-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3369205
commit b821f2c
Showing
11 changed files
with
376 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
## rocky更换为国内镜像源 | ||
|
||
```shell | ||
sed -e 's|^mirrorlist=|#mirrorlist=|g' \ | ||
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirror.sjtu.edu.cn/rocky|g' \ | ||
-i.bak \ | ||
/etc/yum.repos.d/[Rr]ocky*.repo | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
## lvm架构 | ||
|
||
![](lvm.png) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
## 修复nfs漏洞 | ||
|
||
描述:扫描主机可以安装远程服务器导出的至少一个NFS共享。 攻击者可能能够利用它来读取(并可能写入)远程主机上的文件。 | ||
|
||
1. server 端配置可挂载ip白名单 | ||
|
||
```shell | ||
cat /etc/exports | ||
/data/report 10.10.1.0/24(rw,no_root_squash,async) | ||
``` | ||
|
||
2. server 配置Mount白名单 | ||
|
||
```shell | ||
cat /etc/hosts.allow | ||
mountd:10.10.1.3,10.10.4,10.10.5 | ||
``` | ||
|
||
```shell | ||
cat /etc/hosts.deny | ||
mountd:all | ||
``` | ||
|
||
3. 重载(可能也不需要重载?) | ||
|
||
```shell | ||
systemctl restart sshd | ||
``` | ||
|
||
4. 白名单机器验证 | ||
|
||
```shell | ||
nmap --script nfs-showmount 10.10.1.1 | ||
|
||
Starting Nmap 6.40 ( http://nmap.org ) at 2024-07-05 09:19 CST | ||
Nmap scan report for 10.10.1.1 | ||
Host is up (0.00020s latency). | ||
Not shown: 996 closed ports | ||
PORT STATE SERVICE | ||
22/tcp open ssh | ||
111/tcp open rpcbind | ||
| nfs-showmount: | ||
|_ /data/report 10.10.1.0/24 | ||
2049/tcp open nfs | ||
8080/tcp open http-proxy | ||
MAC Address: 00:50:56:8C:9A:B5 (VMware) | ||
``` | ||
|
||
5. 黑名单机器验证 | ||
|
||
```shell | ||
$ nmap --script nfs-showmount 10.10.1.1 | ||
|
||
Starting Nmap 6.40 ( http://nmap.org ) at 2024-07-05 09:21 CST | ||
Nmap scan report for 10.10.1.1 | ||
Host is up (0.00032s latency). | ||
Not shown: 996 closed ports | ||
PORT STATE SERVICE | ||
22/tcp open ssh | ||
111/tcp open rpcbind | ||
2049/tcp open nfs | ||
8080/tcp open http-proxy | ||
|
||
Nmap done: 1 IP address (1 host up) scanned in 31.74 seconds | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
## 基于x86编译运行arm镜像 | ||
|
||
### 编译 | ||
|
||
```shell | ||
docker buildx build --platform=linux/amd64,linux/arm64 -t xxx/xxx:latest -f Dockerfile . --push | ||
``` | ||
|
||
### 测试运行 | ||
|
||
开启 QEMU 仿真 | ||
|
||
```shell | ||
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | ||
``` | ||
|
||
下载 qemu-aarch64-static | ||
|
||
```shell | ||
wget https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-1/qemu-aarch64-static && \ | ||
chmod +x qemu-aarch64-static | ||
``` | ||
|
||
启动容器时将 `qemu-aarch64-static` 挂载到容器内 | ||
```shell | ||
docker run -t \ | ||
--rm \ | ||
--platform arm64 \ | ||
-v $(pwd)/qemu-aarch64-static:/usr/bin/qemu-aarch64-static \ | ||
debian:11 \ | ||
uname -m | ||
``` | ||
|
||
|
||
https://blog.csdn.net/edcbc/article/details/139366049?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_baidulandingword~default-1-139366049-blog-109631585.235^v43^pc_blog_bottom_relevance_base4&spm=1001.2101.3001.4242.2&utm_relevant_index=4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.