在 Debian 下使用 libusb 開發程式

apt-get install gcc usbutils libusb-1.0-0-dev

Oracle 雲端免費資源(Cloud Always Free)

Oracle Cloud 相較於 Google Cloud Platform(GCP) 除了同樣提供免費運算資源外，機房區域多了東京可以選擇，對於亞太區傳輸延遲顯得更有優勢。另外 Oracle Cloud 登入強制啟用 2FA(Oracle Mobile Authenticator) 認證！

The Home Region(家鄉區)

When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for you in one region. This is your home region. Your home region is where your IAM resources are defined. Your home region contains your account information and identity resources.It is not changeable after your tenancy is provisioned. (區域列表)

Always Free Resources

All Oracle Cloud Infrastructure accounts (whether free or paid) have a set of resources that are free of charge in the home region of the tenancy, for the life of the account. These resources display the Always Free label in the Console (for Ampere A1 Compute shapes, see Compute). (圖例)

Compute(免費運算節點只能在家鄉區建立！)

All tenancies get a set of Always Free resources in the Compute service for creating compute virtual machine (VM) instances. You must create the Always Free compute instances in your home region.

• Micro instances (AMD processor): All tenancies get up to two Always Free VM instances using the VM.Standard.E2.1.Micro shape, which has an AMD processor.(節點規格, 流量計價)
• Ampere A1 Compute instances (Arm processor): All tenancies get the first 3,000 OCPU hours and 18,000 GB hours per month for free for VM instances using the VM.Standard.A1.Flex shape, which has an Arm processor.

Idle Compute Instances(閒置的節點會被收回)
Idle Always Free compute instances may be reclaimed by Oracle. Oracle will deem virtual machine and bare metal compute instances as idle if, during a 7-day period, the following are true:

• CPU utilization for the 95th percentile is less than 20%
• Network utilization is less than 20%
• Memory utilization is less than 20% (applies to A1 shapes only)

在 Virtualbox 跑 Fortigate VM

 1. 先到 Fortinet Download/VM Images (需登入)

2. 防火牆(FortiGate)原廠未提供 Vbox 格式，在此選 FGT KVM 然後手動轉檔，像是：

• FGT_VM64_KVM-v6.M-build2093-FORTINET.out.kvm.zip
• FGT_VM64_KVM-v7.4.0.F-build2360-FORTINET.out.kvm.zip

3. 透過 qemu 工具轉檔成 .vdi 格式

• qemu-img.exe convert -O vdi fortios.qcow2 fortios.vdi

4. 在 VirtualBox 開一台新機器(Linux 64bit)掛載 vdi 成功進入基礎環境，功能待測。

※如果是要跑 FortiWeb(WAF) 可以省去轉檔過程，網站直接有提供 VirtualBox 格式映像檔。

組7K家用文書機：Celeron G6900 華碩 PRIME H610M-K D4-CSM

原先擺在家裡的電腦用很久(2016/06)，最近主機板偵測不到 SATA 或無法開機索性整台換了。看一下故障週期，好像6年是個大關，雖然CPU、硬碟還有電源供應器都是好的。

這年頭組台電腦不容易，零件變的很貴。低階CPU缺料沒有Pentium款；然後入門款 Core i3 把處理器跟顯示晶片拆開來賣，在AMD陣營這邊也是一樣！最後退一萬步...條件篩完只剩Celeron能選！

•  Intel Celeron G6900 , $1970
• 華碩 PRIME H610M-K D4-CSM , $2290
• 美光 Crucial P3 NVMe SSD 500G , $1150 (測速)
• 金士頓 8GB DDR4-3200 , $499
• 視博通 小至尊 , $890
• 全漢 聖武士350W , $1090

Total = $7889 | 硬體參數

. .

輕量經 Windows 11 作業系統

 輕量級的 Windows 11 作業系統，由 NTDEV 製作

• tiny11：最新版基於Windows 11 23H2，可以安裝中文語言包，映像檔大小3.5G。
• tiny11 core：映象檔縮小到 2GB，刪除 WinSxS、Edge等功能；不建議用於正式環境，安全性無法更新。

USB 資料對傳線(USB Host to Host Data Transfer)

Prolific PL27A1 Super-Speed USB Host to Host Data Transfer Controller

The PL27A1 is a single-chip SuperSpeed USB 3.0 Host-to-Host bridge controller specially designed for USB host to host data transfer. (通常搭公版軟體 PCLinq5 發售；可透過 libusb 程式化運作)

The PL27A1 chip offers external firmware customization for various data transfer mode protocols:
- WINUSB(Transfer cable)
- CDC/ACM (USB Serial Device)
- RNDIS (Network Cable)

PL27A1 實際產品

• 伽利略 USB3.0 跨系統對傳線(CBL-307)：規格參數 - Windows, Linux
• ThinkPenguin.com (TPE-3TRANCBL) 規格參數 - Linux
• StarTech.com USB 3.0 Data Transfer Cable (USB3LINK)
• Plugable USB 3.0 transfer cable (USB3-TRAN)

另一種標示為資料傳輸與鍵鼠(KM)控制的的產品 (libusb 無法正常驅動)

• j5create JUC100 USB 2.0 資料對傳線：規格參數 - Windows, Linux
• StarTech.com KM Switch Cable with File Transfer (SVKMS2)

設定 BIND9 伺服器

關於 BIND 的設定之前(2014)有寫過一篇，不過年代久遠。兩相對照語法，其實架構沒太大改變。現在都用免費託管方案 Cloudflare DNS 顯少自己維運，畢竟還是有機會被打爆。

/etc/bind# vim named.conf.local

zone "example.com" in {
  type master;
  file "/etc/bind/db.example.com";
};

/etc/bind# vim db.example.com

$TTL    86400
$ORIGIN example.com.    ; base domain-name

@  IN  SOA  dns.example.com. admin.example.com. (
   20230909    ; Serial
   43200       ; Refresh
   3600        ; Retry
   1209600     ; Expire
   180 )       ; Minimum TTL

; Nameservers
@                  IN  NS  dns.example.com.;

; Records
dns.example.com.   IN  A   [IP];
test.example.com.  IN  A   [IP];

/etc/bind# vim named.conf.options

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  
  auth-nxdomain yes;    # conform to RFC1035
  listen-on-v6 { none; };
  listen-on port 53 { any; };
  allow-query { any; };
  allow-query-cache { none; };
  recursion no; 
  also-notify { };
};

開源XDR平台 - Wazuh

開源的 XDR 平台！感覺安裝不會太難，但要On Premise維運不知能不能做到？

Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

端點(agent)支援的作業系統有 Linux, Windows, macOS

The Wazuh agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.

然後概念驗證(POC)章節有提到怎麼觸發告警

• Detecting suspicious binaries
• File integrity monitoring
• Detecting an SQL injection attack
• Vulnerability detection

RDP 連線側錄工具(RecordTS)

RecordTS™ is a Windows remote desktop session recording software that can monitor user activity on-premise or in the cloud.

RecordTS 是當使用者連結至伺服器、工作站、終端伺服器或 Citrix 伺服器時，用來紀錄遠程桌面工作階段活動的軟體。所有的活動皆會被記錄，當中包括按鍵、滑鼠移動、檔案下載等，沒有任何遺漏。

TSFactory's RecordTS Single Server Edition is a compact, efficient and powerful recording solution for Windows remote desktop sessions.

• One year subscriptions start at $495 USD

一年的訂閱費用好像很親民，不知實際用起來怎麼樣...

Cloudflare CDN

 Cloudflare CDN