CentOS 软件源:
https://mirrors.ustc.edu.cn/help/centos.html
EPEL 源:
http://mirrors.ustc.edu.cn/help/epel.html
Thursday, December 19, 2019
Wednesday, December 18, 2019
Disable Firefox update notification
To add a policy, follow the steps:
1. Go to the firefox installation directory (for any supported OS).
2. Create a directory called distribution.
3. Change directory into distribution.
4. Create a file called policies.json. And paste this code
5. Restart Firefox if it's already running.
6. To confirm, you can go to the URL about:policies and check if there's an entry like this
1. Go to the firefox installation directory (for any supported OS).
2. Create a directory called distribution.
3. Change directory into distribution.
4. Create a file called policies.json. And paste this code
{Save the file, and quit the editor.
"policies": {
"DisableAppUpdate": true
}
}
5. Restart Firefox if it's already running.
6. To confirm, you can go to the URL about:policies and check if there's an entry like this
Policy Name Policy Value
DisableAppUpdate true
Tuesday, December 17, 2019
RDP running over TLS v1.2
Part 1:
Disable other Protocols with IIS Crypto
Part 2:
- Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).
- Highlight Computer at the top of the registry tree. Backup the registry first by clicking on File and then on Export. Select a file location to save the registry file. Note: You will be editing the registry. This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.
- Browse to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurityProviders\SCHANNEL\ Protocols - Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder. Rename this folder to TLS 1.2.
- Right click on the TLS 1.2 key and add two new keys underneath it.
- Rename the two new keys as:
- Client
- Server
- Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.
- Rename the DWORD to DisabledByDefault
. - Right-click the name DisabledByDefault and select Modify... from the drop-down menu.
- Ensure that the Value data field is set to 0 and the Base is Hexadecimal.
Click on OK. - Create another DWORD for the Client key as you did in Step 7.
- Rename this second DWORD to Enabled.
- Right-click the name Enabled and select Modify... from the drop-down menu.
- Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.
- Repeat steps 7 to 14 for the Server key (by creating two DWORDs, DisabledByDefault and
Enabled, and their values underneath the Server key) - Reboot the server.
Monday, November 25, 2019
升级 FortiGate 固件后打不开 Web 控制台
旧固件版本:5.4.4
新固件版本:5.6.2
1. 进入 CLI
2. 重置 HTTPS server 证书为 "Fortinet_Factory"
新固件版本:5.6.2
1. 进入 CLI
2. 重置 HTTPS server 证书为 "Fortinet_Factory"
config system global
set admin-server-cert "Fortinet_Factory"
next
Thursday, November 21, 2019
VirtualBox "Call to WHvSetupPartition failed"
解决方法:关闭 Hyper-V
管理员权限打开PowerShell,执行以下命令后重启:
管理员权限打开PowerShell,执行以下命令后重启:
bcdedit /set hypervisorlaunchtype off
Monday, November 11, 2019
给 RDP 安装证书
准备工作:
1. 安装 Root CA
2. 安装 Intermediate CA1. 安装 Root CA
3. IIS 安装签发好的证书
方法一: (PowerShell)
Open a PowerShell console (Runas administrator) on your RD Session Host. Type/paste the commands below:
This command displays the thumbprint of the certificate, copy it to a text file or something similar:
Get-ChildItem "Cert:\LocalMachine\My"This is a variable to set the WMI path to the RD Session Host RDP listener (Where the certificate needs to be changed):
$PATH = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices)Finally this is the command to change the active certificate on the RDP listener:
Set-WmiInstance -Path $PATH -argument @{SSLCertificateSHA1Hash="thumbprint"}The "thumbprint" above, is the value you noted earlier, just insert it between the ".
参考:
https://social.technet.microsoft.com/Forums/en-US/bcedb97f-b86f-485a-a39f-579f947cf367/how-install-ssl-certificate-for-rds-on-windows-server-2016?forum=winserverTS
https://serverfault.com/questions/444286/configure-custom-ssl-certificate-for-rdp-on-windows-server-2012-and-later-in-r
方法二:
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="thumbprint"参考:
https://blog.brankovucinec.com/2016/12/06/how-to-install-custom-certificate-on-rdsh-server/
Friday, November 8, 2019
理解 Cisco ACL Vlan 的 in 和 out
1.
2.
An access-list applied outbound to a vlan interface filters traffic going TO machines on that vlan.
An access-list applied inbound to a vlan interface filters traffic coming FROM machines on that vlan.
总结:
IN 和 OUT 都是相对于交换机而言的