分类 默认分类 下的文章

CVE-2024-6387漏洞影响,各大版本的openssh基本上都要更新(这个漏洞存在于 OpenSSH < 4.4p1 或 8.5p1 <= OpenSSH < 9.8p1 的版本中),目前各大版本也都发布了安全更新,debian/ubuntu系升级主要两条指令:

sudo apt update
sudo apt install --only-upgrade openssh-server

升级后,确认一下版本:

ssh -V
  • debian:

    bullseye (security), bullseye    1:8.4p1-5+deb11u3
      bookworm (security)    1:9.2p1-2+deb12u3
                   sid    1:9.7p1-7
  • ubuntu:

    jammy    Released (1:8.9p1-3ubuntu0.10)
    mantic    Released (1:9.3p1-1ubuntu3.6)
    noble    Released (1:9.6p1-3ubuntu13.3)

常用的标准Linux环境里都有Systemd提供后台服务进程管理及保活,但是在一些特殊的运行环境还是需要简易的解决方案。

比如在serv00服务器freeBSD Linux环境下,可以写这个这样的脚本:

check_and_start_process.sh

#!/bin/bash

# Define process name and start command
PROCESS_NAME="command"
START_COMMAND="/path/to/your/command"

# Check if the process is running
if ! pgrep -f "$PROCESS_NAME" > /dev/null
then
    echo "Process $PROCESS_NAME is not running, starting it now..."
    # Start the process
    $START_COMMAND &
    if [ $? -eq 0 ]; then
        echo "Process $PROCESS_NAME started successfully."
    else
        echo "Failed to start process $PROCESS_NAME."
    fi
else
    echo "Process $PROCESS_NAME is already running."
fi

修改脚本中的PROCESS_NAMESTART_COMMAND值,并增加运行权限:

chmod +x check_and_start_process.sh

接着添加定时任务:

crontab -e

每5分钟检测一次:

*/5 * * * * /path/to/check_and_start_process.sh

提示
在serv00服务器中,定时任务执行后如果会触发email,则改用:

*/5 * * * * /path/to/check_and_start_process.sh > /dev/null 2>&1

参考网上资料梳理的Cloudflare IP地址归属地信息,具体准确性待考证:

{
  "PH": [
    "172.69.184.0/22",
    "162.158.136.0/22",
    "162.158.228.0/22"
  ],
  "LT": [
    "172.69.188.0/22"
  ],
  "HK": [
    "103.22.202.0/24",
    "103.22.203.0/24",
    "108.162.222.0/24",
    "108.162.223.0/24",
    "162.158.176.0/24",
    "162.158.177.0/24",
    "162.158.178.0/24",
    "162.158.179.0/24",
    "172.68.248.0/22",
    "172.69.96.0/22",
    "172.69.176.0/22",
    "173.245.62.0/24"
  ],
  "TW": [
    "103.31.4.0/23",
    "162.158.224.0/22",
    "162.158.240.0/22"
  ],
  "MO": [
    "172.69.72.0/22"
  ],
  "KH": [
    "172.69.80.0/22"
  ],
  "CA": [
    "108.162.208.0/24",
    "108.162.240.0/24",
    "108.162.241.0/24",
    "162.158.144.0/24",
    "162.158.145.0/24",
    "162.158.146.0/24",
    "162.158.147.0/24",
    "172.69.156.0/22",
    "172.69.212.0/22",
    "172.69.216.0/22"
  ],
  "US-LA": [
    "108.162.214.0/24",
    "108.162.215.0/24",
    "141.101.72.0/24",
    "162.158.56.0/22",
    "172.68.44.0/22",
    "172.68.208.0/22",
    "172.69.32.0/22",
    "173.245.48.0/24"
  ],
  "US-CH": [
    "108.162.216.0/24",
    "108.162.217.0/24",
    "141.101.73.0/24",
    "162.158.72.0/22",
    "172.68.56.0/24",
    "172.68.57.0/24",
    "172.68.58.0/24",
    "172.68.59.0/24"
  ],
  "US-PH": [
    "162.158.140.0/24",
    "162.158.141.0/24",
    "162.158.142.0/24",
    "162.158.143.0/24"
  ],
  "US-NJ": [
    "108.162.218.0/24",
    "108.162.219.0/24",
    "162.158.60.0/22"
  ],
  "US-NY": [
    "173.245.52.0/24"
  ],
  "US-DA": [
    "108.162.220.0/24",
    "108.162.221.0/24",
    "141.101.74.0/24",
    "172.69.64.0/21"
  ],
  "US-SJ": [
    "162.158.252.0/22",
    "172.68.80.0/22",
    "172.68.132.0/22",
    "172.68.140.0/22",
    "172.68.188.0/22",
    "172.69.16.0/22"
  ],
  "US-LV": [
    "162.158.244.0/22"
  ],
  "JP-TK": [
    "108.162.226.0/24",
    "108.162.227.0/24",
    "103.22.200.0/23",
    "162.158.4.0/22",
    "162.158.116.0/22",
    "172.69.108.0/22"
  ],
  "JP-OS": [
    "172.69.152.0/22"
  ],
  "FR": [
    "108.162.228.0/24",
    "141.101.66.0/24",
    "141.101.67.0/24",
    "141.101.68.0/24",
    "141.101.69.0/24",
    "108.162.229.0/24",
    "141.101.88.0/22",
    "162.158.192.0/24",
    "162.158.193.0/24",
    "162.158.194.0/24",
    "162.158.195.0/24",
    "172.69.224.0/22"
  ],
  "US-MI": [
    "162.158.120.0/24",
    "162.158.121.0/24",
    "162.158.122.0/24",
    "162.158.123.0/24",
    "108.162.210.0/24",
    "108.162.211.0/24",
    "108.162.212.0/24",
    "108.162.213.0/24"
  ],
  "US-AT": [
    "108.162.236.0/24",
    "108.162.237.0/24",
    "108.162.238.0/24",
    "162.158.124.0/22",
    "162.158.184.0/24",
    "162.158.185.0/24",
    "162.158.186.0/24",
    "162.158.187.0/24"
  ],
  "US-DN": [
    "172.68.32.0/22"
  ],
  "US-SL": [
    "172.68.36.0/22"
  ],
  "US-BO": [
    "172.68.52.0/22"
  ],
  "US-SEA": [
    "108.162.243.0/24",
    "108.162.244.0/24",
    "108.162.245.0/24",
    "108.162.246.0/24",
    "162.158.104.0/24",
    "162.158.105.0/24",
    "162.158.106.0/24",
    "162.158.107.0/24"
  ],
  "US-AH": [
    "162.158.76.0/22",
    "172.68.64.0/22",
    "172.69.60.0/22",
    "173.245.54.0/24",
    "188.114.104.0/24"
  ],
  "US-KC": [
    "172.68.148.0/22"
  ],
  "US-DC": [
    "172.68.204.0/22"
  ],
  "US-PN": [
    "172.68.172.0/22"
  ],
  "US-HO": [
    "172.69.168.0/22"
  ],
  "US-SC": [
    "172.69.40.0/22"
  ],
  "US-SD": [
    "172.68.228.0/22"
  ],
  "US-PA": [
    "172.68.68.0/22"
  ],
  "US-TN": [
    "172.68.72.0/22"
  ],
  "US-TB": [
    "172.68.76.0/22"
  ],
  "US-OM": [
    "172.68.88.0/22"
  ],
  "US-MC": [
    "172.69.4.0/22"
  ],
  "US-PI": [
    "172.69.48.0/22"
  ],
  "US-IN": [
    "172.69.88.0/22"
  ],
  "US-SA": [
    "172.69.140.0/22"
  ],
  "US-TH": [
    "172.69.180.0/22"
  ],
  "AU-ME": [
    "108.162.250.0/24",
    "108.162.251.0/24",
    "141.101.64.0/24",
    "141.101.65.0/24",
    "162.158.240.0/24",
    "162.158.241.0/24",
    "162.158.242.0/24",
    "162.158.243.0/24"
  ],
  "AU-SY": [
    "103.22.204.0/22",
    "108.162.246.0/24",
    "108.162.247.0/24",
    "162.158.214.0/24",
    "162.158.215.0/24",
    "162.158.216.0/24",
    "162.158.217.0/24"
  ],
  "SG": [
    "103.31.8.0/22",
    "108.162.192.0/24",
    "108.162.193.0/24",
    "108.162.194.0/24",
    "108.162.195.0/24",
    "108.162.202.0/24",
    "108.162.203.0/24",
    "162.158.18.0/24",
    "162.158.19.0/24",
    "172.68.146.0/22",
    "172.69.24.0/22"
  ],
  "ZA": [
    "162.158.144.0/22"
  ],
  "BR-SP": [
    "108.162.236.0/24",
    "108.162.237.0/24",
    "108.162.238.0/24",
    "108.162.239.0/24"
  ],
  "BR-RJ": [
    "162.158.252.0/22"
  ]
}

在国内86手机号有概率性的收不到tg验证码短信,tg有Login Email功能,但似乎只在内测,没有全部放开,这也催生了很多卖Login Email功能号的生意,既然有人干这门生意,那就说明有门道能开通,经过尝试如下方法可行,现分享:

  • 给Volunteer Support留言开通
Setting - Ask a Question - Ask a Volunteer

根据提示,用英文留言希望能支持开通,没有回复,但过一两天后Logout再Login就成了

  • Youter分享的通过刷Login Code触发Login Email功能

就是先用tg登录,再用tgx不停的登录退出,只选择用短信收接验证码登录,个人没有尝试过,按理论上存在一定的风险,仅供参考:

Telegram开通Email登录