Monday, December 04, 2017

IBM X200s 改裝 Intel 5300 無線網卡

無線網路卡買的是 Intel Wifi link 5300
由於有鎖網卡, 請選擇支援自己筆電型號的網卡
直接將原無線網卡取代. 使用旁邊的卡槽無法正常找到網路卡.

在 /boot/loader.conf 加上下列設定在開機時載入核心模組
if_iwn_load="YES"

在 /etc/rc.conf 加入下列設定啟動無線網卡
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"


張貼者: No comments:
標籤: , ,

Sunday, December 03, 2017

FreeBSD 11.1 local_unbound 設定

為何想要用 local_unbound? 主要是為了 DNSSEC 檢驗能從本機開始檢查,
既然各軟體要外掛實在是有難度. 所以就安裝本機快取並使用已經啟動
DNSSEC 檢查的 cache DNS.

以下就是簡單的啟動步驟:
設定檔 /etc/rc.conf
local_unbound_enable="YES"

local_unbound 設定檔目錄 /var/unbound
root@bsd11x200s:/var/unbound # ls -la
total 36
drwxr-xr-x   3 unbound  unbound     8 Dec  3 23:08 .
drwxr-xr-x  26 root     wheel      26 Dec  3 21:27 ..
drwxr-xr-x   2 unbound  unbound     3 Dec  3 23:07 conf.d
-rw-r--r--   1 root     unbound   193 Oct 11 09:54 control.conf
-rw-r--r--   1 root     unbound   104 Dec  3 22:56 forward.conf
-rw-r--r--   1 root     unbound   189 Oct 11 09:54 lan-zones.conf
-rw-r--r--   1 unbound  unbound  1252 Dec  3 23:08 root.key
-rw-r--r--   1 root     unbound   389 Oct 11 09:54 unbound.conf

設定轉送查詢的 cache DNS
root@bsd11x200s:/var/unbound # cat forward.conf
# Generated by resolvconf

forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 192.168.xxx.xxx

設定一些 unbound 參數
root@bsd11x200s:/var/unbound # cat conf.d/options.conf 
server:
    num-threads: 3
    interface: 0.0.0.0
    access-control: 127.0.0.0/8 allow
    harden-glue: yes
    harden-dnssec-stripped: yes
    harden-below-nxdomain: yes
    harden-referral-path: yes


啟動服務
root@bsd11x200s:/var/unbound # service local_unbound  start

root@bsd11x200s:/var/unbound # cat /etc/resolv.conf

nameserver 127.0.0.1
options edns0


測試
(1) host
root@bsd11x200s:/var/unbound # host www.google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

www.google.com has address 216.58.200.36
www.google.com has IPv6 address 2404:6800:4008:801::2004

(2) nslookup 
root@bsd11x200s:/var/unbound # nslookup www.google.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: www.google.com
Address: 172.217.160.100
Name: www.google.com
Address: 2404:6800:4008:801::2004

(3) Dig 測試 DNSSEC
root@bsd11x200s:/var/unbound # dig +dnssec @127.0.0.1 www.icann.org A

; <<>> DiG 9.11.2 <<>> +dnssec @127.0.0.1 www.icann.org A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65414
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.icann.org. IN A

;; ANSWER SECTION:
www.icann.org. 3566 IN CNAME www.vip.icann.org.
www.icann.org. 3566 IN RRSIG CNAME 7 3 3600 20171214150526 20171123111933 7500 icann.org. i5KCfOv/+c/xIaRxmQrqTItEtlGkTe9RWoh2gKh5Rh/a431n2CLLNiZ2 8xpuDXoqb2KQlAz4JBhyydFb2ilPCJIPXFbiQbUksuDV6zHdYu+PzlUC hbxRkBhRD2CIPOc227igVbp3io4oTqlzaja4P0gq268yoVEOPb2/2sSs DzFDV80=
www.vip.icann.org. 29 IN A 192.0.32.7
www.vip.icann.org. 29 IN RRSIG A 7 4 30 20171208095813 20171201095813 6887 vip.icann.org. k4FaKFgAcblg0yRPMyP1TvNcXmgI9d1GXM4YQ9jelGeCro2I+OQW+BFg OKQgmjcnh3M7NiZBW2vQQF000iKWS938B/YeiODQuun+kv9ANaiCEipD /0FFkjecpgwuMCCy2ommmRsWSlv4484Sdw7KRW8S28SZj8jonCqzIDct rVQ=
www.vip.icann.org. 29 IN RRSIG A 7 4 30 20171208095813 20171201095813 4532 vip.icann.org. FoSTut3HaWz1SEHtxReWh7IuOHOv4kCAEIuz1zPQPQVvNDU6WHenVF4h YSJOSLgyLwZ9P1MsH8PGPJEpCJr6jOR1Gl7QF24UezSj5PXnoinPLyjG Zm8/3DcM6UcrZhwmm9wRTSOuGv+LAmiU9Ab0WUfKEKR/vMnj4qn5HR+Y QOI=

;; Query time: 315 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 03 23:24:36 CST 2017
;; MSG SIZE  rcvd: 598

至於想要了解什麼是 DNSSEC 請先看 

以下是 TLD 支援 DNSSEC 的現況

張貼者: No comments:
標籤: , ,

Sunday, August 27, 2017

用 R 分析 log

有時間再來慢慢講用 R 分析 log 的學習過程. 以下是分析經過 Z-Score normalization 的結果.





張貼者: No comments:

在 VirtualBox 使用 crochet 製作 Pine64 可用的 FreeBSD 12.0-CURRENT 影像檔

安裝 VM 請注意硬碟記憶體給大一點, 可以製作大一點的影像檔.
硬碟建議使用 32 GB 記憶體 4GB. 

安裝VM完成後請參考 https://github.com/freebsd/crochet 安裝
請編輯 board/Pine64/setup.sh 調整 IMAGE_SIZE 到 3000 以上避免問題
製作出開機影像檔後, 請使用 dd if=IMG of=/dev/SDCARD_DEVICE bs=10240 寫入記憶卡

開機後請安裝 gpart 參考 https://www.freebsd.org/doc/handbook/disks-growing.html
使用 gpart 調整 mmcsd0 後再使用 service growfs onestart 調整大小.

root@pine64:~ # df -h
Filesystem        Size    Used   Avail Capacity  Mounted on
/dev/mmcsd0s2a     29G    2.7G     24G    10%    /
devfs             1.0K    1.0K      0B   100%    /dev
/dev/mmcsd0s1      64M    128K     64M     0%    /boot/efi
/dev/md0           29M     24K     26M     0%    /tmp
/dev/md1           14M     64K     13M     0%    /var/log
/dev/md2           11M    8.0K     10M     0%    /var/tmp





張貼者: No comments:
Subscribe to: Posts (Atom)