VPRAŠANJA WEBMin PercNET Forumi Audio Media Oglasi WEBDisk DDLeWDisk MServerPSTube PSDDLMedia PSMForums PSMedia PCSNETMedia PCSNET

Predloži Vsebino

Oznaka teme: namestitev

Forumi Oznaka teme: namestitev

Prikaz 2 tem - od 1 do 2 (od skupno 2)
    • Teme
    • Zadnji prispevek
    • ℹ️ Raspbian 10 Linux 32bit install WEB Scada CybroTech sudo apt-get update && sudo apt-get upgrade -y sudo apt install iptables ipset sudo apt-get -y install lm-sensors -y sudo apt-get install openssl ssl-cert sudo usermod --append --groups ssl-cert root sudo usermod --append --groups ssl-cert admin sudo usermod --append --groups ssl-cert poberaj sudo usermod --append --groups ssl-cert perc sudo usermod --append --groups ssl-cert webscada sudo usermod --append --groups ssl-cert info sudo usermod --append --groups ssl-cert www-data sudo usermod --append --groups ssl-cert boris sudo usermod --append --groups ssl-cert sandi sudo apt-get install apache2 apache2-utils apache2-dev -y && sudo apt-get install mariadb-server mariadb-client -y Zakleni z SSL root SQL server in client Namesti php sudo apt update sudo apt -y install lsb-release apt-transport-https ca-certificates sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list sudo apt update && sudo apt upgrade -y sudo apt-get install php7.4 libapache2-mod-php7.4 php7.4-common php7.4-mbstring php7.4-zip php7.4-gd -y sudo apt-get install imagemagick libmagickcore-dev php7.4-imagick php7.4 -y ## Potrebno za server: sudo apt-get install apt-transport-https sudo apt install automake autoconf libtool libpam-runtime -y sudo apt-get install build-essential libcurl4-openssl-dev zlib1g-dev openssl -y sudo apt-get install libssl-dev pkg-config build-essential sudo apt-get -y install lm-sensors gcc make autoconf libc-dev pkg-config -y sudo apt-get install imagemagick libmagickcore-dev -y sudo nano /etc/apt/sources.list odkomentiraj get-src sudo apt-get update && sudo apt-get upgrade -y # Naredi iptables: sudo nano /tmp/v4 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT ! -i eth0 -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 995 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 4000 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 8442 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 8338 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 10000 -j ACCEPT -A INPUT -s 192.168.77.0/24 -j ACCEPT -A INPUT -s 192.168.77.111/32 -j ACCEPT -A INPUT -s 192.168.77.222/32 -j ACCEPT -A INPUT -s 192.168.77.77/32 -j ACCEPT -A INPUT -s 192.168.77.123/32 -j ACCEPT -A INPUT -p tcp -m tcp -m multiport --dports 21,22,80,443,25,110,143,587,993,995,8338,10000 -j ACCEPT -A INPUT -i wlan0 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -A INPUT -s 192.168.77.222/32 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 22 -j DROP -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8442 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8338 -j ACCEPT -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT -A INPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --sport 8442 --dport 1024:65535 -j ACCEPT -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -s 192.168.77.0/24 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.77.77/32 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.77.222/32 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.77.111/32 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.77.123/32 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT -A INPUT -s 192.168.77.0/24 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 5432 -j ACCEPT -A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 5432 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3142 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 192.168.77.222/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j DROP #-A INPUT -p tcp -m state --state NEW -m recent --set --name ssh --mask 255.255.255.255 --rsource -m tcp --dport 22 #-A INPUT -p tcp -m state --state NEW -m recent ! --rcheck --seconds 90 --hitcount 6 --name ssh --mask 255.255.255.255 --rsource -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport 80 -m limit --limit 20/minute --limit-burst 100 -j ACCEPT -A INPUT -s 192.168.77.0/24 -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 873 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 123 -j ACCEPT -A INPUT -p tcp -m tcp --dport 2049:2050 -j DROP -A INPUT -p tcp -m tcp --dport 6000:6063 -j DROP -A INPUT -p tcp -m tcp --dport 7000:7010 -j DROP -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #-A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-port-unreachable #-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j DROP -A INPUT -m state --state INVALID -j DROP -A FORWARD -j REJECT -A FORWARD -j DROP -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 8.8.8.8/32 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 8.8.4.4/32 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 84.255.209.79/32 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 84.255.210.79/32 -p udp -m udp --dport 53 -j ACCEPT #-A OUTPUT -p icmp -m icmp --icmp-type 8 -j DROP -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -j ACCEPT -A OUTPUT -p udp -m udp -m multiport --dports 123 -m state --state NEW -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 80 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 443 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 21 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 25 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 143 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 993 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 110 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 995 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 3306 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 4000 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 8442 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 8338 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 10000 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 3306 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 5432 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 5432 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 22 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED -m tcp --sport 873 -j ACCEPT -A OUTPUT -d 192.168.77.0/24 -j ACCEPT -A OUTPUT -d 192.168.77.77/32 -j ACCEPT -A OUTPUT -d 192.168.77.111/32 -j ACCEPT -A OUTPUT -d 192.168.77.123/32 -j ACCEPT -A OUTPUT -d 192.168.77.222/32 -j ACCEPT -A OUTPUT -p tcp -s 192.168.77.222/32 --dport 22 -j ACCEPT -A OUTPUT -p tcp --dport 22 -j DROP -N block-scan -A block-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN -A block-scan -j DROP COMMIT sudo nano /tmp/v6 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT # Dissalow input - connections from outsite localhost -A INPUT -s ::1/128 ! -i lo -j REJECT # Accept traffic from internal interfaces -A INPUT ! -i eth0 -j ACCEPT # Accept traffic with the ACK flag set -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT # Allow incoming data that is part of a connection we established -A INPUT -m state --state ESTABLISHED -j ACCEPT # Allow data that is related to existing connections -A INPUT -m state --state RELATED -j ACCEPT # Accept responses to DNS queries UPD connedtion port ipv4 8442 open all ports from 1024 to 65535 -A INPUT -p udp -m udp --dport 53:65535 --sport 8442 -j ACCEPT #-A INPUT -p udp -m udp --dport 1024:65535 --sport 8442 -j ACCEPT -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports ftp,ssh,www,https,pop3,smtp,imap,imaps,pop3s,4000,8442,8338,10000 ## Allow connections to our IDENT server -A INPUT -p tcp -m tcp --dport auth -j ACCEPT # Respond to pings -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT Protect our NFS server -A INPUT -p tcp -m tcp --dport 2049:2050 -j DROP # Protect our X11 display server -A INPUT -p tcp -m tcp --dport 6000:6063 -j DROP # Protect our X font server -A INPUT -p tcp -m tcp --dport 7000:7010 -j DROP -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT # Completed IPTables Custom Config ## prikliči instaliraj modul iptablas autostart: sudo iptables-restore < /tmp/v4 sudo ip6tables-restore < /tmp/v6 ## Zdaj ko si naredu svoj iptables lahko zažgeš uno install na vrhu ali pa posebej iptabes modul persistent vsi odgovori Yes sudo apt-get install iptables-persistent sudo apt-get install ipset iptables fail2ban -y sudo apt install fail2ban -y sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Reboot preveri če ti dela filter persistent oz. avtostart iptables: # PREVERI ČE DELAJO BLOKADE IPTABLES TAKO: sudo iptables -vL sudo ip6tables -vL ################################################################################################### Virtual memory setup: free -h sudo /etc/init.d/dphys-swapfile stop sudo nano -w /etc/dphys-swapfile # Spremeni CONF_SWAPSIZE=100 iz 100 v 1024. CONF_SWAPFILE=1024 Odkomentiraj pot var.....swap sudo /etc/init.d/dphys-swapfile start sudo swapon --show sudo sysctl vm.swappiness=25 sudo nano /etc/sysctl.conf ## Na koncu kopiraj 0-100 0 pomeni nikoli 100 pomeni vedno koliko naj uporablja vram optimalno za pija je od 10 do max 60!!!!!!: vm.swappiness=25 sudo sysctl vm.swappiness=25 ## Naredi Privat SSL za apache localhost: sudo mkdir -p /etc/ssl/localcerts cd /etc/ssl/localcerts sudo su sudo openssl req -new -x509 -days 365000 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key sudo chmod 600 /etc/ssl/localcerts/apache* 89-212-137-96.static.t-2.net sudo nano /etc/apache2/sites-available/default-ssl.conf ## Kopiraj to pod snokyoil ssl root certifikat: SSLCertificateFile /etc/ssl/localcerts/apache.pem SSLCertificateKeyFile /etc/ssl/localcerts/apache.key MySQL zaščita Serverja in Uporabnikov: sudo su cd /etc/mysql sudo mkdir ssl cd ssl Naredili bomo tri certifikate in sicer: CA common Name : MariaDB admin Server common Name: MariaDB server Client common Name: MariaDB client ## najboljše oz. najhitrejše vse deluje z čim manjšo enkriptijo!!! sudo openssl genrsa 2048 > ca-key.pem ## lahko generiraš ca npr. 4096Bit enkriptija pero je preveč: #sudo openssl genrsa 4096 > ca-key.pem sudo openssl req -new -x509 -nodes -days 999000 -key ca-key.pem -out ca-cert.pem ## Izpolni lokacija serverja SI, kraj, mesto itd ter to spodaj kopiraj za FQDN: Common Name (e.g. server FQDN or YOUR name) []: MariaDB admin sudo openssl req -newkey rsa:2048 -days 999000 -nodes -keyout server-key.pem -out server-req.pem ## isto kot zgoraj SI, izola,.... ter: Common Name (e.g. server FQDN or YOUR name) []: MariaDB server ## Zdaj narejena ssl testiramo če delasta pravilno in jih združimo skupaj: sudo openssl rsa -in server-key.pem -out server-key.pem sudo openssl x509 -req -in server-req.pem -days 999000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem ## Naredimo SSL za klijente, npr. phpmyadmin, wordpress, scada,....... če so na drugem serverju štekaš, npr. drugi pi!!!!! sudo openssl req -newkey rsa:2048 -days 999000 -nodes -keyout client-key.pem -out client-req.pem ## Istko kot gor SI, izola in za FQDN daj to: MariaDB client # ZDRUŽI SSL CERTIFIKATE: sudo openssl rsa -in client-key.pem -out client-key.pem sudo openssl x509 -req -in client-req.pem -days 999000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem ## pREVERI ČE DELUJEJO CERTIFIKATI VSI SKUPAJ: openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem ## ZAŠČITI SQL SERVER: sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf # kOPIRAJ V SEKCIJO [mysqld] SPODNJE DIREKTIVE KJER JE SSL: ### MySQL Server ### ## Securing the Database with ssl option and certificates ## ## There is no control over the protocol level used. ## ## mariadb will use TLSv1.0 or better. ## ssl = on ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-key=/etc/mysql/ssl/server-key.pem ## Set up TLS version here. For example TLS version 1.2 and 1.3 ## #tls_version = TLSv1.2,TLSv1.3 # SPREMENI POOBLASTILA NAD SSL CERTIFIKATI: sudo chown -Rv mysql:root /etc/mysql/ssl/ aKTIVIRAJ SSL: sudo systemctl restart mysql ## AKTIVIRAJ SSL ZA KLIJENTE OZ. APPS: sudo nano /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf # DODAJ V SEKCIJI [mysql] SPODNJE DIREKTIVE: ## MySQL Client Configuration ## ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-key=/etc/mysql/ssl/client-key.pem ## Force TLS version for client too #tls_version = TLSv1.2,TLSv1.3 ### This option is disabled by default ### ### ssl-verify-server-cert ### sudo systemctl restart mysql ## Zdaj če hočeš da klijenti uporabijo ssl moraš vsakemu dodelit certifikat se pravi perc, poberaj, webscada, info, asterix,.... ## Moraš kopirat /etc/mysql/ssl/ca-cert.pem, /etc/mysql/ssl/client-cert.pem, in /etc/mysql/ssl/client-key.pem vsem klijentom oz. uporabnikom!!! {admin@sandinetworkizola}: rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ administracija@localhost:/etc/mysql/ssl ## Terminal: rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ admin@localhost:/etc/mysql/ssl ## Vpišeš kodo od admin in tako za vsakega pero od njega kodo userja štekaš: rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ administracija@localhost:/etc/mysql/ssl rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ perc@localhost:/etc/mysql/ssl rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ poberaj@localhost:/etc/mysql/ssl rsync /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/client-cert.pem /etc/mysql/ssl/client-key.pem \ info@localhost:/etc/mysql/ssl ## Preveri če dela SSL v SQL: root@sandinetworkizola:/etc/mysql/ssl# mariadb MariaDB [(none)]> SHOW VARIABLES LIKE '%ssl%'; MariaDB [(none)]> status; ## Izpiše ti da je aktiven ssl in za status boš vidu kateri pid uporablja ssl ti napiše če je aktive oz. kateri protokol uporabljaš SSL: Cipher in use is TLS_AES_256_GCM_SHA384, exit ZDAJ MAŠ TO UŠTIMANO.... KONEC SQL INJECTION NEMOGOČE VEČ. ## NE ŠE NIČ SECURE INSTALL MYSQL DA ZAKLENEŠ ROOT NA VZVEN... TO ČISTO NA KONCU PREJ BUCKUP IMG DA MAŠ ŠTART KOPIJO ZA VEDNO, BREZ SCADA IN OSTALIH PIZDARIJ, DA JE SERVER ZA KARKOLI TV, MEDIA, SCADA ŠTEKAŠ. ITAK VEDNO PUSTI USERJE, ASTERIX, POBERAJ, PERC, TEJ SO VEDNO SUDOR, VSI OSTALI NULLA WEBSCADA, BORIS, SANDI, DREVENSEK, VOSTRI,... ITD.... ## TI PRI RASPBIAN 10 UPORABLJAŠ VEDNO SSL V3 ZAPOMNI SI IN TLS V1 openssl s_client -connect 127.0.0.1:3306 -tls1 Verify return code: 0 (ok) ZA MAILE PA SSLV3 ## DODATNA ZAŠČITA IN OMEJITVE SQL SERVER - NPR. ZA SCADO PRIDE PRAV IN OBVEZNO PHP8+: sudo nano /etc/mysql/debian.cnf sudo nano /etc/mysql/debian.cnf ## dODAJ MYSQL PASS NPR. ČE SI NAREDU Z RAČUNOM POBERAJ SUDO SERCURE INSTALL MYSQL!!!! [client] host = localhost user = root password = SQLUNAKODANPRPOBERAJUNIUSERKIJENAREDUSECUREINSTALLSQL socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = root password = SQLUNAKODANPRPOBERAJUNIUSERKIJENAREDUSECUREINSTALLSQL socket = /var/run/mysqld/mysqld.sock basedir = /usr Da preprečimo napako »Napaka pri sprejemanju: preveč odprtih datotek«, bomo zdaj za MariaDB postavili višje omejitve odprtih datotek. Odprite datoteko /etc/security/limits.conf z urejevalnikom: nano /etc/security/limits.conf in dodajte te vrstice na konec datoteke. mysql soft nofile 65535 mysql hard nofile 65535 Nato ustvarite nov imenik /etc/systemd/system/mysql.service.d/ z ukazom mkdir. mkdir -p /etc/systemd/system/mysql.service.d/ in notri dodajte novo datoteko: nano /etc/systemd/system/mysql.service.d/limits.conf v to datoteko prilepite naslednje vrstice: [Service] LimitNOFILE=infinity Shranite datoteko in zaprite urejevalnik nano. Nato znova naložimo systemd in znova zaženemo MariaDB: systemctl daemon-reload systemctl restart mariadb Zdaj preverite, ali je omrežje omogočeno. Zaženi: netstat -tap | grep mysql Izhod bi moral izgledati takole: root@server1:/home/administrator# netstat -tap | grep mysql tcp6 0 0 [::]:mysql [::]:* LISTEN 16623/mysqld ## Obvezni mouli pri php in python nevem veze če so instalirani in jih ne uporabljaš ne škodi pomaga ko nameščaš app ki rabijo te module: sudo apt-get install imagemagick php7.4-imagick libmagickcore-dev -y && sudo apt install -y php7.4-mysql php7.4-dom php7.4-simplexml php7.4-ssh2 php7.4-xml php7.4-xmlreader php7.4-curl php7.4-exif php7.4-ftp php7.4-gd php7.4-iconv php7.4-imagick php7.4-mbstring php7.4-posix php7.4-sockets php7.4-tokenizer sudo apt install php7.4-{common,mysql,xml,xmlrpc,curl,gd,cli,dev,mbstring,opcache,soap,zip,intl,bcmath,dev,imap,sockets,iconv} -y Configure PHP 7.4 sudo nano /etc/php/7.4/apache2/php.ini upload_max_filesize = 32M post_max_size = 48M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000 upload_max_filesize = 2048M post_max_size = 256M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000 sudo nano /etc/php/7.4/apache2/php.ini max_execution_time = 120 max_input_time = 120 memory_limit = 512M post_max_size = 2048M upload_max_filesize = 2048M log_errors = On error_log = /var/log/php/error.log max_execution_time = 30 max_input_vars = 1000 max_input_time = 1000 sudo mkdir -p /var/log/php sudo chown www-data /var/log/php sudo nano /etc/php/7.4/apache2/php.ini upload_max_filesize = 32M post_max_size = 48M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000 upload_max_filesize = 2048M post_max_size = 256M memory_limit = 256M max_execution_time = 600 max_input_vars = 2500 max_input_time = 600 sudo nano /etc/php/7.4/apache2/php.ini max_execution_time = 120 max_input_time = 120 memory_limit = 512M post_max_size = 2048M upload_max_filesize = 2048M log_errors = On error_log = /var/log/php/error.log date.timezone = "Europe/Ljubljana" date.timezone = Europe/Ljubljana max_execution_time = 30 max_input_vars = 1000 max_input_time = 1000 ## Apache GeoIP in spodaj paython in integracija geoip baz z karkoli apps: sudo apt-get install libapache2-mod-geoip -y && sudo apt-get install geoip-bin -y && sudo apt-get install geoip-database -y && sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin -y sudo nano /etc/apache2/mods-available/geoip.conf GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat ################################################################################################### sudo hostname pcsnet.tk sudo hostname mail.pcsnet.tk sudo hostname poberaj.ddns.net sudo hostname poberaj.ddns.net sudo apt-get install telnet -y && sudo apt-get -y install postfix postfix-mysql postfix-doc dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd dovecot-core mailutils libsasl2-2 sasl2-bin libsasl2-modules dovecot-antispam dovecot-solr mutt poberaj.ddns.net sudo maildirmake.dovecot /etc/skel/Maildir sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts sudo maildirmake.dovecot /etc/skel/Maildir/.Sent sudo maildirmake.dovecot /etc/skel/Maildir/.Spam sudo maildirmake.dovecot /etc/skel/Maildir/.Trash sudo maildirmake.dovecot /etc/skel/Maildir/.Templates sudo cp -r /etc/skel/Maildir /home/linuxter/ sudo chown -R linuxter:linuxter /home/linuxter/Maildir sudo chmod -R 700 /home/linuxter/Maildir sudo cp -r /etc/skel/Maildir /home/perc/ sudo chown -R perc:perc /home/perc/Maildir sudo chmod -R 700 /home/perc/Maildir sudo cp -r /etc/skel/Maildir /home/boris/ sudo chown -R boris:boris /home/boris/Maildir sudo chmod -R 700 /home/boris/Maildir sudo cp -r /etc/skel/Maildir /home/administracija/ sudo chown -R administracija:administracija /home/administracija/Maildir sudo chmod -R 700 /home/administracija/Maildir sudo cp -r /etc/skel/Maildir /home/sandi/ sudo chown -R sandi:sandi /home/sandi/Maildir sudo chmod -R 700 /home/sandi/Maildir sudo cp -r /etc/skel/Maildir /home/homecraftsoft/ sudo chown -R homecraftsoft:homecraftsoft /home/homecraftsoft/Maildir sudo chmod -R 700 /home/homecraftsoft/Maildir sudo cp -r /etc/skel/Maildir /home/info/ sudo chown -R info:info /home/info/Maildir sudo chmod -R 700 /home/info/Maildir sudo cp -r /etc/skel/Maildir /home/poberaj/ sudo chown -R poberaj:poberaj /home/poberaj/Maildir sudo chmod -R 700 /home/poberaj/Maildir sudo cp -r /etc/skel/Maildir /home/admin/ sudo chown -R admin:admin /home/admin/Maildir sudo chmod -R 700 /home/admin/Maildir sudo cp -r /etc/skel/Maildir /home/webscada/ sudo chown -R webscada:webscada /home/webscada/Maildir sudo chmod -R 700 /home/webscada/Maildir sudo cp -r /etc/skel/Maildir /home/cybrotech/ sudo chown -R cybrotech:cybrotech /home/cybrotech/Maildir sudo chmod -R 700 /home/cybrotech/Maildir sudo adduser linuxter mail sudo adduser administracija mail sudo adduser homecraftsoft mail sudo adduser perc mail sudo adduser mac mail sudo adduser poberaj mail sudo adduser boris mail sudo adduser sandi mail sudo adduser webscada mail sudo adduser cybrotech mail sudo adduser info mail sudo adduser admin mail sudo nano /etc/postfix/helo_access 85.10.18.198 REJECT poberaj.ddns.net REJECT smtp.poberaj.ddns.net REJECT mail.poberaj.ddns.net REJECT sandiwebscada.ddns.net REJECT smtp.sandiwebscada.ddns.net REJECT mail.sandiwebscada.ddns.net REJECT scadaizola.ddns.net REJECT smtp.scadaizola.ddns.net REJECT mail.scadaizola.ddns.net REJECT ## Ostalo glej zapiske oz. tvoj stari server main.cf / postfix in dovecot vse nastavitve!!!!! sudo nano /etc/postfix/main.cf sudo nano /etc/dovecot/dovecot.conf sudo nano /etc/dovecot/conf.d/10-mail.conf sudo service postfix restart sudo service dovecot restart install webmin debian 11 sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python3 unzip -y sudo su echo "deb https://download.webmin.com/download/repository sarge contrib" | tee /etc/apt/sources.list.d/webmin.list apt install sudo gnupg2 -y wget -qO - http://www.webmin.com/jcameron-key.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/jcameron-key.gpg apt update apt install webmin -y Cerbot modul webmin http://cdn.acugis.com/certbot-webmin-module/certbot.wbm.gz sudo apt-get install certbot python3-certbot-apache -y sudo apt-get install build-essential libcurl4-openssl-dev zlib1g-dev -y sudo apt-get -y install gcc make autoconf libc-dev pkg-config lm-sensors **************************************************************************************************** /etc/ssl/localcerts/server.pem Ubuntu/Debian install: sudo apt-get install -y git python-pip python3 python3-dev python3-pip libpcap-dev build-essential procps schedtool && sudo pip3 install pcapy-ng && sudo apt-get install git python3-pcapy -y && ## SSL Support sudo apt-get install -y python3-openssl python3-openssl python-openssl-doc && sudo pip3 install pcapy-ng && sudo pip3 install pyopenssl ## SSL za maltrail sudo apt-get install -y python3-openssl python3-openssl python-openssl-doc && sudo pip3 install pcapy-ng && sudo pip3 install pyopenssl sudo apt-get install schedtool -y && sudo apt-get install git python-pcapy -y && sudo pip install pcapy-ng && sudo pip install pyopenssl sudo su cd /opt/ git clone --depth 1 https://github.com/stamparm/maltrail.git cd maltrail sudo python3 sensor.py & Setup Maltrail Malicious Traffic Detection System on Linux sudo apt update && sudo apt upgrade sudo apt install dnsutils sudo apt-get install schedtool -y sudo apt-get install git python-pcapy -y git clone https://github.com/stamparm/maltrail.git cd /opt/maltrail sudo python3 sensor.py & Start server on same machin: [[ -d maltrail ]] || git clone https://github.com/stamparm/maltrail.git cd maltrail python3 server.py & sudo python3 server.py & sudo pkill -f server.py nano /opt/maltrail/maltrail-ips.sh chmod +x /opt/maltrail/maltrail-ips.sh Example (works in Linux systems only): #!/bin/bash ipset -q flush maltrail ipset -q create maltrail hash:net for ip in $(curl http://127.0.0.1:8338/fail2ban 2>/dev/null | grep -P '^[0-9.]+$'); do ipset add maltrail $ip; done iptables -I INPUT -m set --match-set maltrail src -j DROP Save this script as, for example, as /opt/maltrail/maltrail-ips.sh and make it executable by chmod +x /opt/maltrail/maltrail-ips.sh command. This script could be run as a root cronjob on a minute basis: * * * * * /opt/maltrail/maltrail-ips.sh Best practice(s) Install Maltrail: On Ubuntu/Debian sudo apt-get install git python3 python3-dev python3-pip python-is-python3 libpcap-dev build-essential procps schedtool sudo pip3 install pcapy-ng cd /tmp git clone --depth 1 https://github.com/stamparm/maltrail.git sudo mv /tmp/maltrail /opt sudo chown -R $USER:$USER /opt/maltrail On SUSE/openSUSE sudo zypper install gcc gcc-c++ git libpcap-devel python3-devel python3-pip procps schedtool sudo pip3 install pcapy-ng cd /tmp git clone --depth 1 https://github.com/stamparm/maltrail.git sudo mv /tmp/maltrail /opt sudo chown -R $USER:$USER /opt/maltrail Set working environment: sudo mkdir -p /var/log/maltrail sudo mkdir -p /etc/maltrail sudo cp /opt/maltrail/maltrail.conf /etc/maltrail sudo nano /etc/maltrail/maltrail.conf Set running environment: crontab -e # autostart server & periodic update */5 * * * * if [ -n "$(ps -ef | grep -v grep | grep 'server.py')" ]; then : ; else python3 /opt/maltrail/server.py -c /etc/maltrail/maltrail.conf; fi 0 1 * * * cd /opt/maltrail && git pull sudo crontab -e # autostart sensor & periodic restart */1 * * * * if [ -n "$(ps -ef | grep -v grep | grep 'sensor.py')" ]; then : ; else python3 /opt/maltrail/sensor.py -c /etc/maltrail/maltrail.conf; fi 2 1 * * * /usr/bin/pkill -f maltrail Enable as systemd services (Linux only): sudo cp /opt/maltrail/maltrail-sensor.service /etc/systemd/system/maltrail-sensor.service sudo cp /opt/maltrail/maltrail-server.service /etc/systemd/system/maltrail-server.service sudo systemctl daemon-reload sudo systemctl start maltrail-server.service sudo systemctl start maltrail-sensor.service sudo systemctl enable maltrail-server.service sudo systemctl enable maltrail-sensor.service systemctl status maltrail-server.service && systemctl status maltrail-sensor.service sudo systemctl status maltrail-server.service sudo systemctl status maltrail-sensor.service sudo apt-get install -y proftpd openssl proftpd-basic sudo nano /etc/proftpd/proftpd.conf ServerName "My FTP-Server" DefaultRoot ~ AccessGrantMsg "Pozdrav na PCSNET FTP Server" AccessDenyMsg "Not Welcome - Ciao" ###Configure TLS with proftpd sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 999999 89-212-137-96.static.t-2.net sudo chmod 600 /etc/ssl/certs/proftpd.crt sudo chmod 640 /etc/ssl/private/proftpd.key nano /etc/proftpd/proftpd.conf #Uncomment the TLS line: Include /etc/proftpd/tls.conf nano /etc/proftpd/tls.conf TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSRSACertificateFile /etc/ssl/certs/proftpd.crt TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired TLSVerifyClient off TLSRequired on sudo systemctl restart proftpd

      Temo je pričel: Boris Perc in: Zasebno: ℹ️ Sandi WEB Scada

    • 1
    • 1
    • 2 years, 11 months nazaj

    • VirtualBox Windows 10/11 Namestitev 🌍 VirtualBox - Priročnik in Prenos: 🖥 https://www.virtualbox.org/wiki/Downloads🖥 💻Virtualizacija Sistema 💻Zaščita vašega omrežja in spletnih aplikacij     @media print {#ghostery-tracker-tally {display:none !important}} Oracle® VM VirtualBox® User Manual Oracle and/or its affiliates Copyright © 2004-2022 Oracle and/or its affiliates Table of Contents Preface 1. First Steps 1.1. Why is Virtualization Useful? 1.2. Some Terminology 1.3. Features Overview 1.4. Supported Host Operating Systems 1.4.1. Host CPU Requirements 1.5. Installing Oracle VM VirtualBox and Extension Packs 1.6. Starting Oracle VM VirtualBox 1.7. VirtualBox Manager 1.7.1. The Machine List 1.7.2. The Details Pane 1.7.3. VirtualBox Manager Tools 1.7.4. Help Viewer 1.7.5. About VirtualBox Manager Wizards 1.8. Creating Your First Virtual Machine 1.8.1. Create Virtual Machine Wizard: Name and Operating System 1.8.2. (Optional) Create Virtual Machine Wizard: Unattended Guest OS Install 1.8.3. Create Virtual Machine Wizard: Hardware 1.8.4. Create Virtual Machine Wizard: Virtual Hard Disk 1.8.5. Create Virtual Machine Wizard: Summary 1.8.6. Some Examples of Unattended Installation 1.9. Running Your Virtual Machine 1.9.1. Starting a New VM for the First Time 1.9.2. Capturing and Releasing Keyboard and Mouse 1.9.3. Typing Special Characters 1.9.4. Changing Removable Media 1.9.5. Resizing the Machine's Window 1.9.6. Saving the State of the Machine 1.10. Using VM Groups 1.11. Snapshots 1.11.1. Taking, Restoring, and Deleting Snapshots 1.11.2. Snapshot Contents 1.12. Virtual Machine Configuration 1.13. Removing and Moving Virtual Machines 1.14. Cloning Virtual Machines 1.15. Importing and Exporting Virtual Machines 1.15.1. About the OVF Format 1.15.2. Importing an Appliance in OVF Format 1.15.3. Exporting an Appliance in OVF Format 1.16. Integrating with Oracle Cloud Infrastructure 1.16.1. Preparing for Oracle Cloud Infrastructure Integration 1.16.2. Creating an API Signing Key Pair 1.16.3. Uploading the Public Key to Oracle Cloud Infrastructure 1.16.4. Creating a Cloud Profile 1.16.5. Using the Cloud Profile Manager 1.16.6. Using Oracle VM VirtualBox With Oracle Cloud Infrastructure 1.16.7. Using Cloud Virtual Machines 1.16.8. Exporting an Appliance to Oracle Cloud Infrastructure 1.16.9. Importing an Instance from Oracle Cloud Infrastructure 1.16.10. Using a Cloud Network 1.16.11. Using VBoxManage Commands With Oracle Cloud Infrastructure 1.17. Preferences 1.18. Alternative Front-Ends 1.19. Soft Keyboard 1.19.1. Using the Soft Keyboard 1.19.2. Creating a Custom Keyboard Layout 1.20. Monitoring of Virtual Machines 1.20.1. VM Activity Overview 1.20.2. Session Information Dialog 1.21. The Log Viewer 2. Installation Details 2.1. Installing on Windows Hosts 2.1.1. Prerequisites 2.1.2. Performing the Installation 2.1.3. Uninstallation 2.1.4. Unattended Installation 2.1.5. Public Properties 2.2. Installing on macOS Hosts 2.2.1. Performing the Installation 2.2.2. Uninstallation 2.2.3. Unattended Installation 2.3. Installing on Linux Hosts 2.3.1. Prerequisites 2.3.2. The Oracle VM VirtualBox Kernel Modules 2.3.3. Performing the Installation 2.3.4. The vboxusers Group 2.3.5. Starting Oracle VM VirtualBox on Linux 2.4. Installing on Oracle Solaris Hosts 2.4.1. Performing the Installation 2.4.2. The vboxuser Group 2.4.3. Starting Oracle VM VirtualBox on Oracle Solaris 2.4.4. Uninstallation 2.4.5. Unattended Installation 2.4.6. Configuring a Zone for Running Oracle VM VirtualBox 2.5. Installing an Extension Pack 2.5.1. The Extension Pack Manager 3. Configuring Virtual Machines 3.1. Supported Guest Operating Systems 3.1.1. Mac OS X Guests 3.1.2. 64-bit Guests 3.2. Unattended Guest Installation 3.2.1. Using VBoxManage Commands for Unattended Guest Installation 3.3. Emulated Hardware 3.4. General Settings 3.4.1. Basic Tab 3.4.2. Advanced Tab 3.4.3. Description Tab 3.4.4. Disk Encryption Tab 3.5. System Settings 3.5.1. Motherboard Tab 3.5.2. Processor Tab 3.5.3. Acceleration Tab 3.6. Display Settings 3.6.1. Screen Tab 3.6.2. Remote Display Tab 3.6.3. Recording Tab 3.7. Storage Settings 3.8. Audio Settings 3.9. Network Settings 3.10. Serial Ports 3.11. USB Support 3.11.1. USB Settings 3.11.2. Implementation Notes for Windows and Linux Hosts 3.12. Shared Folders 3.13. User Interface 3.14. Alternative Firmware (EFI) 3.14.1. Video Modes in EFI 3.14.2. Specifying Boot Arguments 4. Guest Additions 4.1. Introduction to Guest Additions 4.2. Installing and Maintaining Guest Additions 4.2.1. Guest Additions for Windows 4.2.2. Guest Additions for Linux 4.2.3. Guest Additions for Oracle Solaris 4.2.4. Guest Additions for OS/2 4.3. Shared Folders 4.3.1. Manual Mounting 4.3.2. Automatic Mounting 4.4. Drag and Drop 4.4.1. Supported Formats 4.4.2. Known Limitations 4.5. Hardware-Accelerated Graphics 4.5.1. Hardware 3D Acceleration (OpenGL and Direct3D 8/9) 4.5.2. Hardware 2D Video Acceleration for Windows Guests 4.6. Seamless Windows 4.7. Guest Properties 4.7.1. Using Guest Properties to Wait on VM Events 4.8. Guest Control File Manager 4.8.1. Using the Guest Control File Manager 4.9. Guest Control of Applications 4.10. Memory Overcommitment 4.10.1. Memory Ballooning 4.10.2. Page Fusion 4.11. Controlling Virtual Monitor Topology 4.11.1. X11/Wayland Desktop Environments 5. Virtual Storage 5.1. Hard Disk Controllers 5.2. Disk Image Files (VDI, VMDK, VHD, HDD) 5.3. The Virtual Media Manager 5.3.1. Creating a Virtual Hard Disk Image 5.3.2. Creating a Virtual Optical Disk Image 5.3.3. Creating a Virtual Floppy Disk Image 5.4. Special Image Write Modes 5.5. Differencing Images 5.6. Cloning Disk Images 5.7. Host Input/Output Caching 5.8. Limiting Bandwidth for Disk Images 5.9. CD/DVD Support 5.10. iSCSI Servers 5.11. vboximg-mount: A Utility for FUSE Mounting a Virtual Disk Image 5.11.1. Viewing Detailed Information About a Virtual Disk Image 5.11.2. Mounting a Virtual Disk Image 6. Virtual Networking 6.1. Virtual Networking Hardware 6.2. Introduction to Networking Modes 6.3. Network Address Translation (NAT) 6.3.1. Configuring Port Forwarding with NAT 6.3.2. PXE Booting with NAT 6.3.3. NAT Limitations 6.4. Network Address Translation Service 6.5. Bridged Networking 6.6. Internal Networking 6.7. Host-Only Networking 6.8. UDP Tunnel Networking 6.9. VDE Networking 6.10. Cloud Networks 6.11. Network Manager 6.11.1. Host-Only Networks Tab 6.11.2. NAT Networks Tab 6.11.3. Cloud Networks Tab 6.12. Limiting Bandwidth for Network Input/Output 6.13. Improving Network Performance 7. Remote Virtual Machines 7.1. Remote Display (VRDP Support) 7.1.1. Common Third-Party RDP Viewers 7.1.2. VBoxHeadless, the Remote Desktop Server 7.1.3. Step by Step: Creating a Virtual Machine on a Headless Server 7.1.4. Remote USB 7.1.5. RDP Authentication 7.1.6. RDP Encryption 7.1.7. Multiple Connections to the VRDP Server 7.1.8. Multiple Remote Monitors 7.1.9. VRDP Video Redirection 7.1.10. VRDP Customization 7.2. Teleporting 7.3. VBoxHeadless 8. VBoxManage 8.1. Introduction 8.2. Commands Overview 8.3. General Options 8.4. VBoxManage 8.5. VBoxManage list 8.6. VBoxManage showvminfo 8.7. VBoxManage registervm 8.8. VBoxManage unregistervm 8.9. VBoxManage createvm 8.10. VBoxManage modifyvm 8.11. VBoxManage clonevm 8.12. VBoxManage movevm 8.13. VBoxManage encryptvm 8.14. VBoxManage cloud 8.15. VBoxManage cloudprofile 8.16. VBoxManage import 8.17. VBoxManage export 8.18. VBoxManage signova 8.19. VBoxManage startvm 8.20. VBoxManage controlvm 8.21. VBoxManage unattended 8.22. VBoxManage discardstate 8.23. VBoxManage adoptstate 8.24. VBoxManage snapshot 8.25. VBoxManage closemedium 8.26. VBoxManage storageattach 8.27. VBoxManage storagectl 8.28. VBoxManage bandwidthctl 8.29. VBoxManage showmediuminfo 8.30. VBoxManage createmedium 8.31. VBoxManage modifymedium 8.32. VBoxManage clonemedium 8.33. VBoxManage mediumproperty 8.34. VBoxManage encryptmedium 8.35. VBoxManage checkmediumpwd 8.36. VBoxManage convertfromraw 8.37. VBoxManage mediumio 8.38. VBoxManage setextradata 8.39. VBoxManage getextradata 8.40. VBoxManage setproperty 8.41. VBoxManage usbfilter 8.42. VBoxManage sharedfolder 8.43. VBoxManage guestproperty 8.44. VBoxManage guestcontrol 8.45. VBoxManage debugvm 8.46. VBoxManage metrics 8.47. VBoxManage natnetwork 8.48. VBoxManage hostonlyif 8.49. VBoxManage hostonlynet 8.50. VBoxManage dhcpserver 8.51. VBoxManage usbdevsource 8.52. VBoxManage extpack 8.53. VBoxManage updatecheck 8.54. VBoxManage modifynvram 8.55. vboximg-mount 9. Advanced Topics 9.1. Automated Guest Logins 9.1.1. Automated Windows Guest Logins 9.1.2. Automated Linux and UNIX Guest Logins 9.2. Advanced Configuration for Windows Guests 9.2.1. Automated Windows System Preparation 9.3. Advanced Configuration for Linux and Oracle Solaris Guests 9.3.1. Manual Setup of Selected Guest Services on Linux 9.3.2. Guest Graphics and Mouse Driver Setup in Depth 9.4. CPU Hot-Plugging 9.5. Webcam Passthrough 9.5.1. Using a Host Webcam in the Guest 9.5.2. Windows Hosts 9.5.3. macOS Hosts 9.5.4. Linux and Oracle Solaris Hosts 9.6. Advanced Display Configuration 9.6.1. Custom VESA Resolutions 9.6.2. Configuring the Maximum Resolution of Guests When Using the Graphical Frontend 9.7. Advanced Storage Configuration 9.7.1. Using a Raw Host Hard Disk From a Guest 9.7.2. Configuring the Hard Disk Vendor Product Data (VPD) 9.7.3. Access iSCSI Targets Using Internal Networking 9.8. Fine Tuning the Oracle VM VirtualBox NAT Engine 9.8.1. Configuring the Address of a NAT Network Interface 9.8.2. Configuring the Boot Server (Next Server) of a NAT Network Interface 9.8.3. Tuning TCP/IP Buffers for NAT 9.8.4. Binding NAT Sockets to a Specific Interface 9.8.5. Enabling DNS Proxy in NAT Mode 9.8.6. Using the Host's Resolver as a DNS Proxy in NAT Mode 9.8.7. Configuring Aliasing of the NAT Engine 9.9. Configuring the BIOS DMI Information 9.10. Configuring Custom ACPI Tables 9.11. Fine Tuning Timers and Time Synchronization 9.11.1. Configuring the Guest Time Stamp Counter (TSC) to Reflect Guest Execution 9.11.2. Accelerate or Slow Down the Guest Clock 9.11.3. Tuning the Guest Additions Time Synchronization Parameters 9.11.4. Disabling the Guest Additions Time Synchronization 9.12. Installing the Alternate Bridged Networking Driver on Oracle Solaris 11 Hosts 9.13. Oracle VM VirtualBox VNIC Templates for VLANs on Oracle Solaris 11 Hosts 9.14. Configuring Multiple Host-Only Network Interfaces on Oracle Solaris Hosts 9.15. Configuring the Oracle VM VirtualBox CoreDumper on Oracle Solaris Hosts 9.16. Oracle VM VirtualBox and Oracle Solaris Kernel Zones 9.17. Locking Down VirtualBox Manager 9.17.1. Customizing VirtualBox Manager 9.17.2. VM Selector Customization 9.17.3. Configure VM Selector Menu Entries 9.17.4. Configure VM Window Menu Entries 9.17.5. Configure VM Window Status Bar Entries 9.17.6. Configure VM Window Visual Modes 9.17.7. Host Key Customization 9.17.8. Action when Terminating the VM 9.17.9. Default Action when Terminating the VM 9.17.10. Action for Handling a Guru Meditation 9.17.11. Configuring Automatic Mouse Capturing 9.17.12. Requesting Legacy Full-Screen Mode 9.17.13. Removing Certain Modes of Networking From the GUI 9.18. Starting the Oracle VM VirtualBox Web Service Automatically 9.18.1. Linux: Starting the Web Service With init 9.18.2. Oracle Solaris: Starting the Web Service With SMF 9.18.3. macOS: Starting the Web Service With launchd 9.19. Oracle VM VirtualBox Watchdog 9.19.1. Memory Ballooning Control 9.19.2. Host Isolation Detection 9.19.3. More Information 9.19.4. Linux: Starting the Watchdog Service With init 9.19.5. Oracle Solaris: Starting the Watchdog Service With SMF 9.20. Other Extension Packs 9.21. Starting Virtual Machines During System Boot 9.21.1. Linux: Starting the Autostart Service With init 9.21.2. Oracle Solaris: Starting the Autostart Service With SMF 9.21.3. macOS: Starting the Autostart Service With launchd 9.21.4. Windows: Starting the Autostart Service 9.22. Encryption of VMs 9.22.1. Limitations of VM Encryption 9.22.2. Encrypting a VM 9.22.3. Opening the Encrypted VM 9.22.4. Decrypting Encrypted VMs 9.23. Oracle VM VirtualBox Expert Storage Management 9.24. Handling of Host Power Management Events 9.25. Passing Through SSE4.1/SSE4.2 Instructions 9.26. Support for Keyboard Indicator Synchronization 9.27. Capturing USB Traffic for Selected Devices 9.28. Configuring the Heartbeat Service 9.29. Encryption of Disk Images 9.29.1. Limitations of Disk Encryption 9.29.2. Encrypting Disk Images 9.29.3. Starting a VM with Encrypted Images 9.29.4. Decrypting Encrypted Images 9.30. Paravirtualized Debugging 9.30.1. Hyper-V Debug Options 9.31. PC Speaker Passthrough 9.32. Accessing USB devices Exposed Over the Network with USB/IP 9.32.1. Setting up USB/IP Support on a Linux System 9.32.2. Security Considerations 9.33. Using Hyper-V with Oracle VM VirtualBox 9.34. Nested Virtualization 9.35. VBoxSVC running in Windows Session 0 9.35.1. Known Issues 9.36. VISO file format / RTIsoMaker 10. Technical Background 10.1. Where Oracle VM VirtualBox Stores its Files 10.1.1. The Machine Folder 10.1.2. Global Settings 10.1.3. Summary of Configuration Data Locations 10.1.4. Oracle VM VirtualBox XML Files 10.2. Oracle VM VirtualBox Executables and Components 10.3. Hardware Virtualization 10.4. Details About Hardware Virtualization 10.5. Paravirtualization Providers 10.6. Nested Paging and VPIDs 11. Oracle VM VirtualBox Programming Interfaces 12. Troubleshooting 12.1. Procedures and Tools 12.1.1. Categorizing and Isolating Problems 12.1.2. Collecting Debugging Information 12.1.3. Using the VBoxBugReport Command to Collect Debug Information Automatically 12.1.4. The Built-In VM Debugger 12.1.5. VM Core Format 12.2. General Troubleshooting 12.2.1. Guest Shows IDE/SATA Errors for File-Based Images on Slow Host File System 12.2.2. Responding to Guest IDE/SATA Flush Requests 12.2.3. Performance Variation with Frequency Boosting 12.2.4. Frequency Scaling Effect on CPU Usage 12.2.5. Inaccurate Windows CPU Usage Reporting 12.2.6. Poor Performance Caused by Host Power Management 12.2.7. GUI: 2D Video Acceleration Option is Grayed Out 12.3. Windows Guests 12.3.1. No USB 3.0 Support in Windows 7 Guests 12.3.2. Windows Bluescreens After Changing VM Configuration 12.3.3. Windows 0x101 Bluescreens with SMP Enabled (IPI Timeout) 12.3.4. Windows 2000 Installation Failures 12.3.5. How to Record Bluescreen Information from Windows Guests 12.3.6. No Networking in Windows Vista Guests 12.3.7. Windows Guests may Cause a High CPU Load 12.3.8. Long Delays When Accessing Shared Folders 12.3.9. USB Tablet Coordinates Wrong in Windows 98 Guests 12.3.10. Windows Guests are Removed From an Active Directory Domain After Restoring a Snapshot 12.3.11. Windows 3.x Limited to 64 MB RAM 12.4. Linux and X11 Guests 12.4.1. Linux Guests May Cause a High CPU load 12.4.2. Buggy Linux 2.6 Kernel Versions 12.4.3. Shared Clipboard, Auto-Resizing, and Seamless Desktop in X11 Guests 12.5. Oracle Solaris Guests 12.5.1. Certain Oracle Solaris 10 Releases May Take a Long Time to Boot with SMP 12.6. Windows Hosts 12.6.1. VBoxSVC Out-of-Process COM Server Issues 12.6.2. CD and DVD Changes Not Recognized 12.6.3. Sluggish Response When Using Microsoft RDP Client 12.6.4. Running an iSCSI Initiator and Target on a Single System 12.6.5. Bridged Networking Adapters Missing 12.6.6. Host-Only Networking Adapters Cannot be Created 12.7. Linux Hosts 12.7.1. Linux Kernel Module Refuses to Load 12.7.2. Linux Host CD/DVD or Floppy Disk Drive Not Found 12.7.3. Strange Guest IDE Error Messages When Writing to CD or DVD 12.7.4. VBoxSVC IPC Issues 12.7.5. USB Not Working 12.7.6. PAX/grsec Kernels 12.7.7. Linux Kernel vmalloc Pool Exhausted 12.8. Oracle Solaris Hosts 12.8.1. Cannot Start VM, Not Enough Contiguous Memory 13. Security Guide 13.1. General Security Principles 13.2. Secure Installation and Configuration 13.2.1. Installation Overview 13.2.2. Post Installation Configuration 13.3. Security Features 13.3.1. The Security Model 13.3.2. Secure Configuration of Virtual Machines 13.3.3. Configuring and Using Authentication 13.3.4. Potentially Insecure Operations 13.3.5. Encryption 13.4. Security Recommendations 13.4.1. CVE-2018-3646 13.4.2. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 14. Known Limitations 14.1. Experimental Features 14.2. Known Issues 15. Change Log 15.1. Version 7.0.2 (2022-10-20) 15.2. Version 7.0.0 (2022-10-10) 15.3. Change Logs for Legacy Versions A. Third-Party Materials and Licenses A.1. Third-Party Materials A.2. Third-Party Licenses A.2.1. GNU General Public License (GPL) A.2.2. GNU Lesser General Public License (LGPL) A.2.3. Mozilla Public License (MPL) A.2.4. MIT License A.2.5. X Consortium License (X11) (variant 1) A.2.6. X Consortium License (X11) (variant 2) A.2.7. zlib License A.2.8. Apache License v2 A.2.9. OpenSSL License A.2.10. Slirp License A.2.11. liblzf License A.2.12. libpng License A.2.13. lwIP License A.2.14. libxml License A.2.15. gSOAP Public License Version 1.3a A.2.16. curl License A.2.17. libgd License A.2.18. BSD License from Intel A.2.19. IJG (Independent JPEG Group) License A.2.20. libjpeg-turbo Modified (3-clause) BSD License A.2.21. FreeBSD License A.2.22. NetBSD License A.2.23. VPX License A.2.24. Vorbis License A.2.25. curl License A.2.26. DocBook XML DTD License A.2.27. DocBook XSL Stylesheets License A.2.28. Intel ACPI Component Architecture (ACPICA) License A.2.29. Khronos License A.2.30. SGI Free Software License B A.2.31. Boost Software License A.2.32. Default Mesa 3D Graphics Library License A.2.33. Microsoft Software License A.2.34. Python License A.2.35. License for Berkeley SoftFloat Release 3e A.2.36. BSD 3-Clause License for Glslang A.2.37. BSD 2-Clause License for Glslang A.2.38. GNU General Public License (GPL) License with Bison Exception for Glslang A.2.39. WiX Toolset License A.2.40. XFree86 License (variant 1) A.2.41. XFree86 License (variant 2) A.2.42. Cereal License A.2.43. Keith Packard License A.2.44. X Direct Rendering Infrastructure (DRI) 2 Extension License A.2.45. Network Computing Devices and DEC License A.2.46. MIT Open Group Variant License A.2.47. Digital Equipment Corporation License (variant 1) A.2.48. Digital Equipment Corporation License (variant 2) A.2.49. Digital Equipment Corporation License (variant 3) A.2.50. Digital Equipment Corporation and QuarterDeck Office Systems License A.2.51. Hewlett-Packard License (variant 1) A.2.52. Hewlett-Packard License (variant 2) A.2.53. Hewlett-Packard License (variant 3) A.2.54. Hewlett-Packard License (variant 4) A.2.55. Silicon Graphics License A.2.56. X Resize and Rotate Extension (RandR) License A.2.57. SuSE License A.2.58. Network Computing Devices (NCD) License (variant 1) A.2.59. Network Computing Devices (NCD) License (variant 2) A.2.60. Network Computing Devices (NCD) License (variant 3) A.2.61. Digital Equipment Corporation and Olivetti Research Limited License A.2.62. X Consortium, DEC, Intergraph, Silicon Graphics, and Hewlett-Packard License A.2.63. Sun Microsystems License A.2.64. X libpciaccess Library License A.2.65. X libxshmfence License A.2.66. X xf86-input-mouse driver License A.2.67. Kazutaka YOKOTA License A.2.68. Conectiva License A.2.69. Red Hat and SuSE License A.2.70. Red Hat License A.2.71. X Consortium and Red Hat License A.2.72. Precision Insight License A.2.73. VA Linux and IBM License A.2.74. IBM License A.2.75. Metro Link License (variant 1) A.2.76. Metro Link License (variant 2) A.2.77. Metro Link License (variant 3) A.2.78. NVIDIA License A.2.79. Vrije Universiteit License A.2.80. Concurrent Computer Corporation License A.2.81. Nokia License A.2.82. Adobe License A.2.83. University of California License (variant 1) A.2.84. University of California License (variant 2) A.2.85. OMRON Corporation and Data General Corporation License A.2.86. X11 Legacy License (variant 1) A.2.87. X11 Legacy License (variant 2) A.2.88. X11 Legacy License (variant 3) A.2.89. X11 Legacy License (variant 4) A.2.90. X11 Legacy License (variant 5) A.2.91. X11 Legacy License (variant 6) A.2.92. X11 Legacy License (variant 7) A.2.93. X11 Legacy License (variant 8) A.2.94. X11 Legacy License (variant 9) A.2.95. X11 Legacy License (variant 10) A.2.96. X11 Legacy License (variant 11) A.2.97. X11 Legacy License (variant 12) A.2.98. X11 Legacy License (variant 13) A.2.99. X11 Legacy License (variant 14) A.2.100. Davor Matic License A.2.101. Harold L Hunt II License A.2.102. Thomas Roell License A.2.103. Thomas Roell and David Wexelblat License A.2.104. Thomas Roell and SGCS (Snitily Graphics Consulting Services) License A.2.105. Alan Hourihane License A.2.106. Kaleb S. Keithley License A.2.107. Matthieu Herrb License A.2.108. Egbert Eich License A.2.109. David Wexelblat License A.2.110. Orest Zborowski and David Wexelblat License A.2.111. Orest Zborowski and David Dawes License A.2.112. Frederic Lepied License A.2.113. Rich Murphey and David Wexelblat License A.2.114. Rich Murphey and David Dawes License A.2.115. Anders Carlsson License A.2.116. Eric Anholt License A.2.117. Todd C. Miller License A.2.118. Philip Blundell License A.2.119. Marc Aurele La France License A.2.120. J. Kean Johnston License A.2.121. Jakub Jelinek License A.2.122. UCHIYAMA Yasushi License A.2.123. OpenedHand Ltd License A.2.124. Oracle License A.2.125. NVIDIA License for Glslang A.2.126. The Khronos Group Inc. License for Glslang A.2.127. The Khronos Group Inc. License for the EGL Registry Repository A.2.128. The IBM Corporation License for the libtpms library B. Oracle VM VirtualBox Privacy Information Glossary List of Figures 1.1. Windows Server 2016 Virtual Machine, Displayed on a macOS Host 1.2. VirtualBox Manager, Showing Welcome Screen After Initial Startup 1.3. VirtualBox Manager Window, After Creating Virtual Machines 1.4. VirtualBox Manager Details Pane, Including Toolbar 1.5. Global Tools Menu 1.6. Machine Tools Menu 1.7. Creating a Virtual Machine: Name and Operating System 1.8. Creating a Virtual Machine: Unattended Guest OS Installation 1.9. Creating a Virtual Machine: Hardware 1.10. Creating a New Virtual Machine: Virtual Hard Disk 1.11. Host Key Setting on the Virtual Machine Taskbar 1.12. Closing Down a Virtual Machine 1.13. Groups of Virtual Machines 1.14. Snapshots Tool, Showing Snapshot Properties 1.15. Snapshots List For a Virtual Machine 1.16. Clone Virtual Machine Wizard: New Machine Name and Path 1.17. Clone Virtual Machine Wizard: Clone Type 1.18. Clone Virtual Machine Wizard: Snapshots 1.19. Import Virtual Appliance Wizard: Appliance Settings 1.20. Upload Public Key Dialog in Oracle Cloud Infrastructure Console 1.21. The Cloud Profile Manager 1.22. Cloud VMs, Shown in VirtualBox Manager 1.23. OCI Group, Containing Cloud VMs 1.24. Create Cloud Virtual Machine Wizard 1.25. Add Cloud Virtual Machine Wizard 1.26. Export Virtual Appliance Wizard: Format Settings 1.27. Import Cloud Instance Wizard: Appliance Settings 1.28. Soft Keyboard in a Guest Virtual Machine 1.29. VM Activity Overview Tool 1.30. Session Information Dialog, Showing VM Activity Tab 1.31. Log Viewer Tool, Showing System Events 3.1. Storage Settings for a Virtual Machine 4.1. Drag and Drop Menu Options 4.2. Seamless Windows on a Host Desktop 4.3. Guest Control File Manager 5.1. The Virtual Media Manager, Showing Hard Disk Images 5.2. Create Virtual Hard Disk Wizard 5.3. Differencing Images, Shown in Virtual Media Manager List of Tables 3.1. Guest Operating Systems With Full Support 3.2. Legacy Guest Operating Systems With Limited Support 6.1. Overview of Networking Modes 9.1. Host Key Customization 9.2. Web Service Configuration Parameters 9.3. Oracle VM VirtualBox Watchdog Configuration Parameters 9.4. PC Speaker Configuration Options 10.1. Configuration File Locations A.1. Mesa Component Licenses A.2. Python releases

      Temo je pričel: Boris Perc in: VirtualBox Windows 10/11 Namestitev

    • 0
    • 1
    • 2 years, 5 months nazaj

      Boris Perc

  •  

Prikaz 2 tem - od 1 do 2 (od skupno 2)
Translate 🇸🇮 »