帖子

• fail2ban 常用命令

  一键安装脚本

  wget https://raw.githubusercontent.com/cnnlei/Fail2ban/master/fail2ban.sh && bash fail2ban.sh 2>&1 | tee fail2ban.log
  

  安装后需要改配置文件,才能正常启动
  fail2ban 132行改成Auto改成systemd,随后重启fail2ban

  vim /etc/fail2ban/jail.conf
  

  systemctl restart fail2ban
  

  启动/停止/重启服务

  sudo systemctl start fail2ban    # 启动服务
  sudo systemctl stop fail2ban     # 停止服务
  sudo systemctl restart fail2ban  # 重启服务
  sudo systemctl enable fail2ban   # 设置开机自启
  

  查看服务状态

  sudo systemctl status fail2ban
  

  查看被封禁的 IP

  sudo fail2ban-client status sshd
  

  解封特定 IP

  sudo fail2ban-client set sshd unbanip 192.168.1.100
  

  手动封禁 IP

  sudo fail2ban-client set sshd banip 192.168.1.100
  

  发布在 网络技术

  N

  node-ccccc
  
• 常用vps的一些测试网络工具

  1.测试去程路由

  curl -sL nxtrace.org/nt |bash
  

  用法如下(其中8.8.8.8换成你要测试的ip)

  nexttrace 8.8.8.8
  

  2.tcping工具

  sudo apt install tcptraceroute
  sudo wget http://www.vdberg.org/~richard/tcpping -O /usr/bin/tcping
  sudo chmod +x /usr/bin/tcping
  

  然后是用法(8.8.8.8是地址,53是端口)

  tcping 8.8.8.8 53
  

  发布在 网络技术

  N

  node-ccccc
  
• 给你的VPS添加无限个ipv6地址

  ipv6地址在线随机生成
  打开上面的地址,复制你vps的ipv6地址,包括掩码一起复制,然后点击生成,转换成shell指令复制,在vps中ssh粘贴,这样就行了,如果报错就执行如下指令

  apt install sudo
  

  发布在 网络技术

  N

  node-ccccc
  
• Linux/VPS屏蔽国外IP(ipv4)

  前言
  ipset 是 iptables 的扩展，它允许你创建匹配整个 IP 地址集合的规则。可以快速的让我们屏蔽某个 IP 段。这里分享一个屏蔽指定国家的 IP 访问的方法和一个屏蔽国外 IP 访问（仅允许国内 IP 访问）的方法，当我们遇到 CC 攻击，可以尝试选择和使用能有所缓解。

  屏蔽指定国家的IP
  首先需要得到国家 IP 段，下载地址：http://www.ipdeny.com/ipblocks/。这里以我们国家为例。

  1、安装 ipset

  #Debian/Ubuntu系统

  apt-get -y install ipset
  

  #CentOS系统

  yum -y install ipset
  

  2、创建规则

  #创建一个名为cnip的规则

  ipset -N cnip hash:net
  

  #下载国家IP段

  wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
  

  #将IP段添加到cnip规则中

  for i in $(cat /root/cn.zone ); do ipset -A cnip $i; done
  

  3、开始屏蔽

  iptables -I INPUT -p tcp -m set --match-set cnip src -j DROP
  

  4、解除屏蔽

  #-D为删除规则

  iptables -D INPUT -p tcp -m set --match-set cnip src -j DROP
  

  发布在 网络技术

  N

  node-ccccc
  
• Debian 12 解决 /etc/rc.local 开机启动问题

  由于某些软件并没有增加开启启动的服务，很多时候需要手工添加，一般我们都是推荐使用 systemd 写个系统服务，但是对于一些简单的脚本或者懒人来说，添加命令到 /etc/rc.local 文件更方便，但是自从 Debian 9 开始，Debian 默认不带 /etc/rc.local 文件，而 rc.local 服务却还是自带的：

  cat /lib/systemd/system/rc-local.service
  

  root@debian ~ # cat /lib/systemd/system/rc-local.service
  SPDX-License-Identifier: LGPL-2.1-or-later
  This file is part of systemd.
  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

  This unit gets pulled automatically into multi-user.target by
  systemd-rc-local-generator if /etc/rc.local is executable.
  [Unit]
  Description=/etc/rc.local Compatibility
  Documentation=man:systemd-rc-local-generator(8)
  ConditionFileIsExecutable=/etc/rc.local
  After=network.target

  [Service]
  Type=forking
  ExecStart=/etc/rc.local start
  TimeoutSec=0
  RemainAfterExit=yes
  GuessMainPID=no
  并且默认情况下这个服务还是关闭的状态：

  systemctl status rc-local
  

  root@debian ~ # systemctl status rc-local
  ● rc-local.service - /etc/rc.local Compatibility
  Loaded: loaded (/lib/systemd/system/rc-local.service; static)
  Drop-In: /usr/lib/systemd/system/rc-local.service.d
  └─debian.conf
  Active: inactive (dead)
  Docs: man:systemd-rc-local-generator(8)
  为了解决这个问题，我们需要手工添加一个 /etc/rc.local 文件：

  cat <<EOF >/etc/rc.local
  #!/bin/sh -e
  #
  # rc.local
  #
  # This script is executed at the end of each multiuser runlevel.
  # Make sure that the script will "exit 0" on success or any other
  # value on error.
  #
  # In order to enable or disable this script just change the execution
  # bits.
  #
  # By default this script does nothing.
  
  exit 0
  EOF
  

  然后赋予权限：

  chmod +x /etc/rc.local
  

  接着启动 rc-local 服务：

  systemctl enable --now rc-local
  

  此时可能会弹出警告：

  The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
  Alias= settings in the [Install] section, and DefaultInstance= for template
  units). This means they are not meant to be enabled using systemctl.

  Possible reasons for having this kind of units are:
  • A unit may be statically enabled by being symlinked from another unit's
  .wants/ or .requires/ directory.
  • A unit's purpose may be to act as a helper for some other unit which has
  a requirement dependency on it.
  • A unit may be started when needed via activation (socket, path, timer,
  D-Bus, udev, scripted systemctl call, ...).
  • In case of template units, the unit is meant to be enabled with some
  instance name specified.
  无视警告，因为这个服务没有任何依赖的系统服务，只是开机启动 /etc/rc.local 脚本而已。

  systemctl status rc-local.service
  

  再次查看状态：
  root@debian ~ # systemctl status rc-local.service
  ● rc-local.service - /etc/rc.local Compatibility
  Loaded: loaded (/lib/systemd/system/rc-local.service; enabled-runtime; vendor preset: enabled)
  Drop-In: /usr/lib/systemd/system/rc-local.service.d
  └─debian.conf
  Active: active (exited) since Thu 2022-01-27 18:52:43 UTC; 10s ago
  Docs: man:systemd-rc-local-generator(8)
  Process: 541 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
  CPU: 3ms

  Jan 27 18:52:43 debian systemd[1]: Starting /etc/rc.local Compatibility...
  Jan 27 18:52:43 debian systemd[1]: Started /etc/rc.local Compatibility.

  然后你就可以把需要开机启动的命令添加到 /etc/rc.local 文件，丢在 exit 0 前面即可，并尝试重启以后试试是否生效了.

  发布在 网络技术

  N

  node-ccccc
  
• 欢迎来到云网

  这里欢迎所有热爱技术,互联网的同类人,大家一起学习进步

  发布在 站点公告

  N

  node-ccccc