2023/03/17

OPENVAS(GVM)進行弱點掃描會造成網域帳號被鎖住

在使用 OPENVAS對內部電腦進行弱點掃描,發現一個問題,就是會造成一些AD帳號因輸入太多次錯號密碼被鎖住。

個人猜測是在做掃描時,可能會隨便找一些帳號做登入測試,剛好有人的帳號就是一樣的,所以就被鎖了。

帳號被鎖,可以參考下列這個網站的教學,來查是哪一台設備在在做登入驗證的行為。

https://evotec.xyz/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out/


OPENVAS(GVM) Vulnerability Scanning Causing Domain Account Lockouts

During the use of OPENVAS for vulnerability scanning on internal computers, I encountered an issue where it resulted in some AD accounts getting locked due to multiple incorrect password attempts. My personal speculation is that during the scanning process, the tool may attempt to log in using random accounts, and if there happens to be a match with a valid account, it leads to the account being locked.

To determine the source of the account lockouts, you can refer to the tutorial provided on the following website. It explains how to track down the device responsible for the login authentication attempts:

https://evotec.xyz/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out/

2023/03/02

centos 8 yum 更新失敗 - 同步倉庫 'AppStream' 快取失敗,忽略這個 (Failed to synchronize cache for repo)

新架了一台Centos 8的主機,要用yum先做一些元件更新時,都會跳出同步baseos/appstream/extract 快取失敗的問題。


查了一下,原來是centos8的repo路徑有變,但設定檔裡的路徑還是舊的,所以要改掉。

設定檔的路徑在/etc/yum.repos.d/,裡面有很多xxx.repo檔,檔案裡都有一個baseurl=httpxxxxxxxxxxxxxxxxxxxxxx的路徑,要改掉。

大部分國外的網站都說是把原本的mirror.centos.org改到vault.centos.org,大陸那邊的網站則是說改到http://mirrors.cloud.aliyuncs.com。

後來研究了很久,自己是改到https://mirrors.aliyun.com/centos/8-stream/xxxxxxx,這個網站可以直接用瀏覽器連上,後面的xxxx是要看你的錯誤訊息,看你是哪個快取找不到,就去網站上找到相對應的路徑,貼到設定檔上,就行了。

如果出現下列訊息,也會有可能是提供的網站已不存在,所以會有403的錯誤碼。


搞了兩天才弄好,分享給大家看一下,另外就是防火牆要注意,因為後來發現設定沒錯,但還是連不上,是因為自己的防火牆有擋一些東西,所以如果設定改好還失敗,可以查檢一下防火牆。



CentOS 8 Yum Update Failure - Failed to Synchronize Cache for 'AppStream' Repository

I encountered an issue with my newly deployed CentOS 8 server where I couldn't perform component updates using Yum. Every time I tried, I received an error indicating the failure to synchronize the baseos/appstream/extract cache.

After investigating, I discovered that the repository paths for CentOS 8 had changed, but the configuration files still contained the old paths, requiring modification. The configuration files are located in /etc/yum.repos.d/ and contain multiple xxx.repo files. Within each file, there is a baseurl=httpxxxxxxxxxxxxxxxxxxxxxx path that needs to be updated.

Most foreign websites suggested replacing the original mirror.centos.org with vault.centos.org, while some Chinese websites recommended using http://mirrors.cloud.aliyuncs.com. After extensive research, I found that modifying it to https://mirrors.aliyun.com/centos/8-stream/xxxxxxx worked for me. This website can be accessed directly through a browser, and the xxxxxx part depends on the error message you receive. Look for the corresponding path on the website and paste it into the configuration file.

If you encounter the following message, it's possible that the provided website no longer exists, resulting in a 403 error code.

After spending two days troubleshooting, I wanted to share this solution. Additionally, be mindful of your firewall settings. In my case, even though my configuration was correct, I still couldn't establish a connection. It turned out that my firewall was blocking certain elements. So, if you've made the necessary configuration changes but are still experiencing issues, check your firewall settings.



2023/02/15

powershell get 資料後以表格寄出

 有時後要用powershell去撈一些資料,然後寄出,如果已經用powershell篩出要的資料再寄出,語法不難,網路上一堆。

但假設我撈出了兩欄資料,我希望寄出來,是有表格的型式,這就難了。

在爬了一堆文後,找到一篇很實用的文章

https://evotec.xyz/sending-html-emails-with-powershell-and-zero-html-knowledge-required/

一開始就是先用get-xxx去把要的資料找出來,並且設成一個變數。

二是建立一個迴圈,把撈出來的資料依序帶入到一個表格容器裡面,設成一個變數。

三是用html語法建立一個表格,設定表格的樣式,抬頭名稱,欄位名稱,然後把步驟二的資料放到這個html的表格內,也是要設成一個變數。

四就是最後一步,用powersell發mail的指令發信,信的內容就是把步驟三產生的變數帶入,就完成了。

依照這個架構,就可以利用powershell去產出表格資料寄給需要的人。


Sometimes, I need to fetch data using PowerShell and then send it out. If I have already filtered the desired data using PowerShell, sending it out is not difficult, as there are plenty of examples available online.

However, if I want to send the fetched data in a tabular format, it becomes more challenging.

After searching through various resources, I found a very useful article:

https://evotec.xyz/sending-html-emails-with-powershell-and-zero-html-knowledge-required/

First, I use "Get-xxx" commands to retrieve the desired data and store it in a variable.

Next, I create a loop to iterate through the fetched data and populate it into a table container, which is stored as another variable.

Then, I use HTML syntax to create a table, set its style, define column headers, and incorporate the data from the previous step into the HTML table, which is stored as a variable as well.

Finally, in the last step, I use PowerShell's email sending command to send the email, and the content of the email is populated by inserting the variable generated in the previous step.

By following this framework, I can utilize PowerShell to generate tabular data and send it to the intended recipients.

2023/02/08

永豐 shioaji api 一直登入失敗 ValueError

 一開始學習就充滿挫折~

裝好shioaji套件後,最一開始就是先登入,在這關就卡三天,找到網路上一些教學,也有官方出的PDF檔文件,結果登入後都很怪,雖然有session up的字眼出現,但又有產生其他錯誤。


登入後常會看到這兩種錯誤訊息
ValueError: The seed must be exactly 32 bytes long或ValueError: Invalid character '0'



後來又在官網上在仔細查看,發現了一小段重要的說明,就是以前登入的帳號密碼,是跟下單軟體一樣,用身份證字號去登入,但現在api的登入帳號密碼已經不同了。
是要先去永豐金理財網這個網站,登入後裡面有個API管理的功能,新增一組系統自動產生的超長帳號跟密碼來搭配api登入,程式碼也跟舊的不太一樣,可以參考官網的教學 https://sinotrade.github.io/zh_TW/tutor/login/  


照網站教的,api登入就成功了,不會有那些奇怪的錯誤訊息。
















2023/02/02

永豐 shioaji 無法安裝

 在python裡要安裝永豐API要用的一個套件shioaji時,一直失敗,就找不到這個套件。

後來才發現,這個套件不支援自己電腦內的python3.11版。

所以就要另外裝一個python舊版的環境,目前測試是在3.8跟3.9都可以裝。

Anaconda 建立不同版本python環境

 最近在學Python,是直接去下載Anaconda來安裝,裝好後就有Python可以使用。

平常在寫程式是,是利用裡面已經有的SPYDER或是Jupyter notebook,在裡面編寫程式跟執行。

但最近要下載一個套件,在目前使用的Python版本裡不支援,需要用比較舊的Python才行。

這時Anaconda就有個很好用的功能,就是它可以產生不同的虛擬環境。

Anaconda剛裝好的時後,就會有預設的一個環境,搭配當下一起安裝好的Python。

如果想要用改的版本的Python,可直接建立另一個虛擬環境,選擇不同版本的Python就行了。

這時SPYDER或是Jupyter notebook還是會用預設的Python版本在執行,所以就要做一下調整。

詳細方法可以參考這篇,寫的很仔細。

https://www.modb.pro/db/194246 

Recently, I've been learning Python by downloading and installing Anaconda. Once installed, Anaconda provides a Python distribution that I can use.

When writing code, I typically utilize the built-in IDEs like Spyder or Jupyter Notebook that come with Anaconda. I write and execute my code within these environments.

However, I recently needed to download a package that is not supported by the current version of Python I'm using. I needed an older version of Python for compatibility.

This is where Anaconda's useful feature comes in: it allows the creation of different virtual environments.

By default, Anaconda creates an environment with the Python version that was installed at that time.

If I want to use a different version of Python, I can simply create another virtual environment and choose the desired Python version.

In this case, Spyder or Jupyter Notebook will still use the default Python version for execution, so some adjustments need to be made.

2023/01/04

fortigate 外到內 政策沒用

 在fortigate的防火牆上,外到內的部份有設兩條政策

政策1:外部特定IP->內部ALL->全部服務==>封鎖

政策2:外部特定IP->內部特定主機->全部服務==>封鎖

結果這個外部特定IP居然沒有在政策1就被封鎖,而是在比對到政策2時才封鎖,非常奇怪,詢問廠商才得知設定上有個地方有特別注意。

在設定外對內的政策時,因為有些內部主機有提供對外服務,有使用虛擬IP(VIP)這個功能,所以外對內的政策,內部是指定ALL的情況下,需要透過指令模式,在這個政策上加一個set match-vip enable,這個封鎖到透過VIP連進來的外部主機。

這就是為何第1條政策無效,但第2條有效的原因。


On the Fortigate firewall, there are two policies defined for inbound traffic from the outside to the inside network:

Policy 1: External specific IP -> Internal ALL -> All services ==> Block

Policy 2: External specific IP -> Internal specific host -> All services ==> Block

However, it was discovered that the external specific IP was not blocked by Policy 1 but was blocked when matched with Policy 2, which seemed strange. Upon contacting the vendor, it was revealed that there was a particular setting that required attention.

When configuring the inbound policies from external to internal, there were internal hosts that provided services to the outside using Virtual IP (VIP) functionality. Therefore, in the case where the internal field is set to ALL, an additional command "set match-vip enable" needs to be added to this policy in command mode. This command ensures that external hosts connecting through VIP are also blocked.

This explains why Policy 1 was ineffective while Policy 2 remained effective.

2022/12/29

WIN10 在EDGE 用IE模式開網頁

 有些網頁必須要用IE才能正常顯示,如果透過EDGE,就要啟用裡面的IE模式才行。

可以直接在EDGE設定中加入要用IE模式開起的網頁,但這有個缺點,要一台一台做,而且還有期限,預設30天,最長可以改到90天,不適合在公司裡這樣設定。



這時就可以用GPO來佈署,步驟如下:

1. 確認GPO裡有EDGE設定,因為DC都是2012版的,所以要自己下載ADMX檔來增加EDGE功能,方式可參考 https://www.anoopcnair.com/download-microsoft-edge-admx-group-policy-templates/

2. GPO裡有EDGE設定後,要啟用兩個設定

設定企業模式網站清單-這個先設定好檔案路徑跟檔名,例如

C:\ielist.xml,這個檔案在第3步會產生。

再來是要啟用設定InternetExplorer整合



3. 安裝Enterprise Mode Site List Manager,透過這個檔案把要用IE模式開啟的網站建成一個xml的清單,取名成ielist.xml,派送到使用者電腦C槽中,跟第2步GPO裡的設定配合。清單的設定方式一樣網路上很多教學,可參考https://www.anoopcnair.com/configure-enterprise-mode-site-list-using-intune/
4.上述都設定好後,GPO佈署下去就ok了。
當用EDGE開啟IE模式的網站,看一下網址例左邊有出現一樣IE的檔案,就表示現在已在IE模式下執行,設定成功。

機碼的位置可參考這篇
https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::InternetExplorerIntegrationLevel&Language=zh-tw


Using IE Mode to Open Websites in EDGE on Windows 10

Some websites require Internet Explorer (IE) to be displayed correctly. If you're using EDGE, you can enable the built-in IE mode to access these websites. While you can manually add websites to open in IE mode within EDGE settings, this method has its drawbacks. It requires configuring each device individually and has a time limit, typically set to 30 days (extendable up to 90 days), which is not ideal for company-wide settings.

To address this, you can deploy the settings using Group Policy Objects (GPO) with the following steps:

1.Ensure that the GPO includes the EDGE settings. Since the domain controllers are running the 2012 version, you'll need to download the ADMX files to add EDGE functionality. You can refer to the following link for the process: link to download ADMX files.

2.Once the EDGE settings are available in the GPO, enable two specific settings:

3.Configure the Enterprise Mode Site List: Set the file path and name, for example, C:\ielist.xml. This file will be generated in the next step.
Enable the Internet Explorer Integration setting.
Install the Enterprise Mode Site List Manager. Using this tool, create an XML list named ielist.xml that contains the websites to be opened in IE mode. Place the file in the C:\ directory of users' computers and align it with the settings from step 2. There are various tutorials available online on how to configure the list. You can refer to this link: link to configure Enterprise Mode Site List using Intune.

4.Once all the settings are configured, deploy the GPO to the desired devices.

To verify if a website is opened in IE mode using EDGE, check the URL. If you see the IE file icon on the left side, it indicates that the website is being accessed in IE mode, confirming the successful configuration.




2022/12/16

win虛擬機無法正常運作 開機出現錯誤 0xC0000017

 今天把一台esxi的虛擬機做還原後,開機出現錯誤,錯誤代碼是0xC0000017,還說什麼系統檔案可能有錯誤,安全模式或回複到上次正常啟動都沒用。

最後就進設定看,發現,記憶體設定只有16m,好小啊,調成16g後,就可以正常開機了,虛驚一場。

Unable to Boot Win Virtual Machine - Error 0xC0000017

Today, after restoring a virtual machine on ESXi, I encountered an error during the boot process. The error code was 0xC0000017, indicating a possible issue with the system files. I tried starting in Safe Mode and even attempted to revert to the last known good configuration, but none of these options resolved the problem.

In a final attempt to troubleshoot, I accessed the settings and discovered that the memory allocation was set to a mere 16MB. It was a surprisingly low value. After adjusting it to 16GB, the virtual machine was able to boot up successfully. It turned out to be a false alarm, and the issue was resolved.

2022/12/15

2022年最後一個月選擇權交易

 今年基本上就是慘,前11個月,好像只有一個月是有獲利,其他都賠錢。

12月開始把交易條件訂的比較高,所以交易次數不多,雖然前兩週都只做1口單賣當沖,但至少都有賺,第三週目前確定是沒交易機會了,希望剩下兩週也能順一點,至少讓我最後一個月也是獲利結束今年,把希望寄託在明年。