xinyouliang的专栏

原创 zabbix server is not running: the information displayed may not be current

搜索得知是因为selinux开着，日志路径在cat /var/log/zabbix/zabbix_server.log日志里搜error没显示，搜not显示无法启动服务，无法绑定socket，拒绝访问cannot start preprocessing service: Cannot bind socket to "/var/run/zabbix/zabbix_server_pr...

原创 第一次尝试装zabbix server

1. 装并启用mysqlyum install mariadb mariadb-devel mariadb-server -ysystemctl enable mariadb.servicesystemctl start mariadb.service#设置mysql的root密码mysqladmin -u root -h localhost password 'xxxx'#...

原创 调整centos时区

tzselect按提示选择，之后cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ，其中Asia/Shanghai是tzselect的输出结果完成之后可以用date命令看结果

原创 启动resin

运行resinctl start启动:/usr/local/share/resin/bin/resinctl start浏览器访问IP:8080提示http500 只装了JDK没装JRE，用ls -lrt找了一下java源文件位置（命令本意是按时间倒序列出最近更新过的文件）搜了一下， 应该是openjdk包用错了，装了个devel包就可以了，有javac了yum i...

原创 第一次尝试装resin

1. 先装jdk看系统是否自带open-jdkrpm -qa | grep javarpm -qa | grep jdk如果没有，先获取1.8jdk列表yum list java-1.8*然后安装1.8的openjdkum install java-1.8.0-openjdk-devel.x86_64 -y （装devel的，不然没javac）安装结束后用jav...

原创 配centos IP

1. 本地PC用ipconfig /all看IP段，网关，DNS服务器地址2. ip addr看默认设置以及网卡名centos编辑etc/系统设置/网络脚本/网卡名文件eg: vi etc/sysconfig/network-scripts/ens333. onboot改成yes，dynamic改成static，加IPADDR,NETMASK,GATEWAY,DNS1,DNS2...

原创 RAID几个等级

0 1 1—+03 5 60 只镜像不分割1 只分割不镜像1+0 既分割又镜像3 分割基础上加一块单独的校验盘5 分割基础上加一块单独的盘，每个数据的校验结果都放在不同盘上6 分割基础上加一块单独的盘，每个数据存两个校验结果，都放在不同盘上...

原创 AD_GPO_Powershell_WDS_share folder_GPU_DHCP_DNS_DFS_SCCM

AD Active Directory-AD域-dcpromo域控服务器和一堆客户端组成，可以使用域管理员账号统一登陆所有客户端统一管理，已授权（已加域）可以不重复身份验证，客户端文件重定向集中备份https://baike.baidu.com/item/活动目录/1765909?fr=aladdin#3https://jingyan.baidu.com/article/af9f5...

原创 收集清单后无法在ePO中看到清单

收集清单后无法在ePO中看到清单点击fetch，任务显示已完成，但仍然显示清单提取状态为尚未提取，多次运行提取，服务器任务仍然显示已成功，但清单状态不变，事实上也没有显示这台机器上的清单已确认：本地cli已经lockdown，即使unso之后再次提取仍然显示提取成功，但没有清单TS:1. 确认问题，究竟是在客户端没有收集到inventory还是没有成功发送至ePO在客户端尝试手动...

原创 ePO/MA function translation

原创 ePO\MA TS -- From Mattew

Common issues (ePO)A far-from-exhaustive set of ideas to get you started.Agent to Server Communication• Always review and collect both sides of the communication (masvc.log on endpoint and serv...

转载 Right click - update security

https://planet.mcafee.com/thread/114523--Bidgood, JoeA right-click/update security will always try to update every product that it can: this means every product *in the repository that the client i...

原创 Master repository failed when update the DAT/AMCORE from McAfee update site

Please make sure no proxy or firewall block the update, server can manually access to http and ftp with chrome or IE1. Delete the old DAT/AMCORE manually, download a new one from website2. Change u...

原创 product improvement program

We can download product improvement program under ePO 591, not 5100

原创 How to find traffic which need to be blocked

We can enable "Log all allowed traffic" in firewall options policy and perform the action, then check FirewallEventMonitor.log and create block rules to blockeg: Block windows updateYou can enabl...

原创 Data collection steps when issue goes away with mp disabled

Since issue goes away with MP disabled, you need to identify the processes and configure exclusions. Collect two set of log files as: Mp enabled: delete logs from C:\programdata\McAfee\Solidcore...

原创 BSOD issue - collect complete memory dump

工具windbg：http://msdn.microsoft.com/zh-cn/windows/hardware/gg463009.aspx 收集方式：https://kc.mcafee.com/corporate/index?page=content&id=KB56023To create a full memory dump (.DMP) file, you must...

原创 Add a new program to solidcore exclusion

For example procdump.exesadmin recoversadmin so “folder-path containing procdump.exe”sadmin features disable execution-control Collect process dump for sc:Open a new command prompt window a...

原创 Failed to update Master Repository

更新主存储库失败:1. Delete the old DAT/AMCORE manually, download a new one from website2. Change update time manually , eg: default is 1:00 a.m. , set some different update time point 6:00 a.m. 11:00 a.m. ...

原创 File a bug for ePO issue

File a bug for ePO issue:1. File a bug2. Choose product – ePO3. Choose product version 4. Choose component5. Fill in found build, we found issue in which build KB59938-version information for Ep...

原创 TS-Migration clients to MVISION

Check in MVISION migration extension on ePOclick step by step, since MVISION migration is blongs to client task, we can troubleshooting with client task steps1. Apply the migration task on one cli...

原创 Notes of 20181230

1. ePOePO 5.10, upload certificate and select allow in ENS common policy , unable to saveall the cert pointed to a same position (even in a temporary policy) , so please do NOT delete any certif...

原创 Solidcore Troubleshooting - Integrity Monitoring and skiplist

What is SKIPLISTA configurable setting to have features exclude specified file/path/registry/processWhen you skip a path component from a feature, the path component is skiped from that feature on...

原创 What does SAU(Script As Updater) do

INFO: What does SAU do?Just wanted to post some info about SAU, in case others had any concerns about what it does and what it's for.Please don't confuse the SAU feature with the SCRIPT-AUTH feature...

原创 Solidcore Troubleshooting - Installation

Installation Failure:Log:Solidcore_installer_name.log at C:\WindowsLook for return value 3, we want the first return value 3 before error 1603 , then scroll up to find error.  search the...

原创 Only allow visit defined networking

ENSFW>options>new policy  Add defined networks with trusted option New a block all traffic rule, with either direction and block action no need to worry priority because de...

原创 Solidcore Troubleshooting - Failed to pull inventory

Inventory doesn’t show up in EPOInventory go to STAGING_DATA_CHANNEL first, then SCOR_DATA_CHANNEL*CLI must lockdown, and we can see Solidcore Client Task LogSELECT COUNT(ID) AS ROWS, DATA_TYPEFR...

原创 VSCL 初次接触

virusscan command line1. after downloading, need add route to environment PATH2. /DRIVE=DAT INSTALLED PATH3. /ALL scanpath

原创 Training homework by myself - ePO/ENS/MA

Training-1020 ePOePO 3个服务：Tomcat>8443>占用内存最多1-3GB>log记录在apsvr和orion，可以查看system event logApache>客户端通信>同时可以处理250-6=244个通信（涉及到性能与客户端的关系）加一个AH就相当于加了一个Apache（244点连接数）If（客户端多于5...

原创 A brief training for Application and Chang Control

Getting Started With Application and Change Control ——2018-12-141. What is solidcore2. How does solidcore work3. How does solidcore get the reputation What is solidcore:Application control + ...

原创 Add VM hard drive capacity

How to add VM hard drive capacity-Adding new space to primary positionhttps://jingyan.baidu.com/article/bea41d43945dc0b4c51be6de.htmlKB89804——MFEremovalhttps://kc.mcafee.com/corporate/index?page=conte...

原创 How to change ePO server name(unable to change computer full name or with DNS suffix) 更改ePO主机名的步骤

How to change ePO server name(unable to change computer full name or with DNS suffix) 1. In <hostname/IP>:8443/core/config site, change host name or IP into IP address, click test link, apply if...

原创 MA icon disappears（MA图标不见了）

Troubleshooting steps:1. Check policy on ePO: Policy catalog> MA > General > click policy name > enable Show the McAfee Agent tray icon2. Run cmdagent.exe in MA install directory3. Update ...

原创 Set TCP ports, install MS patch（设置TCP端口，打补丁）

Can't enable event parser services:Set TCP ports in DB configuration manager:When installing SQL server 08: SQL Server Setup has encountered the following error: Invoke orBeginInvoke cannot be called ...

原创 Can't open ePO or login failed with correct password & how to shrink ePO DB（排查ePO登陆问题& 收缩ePO DB）

Troubleshooting ePO login issue:1. Make sure three ePO services enabled , add ePO login website to trusted site, if event parser service disabled then check DB configuration, if Apache service disable...

原创 Some ePO basis， preparing for build（ePO基础，准备搭建）

Build an Active Directory domain:https://wenku.baidu.com/view/f2762958caaedd3382c4d32e.html?qq-pf-to=pcqq.c2cbuild in domain control server and new a user, client add to this domain and login with thi...

原创 Block by McAfee VSE on access protection（被VSE防止蠕虫规则阻挡发送email）

For example abc.exe was blocked by port_protection rule (an on mailing worms protection rule).Set all processes unblock：right click rules>attributes>choose protection type>uncheck block secti...