淘宝百度广达pica8交换机配置汇聚接口笔记

1,设置需要通过的的vlan

configure
set vlans vlan-id 2
commit

2,设置汇聚接口

set interface aggregate-ethernet ae1
set interface gigabit-ethernet te-1/1/1 ether-options 802.3ad ae1
set interface gigabit-ethernet te-1/1/2 ether-options 802.3ad ae1
set interface aggregate-ethernet ae1 aggregated-ether-option lacp enable true
set interface aggregate-ethernet ae1 aggregated-ether-option min-selected-port 1
set interface aggregate-ethernet ae1 family ethernet-switching port-mode trunk
commit

3,将vlan加入到汇聚接口

set interface aggregate-ethernet ae1 family ethernet-switching vlan members 2
commit

4,更改端口速度,如果交换机速度不匹配的话

set interface gigabit-ethernet te-1/1/1 speed 1000
commit

5,保存配置,一定记得每次设置了 commit下。不然只能 exit d。命令先后顺序一定不要搞错,先设置trunk,再加vlan。
save running-to-startup

此设置在华为交换机下通过。

这个交换机48口万兆,还有4个40g口。3500极具性价比。

微软AD域活动目录常用命令

1,批量新建用户,在当前目录新建一个testxin.csv的文件,然后运行如下命令

for /f "tokens=1,2,3,4,5 delims=," %a in (testxin.csv) do dsadd user "cn=%c,ou=90,ou=life,ou=90life,dc=life90,dc=com" -samid %d -upn %[email protected] -ln %a -fn %b -pwd %e -disabled no -memberof "cn=lifeadmins,ou=组,ou=90life,dc=life,dc=com"

用 for /f 来提取csv里面的内容 token选取 delims来切片
用dsadd user 来新建用户
用 -memberof 参数来添加到组

2,csvde来导出域用户备份

csvde -d "ou=90life,DC=lif90,DC=com" -r "(&(objectcategory=person)(objectClass=user))" -l "name,sAMAccountName,description,title,department,telephoneNumber,mail,userAccountControl" -f C:\Users\Administrator\Desktop\Users-List.csv -s life90.com -u

现在这个时代

中文,大概是这个星球上为数不多的,使用人数在日益增长,本身却在日益萎缩的语言了。社交媒体越来越热闹,能用的数字、字词却越来越少;讲中文的人口虽越来越多,能直说的话却越来越少;自我审查的表单越来越长,因言获批似乎却越来越容易。仿佛「噤声」就是这个语境的终极目的,而「碍眼」就是你被问罪的一切根源。

这一年下来,只感觉这个系统的唯一机制,就是派给大家一把锄头,终其一生,自掘坟墓,实在提不起精神。

累了,毁灭吧

Windows Server2019 设置审核策略记录

事件ID 4720显示已创建用户帐户。
事件ID 4722显示已启用用户帐户。
事件ID 4740显示用户帐户已被锁定。
事件ID 4725显示用户帐户已禁用。
事件ID 4726显示用户帐户已删除。
事件ID 4738显示用户帐户已更改。
事件ID 4781显示帐户名称已更改
事件ID 4663显示文件对象已更改
事件ID 4724显示用户密码已更改
事件ID 4672显示用户分配了特殊权限
事件ID 4719显示审核策略修改
事件ID 7002显示用户实际注销
事件ID 6272显示用户通过820.1x登录

一手好牌打的稀烂

今天发现人类历史都是一手好牌打的稀烂。

唐朝如此,宋朝如此,明朝亦是如此。

如今,公司是如此,国家事如此,连我也亦是如此。

良辰美景终过眼,花开花谢亦自然。

How to Install Squid5.6 for Ubuntu20.4

Step 1

sudo apt -y install libssl-dev devscripts build-essential fakeroot debhelper dh-autoreconf dh-apparmor cdbs libcppunit-dev libsasl2-dev libxml2-dev libkrb5-dev libdb-dev libnetfilter-conntrack-dev libexpat1-dev libcap-dev libldap2-dev libpam0g-dev libgnutls28-dev libssl-dev libdbi-perl libecap3 libecap3-dev libsystemd-dev libtdb-dev

Step 2, git squid and configure

git clone https://github.com/squid-cache/squid.git squid
cd squid
git branch -r
git checkout v5
./bootstrap.sh
./configure --with-openssl --enable-ssl-crtd  --with-default-user=squid '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/run/squid.pid' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' '--with-gnutls'
make
sudo make install

Step 3, edit squid.service file

sudo vi /lib/systemd/system/squid.service

[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target network-online.target nss-lookup.target

[Service]
Type=notify
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/sbin/squid --foreground -z
ExecStart=/usr/sbin/squid --foreground -sYC
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
NotifyAccess=all

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload 

Step 4, edit Squid.conf file

sudo vi /etc/squid/squid.conf

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

acl nobumpSites ssl::server_name "/etc/squid/nobumpSites.list"
acl intermediate_fetching transaction_initiator certificate-fetching
http_access allow intermediate_fetching

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/etc/squid/certs/squid-ca-cert-key.pem cipher=HIGH:MEDIUM:!LOW:!RC4:!SEED:!IDEA:!3DES:!MD5:!EXP:!PSK:!DSS options=NO_TLSv1,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=prime256v1:/etc/squid/bump_dhparam.pem

sslproxy_cert_error allow all
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all 
ssl_bump peek step2 nobumpSites
ssl_bump splice step3 nobumpSites
ssl_bump stare step2
ssl_bump bump step3

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /opt/squid/cache 3000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

Step 5 , Setting Certs

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout squid-ca-key.pem -out squid-ca-cert.pem
cat squid-ca-cert.pem squid-ca-key.pem >> squid-ca-cert-key.pem
sudo cp squid-ca-cert-key.pem /etc/squid/certs/squid-ca-cert-key.pem
sudo chown proxy -R /etc/squid/certs/squid-ca-cert-key.pem
sudo openssl dhparam -outform PEM -out /etc/squid/bump_dhparam.pem 2048
sudo chown proxy -R /etc/squid/bump_dhparam.pem
sudo /usr/lib/squid/security_file_certgen -c -s /var/spool/squid/ssl_db -M 4MB

Step 6, Setting cache and start

sudo mkdir /opt/squid/cache
sudo vi /etc/squid/nobumpSites.list
.apple.com
:wq
sudo chown proxy -R /etc/squid/nobumpSites.list
sudo chown proxy -R /opt/squid/cache
sudo chown proxy -R /var/log/squid
sudo squid -z
sudo systemctl start squid.service
sduo systemctl enable squid.service

Step 7, Copy the certificate”squid-ca-cert.pem’ to a computer or system and trust the certificate,Set porxy port 3128