Jim's Blog
自签CA并更新根证书
2020-07-23 10:45:33    748    0    0

自签 CA

参考 https://2heng.xin/2018/12/16/your-own-ca-with-openssl/ 并修改部分参数

  1. #!/bin/bash
  3. openssl genrsa -out cakey.pem 2048
  5. cat << EOF > root.conf
  6. [ req ]
  7. default_bits        = 2048
  8. default_keyfile     = key.pem
  9. default_md          = sha256
  10. distinguished_name  = req_distinguished_name
  11. req_extensions      = req_ext
  12. string_mask         = nombstr
  13. x509_extensions     = x509_ext
  15. [ req_distinguished_name ]
  16. countryName                 = Country Name (2 letter code)
  17. countryName_default         = CN
  18. stateOrProvinceName         = State or Province Name (full name)
  19. stateOrProvinceName_default = Shanghai
  20. localityName                = Locality Name (eg, city)
  21. localityName_default        = Shanghai
  22. organizationName            = Organization Name (eg, company)
  23. organizationName_default    = Dragonfly
  24. commonName                  = Common Name (e.g. server FQDN or YOUR name)
  25. commonName_max              = 64
  26. commonName_default          = Dragonfly Fake Authority CA
  28. [ x509_ext ]
  29. authorityKeyIdentifier = keyid,issuer
  30. basi
2019-03-06 书单统计
2019-03-06 09:02:24    420    0    0
# 提名图书统计 陶哲轩实分析(第3版) http://www.ituring.com.cn/book/1822 陶哲轩教你学数学 http://www.ituring.com.cn/book/2049 数学分析八讲(修订版) http://www.ituring.com.cn/book/1622 Spark高级数据分析(第2版) http://www.ituring.com.cn/bo
JavaScript ES 2017: Learn Async/Await by Example
2018-06-19 03:42:21    186    0    0
Repost from [https://codeburst.io/javascript-es-2017-learn-async-await-by-example-48acc58bad65](https://codeburst.io/javascript-es-2017-learn-async-await-by-example-48acc58bad65) > Async/Await expla
openssl 生成自签证书及查看证书细节
2018-06-15 06:37:42    604    0    0
# 生成自签CA以及证书 ## 1. 生成X509格式的CA自签名证书 ``` openssl req -new -x509 -keyout ca.key -out ca.crt # 去除密码 openssl rsa -in ca.key -out ca.key ``` ## 2. 生成服务端的私钥(key文件)及csr文件 ``` openssl genrsa -des3 -out s
Use unexported variables/functions in Golang
2017-12-24 07:23:20    693    0    0

Use unexported variables

The unexported variables

unexport/i.go

  1. package unexport
  3. var i int
  4. func init() {
  5.     i = 2
  6. }

The new variables points the unexported variables

main.go

  1. package main
  3. import (
  4.     "fmt"
  5.     _ "unsafe"
  7.     _ "unexport"
  8. )
  10. //go:linkname I unexport.i
  11. var I int
  13. func main() {
  14.     fmt.Println(I)
  15. }

Use unexported functions

  1. package main
  2. import (
  3.     "fmt"
  4.     "github.com/alangpierce/go-forceexport"
  5. )
  7. func main() {
  8.     var timeNow func() (int64, int32)
  9.     err := forceexport.GetFunc(&timeNow, "time.now")
  10.     if err != nil {
  11.         // Handle errors if you care about name possibly being invalid.
  12.         fmt.Println(err)
  13.     }
  14.     // Calls the actual time.now function.
  15.     sec, nsec := timeNow()
  16.     fmt.Printf("%v %v", sec, nsec)
  17. }
Tcpdump advanced filters
2017-12-02 14:39:35    229    0    0

Tcpdump advanced filters

Original publication: 2007-10-01

Last update: 2016-02-14

Repost from https://blog.wains.be/2007/2007-10-01-tcpdump-advanced-filters/

Introduction

In this article, I will explain how to use tcpdump to:

  • know if IP options are set
  • find DF packets (packets which we don't want to be fragmented)
  • find fragmented packets
  • find datagrams with low TTL
  • find particular TCP flag combinations
  • find datagrams with particular data (here, packets with command MAIL from the SMTP protocol and GET command from HTTP)

Notes

I usually type tcpdump -n -i eth1 -s 1600 before my filter but I won't do that throughout the article. -n prevents DNS lookups, -i specifies the interface and -s specifies the size of the packets (default is 65536 bytes). Be careful if you use -s 0 because depending on the version, you might be capturing 64K or full-lenght packets.

All commands are typed as root.

Feel free to contact me f

How To Choose an Effective Firewall Policy to Secure your Servers
2016-11-09 01:16:01    133    0    0

Introduction

Using a firewall is as much about making intelligent policy decisions as it is about learning the syntax. Firewalls like iptables are capable of enforcing policies by interpreting rules set by the administrator. However, as an administrator, you need to know what types of rules make sense for your infrastructure.

While other guides focus on the commands needed to get up and running, in this guide, we will discuss some of the decisions you will have to make when implementing a firewall. These choices will affect how your firewall behaves, how locked down your server is, and how it will respond to various conditions that are likely to occur from time to time. We will be using iptables as an example to discuss specifics, but most of the actual decisions will be relevant regardless of the tools used.

Deciding on a Default Policy

When constructing a firewall, one of the fundamental decisions that you must make

How To List and Delete Iptables Firewall Rules
2016-11-09 01:03:33    123    0    0

Introduction

Iptables is a firewall that plays an essential role in network security for most Linux systems. While many iptables tutorials will teach you how to create firewall rules to secure your server, this one will focus on a different aspect of firewall management: listing and deleting rules.

In this tutorial, we will cover how to do the following iptables tasks:

  • List rules
  • Clear Packet and Byte Counters
  • Delete rules
  • Flush chains (delete all rules in a chain)
  • Flush all chains and tables, delete all chains, and accept all traffic

Note: When working with firewalls, take care not to lock yourself out of your own server by blocking SSH traffic (port 22, by default). If you lose access due to your firewall settings, you may need to connect to it via the console to fix your access. Once you are connected via the console, you can change your firewall rules to allow SSH access (or allow all traffic). If your saved fir

Iptables Essentials: Common Firewall Rules and Commands
2016-11-09 01:03:32    101    0    0

Introduction

Iptables is the software firewall that is included with most Linux distributions by default. This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.

How To Use This Guide

  • If you are just getting started with configuring your iptables firewall, check out our introduction to iptables
  • Most of the rules that are described here assume that your iptables is set to DROP incoming traffic, through the default input policy, and you want to selectively allow traffic in
  • Use whichever subsequent sections are applicable to what you are trying to achieve. Most sections are not predicated on any other, so you can use the examples below independently
  • Use the Contents menu on the right side of this page (at
How to change Raspberry Pi's Swapfile Size on Raspbian
2016-10-20 02:46:08    246    0    0

Reason Why

Ever get the dreaded error:

  1. Virtual memory exhausted: Cannot allocate memory

With the first iterations of Raspberry Pi the Model A comes with 256mb of memory. While the Raspberry Pi B comes with a modest 512mb of memory. For most applications this amount of memory is actually quiet a bit. As soon as you start compiling your own binaries this amount starts to seem dismal.

Insert reason why swap on flash-based memory is bad here.

Limitations

The Raspbian distribution comes with a 100mb swapfile. This is actually a bit on the small side. A general rule of thumb is swapfile size should be about twice as much as the available RAM on the machine. In the examples below I have a Raspberry Pi B+. So the amount of swap I use is 1024mb.

Commands

We will change the configuration in the file /etc/dphys-swapfile :

  1. sudo nano /etc/dphys-swapfile

The default value in Raspbian is:

  1. CONF_SWAPSIZE=100

We will