How To Configure Suricata as an Intrusion Prevention System (IPS) on Ubuntu 20.04

原文:

https://www.digitalocean.com/community/tutorials/how-to-configure-suricata-as-an-intrusion-prevention-system-ips-on-ubuntu-20-04

https://suricata.readthedocs.io/en/suricata-6.0.0/setting-up-ipsinline-for-linux.html

Introduction

In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Ubuntu 20.04. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you enable IPS mode, Suricata can actively drop suspicious network traffic in addition to generating alerts for further analysis.

Before enabling IPS mode, it is important to check which signatures you have enabled, and their default actions. An incorrectly configured signature, or a signature that is overly broad may result in dropping legitimate traffic to your network, or even block you from accessing your servers over SSH and other management protocols.

In the first part of this tutorial you will check the signatures that you have installed and enabled. You will also learn how to include your own signatures. Once you know which signatures you would like to use in IPS mode, you’ll convert their default action to drop or reject traffic. With your signatures in place, you’ll learn how to send network traffic through Suricata using the netfilter NFQUEUE iptables target, and then generate some invalid network traffic to ensure that Suricata drops it as expected.

Prerequisites

If you have been following this tutorial series then you should already have Suricata running on an Ubuntu 20.04 server.

If you still need to install Suricata then you can follow How To Install Suricata on Ubuntu 20.04

You should also have the ET Open Ruleset downloaded using the suricata-update command, and included in your Suricata signatures.

The jq command line JSON processing tool. If you do not have it installed from a previous tutorial, you can do so using the apt command:

sudo apt update
sudo apt install jq

You may also have custom signatures that you would like to use from the previous Understanding Suricata Signatures tutorial.

Step 1 — Including Custom Signatures

The previous tutorials in this series explored how to install and configure Suricata, as well as how to understand signatures. If you would like to create and include your own rules then you need to edit Suricata’s /etc/suricata/suricata.yaml file to include a custom path to your signatures.

First, let’s find your server’s public IPs so that you can use them in your custom signatures. To find your IPs you can use the ip command:

ip -brief address show

You should receive output like the following:

Output
lo UNKNOWN 127.0.0.1/8 ::1/128
eth0 UP 203.0.113.5/20 10.20.0.5/16 2001:DB8::1/32 fe80::94ad:d4ff:fef9:cee0/64
eth1 UP 10.137.0.2/16 fe80::44a2:ebff:fe91:5187/64

Your public IP address(es) will be similar to the highlighted 203.0.113.5 and 2001:DB8::1/32 IPs in the output.

Now let’s create the following custom signature to scan for SSH traffic to non-SSH ports and include it in a file called /var/lib/suricata/rules/local.rules. Open the file with nano or your preferred editor:

sudo nano /var/lib/suricata/rules/local.rules

Copy and paste the following signature:

Invalid SSH Traffic Signature

alert ssh any any -> 203.0.113.5 !22 (msg:"SSH TRAFFIC on non-SSH port"; flow:to_client, not_established; classtype: misc-attack; target: dest_ip; sid:1000000;)
alert ssh any any -> 2001:DB8::1/32 !22 (msg:"SSH TRAFFIC on non-SSH port"; flow:to_client, not_established; classtype: misc-attack; target: dest_ip; sid:1000001;)

Substitute your server’s public IP address in place of the 203.0.113.5 and 2001:DB8::1/32 addresses in the rule. If you are not using IPv6 then you can skip adding that signature in this and the following rules.

You can continue adding custom signatures to this local.rules file depending on your network and applications. For example, if you wanted to alert about HTTP traffic to non-standard ports, you could use the following signatures:

HTTP traffic on non-standard port signature

alert http any any -> 203.0.113.5 !80 (msg:"HTTP REQUEST on non-HTTP port"; flow:to_client, not_established; classtype:misc-activity; sid:1000002;)
alert http any any -> 2001:DB8::1/32 !80 (msg:"HTTP REQUEST on non-HTTP port"; flow:to_client, not_established; classtype:misc-activity; sid:1000003;)

To add a signature that checks for TLS traffic to ports other than the default 443 for web servers, add the following:

TLS traffic on non-standard port signature

alert tls any any -> 203.0.113.5 !443 (msg:"TLS TRAFFIC on non-TLS HTTP port"; flow:to_client, not_established; classtype:misc-activity; sid:1000004;)
alert tls any any -> 2001:DB8::1/32 !443 (msg:"TLS TRAFFIC on non-TLS HTTP port"; flow:to_client, not_established; classtype:misc-activity; sid:1000005;)

When you are done adding signatures, save and close the file. If you are using nano, you can do so with CTRL+X, then Y and ENTER to confirm. If you are using vi, press ESC and then 😡 then ENTER to save and exit.

Now that you have some custom signatures defined, edit Suricata’s /etc/suricata/suricata.yaml configuration file using nano or your preferred editor to include them:

sudo nano /etc/suricata/suricata.yaml

Find the rule-files: portion of the configuration. If you are using nano use CTRL+_ and then enter the line number 1879. If you are using vi enter 1879gg to go to the line. The exact location in your file may be different, but you should be in the correct general region of the file.

Edit the section and add the following highlighted – local.rules line:

/etc/suricata/suricata.yaml

. . .
rule-files:
- suricata.rules
- local.rules
. . .

Save and exit the file. Be sure to validate Suricata’s configuration after adding your rules. To do so run the following command:

sudo suricata -T -c /etc/suricata/suricata.yaml -v

The test can take some time depending on how many rules you have loaded in the default suricata.rules file. If you find the test takes too long, you can comment out the – suricata.rules line in the configuration by adding a # to the beginning of the line and then run your configuration test again. Be sure to remove the # comment if you plan to use the suricata.rules signature in your final running configuration.

Once you are satisfied with the signatures that you have created or included using the suricata-update tool, you can proceed to the next step, where you’ll switch the default action for your signatures from alert or log to actively dropping traffic.

Step 2 — Configuring Signature Actions

Now that you have your custom signatures tested and working with Suricata, you can change the action to drop or reject. When Suricata is operating in IPS mode, these actions will actively block invalid traffic for any matching signature.

These two actions are described in the previous tutorial in this series, Understanding Suricata Signatures. The choice of which action to use is up to you. A drop action will immediately discard a packet and any subsequent packets that belong to the network flow. A reject action will send both the client and server a reset packet if the traffic is TCP-based, and an ICMP error packet for any other protocol.

Let’s use the custom rules from the previous section and convert them to use the drop action, since the traffic that they match is likely to be a network scan, or some other invalid connection.

Open your /var/lib/suricata/rules/local.rules file using nano or your preferred editor and change the alert action at the beginning of each line in the file to drop:

sudo nano /var/lib/suricata/rules/local.rules

/var/lib/suricata/rules/local.rules

drop ssh any any -> 203.0.113.5 !22 (msg:"SSH TRAFFIC on non-SSH port"; classtype: misc-attack; target: dest_ip; sid:1000000;)
drop ssh any any -> 2001:DB8::1/32 !22 (msg:"SSH TRAFFIC on non-SSH port"; classtype: misc-attack; target: dest_ip; sid:1000001;)
. . .

Repeat the step above for any signatures in /var/lib/suricata/rules/suricata.rules that you would like to convert to drop or reject mode.

Note: If you ran suricata-update in the prerequisite tutorial, you may have more than 30,000 signatures included in your suricata.rules file.

If you convert every signature to drop or reject you risk blocking legitimate access to your network or servers. Instead, leave the rules in suricata.rules for the time being, and add your custom signatures to local.rules. Suricata will continue to generate alerts for suspicious traffic that is described by the signatures in suricata.rules while it is running in IPS mode.

After you have a few days or weeks of alerts collected, you can analyze them and choose the relevant signatures to convert to drop or reject based on their sid.

Once you have all the signatures configured with the action that you would like them to take, the next step is to reconfigure and then restart Suricata in IPS mode.

Step 3 — Enabling nfqueue Mode

Suricata runs in IDS mode by default, which means it will not actively block network traffic. To switch to IPS mode, you’ll need to edit Suricata’s /etc/default/suricata configuration file.

Open the file in nano or your preferred editor:

sudo nano /etc/default/suricata

Find the LISTENMODE=af-packet line and comment it out by adding a # to the beginning of the line. Then add a new line LISTENMODE=nfqueue line that tells Suricata to run in IPS mode.

Your file should have the following highlighted lines in it when you are done editing:

/etc/default/suricata

. . .
# LISTENMODE=af-packet
LISTENMODE=nfqueue
. . .

Save and close the file. Now you can restart Suricata using systemctl:

sudo systemctl restart suricata.service

Check Suricata’s status using systemctl:

sudo systemctl status suricata.service

You should receive output like the following:

 

Output
● suricata.service - LSB: Next Generation IDS/IPS
Loaded: loaded (/etc/init.d/suricata; generated)
Active: active (running) since Wed 2021-12-01 15:54:28 UTC; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 1452 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS)
Tasks: 12 (limit: 9513)
Memory: 63.6M
CGroup: /system.slice/suricata.service
└─1472 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 0 -D -vvv

Dec 01 15:54:28 suricata systemd[1]: Starting LSB: Next Generation IDS/IPS...
Dec 01 15:54:28 suricata suricata[1452]: Starting suricata in IPS (nfqueue) mode... done.
Dec 01 15:54:28 suricata systemd[1]: Started LSB: Next Generation IDS/IPS.

Note the highlighted active (running) line that indicates Suricata restarted successfully. Also note the Starting suricata in IPS (nfqueue) mode… done. line, which confirms Suricata is now running in IPS mode.

With this change you are now ready to send traffic to Suricata using the UFW firewall in the next step.

Step 4 — Configuring UFW To Send Traffic to Suricata

Now that you have configured Suricata to process traffic in IPS mode, the next step is to direct incoming packets to Suricata. If you followed the prerequisite tutorials for this series and are using an Ubuntu 20.04 system, you should have the Uncomplicated Firewall (UFW) installed and enabled.

To add the required rules for Suricata to UFW, you will need to edit the firewall files in the /etc/ufw/before.rules (IPv4 rules) and /etc/ufw/before6.rules (IPv6) directly.

Open the first file for IPv4 rules using nano or your preferred editor:

sudo nano /etc/ufw/before.rules

Near the beginning of the file, insert the following highlighted lines:

/etc/ufw/before.rules

(此处参考https://suricata.readthedocs.io/en/suricata-6.0.0/setting-up-ipsinline-for-linux.html,hosts规则)

. . .
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines

## Start Suricata NFQUEUE rules
-I FORWARD -j NFQUEUE
-I OUTPUT -j NFQUEUE
## End Suricata NFQUEUE rules

# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
. . .

Save and exit the file when you are done editing it. Now add the same highlighted lines to the same section in the /etc/ufw/before6.rules file:

sudo nano /etc/ufw/before.rules

Ensure that both files have the same contents. Save and exit the file when you are done editing it.

The first two INPUT and OUTPUT rules are used to bypass Suricata so that you can connect to your server using SSH, even when Suricata is not running. Without these rules, an incorrect or overly broad signature could block your SSH access. Additionally, if Suricata is stopped, all traffic will be sent to the NFQUEUE target and then dropped since Suricata is not running.

The next FORWARD rule ensures that if your server is acting as a gateway for other systems, all that traffic will also go to Suricata for processing.

The final two INPUT and OUTPUT rules send all remaining traffic that is not SSH traffic to Suricata for processing.

Restart UFW to load the new rules:

sudo systemctl restart ufw.service

Note: If you are using another firewall you will need to modify these rules to match the format your firewall expects.

If you are using iptables, then you can insert these rules directly using the iptables and ip6tables commands. However, you will need to ensure that the rules are persistent across reboots with a tool like iptables-persistent.

If you are using firewalld, then the following rules will direct traffic to Suricata:

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j NFQUEUE --queue-bypass
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -j NFQUEUE
firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j NFQUEUE --queue-bypass
firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 1 -j NFQUEUE

firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -j NFQUEUE
firewall-cmd --permanent --direct --add-rule ipv6 filter FORWARD 0 -j NFQUEUE

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp --sport 22 -j NFQUEUE --queue-bypass
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j NFQUEUE
firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -p tcp --sport 22 -j NFQUEUE --queue-bypass
firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 1 -j NFQUEUE

At this point in the tutorial you have Suricata configured to run in IPS mode, and your network traffic is being sent to Suricata by default. You will be able to restart your server at any time and your Suricata and firewall rules will be persistent.

The last step in this tutorial is to verify Suricata is dropping traffic correctly.

Step 5 — Testing Invalid Traffic

Now that you have Suricata and your firewall configured to process network traffic, you can test whether Suricata will drop packets that match your custom and other included signatures.

Recall signature sid:2100498 from the previous tutorial, which is modified in this example to drop matching packets:

sid:2100498

drop ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:2100498; rev:7; metadata:created_at 2010_09_23, updated_at 2010_09_23;)

Find and edit the rule in your /var/lib/suricata/rules/suricata.rules file to use the drop action if you have the signature included there. Otherwise, add the rule to your /var/lib/suricata/rules/local.rules file.

Send Suricata the SIGUSR2 signal to get it to reload its signatures:

sudo kill -usr2 $(pidof suricata)

Now test the rule using curl:

curl --max-time 5 http://testmynids.org/uid/index.html

You should receive an error stating that the request timed out, which indicates Suricata blocked the HTTP response:

Output
curl: (28) Operation timed out after 5000 milliseconds with 0 out of 39 bytes received

You can confirm that Suricata dropped the HTTP response using jq to examine the eve.log file:

jq 'select(.alert .signature_id==2100498)' /var/log/suricata/eve.json

You should receive output like the following:

Output
{
. . .
"community_id": "1:tw19kjR2LeWacglA094gRfEEuDU=",
"alert": {
"action": "blocked",
"gid": 1,
"signature_id": 2100498,
"rev": 7,
"signature": "GPL ATTACK_RESPONSE id check returned root",
"category": "Potentially Bad Traffic",
"severity": 2,
"metadata": {
"created_at": [
"2010_09_23"
],
"updated_at": [
"2010_09_23"
]
}
},
"http": {
"hostname": "testmynids.org",
"url": "/uid/index.html",
"http_user_agent": "curl/7.68.0",
"http_content_type": "text/html",
"http_method": "GET",
"protocol": "HTTP/1.1",
"status": 200,
"length": 39
},
. . .

The highlighted “action”: “blocked” line confirms that the signature matched, and Suricata dropped or rejected the test HTTP request.

Conclusion

In this tutorial you configured Suricata to block suspicious network traffic using its built-in IPS mode. You also added custom signatures to examine and block SSH, HTTP, and TLS traffic on non-standard ports. To tie everything together, you also added firewall rules to direct traffic through Suricata for processing.

Now that you have Suricata installed and configured in IPS mode, and can write your own signatures that either alert on or drop suspicious traffic, you can continue monitoring your servers and networks, and refining your signatures.

Once you are satisfied with your Suricata signatures and configuration, you can continue with the last tutorial in this series, which will guide you through sending logs from Suricata to a Security and Information Event Management (SIEM) system built using the Elastic Stack.

Virtualbox 安装Bliss OS

1.下载

https://sourceforge.net/projects/blissos-dev/files/Android-Generic/PC/aosp/gapps/12L/android_x86_64-a12.1_r1-03.16.22-01-mesa22-ksu-gapps-libndk-sd.iso/download

2、新建vbox虚拟机,系统选uefi,半虚拟化选kvm,显示设置禁用3D加速。

3、启动安装,硬盘大小8-16G,新建gpt分区,第一个分区为fat32 100m,剩下的为ex4分区。

4、编辑fat32分区/efi/boot/android.cfg,修改虚拟机屏幕分辨率

set gfxpayload=2560x1600

 

 

asus路由器ipv6设置

原文:https://rog.asus.com.cn/support/FAQ/113990

 

如何在路由器中设置IPv6?

请与您的ISP网络运营商确认IPv6信息 (例如:联机类型、IPv6地址和DSN设置等)

1. 请用浏览器输入  http://router.asus.com ,输入登录路由器的账号和密码。

2. 点击[高级设置]>[IPv6],[联机类型]请按照ISP网络运营商提供的信息进行设置。

  • 当您的外部网络(WAN) > 互联网连接 > WAN联机类型为 [PPPoE], 在IPv6联机类型请选择 [Native]
  • 当您的外部网络(WAN) > 互联网连接 > WAN联机类型为 [动态IP], 在IPv6联机类型请选择 [Passthrough]
  • 当您的外部网络(WAN) > 互联网连接 > WAN联机类型为 [静态IP], 在IPv6联机类型请选择 [静态 IPv6]
  • 其他IPv6类型,请与您的ISP确认需要填写的信息。

注意: 外部网络(WAN) > 互联网连接 > WAN联机类型一定要先设置。

Native 
3. 若选择IPv6联机类型为 [Native],建议设置方式为直接点击[应用本页面设置]。

保存设置后再回到IPv6的页面,当[IPv6内部网络设置]出现IPv6信息,即[Native]的设置就完成了。

静态IPv6 

4. 若选择IPv6联机类型为 [静态 IPv6] 请按照ISP网络运营商提供的信息进行设置,输入完成后点击[应用本页面设置] 保存设置即可。

举例如下(不同运营商,及不同地区会有差异)

栏位 IPv6
外部网络IPv6地址 2001:B030:2309:FF00::0001/64
外部网络IPv6网关 2001:B030:2309:FF00::FFFF/64
内部网络IPv6地址 2001:B030:2309:0000::/56

 

Passthrough

5. 若选择IPv6联机类型为 [Passthrough] ,点击[应用本页面设置] 保存设置即可。

 

注意:您可以通过以下网址确认IPv6连接情况  http://flets-v6.jp/

 

注意:

电信拨号获得的ipv6为动态ip,openwrt使用relay,asus路由器使用passthrough

最简单Openwrt ipv6配置,局域网WAN6中继模式获取原生ipv6地址

原文:https://cloud.tencent.com/developer/article/1888169

条件

condition

wan 和 wan6 是默认配置

Wan and wan6 are the default configurations

同时wan6可以获取到原生IPv6

At the same time wan6 can get native IPv6

ssh链接之后,进行备份配置文件后,并进行修改

After the ssh link, after backing up the configuration file, and modifying it

[email protected]:~# vim /etc/config/dhcp
[email protected]:~# cat /etc/config/dhcp

config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option noresolv '0'
list server '127.0.0.1#5333'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'

config dhcp 'wan'
option interface 'wan'
option ignore '1'
option ra 'relay' 
option dhcpv6 'relay' 
option ndp 'relay' 
option master '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config srvhost
option srv '_vlmcs._tcp'
option target 'cby'
option port '1688'
option class '0'
option weight '100'

配置文件修改为以上配置即可,注意wan口的配置。若有wan6接口的配置,将以下配置添加到wan6。若没有即配置到wan口即可。

The configuration file can be modified to the above configuration, pay attention to the configuration of the wan port. If there is a wan6 interface configuration, add the following configuration to wan6. If not, configure it to the wan port.

 option ra 'relay' 
option dhcpv6 'relay' 
option ndp 'relay' 
option master '1'

 

最后进行IPV6测速

Finally, IPV6 speed test

openwrt 开启wps

ref:

https://gist.github.com/alghanmi/4de45337ca517ebe3a56

https://www.cxyzjd.com/article/bingyu9875/50857500

opkg update
opkg remove wpad-mini wpad-basic
opkg install wpad hostapd-utils

重新启动路由器,进入无线设置,编辑无线连接,无线安全页面卡上有”

需要执行的脚本或者命令:
hostapd_cli -i wlan0 wps_pbc
[email protected]:/# hostapd_cli -i wlan0 wps_pbc
OK

或者

[email protected]:~# hostapd_cli -p /var/run/hostapd-phy0 wps_pbc

 

局域网cups共享打印机

https://www.cups.org/doc/sharing.html

Printer Sharing

This document discusses several ways to configure printer sharing.

The Basics

A “server” is any machine that communicates directly to a printer. A “client” is any machine that sends print jobs to a server for final printing. Clients can also be servers if they communicate directly with any printers of their own.

By default, CUPS uses the Internet Printing Protocol (IPP) to send jobs from a client to a server. When printing to legacy print servers you may also use the Line Printer Daemon (LPD) protocol when printing to older UNIX-based servers or Server Message Block (SMB) when printing to Windows® servers.

Clients can automatically discover and access shared printers via DNS Service Discovery (DNS-SD a.k.a. Bonjour®). SMB browsing can also be used to manually discover and access shared printers when Samba is installed.

Configuring the Server

You must enable printer sharing on the server before clients can print through it. The simplest way to do this is to use the cupsctl(8) command on the server:

cupsctl --share-printers

By default, the above command will allow printing from other clients on the same subnet as your server. To allow printing from any subnet, use the following command instead:

cupsctl --share-printers --remote-any

K30Pro/Poco F2 Pro/lmi刷LineageOS

0.备份数据,解锁,去除开机密码

1.更新固件

firmware

https://xiaomifirmwareupdater.com/firmware/lmi/

vendor/

https://xiaomifirmwareupdater.com/archive/vendor/lmi/

2.刷TWRP

原文:https://forum.xda-developers.com/t/firmware-xiaomi-redmi-k30-pro-poco-f2-pro-lmi-auto-updated.4250275/

原作:MBsRoom

Team Win Recovery Project 3.x, or twrp3 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.

Code:

Code:
/*
*
* We are not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at us for messing up your device, we will laugh at you.
*
*/

Features:
– Decryption work
– Otg work
-Vibrator
– Zip Flash
– Mtp/adb
– F2FS support
– Fastbootd
– Adb sideload
– Backup restore and images flash

Not working:
-Tell me

INSTALLATION:
1. Download the TWRP image file to your PC.
2. Put your device into fastboot.
3. Type the following command to flash the recovery:-

Code:
fastboot flash recovery "name_of_recovery.img"

4. On installation of TWRP , to boot the recovery do:-

Code:
fastboot boot "name_of_recovery.img"

The device will automatically reboot into TWRP.

5-A. You are using Xiaomi.eu Miui or custom Rom?
You can enjoy with a functional Data Decrypt

5-B You are using Miui EEA – Global -Cn or any custom rom that doesn’t ship custom vbmeta.

6. Download this zip, copy by pc or using otg and flash this zip that will prevent twrp replacing.​
7. Download VbMeta and flash by fastboot​
Code:
fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img"
7. Reboot into twrp (Take longer Time) 
Code:
fastboot boot "name_of_recovery.img"
8. Format Data and Reboot​

NOTES:
By Command fastboot boot, recovery will decrypt everytimes you need, also with Global Rom and without patched vbmeta.

Download:
TWRP

https://sourceforge.net/projects/mbroms/files/TWRPLMI/

VbMeta

https://sourceforge.net/projects/mbroms/files/TWRP/vbmeta.img/download

(Version tag will follow vendor, a lower version tag than your vendor does not mean that recovery will not work)

Kernel Source: HERE

Donation:
PayPal: paypal.me/manuelbiancodev

Telegram Group: @MBsRoom

3.刷LineageOS

3.1解锁,去除开机密码!!

3.2刷LineageOS

18.1

原文:https://forum.xda-developers.com/t/rom-r-official-lineageos-18-1-for-poco-f2-pro-redmi-k30-pro-redmi-k30-pro-zoom-edition-lmi.4203885/

LineageOS is a free, community built, aftermarket firmware distribution of Android 11.0 (R), which is designed to increase performance and reliability over stock Android for your device.

LineageOS is based on the Android Open Source Project with extra contributions from many people within the Android community. It can be used without any need to have any Google application installed. Linked below is a package that has come from another Android project that restore the Google parts. LineageOS does still include various hardware-specific code, which is also slowly being open-sourced anyway.

All the source code for LineageOS is available in the LineageOS Github repo. And if you would like to contribute to LineageOS, please visit out Gerrit Code Review. You can also view the Changelog for a full list of changes & features.

Downloads

https://download.lineageos.org/lmi

Flashing instructions

https://wiki.lineageos.org/devices/lmi/install

Sources:
LineageOS

Happy modding!

3.3 进入系统

如果无法进入系统,可能刷机前没有去除设备密码。重启至twrp,format date分区

3.3 刷OpenGAPP,magisk

 

3.3 安装google相机

https://www.celsoazevedo.com/files/android/google-camera/dev-arnova8G2/f/dl2/

https://www.celsoazevedo.com/files/android/google-camera/f/configs-arnova-09/

 

Trouble Shooting

通讯录无法同步解决方案

google play service和google play给予通讯录的权限

虚拟机安装android-x86

1.下载

https://osdn.net/projects/android-x86/releases

选择k49版本(kernel 4.9)

2.安装

默认安装,/system选择read/write

3.虚拟机设置

3.1 virtualbox

1.CPU 勾选虚拟化支持

2.显示选项:选择VboxSVGA,去除3D加速

3.2 vmware

vi /mnt/grub/menu.lst

replace quiet to nomodeset xforcevesa DPI=320

最后加上

vga=ask(ask可以替换为后来的分辨率代码)

 

 

 

4.安装houdini库

4.1 Android x86 Arm NativeBridge (libhoudini)

Houdini is an ARM translation layer for android developed by Intel and Google to run ARM apps on x86 architecture. The project is closed source and nowadays android x86 doesn’t have it pre-installed in the system. To enable ARM Native Bridge on android x86 you need to run the enable_nativebridge command from the terminal, which downloads the .sfs image file from the android x86 servers and runs the ARM activation commands according to your device architecture.

There are mainly 3 types of libhoudini used in android x86 :-

  • houdini_7_x = (x86 arm translation)
  • houdini_7_y = (x86_64 arm translation)
  • houdini_7_z = (x86_64 arm64 translation)

Houdini files are named according to their android version :-

  • Houdini_6 series = android 6.0
  • Houdini_7 series = android 7.0
  • Houdini_8 series = android 8.0
  • Houdini_9 series = android 9.0

Houdini_6 series can be used in android 7.1 as well and the Houdini_8 series can be used in Android 9.0, but a higher version of Houdini is not compatible with the lower version of android.

Download Links :-

Houdini_6 series

 

http://dl.android-x86.org/houdini/6_x/houdini.sfs
http://dl.android-x86.org/houdini/6_y/houdini.sfs
http://dl.android-x86.org/houdini/6_z/houdini.sfs

Houdini_7 series

 

http://dl.android-x86.org/houdini/7_x/houdini.sfs
http://dl.android-x86.org/houdini/7_y/houdini.sfs
http://dl.android-x86.org/houdini/7_z/houdini.sfs

Houdini_8 series

http://dl.android-x86.org/houdini/8_x/houdini.sfs
http://dl.android-x86.org/houdini/8_y/houdini.sfs

Houdini_9 series

http://dl.android-x86.org/houdini/9_y/houdini.sfs

How to manually install Arm Native Bridge in android x86

  • Download the required .sfs file from the above links.
  • Rename the file houdini.sfs to houdini7_y.sfs
  • Copy the houdini7_y.sfs file to /data/arm/ folder
  • Do the same for the z series if you want to run the arm64 app.
  • Press alt+f1 to open terminal & run the command enable_nativebridge.
  • if you don’t get any error msg then you’ve successfully activated ARM Native Bridge on your system.
  • Press alt+f7 to return to GUI & download any game/app to test libhoudini.

4.2 connetc adb

adb connect *.*.*.*:5555
adb push houdini.sfs /sdcard/

4.3 启用houdini库

:/sdcard # cp houdini.sfs /system/etc/houdini{version}_y.sfs
:/sdcard # cp houdini.sfs /system/etc/houdini{version}_z.sfs
:/sdcard # /system/bin/enable_nativebridge
:/sdcard # reboot

注:

1.{version}为对应android版本

2.android 8、9无houdini z.sfs

 

5.系统设置

进入系统,在设置->应用兼容性->兼容模式

启用兼容模式

 

6.相关快捷键

右ctr+h 电源

win   Home

menu  menu

alt+tab 任务切换

 

 

解除MS Office文档写保护

1.打开文档

2.另存为Word XML Document (*.xml)

3.使用文本编辑器打开保存的xml文件

4.搜索DoumentProtection字段

5.修改

方法一

将“DoumentProtection”改为“unDoumentProtection”

方法二

将w:enforcement=”1″ 或者 w:enforcement=”on”改为w:enforcement=”0″ or w:enforcement=”off”

6.用Office 打开修改后的xml文件,另存为word文档

 

 

How to force fsck to check filesystem after system reboot on Linux

原文:https://linuxconfig.org/how-to-force-fsck-to-check-filesystem-after-system-reboot-on-linux

This article will explain a procedure on how to force fsck to perform a filesystem check on the next system reboot or force filesystem check for any desired number of system reboots whether it is root or non-root mount point.

Let’s start with discussion about some tools which can be used to obtain filesystem information and configurations which control filesystem check after system reboot. The tool which we are going to discuss is tune2fs filesystem managing utility. Using tune2fs we can export some important information related to filesystem health check. The following linux command will tell as when was the last time the filesystem /dev/sdX was checked:

# tune2fs -l /dev/sdbX | grep Last\ c
Last checked:             Sun Dec 13 09:14:22 2015

Anther useful information which can be retrieved by tune2fs command relates to how many times our /dev/sdX filesystem was mounted:

# tune2fs -l /dev/sdbX | grep Mount
Mount count:              157

 

and lastly how many mounts are allowed to pass before filesystem check is forced:

# tune2fs -l /dev/sdbX | grep Max
Maximum mount count:      -1

From the above outputs we can establish the following information summary. The /dev/sdbX filesystem was last checked on Sun Dec 13 09:14:22 2015. Since the last check, this filesystem was mounted 157 times and maximum amount of mounts before next filesystem fsck check. In the above case the value -1 means that fsck is disabled.



Now, that we have learned about some tune2fs basics let’s discuss PASS system configuration option found in /etc/fstab file containing all on boot mountable partitions and their relevant mount options.

# blkid | grep sdb1
/dev/sdb1: UUID="c6e22f63-e63c-40ed-bf9b-bb4a10f2db66" TYPE="ext2"
# grep c6e22f63-e63c-40ed-bf9b-bb4a10f2db66 /etc/fstab
UUID=c6e22f63-e63c-40ed-bf9b-bb4a10f2db66 /mnt            ext2    errors=remount-ro 0      0

We have used blkid command to retrieve UUID for a given partition and then used the retrieved partition UUID to get a relevant information related to /dev/sdb1 partition from /etc/fstbab.
The last column that is a column 6, aka fsck PASS column is used by fsck to determine whether fsck should check filesystem before it is mounted and in which order given partitions in /etc/fstab should be checked. Possible entries for fstab PASS column are 0,1 and 2.

  1. 0 – disabled, that is do not check filesystem
  2. 1 – partition with this PASS value has a higher priority and is check first. This value is usually set to root / partition
  3. 2 – partitions with this PASS value will be checked last

The connection between fstab PASS value, last checked value and number of mounts value is as follows:
During the system boot the first value which is checked is fstab PASS value. If this value is 0 that not other values are checked ( exemption .. see “Force fsck for root partition” below ) and the fsck will NOT perform filesystem check. If the PASS value found in /etc/fstab is any other than 0, that is 1 or 2 then values of maximum mounts and total mounts are checked. If the value of maximum mounts is greater or equal to total number of mounts value then fsck’s filesytem check will be performed. Few examples:

FSCK DISABLED
fstab PASS: 1
Maximum mount count:      -1
Mount count:              157
----
FSCK DISABLED
fstab PASS: 0
Maximum mount count:      -1
Mount count:              157
----
FSCK ON NEXT REBOOT
fstab PASS: 1 or 2
Maximum mount count:      1
Mount count:              157
----
FSCK DISABLED
fstab PASS: 0
Maximum mount count:      1
Mount count:              1
----
FSCK ON NEXT REBOOT
fstab PASS: 1 or 2
Maximum mount count:      1
Mount count:              1
----
NO FSCK ON NEXT REBOOT
fstab PASS: 1 or 2
Maximum mount count:      200
Mount count:              157


Force fsck for root partition

The simplest way to force fsck filesystem check on a root partition eg. /dev/sda1 is to create an empty file called forcefsck in the partition’s root directory.

# touch /forcefsck

This empty file will temporarily override any other settings and force fsck to check the filesystem on the next system reboot. Once the filesystem is checked the forcefsck file will be removed thus next time you reboot your filesystem will NOT be checked again. To enable more permanent solution and force filesystem check on every reboot we need to manipulate filesystem’s “Maximum mount count” parameter. The following linux command will ensure that filesystem /dev/sdb1 is checked every time your Linux system reboots. Please note that for this to happen the fsck’s PASS value in /etc/fstab must be set to a positive integer as discussed above.

# tune2fs -c 1 /dev/sdb1

alternatively we can set fsck after every 10 reboots:

# tune2fs -c 10 /dev/sdb1

Force fsck for all other non-root partitions

As oppose to root partition creating empty forcefsck file will NOT trigger partition check on reboot. The only way to force fsck on all other non-root partitions is to manipulate filesystem’s “Maximum mount count” parameter and PASS value within /etc/fstab configuration file. To force filesystem check on non-root partition change fsck’s PASS value in /etc/fstab to value 2. For example:

UUID=c6e22f63-e63c-40ed-bf9b-bb4a10f2db66 /mnt            ext2    errors=remount-ro 0      2

and change maximum mounts filesystem parameter to a positive integer, depending on how many times you wish to allow a specified filesystem to be mounted without being checked. Force fsck on every reboot:

# tune2fs -c 1 /dev/sdb1

alternatively we can set fsck to check filesystem after every 5 reboots:

# tune2fs -c 5 /dev/sdb1

To disable fsck run:

# tune2fs -c 0 /dev/sdb1
OR
# tune2fs -c -1 /dev/sdb1

Which will set the filesystem’s “Maximum mount count” parameter to -1