Jump to content

enpa

Forum Members
  • Content Count

    1,407
  • Joined

  • Last visited

  • Days Won

    14

enpa last won the day on November 16

enpa had the most liked content!

Community Reputation

469 Excellent

3 Followers

About enpa

  • Rank
    #dashboard.status

Equipment

  • Keenetic
    All Keenetic

Recent Profile Visitors

3,594 profile views
  1. @Pusan не выходя из ssh, вводим команду, смотрим разделы накопителей: / # blkid /dev/sdb1: LABEL="TTTT" UUID="381A-8130" /dev/sda4: LABEL="MYEXT" UUID="f945b1d6-3160-4831-a877-9e4d2a0ea95f" /dev/sda2: LABEL="MYFILES" UUID="01D478064693DF60" В моем случае подключена флеш-карта и накопитель: флеш-карата с одним разделом: /dev/sdb1: LABEL="TTTT" UUID="381A-8130" накопитель с двуями разделами: /dev/sda4: LABEL="MYEXT" UUID="f945b1d6-3160-4831-a877-9e4d2a0ea95f" /dev/sda2: LABEL="MYFILES" UUID="01D478064693DF60" Смотрим путь монтирования: / # mount | grep sd /dev/sda2 on /tmp/mnt/01D478064693DF60 type tntfs (rw,nosuid,noexec,noatime,uid=0,gid=1000,umask=02,allow_utime=0020,nls=utf8,min_prealloc_size=64k,max_prealloc_size=124872700,readahead=4M,perm,user_xattr,case_insensitive,fail_safe,hidden=show,dotfile=show,protected_system=ignore,errors=continue,mft_zone_multiplier=1) /dev/sda4 on /tmp/mnt/f945b1d6-3160-4831-a877-9e4d2a0ea95f type ext4 (rw,relatime,stripe=8191,data=ordered) /dev/sda4 on /opt type ext4 (rw,relatime,stripe=8191,data=ordered) /dev/sdb1 on /tmp/mnt/381A-8130 type tfat (rw,nosuid,noexec,noatime,uid=0,gid=1000,umask=0002,allow_utime=0020,codepage=437,utf8,shortname=winnt,min_prealloc_size=64k,max_prealloc_size=15300992,writeback_boundary=4M,readahead=4M,fail_safe,hidden=show,errors=continue,errors=recover) устанавливаем редактор nano: / # opkg install nano открываем конфиг файл minidlna: / # nano /opt/etc/minidlna.conf # set this to the directory you want scanned. # * if you want multiple directories, you can have multiple media_dir= lines # * if you want to restrict a media_dir to specific content types, you # can prepend the types, followed by a comma, to the directory: # + "A" for audio (eg. media_dir=A,/home/jmaggard/Music) # + "V" for video (eg. media_dir=V,/home/jmaggard/Videos) # + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures) # + "PV" for pictures and video (eg. media_dir=PV,/home/jmaggard/digital_camera) media_dir=/opt/media за место пути по умолчанию media_dir=/opt/media, указываем путь до директорий на Ваших накопителях: media_dir=/opt/home/ media_dir=/tmp/mnt/TTTT/ получаем: # set this to the directory you want scanned. # * if you want multiple directories, you can have multiple media_dir= lines # * if you want to restrict a media_dir to specific content types, you # can prepend the types, followed by a comma, to the directory: # + "A" for audio (eg. media_dir=A,/home/jmaggard/Music) # + "V" for video (eg. media_dir=V,/home/jmaggard/Videos) # + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures) # + "PV" for pictures and video (eg. media_dir=PV,/home/jmaggard/digital_camera) media_dir=/opt/home/ media_dir=/tmp/mnt/TTTT/ далее запуска демон: / # /opt/etc/init.d/S90minidlna start Starting minidlna... done. Проверяем, сформировалась ли у нас база, после запуска демона: / # cd /opt/var/minidlna/ /opt/var/minidlna # du -sh * 20.0K art_cache 76.0K files.db 4.0K minidlna.log 4.0K minidlna.pid
  2. @T@rkus 'CloudControl2' будет включен по умолчанию, когда выйдет стабильная версия нового приложения Keenetic. @r13 сейчас стабилизировали службу, сейчас проблем с пиковых нагрузок CPU не зафиксировано, в моменты активной работы CC2.
  3. enpa

    @OmegaTron торрент-клиентом пользуетесь?
  4. @GrST логично, что для работы данного приложения необходимо активное подключение к интернету. My.Keenetic \ Keenetic изначально не позиционировалось, как OFFLINE app. Все-таки приложение относится к облачным службам, тем более новое приложение будет работать с Keenetic Cloud - все будет храниться в облаке Keenetic и доступ будет из любой точки мира.
  5. enpa

    @Mamay данные команды задокументированы: sandbox draft, delta, legacy не упоминаются в cli doc по понятным причинам.
  6. @160r пример настройки NTP-сервера в консоли: здесь. Пока только через CLI. @eralde Думаю есть смысл добавить в WebUI.
  7. @metahor @stefbarinov@mail.ru по поводу логирования доступа через https протокол, ответ был дан > @OmegaTron по поводу логирования доступа через CI \ RCI к веб-серверу, создайте голосование в теме Развития, чем больше голосов , тем быстрее добавят такую возможность в ndm.
  8. enpa

    @Татьяна Любимцева
  9. Установка и настройка WGET Wget (CNU Wget) - свободная неинтерактивная консольная программа для загрузки файлов по сети. Поддерживает протоколы: HTTP, HTTPS, FTP, FTPS. Версия из репозитория Wget (1.19.5-2): http://bin.entware.net/mipselsf-k3.4/wget_1.19.5-2_mipsel-3.4.ipk Изменения - здесь. Подготовка: 1. Создаем раздел EXT4 на жестком диске - Использование файловой системы EXT4 на USB-накопителях. 2. Установка и настройка Entware - в данной теме. Обновляемся: / # opkg update Downloading http://bin.entware.net/mipselsf-k3.4/Packages.gz Updated list of available packages in /opt/var/opkg-lists/entware Downloading http://bin.entware.net/mipselsf-k3.4/keenetic/Packages.gz Updated list of available packages in /opt/var/opkg-lists/keendev Устанавливаем: / # opkg install wget Installing wget (1.19.5-2) to root... Downloading http://bin.entware.net/mipselsf-k3.4/wget_1.19.5-2_mipsel-3.4.ipk Installing zlib (1.2.11-2) to root... Downloading http://bin.entware.net/mipselsf-k3.4/zlib_1.2.11-2_mipsel-3.4.ipk Installing libopenssl (1.0.2p-1) to root... Downloading http://bin.entware.net/mipselsf-k3.4/libopenssl_1.0.2p-1_mipsel-3.4.ipk Configuring zlib. Configuring libopenssl. Configuring wget. Пример работы. 1. Записываем файл прошивки Keenetic OS для KN-1010 в нужный нам раздел: / # wget -P opt/home/ --no-check-certificate https://help.keenetic.com/hc/article_attachments/360000591459/KN-1010_stable_2.13.C.0.0-3.zip --2018-11-13 11:33:36-- https://help.keenetic.com/hc/article_attachments/360000591459/KN-1010_stable_2.13.C.0.0-3.zip Resolving help.keenetic.com... 104.16.55.111, 104.16.51.111, 104.16.52.111, ... Connecting to help.keenetic.com|104.16.55.111|:443... connected. WARNING: cannot verify help.keenetic.com's certificate, issued by 'CN=Let\'s Encrypt Authority X3,O=Let\'s Encrypt,C=US': Unable to locally verify the issuer's authority. HTTP request sent, awaiting response... 200 OK Length: 13821475 (13M) [application/zip] Saving to: 'opt/home/KN-1010_stable_2.13.C.0.0-3.zip' KN-1010_stable_2.13.C.0.0-3.zip 100%[=====================================================================================================================>] 13.18M 4.54MB/s in 2.9s 2018-11-13 11:33:40 (4.54 MB/s) - 'opt/home/KN-1010_stable_2.13.C.0.0-3.zip' saved [13821475/13821475] где: ключ -P --directory-prefix=PREFIX save files to PREFIX/.. - здесь указываем нужную директорию для скачивания. ключ --no-check-certificate - отключает проверку сертификата протокола HTTPS. 2. Пример копирования скаченного файла из одной директории в другую: / # cp opt/home/KN-1010_stable_2.13.C.0.0-3.zip tmp/mnt/MYFILES/KN-1010_stable_2.13.C.0.0-3.zip где: opt/home/ - откуда копируем файл; tmp/mnt/MYFILES/ - куда копируем файл. 3. Проверяем директорию, куда был записан файл: / # ls tmp/mnt/MYFILES/ Camera Uploads Keenetic 4G III_revB_2.13.C.0.0-3.txt Keenetic_Air_2.13.C.0.0-3.bin IMAX.Dolphins.2000.2160p.Amazon.WEBRip.DD2.0.x264-TrollUHD.mkv Keenetic 4G_KN-1210_2.13.C.0.0-3.bin components KN-1010_stable_2.13.C.0.0-3.zip Keenetic 4G_KN-1210_2.13.C.0.0-3.txt Keenetic 4G III_revB_2.13.C.0.0-3.bin Keenetic Air_2.13.C.0.0-3.txt Как видим, файл записан корректно, в нужную нам директорию. Описание ключей: / # wget --help GNU Wget 1.19.5, a non-interactive network retriever. Usage: wget [OPTION]... [URL]... Mandatory arguments to long options are mandatory for short options too. Startup: -V, --version display the version of Wget and exit -h, --help print this help -b, --background go to background after startup -e, --execute=COMMAND execute a `.wgetrc'-style command Logging and input file: -o, --output-file=FILE log messages to FILE -a, --append-output=FILE append messages to FILE -d, --debug print lots of debugging information -q, --quiet quiet (no output) -v, --verbose be verbose (this is the default) -nv, --no-verbose turn off verboseness, without being quiet --report-speed=TYPE output bandwidth as TYPE. TYPE can be bits -i, --input-file=FILE download URLs found in local or external FILE -F, --force-html treat input file as HTML -B, --base=URL resolves HTML input-file links (-i -F) relative to URL --config=FILE specify config file to use --no-config do not read any config file --rejected-log=FILE log reasons for URL rejection to FILE Download: -t, --tries=NUMBER set number of retries to NUMBER (0 unlimits) --retry-connrefused retry even if connection is refused --retry-on-http-error=ERRORS comma-separated list of HTTP errors to retry -O, --output-document=FILE write documents to FILE -nc, --no-clobber skip downloads that would download to existing files (overwriting them) --no-netrc don't try to obtain credentials from .netrc -c, --continue resume getting a partially-downloaded file --start-pos=OFFSET start downloading from zero-based position OFFSET --progress=TYPE select progress gauge type --show-progress display the progress bar in any verbosity mode -N, --timestamping don't re-retrieve files unless newer than local --no-if-modified-since don't use conditional if-modified-since get requests in timestamping mode --no-use-server-timestamps don't set the local file's timestamp by the one on the server -S, --server-response print server response --spider don't download anything -T, --timeout=SECONDS set all timeout values to SECONDS --dns-timeout=SECS set the DNS lookup timeout to SECS --connect-timeout=SECS set the connect timeout to SECS --read-timeout=SECS set the read timeout to SECS -w, --wait=SECONDS wait SECONDS between retrievals --waitretry=SECONDS wait 1..SECONDS between retries of a retrieval --random-wait wait from 0.5*WAIT...1.5*WAIT secs between retrievals --no-proxy explicitly turn off proxy -Q, --quota=NUMBER set retrieval quota to NUMBER --bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host --limit-rate=RATE limit download rate to RATE --no-dns-cache disable caching DNS lookups --restrict-file-names=OS restrict chars in file names to ones OS allows --ignore-case ignore case when matching files/directories -4, --inet4-only connect only to IPv4 addresses -6, --inet6-only connect only to IPv6 addresses --prefer-family=FAMILY connect first to addresses of specified family, one of IPv6, IPv4, or none --user=USER set both ftp and http user to USER --password=PASS set both ftp and http password to PASS --ask-password prompt for passwords --use-askpass=COMMAND specify credential handler for requesting username and password. If no COMMAND is specified the WGET_ASKPASS or the SSH_ASKPASS environment variable is used. --no-iri turn off IRI support --local-encoding=ENC use ENC as the local encoding for IRIs --remote-encoding=ENC use ENC as the default remote encoding --unlink remove file before clobber --no-xattr turn off storage of metadata in extended file attributes Directories: -nd, --no-directories don't create directories -x, --force-directories force creation of directories -nH, --no-host-directories don't create host directories --protocol-directories use protocol name in directories -P, --directory-prefix=PREFIX save files to PREFIX/.. --cut-dirs=NUMBER ignore NUMBER remote directory components HTTP options: --http-user=USER set http user to USER --http-password=PASS set http password to PASS --no-cache disallow server-cached data --default-page=NAME change the default page name (normally this is 'index.html'.) -E, --adjust-extension save HTML/CSS documents with proper extensions --ignore-length ignore 'Content-Length' header field --header=STRING insert STRING among the headers --compression=TYPE choose compression, one of auto, gzip and none. (default: none) --max-redirect maximum redirections allowed per page --proxy-user=USER set USER as proxy username --proxy-password=PASS set PASS as proxy password --referer=URL include 'Referer: URL' header in HTTP request --save-headers save the HTTP headers to file -U, --user-agent=AGENT identify as AGENT instead of Wget/VERSION --no-http-keep-alive disable HTTP keep-alive (persistent connections) --no-cookies don't use cookies --load-cookies=FILE load cookies from FILE before session --save-cookies=FILE save cookies to FILE after session --keep-session-cookies load and save session (non-permanent) cookies --post-data=STRING use the POST method; send STRING as the data --post-file=FILE use the POST method; send contents of FILE --method=HTTPMethod use method "HTTPMethod" in the request --body-data=STRING send STRING as data. --method MUST be set --body-file=FILE send contents of FILE. --method MUST be set --content-disposition honor the Content-Disposition header when choosing local file names (EXPERIMENTAL) --content-on-error output the received content on server errors --auth-no-challenge send Basic HTTP authentication information without first waiting for the server's challenge HTTPS (SSL/TLS) options: --secure-protocol=PR choose secure protocol, one of auto, SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2 and PFS --https-only only follow secure HTTPS links --no-check-certificate don't validate the server's certificate --certificate=FILE client certificate file --certificate-type=TYPE client certificate type, PEM or DER --private-key=FILE private key file --private-key-type=TYPE private key type, PEM or DER --ca-certificate=FILE file with the bundle of CAs --ca-directory=DIR directory where hash list of CAs is stored --crl-file=FILE file with bundle of CRLs --pinnedpubkey=FILE/HASHES Public key (PEM/DER) file, or any number of base64 encoded sha256 hashes preceded by 'sha256//' and separated by ';', to verify peer against --random-file=FILE file with random data for seeding the SSL PRNG --egd-file=FILE file naming the EGD socket with random data --ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly. Use with care. This option overrides --secure-protocol. The format and syntax of this string depend on the specific SSL/TLS engine. HSTS options: --no-hsts disable HSTS --hsts-file path of HSTS database (will override default) FTP options: --ftp-user=USER set ftp user to USER --ftp-password=PASS set ftp password to PASS --no-remove-listing don't remove '.listing' files --no-glob turn off FTP file name globbing --no-passive-ftp disable the "passive" transfer mode --preserve-permissions preserve remote file permissions --retr-symlinks when recursing, get linked-to files (not dir) FTPS options: --ftps-implicit use implicit FTPS (default port is 990) --ftps-resume-ssl resume the SSL/TLS session started in the control connection when opening a data connection --ftps-clear-data-connection cipher the control channel only; all the data will be in plaintext --ftps-fallback-to-ftp fall back to FTP if FTPS is not supported in the target server WARC options: --warc-file=FILENAME save request/response data to a .warc.gz file --warc-header=STRING insert STRING into the warcinfo record --warc-max-size=NUMBER set maximum size of WARC files to NUMBER --warc-cdx write CDX index files --warc-dedup=FILENAME do not store records listed in this CDX file --no-warc-compression do not compress WARC files with GZIP --no-warc-digests do not calculate SHA1 digests --no-warc-keep-log do not store the log file in a WARC record --warc-tempdir=DIRECTORY location for temporary files created by the WARC writer Recursive download: -r, --recursive specify recursive download -l, --level=NUMBER maximum recursion depth (inf or 0 for infinite) --delete-after delete files locally after downloading them -k, --convert-links make links in downloaded HTML or CSS point to local files --convert-file-only convert the file part of the URLs only (usually known as the basename) --backups=N before writing file X, rotate up to N backup files -K, --backup-converted before converting file X, back up as X.orig -m, --mirror shortcut for -N -r -l inf --no-remove-listing -p, --page-requisites get all images, etc. needed to display HTML page --strict-comments turn on strict (SGML) handling of HTML comments Recursive accept/reject: -A, --accept=LIST comma-separated list of accepted extensions -R, --reject=LIST comma-separated list of rejected extensions --accept-regex=REGEX regex matching accepted URLs --reject-regex=REGEX regex matching rejected URLs --regex-type=TYPE regex type (posix|pcre) -D, --domains=LIST comma-separated list of accepted domains --exclude-domains=LIST comma-separated list of rejected domains --follow-ftp follow FTP links from HTML documents --follow-tags=LIST comma-separated list of followed HTML tags --ignore-tags=LIST comma-separated list of ignored HTML tags -H, --span-hosts go to foreign hosts when recursive -L, --relative follow relative links only -I, --include-directories=LIST list of allowed directories --trust-server-names use the name specified by the redirection URL's last component -X, --exclude-directories=LIST list of excluded directories -np, --no-parent don't ascend to the parent directory Email bug reports, questions, discussions to <bug-wget@gnu.org> and/or open issues at https://savannah.gnu.org/bugs/?func=additem&group=wget. Дополнительный материл: КОМАНДА WGET LINUX Wget Wiki КОПИРОВАНИЕ ФАЙЛОВ В LINUX КОМАНДА LS LINUX
  10. @karimovrt очевидно же, что когда создавалась данная тема, даже и в планах не было обновление демона в ndm.
  11. enpa

    @vlzsilver свежие обновления здесь >
  12. enpa

    @r13 @ankar84 @Vik2018 "добавлена защита от перебора паролей HTTPS" - да, все правильно, но это касается старого WebUI \ nginx. Для нового WebUI поддержку 'lockout-policy' для протокола HTTPS планируется добавить в 2.15
  13. enpa

    @medvss подтверждаю, не отключается. Временное решение, через консоль, пример: (config)> no interface UsbModem0 ping-check profile PingCheck::Client: Reset ping-check profile for interface "UsbModem0". (config)> system configuration save Core::ConfigurationSaver: Saving configuration... После получаем:
  14. enpa

    Уточнение. @r13 @Кинетиковод @Vik2018 'ip http lockout-policy' - функционал поддерживает HTTP протокол, а не HTTPS. Не путайте пожалуйста. Для HTTP протокола защита срабатывает, как положено.
  15. enpa

    @Кинетиковод еще раз попробовал воспроизвести Ваши доводы: E [Nov 9 18:34:07] ndm: Core::Scgi::Auth: authentication failed for user 222. E [Nov 9 18:34:13] ndm: Core::Scgi::Auth: authentication failed for user 213123. E [Nov 9 18:34:20] ndm: Core::Scgi::Auth: authentication failed for user ааааа. E [Nov 9 18:34:29] ndm: Core::Scgi::Auth: authentication failed for user dfdf. I [Nov 9 18:34:29] ndm: Netfilter::Util::Conntrack: flushed 8 IPv4 connections for 193.0.174.201. I [Nov 9 18:34:29] ndm: Netfilter::Util::BfdManager: "Http": ban remote host 193.0.174.201 for 15 minutes. Все работает. Функционал отрабатывает для всех заявленных протоколов. Возможно на Ваше устройстве не работает. Но вы не предоставили self-test.
×