hckao@192.168.1.112's password: _ _ ___ ___ ____ / \ _ __ ___ | | ___ / _ \ / _ \| ___|_ __ / _ \ | '_ ` _ \| | / __| (_) | | | |___ \ \ /\ / / / ___ \| | | | | | | \__ \\__, | |_| |___) \ V V / /_/ \_\_| |_| |_|_| |___/ /_/ \___/|____/ \_/\_/ Welcome to Armbian 22.08.0-trunk Jammy with Linux 5.15.59-flippy-75+o System load: 2% Up time: 3 days 17:36 Memory usage: 9% of 1.77G IP: 192.168.1.112 220.133.209.15 CPU temp: 62°C Usage of /: 5% of 29G RX today: 5.6 MiB Last login: Mon Aug 22 23:21:35 2022 from 192.168.1.110 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ eth0: flags=4163 mtu 1500 inet 192.168.1.112 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 2001:b011:1001:784b:40e6:a2b3:8a5f:6f74 prefixlen 64 scopeid 0x0 inet6 fe80::709f:f5cd:1299:7b1a prefixlen 64 scopeid 0x20 inet6 fe80::9c61:50ff:fe3e:1aaa prefixlen 64 scopeid 0x20 ether 9e:61:50:3e:1a:aa txqueuelen 1000 (Ethernet) RX packets 965683 bytes 62919381 (62.9 MB) RX errors 0 dropped 162232 overruns 0 frame 0 TX packets 121620 bytes 11938717 (11.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 29 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 289 bytes 34090 (34.0 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 289 bytes 34090 (34.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ppp0: flags=4305 mtu 1492 inet 220.133.209.15 netmask 255.255.255.255 destination 111.247.3.62 inet6 fe80::d08a:5b5c:e8be:b425 prefixlen 128 scopeid 0x20 ppp txqueuelen 3 (Point-to-Point Protocol) RX packets 128698 bytes 9549116 (9.5 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 102347 bytes 7480934 (7.4 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ crontab # Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m), hour (h), day of month (dom), month (mon), # and day of week (dow) or use '*' in these fields (for 'any'). # # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected). # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command @reboot sleep 30 ; sudo systemctl stop serial-getty@ttyS0.service @reboot sleep 35 ; sudo systemctl disable serial-getty@ttyS0.service @reboot sleep 40 ; sudo cp /etc/resolv.conf.bak /etc/resolv.conf @reboot sleep 45 ; sudo /etc/init.d/networking restart @reboot sleep 90 ; sudo pon dsl-provider +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [ - ] alsa-utils [ - ] apache-htcacheclean [ + ] apache2 [ + ] chrony [ - ] console-setup.sh [ + ] cpufrequtils [ + ] cron [ + ] dbus [ + ] fake-hwclock [ + ] haveged [ - ] hostapd [ - ] hwclock.sh [ - ] keyboard-setup.sh [ + ] kmod [ + ] loadcpufreq [ + ] named [ - ] networking [ - ] nfs-common [ + ] nfs-kernel-server [ + ] openvpn [ + ] procps [ + ] resolvconf [ + ] rpcbind [ - ] rsync [ - ] screen-cleanup [ - ] selinux-autorelabel [ + ] smartmontools [ + ] ssh [ + ] sysfsutils [ + ] sysstat [ + ] udev [ + ] ufw [ + ] unattended-upgrades [ + ] vnstat +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ cat rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. bash /etc/custom_service/start_service.sh & # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. bash /etc/custom_service/start_service.sh & exit 0 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ cat db.laserman1 $TTL 10800 ; @ IN SOA dns.laserman.tw. hc.kao1.gmail.com. ( 2022081801; 10800; 3600; 86400; 86400); ; @ IN NS dns.laserman.tw.; @ IN NS dns1.laserman.tw.; @ 3600 IN MX 1 mail.laserman.tw.; @ 3600 IN MX 10 mail2.laserman.tw.; dns.laserman.tw. IN A 220.133.209.15; dns1.laserman.tw. IN A 220.134.245.198; www.laserman.tw. IN A 220.134.245.198; mail.laserman.tw. IN A 220.133.209.15; mail2.laserman.tw. IN A 220.134.245.198; vpn.laserman.tw. IN CNAME x96.ddns.net. ;(這台是x96mini) cloud.laserman.tw. IN CNAME hckao.ddns.net. ;(這台是H96Max) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat db.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat 220.133.209.rev $TTL 3600 ;指定SOA紀錄 @ IN SOA dns.laserman.tw. webadmin.laserman.tw. ( 2022081505 1800 900 86400 3600 ) ; ;指定NS紀錄,SOA跟NS的寫法都跟正解一樣 @ IN NS dns.laserman.tw. @ IN NS dns1.laserman.tw. ;指定PTR紀錄,反解裡面就只有PTR紀錄,說明IP要對應到哪個名稱 15.209.133.220.in-addr.arpa. IN PTR dns.laserman.tw. ;注意最前面的IP順序是相反的 15 IN PTR dns.laserman.tw. ;也可以用簡寫,只寫IP最後一碼即可,但注意簡寫後面不可加. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf.default-zones // prime the server with knowledge of the root servers zone "." { type hint; file "/usr/share/dns/root.hints"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf.default-zones.1st // prime the server with knowledge of the root servers zone "." { type hint; file "/usr/share/dns/root.hints"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; zone "laserman.tw" { type master; file "/etc/bind/db.laserman1"; }; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "laserman.tw" { type master; file "/etc/bind/db.laserman1"; }; zone "209.133.220.in-addr.arpa" { type master; file "/etc/bind/220.133.209.rev"; }; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "laserman.tw" { type master; file "/etc/bind/db.laserman1"; }; zone "209.133.220.in-addr.arpa" { type master; file "/etc/bind/220.133.209.rev"; }; root@mail:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; }; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; }; +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hckao@mail:~$ sudo apt-get -y install bind9 正在讀取套件清單... 完成 正在重建相依關係... 完成 正在讀取狀態資料... 完成 下列的額外套件將被安裝: bind9-utils dns-root-data 建議套件: bind-doc ufw 下列【新】套件將會被安裝: bind9 bind9-utils dns-root-data 升級 0 個,新安裝 3 個,移除 0 個,有 6 個未被升級。 需要下載 398 kB 的套件檔。 此操作完成之後,會多佔用 1,362 kB 的磁碟空間。 下載:1 http://ports.ubuntu.com jammy-security/main arm64 bind9-utils arm64 1:9.18.1-1ubuntu1.1 [148 kB] 下載:2 http://ports.ubuntu.com jammy/main arm64 dns-root-data all 2021011101 [5,256 B] 下載:3 http://ports.ubuntu.com jammy-security/main arm64 bind9 arm64 1:9.18.1-1ubuntu1.1 [244 kB] 取得 398 kB 用了 3s (145 kB/s) 選取了原先未選的套件 bind9-utils。 (讀取資料庫 ... 目前共安裝了 36056 個檔案和目錄。) 正在準備解包 .../bind9-utils_1%3a9.18.1-1ubuntu1.1_arm64.deb…… Unpacking bind9-utils (1:9.18.1-1ubuntu1.1) ... 選取了原先未選的套件 dns-root-data。 正在準備解包 .../dns-root-data_2021011101_all.deb…… Unpacking dns-root-data (2021011101) ... 選取了原先未選的套件 bind9。 正在準備解包 .../bind9_1%3a9.18.1-1ubuntu1.1_arm64.deb…… Unpacking bind9 (1:9.18.1-1ubuntu1.1) ... 設定 dns-root-data (2021011101) ... 設定 bind9-utils (1:9.18.1-1ubuntu1.1) ... 設定 bind9 (1:9.18.1-1ubuntu1.1) ... Adding group `bind' (GID 119) ... Done. Adding system user `bind' (UID 112) ... Adding new user `bind' (UID 112) with group `bind' ... Not creating home directory `/var/cache/bind'. wrote key file "/etc/bind/rndc.key" named-resolvconf.service is a disabled or a static unit, not starting it. Created symlink /etc/systemd/system/bind9.service → /lib/systemd/system/named.service. Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /lib/systemd/system/named.service. 執行 man-db (2.10.2-1) 的觸發程式…… +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ root@mail:/etc# cat hosts.allow # /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. # sshd:192.168.1.0/24:allow sshd:192.168.9.0/24:allow sshd:1.160.0.0/16:allow sshd:1.162.0.0/16:allow #sshd:1.0.0.0/8:allow sshd:192.168.20.0/24:allow sshd:114.34.34.0/24:allow sshd:220.133.209.15:allow sshd:220.134.245.198:allow ++++++++++++++++++++++++++++ root@mail:/etc# cat hosts.deny # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5) and hosts_options(5). # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "rpcbind" for the # daemon name. See rpcbind(8) and rpc.mountd(8) for further information. # # The PARANOID wildcard matches any host whose name does not match its # address. # # You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID sshd:ALL +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++