预先准备

centos：yum install ca-certificates wget -y && update-ca-trust force-enable
debian/ubuntu：apt-get install ca-certificates wget -y && update-ca-certificates

不卸载内核版本

wget -O tcpx.sh "https://github.com/ylx2016/Linux-NetSpeed/raw/master/tcpx.sh" && chmod +x tcpx.sh && ./tcpx.sh

卸载内核版本

wget -O tcp.sh "https://github.com/ylx2016/Linux-NetSpeed/raw/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh 

提示：目前脚本对CN地址作了特殊处理，如果非CN地址…

没事查看日志 看到有个ip被封禁但是ip很干净

拉出访问日志发现有多条访问

/icons/icon_zh_48.png

造成404 然后触发waf封禁

于是我搜索了下/icons/icon_zh_48.png 发现这是一个标签页的插件 wetab

这插件应该是会自动搜索设置主页上域名下的/icons/icon_zh_48.png

但是哪个网站会为了这插件去适配/icons/icon_zh_48.png，这图标路径和名字就很逆天

最后没办法在waf里面把这路径过滤了…

debian/ubuntu系列

#安装fail2ban
apt update && apt install fail2ban rsyslog -y

#配置 your-key改为你的abuseipdb  apikey
nano /etc/fail2ban/jail.local

[DEFAULT]
# 定义默认的 ban 和 unban 时间
bantime = 3600   # 1小时
findtime = 300   # 5分钟
maxretry = 2
ignoreip = 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 

更换源

sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories && apk update

 alpine lxc 开启ssh

apk add --no-cache openssh-server && cd /etc/ssh && ssh-keygen -A && rc-update add sshd boot && service sshd start

时区

apk add alpine-conf && /sbin/setup-timezone -z Asia/Shanghai && apk 

最新版本的glibc是2.34，但是编译失败了，这里已2.33为教程

安装高于4.8的gcc
yum -y install centos-release-scl
yum -y install devtoolset-11 bison ca-certificates


开启gcc11
scl enable devtoolset-11 bash

编译make
cd /usr/local/src/
wget https://ftp.gnu.org/gnu/make/make-4.3.tar.gz
tar zxvf make-4.3.tar.gz && cd make-4.3
./configure && make -j && make install
ln -s -f /usr/local/bin/make /usr/bin/make

from bgp.he.net

69.28.48.0/20
65.255.32.0/23
65.255.32.0/20
47.82.64.0/18
47.82.0.0/18
45.81.130.0/23
45.81.129.0/24
45.43.48.0/23
45.43.46.0/23
45.43.44.0/23
45.43.42.0/23
45.43.40.0/23
45.43.38.0/23
45.43.32.0/22
45.40.60.0/22
45.40.52.0/22
45.40.48.0/22
45.124.255.0/24
45.124.252.0/24
45.124.252.0/22
45.10.70.0/23
45.10.69.0/24
23.91.104.0/23
23.91.102.0/23
23.90.188.0/22
23.90.186.0/23
23.90.184.0/23
23.90.180.0/22
23.90.176.0/22
23.90.174.0/23
23.90.172.0/23
23.90.170.0/23
23.90.168.0/23
23.90.168.0/22
23.90.160.0/21
23.90.144.0/20
23.90.128.0/20
23.251.98.0/23

from bgp.he.net

45.43.63.0/24
45.43.62.0/24
45.43.61.0/24
45.43.60.0/24
45.43.58.0/24
45.43.57.0/24
45.43.56.0/24
45.43.55.0/24
45.43.54.0/24
45.43.53.0/24
45.43.52.0/24
45.43.37.0/24
45.43.36.0/24
45.40.57.0/24
45.40.56.0/24
45.249.247.0/24
45.249.246.0/24
45.249.245.0/24
45.249.244.0/24
42.240.240.0/20
42.240.224.0/20
42.240.208.0/20
42.240.192.0/20
42.240.176.0/20
42.240.144.0/20
42.240.128.0/20
36.255.223.0/24
36.255.222.0/24
36.255.221.0/24
36.255.220.0/24
23.91.98.0/24
23.91.97.0/24
23.91.96.0/24
23.91.101.0/24
23.91.100.0/24
23.248.185.0/24
23.248.184.0/24
23.248.163.0/24

https://jenkins.linuxcontainers.org/view/Images/

https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=8-Stream,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=7,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=8,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz


https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=buster,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=bullseye,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=stretch,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz

https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=sid,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz


https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=focal,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=bionic,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=groovy,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz

https://us.images.linuxcontainers.org/images/
https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/centos/8-Stream/amd64/cloud/

FFS v1.0 下载
https://github.com/pbatard/ffs/releases

驱动下载
http://efi.akeo.ie/downloads/efifs-latest/x64/

UEFITool 不能用NE版本
https://github.com/LongSoft/UEFITool/releases

从下面路径复制原版ROM  EFI32.ROM EFI64.ROM
C:\Program Files (x86)\VMware\VMware Workstation\x64

执行 GenMod ntfs_ia32.efi 生成ffs文件，最后一步添加文件时需要保持ffs和efi文件在一起

UEFITool 加载ROM 下面路径Insert After and select 或者remove
UEFI Image → 8C8CE578-8A3D-4F1C-9935-896185C32DD3 → 20BC8AC9-94D1-4208-AB28-5D673FD73486 → EE4E5898-3914-4259-9D6E-DC7BD79403CF → Volume Image Section → 

删除路径

C:\Users\*\AppData\Local\Packages\*SafeInCloud.PasswordManagerSafeInCloud_wh7zearnzvtm6\LocalCache\Roaming\OneDriveSDK_AuthAdapter_*.dat

或者搜索OneDriveSDK_AuthAdapter_*.dat

原因是本地微软账户修改了密码，onedrive的鉴权失效…