搭建Shadowscoks和VPN翻墙

by Posted in 2.1 IT Security Requirement (保安要求) Leave a comment

1 为什么翻墙

作为一个技术人员, 最常用的就是Google、StackOverflow、Github这些网站, 工作期间几乎每分钟都在用。

另外,偶尔也上上Facebook、YouTube、草榴以及Porn, 娱乐一下自己。

如果不能翻墙, 几乎就是鱼离开了水, 人离开了空气, 感觉一刻都不能待下去。

2 常用的翻墙方法

常用的翻墙方法是:

1 购买一台大陆以外的服务器,搭建VPN或者ShadowScoks。

2 购买第三方的代理服务。 (我试用过后,觉得速度不可控,而且限制多。 况且我们公司人多, 算下来不如自己搭建划算)

3 使用自由门、GoAgent(速度比较慢、经常不能用、mac或者手机上用不了)

我用的电脑是Mac, 电脑支持VPN、ShadowScoks, 手机是iPhone, 没有越狱,不支持ShadowScoks。

ShadowScoks支持自动代理模式,国内的不走代理,国外的走代理,而且能自定义。

而VPN只能完全代理。 所以我决定Shadowscoks和VPN都搭建。 电脑上主要用Shadowscoks,手机上用VPN。

那么,如何选择一家合适的代理服务器呢?

国外比较知名的云服务运营商有有Linode、DigitalOcean等, 费用基本10美元一个月。ping值在200左右。

国内阿里云也有香港和美国节点,香港节点价格117元/月, ping值在50左右。

之前2年用的是linode, 一直比较稳定,但是最近, 速度实在太慢了, 决定签回阿里云香港试一下。 在这里做个记录。

3 实施

3.1 购买服务器

在阿里云后台,购买 1核CPU 1GB内存 的服务器, 操作系统选择的是 CentOS 7.0 64位, 价格117元/月。

3.2 使用Shdowsocks翻墙

1) 安装Shdowsocks服务端

登录阿里云服务器, 执行以下命令

# 安装pip
yum install python-pip

# 使用pip安装shadowsocks
pip install shadowsocks

2) 配置Shdowsocks服务,并启动

新建 /etc/shadowsocks.json 文件, 并写入以下内容

{
	"server":"remote-shadowsocks-server-ip-addr",
	"server_port":443,
	"local_address":"127.0.0.1",
	"local_port":1080,
	"password":"your-passwd",
	"timeout":300,
	"method":"aes-256-cfb",
	"fast_open":false,
	"workers":5
}

注意修改 server 和 passwordworkers 表示启动的进程数量。

然后使用以下命令启动: ssserver -c /etc/shadowsocks.json -d start

3) 使用本机Shdowsocks客户端, 连接服务端上网

如果用的是mac, 上网站 https://sourceforge.net/projects/shadowsocksgui/ 下载客户端。

安装完后进行如下配置:

shodowsocks client config

如果是windows, 上面的网站也有客户端下载链接。

如果是android, 参考网站 https://github.com/shadowsocks/shadowsocks-android

如果是iPhone, 那你用不了shadowsocks, 只能用下面的VPN了。

3.3 使用VPN翻墙

VPN 隧道协议PPTP、L2TP、IPSec和SSLVPN(SSTP,OpenVPN)中安全性逐级提高,相应的受到墙的干扰逐级减弱。 考虑到跨平台,PPTP穿透力及安全性,这里搭建支持 ikev1/ikev2 的 Ipsec VPN,适用于iOS、Android、Windows 7+ 、MacOS X,及Linux。 为了兼容Windows 7以下的系统,同时搭建L2TP/IPSec支持。

Info Source: http://yijingping.github.io/2016/11/29/fanqiang.html

read more

Open Source IT Configuration Management Tools

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Leave a comment

Open source configuration management tools make managing servers at scale easier, less time-consuming and more repeatable.

Configuration management tools provide automation, cloud orchestration, and remote management and execution that give IT greater control over its entire infrastructure. Beyond standardizing configuration on servers, the tools can install and maintain packages, upgrade or deploy new servers and manage a cloud infrastructure.

Without configuration management tools, IT administrators would manually deploy each VM needed in an OpenStack, Amazon Web Services, VMware ESXi or other environment. Instead of logging into each server to manually patch it, a systems administrator can remotely patch thousands of servers at the same time. The same goes for removing a user from servers.

“All of your server configuration is going to stay the same and consistent across your environment,” said Nitin Madhok, a systems developer and programmer on the infrastructure code team at Clemson University. “So, if you installed an application on one server, you could install that application on a dev, production, test or whatever environment it is in the same way, following the same steps.”

Companies can immediately fix security vulnerabilities such as Heartbleed on thousands of user-facing servers in under five minutes. LinkedIn manages more than 70,000 servers and can make a change on all of them in under a minute.

Chef, Puppet, Ansible and Salt are four major open source configuration management tools — each with distinct differences. Puppet and Chef are coded in Ruby, a less commonly known programming language among IT professionals. Salt and Ansible use the more common language, Python, and users only have to be familiar with YAML (yet another markup language) to operate them. Salt and Chef also use ZeroMQ protocol, which allows users to create complex communication systems with little effort.

Salt and Puppet use a daemon approach and must be installed on every server. This allows for a master-slave control architecture. Chef and Ansible are daemonless, so no software takes up resources on the VM to manage it. The open source tools do require open Port 22 on each VM, which could leave servers vulnerable to attack. Salt also has a Secure Socket Shell tool, called Salt SSH, which allows the user to configure it similarly to Ansible. Each of these open source configuration management tools also come in supported, purchased enterprise versions that offer additional modules or features.

 

Information Source: http://searchitoperations.techtarget.com/photostory/450299435/Modern-open-source-systems-management/4/Open-source-configuration-management-tools-offer-ease-at-scale

Common Feature of IT Service Management tool

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理) Leave a comment

Common Feature of IT Service Management Tool as below:

  • Fully configurable CMDB
  • HelpDesk and Incident Management
  • Service and Contract Management
  • Change Management
  • Configuration Management
  • Automatic SLA management
  • Automatic impact analysis
  • CSV import tool for all data
  • Consistency audit to check data quality
  • Data synchronization (data federation)

Open Source IT Asset Management Software

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) 2 Comments

Recently, I browsed a useful web blog about IT management, called “Capterra IT Management Blog” from link –> http://blog.capterra.com/the-top-3-free-and-open-source-itam-software-solutions/ . It listed out three open source IT asset management software. They are useful, so I copy and share in it for your reference.

SysAid IT Asset Management

it1

This free IT asset management solution has been around since 2002 and is available for both cloud and on-premise (Windows and Linux)

Pros

With SysAid’s asset management solution, users have access to all the standard features of licensed ITAM software, including the ability to view all software and hardware, as well as the manufacturer details of computers, printers, and other networked devices. Other benefits include automatic notifications of asset changes and the ability to create management reports.

SysAid’s IT Asset Management edition also offers a free, fully functioning IT Service Desk with ITSM capabilities for those interested.

This solution supports up to two administrators, 100 assets, and 100 end users, with an international online community for support.

Cons

Some reviews noted a lacking user-interface that may run too slow for some.

Asset Management System

it2

This ITAM free and open source option is written in PHP and has been downloaded 77 times since its creation in early 2013.

Pros

This ITAM software solution offers a streamlined user experience with a dynamic dashboard for users to search through, add, update, and delete vendor details or categories. Users occupy two roles (lab operator and administrator), where they can add, update, delete stocks and assign any hardware or software to labs. Assets can also be assigned to others users for delegation.

This option is available for both Windows and Linux.

Cons

The last time Asset Management Software was updated was back in 2013 and there isn’t an active support community posting tickets or patches to improve potential flaws.

GLPI

it3

This free IT and asset management software uses a variety of languages, developed using PHP, and uses MySQL/MariaDB for the database, HTML for the Web pages, CSS for style sheets, and XML for report generation. In 2011, 1.2 million computers reported using this solution.

Pros

GLPI includes more than just a management system, also offering a service desk ITIL, license tracking, and software auditing. Through its asset management feature, users can collect an inventory of computers, printers, and other networked devices, as well as track equipment bookings, check equipment status, and manage contracts and documents related to inventory. GLPI can also generate reports for hardware, software, and networked items.

GLPI is also a multilingual solution, with more than 45 operating languages available.

Cons

Some reviews have noted installation difficulties, though users can also find support through the software’s forum.

Steps to Apply US Nonimmigrant VISA in Hong Kong

by Posted in 4. Others Leave a comment

Because of business trip to US, I applied an US VISA recently, and found it was quite trouble and time consuming. I need to fill-in application form on-line and go to US consulate personally. I totally spent two to three weeks to get an US VISA. The following is the steps to apply US VISA for your reference.

1. Fill-in NonImmigrant Visa Application Form (DS-160) online with below link

https://ceac.state.gov/genniv/

US-VISA-4

(Be patience because you need to take at least 15 minutes or more to complete all, and you should print its confirmation letter to show to US consulate officer.)

2. Create an account to apply US Visa from its web site below:

http://www.ustraveldocs.com/hk_zh/index.html?firstTime=No

US-VISA-1

3. Logon to US Visa web site for fill-in detail and making appointment as below link:

https://cgifederal.secure.force.com/applicanthome

US-VISA-2

4. Complete all the detail in the web site and schedule your interview appointment

US-VISA-3

4. Go to US consulate for finger-print and interview at your schedule time which you should not late than an hour.

It is not allow to bring food and drink to the consulate.

I just took 2 minutes with 5 simple questions to complete my interview, but I saw someone took more than 5 minutes for the interview, which was depend on your luck.

The fast way to get VISA delivery is to collect in Wai Chai, which need to take 2 business days. The pickup time in Wai Chai is 9:00-16:00 Mon-Sat. If you select mail delivery, it will take 5 business days.

The address of US Consulate General in Hong Kong is 26 Garden Road, Central, and their phone number is (852) 2423 9011. However, their office phone is always unreachable. For any enquiry, you can call their another hot line (852) 2808-4666.

Install Python’s Django on Windows

by Posted in 4. Others Tagged Leave a comment

This document will guide you through installing Python and Django for basic usage on Windows. This is meant as a beginner’s guide for users working on Django projects and does not reflect how Django should be installed when developing patches for Django itself.
The steps in this guide have been tested with Windows 7 and 8. In other versions, the steps would be similar.

Install Python

Django is a Python web framework, thus requiring Python to be installed on your machine.

To install Python on your machine go to https://python.org/download/, and download a Windows MSI installer for Python. Once downloaded, run the MSI installer and follow the on-screen instructions.

After installation, open the command prompt and check the Python version by executing python --version. If you encounter a problem, make sure you have set the PATH variable correctly. You might need to adjust your PATHenvironment variable to include paths to the Python executable and additional scripts. For example, if your Python is installed in C:Python34, the following paths need to be added to PATH:

C:Python34;C:Python34Scripts;

Install Setuptools

To install Python packages on your computer, Setuptools is needed. Download the latest version of Setuptools for your Python version and follow the installation instructions given there.

Install PIP

PIP is a package manager for Python that uses the Python Package Index to install Python packages. PIP will later be used to install Django from PyPI. Python 3.4 and later include pip by default [1], so you may have pip already.

Install Django

Django can be installed easily using pip.

In the command prompt, execute the following command: pip install django. This will download and install Django.

After the installation has completed, you can verify your Django installation by executing django-admin --version in the command prompt.

Changed in Django 1.7:In Django 1.7, a .exe has been introduced, so just use django-admin in place of django-admin.py in the command prompt.

See Get your database running for information on database installation with Django.

Common pitfalls

  • If django-admin only displays the help text no matter what arguments it is given, there is probably a problem with the file association in Windows. Check if there is more than one environment variable set for running Python scripts inPATH. This usually occurs when there is more than one Python version installed.

  • If you are connecting to the internet behind a proxy, there might be problem in running the commands easy_installpip and pip install django. Set the environment variables for proxy configuration in the command prompt as follows:

    set http_proxy=http://username:password@proxyserver:proxyport
set https_proxy=https://username:password@proxyserver:proxyport

    Git Installation

    • download from http://git-scm.com/download/win

    • Run UNIX command under Window Environment.