2017年1月16日星期一

禁止 root 以 ssh 登入

http://mepopedia.com/forum/read.php?135,5748

1. 找到檔案 /etc/ssh/sshd_config

2. 修改其中的

#PermitRootLogin yes

改為

PermitRootLogin no (注意開頭不要有井字號 #)

3. 重新啟動 SSH

/etc/rc.d/sshd restart

2017年1月15日星期日

#!/bin/bash
iptables -t filter -F #清空所有iptables表
iptables -t filter -P INPUT ACCEPT
iptables -t filter -A INPUT -p tcp -s 10.1.10.174/255.255.255.0 --dport 22 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 22 -j REJECT

#只容許 10.1.10.174用 22 port 登入

2016年11月24日星期四

crontab 隔週執行程式

#抓取TRC Catalogue,隔週五抓取
15 22 * * 5 [ $(( $(( $(date +\%W ) )) % 2 )) -eq 1 ] && $HOME/perl/web/getInfoFromTRC.pl > /tmp/getInfoFromTRC.log 2>&1

2016年11月9日星期三

PHP 和 Javascript (AJAX) 數值傳遞實例

1. 由於不同server，所以PHP需要增加以下紅字部分

<?php
header("Access-Control-Allow-Origin: *");

$v = $_REQUEST;

foreach($v as $i=>$v)
{
#$temp = $temp."$i=$v,";
if ($i == "occ03") {$occ03 = $v;}
if ($i == "occ11") {$occ11 = $v;}
}

$dbconn = oci_connect("xxx","yyy",
                      "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=xxx.xxx.xxx.xxx)(PORT=1521))(CONNECT_DATA=(SID=xxx)))",
                      "AL32UTF8");

$sql = "
   select count(*)
     from occ_file
    where occ03 = substr(:occ03,1,2)
      and occ11 = :occ11
    order by 1
";

$stid = oci_parse($dbconn, $sql);
oci_bind_by_name($stid,":occ03",$occ03);
oci_bind_by_name($stid,":occ11",$occ11);

//echo "2";
oci_execute($stid);
while ($row = oci_fetch_row($stid)) {
   echo "$row[0]";
   #echo "var occ11_cnt=$row[0];";
}

oci_close($dbconn);
?>

2. 由於是asynch，所以javascript在判斷時要在 onreadystatechange 就改變原本網頁element的值，另外sleep兩秒(因為asynch，太短時間怕抓到為修改以前的值)
3. 也許使用 XmlHttpRequest 的 sync option (底下true的地方) 也可以，但我未測試

function ... (
chkOCC11();
sleep(2000);
var str = document.getElementById("occ11").value;
if (str.match("請重新輸入")) {
     //alert("統一編號重複，請確認")
     return false;
};

return true;
)

function chkOCC11() {
   var occ03 = document.getElementById("occ03").value;
   var occ11 = document.getElementById("occ11").value;

   var http ;
   if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
      http = new XMLHttpRequest();
   } else {// code for IE6, IE5
      http = new ActiveXObject("Microsoft.XMLHTTP");
   }

   var url = "http://10.1.100.201/eip/action/SA001/chkOCC11.php";
   var params = "occ03=" + occ03.substr(0,2) + "&occ11=" + occ11;
   var occ11_cnt;

   if ("withCredentials" in http) {
      http.open('POST', url + "?" + params, true);
    }
   else if (typeof XDomainRequest != "undefined") {
      http = new XDomainRequest();
      http.open('POST', url + "?" + params, true);
   }

   http.onreadystatechange = function() {//Call a function when the state changes.
      if(http.readyState == 4 && http.status == 200) {
         occ11_cnt = http.responseText;
         if (occ11_cnt > 0) {
            document.getElementById("occ11").value = "請重新輸入";
            alert("統一編號重複，請重新輸入");
         }
      }
   }
   http.send(null);
}

function sleep(milliseconds) {
var start = new Date().getTime();
for (var i = 0; i < 1e7; i++) {
    if ((new Date().getTime() - start) > milliseconds){
      break;
    }
}
}

4.2017/05/02 經過測試，使用同步，不使用非同步的方式就可以檢查值的正確性
5313 function chkTC_CTR11() {
5314    var ta_occ09 = document.getElementById("ta_occ09").value;
5315    var occ11 = document.getElementById("occ11").value;
5316
5317    var http ;
5318    if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
5319       http = new XMLHttpRequest();
5320    } else {// code for IE6, IE5
5321       http = new ActiveXObject("Microsoft.XMLHTTP");
5322    }
5323
5324    var url = "http://10.1.100.201/eip/action/SA001/chkTC_CTR11.php";
5325    var params = "tc_ctr11_03=" + ta_occ09.substr(0,2) + "&tc_ctr11_01=" + occ11;
5326    var result;
5327
5328    if ("withCredentials" in http) {
5329       http.open('POST', url + "?" + params, false); //false : 同步請求 ; true 非同步請求
5330       //http.open('POST', url + "?" + params, true); //false : 同步請求 ; true 非同步請求
5331     }
5332    else if (typeof XDomainRequest != "undefined") {
5333       http = new XDomainRequest();
5334       http.open('POST', url + "?" + params, false);
5335       //http.open('POST', url + "?" + params, true);
5336    }
5337    //http.timeout = 2000;
5338
5339    http.onreadystatechange = function() {//Call a function when the state changes.
5340       if(http.readyState == 4 && http.status == 200) {
5341          //alert("http.responseText = " + http.responseText);
5342          result = http.responseText;
5343          if (result == 1) {
5344             document.getElementById("ta_occ09").value = "";
5345             alert("此為業務區舊客戶，不可新增在不同分公司的業務區域");
5346          }
5347          if (result == 2) {
5348             document.getElementById("ta_occ09").value = "";
5349             alert("此為其他分公司客服區舊客戶，不可新增在業務區，請新增在客服區");
5350          }
5351       }
5352    }
5353    http.send(null);
5354 }

2016年9月19日星期一

rcp 出現 permission denied

不要著急，在linux主機上，tail -f /var/log/messages，我們會發現如下信息
Jan 14 21:43:10 Sim32_01 pam_rhosts_auth[28313]: denied to userofwinsows@windowsserver as useroflinux: access not allowed
Jan 14 21:43:10 Sim32_01 in.rshd[28313]: rsh denied to userofwindows@192.168.100.151 as useroflinux: Permission denied.

哦，原來是pam.d的事兒啊...vi /etc/pam.d/rsh,裡面內容如下：
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth required /lib/security/pam_rhosts_auth.so
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth

把auth required /lib/security/pam_rhosts_auth.so

這一行註釋掉，再試，OK,搞定！

2016年6月14日星期二