set deny root access ssh 7.install mtr ######8.Change DNS Settings in Ubuntu 18.04 LTS install dnsmasq 8.install apache2 9. copy www.zip to /home/hckao 10.unzip www.zip 11.copy folder 'www' to /var/www 12. install snmp,snmpd,snmp-mibs sudo apt-get update sudo apt-get install snmp snmp-mibs-downloader sudo apt-get update sudo apt-get install snmpd 13. edit snmpd.conf $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ------------------------------------------------------------------ https://www.cwb.gov.tw/V7/observe/satellite/Sat_EA.htm?type=1 pppoe 的安裝 是pppoeconf && ppp 1.Softether 教學 2.tar 3./etc/network/interfaces 4.ftp ***************************** 重要......S905安裝方式 https://code.launchpad.net/~paskal-07/+archive/ubuntu/softethervpn-nightly sudo apt-add-repository ppa:paskal-07/softethervpn-nightly && sudo apt-get update && sudo apt-get upgrade && sudo apt-get install softether-vpnserver ***************************** 以下是新版armbian 的interface設定 cat interfaces source /etc/network/interfaces.d/* # Network is managed by Network manager # Wired adapter #1 allow-hotplug eth0 no-auto-down eth0 iface eth0 inet dhcp #address 192.168.0.100 #netmask 255.255.255.0 #gateway 192.168.0.1 #dns-nameservers 8.8.8.8 8.8.4.4 # hwaddress ether # if you want to set MAC manually # pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838 auto lo iface lo inet loopback auto dsl-provider iface dsl-provider inet ppp pre-up /bin/ip link set eth0 up # line maintained by pppoeconf provider dsl-provider auto eth0 iface eth0 inet manual **************************************************************** @reboot sleep 60 ; sudo pon dsl-provider **************************************************************** **************************************************************** softetherVPN 安裝過程 hckao@x96:~$ sudo apt-add-repository ppa:paskal-07/softethervpn [sudo] password for hckao: SoftEtherVPN Daily Builds. To install SoftEtherVPN type in terminal: sudo apt-add-repository ppa:paskal-07/softethervpn && sudo apt-get update && sudo apt-get upgrade && sudo apt-get install softether-vpnserver More info: https://launchpad.net/~paskal-07/+archive/ubuntu/softethervpn Press [ENTER] to continue or Ctrl-c to cancel adding it. Get:1 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic InRelease [15.9 kB] Hit:2 http://ports.ubuntu.com bionic InRelease Hit:3 http://mirrors.dotsrc.org/armbian-apt bionic InRelease Get:4 http://ports.ubuntu.com bionic-security InRelease [88.7 kB] Get:5 http://ports.ubuntu.com bionic-updates InRelease [88.7 kB] Get:6 http://ports.ubuntu.com bionic-backports InRelease [74.6 kB] Get:7 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main armhf Packages [1156 B] Get:8 http://ports.ubuntu.com bionic-security/main armhf Packages [308 kB] Get:9 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main arm64 Packages [1148 B] Get:10 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main Translation-en [768 B] Get:11 http://ports.ubuntu.com bionic-security/main arm64 Packages [332 kB] Get:12 http://ports.ubuntu.com bionic-security/main Translation-en [162 kB] Get:13 http://ports.ubuntu.com bionic-security/universe arm64 Packages [520 kB] Get:14 http://ports.ubuntu.com bionic-security/universe armhf Packages [469 kB] Get:15 http://ports.ubuntu.com bionic-updates/main armhf Packages [523 kB] Get:16 http://ports.ubuntu.com bionic-updates/main arm64 Packages [549 kB] Get:17 http://ports.ubuntu.com bionic-updates/restricted arm64 Packages [956 B] Get:18 http://ports.ubuntu.com bionic-updates/restricted armhf Packages [6720 B] Get:19 http://ports.ubuntu.com bionic-updates/restricted Translation-en [4156 B] Get:20 http://ports.ubuntu.com bionic-updates/universe arm64 Packages [886 kB] Get:21 http://ports.ubuntu.com bionic-updates/universe armhf Packages [831 kB] Get:22 http://ports.ubuntu.com bionic-updates/universe Translation-en [301 kB] Get:23 http://ports.ubuntu.com bionic-updates/multiverse armhf Packages [3572 B] Get:24 http://ports.ubuntu.com bionic-updates/multiverse arm64 Packages [2600 B] Get:25 http://ports.ubuntu.com bionic-updates/multiverse Translation-en [3556 B] Fetched 5173 kB in 9s (591 kB/s) Reading package lists... Done $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ hckao@x96:~$ sudo apt-get update Hit:1 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic InRelease Hit:2 http://ports.ubuntu.com bionic InRelease Hit:3 http://mirrors.dotsrc.org/armbian-apt bionic InRelease Hit:4 http://ports.ubuntu.com bionic-security InRelease Hit:5 http://ports.ubuntu.com bionic-updates InRelease Hit:6 http://ports.ubuntu.com bionic-backports InRelease Reading package lists... Done $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ hckao@x96:~$ sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: wpasupplicant 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 808 kB of archives. After this operation, 4096 B of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ports.ubuntu.com bionic-security/main arm64 wpasupplicant arm64 2:2.6-15ubuntu2.4 [808 kB] Fetched 808 kB in 2s (350 kB/s) (Reading database ... 45302 files and directories currently installed.) Preparing to unpack .../wpasupplicant_2%3a2.6-15ubuntu2.4_arm64.deb ... Unpacking wpasupplicant (2:2.6-15ubuntu2.4) over (2:2.6-15ubuntu2.3) ... Setting up wpasupplicant (2:2.6-15ubuntu2.4) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for dbus (1.12.2-1ubuntu1.1) ... $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ hckao@x96:~$ sudo apt-get install softether-vpnserver Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: softether-common softether-vpncmd The following NEW packages will be installed: softether-common softether-vpncmd softether-vpnserver 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 5686 kB of archives. After this operation, 7153 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main arm64 softether-common arm64 5.01.9671~201907101749~ubuntu18.04.1 [679 kB] Get:2 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main arm64 softether-vpncmd arm64 5.01.9671~201907101749~ubuntu18.04.1 [2503 kB] Get:3 http://ppa.launchpad.net/paskal-07/softethervpn/ubuntu bionic/main arm64 softether-vpnserver arm64 5.01.9671~201907101749~ubuntu18.04.1 [2504 kB] Fetched 5686 kB in 7s (763 kB/s) Selecting previously unselected package softether-common. (Reading database ... 45302 files and directories currently installed.) Preparing to unpack .../softether-common_5.01.9671~201907101749~ubuntu18.04.1_arm64.deb ... Unpacking softether-common (5.01.9671~201907101749~ubuntu18.04.1) ... Selecting previously unselected package softether-vpncmd. Preparing to unpack .../softether-vpncmd_5.01.9671~201907101749~ubuntu18.04.1_arm64.deb ... Unpacking softether-vpncmd (5.01.9671~201907101749~ubuntu18.04.1) ... Selecting previously unselected package softether-vpnserver. Preparing to unpack .../softether-vpnserver_5.01.9671~201907101749~ubuntu18.04.1_arm64.deb ... Unpacking softether-vpnserver (5.01.9671~201907101749~ubuntu18.04.1) ... Setting up softether-common (5.01.9671~201907101749~ubuntu18.04.1) ... Setting up softether-vpncmd (5.01.9671~201907101749~ubuntu18.04.1) ... Processing triggers for systemd (237-3ubuntu10.25) ... Setting up softether-vpnserver (5.01.9671~201907101749~ubuntu18.04.1) ... Processing triggers for systemd (237-3ubuntu10.25) ... hckao@x96:~$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ sudo /home/hckao/vpncmd Choose 1 and keep hitting enter for default settings till you get a prompt where you type in (選擇1並保持輸入默認設置,直到您輸入的提示) 1 ServerPasswordSet VPN Server>ServerPasswordSet ServerPasswordSet command - Set VPN Server Administrator Password Please enter the password. To cancel press the Ctrl+D key. **************************************************************** tar -zcf /var/backups/home.tgz /home/ tar -zcf /home/hckao/laserweb.tgz /var/www/ tar -cvf mpi.tar mpi/ 這個指令會將 mpi 資料夾與其中的所有檔案都壓縮成一個 mpi.tar 壓縮檔。壓縮時會顯示其中的檔案, 輸出就會像這樣: 下面是這個 tar 指令所使用的參數說明: c:建立壓縮檔案(create)。 v:輸出處理的檔案列表(verbose)。 f:指定壓縮檔案(archive file)。 在建立 .tar 壓縮檔案時,如果是壓縮很重要的資料的話, 可以加上驗證(verify)的選項,確保壓縮之後的檔案沒有錯誤: tar cvfW mpi.tar mpi/ 解壓縮 .tar 壓縮檔案 若要解壓縮 .tar 壓縮檔案,則可使用 tar 指令的 -x 參數(代表 extract), 若要將上面壓縮好的 mpi.tar 壓縮檔解開,則可使用下面的指令: tar -xvf mpi.tar tar zxvf fileNameHere.tgz gunzip -c backups.tgz | tar xvf - TAR COMMAND OPTIONS -z : Uncompress the resulting archive with gzip command. -x : Extract to disk from the archive. -v : Produce verbose output i.e. show progress and file names while extracting files. -f backup.tgz : Read the archive from the specified file called backup.tgz. -C /tmp/data : Unpack/extract files in /tmp/data instead of the default current directory. **************************************************************** FTP SERVER http://www.htpcguides.com/install-configure-ftp-server-debian-linux-raspberry-pi/ sudo apt-get install vsftpd sudo nano /etc/vsftpd.conf remove "#" at line local enable =yes remove "#" at line write enable =yes On Linux hidden files are preceded with a ???? if you want to be able to see hidden folders, add this line at the bottom force_dot_files=YES sudo service vsftpd restart /etc/init.d/vsftpd startFTP SERVER 重要~~~~~~是18.04的教學 https://devanswers.co/installing-ftp-server-vsftpd-ubuntu-18-04/ **************************************************************** /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin yes # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server **************************************************************** 設定防火牆預設規則 如果你想要規則嚴一點,可以預設封鎖所有通訊埠,再選擇性打開幾個 port;你也可以預設開放所有 port,然後再封鎖幾個 port。預設允許/封鎖的指令如下: sudo ufw default allow # 預設允許 sudo ufw default deny # 預設封鎖 允許/封鎖通訊埠(port) 如果你要允許 SSH port 的話,可以這樣下: sudo ufw allow ssh 或是 sudo ufw allow 22 也可以允許或封鎖其他的 port: sudo ufw allow 80 # 允許 80 sudo ufw allow 443 # 允許 443 sudo ufw deny 3389 # 封鎖 3389 sudo ufw deny 21 # 封鎖 21 甚至可以一次允許一個範圍的 port: sudo ufw allow 6000:6007/tcp # 允許 TCP 6000~6007 sudo ufw allow 6000:6007/udp # 允許 UDP 6000~6007 來自特定 IP 的規則 上面的規則是針對所有 IP,如果你想要針對某些 IP 可以不受控管,你也可以這樣設定: sudo ufw allow from 192.168.11.10 # 允許 192.168.11.10 的所有連線 sudo ufw allow from 192.168.11.0/24 # 允許 192.168.11.1~192.168.11.255 的所有連線 sudo ufw deny from 192.168.11.4 # 封鎖 192.168.11.4 的所有連線 果你只是不想讓某個小明偷偷連到你的 SSH Port,你也可以針對他封鎖: sudo ufw deny from 192.168.11.7 to any port 22 查看目前設了什麼規則 推薦使用這個指令來看目前設了什麼規則: sudo ufw status numbered 這個指令會幫你把規則前面加上編號: Numbered Output: Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 80 ALLOW IN Anywhere [ 3] 443 ALLOW IN Anywhere 如果你突然不喜歡某個規則了,可以直接刪除它: sudo ufw delete 3 那個規則就不見囉! 開啟/關閉/重設防火牆 設定完所有規則後,記得把防火牆打開。 如果你是用 SSH 連線,別忘了要先 allow 自己的 SSH 連線。 sudo ufw enable # 啟用防火牆 sudo ufw disable # 停用防火牆 如果你把規則改爛了,想要重新來過的話,可以重設: sudo ufw reset $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 另一種 NOIP0 安裝方式 Install noip2 from source cd /usr/local/src/ wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xf noip-duc-linux.tar.gz cd noip-2.1.9-1/ make make install If you get make not found or missing gcc then you do not have the gcc compiler tools on your machine. At https://help.ubuntu.com/community/InstallingCompilers you can find install instructions if you need help. Configure the Client As root (or with sudo) issue the below command: /usr/local/bin/noip2 -C (dash capital C, this will create the default config file) Create a Systemd service Create the file /etc/systemd/system/noip2.service and paste the following: ------------------------------------------- [Unit] Description=No-IP Dynamic DNS Update Client After=network.target [Service] Type=forking ExecStart=/usr/local/bin/noip2 [Install] WantedBy=multi-user.target ------------------------------- end NOIP unzip $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ sudo apt-get install unzip unzip file.zip -d destination_folder If the source and destination directories are the same, you can simply do: unzip file.zip $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ end unzip Activating systemctl status noip2.service systemctl start noip2.service (start immediately) systemctl enable noip2.service (start on boot) $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Change DNS using the Ubuntu Terminal If you are a hardcore programmer and don’t like fixing things using the user interface, then need not to worry. You can also change the DNS settings using the built-in terminal. To simply learn how to change the DNS settings in Ubuntu using terminal kindly following the steps below: First of all, you will need to add the nameservers to the dnsmasq config file. But unfortunately, the dnsmasq isn’t installed On Ubuntu by default. So, in order to proceed with changing the DNS settings using built-in terminal, we will first have to install dnsmasq. You can do it by launching the terminal and write sudo apt-get install dnsmasq After the installation of dnsmasq you can finally edit the config file with the use of the following command: sudo nano /etc/dnsmasq.conf After entering the above command, the config file will open, and you need to find the line where it says, “Add other nameservers here”. Once found you can replace it with the desired DNS server address as shown in the example below