星期二, 6月 10, 2008

用GNU/Linux遠端管理MS Windows電腦

winexe是GNU/Linux下類似psexec的工具,可以讓被控端在不開啟telnet service或安裝sshd的情況下從遠端呼叫被控執行程式或取得被控端的command shell。
常用的執行範例如下
$ winexe --uninstall --reinstall --interactive=1 --system -U administrator //pc001 cmd

--uninstall Uninstall winexe service after
remote execution
--reinstall Reinstall winexe service before
remote execution
--system Use SYSTEM account
--runas=[DOMAIN\]USERNAME%PASSWORD Run as user (BEWARE: password is
sent in cleartext over net)
--interactive=INT Desktop interaction: 0 -
disallow, 1 - allow. If you
allow use also --system switch
(Win requirement). Vista do not
support this option.

星期三, 6月 04, 2008

用debootstrap安裝系統

1.準備並掛載根目錄
mkdir /new_root
mount /dev/new_partition /new_root
mkdir /new_root/dev
mount --bind /dev /new_root/dev
mkdir /new_root/proc
mount -t proc proc /new_root/proc
mkdir /new_root/sys
mount -t sysfs sys /new_root/sys

2.安裝基礎系統
sudo apt-get install debootstrap
debootstrap dapper /new_root
cp /etc/apt/sources.list /new_root/etc/apt
cp /etc/resolv.conf /new_root/etc
cp /etc/hosts /new_root/etc
cp -a /etc/network* /new_root/etc

3.chroot到new_root繼續安裝
sudo chroot /new_root
apt-get update
apt-get install ubuntu-base linux-386 ubuntu-desktop dmraid grub

4.安裝GRUB
mkdir /boot/grub
cp /lib/grub/i386-pc/stage1 /boot/grub/
cp /lib/grub/i386-pc/stage2 /boot/grub/
grub
device (hd0) /dev/new_disk
root (hd0,0)
setup (hd0)
quit
update-grub

5.檢查並修改設定
vi /boot/grub/menu.lst
vi /etc/fstab

星期五, 4月 25, 2008

Xataface-參數(_prefs)設定

Xataface的參數定義在 Dataface/Application.php 的 $prefs array 包含
'show_jump_menu'=>1, // The drop-down menu that allows you to "jump" to any record in the found set.
'show_result_controller'=>1, // Next, previous, page number .. links...
'show_table_tabs'=>1, // Details, List, Find, etc...
'show_actions_menu'=>1, // New record, Show all, delete, etc...
'show_logo'=>1, // Show logo at top right of app
'show_tables_menu'=>1, // The tabs to select a table.
'show_search'=>1, // Show search field in upper right.
'show_record_actions'=>1, // Show actions related to particular record
'show_recent_records_menu'=>1
'show_bread_crumbs' => 1, // Bread crumbs at top of page to show where you are
'show_record_tabs' => 1, // View, Edit, Translate, History, etc...
'show_record_tree' => 1, // Tree to navigate the relationships of this record.
'list_view_scroll_horizontal'=>1, // Whether to scroll list horizontal if it exceeds page width
'list_view_scroll_vertical'=>1

自訂的方式
一、在conf.ini中使用
[_prefs]
show_search = 1
二、在delegate中使用 function getPreferences()

Xataface-依使用者不同限制紀錄權限

目的:利用setSecurityFilter讓使用者只能改自己的紀錄,不能改別人的紀錄
一、在ApplicationDelegate.php新增函數如下

function getPreferences(){
$mytable =& Dataface_Table::loadTable('Users') ; // load the table named 'my_table'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$app =& Dataface_Application::getInstance();
$tables =& $app->conf['_tables'];
if ( $user && $user->val('Role') != 'ADMIN' ){
unset($tables['Users']);
$mytable->setSecurityFilter(array('UserID'=>$user->val('UserID')));
}
return array(); // Mandatory!! getPreferences() must return array.
}

Xataface-依使用者不同限制欄位權限

如果想讓xataface建置的網頁程式,依使用者的不同隱藏網頁部份元素,可以透過xataface提供的自訂css功能。
例如:管理者可以變更使用者的角色,而使用者不能改變角色,可以將表單中的角色欄位隱藏
注意:這個隱藏法只能防一般使用者,進階使用者有可能繞過這個限制,必須再依步驟四設定欄位權限
一、在Users table的 Users.php 新增函數
function block__custom_stylesheets(){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$role = $user->val('Role');
if ( $role!='ADMIN' ){
echo '<link rel="stylesheet" type="text/css" href="tables/Users/custom.css">';
}
二、建立custom.css
#Users-UserName-label-wrapper, #Users-UserName-wrapper, #UserName, #Users-Role-label-wrapper,#Users- Role-wrapper, #table_tabs, #contentActionsWrapper, #record-tabs-history {
visibility: hidden;
}
四、設定欄位權限-在Users table的 Users.php 新增函數
function UserName__permissions(&$record) {
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$role = $user->val('Role');
if ( $role!='ADMIN') { return Dataface_PermissionsTool::READ_ONLY(); }
return Dataface_PermissionsTool::getRolePermissions($role);
}
function Role__permissions(&$record) {
if ( $role!='ADMIN') { return Dataface_PermissionsTool::READ_ONLY(); }
return Dataface_PermissionsTool::getRolePermissions($role);
}

星期四, 4月 24, 2008

利用bind9的view功能將某台電腦瀏覽網頁導向固定頁面

有時因為電腦中毒或其它原因,不希望某台電腦上網而又無法通知該使用者,可以設法讓該電腦只要打開瀏覽器,不管瀏覽任何網站都會導向同一個警告頁面。
一、找一台網站伺服器製作警告頁面當作網站首頁。
二、設定網站伺服器的"404找不到網頁"的錯誤訊息也指到上一步的警告頁面。
三、在bind 9的dns伺服器中建立block view
view "blocked" {
match-clients { 192.168.0.aaa; 192.168.0.bbb; };
recursion no;
zone "." {
type master;
file "named.err";
};
}; //End of blocked
view "normal" {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "named.root";
};
};
四、建立named.err 只要一筆A紀錄 [ * A 192.168.0.WEB_SERVER_IP ]

◎三、四步也可以考慮改用firewall的dnat功能實作。

星期二, 4月 15, 2008

我的Ubuntu一直無法休眠

我的Ubuntu一直無法休眠,參考了網路上這一篇文章修改了/etc/initramfs-tools/conf.d/resume檔案裡的uuid為正確的uuid,後執行update-initramfs -u更新initrd.img。
仍有問題,最後發現是連線中的iscsi設備造成無法休眠。

Ubuntu 8.04 安裝 vmware server

Ubuntu: 8.04
kernel: 2.6.24-16-generic
Vmware server: 1.0.5
vmware-any-any-update-116

1.下載 vmware server 及 vmwar-any-any
2. alien -i VMware-server-1.0.5-80187.i386.rpm
3. cp /lib/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/
4. cp /usr/lib/libpng12.so.0 /usr/lib/vmware/lib/libpng12.so.0/
5. tar xvf vmware-any-any-update-116.tgz
5. vmware-any-any-update116/runme.pl

星期四, 4月 10, 2008

備份windows user profile

---------這裡開始,以下內容貼到backup.cmd中----------------
cd "\Documents and Settings\"
echo ntuser > tmp.txt
echo usrclass >> tmp.txt
echo tmp >> tmp.txt
echo temp >> tmp.txt
echo Cookies >> tmp.txt
echo History >> tmp.txt
xcopy /ehrkcy /exclude:tmp.txt user1\* user1_backup\
del tmp.txt
--------到這裡結束-----------------------------------------------------------
說明:
/exclude 排除tmp.txt內所列之檔案
tmp.txt 為臨時的檔案,內容為要排除的檔案清單,只要目錄檔名中有部份符合的字串就會排除
/ehrkcy 等於 /e /h /r /k /c /y
/e 子目錄含空目錄
/h 含系統檔、隱藏檔
/r 覆蓋唯讀檔
/k 還原唯讀檔的唯讀屬性
/c 遇到錯誤後繼續不要中斷
/y 覆蓋檔案前不詢問

星期五, 3月 07, 2008

將 Windows XP 系統磁片移到另一部電腦之後,收到 Stop 0x0000007B 錯誤

資料來源
http://support.microsoft.com/kb/314082/zh-tw
********** 從這裡開始複製 **********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\primary_ide_channel]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\secondary_ide_channel]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*pnp0600]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\*azt0502]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="atapi"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\gendisk]
"ClassGUID"="{4D36E967-E325-11CE-BFC1-08002BE10318}"
"Service"="disk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#cc_0101]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_0e11&dev_ae33]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1039&dev_0601]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#cc_0101]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1042&dev_1000]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_105a&dev_4d33]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0640]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0646]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0646&REV_05]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0646&REV_07]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0648]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1095&dev_0649]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1097&dev_0038]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_10ad&dev_0001]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_10ad&dev_0150]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_10b9&dev_5215]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_10b9&dev_5219]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_10b9&dev_5229]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="pciide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_1106&dev_0571]
"Service"="pciide"
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_1222]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_1230]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_2411]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_2421]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_7010]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_7111]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\pci#ven_8086&dev_7199]
"ClassGUID"="{4D36E96A-E325-11CE-BFC1-08002BE10318}"
"Service"="intelide"

;Add driver for Atapi (requires Atapi.sys in Drivers directory)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000000
"Tag"=dword:00000019
"Type"=dword:00000001
"DisplayName"="Standard IDE/ESDI Hard Disk Controller"
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,74,00,61,00,70,00,69,00,2e,\
00,73,00,79,00,73,00,00,00

;Add driver for intelide (requires intelide.sys in drivers directory)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000004
"Type"=dword:00000001
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,69,00,6e,00,74,00,65,00,6c,00,69,\
00,64,00,65,00,2e,00,73,00,79,00,73,00,00,00


;Add driver for Pciide (requires Pciide.sys and Pciidex.sys in Drivers directory)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000003
"Type"=dword:00000001
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,63,00,69,00,69,00,64,00,65,\
00,2e,00,73,00,79,00,73,00,00,00
********** 複製到這裡結束 **********

2.從 %SystemRoot%\Driver Cache\I386\Driver.cab 檔案擷取出 Atapi.sys、Intelide.sys、Pciide.sys 及 Pciidex.sys 檔案,或是將檔案複製到 %SystemRoot%\System32\Drivers 資料夾中。

星期二, 2月 19, 2008

在zhcon環境中操作utf8檔案系統

zhcon是支援CJK(中日韓)的虛擬終端,目前版本(0.2.6)可以在執行時加入--utf8參數,將utf8編碼的檔案系統轉為big5內碼顯示,但是此參數卻會造成無法輸入的情況。
為了在zhcon環境中操作utf8檔案系統,可以將以下代碼存為zhcon.sh,
啟動zhcon後執行 . zhcon.sh
即可以使用bcd bls等指令在zhcon環境中操作utf8檔案系統

-------------------------------------------------------------------------------------------------------------------------------------
#!/bin/sh
bls ()
{
'ls' `echo $*|iconv -f big5 -t utf8`|iconv -f utf8 -t big5
}
bcat ()
{
'cat' `echo $*|iconv -f big5 -t utf8`|iconv -f utf8 -t big5
}
bmore ()
{
'more' `echo $*|iconv -f big5 -t utf8`|iconv -f utf8 -t big5
}
bcd ()
{
'cd' `echo $*|iconv -f big5 -t utf8`
}
bcp ()
{
'cp' `echo $*|iconv -f big5 -t utf8`
}
brm ()
{
'rm' `echo $*|iconv -f big5 -t utf8`
}
bmkdir ()
{
'mkdir' `echo $*|iconv -f big5 -t utf8`
}

星期五, 2月 15, 2008

pam_access module

這個pam模組可以依帳號、IP、網域、網路卡號、終端機限制使用者登入,

預設的設定檔為/etc/security/access.conf,可以使用accessfile=/path/of/file.conf 指定設定檔

設定方式可參考/etc/pam.d/login

星期三, 1月 16, 2008

iscsi 開機自動掛載

server side (Centos)
修改 /etc/init.d/tgtd
start 結尾加入
------------------------------------------------------------------------------------------------------------------------
sleep 1s
tgtadm --mod target --op new --tid=1 --targetname=pcname
tgtadm --mod logicalunit --op new --tid=1 --lun=1 --backing-store=/dev/
i2o/hdx
tgtadm --mode target --op bind --tid=1 --initiator-address=192.168.0.1
------------------------------------------------------------------------------------------------------------------------
stop 開頭加入
------------------------------------------------------------------------------------------------------------------------
tgtadm --mode target --op delete --tid=1
sleep 1s
-----------------------------------------------------------------------------------------------------------------------

client side (Ubuntu)
修改/etc/iscsi/iscsid.conf ==> node.startup = automatic
修改/etc/init.d/open-iscsi
starttargets 結尾加入
------------------------------------------------------------------------------------------------------------------------
sleep 1s
mount /mnt/iscsi_folder

------------------------------------------------------------------------------------------------------------------------
stoptargets 開頭加入
------------------------------------------------------------------------------------------------------------------------
umount /mnt/iscsi_folder
iscsiadm --mode node --target pcname --logout

-----------------------------------------------------------------------------------------------------------------------

 2013/10/4補充
較新的系統可以在/etc/fstab的iscsi設備設為 auto,_netdev ,automount會自動將這個device排在網路啟動後才掛載。

星期三, 1月 09, 2008

mount a virtual disk

Case1. image file
  1. on guest run -> fdisk -luC /dev/hda
  2. on host run -> mount -o loop,offset 9999999 image_file /mnt/image 9999999=partion start point=start*unit
Case2. physical partition as virtual disk
  1. on host run -> kpartx -av /dev/partion #This tool create device maps from partition tables under /dev/mapper
  2. on host run -> mount /dev/mapper/partion /mnt/virtual_partion