Windows网络文件共享和权限备份恢复

 未分类  No Responses »
11月 282023
 

共享目录设置(注册表)备份和恢复

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

访问控制列表(权限)备份和恢复

PS C:\Users\harveymei> icacls

ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    将匹配名称的文件和文件夹的 DACL 存储到 aclfile 中
    以便将来与 /restore 一起使用。请注意,未保存 SACL、
    所有者或完整性标签。

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                 [/C] [/L] [/Q]
    将存储的 DACL 应用于目录中的文件。

ICACLS name /setowner user [/T] [/C] [/L] [/Q]
    更改所有匹配名称的所有者。该选项不会强制更改所有
    身份;使用 takeown.exe 实用程序可实现
    该目的。

ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
    查找包含显式提及 SID 的 ACL 的
    所有匹配名称。

ICACLS name /verify [/T] [/C] [/L] [/Q]
    查找其 ACL 不规范或长度与 ACE
    计数不一致的所有文件。

ICACLS name /reset [/T] [/C] [/L] [/Q]
    为所有匹配文件使用默认继承的 ACL 替换 ACL。

ICACLS name [/grant[:r] Sid:perm[...]]
       [/deny Sid:perm [...]]
       [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
       [/setintegritylevel Level:policy[...]]

    /grant[:r] Sid:perm 授予指定的用户访问权限。如果使用 :r,
        这些权限将替换以前授予的所有显式权限。
        如果不使用 :r,这些权限将添加到以前授予的
        所有显式权限。

    /deny Sid:perm 显式拒绝指定的用户访问权限。
        将为列出的权限添加显式拒绝 ACE,
        并删除所有显式授予的权限中的相同权限。

    /remove[:[g|d]] Sid 删除 ACL 中所有出现的 SID。使用
        :g,将删除授予该 SID 的所有权限。使用
        :d,将删除拒绝该 SID 的所有权限。

    /setintegritylevel [(CI)(OI)]级别将完整性 ACE 显式
        添加到所有匹配文件。要指定的级别为以下级别
        之一:
             L[ow]
             M[edium]
             H[igh]
        完整性 ACE 的继承选项可以优先于级别,但只应用于
        目录。

    /inheritance:e|d|r
        e - 启用继承
        d - 禁用继承并复制 ACE
        r - 删除所有继承的 ACE


注意:
    Sid 可以采用数字格式或友好的名称格式。如果给定数字格式,
    那么请在 SID 的开头添加一个 *。

    /T 指示在以该名称指定的目录下的所有匹配文件/目录上
        执行此操作。

    /C 指示此操作将在所有文件错误上继续进行。
        仍将显示错误消息。

    /L 指示此操作在符号
      链接本身而不是其目标上执行。

    /Q 指示 icacls 应该禁止显示成功消息。

    ICACLS 保留 ACE 项的规范顺序:
            显式拒绝
            显式授予
            继承的拒绝
            继承的授予

    perm 是权限掩码,可以指定两种格式之一:
        简单权限序列:
                N - 无访问权限
                F - 完全访问权限
                M - 修改权限
                RX - 读取和执行权限
                R - 只读权限
                W - 只写权限
                D - 删除权限
        在括号中以逗号分隔的特定权限列表:
                DE - 删除
                RC - 读取控制
                WDAC - 写入 DAC
                WO - 写入所有者
                S - 同步
                AS - 访问系统安全性
                MA - 允许的最大值
                GR - 一般性读取
                GW - 一般性写入
                GE - 一般性执行
                GA - 全为一般性
                RD - 读取数据/列出目录
                WD - 写入数据/添加文件
                AD - 附加数据/添加子目录
                REA - 读取扩展属性
                WEA - 写入扩展属性
                X - 执行/遍历
                DC - 删除子项
                RA - 读取属性
                WA - 写入属性
        继承权限可以优先于每种格式,但只应用于
        目录:
                (OI) - 对象继承
                (CI) - 容器继承
                (IO) - 仅继承
                (NP) - 不传播继承
                (I) - 从父容器继承的权限

示例:

        icacls c:\windows\* /save AclFile /T
        - 将 c:\windows 及其子目录下所有文件的
          ACL 保存到 AclFile。

        icacls c:\windows\ /restore AclFile
        - 将还原 c:\windows 及其子目录下存在的 AclFile 内
          所有文件的 ACL。

        icacls file /grant Administrator:(D,WDAC)
        - 将授予用户对文件删除和写入 DAC 的管理员
          权限。

        icacls file /grant *S-1-1-0:(D,WDAC)
        - 将授予由 sid S-1-1-0 定义的用户对文件删除和
          写入 DAC 的权限。
PS C:\Users\harveymei>

内容引用:

https://learn.microsoft.com/zh-cn/windows-server/administration/windows-commands/icacls
https://learn.microsoft.com/en-us/windows/win32/secauthz/dacls-and-aces
https://learn.microsoft.com/zh-cn/troubleshoot/windows-client/networking/saving-restoring-existing-windows-shares
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers

使用dnf config-manger禁用repo仓库

 未分类  No Responses »
11月 202023
 

查看当前启用仓库列表并禁用仓库

[ops@localhost ~]$ sudo dnf repolist
[sudo] password for ops: 
repo id             repo name
appstream           Rocky Linux 9 - AppStream
baseos              Rocky Linux 9 - BaseOS
extras              Rocky Linux 9 - Extras
[ops@localhost ~]$ sudo dnf config-manager --disable appstream
[ops@localhost ~]$ sudo dnf config-manager --disable baseos
[ops@localhost ~]$ sudo dnf config-manager --disable extras
[ops@localhost ~]$

检查可用性

[ops@localhost ~]$ sudo dnf makecache
There are no enabled repositories in "/etc/yum.repos.d", "/etc/yum/repos.d", "/etc/distro.repos.d".
[ops@localhost ~]$

主机guest agent异常提示的处理

 未分类  No Responses »
11月 162023
 

错误提示

Guest agent is not responding: QEMU guest agent is not connected

CODE_FILE
    ../src/qemu/qemu_domain.c
CODE_FUNC
    qemuDomainAgentAvailable
CODE_LINE
    8526
LIBVIRT_CODE
    86
LIBVIRT_DOMAIN
    10
LIBVIRT_SOURCE
    util.error
PRIORITY
    3
SYSLOG_FACILITY
    3
_BOOT_ID
    e8d41ada1ec94052900e15bd6cabd727
_CAP_EFFECTIVE
    1ffffffffff
_CMDLINE
    /usr/sbin/virtqemud --timeout 120
_COMM
    virtqemud
_EXE
    /usr/sbin/virtqemud
_GID
    0
_HOSTNAME
    localhost.localdomain
_MACHINE_ID
    760e98b720374a9087311a1aea584dc6
_PID
    4865
_RUNTIME_SCOPE
    system
_SELINUX_CONTEXT
    kernel
_SOURCE_REALTIME_TIMESTAMP
    1700126716143085
_SYSTEMD_CGROUP
    /system.slice/virtqemud.service
_SYSTEMD_INVOCATION_ID
    d8c1cb44eba54d2788eb6492ef418a46
_SYSTEMD_SLICE
    system.slice
_SYSTEMD_UNIT
    virtqemud.service
_TRANSPORT
    journal
_UID
    0
__CURSOR
    s=3e22457506824768ad4f57aee3165252;i=ed1;b=e8d41ada1ec94052900e15bd6cabd727;m=13f550484;t=60a4198fd2603;x=5ee0a5b5940edc90
__MONOTONIC_TIMESTAMP
    5357503620
__REALTIME_TIMESTAMP
    1700126716143107

虚拟机安装代理客户端

[ops@localhost ~]$ sudo dnf info qemu-guest-agent
Last metadata expiration check: 0:00:15 ago on Thu 16 Nov 2023 05:34:49 PM HKT.
Available Packages
Name         : qemu-guest-agent
Epoch        : 17
Version      : 7.2.0
Release      : 14.el9_2.5
Architecture : x86_64
Size         : 446 k
Source       : qemu-kvm-7.2.0-14.el9_2.5.src.rpm
Repository   : appstream
Summary      : QEMU guest agent
URL          : http://www.qemu.org/
License      : GPLv2 and GPLv2+ and CC-BY
Description  : qemu-kvm is an open source virtualizer that provides hardware emulation for
             : the KVM hypervisor.
             :
             : This package provides an agent to run inside guests, which communicates
             : with the host over a virtio-serial channel named "org.qemu.guest_agent.0"
             :
             : This package does not need to be installed on the host OS.

[ops@localhost ~]$
[ops@localhost ~]$ sudo dnf install qemu-guest-agent
Last metadata expiration check: 0:02:19 ago on Thu 16 Nov 2023 05:34:49 PM HKT.
Dependencies resolved.
================================================================================
 Package              Arch       Version                    Repository     Size
================================================================================
Installing:
 qemu-guest-agent     x86_64     17:7.2.0-14.el9_2.5        appstream     446 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 446 k
Installed size: 1.8 M
Is this ok [y/N]:

服务注册

[ops@localhost ~]$ sudo systemctl enable qemu-guest-agent
Unit /usr/lib/systemd/system/qemu-guest-agent.service is added as a dependency to a non-existent unit dev-virtio\x2dports-org.qemu.guest_agent.0.device.
[ops@localhost ~]$ sudo systemctl start qemu-guest-agent
[ops@localhost ~]$ sudo systemctl status qemu-guest-agent
● qemu-guest-agent.service - QEMU Guest Agent
     Loaded: loaded (/usr/lib/systemd/system/qemu-guest-agent.service; enabled;>
     Active: active (running) since Thu 2023-11-16 17:41:24 HKT; 10s ago
   Main PID: 14117 (qemu-ga)
      Tasks: 2 (limit: 7887)
     Memory: 2.4M
        CPU: 9ms
     CGroup: /system.slice/qemu-guest-agent.service
             └─14117 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio>

Nov 16 17:41:24 localhost.localdomain systemd[1]: Started QEMU Guest Agent.
[ops@localhost ~]$

在主机上验证可用性

[ops@localhost ~]$ sudo virsh qemu-agent-command 1stvm '{"execute":"guest-info"}'
[sudo] password for ops: 
{"return":{"version":"7.2.0","supported_commands":[{"enabled":true,"name":"guest-get-cpustats","success-response":true},{"enabled":true,"name":"guest-get-diskstats","success-response":true},{"enabled":true,"name":"guest-ssh-remove-authorized-keys","success-response":true},{"enabled":true,"name":"guest-ssh-add-authorized-keys","success-response":true},{"enabled":true,"name":"guest-ssh-get-authorized-keys","success-response":true},{"enabled":false,"name":"guest-get-devices","success-response":true},{"enabled":true,"name":"guest-get-osinfo","success-response":true},{"enabled":true,"name":"guest-get-timezone","success-response":true},{"enabled":true,"name":"guest-get-users","success-response":true},{"enabled":true,"name":"guest-get-host-name","success-response":true},{"enabled":false,"name":"guest-exec","success-response":true},{"enabled":false,"name":"guest-exec-status","success-response":true},{"enabled":true,"name":"guest-get-memory-block-info","success-response":true},{"enabled":true,"name":"guest-set-memory-blocks","success-response":true},{"enabled":true,"name":"guest-get-memory-blocks","success-response":true},{"enabled":true,"name":"guest-set-user-password","success-response":true},{"enabled":true,"name":"guest-get-fsinfo","success-response":true},{"enabled":true,"name":"guest-get-disks","success-response":true},{"enabled":true,"name":"guest-set-vcpus","success-response":true},{"enabled":true,"name":"guest-get-vcpus","success-response":true},{"enabled":true,"name":"guest-network-get-interfaces","success-response":true},{"enabled":true,"name":"guest-suspend-hybrid","success-response":false},{"enabled":true,"name":"guest-suspend-ram","success-response":false},{"enabled":true,"name":"guest-suspend-disk","success-response":false},{"enabled":true,"name":"guest-fstrim","success-response":true},{"enabled":true,"name":"guest-fsfreeze-thaw","success-response":true},{"enabled":true,"name":"guest-fsfreeze-freeze-list","success-response":true},{"enabled":true,"name":"guest-fsfreeze-freeze","success-response":true},{"enabled":true,"name":"guest-fsfreeze-status","success-response":true},{"enabled":false,"name":"guest-file-flush","success-response":true},{"enabled":false,"name":"guest-file-seek","success-response":true},{"enabled":false,"name":"guest-file-write","success-response":true},{"enabled":false,"name":"guest-file-read","success-response":true},{"enabled":false,"name":"guest-file-close","success-response":true},{"enabled":false,"name":"guest-file-open","success-response":true},{"enabled":true,"name":"guest-shutdown","success-response":false},{"enabled":true,"name":"guest-info","success-response":true},{"enabled":true,"name":"guest-set-time","success-response":true},{"enabled":true,"name":"guest-get-time","success-response":true},{"enabled":true,"name":"guest-ping","success-response":true},{"enabled":true,"name":"guest-sync","success-response":true},{"enabled":true,"name":"guest-sync-delimited","success-response":true}]}}

[ops@localhost ~]$

Apache 2.4.53源码编译可用配置参数

 未分类  No Responses »
3月 302022
 

系统环境为Fedora 35版本,当采用Fedora 36版本时,会因openssl 3.0导致make时产生兼容性提示信息。

[root@compiler httpd-2.4.53]# ./configure --help
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking ...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local/apache2]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

By default, `make install' will install all the files in
`/usr/local/apache2/bin', `/usr/local/apache2/lib' etc.  You can specify
an installation prefix other than `/usr/local/apache2' using `--prefix',
for instance `--prefix=$HOME'.

For better control, use the options below.

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --sbindir=DIR           system admin executables [EPREFIX/sbin]
  --libexecdir=DIR        program executables [EPREFIX/libexec]
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
  --infodir=DIR           info documentation [DATAROOTDIR/info]
  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
  --mandir=DIR            man documentation [DATAROOTDIR/man]
  --docdir=DIR            documentation root [DATAROOTDIR/doc/PACKAGE]
  --htmldir=DIR           html documentation [DOCDIR]
  --dvidir=DIR            dvi documentation [DOCDIR]
  --pdfdir=DIR            pdf documentation [DOCDIR]
  --psdir=DIR             ps documentation [DOCDIR]

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
  --target=TARGET   configure for building compilers for TARGET [HOST]

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-layout=LAYOUT
  --enable-dtrace         Enable DTrace probes
  --enable-hook-probes    Enable APR hook probes
  --enable-exception-hook Enable fatal exception hook
  --enable-load-all-modules
                          Load all modules
  --enable-maintainer-mode
                          Turn on debugging and compile time warnings and load
                          all compiled modules
  --enable-debugger-mode  Turn on debugging and compile time warnings and turn
                          off optimization
  --enable-pie            Build httpd as a Position Independent Executable
  --enable-modules=MODULE-LIST
                          Space-separated list of modules to enable | "all" |
                          "most" | "few" | "none" | "reallyall"
  --enable-mods-shared=MODULE-LIST
                          Space-separated list of shared modules to enable |
                          "all" | "most" | "few" | "reallyall"
  --enable-mods-static=MODULE-LIST
                          Space-separated list of static modules to enable |
                          "all" | "most" | "few" | "reallyall"
  --disable-authn-file    file-based authentication control
  --enable-authn-dbm      DBM-based authentication control
  --enable-authn-anon     anonymous user authentication control
  --enable-authn-dbd      SQL-based authentication control
  --enable-authn-socache  Cached authentication control
  --disable-authn-core    core authentication module
  --disable-authz-host    host-based authorization control
  --disable-authz-groupfile
                          'require group' authorization control
  --disable-authz-user    'require user' authorization control
  --enable-authz-dbm      DBM-based authorization control
  --enable-authz-owner    'require file-owner' authorization control
  --enable-authz-dbd      SQL based authorization and Login/Session support
  --disable-authz-core    core authorization provider vector module
  --enable-authnz-ldap    LDAP based authentication
  --enable-authnz-fcgi    FastCGI authorizer-based authentication and
                          authorization
  --disable-access-compat mod_access compatibility
  --disable-auth-basic    basic authentication
  --enable-auth-form      form authentication
  --enable-auth-digest    RFC2617 Digest authentication
  --enable-allowmethods   restrict allowed HTTP methods
  --enable-isapi          isapi extension support
  --enable-file-cache     File cache
  --enable-cache          dynamic file caching. At least one storage
                          management module (e.g. mod_cache_disk) is also
                          necessary.
  --enable-cache-disk     disk caching module
  --enable-cache-socache  shared object caching module
  --enable-socache-shmcb  shmcb small object cache provider
  --enable-socache-dbm    dbm small object cache provider
  --enable-socache-memcache
                          memcache small object cache provider
  --enable-socache-redis  redis small object cache provider
  --enable-socache-dc     distcache small object cache provider
  --enable-so             DSO capability. This module will be automatically
                          enabled unless you build all modules statically.
  --enable-watchdog       Watchdog module
  --enable-macro          Define and use macros in configuration files
  --enable-dbd            Apache DBD Framework
  --enable-bucketeer      buckets manipulation filter. Useful only for
                          developers and testing purposes.
  --enable-dumpio         I/O dump filter
  --enable-echo           ECHO server
  --enable-example-hooks  Example hook callback handler module
  --enable-case-filter    Example uppercase conversion filter
  --enable-case-filter-in Example uppercase conversion input filter
  --enable-example-ipc    Example of shared memory and mutex usage
  --enable-buffer         Filter Buffering
  --enable-data           RFC2397 data encoder
  --enable-ratelimit      Output Bandwidth Limiting
  --disable-reqtimeout    Limit time waiting for request from client
  --enable-ext-filter     external filter module
  --enable-request        Request Body Filtering
  --enable-include        Server Side Includes
  --disable-filter        Smart Filtering
  --enable-reflector      Reflect request through the output filter stack
  --enable-substitute     response content rewrite-like filtering
  --enable-sed            filter request and/or response bodies through sed
  --disable-charset-lite  character set translation. Enabled by default only
                          on EBCDIC systems.
  --enable-charset-lite   character set translation. Enabled by default only
                          on EBCDIC systems.
  --enable-deflate        Deflate transfer encoding support
  --enable-xml2enc        i18n support for markup filters
  --enable-proxy-html     Fix HTML Links in a Reverse Proxy
  --enable-brotli         Brotli compression support
  --enable-http           HTTP protocol handling. The http module is a basic
                          one that enables the server to function as an HTTP
                          server. It is only useful to disable it if you want
                          to use another protocol module instead. Don't
                          disable this module unless you are really sure what
                          you are doing. Note: This module will always be
                          linked statically.
  --disable-mime          mapping of file-extension to MIME. Disabling this
                          module is normally not recommended.
  --enable-ldap           LDAP caching and connection pooling services
  --disable-log-config    logging configuration. You won't be able to log
                          requests to the server without this module.
  --enable-log-debug      configurable debug logging
  --enable-log-forensic   forensic logging
  --enable-logio          input and output logging
  --enable-lua            Apache Lua Framework
  --enable-luajit         Enable LuaJit Support
  --disable-env           clearing/setting of ENV vars
  --enable-mime-magic     automagically determining MIME type
  --enable-cern-meta      CERN-type meta files
  --enable-expires        Expires header control
  --disable-headers       HTTP header control
  --enable-ident          RFC 1413 identity check
  --enable-usertrack      user-session tracking
  --enable-unique-id      per-request unique ids
  --disable-setenvif      basing ENV vars on headers
  --disable-version       determining httpd version in config files
  --enable-remoteip       translate header contents to an apparent client
                          remote_ip
  --enable-proxy          Apache proxy module
  --enable-proxy-connect  Apache proxy CONNECT module. Requires
                          --enable-proxy.
  --enable-proxy-ftp      Apache proxy FTP module. Requires --enable-proxy.
  --enable-proxy-http     Apache proxy HTTP module. Requires --enable-proxy.
  --enable-proxy-fcgi     Apache proxy FastCGI module. Requires
                          --enable-proxy.
  --enable-proxy-scgi     Apache proxy SCGI module. Requires --enable-proxy.
  --enable-proxy-uwsgi    Apache proxy UWSGI module. Requires --enable-proxy.
  --enable-proxy-fdpass   Apache proxy to Unix Daemon Socket module. Requires
                          --enable-proxy.
  --enable-proxy-wstunnel Apache proxy Websocket Tunnel module. Requires
                          --enable-proxy.
  --enable-proxy-ajp      Apache proxy AJP module. Requires --enable-proxy.
  --enable-proxy-balancer Apache proxy BALANCER module. Requires
                          --enable-proxy.
  --enable-proxy-express  mass reverse-proxy module. Requires --enable-proxy.
  --enable-proxy-hcheck   reverse-proxy health-check module. Requires
                          --enable-proxy and --enable-watchdog.
  --enable-session        session module
  --enable-session-cookie session cookie module
  --enable-session-crypto session crypto module
  --enable-session-dbd    session dbd module
  --enable-slotmem-shm    slotmem provider that uses shared memory
  --enable-slotmem-plain  slotmem provider that uses plain memory
  --enable-ssl            SSL/TLS support (mod_ssl)
  --enable-ssl-staticlib-deps
                          link mod_ssl with dependencies of OpenSSL's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-ssl.
  --enable-optional-hook-export
                          example optional hook exporter
  --enable-optional-hook-import
                          example optional hook importer
  --enable-optional-fn-import
                          example optional function importer
  --enable-optional-fn-export
                          example optional function exporter
  --enable-dialup         rate limits static files to dialup modem speeds
  --enable-static-support Build a statically linked version of the support
                          binaries
  --enable-static-htpasswd
                          Build a statically linked version of htpasswd
  --enable-static-htdigest
                          Build a statically linked version of htdigest
  --enable-static-rotatelogs
                          Build a statically linked version of rotatelogs
  --enable-static-logresolve
                          Build a statically linked version of logresolve
  --enable-static-htdbm   Build a statically linked version of htdbm
  --enable-static-ab      Build a statically linked version of ab
  --enable-static-checkgid
                          Build a statically linked version of checkgid
  --enable-static-htcacheclean
                          Build a statically linked version of htcacheclean
  --enable-static-httxt2dbm
                          Build a statically linked version of httxt2dbm
  --enable-static-fcgistarter
                          Build a statically linked version of fcgistarter
  --enable-http2          HTTP/2 protocol handling in addition to HTTP
                          protocol handling. Implemented by mod_http2. This
                          module requires a libnghttp2 installation. See
                          --with-nghttp2 on how to manage non-standard
                          locations. This module is usually linked shared and
                          requires loading.
  --enable-nghttp2-staticlib-deps
                          link mod_http2 with dependencies of libnghttp2's
                          static libraries (as indicated by "pkg-config
                          --static"). Must be specified in addition to
                          --enable-http2.
  --enable-proxy-http2    HTTP/2 proxy module. This module requires a
                          libnghttp2 installation. See --with-nghttp2 on how
                          to manage non-standard locations. Also requires
                          --enable-proxy.
  --enable-md             Managed Domain handling
  --enable-jansson-staticlib-deps
                          link mod_md with dependencies of libjansson's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-md.
  --enable-curl-staticlib-deps
                          link mod_md with dependencies of libcurl's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-md.
  --enable-lbmethod-byrequests
                          Apache proxy Load balancing by request counting
  --enable-lbmethod-bytraffic
                          Apache proxy Load balancing by traffic counting
  --enable-lbmethod-bybusyness
                          Apache proxy Load balancing by busyness
  --enable-lbmethod-heartbeat
                          Apache proxy Load balancing from Heartbeats
  --enable-tls            TLS protocol handling using rustls. Implemented by
                          mod_tls. This module requires a librustls
                          installation. See --with-rustls on how to manage
                          non-standard locations. This module is usually
                          linked shared and requires loading.
  --enable-mpms-shared=MPM-LIST
                          Space-separated list of MPM modules to enable for
                          dynamic loading. MPM-LIST=list | "all"
  --enable-unixd          unix specific support
  --enable-privileges     Per-virtualhost Unix UserIDs and enhanced security
                          for Solaris
  --enable-systemd        Systemd support
  --enable-heartbeat      Generates Heartbeats
  --enable-heartmonitor   Collects Heartbeats
  --enable-dav            WebDAV protocol handling. --enable-dav also enables
                          mod_dav_fs
  --disable-status        process/thread monitoring
  --disable-autoindex     directory listing
  --enable-asis           as-is filetypes
  --enable-info           server information
  --enable-suexec         set uid and gid for spawned processes
  --enable-cgid           CGI scripts. Enabled by default with threaded MPMs
  --enable-cgi            CGI scripts. Enabled by default with non-threaded
                          MPMs
  --enable-dav-fs         DAV provider for the filesystem. --enable-dav also
                          enables mod_dav_fs.
  --enable-dav-lock       DAV provider for generic locking
  --enable-vhost-alias    mass virtual hosting module
  --enable-negotiation    content negotiation
  --disable-dir           directory request handling
  --enable-imagemap       server-side imagemaps
  --enable-actions        Action triggering on requests
  --enable-speling        correct common URL misspellings
  --enable-userdir        mapping of requests to user-specific directories
  --disable-alias         mapping of requests to different filesystem parts
  --enable-rewrite        rule based URL manipulation
  --enable-suexec-capabilities
                          Use Linux capability bits not setuid root suexec
  --enable-v4-mapped      Allow IPv6 sockets to handle IPv4 connections

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-included-apr     Use bundled copies of APR/APR-Util
  --with-apr=PATH         prefix for installed APR or the full path to
                             apr-config
  --with-apr-util=PATH    prefix for installed APU or the full path to
                             apu-config
  --with-pcre=PATH        Use external PCRE library
  --with-port=PORT        Port on which to listen (default is 80)
  --with-sslport=SSLPORT  Port on which to securelisten (default is 443)
  --with-distcache=PATH   Distcache installation directory
  --with-z=PATH           use a specific zlib library
  --with-libxml2=PATH     location for libxml2
  --with-brotli=PATH      Brotli installation directory
  --with-lua=PATH         Path to the Lua installation prefix
  --with-ssl=PATH         OpenSSL installation directory
  --with-nghttp2=PATH     nghttp2 installation directory
  --with-jansson=PATH     jansson installation directory
  --with-curl=PATH        curl installation directory
  --with-rustls=PATH      rustls installation directory
  --with-mpm=MPM          Choose the process model for Apache to use by
                          default. MPM={event|worker|prefork|winnt} This will
                          be statically linked as the only available MPM
                          unless --enable-mpms-shared is also specified.
  --with-module=module-type:module-file
                          Enable module-file in the modules/
                          directory.
  --with-program-name     alternate executable name
  --with-suexec-bin       Path to suexec binary
  --with-suexec-caller    User allowed to call SuExec
  --with-suexec-userdir   User subdirectory
  --with-suexec-docroot   SuExec root directory
  --with-suexec-uidmin    Minimal allowed UID
  --with-suexec-gidmin    Minimal allowed GID
  --with-suexec-logfile   Set the logfile
  --with-suexec-syslog    Use syslog for suexec logging
  --with-suexec-safepath  Set the safepath
  --with-suexec-umask     umask for suexec'd process

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L if you have libraries in a
              nonstandard directory 
  LIBS        libraries to pass to the linker, e.g. -l
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I if
              you have headers in a nonstandard directory 
  CPP         C preprocessor

Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.

Report bugs to the package provider.
[root@compiler httpd-2.4.53]#

Apache httpd Server 模块的静态编译

 未分类  No Responses »
3月 302022
 

未指定编译参数时的默认静态编译模块

[root@compiler bin]# ./apachectl -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c
  event.c
[root@compiler bin]#

查看所有已加载的模块

[root@compiler bin]# ./apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_event_module (static)
 authn_file_module (shared)
 authn_core_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_core_module (shared)
 access_compat_module (shared)
 auth_basic_module (shared)
 reqtimeout_module (shared)
 filter_module (shared)
 mime_module (shared)
 log_config_module (shared)
 env_module (shared)
 headers_module (shared)
 setenvif_module (shared)
 version_module (shared)
 unixd_module (shared)
 status_module (shared)
 autoindex_module (shared)
 dir_module (shared)
 alias_module (shared)
[root@compiler bin]#

启用对dbd模块的静态编译

[root@compiler httpd-2.4.53]# ./configure --enable-dbd=static

查看已静态编译的模块

[root@compiler bin]# ./apachectl -l
Compiled in modules:
  core.c
  mod_so.c
  mod_dbd.c
  http_core.c
  event.c
[root@compiler bin]#

查看所有已加载的模块

[root@compiler bin]# ./apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 dbd_module (static)
 http_module (static)
 mpm_event_module (static)
 authn_file_module (shared)
 authn_core_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_core_module (shared)
 access_compat_module (shared)
 auth_basic_module (shared)
 reqtimeout_module (shared)
 filter_module (shared)
 mime_module (shared)
 log_config_module (shared)
 env_module (shared)
 headers_module (shared)
 setenvif_module (shared)
 version_module (shared)
 unixd_module (shared)
 status_module (shared)
 autoindex_module (shared)
 dir_module (shared)
 alias_module (shared)
[root@compiler bin]#

付费是对软件及其开发者的支持与尊重

 未分类  No Responses »
3月 292022
 

已经是第二次对Vandyke公司的SecureCRT产品进行付费购买了,之前是单一的SecureCRT版本,这次使用原有的序列号,升级购买了三年期的SecureCRT+SecureFX版本。

付费是对软件及其开发者的支持与尊重,我会在自己力所能及的情况下,以实际行动去支持这些优秀的软件开发者和软件企业。

这既是对于软件开发者劳动价值认同的态度问题,也是基于系统工程师对系统管理软件安全性的一贯要求。

 Older Entries