From 1d67e73effa7504937121deeec1b62703e227292 Mon Sep 17 00:00:00 2001 From: Benoit S Date: Sat, 20 Feb 2021 15:06:15 +0900 Subject: [PATCH] Update all code blocks --- docs/CV/CV.md | 2 +- docs/Howtos/HowtoCentOS.md | 12 +- docs/Howtos/HowtoCrackWPA.md | 34 +++--- docs/Howtos/HowtoEncoding.md | 24 ++-- docs/Howtos/HowtoGPG.md | 38 +++--- docs/Howtos/HowtoLXD.md | 61 +++++----- docs/Howtos/HowtoMacOS.md | 6 +- docs/Howtos/HowtoSecureMailServer.md | 49 ++++---- docs/Howtos/HowtoSysadmin.md | 174 +++++++++++++-------------- docs/Howtos/HowtoZFS.md | 48 ++++---- docs/Various/BackupStrategy.md | 10 +- docs/Various/CPUBenchmark.md | 8 +- docs/Various/Japonais.md | 11 +- docs/Various/Mullvad.md | 6 +- 14 files changed, 237 insertions(+), 246 deletions(-) diff --git a/docs/CV/CV.md b/docs/CV/CV.md index ec2b256..c7a11b9 100644 --- a/docs/CV/CV.md +++ b/docs/CV/CV.md @@ -6,7 +6,7 @@ hide: [PDF version](CV.pdf) -``` +```console @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: THIS RESUME IS SO GEEK!!!11 @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ diff --git a/docs/Howtos/HowtoCentOS.md b/docs/Howtos/HowtoCentOS.md index 1fc1800..188a3b7 100644 --- a/docs/Howtos/HowtoCentOS.md +++ b/docs/Howtos/HowtoCentOS.md @@ -2,14 +2,14 @@ Upgrade from 8 to Stream. -``` -dnf install centos-release-stream && dnf update +```console +# dnf install centos-release-stream && dnf update ``` Exclude path when unpacking package. Useful for unprivileged containers. +```console +# dnf reinstall --downloadonly filesystem +# find /var/cache -iname "*filesy*" +# rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm ``` -dnf reinstall --downloadonly filesystem -find /var/cache -iname "*filesy*" -rpm -ivh --excludepath=/proc --excludepath=/sys /var/cache/dnf/baseos-504ddb1bf3482a98/packages/filesystem-3.8-3.el8.x86_64.rpm -``` \ No newline at end of file diff --git a/docs/Howtos/HowtoCrackWPA.md b/docs/Howtos/HowtoCrackWPA.md index 85426ae..d3204dc 100644 --- a/docs/Howtos/HowtoCrackWPA.md +++ b/docs/Howtos/HowtoCrackWPA.md @@ -1,31 +1,31 @@ ## Monitor mode For my RTL8188EUS: -``` -ip link set wlanX down -iw dev wlanX set type monitor +```console +# ip link set wlanX down +# iw dev wlanX set type monitor ``` ## Scan networks All channels: -``` -airodump-ng wlanX +```console +# airodump-ng wlanX ``` Specific channel: -``` -airodump-ng -c 6 wlanX +```console +# airodump-ng -c 6 wlanX ``` ## Save a capture of chosen BSSID -``` -airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w wlanX +```console +# airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w wlanX ``` You need to wait for a client to connect, or to deauth it and get the 4-way handshake. -``` -aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX +```console +# aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX ``` `-a` is access point `-c` is client @@ -36,8 +36,8 @@ Then you should have an EAPOL/WPA handshake. ### For a 8 digits scheme -``` -crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx .cap +```console +$ crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx .cap ``` ## Wireshark @@ -46,8 +46,8 @@ PSK Generator: ## PMKID method -``` -hcxdumptool -i wlanX -o PMKID --enable_status=1 +```console +$ hcxdumptool -i wlanX -o PMKID --enable_status=1 ``` TODO... @@ -56,8 +56,8 @@ TODO... AP must have WPS enabled with a PIN. Not PBC, push button. -``` -reaver -i wlanX -b 00:23:B1:82:84:xx +```console +# reaver -i wlanX -b 00:23:B1:82:84:xx ``` ## Resources diff --git a/docs/Howtos/HowtoEncoding.md b/docs/Howtos/HowtoEncoding.md index 6100082..0608b2d 100644 --- a/docs/Howtos/HowtoEncoding.md +++ b/docs/Howtos/HowtoEncoding.md @@ -1,17 +1,17 @@ -# Convert +## Convert -# MKV to WebM +### MKV to WebM -~~~ +```console $ ffmpeg -i input.mkv -c:v libvpx -qmin 0 -qmax 50 -crf 10 -b:v 2M -c:a libvorbis output.webm -~~~ - -# Recording Screen - -## Within a specified zone - -``` -avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm ``` -With sound from microphone and monitor of input. \ No newline at end of file +## Recording Screen + +### Within a specified zone + +```console +$ avconv -threads auto -f pulse -i bluez_sink.0C_E0_E4_81_2F_C1.monitor -ac 2 -f pulse -i alsa_input.usb-BLUE_MICROPHONE_Blue_Snowball_201306-00-Snowball.analog-mono -ac 1 -f x11grab -show_region 1 -s 1024x768 -i :0.0+112,111 -c:v libvpx -pre:v libvpx-720p -vsync cfr -r 15 -c:a libvorbis -q:a 6 -filter_complex amix=inputs=2 output.webm +``` + +With sound from microphone and monitor of input. diff --git a/docs/Howtos/HowtoGPG.md b/docs/Howtos/HowtoGPG.md index b5a1a3c..3821829 100644 --- a/docs/Howtos/HowtoGPG.md +++ b/docs/Howtos/HowtoGPG.md @@ -1,35 +1,35 @@ # HowtoGPG ## Some commands: -``` -gpg --card-status -gpg --export-ssh-key keyID -gpg --armor --export keyID > pubkey.asc +```console +$ gpg --card-status +$ gpg --export-ssh-key keyID +$ gpg --armor --export keyID > pubkey.asc ``` ## Use Nitrokey from new system: -``` -gpg --import pubkey.asc -gpg --card-status +```console +$ gpg --import pubkey.asc +$ gpg --card-status ``` ## Use GPG Agent as SSH Agent -``` -vim .gnupg/gpg-agent.conf +```console +$ vim .gnupg/gpg-agent.conf enable-ssh-support pinentry-program /usr/bin/pinentry-qt -systemctl --user enable --now /usr/lib/systemd/user/gpg-agent* +$ systemctl --user enable --now /usr/lib/systemd/user/gpg-agent* -vim .bashrc +$ vim .bashrc export SSH_AUTH_SOCK="/run/user/$(id -u)/gnupg/S.gpg-agent.ssh" ``` ## Export your public key to your web server: -``` +```console $ mkdir openpgpkey $ gpg --list-options show-only-fpr-mbox -k keyID | /usr/lib/gnupg/gpg-wks-client -v --install-key ``` @@ -43,22 +43,22 @@ My public key is available via: -``` -gpg --locate-key user@example.com +```console +$ gpg --locate-key user@example.com ``` ### From keyserver #### With keys.openpgp.org -``` -echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf -gpg --auto-key-locate keyserver --locate-keys user@example.com +```console +$ echo keyserver hkps://keys.openpgp.org >> ~/.gnupg/gpg.conf +$ gpg --auto-key-locate keyserver --locate-keys user@example.com ``` #### With sks-keyservers.net -``` -gpg --keyserver pool.sks-keyservers.net --recv-keys keyID +```console +$ gpg --keyserver pool.sks-keyservers.net --recv-keys keyID ``` diff --git a/docs/Howtos/HowtoLXD.md b/docs/Howtos/HowtoLXD.md index 53e4d41..07affbe 100644 --- a/docs/Howtos/HowtoLXD.md +++ b/docs/Howtos/HowtoLXD.md @@ -1,28 +1,28 @@ Some commands: -``` -lxc image alias list images: -lxc info -lxc config edit -lxc config sonw -lxc exec bash -lxc config set limits.memory 512MB -lxc config set limits.cpu 2 -lxc config device set root size 20GB -lxc launch images:debian/stretch/amd64 -lxc config set environment.LC_ALL=en_US.UTF-8 -lxc list -lxc storage volume list -# mode privileged -lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true -lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22 -# Create a backups volume in the local (default) pool (ZFS) and use it for backups -lxc storage volume create local backups -lxc config set storage.backups_volume local/backups -# Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded) -lxc storage volume create local images -lxc config set storage.images_volume local/images -lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo +```console +$ lxc image alias list images: +$ lxc info +$ lxc config edit +$ lxc config sonw +$ lxc exec bash +$ lxc config set limits.memory 512MB +$ lxc config set limits.cpu 2 +$ lxc config device set root size 20GB +$ lxc launch images:debian/stretch/amd64 +$ lxc config set environment.LC_ALL=en_US.UTF-8 +$ lxc list +$ lxc storage volume list +$ #mode privileged +$ lxc launch ubuntu:16.04 test -c security.privileged=true -c security.nesting=true +$ lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22 +$ #Create a backups volume in the local (default) pool (ZFS) and use it for backups +$ lxc storage volume create local backups +$ lxc config set storage.backups_volume local/backups +$ #Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded) +$ lxc storage volume create local images +$ lxc config set storage.images_volume local/images +$ lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo ``` Chemins : @@ -41,7 +41,7 @@ dnsutils N'est plus nécessaire sur les images récentes : -``` +```console # systemctl disable getty@tty{1..4} # reboot ``` @@ -57,17 +57,16 @@ etckeeper vim ``` -``` -sed -i 's/^tty/# tty/g' /etc/inittab +```console +# sed -i 's/^tty/# tty/g' /etc/inittab -# clean messages +# #clean messages rm /var/log/messages - ``` Nginx : -``` +```nginx set_real_ip_from W.X.Y.Z; #real_ip_recursive on; real_ip_header X-Forwarded-For; @@ -79,6 +78,6 @@ access_log /var/log/nginx/access.log custom; Aller dans le namespace de LXD (snap0 pour faire des actions genre mount/umount : -``` +```console # nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m -``` \ No newline at end of file +``` diff --git a/docs/Howtos/HowtoMacOS.md b/docs/Howtos/HowtoMacOS.md index db61190..685340c 100644 --- a/docs/Howtos/HowtoMacOS.md +++ b/docs/Howtos/HowtoMacOS.md @@ -2,7 +2,7 @@ Thermal info: -``` -sudo powermetrics –s thermal -sudo powermetrics -s thermal | grep -A2 -i thermal +```console +$ sudo powermetrics –s thermal +$ sudo powermetrics -s thermal | grep -A2 -i thermal ``` diff --git a/docs/Howtos/HowtoSecureMailServer.md b/docs/Howtos/HowtoSecureMailServer.md index 15872e2..ac084b5 100644 --- a/docs/Howtos/HowtoSecureMailServer.md +++ b/docs/Howtos/HowtoSecureMailServer.md @@ -1,8 +1,11 @@ --- title: Howto Serveur de mail sécurisé avec Mailcow et Scaleway -categories: sysadmin mail --- +???+ Danger + + Documentation obsolète ! + # Intro Ce Howto explique comment monter un serveur de mail sécurisé en utilisant [Mailcow](https://github.com/andryyy/mailcow) et un serveur virtuel chez [Scaleway](https://www.scaleway.com/). L'introduction est à lire sur mon [blog](https://www.lekernelpanique.fr/2017/03/05/votre-propre-serveur-de-mail-securise-pour-3emois/). @@ -15,7 +18,7 @@ La première étape consiste évidement à créer l'instance sur la console de S L'image Debian de Scaleway n'étant pas « buildé » tous les jours, il se peut qu'il y ait quelques mises à jour à faire. On fait donc une upgrade. -``` +```console # apt update # apt upgrade ``` @@ -26,7 +29,7 @@ Ce volume accueillera vos mails et journaux systèmes. Il est donc intéressant Création du fichier image et montage sur `/dev/loop0`. -``` +```console # dd if=/dev/zero of=/var.img bs=1M count=35000 # chmod 600 /var.img # losetup /dev/loop0 /var.img @@ -34,7 +37,7 @@ Création du fichier image et montage sur `/dev/loop0`. On en profite pour aussi créer une swap de 1G tant qu'à faire. -``` +```console # dd if=/dev/zero of=/swapfile.img bs=1M count=1000 # chmod 600 /swapfile.img # mkswap -LSWAP @@ -43,7 +46,7 @@ On en profite pour aussi créer une swap de 1G tant qu'à faire. On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous aller devoir la taper à chaque démarrage dans la console de Scaleway. Pas très souvent si tout est stable ! :-) -``` +```console # apt install cryptsetup # cryptsetup luksFormat --hash sha256 --key-size=512 /dev/loop0 # cryptsetup luksOpen /dev/loop0 crypted-var @@ -51,7 +54,7 @@ On chiffre le volume en LUKS avec `cryptsetup`. Choisissez une passphrase, vous On formate le tout en EXT4, on monte le volume, on stoppe les services qui utilisent actuellement `/var` et on rsync le tout. -``` +```console # mkfs.ext4 -LVAR /dev/mapper/crypted-var # mount /dev/mapper/crypted-var /mnt/ # for pid in $(lsof | grep /var | tr -s '\t' ' ' | cut -d' ' -f2 | sort | uniq | grep -v "^1$"); do kill $pid; done @@ -64,7 +67,7 @@ On indique le volume chiffré dans `crypttab` et le point de montage dans `fstab > **Note** : On désactive `unattended-upgrades` qui va planter l'arrêt à cause du /var qui n'existe plus. -``` +```console # echo "crypted-var /var.img none luks" >> /etc/crypttab # echo "/dev/mapper/crypted-var /var ext4 defaults 0 2" >> /etc/fstab # systemctl disable unattended-upgrades.service @@ -89,7 +92,7 @@ Au niveau de vos entrées DNS, il vous faudra un champ A et un MX. Plus de déta On supprime exim4, car Mailcow utilise postfix. -``` +```console # apt purge exim4 exim4-base exim4-config exim4-daemon-light ``` @@ -97,7 +100,7 @@ On supprime exim4, car Mailcow utilise postfix. Puis on télécharge le script d'installation, on édite la configuration et on lance l'installation. -``` +```console # wget -O - https://github.com/andryyy/mailcow/archive/v0.14.tar.gz | tar xfz - # cd mailcow-0.14 # vim mailcow.config @@ -107,7 +110,7 @@ Puis on télécharge le script d'installation, on édite la configuration et on Laissez-vous guider par le script d'installation. -``` +```console # ./install.sh ``` @@ -125,7 +128,7 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J' ## ShellPKI -``` +```console # cd /usr/local # git clone https://forge.evolix.org/shellpki.git # cd shellpki @@ -137,20 +140,20 @@ Pour cela il faut mettre en place une `PKI` et émettre un certificat client. J' Éditer `/etc/shellpki/openssl.cnf` et initialiser shellPKI. Le plus important est de remplir le « Common Name », par exemple `Myname Root Certificate`. -``` +```console # vim /etc/shellpki/openssl.cnf # ./shellpki.sh init ``` On génère un certificat client (sans passphrase), soit un utilisateur par exemple. Il faudra choisir un « Common Name » du type `user@domain.tld`. -``` +```console # ./shellpki.sh create ``` Puis on le convertit au format `PKCS#12` avec une passphrase d'export. Cette passphrase sera demandé à l'import dans un navigateur ou smartphone par exemple. -``` +```console # cd /etc/ssl/clients # openssl pkcs12 -export -in user@mail.domain.tld.crt -inkey user@mail.domain.tld.key -out user@mail.domain.tld.p12 ``` @@ -161,12 +164,12 @@ La dernière étape consiste à dire à dovecot et nginx qu'il est nécessaire d ## Nginx -``` +```nginx ssl_client_certificate /etc/shellpki/ca/cacert.pem; ssl_verify_client on; ``` -``` +```console # systemctl restart nginx ``` @@ -174,7 +177,7 @@ ssl_verify_client on; > **Note** : Attention, si vous avez un webmail qui se connecte en local, imap non chiffré, l'activation de `auth_ssl_require_client_cert`, va imposer d'utiliser un certificat… Cassant votre webmail. Il n'y a pas à ce jour la possibilité d'activer `auth_ssl_require_client_cert` seulement pour imaps… Si vous utilisez un webmail, n'activez pas ceci sur dovecot. -``` +```dovecot # Client certificate ssl_ca = .keys -curl https://gitlab.com/.keys +```console +$ curl https://github.com/.keys +$ curl https://gitlab.com/.keys ``` Enter a namespace, for example LXD (which is in a NS by Snap). -``` -nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m +```console +$ nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m ``` SSH into a machine without checking host key. Useful when servers are in a rescue mode. -~~~ -ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null" -~~~ +```console +$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "GlobalKnownHostsFile=/dev/null" +``` Certbot manual example. -~~~ -certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar -~~~ +```console +# certbot certonly --non-interactive --webroot --webroot-path /var/www/html/ -d foo.bar -d www.foo.bar +``` GPG-agent list SSH key and remove. -~~~ +``` gpg-connect-agent KEYINFO --ssh-list --ssh-fpr DELETE_KEY $HASH -~~~ +``` Show md5 fingerprint of SSH key. -~~~ -ssh-keygen -l -E md5 -f .ssh/key.pub -~~~ +```console +$ ssh-keygen -l -E md5 -f .ssh/key.pub +``` Password recovery. At grub stage, press `e` to edit the kernel line and add `init=/bin/bash`. It will drop you in a shell before init system (systemd). -~~~ -mount -o remount,rw / -passwd -~~~ +```console +# mount -o remount,rw / +# passwd +``` Mount partitions on an image file using losetup. -~~~ -losetup -P -f --show my.img -~~~ +```console +# losetup -P -f --show my.img +``` List all software installed from particular component (non-free, contrib) -~~~ +```console $ dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free -~~~ +``` Manually rotate a file without logrotate, with savelog(8). -~~~ +```console $ savelog -~~~ +``` What processes uses swap? -~~~ -for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less -~~~ +```console +$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less +``` MySQL "fast" shutdown. -~~~ +```console > set global innodb_max_dirty_pages_pct = 0; $ mysqladmin ext -i10 | grep dirty -~~~ +``` mkfs.ext4 for old systems in rescue mode (Debian Wheezy, …). -~~~ -mkfs.ext4 -O ^64bit,^metadata_csum -~~~ +```console +# mkfs.ext4 -O ^64bit,^metadata_csum +``` Send a mail from queue. -``` -postcat -q ID > mail -< mail sendmail -f FROM TO +```console +$ postcat -q ID > mail +$ < mail sendmail -f FROM TO ``` Python Simple HTTP Server (useful for Munin for example). -``` -cd /var/cache/munin/www -python -m SimpleHTTPServer 8080 +```console +$ cd /var/cache/munin/www +$ python -m SimpleHTTPServer 8080 ``` Show custom certs (not a link) and expiration in `/etc/ssl/certs`. -``` -find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After; +```console +# find /etc/ssl/certs/ -type f -print -exec openssl x509 -text -in {} \; | grep --color=auto -e etc -e CN= -e DNS: -e After; ``` Edit Bind DNS serial (needs modifications, not generic). -``` -sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.* +```console +$ sed -ri 's/^\s*[0-9]+\s*; serial/\t\t\t 2017041010\t ; serial/' db.* ``` After Debian/Ubuntu upgrade, merge local config files according to config files shipped in packages. -``` -for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done -for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done -for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done -for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done -for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done -for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done +```console +# for file in $(find /etc -iname '*.dpkg-dist'); do vimdiff ${file%%.dpkg-dist} $file; rm $file; done +# for file in $(find /etc -iname '*.dpkg-old'); do vimdiff ${file%%.dpkg-old} $file; rm $file; done +# for file in $(find /etc -iname '*.dpkg-new'); do vimdiff ${file%%.dpkg-new} $file; rm $file; done +# for file in $(find /etc -iname '*.ucf-dist'); do vimdiff ${file%%.ucf-dist} $file; rm $file; done +# for file in $(find /etc -iname '*.ucf-old'); do vimdiff ${file%%.ucf-old} $file; rm $file; done +# for file in $(find /etc -iname '*.ucf-new'); do vimdiff ${file%%.ucf-new} $file; rm $file; done ``` Debug php with strace and php-cgi (especially useful for wp multisites). -``` -HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php +```console +$ HTTP_HOST=www.site.com SCRIPT_FILENAME=index.php REDIRECT_STATUS=CGI SERVER_NAME=www.site.com strace -s 65535 -o /tmp/strace php-cgi -f index.php ``` -```ps``` with long user fields (here 20). +`ps` with long user fields (here 20). -``` -ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm +```console +$ ps axo user:20,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,comm ``` WTF is happening in apache (or other)? Let's strace all apache processes. -``` +```console # strace -p $(ps auwwwx | grep apache | tr -s '\t' ' ' | cut -d' ' -f2 | tr '\n' ' ' | sed 's/ / -p /g') 9999 ``` WTF is happening? Let's tail all logs. -``` +```console # tail -f $(lsof | grep -F .log | tr -s '\t' ' ' | cut -d' ' -f10 | sort | uniq | tr -s '\n' ' ') ``` Search for suspects POST in apache.log (often attacks). -```{.bash} -grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u +```console +# grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u ``` Check for crashed MySQL table in syslog and launch a repair. -```{.bash} +```bash #!/bin/bash tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ') for tableC in $tables; do @@ -157,37 +157,36 @@ done ``` Get the groups of an user and add another user into these groups. -```{.bash} -for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done +```console +# for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done ``` Get the last acceded URLs in Squid Access list. -```{.bash} -tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq +```console +# tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq ``` Migrate MySQL users. -```{.bash} -# SRC Server -mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';" -mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';" +```console +# #SRC Server +# mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';" +# mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';" -# DST Server -scp server:/tmp/mysql_{db,user} /tmp -chmod 664 /tmp/mysql_{db,user} -mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;" -mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;" +# #DST Server +# scp server:/tmp/mysql_{db,user} /tmp +# chmod 664 /tmp/mysql_{db,user} +# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;" +# mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;" ``` Find userid of mails in mailq. -```{.bash} -for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done -sort -n /tmp/userid | uniq +```console +$ for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done +$ sort -n /tmp/userid | uniq ``` Kill every MySQL SELECT older than X seconds – Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/ -```{.bash} - +```bash #!/bin/bash # From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/ SEC=$1 @@ -210,10 +209,10 @@ abuse@, admin@, administrator@, contact@, info@< ``` itk change rights. -```{.bash} +```console -find /tmp/ -user www-user.old -exec chown www-user:user {} \; -find /tmp/ -user user.old -exec chown user:user {} \; +# find /tmp/ -user www-user.old -exec chown www-user:user {} \; +# find /tmp/ -user user.old -exec chown user:user {} \; * Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \; * Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \; @@ -222,16 +221,15 @@ find /tmp/ -user user.old -exec chown user:user {} \; ``` Get useradd command for migrating account. -```{.bash} - -for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done +```console +# for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done Output : useradd -m -s /bin/bash -u USERID -p 'USERPWD' username ``` Find files newert than (mtime) a precise date, and execute an action. -```{.bash} -find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \; +```bash +# find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \; ``` diff --git a/docs/Howtos/HowtoZFS.md b/docs/Howtos/HowtoZFS.md index 87e092a..2516182 100644 --- a/docs/Howtos/HowtoZFS.md +++ b/docs/Howtos/HowtoZFS.md @@ -1,27 +1,27 @@ Some commands: +```console +# apt install zfsutils-linux +# zpool create local /dev/xxx +# zpool list +# zfs create local/home +# zfs list +# zfs set compression=lz4 local/home +# zfs get compression +# zfs get compressratio local/home +# zfs set dedup=on local/home +# zpool get dedupratio local +# zfs set mountpoint=/home local/home +# apt install nfs-kernel-server nfs-common +# systemctl enable --now rpc-statd.service nfs-server.service +# zfs set sharenfs="rw=@10.0.1.0/24" local/home +# zfs share local/home +# zfs get sharenfs +# #Import pool after boot/cryptsetup Open +# zpool import local +# zfs snapshot local/containers/archive@backup +# zfs list -t snapshot +# zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive +# zfs destroy local/containers/archive@backup +# zfs clone local/containers/archive@backup local/containers/archive-clone ``` -apt install zfsutils-linux -zpool create local /dev/xxx -zpool list -zfs create local/home -zfs list -zfs set compression=lz4 local/home -zfs get compression -zfs get compressratio local/home -zfs set dedup=on local/home -zpool get dedupratio local -zfs set mountpoint=/home local/home -apt install nfs-kernel-server nfs-common -systemctl enable --now rpc-statd.service nfs-server.service -zfs set sharenfs="rw=@10.0.1.0/24" local/home -zfs share local/home -zfs get sharenfs -# Import pool after boot/cryptsetup Open -zpool import local -zfs snapshot local/containers/archive@backup -zfs list -t snapshot -zfs send local/containers/archive@backup | ssh zfs@10.0.1.1 sudo zfs recv local/lxd00/containers/archive -zfs destroy local/containers/archive@backup -zfs clone local/containers/archive@backup local/containers/archive-clone -``` \ No newline at end of file diff --git a/docs/Various/BackupStrategy.md b/docs/Various/BackupStrategy.md index 2e1a0a5..625addb 100644 --- a/docs/Various/BackupStrategy.md +++ b/docs/Various/BackupStrategy.md @@ -1,8 +1,6 @@ ---- -format: Markdown -toc: yes -title: Backup Strategy -... +???+ Danger + + Deprecated, todo... # Servers @@ -37,4 +35,4 @@ $ adb shell 'dd if=/dev/block/mmcblk0' | lz4 > mmcblk0.img.lz4 $ adb shell 'dd if=/dev/block/mmcblk1' | lz4 > mmcblk1.img.lz4 ``` -Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization. \ No newline at end of file +Nextcloud is used for some data (photos, some synced folders) and all contacts, permanent synchronization. diff --git a/docs/Various/CPUBenchmark.md b/docs/Various/CPUBenchmark.md index 8cf7c0b..deacc48 100644 --- a/docs/Various/CPUBenchmark.md +++ b/docs/Various/CPUBenchmark.md @@ -1,12 +1,8 @@ ---- -title: Basic CPU Benchmark on GCP/Vultr/Hetzner/Scaleway -... - *Updated whenever I can.* Encoding a 2h video (live concert from Japanese TV, MPEG-2, dark scene with grain) at 1280x720 resolution. -``` -HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0 +```console +$ HandBrakeCLI -i in.ts -o out.mp4 -f av_mp4 -O -e x264 --encoder-preset slow --encoder-tune grain --encoder-profile high --encoder-level auto -q 20 --vfr -E copy:aac -w 1280 -l 720 --decomb --detelecine --crop 0:0:0:0 ``` - Scaleway bare-metal 8 CPU C2L: diff --git a/docs/Various/Japonais.md b/docs/Various/Japonais.md index 9ffb3e1..4fe78c2 100644 --- a/docs/Various/Japonais.md +++ b/docs/Various/Japonais.md @@ -1,13 +1,10 @@ --- -format: Markdown -toc: yes -categories: Nihongo title: Mémo/Cours de Japonais 1ère année -... +--- -# Deprecated +???+ Danger -> **Note** : Je ne tiens plus à jour cette page. + Obsolète ! Je ne tiens plus à jour cette page. Cette page me sert de mémo pour mon apprentissage du Japonais (1ère année) et part du principe que les Hiragana et Katakana sont maîtrisés :) ! (Ce mémo est inspiré de l'application [Human Japanese sur Android](https://play.google.com/store/apps/details?id=com.braksoftware.HumanJapanese&hl=fr) pour la structure et de mes cours à [Toulouse-Manga](http://toulousemanga.fr/les-cours-de-manga-a-toulouse/cours-de-japonais/)). @@ -847,4 +844,4 @@ Kanji さん ...が わかります -Comprendre ... (Qqch) \ No newline at end of file +Comprendre ... (Qqch) diff --git a/docs/Various/Mullvad.md b/docs/Various/Mullvad.md index 7f07ab8..301d719 100644 --- a/docs/Various/Mullvad.md +++ b/docs/Various/Mullvad.md @@ -2,8 +2,8 @@ ## IP address in Japan with WG+Socks -``` -for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done +```console +$ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.net:1080; curl ifconfig.co --socks5-host jp${i}-wg.socks5.mullvad.net:1080; done 217.138.252.227 2001:ac8:40:b6::a06d 217.138.252.243 @@ -20,4 +20,4 @@ for i in {6..13}; do curl ipinfo.io/ip --socks5-host jp${i}-wg.socks5.mullvad.ne 2001:ac8:40:bc::a12d 91.193.7.83 2001:ac8:40:bd::a13d -``` \ No newline at end of file +```