Posts Tagged ‘ CentOS

Visual Studio Code 的安装说明,以及推荐的延伸模组 (Windows/Linux)

微软开发的 Visual Studio Code (简称 VS Code) 是一套非常热门的“编辑器”! VS Code 跨平台,且开放原始码。它虽然仅是一个轻量版的编辑器,却可经由安装延伸模组来支援程式码语法突显、侦错、自动补全、重构、Markdown...等琳瑯满目功能,打造你梦想中的 IDE (整合开发环境)。

VS Code 默认仅支援 JavaScript、TypeScript、CSS、HTML,同样能透过下载延伸模组来支援 Python、C/C++、Java、Perl、Go... 等其他程式语言。

Read more

[Perl]如何在 Visual Studio Code 建立 Perl 的程式开发环境 (Windows/Linux)

据说 Perl 可能是近几年会消失的 5 种程式语言之一 (另外 4 个语言分别是 RubyHaskellObject-CR)! 现在在 Visual Studio Code (简称 VS Code) 建立 Perl 的程式开发环境也算是帮 Perl 续一下命,大慈大悲、功德无量。

要建立好整个 Perl 的开发环境主要分为三个步骤:

  1. 安装 Perl 的执行环境
  2. 安装 VS Code Editor
  3. 在 VS Code 安装 Perl 的延伸模组 (Extension)

Read more

如何解决 TLS/SSL 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点: TLS Service Supports Weak Cipher Suite

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.

  • Severity: Medium
  • Risk: A TLS service was observed supporting weak cipher suites.
  • Recommendation: Disable the cipher suites listed in the evidence column of the measurement.

Read more

如何解决 SSH Server 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点 1: SSH Supports Weak Cipher

The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.

  • Severity: Medium
  • Risk: A weak cipher has been detected.
  • Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.

弱点 2: SSH Supports Weak MAC

The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.

  • Severity: Medium
  • Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
  • Recommendation: Configure the SSH server to disable the use of MD5.

Read more

如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定

弱点扫瞄

弱点: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

  • Severity: High
  • Risk: A TLS service was observed supporting weak protocols.
  • Recommendation: Disable the protocols listed in the evidence column of the measurement.

Read more

如何自动将网站的 http:// 网址转址为 https://

弱点扫瞄

弱点: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

Read more

CentOS 5/6 改为可用的 yum 套件库来源 (2022)

若执行 yum 出现:

http://mirror.centos.org/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
To address this issue please refer to the below knowledge base article

表示系统默认的 yum 套件库可能已经不存在!

我们可以在 vault.centos.org 找到可用的套件库来源:

  • vault.centos.org: http
  • archive.kernel.org: http - rsync (rsync://archive.kernel.org::centos-vault/)
  • linuxsoft.cern.ch: http - rsync (rsync://linuxsoft.cern.ch/centos-vault/)
  • mirror.nsc.liu: http - rsync (rsync://mirror.nsc.liu.se::centos-store/)

Read more

Centos 6.x 如何停用 IPv6

为什么要停用 IPv6?

  1. 不熟、抗拒学习
  2. IPv6 也要设 IP 反解 PTR
  3. Gmail 会挡没有设 IPv6 反解的邮件

Read more

CentOS 如何加入第三方 Yum 套件库: EPEL

EPEL 的全称为“Extra Packages for Enterprise Linux”,是由 Fedora 社群打造,为 RHEL 及衍生发行版如 CentOS、Scientific Linux、Rocky Linux、Oracle Linux...等提供高品质套件库的专案。装了 EPEL 之后,等于添加了一个资源丰富的第三方套件库。

Read more

CentOS 5/6 快速安装 VPN Server (PPTP)

“VPN”是一种常用于中、大型企业或团体与团体间的私人网络的通讯方法。借由 VPN 所建立的加密通道,可以让你从外部存取公司内部的资源,或透过连线到 VPN 的 Server 当跳板,去存取被限制的外部资源 (俗称“翻墙”)。

在使用 VPN 之前,你得先有一台提供服务的 VPN Server,现在满多人会去租用国外的 VPS 当 Server,要架站兼翻墙,Linode 是不错的选择。

以下把握几个重点即可快速完成 Linux 的 PPTP 的 VPN Server 架设:

  • PPP - 点对点协定 (Point-to-Point Protocol)
  • PPTP - 点对点通道协定 (Point-to-Point Tunneling Protocol)
  • iptables - 设定封包转发规则

安装步骤

1. 判断 ppp 是否可用:

$ cat /dev/ppp
cat: /dev/ppp: No such device or address

如果出现跟上面一样的讯息“No such device or address”,那不用担心,这表示 ppp 是可用的,可以正常架设 pptp。

如果出现的是“Permission denied”,表示 ppp 是关闭的,下面的步骤就可以不用再看了。
Read more

return top